Studioexpress - Eksperci Od Reklamy Eventowej
Telefon do Studioexpress - Eksperci Od Reklamy Eventowej797 707 944 Adres email Studioexpress - Eksperci Od Reklamy Eventowej[email protected]
Telefon do Studioexpress - Eksperci Od Reklamy Eventowej797 707 944
Koszyk
Zamknij
Kontynuuj zakupy PLACE ORDER
suma: €0.00
Ulubione produkty
Your favorites list is empty.

Choose something for yourself from our current selection or log in to restore the items added to your list from the previous session.

Szukaj
All Products
Strona główna
Privacy Policy

 

Privacy Policy

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. LEGAL BASIS FOR DATA PROCESSING
  3. PURPOSE, BASIS, AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
  4. DATA RECIPIENTS IN THE ONLINE STORE
  5. PROFILING IN THE ONLINE STORE
  6. RIGHTS OF THE DATA SUBJECT
  7. COOKIES AND ANALYTICS IN THE ONLINE STORE
  8. FINAL PROVISIONS

 

1. GENERAL PROVISIONS

1.1. This Privacy Policy for the Online Store is for informational purposes only, which means it does not create obligations for Users or Customers of the Online Store. The Privacy Policy outlines the principles of processing personal data by the Data Controller in the Online Store, including the legal basis, purposes, and duration of personal data processing, as well as the rights of individuals whose data is processed. It also includes information regarding the use of Cookies and analytical tools in the Online Store.

1.2. The Data Controller of personal data collected via the Online Store is Studioexpress Patrycja Witoń, based in Poznań (registered office and correspondence address: ul. Strzeszyńska 33, 60-479 Poznań), registered in the Central Registration and Information on Business (CEIDG).

  • Email: [email protected]
  • Telephone: +48 515 180 937
    Hereinafter referred to as the “Data Controller,” and also acting as the Service Provider of the Online Store and Seller.

1.3. Personal data in the Online Store is processed by the Data Controller under applicable laws, specifically the UK General Data Protection Regulation (UK GDPR), which corresponds to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

1.4. The use of the Online Store, including making purchases, is voluntary. Similarly, providing personal data by a User or Customer of the Online Store is voluntary, with two exceptions:


(1) Contractual Obligations with the Data Controller – Failure to provide personal data required to conclude and perform a Sales Agreement or an agreement for the provision of Electronic Services as specified on the Online Store’s website, Terms of Use, and this Privacy Policy, will result in the inability to conclude such an agreement. Providing personal data in this context is a contractual requirement. If the individual intends to agree with the Data Controller, they must provide the required data. The specific scope of data required to agree is always indicated in advance on the Online Store’s website and in the Terms of Use;


(2) Legal Obligations of the Data Controller – Providing personal data may be a statutory requirement arising from applicable laws that obligate the Data Controller to process personal data (e.g., for maintaining tax records or accounting). Failure to provide such data will prevent the Data Controller from fulfilling these obligations.

1.5. The Data Controller takes special care to protect the interests of individuals whose personal data is processed. Specifically, the Data Controller ensures that the data:
(1) is processed lawfully;
(2) is collected for specified, legitimate purposes and not processed further in a way incompatible with those purposes;
(3) is accurate and adequate to the purposes for which it is processed;
(4) is stored in a form that permits identification of the individuals concerned for no longer than necessary for the processing; and
(5) is processed securely, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, through appropriate technical and organizational measures.

1.6. Considering the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, the Data Controller implements appropriate technical and organizational measures to ensure that processing is carried out in compliance with the GDPR and to demonstrate such compliance. These measures are reviewed and updated as necessary. The Data Controller applies technical safeguards to prevent unauthorized access to or modification of personal data transmitted electronically.

1.7. Any words, expressions, or acronyms used in this Privacy Policy and beginning with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood under their definitions provided in the Terms of Use available on the Online Store’s website.

 

2. LEGAL BASIS FOR DATA PROCESSING

2.1. The Data Controller is authorized to process personal data in cases where, and to the extent that, at least one of the following conditions is met:
(1) The individual whose data is being processed has given consent for the processing of their data for one or more specific purposes;
(2) Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract;
(3) Processing is necessary for compliance with a legal obligation to which the Data Controller is subject; or
(4) Processing is necessary for legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, especially if the data subject is a child.

