OF THE GERLACH.PL ONLINE STORE
1. GENERAL PROVISIONS
1.2. The administrator of personal data collected via the Online Store is "GERLACH" SPÓŁKA AKCYJNA with its registered office in Drzewica (address of the office and address for service purposes: ul. Braci Kobylańskich 41, 26-340 Drzewica); entered into the Register of Entrepreneurs of the National Court Register under the number KRS 0000055281; the registry court in which the company file is kept: District Court for Łódź – Śródmieście in Łódź, XX Commercial Division of the National Court Register; share capital in the amount of 2,210,575.00 PLN; NIP: 7990003388; REGON: 670081420, e-mail address: email@example.com – hereinafter referred to as “Administrator” and simultaneously being both the Online Store Service Provider and Seller.
1.3. The personal data of the Service User and Customer is processed in accordance with the Personal Data Protection Act of 29 August 1997 (Journal of Laws 1997 No 133, item 883 as later amended) (hereinafter referred to as the Personal Data Protection Act) and the Act on providing services by electronic means of 18 July 2002 (Journal of Laws 2002 No 144, item 1204 as later amended).
1.4. The administrator shall ensure the highest degree of due care to protect the interests of persons whom the data concerns, and, in particular, shall ensure that the data collected by him is processed in accordance with the law; gathered for the indicated, legitimate purposes and is not further processed in a manner incompatible with these purposes; substantially correct and adequate in relation to the purposes for which it is processed and stored in such a way as to enable the identification of the persons concerned, no longer than it is necessary to achieve the purpose of processing.
1.5. Any words, expressions and acronyms appearing on this site and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) shall be understood as defined in the Rules of the Online Store available on the Website.
2. PURPOSE AND SCOPE OF DATA COLLECTION AND RECIPIENTS OF THE DATA
2.1. Each time the purpose, scope and recipients of data processed by the Administrator result from activities undertaken by the Service User or Customer at the Online Store. For example, if, during the submission of the order, a Customer chooses personal delivery instead of a courier service, his personal data will be processed for the conclusion and execution of the Sale Agreement, but will not be made available to the carrier performing the shipment by order of the Administrator.
2.2. Possible goals of collecting personal data of Service Users or Customers by the Administrator:
2.2.1. the conclusion and execution of the Sale Agreement or the Agreement for the provision of Electronic Services (e.g. Account).
2.2.2. direct marketing of the Administrator’s own products or services.
2.2.3. the Customer expressing an opinion on the concluded Sale Agreement.
2.3. Possible recipients of personal data of the Online Store Customers:
2.3.1. In the case of a Customer who uses the Online Store by way of delivery by courier, the Administrator shall make the Customer’s collected personal data available to the selected courier or agent performing the shipments by order of the Administrator.
2.3.2. In the case of a Customer who chooses electronic payment or card payment when using the Online Store, the Administrator makes the Customer’s collected personal data available to the selected agent handling the above payments in the Online Store.
2.3.3. In the case of a Customer who agrees to express an opinion on the concluded Sale Agreement, the Administrator shall make the collected personal data of the Customer available to the selected agent handling the system of questionnaires evaluating the concluded Sale Agreement in the Online Store.
2.4. The Administrator may process the following personal data of the Service Users or Customers using the Online Store: name and surname; e-mail address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country), address of residence/business/registered office (if different from the delivery address). In the case of Service Users or Customers who are not consumers, the Administrator may also process the Company’s name and Tax Identification Number (NIP) of the Service User or Customer.
2.5. The submission of personal data referred to in the preceding paragraph may be necessary to conclude and execute the Sale Agreement or Electronic Service Agreement at the Online Store. The scope of data required for the conclusion of the agreement is first indicated each time at the Online Store website or in the Regulations of the Online Store.
3. COOKIES AND OPERATIONAL DATA
3.1. Cookies are pieces of textual information sent by the server and stored on the visitor’s side of the Online Store website (e.g. the hard drive of a computer, a laptop, or a smartphone memory card – depending on which device the Online Store visitor uses). Detailed information on Cookies, as well as the history of their creation, can be found, among others, here: http://en.wikipedia.org/wiki/Cookie.
