1. General provisions
1.2. The administrator of personal data collected through the online store is ELSAT s.c. R. Kujda P.Rzepecki (Warszawska 32E/1, 05-500 Piaseczno POLAND); NIP: 5210125822; REGON: 012046300; e-mail: email@example.com - hereinafter referred to as "Administrator" and is also an online store service provider and reseller.
1.3. The personal data of the service recipient and the client are processed in accordance with regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the freedom of movement such data - General Data Protection Regulations (GDPR).
1.4. The Administrator shall make special care to protect the interests of the data subject and in particular ensure that the data collected by him are processed lawfully; Collected for designated, lawful purposes and not further processing not in conformity with these objectives; Substantively correct and adequate to the purposes in which they are processed and kept in a form which permits identification of the persons concerned for no longer than is necessary to achieve the purpose of the processing.
1.5. Any words, phrases or acronyms appearing on this website and beginning with an uppercase letter (e.g. The seller, the online store, the electronic service) shall be understood in accordance with their definition contained in the online store's terms and conditions available on the website.
2. Purpose and scope of data collection and data recipients
2.1. Each time the purpose, scope and recipient of the data processed by the administrator is due to actions taken by the client or the customer in the online shop. For example, if the customer in the course of placing an order selects a personal collection instead of a courier shipment, his/her personal data will be processed for the purpose of concluding and fulfilling the sales agreement, but will no longer be made available to the carrier carrying out Orders to the administrator.
2.2. Possible purposes of the collection of personal data of recipients or clients by the administrator:
2.2.1. Conclusion and implementation of the contract of sale or electronic service contract (e.g. account).
2.2.2. Direct marketing of the administrator's own products or services.
2.3. Possible recipients of personal data of online store customers:
2.3.1. In the case of a customer who uses the delivery method in the online store by mail, pallet or courier, the Administrator shall provide the collected personal data of the customer to the selected carrier or intermediary performing Orders to the administrator.
2.3.2. In the case of a customer who uses an electronic payment method in an online store or a payment card, the Administrator shall make available the collected personal data of the customer, the selected entity serving the above payments in the online store .
2.4. The Administrator may process the following personal data of service recipients or customers using the online shop: full name; e-mail address; Contact phone number; Delivery address (street, house number, apartment number, postcode, city, Country), residence/business address (if different from delivery address). In the case of recipients or customers who are not consumers, the Administrator may also process the company name and tax identification number (tin) of the recipient or customer.
2.5. The provision of personal data referred to in paragraph above may be necessary for the conclusion and execution of a contract of sale or an electronic service contract in an online store. Each of the areas required for the conclusion of a data contract is indicated in advance on the online store and in the rules of the online shop.
4. Basis of data processing
4.1. The provision of personal data by the client or customer is voluntary, albeit not to provide indicated in the online store and in the rules of the online store the personal data necessary for the conclusion and execution of the contract of sale or an electronic service contract results in a lack of possibility of concluding the contract.
4.2. The legal basis for the processing of the data is the implementation of the contract (article 6 (1) (b) of the General Data Protection Regulations, hereinafter GDPR), the implementation of legal obligations arising from the accounting and tax provisions (article 6 paragraph 1 point c GDPR) and the implementation Legitimate interest of the Controller, i.e. the and the implementation of marketing activities (article 6 (1), point F GDPR). The basis for the processing of personal data of the client or customer is the necessity to implement a contract to which it is party or to take action at his request before it is concluded. The processing of personal data of the service recipient or the client is the necessity of implementing the contract to which it is party or taking action before it is concluded. In the case of data processing for direct marketing of own products or services of the Administrator, the basis for such processing is (1) the prior consent of the recipient or the client, or (2) fulfilling legally justified purposes Implemented by the Administrator (pursuant to article 23 (4) of the Personal Data Protection Act for the legally justified purpose is considered in particular direct marketing of its own products or services of the administrator).
5. Right to control, access and correct the content of your data
5.1. The client or customer has the right to access their personal data and correct them.
5.2. Each person shall have the right to control the processing of the data relating thereto contained in the administrator's data set, and in particular the right to: Requests for additions, updates, rectification of personal data, temporary or permanent Withhold their processing or delete them if they are incomplete, outdated, untrue or have been collected in violation of the law or are no longer redundant to fulfill the purpose for which they were collected.
5.3. In the event that the client or customer consents to the processing of data for direct marketing of his own products or services, the consent may be revoked at any time.
5.4. Where the administrator intends to process or process the customer's or client's data for direct marketing of his own products or services to the administrator, the data subject shall also be entitled to (1) a written, Reasoned request for cessation of processing of the data due to its specific situation or to (2) object to the processing of its data.
6. Final provisions
6.2. The Administrator shall apply technical and organisational measures to ensure the protection of processed personal data relevant to the risks and categories of data protected, and in particular protect the data from being made available to persons Unauthorised, taken by the person unauthorizeding, processing in violation of the applicable laws and any change, loss, damage or destruction.
6.3. The Administrator shall provide the following technical measures to prevent persons from acquiring and modifying personal data sent electronically:
6.3.1. Securing a set of data against unauthorized access.
6.3.2. Access to the account only after an individual login and password.