Formal information at the beginning - the administrator of the website is: TIDYCUSTOMS Boguslaw Mitro, 22 Ludowa Street, 33-380 Krynica Zdroj, Poland,TIN: 7342553332.
- Who is the controller of your personal data?
- Who can you contact regarding the processing of your personal data?
- What information do we have about you?
- Where do we get your personal data from?
- Is your data secure?
- For what purposes do we process your personal data?
- How long will we store your personal data?
- Who are the recipients of your personal data?
- Do we transfer your data to third countries or international organizations?
- Do we use profiling? Do we make automated decisions based on your personal data?
- What rights do you have with regard to the processing of your personal data?
- Can you disable cookies?
- For what purposes do we use our own cookies?
- What third party cookies are used?
- Do we track your behavior on our website?
- Do we target advertising to you?
- How can you manage your privacy?
- What are server logs?
- Is there anything else you should know about?
Who is the controller of your personal data?
The controller of your personal data is TIDYCUSTOMS Boguslaw Mitro, 22 Ludowa Street, 33-380 Krynica Zdrój, TIN: 7342553332.
Who can you contact regarding the processing of your personal data?
As part of the implementation of personal data protection in our company, we have decided not to appoint a data protection officer due to the fact that in our case it is not mandatory. For matters related to personal data protection and broadly understood privacy, you can contact us at email@example.com
What information do we have about you?
Depending on the purpose, we may process the following information about you:
- your name and surname,
- address of residence,
- the address of the business activity,
- identification numbers (e.g. TIN),
- email address,
- information about the orders placed,
- data contained in the correspondence addressed to us.
The scope of the data processed has been described precisely for each purpose of processing. Information in this respect can be found later in this policy.
Where do we get your personal data from?
In most cases, you give them to us yourself. This happens when you:
- register a user account,
- place an order,
- send a complaint,
- subscribe to the newsletter,
- contact us.
Are your data secure?
We care about the security of your personal data. We have analyzed the risks associated with the various data processing processes and then implemented appropriate security and data protection measures. We constantly monitor the state of our technical infrastructure, train our staff, observe the procedures applied, and make necessary improvements. If you have any questions about your personal data, we are at your disposal at firstname.lastname@example.org
For what purposes do we process your personal data?
There is more than one such purpose. Below is a list of them followed by a more detailed discussion. We have also assigned the appropriate legal grounds for processing to the individual purposes.
- registration and maintenance of a user account—Article 6(1)(b) of the GDPR,
- order processing—Article 6(1)(b) of the GDPR,
- handling complaints —Article 6(1)(f) of the GDPR,
- sending the newsletter—Article 6(1)(a) of the GDPR,
- handling correspondence—Article 6(1)(f) of the GDPR,
- fulfillment of tax and accounting obligations—Article 6(1)(c) of the GDPR,
- creating an archive for the purposes of a possible need to defend, establish, or pursue claims, as well as to identify the returning customer—Article 6(1)(f) of the GDPR.
User account - details
Along with placing and paying for the order, we create an account for you on the website. Creating an account is necessary to make the purchased files available to you. Personal data provided by you in the ordering form are used to create a user account, i.e .:
- email address,
- company name,
- street—house / flat number
- VAT number.
As part of editing your account data, you can provide your further data, in particular data that may be used when placing orders, such as name and surname, address of residence or place of business, tax identification number, telephone number.
At any time you can modify the personal information provided to us in connection with the registration of your user account.
The data collected in connection with creating an account are processed in order to provide you with an electronic service consisting in providing you with the possibility to use your user account and purchased files. This service is provided on the basis of an agreement concluded in accordance with the rules described in the regulations, which means that in this respect the legal basis for the processing of your personal data is Article 6(1)(b) of the GDPR.
The data will be stored for the duration of your account. You can decide to delete your account at any time, but this will not lead to the removal from our database of information about your orders placed using your account. Data about orders are stored throughout the life of the website due to the possibility of identifying the returning customer, reconstructing their purchase history, discounts granted, etc., which is our legitimate interest referred to in Article 6(1)(f) of GDPR. If the statute of limitations for civil law claims, criminal law or administrative law penalties expires after the end of the activity, the data will be deleted after this period.
