Polski
Deutsch
Čeština
Русский
1. GENERAL PROVISIONS
1.1. The controller of the personal data is PEFRANO SP. Z O.O. Al. 1000-lecia 2, 32-300 Olkusz entered in the National Court Register, the REGIONAL COURT FOR Krakow-Śródmieście District in Krakow, 12th Commercial Division of the National Court Register, NIP: 6372211311, REGON: 386951360, KRS 0000858590; hereinafter referred to as the Controller, who is the Service Provider of the Online Store and the Seller at the same time.
1.2. The personal data of the Customer shall be processed in accordance with the Personal Data Protection Act of 29 August 1997. (Dz. U. [Journal of Laws] no. 133, item 883 as amended), the Act on Provision of Services by Electronic Means of 18 July 2002. (Dz. U. [Journal of Laws] no. 144, item 1204 as amended) and the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 (GDPR).
1.2.1. In order to provide services via electronic means and to conclude sales contracts, the legal basis for the processing of personal data encompasses Articles 6(1)(a) and (b) of the GDPR.
1.2.2. For the purposes of fulfilling the Controller's legal obligations under generally applicable laws, including tax and accounting laws - the legal basis for the processing of personal data encompasses Article 6(1)(c) of the GDPR
1.2.3. For analytical and statistical purposes – the legal basis for the processing of personal data is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR; the Controller's legitimate interest encompasses the analysis of the performance of their business;
1.2.4. In order to pursue a legitimate interest of the Controller, namely exercising or pursuing claims, as well as the defence against claims - the legal basis for the processing of personal data concerns the legitimate interest of the Controller (Article 6(1)(f) of GDPR).
1.3. The Controller will ensure due care to protect the interests of data subjects, and in particular to ensure that the data collected by them are processed in a lawful manner; collected in line with the specified and legitimate purposes and not processed further in a way incompatible with those purposes; correct and fit for the purposes for which they are processed; stored in a form which permits identification of data subjects for no longer than it is necessary to achieve the purpose of the processing.
1.4. Any words, phrases and acronyms appearing here and written with a capital letter (e.g. Seller, Online Store, Electronic Service) shall be understood in accordance with their definition contained in the Terms and Conditions of the Online Store, available at https://francescopetroni.pl/content/6-regulamin and Section 2.4 of this Privacy Policy.
1.5. The provision of personal data by the Customer is voluntary, although the failure to provide the personal data specified in the Terms and Conditions which are necessary to conclude a Sales Contract or contract for the provision of Electronic Services will result in the refusal to conclude such a contract. The data necessary for the conclusion of a Sales Contract or a contract for the provision of Electronic Services are also indicated each time on the website of the Online Store.
1.6. The personal data of the Customer are processed due to the need to execute the contract to which the Customer is a party or to take steps prior to its conclusion at their express request.
2. PURPOSE AND SCOPE OF DATA COLLECTION
2.1. The purpose of the collection of personal data by the Controller concerns:
2.1.1. entering into, shaping, modifying, execution or termination of the contractual relationship between the Service Provider (Seller) and Service Recipient (Customer) involving the provision of Electronic Services by means of an Online Store or conclusion and execution of a Sales Contract concerning Goods and their delivery to the Customer.
