1. GENERAL PROVISIONS
1.2. The Administrator of personal data collected by means of the Internet Shop is Sofaroom Marcin Rosiecki Spółka Komandytowa incorporated into the Central Register and Information on Business Activity of the Republic of Poland conducted by the minister competent for the economy, possessing: address of performing the activity and delivery address: ul. Sarmacka 21/57, 02-972 Warszawa, NIP: 9512431038 and address of electronic mail: firstname.lastname@example.org – hereinafter referred to as „Administrator” and being at the same time the Service provider and the Seller.
1.3. Personal data of the Service Recipient and the Client is processed in accordance with the act on protection of personal data of 29th of August 1997 (J. of L. 1997 No. 133, it. 883 as amended) (hereinafter referred to as: Act on protection of personal data) and the act on provision of services by electronic means of 18th of July, 2002 (J. of L. 2002 No. 144, it. 1204 as amended).
1.4. The Administrator takes special diligence to protect the interests of persons to whom data refers and in particular assured that the data collected by him is processed in accordance with the law; collected for the marked purposes, consistent with the law and not provided for further processing with these purposes; correct in contents and adequate in relation to the purposes for which it is processed and stored in the form allowing for identification of persons to whom it refers, no longer than it is necessary to achieve the purposes of processing.
1.5. All words, expressions and acronyms occurring on the site and starting with a capital letter (e.g. Seller, Internet Shop, Electronic Service) one should understand in accordance with their definitions contained in the Regulations of the Internet Shop available on the sites of the Internet Shop.
2. PURPOSE AND SCOPE OF COLLECTING DATA AND THE DATA OF THE RECIPIENT
2.1. Each time the purpose, the scope and the recipient of the data processed by the Administrator results from the activities undertake by the Service Recipient or the Client in the Internet Shop. As an example, if the Client during placing the Order selects the personal collection instead of courier shipment, his/her personal data will be processed for concluding and realizing the Sales Agreement but it is not made available anymore to the carrier realizing the shipment upon the order of the Administrator.
2.2. Possible purposes of collecting personal data of the Service Recipients or the Clients by the Administrator:
2.2.1. concluding and realizing the Sales Agreement or the agreement on the provision of the Electronic Service (e.g. Account). (
2.2.2. direct marketing of one’s own products or the services of the Administrator.
2.2.3. expressing the opinion by the Client on the Sales Agreement concluded.
2.3. Possible recipients of personal data of the Clients of the Internet Shop:
2.3.1. In the event of the Client who uses in the Internet Shop a shipment method by mail or by courier, the Administrator makes the personal data of the Client available to the selected carrier or the agent who realizes the shipment upon the order of the Administrator.
2.3.2. In the event of the Client who uses in the Internet Shop the method of electronic payment or payment card, the Administrator makes the collected personal data of the Client available to the selected entity servicing the above payments in the Internet Shop.
2.3.3. In the event of the Client who agreed to express the opinion on the Sales Agreement concluded, the Administrator makes available the Client’s personal data to the selected entity servicing the system of survey assessing the Sales Agreements concluded in the Internet Shop.
2.4. The Administrator may process the following personal data of the Service Recipients or the Clients using the Internet Shop: name and surname; address of the electronic mail; contact telephone number; delivery address (street, house number, flat number, postal code, town, country), address of residence/conducting business activity/seat (if different than the delivery address). In case of Service Recipients or Clients not being consumers, the Administrator may process additionally the name of the company and Tax ID number (NIP) of the Service Recipient or the Client.
2.5. Providing personal data referred to in point above, may be necessary to conclude and realize the Sales Agreement or the agreement to provide Electronic Service in Internet Shop. Each time the scope of the data required to conclude the agreement is previously indicated on the site of the Internet Shop and in the Regulations of the Internet Shop.
3. COOKIES AND EXPLOITATION DATA
3.1. Cookies file is a small text information in the form of text files, sent by the server and recorded on the site of the person who visits the site of the Internet Shop (e.g. hard disc of the computer, laptop or on the smart phone memory card – depending on which device is used by visitor of the Internet Shop). Detailed information on Cookies as well the history of their creation may be found, inter alia, here: http://pl.wikipedia.org/wiki/Ciasteczko.
