Your cart
There are no more items in your cart
PRIVACY POLICY
§ 1
DEFINITIONS
1. Administrator - Marcin Zaremski company running an online store at zaremski.pl/shop
2. Personal Data - data provided by the User when placing an order or registering an account on the Site, i.e.: first name and surname, address of residence, shipping address, email address, telephone number, as well as IP of the device, location data, Internet identifier and information collected through cookies. If the User making the purchase requests an invoice, then the VAT ID number is also used.
3. Policy - this Privacy Policy.
4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
5. Site - the website maintained by the Administrator at the address www.zaremski.pl
6. User - every natural person visiting the Website or using one or more of the services or functions described in the Policy, in particular a Customer of the Store available on the Site.
7. Collection Point - a regular store run by the Administrator at the address: Galeria Metal - Rynek St. Miasta 8 in Warsaw (closed until further notice due to COVID19)
8. Newsletter - a service provided electronically by the Store, consisting in sending commercial and advertising information to the e-mail address provided by the interested party.
§ 2
DATA PROCESSING IN CONNECTION WITH THE USE OF THE SITE
In connection with the use of the Site by the User, the Administrator collects data to the extent necessary to provide individual services, as well as information about the User's activity on the Site. Detailed rules and purposes of processing personal data collected during the use of the Site by the User are described below.
§ 3
PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE SITE
I. USING THE SITE
1. Personal data of all persons using the Site (including IP address or other identifiers and information collected through cookies), who are not registered Users (i.e. persons without a profile in the Service) are processed by the Administrator:
a) in order to provide services electronically in the scope of making content published on the Site available to Users, reservation of products as part of the product reservation service at the Collection Point - then the legal basis for the processing is the necessity of the processing to perform the agreement (Article 6(1)(b) GDPR);
b) in order to handle purchases made without registration with the Site - then the legal basis for the processing is the necessity of the processing for the performance of the agreement (Article 6(1)(b) GDPR);
c) in order to handle a complaint - then the legal basis for the processing is the necessity of the processing for the performance of the agreement (Article 6(1)(b) GDPR);
d) for analytical and statistical purposes - then the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting in conducting analyses of Users' activity as well as their preferences in order to improve the functions used and services provided;
e) in order to possibly establish and pursue claims or defend against them, the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) in protecting its rights;
f) for the Administrator's marketing purposes, in particular those related to sending the Newsletter - the principles of personal data processing for marketing purposes are described in the "MARKETING" section.
2. The User's activity on the Site, including their personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and actions concerning the IT system used by the Administrator to provide services). Information collected in logs is processed in connection with the provision of services. The Administrator also processes data for technical purposes, in particular, data may be temporarily stored and processed for the purpose of ensuring the security and proper functioning of IT systems, e.g. in connection with making back-up copies, testing of changes in IT systems, detection of irregularities and protection against abuse and attacks.
II. REGISTRATION ON THE SITE
1. Persons who register on the Site are asked to provide Personal Data necessary to create and operate an account. Provision of data marked as mandatory, i.e. full name, shipping address, email address, telephone number is required to set up and operate the account, and failure to provide such data results in the impossibility of setting up an account.
2. Personal data are processed:
a) in order to provide services connected to running and operating an account on the Site - the legal basis for the processing is the necessity of the processing for the performance of the agreement (Article 6(1)(b) GDPR),
b) for analytical and statistical purposes - the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting in conducting analyses of Users' activity on the Site and the manner of using the account, as well as their preferences in order to improve the functions used;
c) in order to possibly establish and pursue claims or defend against them - the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) in protecting its rights.
d) for the Administrator's marketing purposes, in particular those related to sending the Newsletter - the principles of personal data processing for marketing purposes are described in the "MARKETING" section.
3. If the User places any personal data of other persons on the Site (including their name, address, telephone number or e-mail address), they may do so only on condition that they do not violate the provisions of applicable law and personal rights of those persons.
III. ORDER PLACEMENT
1. Placing an order (purchase of goods) by a User of the Site is connected with processing of their Personal Data. Provision of data marked as mandatory, i.e. full name, shipping address, email address, telephone number is required to accept and manage an order, and failure to provide such data results in the impossibility of fulfilling the order.
2. Personal data are processed:
a) in order to handle a submitted order - the legal basis for the processing is the necessity of the processing for the performance of the agreement (Article 6(1)(b) GDPR);
b) in order to fulfil the statutory obligations incumbent on the Administrator, resulting in particular from tax and accounting regulations - the legal basis for the processing is the legal obligation (Article 6(1)(c) GDPR);
c) for analytical and statistical purposes - the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting in conducting analyses of Users' activity on the Site, as well as their preferences in order to improve the functions used;
d) in order to possibly establish and pursue claims or defend against them - the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) in protecting its rights.
