§ 1. Definitions
1. Administrator - Łukasz Spych running a business under the name: SUGEST Łukasz Spych with its registered office in Turek at ul. Kolska Szosa 28, 62-700 Turek, NIP: 6681933999; REGON 301578387, which provides electronic services and stores and accesses information in the User's devices.
2. User - a person using the Online Store; an entity for which, in accordance with the provisions of law, electronic services may be provided or with which an agreement for the provision of electronic services may be concluded.
3. Online Store - a website located under the domain www.nordic.pl, under which the Administrator runs the Online Store.
4. Electronic service - a service provided electronically by the Administrator to the User via the Online Store.
5. Newsletter - information in the form of an electronic letter sent to the User's address regarding products on sale by the Administrator, including information content about new articles, product recommendations, promotions, competitions.
6. Contact form - an interactive form enabling Users to contact the Administrator.
7. Account - set up by the User, it collects data provided by the User and information about orders placed by him.
8. Device - an electronic device through which the User gains access to the Website.
9. Consumer - a natural person concluding a contract with the Administrator as part of the Online Store, the subject of which is not directly related to its business or professional activity.
1. A natural person with full legal capacity, and in cases provided for by generally applicable law, also a natural person with limited legal capacity,
2. Legal person,
3. An organizational unit without legal personality, which is granted legal capacity by law,
- who uses or intends to use the Service or Electronic Service.
§ 2. Introduction
2. The administrator of personal data collected via the Website, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repeal Directive 95/46/EC (General Data Protection Regulation) of April 27, 2016 (Journal of Laws EU. L No. 119, p. 1), hereinafter referred to as GDPR (here you can read the regulation http:/ /eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679 ), is Łukasz Spych running a business under the name: SUGEST Łukasz Spych with its registered office in Turek at ul. Kolska Szosa 28, 62-700 Turek, NIP: 6681933999; REGON 301578387, contact phone number +48 794-009-009, e-mail: email@example.com, hereinafter referred to as the Administrator and who is also the Seller in the Online Store.
3. The personal data protection officer is Łukasz Spych running a business under the name: SUGEST Łukasz Spych with its registered office in Turek at ul. Kolska Szosa 28, 62-700 Turek, NIP: 6681933999; REGON 301578387, contact phone number +48 794 009 009, e-mail: firstname.lastname@example.org, hereinafter referred to as the Administrator and being also the Seller in the Online Store.
4. Users' personal data are processed in accordance with the provisions of the GDPR, i.e. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of April 27, 2016 (Journal of Laws UE. L No. 119, p. 1), as well as provided for in the Polish Act on the Protection of Personal Data, executive acts to this Act and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
§ 3. General information
1. The Online Store Administrator makes every effort to protect the privacy of Online Store Users and all data and information that has been obtained from them. With due diligence, it selects and applies technical protection measures, both programming and organizational, thus ensuring complete protection against their sharing, disclosure, loss, destruction, unauthorized modification or processing in violation of applicable law.
2. The Administrator informs that the Online Store uses a transmission protocol that ensures the security of data transmission on the Internet, namely it has the SSL (Secure Socket Layer v3) protocol installed. This is a type of protection consisting in encoding data before they are sent from the User's browser and decoding after safely reaching the server of the Website. Information sent from the server to the User is also encoded and decoded after reaching the goal.
3. The data collected by the Administrator are processed in accordance with the law, respecting the principles of reliability and transparency, are collected to the minimum extent necessary for the specified purposes and processed in accordance with them, not subjected to further processing incompatible with these purposes, adequate and substantively correct in relation to the purpose and stored in a way that allows the identification of data subjects. The period of data storage depends on the purpose of processing and is limited until the assumed purpose is achieved.
5. The Administrator has the right, as well as the statutory obligation, to provide information regarding the Users of the Website to public authorities, e.g. in connection with the conduct of proceedings for possible violations of the law, or to third parties who submit such a request on the basis of applicable provisions of Polish law.
