Filipek Wood online store privacy policy

I. Definitions

  1. Administrator - business activity under the name FilipekWood Tomasz Filipek, registered in the Central Register of Business Activity and Information (CEIDG) maintained by the competent minister of economy, NIP 5130273992, REGON 389945390.
  2. Personal data - information about a natural person identified or identifiable by one or more specific factors that determine physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, Internet identifier and information collected through cookies and other similar technology.
  3. Policy - this Privacy Policy.
  4. RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  5. Service - the Internet service run by the Administrator at www.filipekwood.pl
  6. User - a natural person visiting the Site or using one or more of the services or functionalities described in the Policy, whose personal data is processed by the Administrator.

II .Processing of data by the controller in connection with the use of the site

  1. In connection with the User's use of the Website, the Administrator collects and processes Personal Data in accordance with the relevant provisions of the law, including in particular the RODO, to the extent necessary to provide the individual services offered, as well as information about the User's activity on the Website. Section IV describes the detailed principles and purposes of processing Personal Data collected during the User's use of the Website.
  2. The Administrator ensures transparency in the processing of Personal Data, in particular, always informs about the processing of data at the time of collection, including the purpose and legal basis for processing (e.g. when concluding a contract for the sale of goods or services). The Administrator shall ensure that the data is collected only to the extent necessary for the stated purpose and processed only for the period of time necessary.
  3. When processing Personal Data, the Administrator shall ensure its security and confidentiality, as well as access to information about the processing to data subjects. Should a breach of the protection of Personal Data (e.g., data "leakage" or loss) occur despite the security measures in place, the Administrator will inform Users of such an event in a manner consistent with the regulations.

III. Security of personal data

  1. The Administrator conducts a risk analysis on an ongoing basis to ensure that Personal Data is processed by the Administrator in a secure manner - ensuring, first and foremost, that only authorized persons have access to the data and only to the extent necessary due to the tasks they perform. The Administrator ensures that all operations on Personal Data are recorded and performed only by authorized employees and associates.
  2. The Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide guarantees to apply appropriate security measures whenever they process Personal Data on behalf of the Administrator.
  3. The Administrator conducts an ongoing analysis of the risks associated with the processing of Personal Data and monitors the adequacy of the data security measures applied to the identified risks. If necessary, the Administrator implements additional measures to enhance data security.

