1) GENERAL PROVISIONS
1. The administrator of personal data collected in connection with the transactions regulated by these GTS is NOVUM SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA with its registered office in Szczytno (registered office and delivery address: ul. BolesławaChrobrego 1, 12-100 Szczytno, POLAND); entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000629962; registry court where the company's documentation is kept: District Court in Olsztyn, VIII Commercial Division of the National Court Register; VATID: 7451847179; National Business Registry Number: 365105992, e-mail address: firstname.lastname@example.org and contact telephone number: + 48 89 623 29 85, + 48 89 623 29 86 - hereinafter referred to as the "Administrator" and being also the Seller.
2. Personal data is processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free the flow of such data and the repeal of Directive 95/46 / EC (general data protection regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
4. The administrator takes special care to protect the interests of persons whose personal data being processed by him, and in particular is responsible and ensures that the data collected by him are: (1) processed in accordance with the law; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form enabling the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage by appropriate technical or organizational measures.
5. Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probability and severity of risk, the Administrator implements appropriate technical and organizational measures so that the processing takes place in accordance with this regulation and to be able to prove it. These measures are reviewed and updated as necessary. The administrator uses technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.
2) BASIS FOR DATA PROCESSING
The administrator is entitled to process personal data in cases where - and to the extent that - at least one of the following conditions is met: (1) the data subject has consented to the processing of his personal data in one or more specific goals; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary to fulfill the legal obligation incumbent on the Administrator; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data , in particular when the data subject is a child.
3) PURPOSE, BASIS AND PERIOD OF DATA PROCESSING
1. Each time the purpose, basis and period as well as the recipients of personal data processed by the Administrator result from actions taken by you.
2. The administrator may process personal data for the following purposes, on the basis and during the periods indicated in the table below:
|Purpose of data processing||Legal basis for data processing||Data storage period|
|Performing the Sales Agreement or taking action at the request of the data subject before concluding the above-mentioned contract||Article 6 (1) 1 lit. b) GDPR Regulations (performance of the contract) - processing is necessary for the performance of the contract to which the data subject is a party, or to take action at the request of the data subject, before concluding the contract||The data is stored for the period necessary to perform, terminate or otherwise terminate the concluded Sales Agreement|
|Direct marketing||Article 6 (1) 1 lit. f) GDPR Regulations (legitimate interest of the administrator) - processing is necessary for purposes arising from the legitimate interests of the Administrator - consisting in caring for the interests and good image of the Administrator and striving to sell Products||The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of the Administrator's claims against the data subject due to the economic activity conducted by the Administrator. The limitation period is determined by the law, in particular the Civil Code (the basic limitation period for claims related to running a business is three years, and for a Sales Agreement - two years). The administrator may not process data for the purpose of direct marketing in the event of an effective objection in this regard by the data subject.|
|Marketing||Article 6 (1) 1 lit. a) GDPR Regulations (consent) - the data subject has consented to the processing of his personal data for marketing purposes by the Administrator||Article 6 (1) 1 lit. a) GDPR Regulations (consent) - the data subject has consented to the processing of his personal data for marketing purposes by the Administrator|
|Keeping tax or accounting books||Article 6 (1) 1 lit. c) Regulations of the GDPR in connection with with art. 86 § 1 of the Tax Ordinance, i.e. of January 17, 2017 (Journal of Laws of 2017, item 201) or art. 74 sec. 2 of the Accounting Act, i.e. of January 30, 2018 (Journal of Laws of 2018, item 395) - processing is necessary to fulfill the legal obligation incumbent on the Administrator||The data is stored for the period required by law requiring the Administrator to store tax books (until the tax liability period expires, unless tax laws provide otherwise) or accounting books (5 years, counting from the beginning of the year following the financial year to which the data relates).|
|Determining, investigating or defending claims that may be raised by the Administrator or that may be raised against the Administrator||Article 6 (1) 1 lit. f) GDPR Regulations (legitimate interest of the administrator) - processing is necessary for purposes resulting from the legitimate interests of the Administrator - consisting in establishing, investigating or defending claims that may be raised by the Administrator or which may be raised against the Administrator||The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of claims that may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years).|
4) DATA RECIPIENTS
1. It is necessary for the Administrator to use the services of external entities (such as, for example, a software provider). The administrator uses only the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.
3. Your personal data may be transferred to the following recipients or categories of recipients:
a.carriers / freight forwarders / courier brokers / entities servicing the warehouse and / or the shipping process - if you use a Product delivery method other than the Seller's own delivery, the Administrator provides your collected personal data to a selected carrier, forwarder or intermediary performing shipments on behalf of the Administrator, and if the shipment takes place from an external warehouse - to the entity operating the warehouse and / or the shipping process - to the extent necessary to complete the delivery of the Product.
5) THE RIGHTS OF THE PERSON WHO THE DATA CONCERNS
1. The right of access, rectification, restriction, deletion or transfer - the data subject has the right to request the Administrator to access his personal data, rectify it, delete ("the right to be forgotten") or limit processing and has the right to submit object to processing, and also has the right to transfer their data. Detailed conditions for the exercise of the above-mentioned rights are set out in Art. 15-21 of the GDPR Regulation.
2. The right to withdraw consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to art. 6 section 1 letter a) or art. 9 sec. 2 lit. a) of the GDPR Regulation), it has the right to withdraw consent at any time without affecting the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
3. The right to lodge a complaint to the supervisory body - the person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland is the President of the Personal Data Protection Office.
4. Right to object - the data subject has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data based on art. 6 sec. 1 lit. e) GDPR Regulations (public interest or tasks) or f) GDPR Regulations (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally valid grounds for processing, overriding the interests, rights and freedoms of the data subject, or the grounds for establishing, investigating or defending claims.
5. Right to object to direct marketing - if personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his personal data for such marketing purposes, including profiling, in the scope of in which the processing is related to such direct marketing.