2. The owner of online store and the controller of all acquired personal data is Amocarat S.A. located in Czaniec, 1 Królewska Street, a company organized and existing under the laws of the Republic of Poland, legal entity code KRS 0000375046 given by the district Court in Bielsko-Biała, VIII Commercial Division of the National Court Register, NIP: 5492324371, REGON: 120563374, with the issued share capital totally paid 5 000 000 PLN hereinafter called Amocarat S.A.
3. All personal data acquired by Amocarat S.A. through the online store are processed under the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE (overall regulation regarding personal data protection), named also GDPR.
4. Amocarat S.A. makes every effort to respect privacy of customers visiting online store.
§1. Kinds of processed data, goals and legal basis1. Amocarat S.A. collects data regarding natural persons performing legal acts which are not connected directly with their activity; natural persons holding business or professional activity on their behalf and natural persons representing legal entities or business units who are not legal entities but the legislation gives them the capacity for legal rights and who carry on business on their behalf, hereinafter called customers.
2. Customers’ personal data are collected in case of:
a) online store account registration in order to create an individual account and administering it. Legal basis: processing is necessary for the performance of Account service (art. 6, § 1, point b),
b) placing an order in online store, in order to fulfill the sales contract. Legal basis: processing is necessary for the performance of sales contract (art. 6, § 1, point b),
c) newsletter subscription in order to fulfill the contract which consists in service provided electronically. Legal basis: the data subject has given consent to the processing of his or her personal data for receiving newsletter (art. 6, § 1, point a),
d) using the option “share your opinion” which consist in service provided electronically. Legal basis: processing is necessary for sharing an opinion (art. 6, § 1, point b).
3. In case of online store account registration the Customer is supposed to provide:
a) e-mail address;
b) address details:
a. postal code and town,
c. street address together with home number,
c) first and last names;
d) phone number.
4. During the online store account registration the Customer independently sets his or her individual password to the account. The customer can change the password at a later date, according to the rules described in §6.
5. In case of placing an order via online store, the Customer is supposed to provide: e) e-mail address;
f) address details:
e. postal code and town,
g. street address together with home number,
g) first and last names;
h) phone number.
6. In case of entrepreneurs above data should be completed with: a) entrepreneurs company name,
b) Tax Identification Number adequate for company registration country.
7. In case of newsletter subscription, the customer is supposed to provide his or her name, e-mail address and sex.
8. In case of “share your opinion” service the Customer provides his or her nickname or name.
9. While using the online store website extra data might be collected, especially: IP address assigned to customer’s computer or IP address assigned to external internet provider, domain name, browser type, time of access, operating system type.
10. Additionally, navigational data may be collected from customers, including data about links and hyperlinks, which the Customer decides to click or any other activities that he or she performs while visiting online store. Legal basis: processing is necessary for the purposes of the legitimate interests, consisting in facilitation of using services provided electronically and facilitation of functionality of these services (art. 6, § 1, point f).
11. In order to establish, investigate and execute claims some of personal data such as: first and last names may be processed. In case of claims connected with the way of using offered services data about the way of using online store may be processed. In this case other data necessary to proceed the investigation and establishing the injury suffered may be used. Legal basis: processing is necessary for the purposes of the legitimate interests, consisting in establishing, investigating and executing claims and defense against claims in courts or public authorities (art. 6, § 1, point f).
12. All personal data are given to Amocarat S.A. voluntarily and are connected with concluded sales contracts or any other services provided by the online store. In case of failure to give all necessary data during the registration process, the account registration is impossible. In case of placing an order without creating an account, failure to give all necessary data results in not fulfilling the order.
§2 Who will have the access to the personal data and how long personal data will be kept?1. Personal data of customers may be transferred to the providers of services which are used by Amocarat S.A. to offer proper functioning of online store. Providers of these services, who receive mentioned above personal data either follow instructions given by Amocarat S.A. (processors) or specify objectives and way of processing by themselves (controllers).
a) Processors. Amocarat S.A. uses services which include processing personal data. However, personal data are processed only on instruction from Amocarat S.A. Mentioned above services include: hosting, accounting, marketing systems, website traffic analysis, marketing campaigns effectiveness analysis;
b) Controllers. Amocarat S.A. uses services which include processing personal data and not only on instruction from Amocarat S.A. and specify objectives and way of processing by themselves. These services include banking and electronic payments.
2. Location. Service providers reside mainly in Poland and countries of European Economic Area (EEA).
3. Customers personal data are stored:
a) when the customer has given the agreement for processing his or her personal data. In this case personal data are processed until the withdrawal of the consent and after the customer withdraw the consent, for the limitation period for introducing claims by or against Amocarat S.A. Unless otherwise provided, the limitation period for introducing claims by or against Amocarat S.A. equals ten years and for temporary claims and claims connected with business activity – three years.
b) In case of fulfilling the contract, customer’s personal data are processed by Amocarat S.A. as long as it is necessary to fulfill mentioned above contract. After this period personal data are processed for the limitation period for introducing claims by or against Amocarat S.A. Unless otherwise provided, the limitation period for introducing claims by or against Amocarat S.A. equals ten years and for temporary claims and claims connected with business activity – three years.