IV. Celects and legal grounds for processing data on the site

  1. Use of the Service
    1. Personal data of all persons using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies), and who are not registered Users (i.e. persons who do not have a profile on the Service), are processed by the Administrator:
      1. for the purpose of providing services electronically in the scope of providing Users with access to the content collected on the Website - then the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) RODO);
      2. for analytical and statistical purposes, in which case the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting of conducting analyses of Users' activities, as well as their preferences in order to improve the functionalities used and services provided;
      3. for the purpose of possible establishment and investigation of claims or defense against claims - the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting in the protection of its rights;
      4. for marketing purposes of the Administrator and other entities, in particular related to the presentation of behavioral advertising - the principles of processing Personal Data for marketing purposes are described in Section IX.
    2. The User's activity on the Service, including his/her Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities that relate to the computer system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Administrator also processes them for technical, administrative purposes, for the purpose of ensuring the security of the IT system and the management of this system, as well as for analytical and statistical purposes - in this regard, the legal basis for processing is the Administrator's legitimate interest (Article 6(1)(f) RODO).
  2. Registration on the Site
    1. Those who register on the Website are asked to provide the data necessary to create and operate an account. In order to facilitate the service, the User may provide additional data, thereby consenting to its processing. Such data can be deleted at any time. Provision of data marked as mandatory is required to create and operate an account, and failure to provide such data will result in the inability to create an account. Provision of other data is voluntary.
    2. Personal data is processed:
      1. in order to provide services related to the maintenance and operation of an account on the Website - the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) RODO);
      2. for analytical and statistical purposes - the legal basis of the processing is the Administrator's legitimate interest (Article 6(1)(f) RODO), which consists in conducting analyses of Users' activity on the Website and the way they use their account, as well as Users' preferences in order to improve the applied functionalities;
      3. for the purpose of possible establishment and investigation of claims or defense against claims - the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting in the protection of its rights;
      4. for marketing purposes of the Administrator and other entities - the principles of processing Personal Data for marketing purposes are described in Section IX.
    3. If the User posts any Personal Data of other persons (including their name, address, telephone number or e-mail address) on the Service, he/she may do so only under the condition that he/she does not violate the laws and personal rights of such persons.
  3. Placing orders
    1. Placing an order (purchase of products) by a User of the Website involves the processing of his/her Personal Data. Provision of data marked as mandatory is required in order to accept and process the order, and failure to provide such data will result in failure to process the order. Provision of other data is voluntary.
    2. Personal data is processed:
      1. for the purpose of processing a submitted order - the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) RODO);
      2. in order to carry out statutory obligations incumbent on the Administrator, arising in particular from tax and accounting regulations - the legal basis for processing is a legal obligation (Article 6(1)(c) RODO);
      3. for analytical and statistical purposes - the legal basis of the processing is the Administrator's legitimate interest (Article 6 (1) (f) RODO), consisting of conducting analysis of Users' activity on the Website, as well as Users' shopping preferences in order to improve the applied functionalities;
      4. for the purpose of possible establishment and investigation of claims or defense against claims - the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting in the protection of its rights.
  4. Contact forms
    1. The Administrator provides the possibility to contact him using electronic contact forms. Using the form requires providing Personal Data necessary to contact the User and respond to the inquiry. The User may also provide other data in order to facilitate contact or service the inquiry. Provision of data marked as mandatory is required in order to accept and service the inquiry, and failure to provide such data will result in the impossibility of service. Provision of other data is voluntary.
    2. Personal data is processed:
      1. in order to identify the sender and handle his/her inquiry sent through the form provided - the legal basis for processing is the necessity of processing to perform the service contract (Article 6(1)(b) RODO); with regard to data provided optionally, the legal basis for processing is consent (Article 6(1)(a) RODO).
  5. Email and traditional correspondence
    1. In the case of directing to the Administrator via e-mail or traditional correspondence unrelated to the services provided to the sender, another contract concluded with the sender, or otherwise unrelated to any relationship with the Administrator, the personal data contained in such correspondence is processed solely for the purpose of communication and resolution of the matter to which the correspondence relates.
    2. The legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting of correspondence addressed to it in connection with its business activities.
    3. The Administrator processes only Personal Data relevant to the matter to which the correspondence relates. All correspondence is stored in a manner that ensures the security of the Personal Data (and other information) contained therein and is disclosed only to authorized persons.
  6. Phone contact
    1. When contacting the Administrator by telephone, on matters unrelated to the concluded contract or the services provided, the Administrator may request Personal Data only if it is necessary to handle the matter to which the contact relates. The legal basis in such a case is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting of the need to resolve the reported matter related to its business activity.
    2. Personal data obtained during a phone call are processed:
      1. for purposes related to servicing customers and clients via a hotline, if the Administrator provides such a service - the legal basis for processing is the necessity of processing to provide the service (Article 6(1)(b) RODO);
      2. for analytical and statistical purposes - the legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the DPA), consisting of statistical analysis of telephone communications.
  7. Collection of data in connection with the provision of services or performance of other contracts
    1. In the case of collection of data for purposes related to the performance of a specific contract, the Administrator shall provide the User with detailed information regarding the processing of his/her personal data at the time of entering into the contract, or at the time of obtaining personal data in case the processing is necessary for the Administrator to take action at the User's request, prior to entering into the contract.
  8. Data collection in other cases
    1. In connection with its operations, the Administrator also collects Personal Data in other cases - e.g. by building and using lasting mutual business contacts (networking) during business meetings, at industry events or by exchanging business cards - for the purposes of initiating and maintaining business contacts. The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) of the DPA), consisting of networking in connection with its business activities.
    2. Personal data collected in such cases are processed only for the purpose for which they were collected, and the Administrator shall ensure their adequate protection.

V. Recipients of data

  1. In connection with the performance of services, Personal Data will be disclosed to external entities, including, in particular, suppliers responsible for the operation of IT systems, entities such as banks and payment operators, couriers (in connection with the execution of the order), entities providing legal or accounting services, and marketing agencies (for marketing services)j.
  2. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who make a request for such information, relying on the relevant legal basis and in accordance with the provisions of the applicable law.

VI. Transfers of data outside the EEA

  1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:
    1. Cooperation with processors of Personal Data in countries for which a relevant decision of the European Commission has been issued regarding the determination of ensuring an adequate level of protection of Personal Data;
    2. Use of standard contractual clauses issued by the European Commission;
    3. application of binding corporate rules approved by the relevant supervisory authority;
    4. in the case of data transfers to the U.S., cooperation with entities participating in the Privacy Shield program (Privacy Shield), approved by a decision of the European Commission.
  2. The Administrator always informs about its intention to transfer Personal Data outside the EEA at the stage of collection.