2.2. In the case of Customers who use delivery services, the Controller transfers the collected personal data of the Customers to the extent necessary for the delivery to the selected carrier:
2.2.1. General Logistics Systems Poland Sp. z o.o., Tęczowa 10, Głuchowo,62-052 Komorniki. KRS 0000005009, NIP: PL-785-15-61-831
2.2.2. Inpost SA, Malborska 130, 30-624 Krakow, KRS 0000536554
2.2.3. Poczta Polska S.A., Rodziny Hiszpańskich 8, 00-940 Warsaw, KRS 0000334972
2.2.4. Furgonetka Spółka z ograniczoną odpowiedzialnością Sp. k., Inżynierska 8, 03-422 Warsaw, KRS 0000694708
2.2.5. INPOST EXPRESS SPÓŁKA Z O.O. Malborska 130,30-624 Krakow, KRS 0000543759
2.2.6. INPOST PACZKOMATY SP.Z O.O., KRS 0000418380
2.2.7. "RUCH" S.A., Chłodna 52, 00-872 Warsaw; KRS 0000020446
2.3. In the case of Customers who use electronic or credit card payments, the Controller shall transfer the collected personal data of the Customers only to the intermediary selected by the Customer and only to the extent that is necessary for the Customer to conclude the payment process. The intermediary used by the Online Store is:
2.3.1. DialCom24 Group — operator of the PRZELEWY24 online payment system, which operates as a settlement agent, running an authorisation and settlement system based on the decision of the President of the National Bank of Poland No. 1/2011 of 01.04.2011 and provides payment services as a domestic payment institution based on the decision of the Financial Supervision Commission dated 10.06.2014, entered in the register of payment services together with DialCom24 Sp. z o.o., a payment agent, under number IP24/2014 (available at https://erup.knf.gov.pl/View/). Address: Kanclerska 15, 60-327 Poznań. NIP 781-173-38-52, REGON 634509164. District Court in Poznań, 8th Commercial Division of the National Court Register, KRS 0000306513, share capital: 1 697 000 PLN
2.4. The Controller processes the following personal data of Service Recipients (Customers): name and surname; e-mail address; phone number; address (street address, apartment number, postal code, city). In case of Customers who are not consumers at the same time, the Controller additionally processes:
company name and tax identification number (NIP).
2.5. Providing personal data referred to in item 2.4. is necessary for the Provider to provide the Services
via the Online Store or to conclude a Sales Contract. In each case, the scope
of the personal data required is also indicated in the Terms and Conditions of the Online Store, as well as before the provision of a given Electronic Service or conclusion of a Sales Contract on the website of the Online Store.
2.6. In addition, recipients of personal data may include:
2.6.1. Providers of information systems and IT services.
2.6.2. On the basis of relevant contracts entrusting the processing of personal data to entities providing the Controller with accounting services, quality of service testing, debt recovery, legal, analytical and marketing services.
2.6.3. Authorities entitled to receive your personal data on the basis of the existing legal framework in place.
2.7. The Controller processes personal data of persons who have “liked” or followed their social media profiles run on popular social networking platforms. The data is processed to enable the running and ongoing management of our profiles, including communicating with the community, organising events and competitions, in line with the functionalities of the individual social media platforms and their terms and conditions. Data of community members is also processed for statistical and analytical purposes and may be processed for the purpose of pursuing and defending against claims. The legal basis for processing your personal data is the legitimate interest of the Seller (Article 6(1)(f) of the GDPR.
2.8. In the case of contacting the Controller by phone, in matters not related to the concluded contract or the services provided, the Seller may require providing personal data only if it is necessary for handling the matter which the contact concerns. In such a case, the legal basis is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting of the necessity to settle the reported matter related to the business.
2.9. In case of e-mail or postal correspondence to the Controller which is not related to the services provided to the Customer or another contract concluded with the Customer, personal data included in the correspondence shall be processed solely for the purpose of communication and settling the matter which the correspondence concerns.
2.10. In the matters, which are not covered by the Terms and Conditions, the provisions of the Polish Civil Code and the relevant acts of Polish law shall apply, along with relevant EU laws, in particular the Regulation (EU) of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (GDPR).
2.11. The Online Store also processes your personal data for the following purposes:
a) transfer your personal data to ING Bank Śląski S.A. (“Bank”) in connection with:
a. Provision by the Bank of an infrastructure for handling online payments to the Online Store (legal basis: Article 6 (1)(f) of the GDPR).
b. Handling and settlement of online payments made by customers of the Online Store using payment instruments (legal basis: Article 6 (1)(f) of the GDPR).
c. For the purpose of verifying proper execution of contracts concluded with the Online Store, in particular to ensure protection of the interests of payers in connection with their complaints (legal basis: Article 6 (1) (f) of the GDPR).
b) the transfer of your personal data to Twisto Polska Sp. z o.o. in connection with the possibility of making payment for the goods or services purchased by Twisto Poland Sp. z o.o. under a contract of mandate which includes a "Buy with Twisto" purchase, making this manner of purchase available in the Online Store, as well as in order for Twisto Polska Sp. z o.o. to verify the proper performance of such contracts of mandate (legal basis: art. 6 (1) (f) of the GDPR).
2.12. In connection with the processing of personal data for the purposes specified in items 3 and 4, your personal data may be made available by the Online Store to other recipients or categories of recipients of personal data, which may include:
a) ING Bank Śląski S.A.
b) Twisto Polska sp. z o.o.
