§1. GENERAL PROVISIONS
1. This Privacy Policy sets out the rules for the processing of personal data of users (hereinafter: Users) of the online store available at the electronic address d-centa.pl (hereinafter: the Website).
2. The owner of the Website and the administrator of the personal data of the Website Users is D-Centa Ltd. with headquarters in Łódź, address: ul. Żurawia 7/9, 91-455 Łódź, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Łódź-Śródmieście in Łódź, 20th Department of the National Court Register in Łódź, under the KRS number: 0000697524, NIP: 7262668145, REGON: 368419202 ( hereinafter referred to as: the Administrator).
3. Users' personal data collected by the Administrator are processed in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of the Directive 95/46 / EC (General Data Protection Regulation), hereinafter referred to as: GDPR.
4.The Website users are natural persons who perform legal transactions not directly related to their activities, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, using the services provided by the Administrator via the Website, specified in the Website Terms and Conditions(hereinafter referred to as: Regulations).
5. This Privacy Policy is an integral part of Regulations.
§2. SCOPE OF THE PROCESSING OF PERSONAL DATA
1. The Administrator processes Users' personal data in connection with:
1) registration of Users on the Website in order to create and manage an individual User account. Legal basis: necessity to perform the contract for the provision of the account service (Article 6 (1) (b) of the GDPR);
2) placing an order on the Website in order to perform the sales contract. Legal basis: necessity to perform the sales contract (Article 6 (1) (b) of the GDPR);
3) answering questions sent or in other matters, in which the User contacts the Administrator using from the contact form available on the Website. Legal basis: legitimate interest of the Administrator, i.e. proper user service including answering questions (Article 6 (1) (f) of the GDPR).
2. When registering an account and placing an order on the Website, the User provides: name and surname, e-mail address, telephone number, address details: street with house / flat number, postal code, city, country and, additionally, EU tax identification number and company (for entrepreneurs).
3. By registering an account on the Website, the User independently sets an individual password to access his account. The user may change the password at a later time, on the terms described in §9 sec. 3.
4. In the event of answering the question sent via the Website's contact form, the User provides an e-mail address.
5. When using the Website, additional information may be downloaded, ie: the IP address assigned to the User's device or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
§3. PURPOSE OF PROCESSING OF PERSONAL DATA
1. The administrator processes personal data for the purpose of:
1) enabling Users to use the Website, which should be understood as the implementation of services provided in accordance with the Regulations, including: orders placed on the Administrator's Website, ensuring contact with Users, including answering Users' questions, issuing invoices, complaint handling, registering an account in The Website, providing support for this account and transactions made by Users, including solving technical problems;
2) conducting direct marketing of services provided by the Administrator, including primarily the implementation of the voluntary service of a free newsletter containing commercial information within the meaning of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2019, item 123) ;
3) conducting contests, loyalty programs or promotional campaigns organized by the Administrator;
4) ensuring the security of services provided by the Administrator by electronic means, in particular to enforce the Users' compliance with the Regulations and to prevent and counteract fraud and abuse;
5) performing obligations arising directly from the applicable legal provisions;
6) statistical and archiving;
7) pursuing claims resulting from the economic activity conducted by the Administrator.
2. Providing personal data by Users is voluntary, but necessary for the Administrator to provide services via the Website. Failure to provide the data specified in the forms makes it impossible to register and set up a User's account, answer questions, and in the case of placing an order without registering an account, it will prevent the submission and implementation of the User's order.
§4. USER RIGHTS
1. The User has the right to:
1) access to his personal data processed by the Administrator;
2) to rectify personal data, if the Administrator believes that the personal data processed by the Administrator are out of date, incomplete or untrue;
3) to limit the processing of personal data;
4) to delete personal data;
5) to object to the processing of personal data;
6) to transfer personal data;
7) to withdraw consent to the processing of User's personal data at any time (without affecting the lawfulness of processing based on consent before its withdrawal).
2. The rights referred to in § 4 section 1 may be exercised by the User:
1) in person at the Administrator's office from Monday to Friday, from 9.00 to 16.00;
2) by post to the address of the Administrator's seat;
3) by e-mail to the following address: info@d-centa.pl;
4) via an account registered on the Website;
by submitting a written or electronic declaration of will.
3. The User also has the right to lodge a complaint with the supervisory body for the protection of personal data, ie the President of the Office for Personal Data Protection.
4. The Administrator reserves the right to refuse to delete the User's data if their preservation is necessary in order to pursue claims or if it is required by applicable law.
§5. COOKIES MECHANISM
1. The website of the website uses text files called cookies.
2. Cookies are saved by the server on the User's computer, if the web browser settings allow it. In order to use the Website, it is necessary to allow cookies to be stored on the User's computer. Lack of permission may mean that it is impossible or difficult to use the Website.
3. Cookies are not used to collect the User's personal data.
4. Cookies do not change the configuration of the User's computer, are not used to install or uninstall any computer program, and do not interfere with the integrity of the system or User's data.