VII. Period of personal data processing

  1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. The period of data processing may also result from regulations when they are the basis for processing. When the basis for processing is the necessity to conclude and perform a contract, the data are processed until the termination of the contract. As a general rule, data are processed for the duration of the provision of the service or the execution of the order, until the withdrawal of the consent given or the filing of an effective objection to data processing in cases where the legal basis for data processing is the legitimate interest of the Administrator. If the data is processed on the basis of the legitimate interest of the Administrator (e.g. for security reasons), the data is processed for the period of time that enables the fulfillment of this interest or until an effective objection to data processing is raised. If processing is based on consent, data are processed until the consent is withdrawn.
  2. The processing period may be extended if the processing is necessary for the establishment and assertion of possible claims or defense against claims, and thereafter only if and to the extent required by law. After the expiration of the processing period, the data shall be irreversibly deleted or anonymized.

VIII. Rights related to the processing of personal data

  1. Users' rights
    1. Users have the following rights:
      1. The right to information about the processing of personal data - on this basis, the Administrator provides the individual making the request with information about the processing of data, including, in particular, the purposes and legal grounds for processing, the scope of the data held, the entities to which they are disclosed, and the planned date of deletion;
      2. The right to obtain a copy of the data - on this basis, the Administrator provides a copy of the processed data concerning the individual making the request;
      3. The right to rectification - the Administrator is obliged to remove any inconsistencies or errors in the processed Personal Data and complete it if it is incomplete;
      4. The right to erasure - on this basis, you can request the erasure of data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected;
      5. The right to restrict processing - if such a request is made, the Administrator shall cease performing operations on Personal Data - with the exception of operations consented to by the data subject - and their storage, in accordance with the retention rules adopted, or until the reasons for restricting processing cease to exist (e.g., a decision is issued by a supervisory authority authorizing further processing);
      6. The right to data portability - on this basis - to the extent that the data are processed by automated means in connection with a contract concluded or consent given - the Administrator shall issue the data provided by the data subject in a computer-readable format. It is also possible to request that the data be sent to another entity, provided, however, that there are technical capabilities in this regard both on the part of the Administrator and the designated entity;
      7. The right to object to processing for marketing purposes - You may object to the processing of Personal Data for marketing purposes at any time, without having to justify such objection;
      8. The right to object to other purposes of data processing - the User may object at any time - for reasons related to his/her particular situation - to the processing of Personal Data that is carried out on the basis of the legitimate interests of the Administrator (e.g. for analytical or statistical purposes or for reasons related to property protection); the objection in this regard should contain a justification;
      9. The right to withdraw consent - if the data is processed on the basis of the consent you have given, you have the right to withdraw it at any time, which, however, does not affect the legality of the processing carried out before the withdrawal;
      10. The right to complain - if the User believes that the processing of Personal Data violates the provisions of the RODO or other regulations concerning the protection of Personal Data, the User may file a complaint with the supervisory authority for the processing of Personal Data, which has jurisdiction over the User's habitual residence, place of work or place where the alleged violation was committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.
  2. Making demands related to the exercise of rights
    1. A request for the realization of Users' rights can be made:
      1. in writing to the address: 93 Central Street, 32-048 Jerzmanowice;
      2. by e-mail to: kontakt@filipekwood.pl
    2. If the Administrator is unable to identify an individual on the basis of the submitted request, it will ask the applicant for additional information. It is not mandatory to provide such data, but failure to do so will result in denial of the request.
    3. The request may be made in person or through a proxy (e.g., a family member). For reasons of data security, the Administrator encourages the use of a power of attorney in a form certified by a notary public or authorized legal counsel or attorney, which will significantly speed up the verification of the authenticity of the request.
    4. The application should be responded to within one month of receipt. If it is necessary to extend this period, the Administrator shall inform the applicant of the reasons for this action.
    5. In the case where the request is addressed to the Administrator electronically, the response shall be provided in the same form, unless the requester has requested a response in another form. In other cases, the response shall be provided in writing. If the timing of the request makes it impossible to respond in writing, and the extent of the applicant's data processed by the Administrator makes it possible to contact him electronically, the response shall be provided electronically.
    6. The Administrator shall store information regarding the request made and the person who made the request, in order to ensure that compliance can be demonstrated and for the purpose of establishing, defending or asserting possible claims of the Users. The register of requests is stored in a manner that ensures the integrity and confidentiality of the data contained therein.
  3. Rules for charging
    1. The processing of submitted applications is free of charge. Fees may be charged only in the case of:
      1. make a request for the second and each subsequent copy of the data (the first copy of the data is free of charge); in this case, the Administrator may require payment of a fee. The above fee includes the administrative costs of processing the request;
      2. submission of excessive (e.g., unusually frequent) or manifestly unreasonable requests by the same person; in such a case, the Administrator may require payment of a fee. The aforementioned fee includes the costs of conducting the communication and the costs associated with taking the requested action;
      3. If the decision to impose a fee is disputed, the data subject may file a complaint with the supervisory authority for the processing of Personal Data. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.