Orders - details
When placing an order on the website, one has to provide the data necessary to complete the order. Depending on the order details, the data catalog may be different.
Each order is saved in our database, which means that your personal data assigned to the order are also accompanied by information about the order, such as the products ordered, selected payment method, payment date.
The data collected in connection with the order are processed in order to perform the contract concluded by placing the order (Article 6(1)(b) of the GDPR), to issue an invoice (Article 6(1)(c) of the GDPR in connection with the provisions governing the issue of invoices), to include the invoice in the accounting documentation, to fulfill other tax and accounting obligations (Article 6(1)(c) of the GDPR in connection with the provisions governing tax and accounting obligations), and for archival purposes for the possible need to defend, establish, or assert claims, as well as for the identification of a returning customer, which is our legitimate interest (Article 6(1)(f) of the GDPR).
The order data will be processed for the time necessary for the execution of the order and then until the expiry of the statute of limitations for claims under the concluded contract. In addition, after this deadline, the data may still be processed by us for archival purposes for the possible need to defend, establish, or assert claims, as well as identify the returning customer. Please bear in mind that we are obliged to keep accounting records, which may contain your personal data for the period required by law. If the period of limitation of civil law claims, criminal record, or penalties under administrative law expires after the end of business, the data will be deleted after this period.
Complaints - details
If you file a complaint, you provide the personal data contained in the complaint, including your name and surname, address, telephone number, email address, and bank account number. Providing data is voluntary but necessary to file a complaint.
The data provided to us in connection with the submission of a complaint is used to implement the complaint procedure and then for archival purposes, which is our legitimate interest (Article 6(1)(f) of the GDPR).
The data will be processed for the time necessary to implement the complaint procedure. Complaint documents will be stored until the end of the business activity and for 5 years from the end of the year in which the business activity was terminated.
Newsletter - details
By subscribing to the newsletter, you provide us with your name and email address. Providing data is voluntary but necessary to subscribe to the newsletter.
The data provided to us in connection with subscribing to the newsletter are used to send you the newsletter, and the legal basis for their processing is your consent (Article 6(1)(a) of the GDPR) expressed when subscribing to the newsletter. With regard to the processing of information not originating from you, but collected automatically by our mailing system, we rely on our legitimate interest (Article 6(1)(f) of the GDPR) consisting in analyzing the behavior of newsletter subscribers in order to optimize mailing activities.
You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each message sent as part of the newsletter or by simply contacting us. Despite unsubscribing from the newsletter, your data will still be stored in our database in order to identify the returning subscriber and possibly defend claims related to sending you the newsletter, in particular to prove your consent to receiving the newsletter and the moment of its withdrawal, which constitutes our legitimate interest as referred to in Article 6(1)(f) of the GDPR. If the period of limitation of civil law claims, criminal record, or penalties under administrative law expires after the termination of the business activity, the data will be deleted after this period.
You can modify your data provided for the purpose of receiving the newsletter at any time by clicking on the appropriate link visible in each message sent as part of the newsletter or by simply contacting us.
Correspondence handling - details
When contacting us, you naturally provide us with your personal data included in the content of the correspondence, in particular your email address, name, and surname. Providing data is voluntary but necessary to establish contact.
Your data are processed in this case for the purpose of contacting you and the basis for processing is Article 6(1)(f) of the GDPR, i.e. our legitimate interest. The legal basis for processing after contact has ended is also our legitimate purpose to archive the correspondence for the purpose of ensuring that we can prove certain facts in the future (Article 6(1)(f) of the GDPR).
The content of the correspondence may be archived and we are not able to clearly determine when it will be deleted. You have the right to request the history of any correspondence you have had with us (if it has been archived) as well as to request its erasure, unless archiving it is justified by our overriding interests, such as defending against potential claims from you.