IV. MARKETING
1. The Administrator processes Users' personal data in order to carry out marketing activities, which may consist in:
a) displaying to the User marketing content that is not adjusted to their preferences (contextual advertising);
b) sending e-mail notifications of interesting offers or content, which in some cases contain commercial information;
c) conducting other activities related to direct marketing of goods and services (sending commercial information electronically via the Newsletter).
2. The Administrator processes the Users' personal data for marketing purposes in connection with sending contextual advertising messages to the Users (i.e. advertising that is not adjusted to the User's preferences). The processing of personal data is then carried out on the basis of the user's consent (Article 6(1)(a) GDPR).
3. If the User has agreed to receive marketing information via e-mail, in particular to receive the Newsletter, the User's personal data will be processed in order to send such information. The basis for data processing is consent given by the User (Article 6.1.a GDPR), without prejudice to the legitimate interests of the Administrator (Article 6(1)(f) GDPR). Consent can be revoked at any time.
4. The User may agree to order the Newsletter service (subscription). The Newsletter service consists in periodical sending of the Administrator's newsletter and the Administrator’s messages containing marketing content (commercial information) to the given e-mail address. Newsletter subscription takes place by ticking the appropriate option in the registration form or at a later date in the "Your account" tab ("Newsletter” link). Subscription to the Newsletter is voluntary and free of charge. The Newsletter service is provided for an indefinite period of time and the User may withdraw from it at any time by unchecking the appropriate box in the "Your account" tab ("Newsletter" link) or by email: onlineshop(at)zaremski.pl
§ 4
COOKIES
1. Cookies are small text files installed on the User's device when browsing the Site. Cookies collect information that facilitates the use of the Site - e.g. by remembering the User's visits to the Site and their actions.
2. The User can use the Site without the use of cookies, but this may mean that some functions or services of the Store will not work properly. If the User does not agree to the use of cookies, they should at any time select the option to reject cookies or to be notified about their transmission in the browser settings.
I. "SERVICE" COOKIES
1. The Administrator uses so-called service cookies primarily to provide the User with services rendered electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to the User use cookies while storing information or gaining access to information already stored on the User's ICT end device (computer, phone, tablet, etc.). The cookies used for this purpose include:
a) user input cookies, cookies with data entered by the User (session ID) for the duration of the session;
b) authentication cookies used for services requiring authentication for the duration of the session;
c) security cookies, e.g. used to detect authentication breaches, i.e. user centric security cookies;
d) multimedia player session cookies (e.g. flash player cookies), for the duration of the session;
e) persistent user interface customization cookies for the duration of the session or slightly longer,
f) shopping cart cookies used to remember the basket content for three days;
g) cookies used to monitor website traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyse the way the User uses the Site, to create statistics and reports on the operation of the Website). Google does not use the collected data to identify you, nor does it link this information to facilitate identification. For detailed information on the scope and principles of data collection in relation to this service, please see the link: https://www.google.com/intl/pl/policies/privacy/partners.
II. "MARKETING" COOKIES
1. The Administrator also uses cookies for marketing purposes, e.g. in connection with sending advertising messages to Users. For this purpose, the Administrator stores information or gains access to information already stored on the User's ICT end device (computer, telephone, tablet, etc.). The use of cookies and personal data collected through the cookies for marketing purposes requires the User's consent. This consent can be given by configuring your browser accordingly and can be withdrawn at any time, in particular by clearing the cookie history and disabling cookies in your browser settings.
2. The Administrator shall not undertake any automated data profiling activities.
§ 5
PERIOD OF PERSONAL DATA PROCESSING
1. The period of processing of data by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data shall be processed for the duration of the provision of the service or the fulfilment of the order, until the consent is withdrawn or an effective objection is raised to the processing of the data in cases where the legal basis for the processing is the legitimate interest of the Administrator.
2. The period of processing may be extended where processing is necessary to establish and assert possible claims or defences against them, and thereafter only if and to the extent required by law. At the end of the processing period, the data are irreversibly deleted or rendered anonymous.
§ 6
USER RIGHTS
3. The Data Subjects shall have the following rights:
a) the right to information about processing of personal data - on this basis the Administrator shall provide the person making such a request with information about the processing of personal data, including, first of all, the purposes and legal basis of the processing, the scope of the data held, entities to whom the personal data are disclosed and the planned date of their removal;
b) the right to obtain a copy of the data - on this basis the Administrator shall provide a copy of the processed data concerning the person making the request;
c) the right of rectification - on this basis, the Administrator removes possible inconsistencies or errors concerning the processed personal data, and completes or updates them if they are incomplete or have changed;
d) the right to delete data - on this basis, deletion of data whose processing is no longer necessary for any of the purposes for which they were collected may be requested;
e) the right to restrict processing - on this basis, the Administrator shall cease all operations on personal data, except those authorised by the data subject and their storage, in accordance with the adopted retention rules, or until the reasons for restricting the processing have ceased to exist (e.g. a decision of the supervisory authority authorising further processing);
f) the right to data portability - on this basis, in so far as the data are processed in connection with an agreement or consent, the Administrator shall issue the data supplied by the data subject in a computer-readable format. It is also possible to request that the data be sent to another entity - however, provided that there are technical possibilities both on the part of the Administrator and the other entity;
g) the right to object to the processing of data for marketing purposes - the data subject may at any time object to the processing of personal data for marketing purposes without having to justify such an objection;
h) the right to object to other purposes of data processing - the data subject may at any time object to the processing of personal data on the basis of the Administrator's legitimate interest (e.g. for analytical or statistical purposes or for reasons related to protection of property). An objection in this respect should contain a justification and is subject to the Administrator's assessment;
i) the right to withdraw consent - if the data are processed on the basis of the data subject's consent, the data subject has the right to withdraw it at any time, but this does not affect the lawfulness of the processing carried out before the withdrawal of that consent;
j) the right to complaint - if it is considered that the processing of personal data violates the provisions of the GDPR or other regulations on personal data protection, the data subject may lodge a complaint with the President of the Office for Personal Data Protection.