4. In case of doing shopping via online store, personal data may be transferred, dependently on customer’s choices, to:
a) courier company,
b) InPost Paczkomaty Sp. z o.o. residing in Kraków, providing services of delivery and post office boxes (Paczkomaty).
c) Polish Postal services S.A. residing in Warsaw.
5. Navigational data may be used in order to provide better service, analysis of statistical data and adjusting online store to customer’s preferences, and also for online store administration.
6. If customers subscribes for newsletter, Amocarat S.A. will send on given e-mail address e-mails informing about current offers and new products available at online store.
7. If requested by entitled public authorities, Amocarat S.A. shares personal data, especially the Prosecutor, Police, adequate public authorities.
§3 Cookies mechanism, IP address1. Online store uses small files, called cookies. If internet browser allows it, cookies are saved by Amocarat S.A. on device of person visiting online store. A cookie files usually contain the domain name they originate, storage time on the Device, and their assigned value. Cookies are used to customize the online store’s content and optimize it. Moreover, cookies give the opportunity to analyze overall statistics for particular products available at online store.
2. Amocarat S.A. uses two kinds of cookie files:
a) Session Cookies: These are stored on the User’s Device and remain there until the end of the browser session. The information recorded is then permanently removed from the Device’s memory. The session cookie mechanism does not allow the collection of any personal data or any confidential information from the User’s Device.
b) Persistent Cookies: These are stored on the User’s Device and remain there until they are removed. The browser session ending or the Device being switched off does not remove them from the User’s Device. The persistent cookie mechanism does not allow the collection of any personal data or any confidential information of the User’s Device.
3. Amocarat S.A. uses its own cookies for the following purposes:
a) user authentication at the online store and to maintain user sessions at the online store (after logging in), so that the user does not have to re-enter the login and password at every online store page;
b) analysis, research and conducting the audit of viewing figures, especially to create anonymous statistics which help to understand how the online store customers use the online store pages, which allows enhancement of its structure and content.
4. Amocarat S.A. uses external cookies in order to:
a) promote online store through Facebook (cookie administrator: Facebook Inc, with the registered office in the U.S. or Facebook Ireland, with the registered office in Ireland)
b) show Amocarat S.A. residing location in the Contact tab through maps.google.com (cookie administrator: Google Inc with office in the USA)
c) collection of general and anonymous static data using Google Analytics analytical tools (cookie administrator: Google Inc, with the registered office in the USA)
d) presenting “Rzetelny Regulamin” Certificate through rzetelnyregulamin.pl (cookie administrator: Rzetelna Grupa Sp. z o.o. with the registered office in Warsaw)
5. Cookie mechanics is safe for online store customers’ computers. In particular, it is impossible for viruses or other unwanted or malware software to enter customers’ devices. The files allow the software used by the customer to be identified and the online store to be customized to each customer individually. However, in this case using the online store will be possible without particular functions which need cookies by their nature.
6. Listed below links include direction how to change particular settings of the most popular internet browsers:
a) Internet Explorer;
b) Microsoft EDGE;
c) Mozilla Firefox;
7. Amocarat S.A. may storage customer’s IP Addresses. IP is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. In most cases an IP changes dynamically, that means whenever the user connects with the internet. Because of this, IP is treated as impersonal identification data. Amocarat S.A. uses IP addresses to diagnose technical problems connected with servers, creating statistical analysis (such as determining amount of visitors from particular countries and regions), as information helpful while controlling and improving online store, safety purposes and potential identification of unwanted software checking online store content.
8. Online store include hyperlinks and redirections to other websites. Amocarat S.A. is not responsible for their Privacy Policies and Terms & Conditions.
§4 Rights of data subjects1. Right to consent withdrawal – legal basis: article 7, point 7 GDPR.
a) The customer has the right to withdraw every consent that has been given by him or her to the Amocarat S.A.
b) Consent withdrawing is effective immediately.
c) Consent withdrawing cannot affect past processing of personal data given by the customer.
d) Consent withdrawing cannot have any negative consequences to the customer, however, can affect future using services and functionalities offered by the Amocarat S.A. which according to the law can be served only with actual consent.
2. Right to object to the processing personal data – legal basis: article 21 GDPR.
a) Customer has the right to object to the processing his or her personal data according to special circumstances including profiling if Amocarat S.A. processes his or her personal data on the basis of legitimate interests, for example: products’ marketing, services provided by Amocarat S.A., statistical analysis and online store facilitating, including satisfaction survey.
b) Sending an e-mail with clear resignation on receiving any marketing or business information should be understood as objection to the processing his or her personal data, including profiling.
c) Well-founded objection to personal data processing and no other circumstances to process personal data by Amocarat S.A. should result in removing mentioned above personal data.
