Privacy policy

Privacy policy

§1

GENERAL PROVISIONS

1. The Privacy Policy contains rules concerning the processing of personal data by the Shop, including the basis, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools.

2. The administrator of personal data collected through the Internet Shop is SABER CNC DAWID TURZYŃSKI

based in: Szablewo 4, 83-425 Dziemiany

NIP:5911694381

REGON: 221848822

E-mail:dt@sabercnc.com- hereinafter referred to as 'Administrator'

3. Personal data in the Online Shop shall be processed by the Administrator in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as „GDPR“.

4. The use of the Online Shop, including making purchases, is voluntary. Similarly, the provision of personal data by the customer using the Online Shop is voluntary, with the exception of:

  • concluding agreements - failure to provide, in the cases and to the extent indicated on the website of the Online Shop and in the Online Shop Regulations and this Privacy Policy, personal data necessary to conclude and perform a Sales Agreement or an agreement for the provision of an Electronic Service with the Administrator shall result in the inability to conclude that agreement. Providing personal data in such a case is a contractual requirement and if the data subject wishes to conclude a given agreement with the Administrator, he or she is obliged to provide the required data. Each time the scope of data required to conclude an agreement is indicated in advance on the Online Shop's website.

  • Statutory obligations - the provision of personal data is a statutory requirement resulting from generally applicable legal regulations imposing on the Administrator the obligation to process personal data (e.g. data processing for the purpose of keeping tax or accounting books) and failure to provide such data will prevent the Administrator from performing these obligations.

5. The Administrator shall take particular care to protect the interests of the persons whose personal data he processes, and in particular shall be responsible for and ensure that the data he collects are accurate:

  • processed lawfully;

  • collected for designated, legitimate purposes and not subjected to further processing incompatible with those purposes;

  • Substantially correct and adequate in relation to the purposes for which they are processed;

  • kept in a form which permits identification of the persons concerned for no longer than is necessary to achieve the purpose of the processing;

  • processed in a way that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organisational measures.

6. Having regard to the nature, scope, context and purposes of the processing, and the risk of infringement of the rights or freedoms of natural persons with different degrees of likelihood and seriousness, the Administrator shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the Regulation and to demonstrate this. The controller shall apply technical measures to prevent the acquisition and modification by unauthorised persons of personal data transmitted electronically.

§2

THE BASIS FOR DATA PROCESSING

1. The Administrator shall be authorised to process personal data in cases where and to the extent that at least one of the following conditions is met:

  • the person to whom the data relate has consented to the processing of his/her personal data for one or more specified purposes;

  • processing is necessary for the performance of a contract to which the data subject is party or to take action at the request of the data subject prior to entering into a contract;

  • the processing is necessary to fulfil the legal obligation imposed on the Administrator;

  • processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a child.

2. Processing of personal data by the Administrator requires each time at least one of the grounds indicated above. The specific grounds for processing the Customers' personal data are indicated below.

§3

PURPOSE, GROUNDS, PERIOD AND SCOPE OF DATA PROCESSING

  1. Each time the purpose, basis, period and scope and recipients of personal data processed by the Administrator result from actions taken by a given Customer in the Online Shop. For example, if the Customer decides to make purchases in the Online Shop and chooses to collect the purchased Product in person instead of a courier service, his or her personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier carrying out shipments on the Administrator's order.

Purpose of data processing

Legal basis for data processing / storage period

Scope of data processing

Performance of a Sales Agreement or an Electronic Service Agreement

Article 6(1)(b) of the GDPR Regulation (implementation of the Agreement)

The data is stored for the period necessary to perform, terminate or otherwise terminate the contract.

Scope: first and last name; e-mail address; contact telephone number; delivery address (street, house number, property number, postcode, city, country), residence/business address/seat address (if different from delivery address), IP address, customer ID.

