Table of contents
- The owner of the Online Shop and, at the same time, the data administrator is Brod Sp. z o.o. with its registered office in Kraków (31-589), ul. Sikorki 17, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Department of the National Court Register under KRS number 0000636203, with a share capital of PLN 5,000, NIP: 6772407561, REGON: 365354962, hereinafter referred to as Brod Sp. z o.o..
- Personal data collected by Brod Sp. z o.o. through the Online Shop is processed in accordance with Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as RODO.
- Brod Sp. z o.o. is committed to respecting the privacy of Customers visiting the Online Shop.
§ 2 Type of data processed, purposes and legal basis
- Brod Sp. z o.o. collects information concerning natural persons performing a legal action not directly related to their activity, natural persons conducting a business or professional activity on their own behalf, and natural persons representing legal persons or organisational entities which are not legal persons and to which the law grants legal capacity, conducting a business or professional activity on their own behalf, hereinafter collectively referred to as Customers.
- Customers' personal data are collected in the event of:
a) registration of an account in the Online Shop, in order to create and manage an individual account. Legal basis legal basis: necessity for the performance of the contract for the provision of the Account service (Article 6(1)(b) of the RODO);
b) placing an order in the Online Shop, for the performance of the sales contract. Legal basis: necessity for the performance of the sales contract (Article 6(1)(b) RODO);
c) subscribing to a newsletter (Newsletter), for the performance of a contract the subject of which is a service provided electronically. Legal basis - consent of the data subject for the performance of the contract for the Newsletter service (Article 6(1)(a) RODO).
- When registering an Account with the Store, the Customer provides the following data:
- E-mail address;
- address (street, house/flat number, postal code, city and country);
- phone number;
- When registering an account with the Online Shop, the Customer independently sets an individual password to access his/her account. The Customer may change the password, at a later time, according to the rules described in §6.
- When placing an order in the Online Shop, the Customer provides the following data:
- email address;
- address (street, house/flat number, postal code, city and country);
- phone number;
- For Entrepreneurs, the above data is further extended by
- the name of the Entrepreneur;
- TIN number;
- When using the Newsletter service, the Customer provides only his/her e-mail address.
- When using the Store's Website, additional information may be collected, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
- Navigation data may also be collected from Customers, including information about links and references they choose to click on or other actions they take in our Online Shop. Legal basis - legitimate interest (Article 6(1)(f) RODO) to facilitate the use of electronically provided services and to improve the functionality of such services.
- For the purposes of establishing, investigating and enforcing claims, certain personal data provided by the Customer as part of the use of the functionality on the Online Shop may be processed, such as: name, surname, data on the use of the services if the claims arise from the way the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - legitimate interest (Article 6(1)(f) RODO) to establish, assert and enforce claims and to defend against claims in proceedings before courts and other state authorities.
- Submission of personal data to Brod Sp. z o.o. is voluntary, in relation to concluded sales contracts or provision of services via the Store's Website, with the proviso, however, that failure to provide the data specified in the forms in the Registration process prevents Registration and the creation of a Customer Account, and in the case of placing an order without the Registration of a Customer Account, it will prevent the placement and fulfilment of the Customer's order.
§ 3 To whom are the data shared or entrusted and how long are they stored?
- The Customer's personal data is transferred to the service providers used by Brod Sp. z o.o. in the operation of the Online Shop. The service providers to whom the personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the instructions of Brod Sp. z o.o. as to the purposes and means of processing such data (processors) or determine themselves the purposes and means of processing the data (controllers).
- Processors. Brod Sp. z o.o. uses suppliers who process personal data exclusively on the instructions of Brod Sp. z o.o.. These include, but are not limited to, suppliers providing hosting services, accounting services, suppliers providing marketing systems, systems for analysing traffic to the Online Shop, systems for analysing the effectiveness of marketing campaigns;
- Administrators. Brod Sp. z o.o. uses suppliers who do not act solely on instructions and determine themselves the purposes and uses of Customers' personal data. They provide electronic payment and banking services.
- Location. The service providers are mainly based in Poland and other countries in the European Economic Area (EEA). Some of the providers are based outside the EEA. In connection with the transfer of data outside the EEA, the Administrator has ensured that the providers provide guarantees of a high level of protection of personal data. These guarantees arise in particular from the obligation to apply the standard contractual clauses adopted by the Commission (EU) or participation in the Privacy Shield programme established under Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of the protection provided by the EU-US Privacy Shield.
- Customers' personal data is stored:.
- When the basis for the processing of personal data is consent, then the Customer's personal data will be processed by Brod Sp. z o.o. for as long as the consent is not revoked, and after revocation of the consent for a period of time corresponding to the period of limitation of claims that Brod Sp. z o.o. may raise and that may be raised against it. Unless otherwise provided by a special provision, the period of limitation is six years, and for claims for periodic performance and claims relating to the conduct of business, three years.
- When the basis for data processing is the performance of a contract, then the Customer's personal data are processed by Brod Sp. z o.o. for as long as is necessary for the performance of the contract, and thereafter for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the period of limitation is six years, and for claims for periodic performance and claims relating to the conduct of business activity, three years.