Tax and accounting obligations - details
If we issue an invoice for you, it forms part of the accounting documentation, which will be kept for the period of time required by law. In such a situation, your personal data are processed in order to fulfill our tax and accounting obligations (Article 6(1)(c) of the GDPR in connection with the provisions governing tax and accounting obligations).
Archive - details
As part of the description of the individual purposes for the processing of personal data above, we have indicated time limits for the storage of personal data. These time limits are often related to our archiving of certain data for the purpose of ensuring that we can prove certain facts in the future, reconstruct the course of our cooperation with you, the correspondence exchanged, or defend, establish, or assert claims. We rely in this respect on our legitimate interest as referred to in Article 6(1)(f) of the GDPR.
How long will we store your personal data?
The data storage periods have been indicated separately for each purpose of processing. You will find this information under the details for each separate processing purpose.
Who are the recipients of your personal data?
We will risk saying that modern business cannot do without services provided by third parties. We also use such services. Some of these are related to the processing of your personal data. The following processors are involved in the processing of personal data:
- hosting provider that stores data on the server,
- provider of the mailing system in which your data are stored, if you are a newsletter subscriber,
- supplier of the invoicing system in which your data is stored for the purpose of invoicing,
- an accounting office that processes your data visible on invoices,
- an entity providing maintenance services that gains access to the data, if the technical works carried out relate to areas where personal data are located,
- other subcontractors who gain access to the data, if the scope of their activities requires such access.
Personal data may be transferred to law offices if there is a need to use legal assistance that requires access to personal data.
Your personal data may also be transferred to tax offices to the extent necessary to fulfill tax, settlement, and accounting obligations. This applies in particular to all declarations, reports, statements, and other accounting documents which contain your personal data.
In addition, if necessary, your personal data may be made available to entities, bodies, or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, public prosecutor's offices.
Furthermore, we use tools that collect a range of information about you related to the use of our website. This includes, in particular, the following information:
- information about the operating system and web browser you use,
- viewed subpages,
- time spent on the website,
- transitions between individual subpages,
- clicks on individual links,
- the source from which you come to our website.
Do we transfer your data to third countries or international organizations?
Yes, part of the processing of your personal data may involve their transfer to third countries.
We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The providers of these tools guarantee an adequate level of protection of personal data through appropriate compliance mechanisms provided for by the GDPR, in particular through the use of standard contractual clauses.
Personal data are stored on servers located in third countries as part of the MailChimp mailing system, whose provider is Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA—in terms of your name, email address, IP address, and statistical information related to your response to our messages.
Rocket Science Group LLC ensures an adequate level of protection of personal data through the use of compliance mechanisms provided for by the GDPR, in particular through the use of standard contractual clauses.
We would also like to remind you here that we use external tools that may collect anonymous information about you. We have mentioned this several times under this policy, including in response to the previous question. The providers of these tools often use servers located around the world, in particular in the United States of America, to store the collected information.
Do we use profiling? Do we make automated decisions based on your personal data?
We do not make decisions based solely on automated processing, including profiling, that would have legal effects on you or that would similarly significantly affect you.
Yes, we do use tools that can take specific actions depending on the information collected as part of the tracking mechanisms but we believe that these actions do not have a significant impact on you for they do not differentiate your situation as a customer, they do not affect the terms of the contract you can enter into with us, etc.
Using certain tools, we may, for example, target personalised advertisements to you based on previous actions taken by you on our website or suggest products that may be of interest to you. This is called behavioral advertising. We encourage you to learn more about behavioral advertising, particularly with regard to privacy issues. Detailed information, including the ability to manage your behavioral advertising settings, can be found here: http://www.youronlinechoices.com.
We would like to emphasize that as part of the tools that we use, we do not have access to information that would allow your identification. The information we are talking about here is, in particular:
- information about the operating system and web browser you use,
- viewed subpages ,
- time spent on the website,
- transitions between individual subpages,
- the source from which you go to our website.
We do not combine the information indicated above with your personal data which are in our databases. This information is anonymous and does not allow us to identify you. This information is stored on the servers of the suppliers of individual tools and these servers may most often be located around the world.