3. Right to erasure (“right to be forgotten”) - legal basis: article 17 GDPR.
a) Customer has the right to obtain from Amocarat S.A. the erasure of personal data concerning him or her without undue delay.
b) Customer has the right to obtain from Amocarat S.A. the erasure of personal data concerning him or her without undue delay, if:
a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
b. customer withdraws consent on which the processing is based,
c. customer objected to the processing and there are no overriding legitimate grounds for the processing,
d. the personal data have been unlawfully processed,
e. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which Amocarat S.A. is subject,
f. the personal data have been collected in relation to the offer of information society services.
c) Despite the objection to the processing, withdrawing the consent or erasing personal data Amocarat S.A. has the right to keep some of personal data within the range in which processing is necessary to establish, investigate or defending against claims. This situation includes also complying with the obligation to respect UE rights and directives. This especially includes: name, last name, e-mail address which are kept in order to handle complaints connected with using services provided by Amocarat S.A. and any additional home address, order number which are kept in order to handle with any complaints connected with sales contracts or services used.
4. Right to restriction of processing – legal basis: article 18 GDPR.
a) The customer has the right to obtain from the controller restriction of processing his or her personal data. Obtaining from the controller restriction of processing personal data results in limited access to functions and services which using is impossible without processing data which are subject to the claimed restriction.
b) Customer has the right to obtain from the controller restriction of processing where one of the following applies:
a. the accuracy of the personal data is contested by the data subject, for a period (up to 7 days) enabling Amocarat S.A. to verify the accuracy of the personal data,
b. the processing is unlawful and customer opposes the erasure of the personal data and requests the restriction of their use instead,
c. Amocarat S.A. no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
d. customer has objected to processing his or her personal data pending the verification whether the legitimate grounds of Amocarat S.A. override those of the customer.
5. Right to access to the personal data – legal basis: article 15 GDPR.
a) Customer has the right to obtain from Amocarat S.A. confirmation as to whether or not personal data concerning him or her are being processed, and:
a. where that is the case, access to the personal data,
b. receives information about the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the time of storage or criteria determining this time (when setting a particular date is impossible), the rights granted to the customer by GDPR including the right to fill of the complaint to the supervisory authority, the source of the personal data, profiling, any securities used in connection with disclosing data outside of EU,
c. receives a copy of his or her personal data on request.
6. Right to rectification – legal basis: article 16 GDPR.
7. Right to data portability – legal basis: article 20 GDPR.
a) Customer has the right to receive the personal data concerning him or her, which he or she has provided to Amocarat S.A., in a structured, commonly used and machine-readable csv format and have the right to transmit those data to another controller without hindrance from Amocarat S.A. to which the personal data have been provided.
8. In mentioned above situation, Amocarat S.A. is obliged to fulfill the demand or refuse of fulfilling it immediately, however not later than within one month after receiving it. However, in case of extremely complicated demands or exceptionally big amount of demands Amocarat S.A. can be given additional two months after informing the customer (within the first month) about such circumstances arisen.
9. Customer can report complaints, questions and requests regarding processing his or her personal data and abput his/her privileges.
11. Customer has the right to report complaint to supervising authority in case of infringement personal data rights under GDPR.
§5 Services fitted to preferences and interests (profiling)1. Profiling means any way of automated personal data processing, based on using personal data to estimate some factors which may affect using the online store. Mentioned above factors include among others: professional status, economic situation, health, personal preferences, interests, reliability, behavior, location and transferring.
2. Customer’s personal data may be processed in automated processed (profiling) however it neither will affect customer’s situation nor have legal implications.
3. Profiling of personal data implemented by Amocarat S.A. is based on processing personal data in automated or manual way, through using it to evaluate some facts concerning customer, especially to analyse his or her personal preferences and interests.
4. In order to reach customer with advertising or business information through online store, Amocarat S.A. uses services provided by third-party companies. These services include mainly marketing communicates displayed on online store websites. To do so, external providers install proper code or pixel, in order to download data regarding customer’s activity while visiting online store. All details regarding cookies, rules of using it and information regarding fitting communicates to personal preferences can be found in §3 Lawfulness of processing (article 6, point 1 GDPR).
§6 Security management – password1. Amocarat S.A. assures safe and encrypted connection while sending personal data and while being logged to the customer’s account. Amocarat S.A. uses trusted SSL certificate.
2. In case of password loss Amocarat S.A. as the owner of online store allows generating new password. Amocarat S.A. does not send password reminder. Every password is encrypted in the way which prevents from decrypting it. To generate new password customer is supposed to provide e-mail address by filling in “Forgot the password” form. After this customer receives an e-mail with redirection to website in online store, where a new password can be set.
3. Amocarat S.A. never sends any correspondence neither traditional nor electronical, with requests to give the password or any personal data.
3. Last update: May 22th 2018