6. The use of services and tools made available as part of the Online Store, as well as providing personal data by Users is voluntary. However, providing them may be necessary to conclude and perform the Agreement for the provision of services and/or Electronic Services in the Online Store, thus their absence will prevent the conclusion of such an Agreement. The scope of data necessary to conclude the Agreement is indicated on the Online Store website.
§ 4. Recipients of personal data of the Online Store
1. In order to ensure the proper operation of the Website, its functionality and to provide the services provided, the Administrator uses the services of external entities. The administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
2. Examples of recipients of personal data of Website Users are:
1. providers of services supporting the work of the Online Store Administrator, e.g. computer software providers to run the Online Store, e-mail,
2. hosting providers,
3. entities providing accounting/accounting services,
4. entities supporting the functionalities of the Online Store.
3. Data recipients (external entities) process personal data on the basis of relevant entrustment agreements signed with the Online Store Administrator. These entities collect, process and store personal data in accordance with their regulations and privacy policies.
§ 5. Acquisition, collection, purpose, scope and processing activities
1. The Administrator obtains information about Users, e.g. by collecting server logs, IP addresses, software and hardware parameters, pages viewed, mobile device identification number and other device and system usage data. The collection of the above information will take place in connection with the use of the Online Store. These data are not used by the Administrator to identify the User.
2. Navigation data may also be collected from Users, including information about links and references or other activities undertaken in the Online Store to facilitate the use of services provided electronically and to improve the functionality of these services.
3. The Administrator reserves the right to filter and block messages sent via the internal message system, in particular if they are spam, contain prohibited content or otherwise threaten the safety of Online Store Users.
4. As part of the Online Store, the Administrator processes Users' personal data for the following purposes:
- implementation of services created or co-created by the Administrator,
- accounting/HR/accounting services as part of the business activity,
- performance of the Agreement for the sale of services or the Agreement for the provision of electronic services,
- facilitating the use of the Online Store and ensuring IT security of the Online Store,
- determination, investigation and enforcement of claims and defense against claims in court proceedings and other enforcement authorities,
- consideration of complaints and requests,
- answering questions submitted via the contact form,
- marketing and advertising related to the preparation of an offer of services.
5. The Administrator informs that he collects, processes and stores the following Users' data: name and surname, e-mail address (e-mail address), contact telephone number, address of residence/business activity/registered office.
In the case of Service Recipients who are not Consumers, the Administrator may additionally process data such as: the name of the Company and the tax identification number (NIP) of the Service Recipient.
7. The User has the right to file a complaint in the event of non-performance or improper performance of the Service, which is provided electronically by the Administrator.
If this right is exercised, the Administrator is obliged to take a position on the matter immediately, but not later than within 14 calendar days from the moment of submitting the complaint. In order to exercise this right, the User sends an unequivocal statement of termination of the contract for the provision of electronic services in writing or via e-mail to the address email@example.com. In order to speed up the consideration of the complaint, it is recommended to provide the following information: circumstances regarding the subject of the complaint and the appearance of any defects, specifying the Customer's request and contact details. The above recommendations are not mandatory and do not affect the effectiveness of the complaint handling.
8. As part of the functionality of the Online Store, the Administrator provides the opportunity to contact him using an interactive form. Using the form requires providing personal data necessary to contact the User and answer the questions contained in the form. The user may also provide other data in order to facilitate contact or order a service. Providing data marked as mandatory is required in order to handle the inquiry and/or accept the order, and failure to provide them may result in the inability to handle it. Providing other data is voluntary.
9. In order to identify the sender and handle his inquiry sent via the provided form - the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6(1)(b) of the GDPR).
10. For analytical and statistical purposes - the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) of the GDPR), consisting in keeping statistics of inquiries submitted by Users via the Store in order to improve its functionality.
11. If the User gives a separate consent, his personal data (e-mail address, telephone number) may be processed in order to send him commercial information about products or the Administrator by electronic means, including to the e-mail address provided in the Registration process. email via newsletter. The user has the right at any time to request the cessation of sending him commercial information by electronic means, e.g. by clicking on the appropriate link in the newsletter or by contacting the e-mail address firstname.lastname@example.org.
