1/1. Administrator - Aleksandra Rusztyn Morawiec with its registered office in Accrington.
1/2. Personal data - all information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected for via cookies and other similar technology.
1/4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
1/5. Website - the website run by the Administrator at http://oldfashionribbon.com/
1/6. User - any natural person visiting the Website or using one or several services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
2/1. In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide individual services offered, as well as information about the User's activity on the Website. The detailed rules and purposes of processing personal data collected while using the Website by the User are described below.
3/1. Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies), and who are not registered Users (i.e. persons without a profile on the Website) are processed by the Administrator:
3/1/1. in order to provide electronic services in the scope made available to Users of content collected on the Website, product booking as part of the product booking service at OLDFASHIONRIBBON.COM, sharing contact forms - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 paragraph 1 lit. b RODO);
3/1/2. to support purchases made without registering on the Website - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the RODO); 3.1.3. to handle complaints - then the legal basis for processing is the necessity of processing to perform the contract (Article 6 paragraph 1 point b of the RODO);
3/1/4. for analytical and statistical purposes - then the legal basis for processing is the Administrator's legitimate interest (art.6 par.1 lit.f RODO) consisting in conducting analyzes of Users' activity, as well as their preferences in order to improve the functionalities and services provided;
3/1/5. in order to possibly determine and assert claims or defend against them - the legal basis for processing is the justified interest of the Administrator (Article 6 paragraph 1 letter f of the RODO) consisting in the protection of his rights; The User's activity on the Website, including his personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Administrator). Information collected in logs processed in connection with the provision of services. The administrator also processes them for technical purposes, in particular, data may be temporarily stored and processed in order to ensure the security and proper functioning of IT systems, e.g. in connection with making security copies, testing changes in IT systems, detecting irregularities or protecting against abuse and attacks. . REGISTRATION ON WWW.OLDFASHIONRIBBON.COM .
3/2. Persons who register on the Website are asked to provide data necessary to create and operate an account. In order to facilitate the service, the User may provide additional data, thereby agreeing to their processing. Such data can be deleted at any time. Providing data marked as mandatory is required to set up and operate an account, and failure to do so results in the inability to set up an account. Providing other data is voluntary.
3/3. Personal data is processed:
3/3/1. in order to provide services related to the operation and maintenance of an account on the Website - the legal basis for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the RODO), and for optional data - the legal basis for processing is consent (Article 6 paragraph 1 point a of the RODO);
3/3/2. for analytical and statistical purposes - the legal basis for processing is the Administrator's justified interest (art.6 par.1 lit.f RODO) consisting in conducting analyzes of Users' activity on the Website and how to use the account, as well as their preferences in order to improve the functionalities used;
3/3/3. in order to possibly determine and assert claims or defend against them - the legal basis for processing is the justified interest of the Administrator (Article 6 paragraph 1 letter f of the RODO) consisting in the protection of his rights.
3/4. If the User places on the Website any personal data of other people (including their name, address, telephone number or e-mail address), they can do so only if they do not violate the applicable law and personal rights of these people.
3/5. Placing an order (purchase of a good or service) by the Website User is associated with the processing of his personal data. Providing data marked as mandatory is required to accept and service the order, and failure to do so results in the lack of its implementation. Providing other data is optional.
3/6. Personal data is processed:
3/6/1. in order to process your order - the legal basis for processing is the necessity of processing to perform the contract (art.6 par.1 lit.b RODO); in the scope of optional data, the legal basis for processing is consent (art.6 par.1 lit.a RODO);
3/6/2. in order to implement the statutory obligations incumbent on the Administrator, resulting in particular from tax and accounting regulations - the legal basis for processing is the legal obligation (Article 6 (1) (c) of the RODO);
3/6/4. in order to possibly determine and assert claims or defend against them - the legal basis for processing is the justified interest of the Administrator (Article 6 paragraph 1 letter f of the RODO) consisting in the protection of his rights.
3/7. The administrator provides the opportunity to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and answer the query. The User may also provide other data in order to facilitate contact or handle the query. Providing data marked as mandatory is required in order to receive and service the query, and failure to do so results in the inability to service. Providing other data is voluntary.