3.2. The Administrator may process the data contained in Cookies during using the sites of the Internet Shop by the visitors for the following purposes:
3.2.1. identifying the Service Recipient as the persons logged onto the Internet Shop and showing that they are logged on;
3.2.2. memorizing the Products added to the car for placing the Order;
3.2.3. memorizing the data from the data filled in the Order Form, survey or the data used to log onto the Internet Shop;
3.2.4. adjusting the contents of the site of the Internet Shop to individual preferences of the Service Recipient (e.g. concerning colors, size of font, arrangement of the site), and optimizing the usage of the sites of the Internet Shop np.;
3.2.5. conducting anonymous statistics presenting the method of using the site of the Internet Shop.
3.3. As a standard, a majority of search engines available on the market accepts recording Cookies by default. Everyone has a possibility to define the conditions of using Cookies by means of settings of their own search engine. It means that one may limit partially, for example (e.g. temporarily) or completely switch off the possibility to record Cookies – in the latter case however it may have an influence on some functionalities of the Internet Shop (as an example, going through the Order path through the Order Form due to fact that Products are not memorized in the cart during the next stages of placing the Order).
3.4. Settings of the search engine in the scope of the Cookies files are significant from the point of view of the consent for using the Cookies files by our Internet Shop – in accordance with the provisions such a consent may also be expressed by means of settings of the search engine. In case of failing to express such a consent alternatively change the settings of the search engine properly in the scope of the Cookies files.
3.5. Detailed information on changing the settings concerning the Cookies files and their independent removal in the most popular search engines is available in the department of help of the search engine and on the sites below (it is enough to click in a given link):
in search engine Chrome
in search engine Firefox
in search engine Internet Explorer
in search engine Opera
in search engine Safari
3.6. The Administrator processes also anonymized exploitation data connected with using the Internet Shop (IP address, domain) to generate auxiliary statistics in administering the Internet Shop. The data is of collective and anonymous nature, i.e. does not contain identification features of the person visiting the site of the Internet Shop. This data is not disclosed to third persons.
4. BASIS TO PROCESS DATA
4.1. Providing the personal data by the Service Recipient or the Client is voluntary, however failing to provide the personal data indicated on the site of the Internet Shop and the in the Regulations of the Internet Shop necessary to conclude and realize the Sales Agreement or the agreement to provide the Electronic Service results in the lack of possibility to conclude this agreement.
4.2. The basis to process personal data of the Service Recipient or the Client is the necessity to realize the agreement, to which it is a party or start the activities before its concluding upon his demand. In case of processing for direct marketing of their own products or the services of the Administrator the basis for such processing is (1) a prior consent of the Service Recipient or the Client or (2) fulfilling the justified purposes realized by the Administrator in legal terms (in accordance with art. 23 it. 4 of the Act on protection of personal data a legally justified purpose is considered to be in particular a direct marketing of one’s own products or services of the Administrator).
4.3. In case of processing data for expressing the opinion by the Client on the Sales Agreement the basis of such processing the consent of the Service Recipient or the Client.
5. THE RIGHT TO CONTROL, ACCESS TO TEXT OF THEIR DATA AND CORRECT IT
5.1. The Service Recipient or the Client shall have the right to their personal data and correct it.
5.2. Each person shall be entitled to control processing data, which refers to them contained in the set of the data of the Administrator and especially the right to: demand to have the personal data supplemented, updated, corrected, of temporary or permanent nature, to have its processing withheld or removed, if it is incomplete, invalid, untrue or was collected with the infringement of the act or it is necessary to realize the purpose for which it was collected.
5.3. In case of providing the consent by the Service Recipient or the Client for processing data for direct marketing of one’s own products or the services of the Administrator the consent may be recalled at any time. .
6. FINAL PROVISIONS
6.2. The Administrator uses technical and organizational means assuring the protection of personal data processed with the protection proper to the threats and the data category and in particular secures the data against making it available to the unauthorized persons, collecting by the unauthorized person, processing with infringement of the applicable law provisions and the change, loss, damage or destruction.
6.3. The Administrator respectively makes the following technical means available preventing from obtaining and modifying the personal data by the unauthorized persons by electronic means.
6.3.1. Securing the set of data against unauthorized access.
6.3.2. Access to the Account only after providing individual login and password.
6.3.3. SSL Certificate