IX. Marketing

  1. Implementation of marketing activities
    1. The Administrator processes Users' Personal Data in order to carry out marketing activities, which may consist of:
      1. displaying marketing content to the User that is not tailored to the User's preferences (contextual advertising);
      2. displaying marketing content to the User that corresponds to the User's interests (behavioral advertising);
      3. targeting e-mail notifications of interesting offers or content, which in some cases contain commercial information (newsletter service);
      4. carrying out other activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
    2. In order to carry out marketing activities, the Administrator uses profiling in some cases. This means that through automatic data processing, the Administrator evaluates selected factors about Users in order to analyze their behavior or create a forecast for the future. This allows the content displayed to be better tailored to the individual preferences and interests of the User.
  2. Contextual advertising
    1. The Administrator processes Users' Personal Data for marketing purposes in connection with directing contextual advertising (i.e. advertising that is not tailored to the User's preferences) to Users. The processing of Personal Data then takes place in connection with the realization of the Administrator's legitimate interest (Article 6(1)(f) of the RODO).
  3. Behavioral advertising
    1. The Administrator and its trusted partners process Users' Personal Data, including Personal Data collected through cookies and other similar technologies, for marketing purposes in connection with targeting Users with behavioral advertising (i.e., advertising that is tailored to the User's preferences).
    2. Processing of Personal Data also includes profiling of Users.
  4. Newsletter
    1. The administrator provides a newsletter service. Provision of data is required to provide the newsletter service, and failure to do so will result in the inability to send the newsletter. This form of communication with the User may include profiling.
    2. Personal data is processed:
      1. for the purpose of providing the newsletter mailing service - the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) of the DPA);
      2. in the case of directing marketing content to the User as part of a newsletter - the legal basis for processing, including with the use of profiling, is the legitimate interest of the Administrator (Article 6(1)(f) RODO) in connection with the consent to receive the newsletter;
      3. for analytical and statistical purposes - the legal basis for processing is the Administrator's legitimate interest, (Art. 6 (1) (f) RODO), consisting in conducting analyses of Users' activity on the Website in order to improve the applied functionalities;
      4. for the purpose of possible establishment and investigation of claims or defense against claims - the legal basis of the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting in the protection of its rights.

X. Social networks

  1. The Administrator processes Personal Data of Users visiting the Administrator's profiles maintained on social media (Facebook, YouTube, Twitter, Google+). This data is processed in connection with the running of the profile, including for the purpose of informing Users about the Administrator's activities and promoting various events, services and products. The legal basis for the Administrator's processing of Personal Data for this purpose is its legitimate interest (Article 6(1)(F) of the DPA) in promoting its own brand.

XI. Posting of comments

  1. The Administrator provides the ability to post comments on the Website. Providing data in the fields marked as "required field" is voluntary, but failure to do so will result in the inability to post a comment. The provided e-mail address will not be visible to other Users
  2. Personal data is processed:
    1. in order to publish a comment as part of the functionality provided by the Administrator - the legal basis for processing is the necessity of processing to provide the service (Article 6(1)(b) of the DPA);
    2. for the purpose of comment moderation (including the elimination of spam) - in which case the legal basis for the processing is the Administrator's legitimate interest (Article 6(1)(f) RODO), consisting in approving comments added by Users and making them public.