12. Plugins and other social tools provided by social networking sites, such as Facebook and Google +, are installed on the website of the Online Store www.nordic.pl . By displaying the Store page on which such a plug-in has been placed, the User's browser will establish a direct connection with the Facebook and Google servers. The content of the plugin is transferred by the given Service Provider directly to the User's browser and integrated with the website. This integration enables the Service Provider to receive information that the User's browser has displayed the www.nordic.pl website, even if the User does not have a profile with a given Service Provider or is not currently logged in to it. If the User is logged in to one of the social networking sites, the Service Provider will be able to directly assign the visit to the website to a given profile on a given social networking site.
DIRECT MARKETING - CUSTOMER SATISFACTION RESEARCH
13. If the User or Customer agrees to it separately, his personal data in the form of e-mail may be processed for direct marketing purposes - customer satisfaction survey. In this regard, Nordic.pl sends an invitation to express their opinion about purchases made on the Opineo portal (via the Opineo portal) and TrustedShops (via the TrustedShops portal). The user has the right to withdraw consent to the processing of personal data at any time (withdrawal of consent does not work however, back), e.g. by clicking on the appropriate link or by contacting us at the e-mail address email@example.com.
§ 6. Rights of data subjects
- The GDPR grants the Users these rights, their list is provided below. They are due without giving a reason, but they are not absolute and will not apply to all activities related to the processing of personal data. In a situation where the User wants to exercise any of his rights, he may at any time send a declaration of will to the e-mail address of the Website or the address of the Administrator's registered office.
I. The right to access data pursuant to art. 15 GDPR
The User may contact the Administrator at any time to confirm whether his data is being processed, and if this is the case, the User has the right to:
- to access personal data,
- to receive information about the purposes of processing, categories of processed personal data, recipients or categories of recipients of this data, the planned period of storing the User's data or about the criteria for determining this period (when determining the planned period of data processing is not possible) about the rights that the User is entitled to under the GDPR (when determining the planned period of data processing is not possible), about the rights of the User under the GDPR and about the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the safeguards applied in connection with the transfer of this data outside the European Union,
- to obtain a copy of your personal data.
II. The right to rectify data pursuant to art. 16 GDPR
The User has the right to request the Administrator to immediately rectify his personal data that are incorrect. He also has the right to request supplementing his personal data. To correct or supplement your personal data, please send information to the e-mail address of the Website.
III . The right to delete data ("the right to be forgotten") - implemented on the basis of art. 17 GDPR
- The User may request the Administrator to delete all or some of his data.
- The user has the right to request the removal of his personal data when:
- personal data are no longer necessary for the purposes for which they were collected or for which they were processed,
- withdrew a specific consent to the extent that personal data was processed based on the User's consent,
objected to the use of their data for marketing purposes,
- personal data has been processed unlawfully,
- personal data must be deleted in order to comply with a legal obligation provided for in Union law or the law of a Member State to which the Administrator is subject;
- personal data has been collected in connection with offering information society services,
c) despite the User's request to delete personal data in connection with raising an objection or withdrawing consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfill a legal obligation requiring processing under Union law or the law of a Member State to which the Administrator is subject,
d) deletion of personal data or cessation of their processing by the Administrator may result in the inability to provide services provided via the Website or limit the possibility of using the functionality of the Online Store.
IV. Consent to the processing of personal data and the right to withdraw consent based on art. 7. sec. 3 GDPR
- By accepting statements placed by the Administrator in interactive forms available on the Online Store website, the Customer / User agrees to the processing of their data for specific purposes,
- The Customer / User has the option of consenting to the processing of his data for additional purposes by accepting the optional statements proposed in the forms available on the Store's website
The customer has the right to withdraw any consent he has given to the Administrator, the withdrawal of consent will take effect from the moment of withdrawal of consent,
- withdrawal of consent will not cause any negative consequences for the Customer, however, it may prevent further use of services or functionalities that, according to the law, the Administrator may only provide with consent,
- withdrawal of consent does not affect the processing of personal data carried out by the Administrator in accordance with the law before its withdrawal.