4. A request for the exercise of the rights of the Data subjects may be submitted in writing to the address: ZAREMSKI ul. Cegłowska 58/1, 01-809 Warsaw or by e-mail: onlineshop@zaremski.pl
5. The request should, as far as possible, indicate precisely what is requested, i.e. in particular: what right does the applicant want to exercise (e.g. the right to receive a copy of the data, the right to delete the data, etc.); what kind of processing is involved in the request (e.g. use of a specific service, activity on a specific website, receiving a Newsletter containing commercial information at a specific email address, etc.); what processing purposes does the request concern (e.g. marketing purposes, analytical purposes, etc.).
6. If the Administrator is unable to determine the content of the request or to identify the applicant on the basis of the request, it shall ask the applicant for additional information.
7. A response to the request shall be given within one month from its receipt. If an extension is necessary, the Administrator shall inform the applicant of the reasons for such an extension.
8. A response will be sent to the e-mail address from which the request was sent, or, in case of requests submitted by post, by ordinary letter sent to the address indicated by the applicant, unless the contents of the letter indicate a wish to receive a response at an e-mail address (in which case the e-mail address must be provided).
§ 7
DATA RECIPIENTS and social media plugins
1. In connection with the performance of services related to the operation of the online store, personal data will be disclosed to external entities, including in particular suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting, legal, auditing, consulting services, couriers (in connection with the performance of orders).
2. In case of obtaining a separate consent of the User, their data may also be made available to other entities for their own purposes, including marketing purposes.
3. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
4. The data will not be transmitted outside the European Economic Area (EEA).
5. For some of the content on the Site, so-called social media plugins are used: Facebook and Instagram (social networking sites), through which it is possible to share content published on the Site. When using social media plugins, the social media sites that support them can download User data. Social media plugins integrated into the Site enable social networking sites to obtain information on what IP address the User is visiting the Site from, regardless of whether they are logged in or registered with the social networking site. Data collected by social media plugins may only be exchanged between the User's web browser and the social network operator.
§ 8
PERSONAL DATA SECURITY
1. The Administrator conducts risk analysis on an ongoing basis in order to ensure that personal data are processed by the Administrator in a secure manner - ensuring in particular that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Administrator ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
2. The Administrator shall take all necessary steps to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process personal data on the Administrator's behalf.
§ 9
INTELLECTUAL PROPERTY
1. Zaremski name, logo and other word, word-graphic names and marks presented on the Site are registered trademarks. All materials available on the Site are protected by industrial property law and copyright law and may not be used without prior written consent of the Administrator or other entities respectively.
2. All other trademarks and trade names and brand names other than Zaremski belong and/or are reserved by their owners and are used by the Administrator for informational purposes only.
3. Without the Administrator's consent granted in writing, it is not allowed to send, distribute, modify, publish, post on other sites or use in any other way the content of the Site for commercial or non-commercial but public purposes. This applies in particular to the texts, photographs, tables, descriptions, drawings and graphics published on the website. The above limitation applies to both any part and the whole Site. It is allowed to copy and print parts of the Site only for private, personal and non-commercial use on the User's personal computer.
4. The use of the Site means taking full liability for any damage resulting from conduct constituting an act of unfair competition or infringing on copyright, trademark rights, design, ornament, patent or other property rights or personal rights.
5. It is also prohibited to use any data, including contact details available on the site for any other purpose than informational or purchase-related purpose, in particular to market such data or otherwise benefit from its dissemination.
§ 10
CONTACT DETAILS
1. The Administrator can be contacted via e-mail: onlineshop(at)zaremski.pl or by post at ZAREMSKI ul. Cegłowska 58/1, 01-809 Warsaw
2. The Administrator has appointed a Data Protection Officer who can be contacted by e-mail: onlineshop(at)zaremski.pl in any matter concerning the processing of personal data.
§ 11
PRIVACY POLICY CHANGE
1. The Policy is reviewed and, if necessary, updated on an ongoing basis.
2. Any changes to the Privacy Policy shall be communicated to the Users by means of an appropriate message published on the Site.