XII. Cookies and other technology

  1. Cookies information
    1. The website uses cookies.
    2. Cookies are small text files installed on the User's device when browsing the Website. Cookies collect information that facilitates the use of the website - for example, by remembering the User's visits to the Website and the activities performed by him.
    3. The entity placing cookies on the User's terminal equipment and accessing them is the operator of the Website.
    4. Cookies are used for the following purposes:
      1. creation of statistics that help to understand how visitors to the Website use the websites, which allows to improve their structure and content;
      2. Maintain the User's session (after logging in), thanks to which the User does not have to re-enter his/her login and password on each sub-page of the Internet Shop;
      3. To determine the User's profile in order to display tailored materials to the User on advertising networks, in particular the Google network.
    5. The Service uses two main types of cookies: "session" (session cookies) and "permanent" (persistent cookies). "Session" cookies are temporary files that are stored on the User's terminal equipment until the User logs out, leaves the website or shuts down the software (web browser). "Permanent" cookies are stored on the User's end device for the time specified in the parameters of the cookies or until they are deleted by the User.
    6. Cookies placed on the User's end device and used may also be used by advertisers and partners cooperating with the Website.
    7. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the User's use of the Website. For this purpose, they may retain information about the User's navigation path or the time they stay on a given page.
    8. With regard to information about User preferences collected by the Google advertising network, the User can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/.
  2. Cookies ,,service"
    1. The Administrator uses so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of such services. In this regard, the Administrator and other entities providing analytical and statistical services to the Administrator use cookies to store information or access information already stored in the User's telecommunications end device (computer, phone, tablet, etc.). Cookies used for this purpose include:
      1. cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
      2. multimedia player session cookies (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
      3. Persistent cookies used to personalize the user interface for the duration of the session or slightly longer (user interface customization cookies).
  3. Cookies ,,marketing"
    1. The Administrator and its trusted partners also use cookies for marketing purposes, including in connection with targeting Users with behavioral advertising. For this purpose, the Administrator and its trusted partners store information or access information already stored on the User's telecommunications end device (computer, phone, tablet, etc.).
  4. Social media
    1. The administrator has implemented buttons and content from Facebook and Instagram in the Service. These solutions use code snippets from Facebook and Instagram. This code includes cookies. The buttons can collect and process certain information, in order to display behavioral advertising. Detailed information about what the mentioned social networks do with the data processed using cookies can be found in the privacy documents of these websites. The data obtained in this way is anonymized as soon as there is no longer a need to process it. The legal basis for the Administrator's processing of Personal Data for this purpose is its legitimate interest (Article 6(1)(f) of the DPA) in promoting its own brand. Facebook and Instagram are located in the United States of America.
  5. Managing your cookie settings
    1. The use of cookies for the purpose of collecting data through them, including gaining access to data stored on the User's device, requires the User's consent. This consent may be withdrawn at any time. Restrictions on the use of cookies may affect some of the functionality available on the Website.
    2. Permission is not required only for cookies, the use of which is necessary for the provision of a telecommunications service (data transmission to display content).
    3. Withdrawal of consent for the use of cookies is possible via browser settings. Detailed information on this subject can be found at the following links:
      1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internetexplorer-delete-manage-cookies
      2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka
      3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
      4. Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
      5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB
    4. You can verify the status of your current privacy settings for the browser you are using at any time using the tools available at the links below:
      1. http://www.youronlinechoices.com/pl/twojewybory
      2. http://optout.aboutads.info/?c=2&lang=EN

XIII. Analytical and marketing tools used by the administrator's partners

  1. General information
    1. The Administrator and its Partners apply various solutions and tools used for analytical and marketing purposes. Below you will find basic information about these tools. Detailed information in this regard, on the other hand, can be found in the privacy policy of the respective Partner.
  2. Google Analytics
    1. Google Analytics cookies are files used by Google to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User, nor does it combine this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.
  3. Google AdWords
    1. Google AdWords is a tool that allows us to measure the effectiveness of advertising campaigns implemented by the Administrator, allowing us to analyze such data as keywords and the number of unique users. The Google Adwords platform also allows us to display our ads to people who have visited the Website in the past. Information on Google's data processing for the above service is available at the following link: https://policies.google.com/technologies/ads?hl=pl.
  4. Facebook's pixels
    1. Facebook Pixels is a tool that allows measuring the effectiveness of advertising campaigns implemented by the Administrator on Facebook. The tool allows advanced data analytics to optimize the Administrator's activities also using other tools offered by Facebook. Detailed information on data processing by Facebook can be found at this link: https://plpl.facebook.com/help/443357099140264?helpref=about_content.

XIV. Contact information

  1. Contact with the Administrator is possible through the e-mail address kontakt@filipekwood.pl or the mailing address: FilipekWood, 93 Centralna Street, 32-048 Jerzmanowice.

XV. Changes to the privacy policy

  1. The policy is reviewed on an ongoing basis and updated as necessary.