5. The Website uses two types of cookies:
1) session: after the end of the browser session or the computer is turned off, the saved information is removed from the device's memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from Users' computers.
2) permanent: they are stored in the memory of the User's end device and remain there until they are deleted or expired. The persistent cookie mechanism does not allow the collection of any personal data or any confidential information from the Users' computer.
6. The administrator uses own cookies for the purpose of:
1) authentication of the User on the Website and ensuring the User's session on the Website (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;
2) analysis, research and audience audit, and in particular to create anonymous statistics that help to understand how Users use the Website, which allows improving its structure.
7. The administrator may use external cookies to collect general, anonymous static data via analytical tools. The Administrator reserves the right to use the services of third parties in the field of developing statistics on the use of the Website. The Administrator declares that in this case, such entities will not be provided with any data identifying Users.
8. In accordance with the applicable provisions of the Act of 16 July 2004 Telecommunications Law (Journal of Laws of 2018, item 1954), the User has the right to decide on the access of cookies to his computer by selecting them in the window of his browser. . How to manage cookies - instructions from web browser manufacturers:
Mozilla Firefox
Internet Explorer
Google Chrome
§ 6. IP ADDRESS
The Administrator reserves the right to collect IP addresses of website visitors. IP addresses may be helpful in diagnosing technical problems with the server by the Administrator, creating statistical analyzes (e.g. determining the regions from which the most visits are recorded). In addition, they may be useful in administering and improving the Website's website, as well as for the possible identification of unwanted automatic programs for viewing the content of the Website that burden the server.
§ 7. SHARING OR ENTRYING PERSONAL DATA
1. Users' personal data will not be made available by the Administrator to other entities or third parties, except when:
1) the User agrees to it in writing;
2) it is necessary for the purpose of providing services provided by the Administrator via the Website, i.e. Users' personal data may be made available to entities such as Poczta Polska S.A. with its seat in Warsaw, InPost Paczkomaty Sp. z o.o. based in Kraków, courier companies (DHL, DPD, others), payment operators (PayU, PayPal) In this case, the Administrator provides only the personal data that is necessary to implement the above-mentioned services. More information on how these entities use Users' personal data can be found in their privacy and cookie policies;
3) it is necessary to detect and prevent fraud, as well as to solve other problems related to fraud, security and technical issues;
4) it is required by applicable law or a justified request of state institutions and judicial authorities.
2. In addition, the Administrator may disclose Users' personal data to entities authorized or entrusted with the processing of personal data, i.e .:
1) providers of legal and advisory services in the event that the Administrator pursues claims related to the conducted business activity;
2) providers of technical and organizational services enabling the Administrator to provide services via the Website.
§8. PERIOD OF STORAGE OF PERSONAL DATA
1. Users' personal data are stored:
1) If the basis for the processing of personal data is consent, the User's personal data are processed by the Administrator until the consent is revoked, and after the consent is revoked for a period of time corresponding to the period of limitation of claims that may be raised by the Administrator and which may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years;
2) If the basis for data processing is the performance of the contract, the User's personal data is processed by the Administrator as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years.
§ 9. SECURITY AND PROTECTION OF PERSONAL DATA
1. The Administrator declares that he processes Users' personal data in accordance with the requirements of the GDPR and other applicable provisions on the protection of personal data, which supplement and / or implement the GDPR, including, in particular, that he applies technical and organizational measures to protect the processed data, appropriate to the risks and the categories of data to be protected, and in particular, it protects Users' personal data against unauthorized disclosure, loss or damage.
2. The Administrator provides the Users with a secure and encrypted connection when sending personal data and logging into the account on the Website. The administrator uses an SSL certificate for security and encryption of data sent over the Internet.
3. A user who has lost a password to access an account on the Website may generate a new password. The administrator does not send a password reminder. In order to generate a new password, enter your e-mail address in the form available under the link "Forgot your password?", Provided next to the account login form on the Website. To the e-mail address provided during registration, the User will receive an e-mail containing a redirection to a dedicated form available on the Website, where the User will be able to set a new password.
4. The Administrator does not send any correspondence, including electronic correspondence with a request for login details, in particular the access password to the User's account.
§10. LIABILITY DISCLAIMER
1. This Privacy Policy does not cover any information regarding services or goods of entities other than the Administrator, which have been posted on the Website commercially, as a guest, on a reciprocal basis or not serving to achieve a commercial effect.
2. The website contains links and references to other websites. The administrator is not responsible for the privacy protection rules applicable to them.
§11. CONTACT
Please send any questions related to the Privacy Policy to the address of the Administrator's office or to the e-mail address: info@d-centa.pl.
§12. CHANGES TO THE PRIVACY POLICY
1. The Administrator reserves the right to make changes to the Privacy Policy, if required by law or changes introduced to the Website.
2. The Administrator will inform the User about the planned change and the date of its entry into force through the Website, the newsletter service, and in relation to registered Users, the information will also be placed via the account.
3. The User using the Website is subject to the current Privacy Policy.
4. The date specified below is the effective date of the Privacy Policy in its last version.
Date: August 18, 2020