3/8. Personal data is processed:
3/8/1. in order to identify the sender and service his query sent via the provided form - the legal basis for processing is the necessity of processing to perform the contract for the provision of services (Article 6 paragraph 1 point b of the RODO);
3/8/2. for analytical and statistical purposes - the legal basis for processing is the Administrator's legitimate interest (art.6 par.1 lit.f RODO) consisting in keeping statistics of queries submitted by Users via the Website in order to improve its functionality.
4/1. The administrator processes Users' personal data in order to carry out marketing activities that may consist of:
4/1/1. displaying marketing content to the User that is not adapted to his preferences (contextual advertising);
4/1/2. displaying marketing content relevant to the User's interests (behavioral advertising);
4/1/3. sending e-mail notifications about interesting offers or content, which in some cases contain commercial information;
4/1/4. conducting other types of activities related to direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities).
4/2. In order to implement marketing activities, the Administrator uses profiling in some cases. This means that thanks to automatic data processing, the Administrator assesses selected factors related to natural persons in order to analyze their behavior or create a forecast for the future.
4/3. The Administrator processes Users' personal data for marketing purposes in connection with directing contextual advertising to Users (i.e. advertising that is not tailored to the User's preferences). The processing of personal data takes place then in connection with the implementation of the legitimate interest of the Administrator (art.6 par.1 lit.f RODO).
4/5. This consent may be withdrawn at any time.
4/6. If the User has agreed to receive marketing information via e-mail, SMS and other electronic means of communication, the User's personal data will be processed for the purpose of sending such information. The basis for data processing is the legitimate interest of the Foamiran Polska store consisting in sending marketing information within the limits of the consent given by the User (direct marketing). The User has the right to object to data processing for the purposes of direct marketing, including profiling. The data will be stored for this purpose for the duration of the legitimate interest of Foamiran Polska, unless the User objects to receiving marketing information.
5. SOCIAL PORTALS
6. MOBILE APPLICATIONS
6/1. The Administrator processes Users' personal data also to enable the use of services offered as part of the Website, as well as additional services via mobile applications. Users' data are processed for registration and use of mobile applications. The legal basis for data processing in this respect is the necessity to perform the contract (art.6 par.1 lit.b RODO).
6/2. With the help of mobile applications, the User may in particular: browse the Website's range, gain access to his account on the Website, place orders and make payments for them, read information available in the mobile application and use other functionalities available in the mobile application. The administrator informs that due to technical limitations, the mobile application does not provide the possibility of using all the functionalities of the Website that are available through the Website.
7. COOKIES AND SIMILAR TECHNOLOGY
7/1. Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website - e.g. by remembering User's visits to the Website and activities performed by him. "SERVICE" COOKIES
7/2/1. cookies with data entered by the User (session ID) for the duration of the session (user input cookies);
7/2/2. authentication cookies used for services that require authentication for the duration of the session (authentication cookies);
7/2/3. cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric security cookies);
7/2/4. session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
7/2/5. permanent cookies used to personalize the User interface for the duration of the session or a little longer (user interface customization cookies),
7/2/6. cookies used to remember the contents of the basket for the duration of the session (shopping cart cookies);
7/2/7. cookies used to monitor website traffic, i.e. data analytics, including Google Analytics cookies (these are files used by Google to analyze how the User uses the Website, to create statistics and reports on the Website's functioning). Google does not use the collected data to identify the User or combine this information to enable identification of "MARKETING" COOKIES
8/1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service or order, until the consent is withdrawn or effective objection to data processing is raised in cases where the legal basis for data processing is the Administrator's legitimate interest.
8/2. The data processing period may be extended if the processing is necessary to establish and assert any claims or defend against them, and after that time only if and to the extent required by law. After the end of the processing period, the data is irreversibly deleted.