2.13. If the personal data is provided in order to conclude a contract with the Online Store, the provision of your personal data is a condition for concluding this contract. Providing personal data in this situation is voluntary, however, a failure to provide such data renders conclusion of a contract with the Online Store impossible.
Should you provide your personal data to be transferred to Twisto Polska sp. z o.o. before concluding a contract of sale of goods (or services) purchased in the Online Store, transferring this data is a prerequisite for concluding a contract in connection with a business model adopted by the Online Store.
In the case of transferring your personal data to the Bank in connection with the processing and settlement of payments made online to the Online Store using payment instruments, providing this data is required in order to execute the payment and transfer the confirmation of its execution by the Bank to the Online Store.
In the case of transferring your personal data to the Bank in order for the Bank to verify the proper performance of contracts concluded with the Online Store, in particular to ensure the protection of payers’ interests in connection with their complaints, providing this data is required in order to enable the performance of the contract concluded between the Online Store and the Bank.
In case of transferring your personal data to Twisto Polska sp. z o.o. in connection with the possibility of making payment for the goods or services purchased by Twisto Poland Sp. z o.o. under a contract of mandate which includes a "Buy with Twisto" purchase, making this manner of purchase available in the Online Store, the transfer of the data and their processing is required in connection with the business model adopted by the Online Store and in order to carry out the contract concluded between the Online Store and Twisto Polska Sp. z o.o.
The legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), comprising the correspondence addressed to it in connection with its business activities.
The Controller shall only process personal data relevant to the matter which the correspondence concerns. All correspondence shall be stored in a manner that ensures the security of the personal data and other information contained therein and shall only be disclosed to authorised persons.
3. USAGE DATA
3.1. The Service Provider also collects usage data (so-called logs, including IP addresses and domains), which are stored for an indefinite period of time and used to generate statistics in order to ensure proper administration of the Online Store.
These data have an aggregate and anonymous nature, in other words they do not contain any identifying characteristics of Online Store visitors. No logs are disclosed to third parties.
The Online Store does not collect any data in an automatic manner, with the exception of the data contained in cookie files during the use of the Website itself. Cookies are small text files sent by the Online Store and stored on your device, containing certain information related to your use of the Website and the Online Store. Cookies used by the Online Store can be temporary or permanent. Temporary cookies are deleted when you close your browser, while permanent cookies are stored even after you have finished using the Website and are used to store information such as your password or login, making it quicker and easier to use the Website. The online store uses the cookies listed below for the following purposes:
In any case, you may block the storage of cookies or delete permanent cookies by using the appropriate options of your Internet browser. In case of problems, we advise you to consult your browser's help file or contact the developer of the browser you are using.
4. DATA PROCESSING PERIODS
4.1. In the case of personal data processed in order to conclude and perform sales contracts, the data is processed for the time necessary to perform all obligations stemming from the contract.
4.2. In the case of personal data processed for the purpose of providing electronic services to the Customer, the data is processed for the duration of the provision of electronic services to the Customer.
4.3. In the case of personal data processed for the purpose of sending marketing information of the Controller to the Customer, the data is processed until the Customer objects to the processing of personal data for this purpose.
4.4. In the case of personal data processed for analytical and statistical purposes, the data is processed for the duration of the provision of electronic services to the Customer.
4.5. In the case of personal data processed for the purpose of legally justified interest of the Controller, including identification and pursuit of possible claims or defence against claims, the data is processed until the expiry of the statute of limitations for the claims in question. After this period, personal data will be processed only to the extent and for the period required by law, including accounting regulations.
5. RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
5.1. The Customer has the right to access and correct their personal data.
5.2. Every person has the right to control the processing of data to which they are subject, contained in the Controller's filing system.
5.2.1. They can be informed about how and to what extent we process their data.
5.2.2. They may obtain a copy of their personal data.
5.2.2.1. If they request copies of data, we ask for the extent of the data which the copy should include.
5.2.2.2.The Controller may charge a fee for second and subsequent copies and the data subjects will be notified of this.
5.2.2.3. The fee will correspond to the cost of preparing another copy of the personal data in question;
5.2.3. They may request rectification of his data (if it has been incorrectly recorded or if it has changed).
5.2.4. They may request their personal data to be deleted (if there is no basis for the Controller to process them) 5.2.5. They may request the processing to be restricted – if they would like the controller to process their data only to a limited extent, pending the resolution of an objection or request for rectification, or if they would like the data to be stored in connection with their claims;
5.2.5. They may request their data provided to the Controller to be provided to them in a structured, commonly used and machine-readable format. The data may be then forwarded to a Controller of their choice. In addition, if technically feasible, with appropriate security standards, we may transfer data to another Controller on the Data Subject’s behalf.
5.3.6. If the processing of your data by the Controller is based on a legitimate interest, you may object to such processing;
5.3.7. Every person also has the right to lodge a complaint to the supervisory authority [in Poland - the President of the Office for Personal Data Protection, formerly (until 25 May 2018) known as the General Inspector of Personal Data Protection.
If you believe that our processing of your personal data has violated your rights - please inform us of this fact by sending us an e-mail to: [email protected]. We try to respond to comments and feedback from our users and above all respect their rights.
5.3. In order to exercise the rights referred to above, you may use the appropriate options offered by your User Account (this option applies only to Customers who have an account) or by sending an e-mail to: [email protected] or in writing to the Controller's address.
5.3.1. A request for the exercise of data subjects' rights may be submitted in the following form:
- in writing to the following address: PEFRANO SP. Z O.O. Al. 1000-lecia 2, 32-300 Olkusz
- via e-mail to: [email protected].
The request should, as far as possible, indicate precisely what the request concerns, and in particular:
- what right do you want to exercise (e.g. right to obtain a copy of the data, right to data removal, etc.);
- which processing the request concerns (e.g. use of a particular service, newsletter subscription to a particular email address, etc.);
- which purposes of the processing the request concerns (e.g. marketing purposes, analytical purposes, etc.).
5.3.2. All the requests shall receive a response within one month of receipt. If an extension is necessary, the Controller will inform the applicant of the reasons for the extension.
5.3.3. The reply will be given to the e-mail address from which the request was sent or, in the case of applications sent by letter, by mail to the address indicated by the requesting party, unless it is clear from the contents of the letter that the sender wishes to receive feedback via e-mail (in which case the e-mail address should be provided).
5.4. The Customer also has the right to lodge a complaint to the supervisory authority [in Poland - the President of the Office for Personal Data Protection, formerly (until 25 May 2018) known as the General Inspector of Personal Data Protection.
6. PERSONAL DATA SECURITY
6.1. The Online Store may contain links to other websites. The Controller encourages the Customers to get acquainted with the privacy policies of these websites. This Privacy Policy applies only to this Online Store.
6.2. The Controller shall use technical and organisational measures to ensure the protection of the personal data processed,
appropriate to the risks and categories of the protected data, in particular protecting the data
from sharing them to unauthorised third parties, theft by unauthorised third parties, processing in violation of
applicable regulations, as well as alteration, loss, damage or destruction.
6.3. The Controller shall make available the following technical measures to prevent unauthorised third parties from acquiring and modifying
personal data sent via electronic means:
6.3.1. Securing the data set against unauthorized access.
6.3.2. SSL Certificate.
6.3.3. Access to the Account only after entering an individual login and password.
6.3.4. In order to ensure data integrity and confidentiality, the Controller has implemented procedures which allow access to personal data only to authorised persons and only to the extent necessary due to the tasks they perform.
6.3.5. The Controller uses organisational and technical solutions to ensure that all operations on personal data are recorded and performed only by authorised persons.
6.3.6. Furthermore, the Controller takes all necessary measures to ensure that all subcontractors and other cooperating entities ensure the use of appropriate security measures whenever they process personal data on behalf of the Controller.
6.3.6. The Controller runs risk analysis on a regular basis and monitors the adequacy of applied data security measures, taking into account the identified risks and threats. If necessary, the Controller shall implement additional measures to enhance data security.
6.4. The Controller shall not transfer the Customer's personal data to third countries.
I consent to the processing of my personal data (name, email address) by the Seller – PEFRANO SP. Z O.O. for marketing purposes. I am aware that my consent for the processing of my data is voluntary. I am aware that I have the right to withdraw my consent at any time without affecting the lawfulness of the processing carried out on the basis of my consent before its withdrawal. I have the right to access, rectify, delete and restrict the processing of my data, as well as the right to data portability as set out in the Online Store's Privacy Policy. All personal data provided to the Online Store are processed in accordance with the relevant Privacy Policy. We encourage you to get acquainted with the Privacy Policy before consenting to any processing.