Bookkeeping

Article 6(1)(c) of the GDPR Regulation in conjunction with Article 74(2) of the Accounting Act, i.e. 30 January 2018. ( OJ) of 2018, item 395)

The data is stored for the period required by the law requiring the Administrator to keep the tax books (until the expiry of the limitation period for tax liabilities, unless the tax laws provide otherwise) or accounting books (5 years, counting from the beginning of the year following the financial year to which the data relate).

First name and surname; address of residence/business/seat (if different from the delivery address), company name and tax identification number (NIP) of the customer

Determining, investigating or defending claims that may be raised by the Administrator or that may be raised against the Administrator

Article 6(1)(f) of the GDPR Regulation

The data shall be stored for the period of existence of a legitimate interest pursued by the Administrator, but not longer than for the period of limitation of claims against the data subject on account of the Administrator's business activity. The period of limitation is determined by the provisions of law, in particular the Civil Code (the basic period of limitation for claims related to the conduct of business activity is three years, and two years for a sales contract).

First and last name; contact telephone number; e-mail address; delivery address (street, house number, property number, postcode, town, country), address of residence/business/seat (if different from delivery address).

Handling of applications

Article 6(1)(a) of the GDPR Regulation (consent)

The data shall be kept until the data subject's consent is withdrawn.

First name, last name, email address, IP address

Sending emails as part of the newsletter service

Article 6(1)(a) of the GDPR Regulation (consent)

The data shall be kept until the person concerned has withdrawn his or her consent.

E-mail address.

2. The Administrator may process personal data in the On-line Shop for the following purposes, on the following grounds, during periods and to the following extent:

§4

DATA RECIPIENTS

1. For the proper functioning of the Online Shop, including the performance of concluded Sales Agreements, it is necessary for the Admin to use the services of external entities. The Administrator uses only the services of such processing entities, which provide sufficient guarantees of implementation of appropriate technical and organisational measures, so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

2. Data transfer by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Administrator transfers data only if it is necessary for the realization of a given purpose of personal data processing and only to the extent necessary for its realization. For example, if the Customer uses personal collection, his/her data shall not be transferred to the carrier cooperating with the Administrator.

3. Personal data of the Customers of the On-line Shop may be transferred to the following recipients or categories of recipients:

  • carriers / courier brokers - in the case of a Customer who uses the method of delivery of the Product in the Online Shop by mail or courier, the Administrator makes the collected personal data of the Customer available to a selected carrier or intermediary carrying out shipments on the Administrator's order to the extent necessary to deliver the Product to the Customer.

  • entities handling electronic payments or a payment card - in the case of a Customer who uses an electronic payment method or a payment card in the Online Shop, the Administrator shall make the collected personal data of the Customer available to a selected entity handling the above payments in the Online Shop on the Administrator's order to the extent necessary to handle the payment made by the Customer.

  • service providers supplying the Administrator with technical, IT and organisational solutions enabling the Administrator to conduct business activity, including the Online Shop and the Electronic Services provided through it (in particular, computer software providers for running the Online Shop, e-mail and hosting providers and software providers for managing the company and providing technical assistance to the Administrator) - the Administrator shall make the collected personal data of the Customer available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.

  • providers of accounting and legal services providing the Administrator with accounting and legal support (in particular, an accounting office, a law firm or a debt collection company) - the Administrator makes the collected personal data of the Customer available to a selected provider acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

§5

PROFILING

1. The Administrator may use profiling in the Online Shop for marketing purposes, but the decisions taken by the Admin on its basis do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using services in the Online Shop. The effect of using profiling in the Online Shop may be, for example, granting a discount to a given person, sending him/her a discount code, a reminder of unfinished purchases, sending a product proposal which may correspond to the person's interests or preferences or offering better conditions compared to the standard offer of the Online Shop. Despite profiling, it is up to the person to decide whether they want to take advantage of the resulting discount or better conditions and make a purchase in the Online Shop.

2. Profiling in the Online Shop consists of automatic analysis or prediction of a person's behaviour on the Online Shop's website, e.g. by adding a particular Product to the basket, browsing the website of a particular Product in the Online Shop or by analysing the history of purchases made in the Online Shop. The condition for such profiling is that the Administrator has personal data of the person in question in order to be able to send them e.g. a discount code.