9. USER'S RIGHTS
9/1. Data subjects have the following rights:
9/1/1. The right to information on the processing of personal data - on this basis, the person submitting such a request, the Administrator provides information on the processing of personal data, including primarily the purposes and legal grounds for processing, the scope of data held, entities to whom personal data is disclosed and the planned date of their removal ;
9/1/2. The right to obtain a copy of the data - on this basis, the Administrator provides a copy of the processed data regarding the person making the request;
9/1/3. Right to rectification - on this basis, the Administrator removes any incompatibilities or errors regarding the personal data being processed, and supplements or updates them if they are incomplete or have changed;
9/1/4. The right to delete data - on this basis, you can request the removal of data whose processing is no longer necessary to achieve any of the purposes for which it was collected;
9/1/5. The right to limit processing - on this basis, the Administrator ceases to carry out operations on personal data, with the exception of operations that the data subject has consented to and their storage, in accordance with the adopted retention rules, or until the reasons for the restriction of data processing cease (e.g. a decision of the supervisory authority will be issued, authorizing further data processing);
9/1/6. The right to transfer data - on this basis, to the extent that data is processed in connection with the concluded contract or consent, the Administrator issues data provided by the person to whom they relate, in a format that allows it to be read by a computer. It is also possible to request that the data be sent to another entity - however, provided that there are technical possibilities in this regard both on the part of the Administrator and that other entity;
9/1/7. The right to object to the processing of data for marketing purposes - the data subject may at any time object to the processing of personal data for marketing purposes, without the need to justify such an objection;
9/1/8. Right to object to other purposes of data processing - the data subject may at any time object to the processing of personal data on the basis of the justified interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to the protection of property). An objection in this respect should contain a justification and is subject to the Administrator's assessment;
9/1/9. The right to withdraw consent - if the data are processed on the basis of consent, the data subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before withdrawing this consent;
9/1/10 Right to complain - if it is considered that the processing of personal data violates the provisions of the GDPR or other provisions regarding the protection of personal data, the data subject may submit a complaint to the President of the Office for Personal Data Protection.
9/2. An application regarding the exercise of the rights of data subjects can be submitted:
9/2/1. in writing to the following address: Aleksanrdra Rusztyn Morawiec BB2 2JD Accrington 144 Belfield Road;
9/2/2. by e-mail to the address: email@example.com
9/3. The application should, if possible, clearly indicate what the request concerns, i.e. in particular:
9/3/1. what right the person submitting the application wants to use (e.g. the right to receive a copy of the data, the right to delete the data, etc.);
9/3/2. what processing process the request relates to (e.g. use of a particular service, activity on a specific website, receiving a newsletter containing commercial information to a specific email address, etc.);
9/3/3. what processing purposes the request relates to (e.g. marketing purposes, analytical purposes, etc.).
9/4. If the Administrator will not be able to determine the content of the request or identify the person submitting the application based on the application, he will ask the applicant for additional information.
9/6. The answer will be given to the e-mail address from which the application was sent, and in the case of applications sent by letter, by ordinary letter to the address indicated by the applicant, unless the content of the letter indicates the desire to receive feedback to the e-mail address (in this case, please provide e-mail adress).
10. DATA RECIPIENTS
10/1. In connection with the provision of services, personal data will be disclosed to external entities, including in particular suppliers responsible for operating IT systems, entities such as banks and payment operators, entities providing accounting, legal, auditing, consulting services, couriers (in connection with the implementation of the order) , marketing agencies (in the field of marketing services) and entities related to the Administrator,
10/2. If the User's consent is obtained, his data may also be made available to other entities for their own purposes, including marketing purposes.
10/3. The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with applicable law.
11. TRANSMISSION OF DATA OUTSIDE THE EEA
11/1. The level of protection of personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is necessary and with an adequate level of protection, primarily through:
11/1/1. cooperation with entities processing personal data in countries for which an appropriate decision of the European Commission has been issued;
11/1/2. use of standard contractual clauses issued by the European Commission;
11/1/3. applying binding corporate rules approved by the competent supervisory authority;
11/1/4. in case of transferring data to the USA - cooperation with entities participating in the Privacy Shield program, approved by the decision of the European Commission.
11/2. The administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.
12. SECURITY OF PERSONAL DATA
12/1. The administrator conducts risk analysis on an ongoing basis to ensure that personal data are processed by him in a secure manner - first of all, ensuring that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform . The administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and associates.
12/2. The administrator takes all necessary actions so that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process personal data on behalf of the Administrator.
13. CONTACT DETAILS
13/1. Contact with the Administrator is possible via the e-mail address firstname.lastname@example.org or by correspondence address Aleksanrdra Rusztyn Morawiec BB2 2JD Accrington 144 Belfield Road
14/1. The policy is reviewed on an ongoing basis and updated as necessary.