- When a purchase is made from the Online Shop, personal data may be transferred, depending on the Customer's choice, to the following entities for the purpose of delivering the ordered goods:.
- courier company;
- to InPost Paczkomaty Sp. z o.o., based in Kraków, which provides services of delivery and operation of a system of postal boxes (Paczkomaty).
- When the Customer chooses to make a payment via the przelewy24.pl system, his/her personal data is transferred to the extent necessary for the execution of the payment to PayPro S.A. Settlement Agent with registered office in Poznań (60-327 Poznań, ul. Kanclerska 15), entered into the Register of Entrepreneurs kept by the District Court Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number 0000347935, NIP 7792369887, Regon 301345068.
- Navigation data may be used in order to provide better service to Customers, analyse statistical data and adapt the Online Shop to Customers' preferences, as well as to administer the Online Shop.
- When the Customer subscribes to a newsletter, Brod Sp. z o.o. will send e-mails containing commercial information about promotions and new products available in the Online Shop to the Customer's e-mail address.
- When requested, Brod Sp. z o.o. will make personal data available to authorised state authorities, in particular to organisational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
§ 4 Cookie mechanism, IP address
- The web shop uses small files, called cookies. These are stored by Brod Sp. z o.o. on the end device of the visitor to the Online Shop, if the Internet browser permits it. A cookie usually contains the name of the domain from which it originates, its "expiry time" and an individual random number identifying the cookie. The information collected by cookies of this type helps to adapt the products offered by Brod Sp. z o.o. to the individual preferences and actual needs of visitors to the Webshop. They also provide the ability to compile general statistics about visits to the products presented in the Online Shop.
- Brod Sp. z o.o. uses two types of cookies:
- Session cookies: when the session of a particular browser ends or the computer is switched off, the stored information is deleted from the memory of the device. The mechanism of session cookies does not allow any personal data or any confidential information to be retrieved from customers' computers.
- Permanent cookies: are stored in the memory of the Customer's terminal device and remain there until they are deleted or expire. The mechanism of permanent cookies does not allow any personal data or any confidential information to be retrieved from the Clients' computer
- Brod Sp. z o.o. uses its own cookies for the following purposes:
- authenticate the Customer in the Internet Shop and ensure a Customer session in the Internet Shop (after logging in), thanks to which the Customer does not have to re-enter his/her login and password on each sub-page of the Internet Shop;
- analyses and studies, as well as audience audits, and in particular to create anonymous statistics which help to understand how the Customers use the Internet Shop's Website, which makes it possible to improve its structure and content.
- Brod Sp. z o.o. uses external cookies in order to:
- popularise the Online Shop via the social networking site facebook.com (external cookie administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland);
- collection of general and anonymous statistical data via Google Analytics tools (third-party cookie administrator: Google Inc. based in the USA);
- present ads tailored to the Customer's preferences using the Google AdSense online advertising tool (external cookie administrator: Google Inc., based in the USA);
- The cookies mechanism is safe for the computers of the Online Shop Customers. In particular, it is not possible via this route for viruses or other unwanted software or malware to enter Customers' computers. Nevertheless, Customers have the option in their browsers to limit or disable access of cookies to their computers. If this option is used, the use of the Online Shop will be possible, except for functions which by their nature require cookies.
- Brod Sp. z o.o. may collect Customers' IP addresses. An IP address is a number assigned to the computer of a person visiting the Webshop by the Internet Service Provider. The IP number enables access to the Internet. In most cases, it is assigned to a computer dynamically, i.e. it changes each time the computer connects to the Internet, and is therefore generally regarded as non-personal identification information. The IP address is used by Brod Sp. z o.o. to diagnose technical problems with the server, to create statistical analyses (e.g. to determine from which regions we record the highest number of visits), as information useful for administration and improvement of the Internet Shop, as well as for security purposes and possible identification of undesired automatic programmes for browsing the contents of the Internet Shop that overload the server.
- The Internet Shop contains links and references to other websites. Brod Sp. z o.o. is not responsible for the privacy practices of these websites.
§ 5 Rights of data subjects
- Right to withdraw consent -legal basis: article 7(3) of the RODO.
- Customer has the right to withdraw any consent given by Brod Ltd.
- Withdrawal of consent has effect from the moment of withdrawal of consent.
- Withdrawal of consent does not affect the processing lawfully carried out by Brod Sp. z o.o. prior to its withdrawal.
- Withdrawal of consent has no negative consequences for the Customer, but may prevent further use of services or functionalities that Brod Sp. z o.o. can legally provide only with consent.
- Right to object to data processing -legal basis: article 21 RODO.
- The Customer has the right to object at any time - for reasons related to his/her particular situation - to the processing of his/her personal data, including profiling, if Brod Sp. z o.o. processes his/her data based on a legitimate interest, e.g. marketing of Brod Sp. z o.o. products and services, keeping statistics on the use of particular functionalities of the Online Shop and facilitating the use of the Online Shop, as well as satisfaction surveys.
- Resigning, in the form of an e-mail, to receive marketing communications concerning products or services, will imply the Customer's objection to the processing of his/her personal data, including profiling for these purposes.
- If the Customer's objection proves to be valid and Brod Sp. z o.o. has no other legal basis for processing the personal data, the Customer's personal data will be deleted, against the processing of which, the Customer has objected.
- Right to erasure ("right to be forgotten") -legal basis: article 17 of the RODO.
- The customer has the right to request the deletion of all or some personal data.
- The customer has the right to request the deletion of personal data if:
- the personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
- he/she has withdrawn specific consent, to the extent that the personal data were processed based on his/her consent;
- has objected to the use of his or her data for marketing purposes;
- the personal data are processed unlawfully;
- the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which Brod Sp. z o.o. is subject to;
- the personal data was collected in connection with the offering of information society services.
- Despite a request for erasure of personal data, in connection with the lodging of an objection or withdrawal of consent, Brod Sp. z o.o. may retain certain personal data insofar as the processing is necessary for the establishment, investigation or defence of claims, as well as for the fulfilment of a legal obligation requiring processing under Union law or the law of a Member State to which Brod Sp. z o.o. is subject. This applies in particular to the following personal data: first name, surname, e-mail address, which data are saved for the purpose of handling complaints and claims relating to the use of the services of Brod Sp. z o.o., or additionally home address/correspondence address, order number, which data are saved for the purpose of handling complaints and claims relating to the concluded sales contract or provision of services.
- Right to restrict data processing -legal basis: article 18 RODO.
- Customer has the right to request the restriction of the processing of his/her personal data. The submission of a request, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request. Brod Sp. z o.o. will also not send any communications, including marketing communications.
- The customer has the right to request the restriction of the use of personal data in the following cases:
- when he or she questions the accuracy of his or her personal data - in which case Brod Sp. z o.o. restricts their use for the time needed to verify the correctness of the data, but for no longer than 7 days;
- when the processing of the data is unlawful, and instead of deleting the data the Customer requests a restriction on its use;
- when the personal data are no longer necessary for the purposes for which they were collected or used but are needed by the Customer to establish, assert or defend claims;
- when he/she has raised an objection to the use of his/her data, in which case the restriction shall be for the time necessary to consider whether, due to the particular situation, the protection of the Client's interests, rights and freedoms outweighs the interests pursued by the Administrator in processing the Client's personal data.
- Right of access to data -legal basis: article 15 of the RODO.
- Customer has the right to obtain confirmation from the Administrator as to whether it is processing personal data, and if it is the case, Customer has the right:
- obtain access to his/her personal data;
- obtain information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of that data, the intended period of storage of the Customer's data or the criteria for determining that period (where it is not possible to determine the intended period of processing), the Customer's rights under the RODO and the right to lodge a complaint with a supervisory authority, the source of that data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of that data outside the European Union;
- obtain a copy of your personal data.
- Right to rectification of data - legal basis: article 16 of the RODO.
- Right to data portability -legal basis: article 20 RODO.
- The Customer has the right to receive his/her personal data that he/she has provided to the Administrator and then send it to another personal data controller of his/her choice. The Customer also has the right to request that the personal data be sent by the Administrator directly to such controller, insofar as this is technically possible. In this case, the Administrator will send the Customer's personal data in the form of a file in csv format, which is a commonly used, machine-readable format that allows for the transmission of the received data to another personal data controller.
- When the Customer has asserted an entitlement under the above rights, Brod Sp. z o.o. shall either comply with the request or refuse to comply with it immediately, but no later than one month after receipt. If, however - due to the complexity of the request or the number of requests - Brod Sp. z o.o. is unable to comply with the request within one month, it will comply with the request within a further two months, informing the Customer in advance - within one month of receipt of the request - of the intended extension of the deadline and the reasons for it.
- The Customer may lodge complaints, queries and requests to the Administrator regarding the processing of his/her personal data and the exercise of his/her rights.
- The Customer has the right to lodge a complaint with the President of the Office for the Protection of Personal Data, regarding infringement of his/her data protection rights or other rights granted under the RODO.
§ 6 Security management - password
- Brod Sp. z o.o. provides Customers with a secure and encrypted connection when transferring personal data and when logging into the Customer Account on the Website. Brod Sp. z o.o. uses an SSL certificate issued by one of the world's leading companies for the security and encryption of data transmitted over the Internet. i.
- In the event that a Customer with an account in the Online Store has lost their password in any way, the Online Store allows a new password to be generated. Brod Sp. z o.o. does not send a password reminder. The password is stored in an encrypted form in such a way that it cannot be read. In order to generate a new password, the e-mail address must be provided in the form available under the link "I do not remember my login or password", provided when logging in to the Online Shop account. The Customer will receive an email to the email address provided during registration or saved in the last account profile change, containing a redirection to the dedicated form provided on the Store Website, where the Customer will have the opportunity to set a new password.
- Brod Sp. z o.o. never sends any correspondence, including electronic correspondence requesting login details and in particular the password to access the Customer's account.
- Date last modified: 09.07.2018