§1. PERSONAL DATA
- Personal data provided by the Customer are processed by the Seller (i.e. REGIS sp. z o.o. with the registered office in Kraków, Walerego Sławka Street 3A, postal code 30-633, entered into the National Court Register by the District Court for Kraków Śródmieście in Kraków, XI Economic Department of the National Court Register, under KRS number 0000129238, NIP 683-000-75-37, REGON number 350534035, share capital 510 000 PLN (paid in full)), which is the administrator of personal data. In accordance with the principles set out in the content of Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016. (hereinafter “RODO”). Contact with the Personal Data Controller can be made by e-mail email@example.com or by telephone contact +48 (12) 635 67 00.
- The scope of processed personal data is determined by the scope of data completed by the Customer and then sent to the Seller via an appropriate form. Processing of the Customer’s personal data may involve their e-mail address, name and surname, telephone number, address of residence and computer IP address.The Customers’ personal data will be processed for a period of 5 years, after which it will be deleted, unless its further processing results from another legal basis.
- The Customers’ personal data will be processed in order to:
- realization of legal regulations,
- creating an Account, completing an Order, providing services electronically, processing complaints and other activities indicated in the Regulations,
- promotional and commercial activities of the Seller.
- Providing personal data is voluntary, but lack of consent for the processing of personal data marked as obligatory, will prevent the Seller to perform services and Sales Agreements.
- The legal basis for the processing of personal data in the case referred to in Clause 3 (a) is the legal obligation of the Seller related to the performance of an agreement to which the data subject is a party, including the obligation to take action at the request of the data subject prior to entering into an agreement; in the case referred to in Clause 3 (b) the legal basis for the processing of personal data shall be the Act on Personal Data Protection. (b) the legal basis for the processing of personal data is the consent of the data subject, who has given his/her consent to the processing of his/her personal data for one or more specified purposes, while in the case referred to in paragraph 3 lit. (c) the processing is necessary for compliance with a legal obligation to which the controller is subject.
- Personal data of the Clients may be entrusted for processing, only for the purpose of Sales Agreements and agreements on provision of electronic services by the Seller, to a hosting company, a company providing accounting services to the Seller and a courier company. The entity processing personal data of the Clients on the basis of the Entrustment Agreement will process, from the entry into force of the RODO, personal data of the Clients, through another entity, only on the basis of prior consent of the Seller. Personal data collected by the Seller may also be made available to: relevant state authorities at their request on the basis of relevant provisions of law, or to other persons and entities – in cases provided for by law.
- Disclosure of personal data to entities not authorized under this Policy, may take place only with the prior consent of the Client to whom the data relate.
- Customers have the right to: remove personal data collected about them both from the system of the Seller, as well as from databases of entities cooperating with the Seller, to limit processing of data, to transfer personal data collected by the Seller about the Customers and to receive them in a structured form, to file a complaint to the supervisory authority in a situation where the Customer believes that his or her data are processed unlawfully, and to file a legal action before the court against the supervisory authority as against the entity committing violations.
- If the Seller receives information that the Customer uses a service provided electronically contrary to these Terms and Conditions or to applicable laws (unauthorized use), the Seller may process personal data of the Customer to the extent necessary to determine the liability of the Customer.
- The service may store http inquiries, so the server log files may contain some information, including the IP address of the computer from which the inquiry was made, the name of the station of the Client – identification via the http protocol, if possible, the date and time of registration in the Store and receipt of the inquiry, the number of bytes sent by the server, the URL of the site previously visited by the Client if the Client came via a link, information about the Client’s browser, information about errors that occurred during the http transaction. Logs can be collected as material for proper administration of the Store. Only persons authorized to administer the computer system have access to the information. Log files may be analyzed in order to prepare statistics of traffic in the Store and errors that occur. Summary of such information does not identify the Customer.
- Transfer of Customers’ personal data to third countries will take place in accordance with the requirements introduced by RODO.
§2. INFORMATION SECURITY
- The Seller applies technical and organizational measures to ensure the protection of processed personal data referred to in Articles 25, 30, 32-34, 35-39 RODO, ensuring increased protection and security of processing of Customers’ personal data, appropriate to the threats and categories of protected data, and in particular, technically and organizationally secures the data against their disclosure to unauthorized persons, acquisition by unauthorized person, processing in violation of the Act, and against change, loss, damage or destruction, inter alia SSL (Secure Socket Layer) certificates are used. The collection of collected Customers’ personal data is stored on a secure server and the data is also protected by the Seller’s internal procedures on personal data processing and information security policy.
- In order to log into the Account, it is necessary to provide a login and password. To ensure an adequate level of security, the password to access the Account exists in the Store only in encrypted form. Moreover, registration and logging into an Account takes place in a secure https connection. Communication between the client’s device and servers is encrypted using SSL protocol.
- The Seller also points out that the use of the Internet and services provided electronically may be associated with specific ICT risks, such as: the presence and operation of Internet worms (worm), spyware or malware, including computer viruses, as well as the possibility of being exposed to cracking or phishing (password hunting), and others. In order to obtain detailed and professional information on maintaining security on the Internet, Merchant recommends consulting entities specializing in this type of IT services.
- The Seller uses two types of cookies: session cookies, which are deleted permanently when the session of the Client’s browser ends and with the consent of the Client, expressed through the browser settings, permanent cookies, which remain after the end of the browser session on the Client’s device until they are deleted.
- On the basis of cookies, both session and persistent, it is not possible to determine the identity of the Customer. The Cookies mechanism does not allow collecting any personal data.
- Cookies are safe for the Customer’s device, in particular they do not allow viruses or other software to enter the device.
- Files generated directly by the Store cannot be read by other services. External cookies (i.e. cookies placed by the Seller’s partners, with the prior consent of the Client by selecting the appropriate settings of the browser) can be read by an external server.
- The Client may disable the storage of Cookies on his/her device, in accordance with the instructions of the browser manufacturer. Disabling by the Client of permanent and external cookies cannot result in the unavailability of some or all functions of the Shop.
- The Seller uses its own Cookies for the following purposes: Client authentication in the Store and maintaining a Client session; setting up the Store and adapting the content of the pages to Client preferences, such as: recognition of Client’s device, storing the settings selected by the Client; ensuring data security and the use of the Store; analyses and audience research; provision of advertising services.
- Seller uses External Cookies, subject to paragraph 5, for the following purposes: to create statistics (anonymous) to optimize the usefulness of the Store, through analytical tools such as Google Analytics; to use interactive features through social networking sites: Facebook, Twitter, YouTube and Instagram.
- The Customer can individually change the settings for Cookies at any time, specifying the conditions for their storage, through the settings of the web browser or by configuring the service. The Customer can also independently delete Cookies stored on his device at any time, in accordance with the instructions of the browser manufacturer.