3.2. The Administrator may process the data contained in the Cookies while visitors are using the Online Store website for the following purposes:
3.2.1. to identify the Service Users as logged in the Online Store and to show that they are logged in;
3.2.2. to memorise Products added to the cart for ordering;
3.2.3. to memorise data from completed Order Forms, surveys and login data for the Online Store;
3.2.4. to adjust the contents of the Online Store website to the individual preferences of the Service Users (e.g. concerning colours, font size, site layout) or to optimise the use of the Online Store website;
3.2.5. to keep anonymous statistics showing the ways of using the Online Store website.
3.3. By default, most Internet browsers available on the market implicitly accept Cookies. Everyone has the possibility of determining the conditions of using Cookies through the settings of their own Internet browser. This means that you can, for example, partly limit (e.g. temporarily) or completely disable the option of saving Cookies – in the latter case, however, it may affect some functionalities of the Online Store (for example, it may become impossible to proceed through the Order process via the Order Form because of non-remembrance of the Products in the shopping cart during the subsequent steps of ordering).
3.4. Cookies Internet browser settings are important for the approval of Cookies by our Online Store – according to the regulations, such consent may also be expressed through Internet browser settings. If no such consent has been expressed, it will be necessary to change the internet browser settings for Cookies accordingly.
3.5. Detailed information on changing the settings for Cookies and removing them in the most popular internet browsers is available at the support section of the internet browsers and the pages listed below (just click on the link):
· in the Chrome browser
· in the Firefox browser
· in the Internet Explorer browser
· in the Opera browser
· in the Safari browser
· in the Microsoft Edge browser
3.6. The Administrator also processes anonymised operational data connected with the use of the Online Store (IP address, domain) to generate statistics helpful in administering the Online Store. This data is aggregate and anonymous, i.e. it does not contain features that identify visitors to the Online Store. This data is not disclosed to third parties.
4. BASIS FOR DATA PROCESSING
4.1. Submission of personal data by the Service User or Customer is voluntary, but failure to submit the personal data required to enter into and execute the Sale Agreement and Electric Services Agreement indicated at the Online Store website and in the Online Store Rules results in the inability to conclude the agreement.
4.2. The basis for the processing of the personal data of the Service User or Customer is the necessity of fulfilling the agreement to which he is a party or acting on his request before the conclusion of the agreement. In the case of data processing for the purposes of direct marketing of the Administrator’s own products or services, the basis for such processing is (1) the prior consent of the Service User or Customer or (2) meeting legitimate goals pursued by the Administrator (pursuant to Art. 23 paragraph 4 of the Personal Data Protection Act, a legitimate goal means in particular direct marketing of the Administrator’s own products or services).
4.3. In the case of data processing for the purpose of expressing the Customer’s opinion on the concluded Sale Agreement, the basis for such processing shall be the consent of the Service User or Customer.
5. RIGHT TO CONTROL, ACCESS TO THE CONTENTS OF OWN DATA AND ITS CORRECTION
5.1. The Service User or Customer has the right to access and correct their personal data.
5.2. Everyone has the right to control the processing of data relating to them contained in the Administrator’s data set, and in particular the right to request the completion, updating, correction of personal data, temporary or permanent suspension of its processing or removal if it is incomplete, outdated, false or collected in violation of the law or is no longer needed to meet the goals for which it was collected.
5.3. In the event that the Service User or Customer authorises the processing of data for the purposes of direct marketing of the Administrator’s own products or services, consent may be revoked at any time.
5.4. If the Administrator intends to process or processes the data of the Service User or Customer for the direct marketing of the Administrator’s own products or services, the person whom the data concerns is also entitled to (1) make a written, reasoned request to cease processing his data due to his particular situation or to (2) object to the processing of his data.
6. FINAL PROVISIONS
6.2. The Administrator shall use technical and organizational means to ensure that personal data processed is protected adequately from the threats and according to the category of the data covered by the protection, and in particular against its unauthorised disclosure, unauthorised access, processing in violation of applicable laws and alteration, loss, damage or destruction.
6.3. The Administrator shall make available, as appropriate, the following technical measures to prevent the unauthorised access and modification of personal data sent electronically:
6.3.1. Securing the data set against unauthorised access.
6.3.2. Access to the Account only after entering the individual login and password.
6.3.3. SSL Certificate.