What rights do you have with regard to the processing of your personal data?
The GDPR grants you the following potential rights related to the processing of your personal data:
- the right to access your data and obtain a copy thereof,
- the right to demand the rectification of the data,
- the right to erase the data (if in your opinion there are no grounds for us to process your data, you can request that we erase them),
- the right to restriction of data processing (you can request that we restirct the processing of data only to their storage or performance of activities agreed with you if in your opinion we have incorrect data or we process them unjustifiably),
- the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate a specific situation that, in your opinion, justifies the termination of the processing covered by the objection; we will stop processing your data for these purposes unless we prove that the grounds for data processing by us override your rights or that your data are necessary for us to establish, assert, or defend claims),
- the right to transfer data (you have the right to receive from us, in a structured, commonly used, machine-readable format, personal data that you provided to us on the basis of a contract or your consent; you can commission us to send these data directly to another entity),
- the right to withdraw consent to the processing of personal data if you previously gave such consent,
- the right to lodge a complaint with the supervisory body (if you find that we are processing data unlawfully, you can submit a complaint to the President of the Personal Data Protection Office or another competent supervisory authority).
The rules related to the implementation of the above-mentioned rights are described in detail in Articles 16–21 of the GDPR. We encourage you to familiarize yourself with these provisions. For our part, we consider it necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to them in relation to all activities involving the processing of your personal data.
We shall emphasize that you always have one of the rights indicated above—if you believe that we have breached the provisions on the protection of personal data while processing your personal data, you have the option to lodge a complaint with the supervisory body (the President of the Personal Data Protection Office).
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our ICT system (first-party cookies) or ICT systems of third parties (third-party cookies). Cookies can record and store certain information which ICT systems can then access for specific purposes.
Some of the cookies we use are deleted after the end of the browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow us to recognize your browser the next time you visit the website (persistent cookies).
If you want to learn more about cookies as such, you can check, for example: https://pl.wikipedia.org/wiki/HTTP_cookie.
Within the scope of your consent to cookies, we accept the option that you consent by setting your web browser or additional software supporting the management of cookies. We assume that you agree to all cookies used by us which are not blocked by your browser or additional software that you use.
Can you disable cookies?
Yes, you can manage cookie settings within your web browser. You can block all or only selected cookies. You can also block cookies from specific websites. You can also delete previously saved cookies and other website and plug-in data at any time.
Web browsers also offer the option of using incognito mode. You can use it if you do not want information about visited pages and downloaded files to be saved in your browsing and download history. Cookies created in incognito mode are deleted when you close all incognito mode windows.
There are also browser plug-ins for controlling cookies, such as Ghostery (https://www.ghostery.com). The option to control cookies may also be provided by additional software, in particular anti-virus packages, etc.
In addition, there are tools available on the Internet that allow you to control some types of cookies, in particular for collective management of behavioral advertising settings (e.g. www.youronlinechoices.com/, www.networkadvertising.org/choices).
For what purposes do we use our own cookies?
First-party cookies are used to ensure the proper functioning of individual website mechanisms, such as maintaining a session after logging in to the account, remembering recently viewed products and products added to the basket.
What third party cookies are used?
Our website does not use third-party cookies:
Do we track your behavior on our website?
No, we use Plausible Analytics tools that do not collect information about your activity on our website. We collect only some anonymous usage data for statistical purposes. The goal is to track overall trends in our website traffic, it is not to track individual visitors. All the data is in aggregate only. No personal data is collected.
Do we target advertising to you?
No, we do not target advertising to you.
How can you manage your privacy?
- cookie settings in the web browser,
- browser plug-ins supporting cookie management, e.g. Ghostery,
- additional cookie management software,
- incognito mode in a web browser,
- behavioral advertising settings, e.g. youronlinechoices.com,
- Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout.
What are server logs?
Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.
Logs include your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.
The data stored in the server logs are not associated with specific people using the website and are not used by us to identify you.
The server logs are only auxiliary material used to administer the website and their content is not disclosed to anyone except those authorized to administer the server.
Is there anything else you should know about?