3. The person to whom the data relate shall have the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects vis-à-vis him or her or in a similar manner significantly affects him or her.

§6

RIGHTS OF THE DATA SUBJECT

1. Right of access, rectification, restriction, deletion or transfer - the data subject has the right to demand from the Administrator access, rectification, deletion ("right to be forgotten") or restriction of the processing and has the right to object to the processing and to transfer his data. Detailed conditions for exercising the aforementioned rights are set out in Articles 15-21 of the GDPR Regulation.

2. The right to withdraw consent at any time - a person whose data are processed by the Administrator on the basis of the consent given shall have the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.

3. The right to lodge a complaint to the supervisory authority - a person whose data are processed by the Administrator has the right to lodge a complaint to the supervisory authority in the manner and manner specified in the provisions of the Regulation of the Council of the Republic of Poland and Polish law, in particular the Act on Personal Data Protection. The supervisory authority in Poland is the President of the Office for Personal Data Protection.

4. Right to object - the data subject has the right to object at any time, on grounds relating to his particular situation, to the processing of personal data concerning him based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under those provisions. The controller shall in such a case no longer process the personal data unless it demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims.

5. In order to exercise the rights referred to in this paragraph, the Administrator may be contacted by sending an appropriate message in writing or by e-mail to the Administrator's address indicated in paragraph 1.

§7

SHOP COOKIES, USAGE DATA AND ANALYSTS

1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website of the Internet Shop (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on which device the visitor to our Internet Shop uses). Detailed information about Cookies, as well as the history of their creation can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.

2. The Administrator may process the data contained in the Cookies files when visitors use the Website of the Online Shop for the following purposes:

  • identifying customers as logged in to the Online Shop and showing that they are logged in;

  • remembering Products added to the basket in order to place an Order;

  • remembering data from completed Order Forms, surveys or login data to the Online Shop;

  • adjusting the content of the Online Shop's website to individual customer preferences (e.g. concerning colours, font size, page layout) and optimising the use of the Online Shop's pages;

  • keep anonymous statistics showing how the website of the Online Shop is used;

  • Remarketing, i.e. researching the behavioural characteristics of shoppers through an anonymous analysis of their actions (e.g. repeated visits to specific sites, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit other sites on the advertising network of Google Inc. and Facebook Ireland Ltd;

3. Typically, most web browsers on the market accept to save cookies by default. Everyone has the possibility to determine the terms and conditions of use of cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility of saving cookies - in the latter case, however, this may affect some of the functionalities of the Online Shop (for example, it may not be possible to pass the Order path through the Order Form due to not remembering the Products in the shopping cart during the subsequent steps of placing an Order).

4. The settings of your web browser regarding cookies are relevant to your consent to the use of cookies by our Online Shop - according to the regulations, such consent may also be given by your web browser settings. In the absence of such consent, the settings of your web browser should be changed accordingly.

5. Detailed information on changing settings for cookies and removing them yourself in the most popular web browsers is available in the help section of your browser.

6. The Administrator may use Google Analytics, Universal Analytics services provided by Google Inc. in the Webshop. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), from the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). and from the Heatmap service provided by HeatMap, Inc. These services help the Administrator to analyze traffic in the Online Shop. The collected data are processed within the framework of the above services in an anonymized manner (these are the so-called operating data which make it impossible to identify a person) to generate statistics helpful in the administration of the Internet Shop. These data are of an aggregate and anonymous nature, i.e. they do not contain identification features (personal data) of the persons visiting the website of the Online Shop. The Administrator using the above services in the Online Shop collects such data as sources and means of obtaining visitors to the Online Shop and the manner of their behaviour on the Online Shop's website, information on the devices and browsers from which they visit the site, IP and domain, geographical data and demographic data (age, gender) and interests.

7. It is possible for a person to easily block the sharing of Google Analytics information about their activity on the website of the Online Shop - for this purpose you can install the browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout.