Website privacy policy www.bechtold.pl
-
GENERAL PROVISIONS
- The Controller of the personal data collected through the www.bechtold.pl website is Magdalena Bechtold operating a business under the name Bechtold&CO Magdalena Bechtold, business address: Jana 17, 91-350 Łódź, address for delivery: Liściasta 17, 91-357 Łódź, NIP: 7261249558, REGON: 472872616, registered in the Central Business Register and Information, e-mail address: bechtold@bechtold.pl, hereinafter referred to as the “Controller”, who is, at the same time, the Service Provider., place of business: Jana 17, 91-350 Łódź, address for delivery: Liściasta 17, 91-357 Łódź, NIP: 7261249558, REGON: 472872616, electronic mail address (e-mail): bechtold@bechtold.pl, hereinafter referred to as the “Controller”.
- Personal data collected by the Controller through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, and the Data Protection Act of 10 May 2018.
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes personal data via www.bechtold.pl if:
the user used the contact form.
Personal data are processed on the basis of Art.
6(1)
(f) of GDPR as a legitimate interest of the Controller.
the user subscribed to the Newsletter, in order to send them commercial information via e-mail.
Personal data are processed upon separate consent, pursuant to Art.
6
(1)(a) of GDPR.
your personal data has been handed over to ING Bank Śląski S.A. (the “Bank”) in connection with:
the Bank’s provision of infrastructure for the Online Store for handling payments via the Internet (legal basis: Article 6(1)(f) of the Regulation).
processing and settlement by the Bank of payments made by customers of the Online Store via the Internet using payment instruments (legal basis: Article 6(1)(f) of the Regulation).
in order for the Bank to verify the proper performance of agreements concluded with the Online Store, in particular to ensure the protection of payers’ interests in connection with their complaints (legal basis: Article 6(1)(f) of the Regulation).
your personal data is handed over to Twisto Polska sp.
z o.o. in connection with the possibility of Twisto Polska sp.
z o.o. offering to pay for the purchased goods or services within the framework of the contract of mandate covering the “Kup z Twisto” [“Buy with Twisto”] purchase formula and making that purchase formula available at the Online Store, as well as for the purpose of verification by Twisto Polska Sp.
z o.o. of the proper performance of such contracts of mandate (legal basis: Article 6(1)(f) of the Regulation).
In addition to the purposes set forth in paragraph
1 (primary purpose), the Controller may process your personal data for other lawful purposes (secondary purpose) when the primary and secondary purposes are closely related.
As part of such processing, the Controller, acting pursuant to Art.
6
(1)(f) of the Regulation, provides for the processing of personal data also for secondary purposes.
The processing of your personal data for the purposes set out in paragraph
2 and in paragraph
3 will occur in connection with the existence of a legitimate interest pursued by the Controller.
TYPE OF PERSONAL DATA PROCESSED.
The Controller processes the following categories of your personal data:
Name,
Address (residence),
E-mail address,
Phone number,
ARCHIVING PERIOD FOR PERSONAL DATA.
Users’ personal data are stored by the Controller:
where the basis for data processing is the performance of an agreement, for as long as it is necessary for the performance of the agreement, and thereafter for a period corresponding to the statute of limitations.
Unless otherwise provided by a specific provision, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business activity – three years.
where the basis for data processing is consent, for as long as the consent is not revoked, and after the revocation of consent, for a period of time corresponding to the statute of limitations for claims which the Controller may assert and which may be asserted against them.
Unless otherwise provided by a specific provision, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business activity – three years.
When you use the website, additional information may be collected, in particular: the IP address assigned to your computer or the external IP address of your Internet provider, domain name, browser type, access time, type of operating system.
We may also collect navigational data from users, including information about the links and references they choose to click on or other actions they take on the website.
The legal basis for such activities is the legitimate interest of the Controller (Article 6(1)(f) of GDPR), which is to facilitate the use of services provided electronically and to improve the functionality of these services.
The provision of personal data by the user is voluntary.
Personal data will also be processed by automated means in the form of profiling, provided that you have given your consent pursuant to Art.
6
(1)(a) of GDPR.
As a consequence of profiling, a profile will be assigned to the user for the purpose of making decisions regarding that user or to analyze or predict that user’s preferences, behaviors, and attitudes.
The Controller shall take special care to protect the interests of data subjects, and in particular shall ensure that the data collected by them are:
processed in accordance with the law,
collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes,
substantially correct and adequate in relation to the purposes for which they are processed and stored in a form which enables identification of data subjects for no longer than it is necessary to achieve the purpose of processing.
MAKING PERSONAL DATA AVAILABLE
Users’ personal data are handed over to the service providers used by the Controller to operate the website.
Service providers to whom personal data are handed over, depending on contractual arrangements and circumstances, are either subject to the Controller’s instructions as to the purposes and means of processing such data (processors) or determine the purposes and means of processing themselves (controllers).
PARTNERS{gid_1}In connection with the processing of personal data for the purposes set out in paragraphs
3 and 4, your personal data may be made available by the Controller to other recipients or categories of recipients of personal data, which may be:
ING Bank Śląski S.A.
Twisto Polska sp.
z o.o.
If you provide your personal data in order for it to be handed over to Twisto Polska sp.
z o.o. before concluding a sale agreement for goods (or services) purchased from the Controller, the handover of such data is a condition for concluding a sale agreement in connection with the business model adopted by the Online Store.
If you provide your personal data to the Bank in connection with the handling and settlement of payments made by you to the Controller via the Internet using payment instruments, you will be required to provide your data in order to execute the payment and provide confirmation of its execution by the Bank to the Controller.
In the case of handing over your personal data to the Bank in order for the Bank to verify proper execution of agreements concluded with the Controller, in particular to ensure protection of payers’ interests in connection with their complaints, providing this data is required in order to enable the execution of the agreement concluded between the Online Store and the Bank.
In case of handing over your personal data to Twisto Polska sp.
z o.o. in connection with the possibility of Twisto Polska sp.
z o.o. offering to pay the price for the goods or services purchased by you within the framework of contract of mandate covering the “Kup z Twisto” [“Buy with Twisto”] purchase formula and making that formula available by the Controller, providing those data and processing them for that purpose is required in connection with the business model adopted by the Controller and in order to realize the contract concluded between the Controller and Twisto Polska Sp.
z o.o.
Your personal data are stored only within the European Economic Area (EEA).
THE RIGHT TO CONTROL, ACCESS, AND RECTIFY YOUR OWN DATA
The data subject has the right to access the content of their personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
The legal basis for the user’s request:
Access to data – Art.
15 of GDPR
Rectification of data – Art.
16 of GDPR.
Deletion of data (so-called right to be forgotten) – Art.
17 of GDPR.
ID: wpml_trans_unit_1_0_1_3_1_1_1_2_2
Limitation of processing – Art.
18 of GDPR.
Transfer of data – Art.
20 of GDPR.
Objection – Art.
21 of GDPR
Withdrawal of consent – Art.
7
(3) of GDPR.
In order to exercise the rights referred to in Section 2, you may send an e-mail to the following address: bechtold@bechtold.pl.
If a user makes a claim based on the above rights, the Controller shall comply with the claim or refuse to comply with it immediately, but no later than within one month after receiving it.
However, if – due to the complexity of the request or the number of requests – the Controller is not able to fulfill the request within one month, they will fulfill the request within another two months, having informed the user about the intended extension of the deadline and the reasons for it within one month of receiving the request.
If it is determined that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection.
COOKIES
The Controller’s website uses cookies.
The installation of cookies is necessary for the proper provision of services on the website.
Cookies contain information necessary for the proper functioning of the website, and they also provide the possibility to compile general statistics on website visits.
The website uses session cookies and persistent cookies
Session cookies are temporary files that are stored on the user’s end device until they log out (leave the site).
Persistent cookies are stored on the user’s end device for the time specified in the parameters of the cookies or until they are deleted by the user.
The Controller uses their own cookies to better understand how the user interacts with the site content.
Cookies collect information about the way a user uses the website, the type of website from which the user was redirected, and the number of visits and the length of the user’s visit to the website.
This information does not record specific personal data of the user, but is used to compile statistics about the use of the site.
The user has the right to decide on the access of cookies to their computer by selecting them in advance in their browser window.
Detailed information about the possibility and methods of using cookies is available in your software (web browser) settings.
FINAL PROVISIONS
The Controller shall apply technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and categories of data protected, and in particular to protect the data against disclosure to unauthorized persons, against appropriation by an unauthorized person, against processing in violation of the applicable regulations, and against alteration, loss, damage, or destruction.
The Controller provides appropriate technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
In matters not regulated by this Privacy Policy, the provisions of GDPR and other relevant provisions of Polish law shall apply respectively.