2.2. The processing of personal data by the Data Controller must always be based on at least one of the legal grounds outlined in section 2.1 of this Privacy Policy. The specific legal basis for processing the personal data of Users and Customers of the Online Store is identified in the subsequent section of this Privacy Policy, with the particular purpose for which the Data Controller processes the personal data.

 

3.1. The purpose, legal basis, and retention period of personal data processed by the Data Controller depend on the actions taken by the specific User or Customer in the Online Store or by the Data Controller. If a Customer decides to purchase in the Online Store and selects personal collection instead of courier delivery, their data will be processed to execute the Sales Agreement but will not be shared with the courier service engaged by the Data Controller.

3.2. The Data Controller may process personal data in the Online Store for the following purposes, based on the specified legal basis and for the following retention periods:

  • Execution of a Sales Agreement or an agreement for the provision of Electronic Services, or actions taken at the request of the data subject before entering into such agreements.
    Legal Basis: Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract.
    Retention Period: Data is retained for the duration necessary to execute, terminate, or otherwise resolve the Sales Agreement or the agreement for the provision of Electronic Services.

  • Direct Marketing.
    Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests of the Data Controller) – processing is necessary for purposes arising from the legitimate interests pursued by the Data Controller, including maintaining the Data Controller’s reputation, promoting the Online Store, and selling Products.
    Retention Period: Data is retained for as long as the legitimate interest of the Data Controller exists, but no longer than the statutory limitation period for claims. The limitation period is determined by legal regulations, particularly the Civil Code (three years for business claims and two years for Sales Agreements). The Data Controller cannot process data for direct marketing purposes if the data subject has raised an effective objection.

  • Marketing.
    Legal Basis: Article 6(1)(a) of the GDPR (consent) – the data subject has given consent for the processing of their data for marketing purposes by the Data Controller.
    Retention Period: Data is retained until the consent is withdrawn by the data subject.

  • Providing Feedback on the Sales Agreement.
    Legal Basis: Article 6(1)(a) of the GDPR (consent) – the data subject has given consent for the processing of their personal data to provide feedback on the Sales Agreement.
    Retention Period: Data is retained until the consent is withdrawn by the data subject.

Data Retention and Processing Purposes

  • Data is retained until the withdrawal of consent by the data subject for further processing of their data for the stated purpose.

Maintaining Accounting Records

  • Legal Basis: Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act (as of 30 January 2018, Journal of Laws 2018, item 395 as amended) – processing is necessary to fulfill the legal obligations of the Data Controller.
  • Retention Period: Data is retained for the period required by law for the storage of accounting records (5 years from the beginning of the year following the financial year to which the data pertains).

Establishing, Pursuing, or Defending Claims

  • Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests of the Data Controller) – processing is necessary for the legitimate interests pursued by the Data Controller, namely the establishment, exercise, or defense of legal claims.
  • Retention Period: Data is retained for the duration of the legitimate interest pursued by the Data Controller, but no longer than the limitation period for claims that may be raised against the Data Controller (the basic limitation period for claims against the Data Controller is six years).

Using the Online Store Website and Ensuring Proper Functionality

  • Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests of the Data Controller) – processing is necessary for purposes related to the operation and maintenance of the Online Store website.
  • Retention Period: Data is retained for the duration of the legitimate interest pursued by the Data Controller, but no longer than the limitation period for claims arising from the Data Controller’s business operations. The limitation period is defined by legal regulations, particularly the Civil Code (the basic limitation period for business claims is three years, and for Sales Agreements, two years).

Compiling Statistics and Analyzing Online Store Traffic

  • Legal Basis: Article 6(1)(f) of the GDPR (legitimate interests of the Data Controller) – processing is necessary for purposes related to compiling statistics and analyzing traffic in the Online Store to improve its functionality and increase product sales.
  • Retention Period: Data is retained for the duration of the legitimate interest pursued by the Data Controller, but no longer than the limitation period for claims arising from the Data Controller’s business operations. The limitation period is defined by legal regulations, particularly the Civil Code (the basic limitation period for business claims is three years, and for Sales Agreements, two years).

 

Verified Logistics
Verified Logistics
Trusted couriers
Fast Delivery
Fast Delivery
Shipping within 24/48 hours on weekdays
Secure Shopping
Secure Shopping
Our store is SSL encrypted
Friendly Support
Friendly Customer Support
We are always ready to assist you
Holder do góry
Studioexpress Eksperci Od Reklamy
Sklep jest w trybie podglądu
Pokaż pełną wersję strony
Sklep internetowy Shoper.pl