V. The right to object to data processing pursuant to Article 21 of the GDPR
- The Customer / User has the right to object at any time for reasons related to his particular situation to the processing of his personal data, including profiling, if the Administrator processes personal data based on a legitimate interest,
- the resignation from receiving marketing information regarding products and services sent by the Customer / User in the form of an e-mail means the Customer / User's objection to the processing of his data, including profiling for these purposes,
- if the Administrator has no other legal basis allowing the processing of Customer / User data and the objection turns out to be justified, the personal data against which the objection has been filed will be deleted.
VI. The right to submit a request to limit the processing of personal data pursuant to art. 18 GDPR
The Customer / User has the right to request the restriction of his personal data when:
- questions the correctness of their personal data - the personal data administrator will limit the processing of your personal data for a period of time that allows you to check the correctness of this data,
- the processing of the Customer's / User's personal data is unlawful, and instead of deleting the personal data, the Customer / User requests the restriction of the processing of his personal data,
- the Customer / User's personal data are no longer needed for the purposes of processing, but they are needed to establish, pursue or defend the Customer / User's claims,
- when the Customer / User has objected to the processing of his personal data - then the processing is limited until it is determined whether the legitimate interests of the Personal Data Administrator override the grounds indicated in the Customer / User's objection.
VII. The right to request the transfer of personal data (Article 20 of the GDPR)
The Customer / User has the right to receive from the Administrator his personal data in a structured, commonly used machine-readable format and to send them to another Administrator of personal data.
You can also request that the Personal Data Administrator send the Customer / User's personal data directly to another Administrator (if it is technically possible).
VIII . The customer also has the right to lodge a complaint with the President of the Office for Personal Data Protection in the scope of violation of his rights to the protection of personal data or other rights granted under the GDPR.
§ 7. Cookies policy, operational data and analytics
1. The website uses small files called cookies (cookies), they are saved and stored on the computer or other end device of the Shop's Users and Customers, if the web browser allows it. Cookies usually contain the name of the domain they come from, their storage time on the Device and the assigned value.
2. Cookies are used to optimize the process of using the Store's website, to collect statistical data that allow identifying how Users use the Online Store's website, which allows improving the structure of the Online Store. They are also necessary to maintain the Customer's session after leaving the online store.
3. The administrator uses two types of cookies:
a) Session cookies (temporary): they are stored on the Client's / User's end device and remain there until the end of the browser session. The saved information is then permanently deleted from the device's memory. The session cookie mechanism does not allow for downloading any personal data or any confidential information from the Client's / User's Device.
b) Persistent cookies: they are stored on the Customer's device and remain there until they are deleted. Ending the session of a given browser or turning off the Device does not delete them from the Device of the Client / User. The mechanism of persistent cookies does not allow for downloading any personal data or any confidential information from the Client's / User's Device.
4. The service administrator uses external cookies to:
a) collecting general and anonymous static data via analytical tools: Google Analytics (The cookie administrator is Google LLC based in the United States),
b) popularizing the Online Store using the social networking site www.facebook.com (Administrator of external cookies: Facebook Inc with its registered office in the USA).
5. Google LLC, Facebook Inc are entities from a third country - the United States, which joined the Privacy Shield in order to ensure an adequate level of protection of personal data required by the GDPR.
As part of the agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified by the Privacy Shield.
7. At any time, the customer, using the web browser he uses, may change the settings for cookies, including blocking the possibility of collecting cookies. Such action may make it difficult or impossible to use the services and tools of the Online Store, including making it impossible to place an Order.
9. Some external entities operating as part of the Online Store allow Users to withdraw consent to the collection and use of data by them for the purposes of advertising based on the User's activity. For more information and choices, please visit, for example, the following website: www.youronlinechoices.com . Sharing information about activity on the website of the Online Store with Google Analytics can be blocked using the Google Inc. browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en .
§ 8. Final provisions