Privacy Policy
ONLINE STORE PRIVACY POLICY
1. When using the ivape.pl Online Store, the Customer may be asked to provide his personal data, in particular including name, surname, telephone number or e-mail address in order to provide him with the services provided by the Administrator in the Online Store.
2. The administrator of the personal data of the Customers of the Online Store is VAPE Grzegorz Majewski with its seat in Zawiercie at ul. Marszałkowska 5.
3.Contact with the administrator, also in the scope of the rights of customers and sending statements containing the withdrawal of consent to the processing of personal data, takes place via the following contact details:
traditional form: GREN FOX Główna 188, 42-280 Częstochowa
o electronic form: m.zdunek@grenfox.com
by phone: +48 697 883 416
4. Personal data collected in the Online Store are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repeal Directive 95/46 / EC (general regulation on data protection) - hereinafter referred to as the GDPR, the Act of August 29, 1997 on the Protection of Personal Data (Journal of Laws of 2014, item 1182, as amended) and the Act on on July 18, 2002 on the provision of electronic services (Journal of Laws of 2013, item 1422 as amended.
5. The Administrator collects Customers' personal data both for the purposes covered by the Customer's consent to the processing of his data and for the purpose of fulfilling the order placed by the Customer, archiving it or performing other services provided electronically by the Administrator and for other purposes specified in the Regulations, which are in accordance with the applicable by law.
6. The Administrator makes special efforts to protect the privacy and information provided to the Online Store regarding the Customers of the Online Store. The administrator selects and applies appropriate technical measures with due diligence, including programming and organizational measures, ensuring the protection of the processed data, in particular, protects the data against unauthorized disclosure, disclosure, loss and destruction, unauthorized modification, as well as against their processing in violation of the applicable legal regulations.
7. The administrator exercises permanent control over the data processing process and limits access to data to the greatest possible extent, granting appropriate authorizations only when it is necessary for the proper operation of the Online Store.
8. The basis for the processing of personal data is, in the case of the implementation of marketing purposes, including profiling and analytical purposes, the consent of the Customers themselves, and in the case of the provision of services, including services provided electronically by the Administrator as part of the Online Store - the necessity of data to perform the contract or obligation legal incumbent on the Administrator.
9. Providing any personal data is voluntary, with the proviso that failure to provide the data specified in the Regulations of the Online Store prevents the provision of certain services, in particular setting up an account in the Online Store, as well as the execution of an order placed by the Customer. When providing services, the provision of personal data including name, surname, address data, including e-mail address and telephone number is a condition for the provision of the service.
10. Due to the voluntary nature of providing his personal data by the Customer, the Customer has the right to access his personal data, as well as the right to request rectification, deletion, limitation of their processing, and to transfer data. The Administrator may refuse to delete data if their preservation is necessary to complete the service started, or if the Customer, with his previous behavior in the Online Store, has violated the provisions of this document or the Regulations or applicable law, and the retention of data is necessary to clarify these circumstances and determine liability. The customer.
11. The customer also has the right to object at any time - for reasons related to his particular situation - to the processing of personal data concerning him in a situation where:
• processing is necessary for the purposes of the legitimate interests pursued by the administrator, including profiling based on this basis;
• the data is processed for the purposes of direct marketing;
12.If the Customer has objected to the processing, the Administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally valid grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defense claims.
13. The customer has the right to lodge a complaint with the supervisory authority if the Administrator processes his data in a manner inconsistent with the law. The supervisory body is the President of the Personal Data Protection Office.
14. In the case of processing personal data by the Administrator based on the consent of the client, this consent may be withdrawn at any time. For the proper performance of the Administrator's obligations related to the withdrawal of consent, a declaration of withdrawal of consent should be sent to the administrator using the contact details provided by him. Withdrawal of consent does not affect the lawfulness of the current processing, which was carried out on the basis of previously granted consent.
15. In the event of a change in the data of a Customer who has registered in the Online Store, the Customer may, after logging in to the Online Store, change the selected data by himself.
16. Personal data or information regarding Customers may be made available to public authorities, entities processing data on behalf of the Administrator or other recipients if such an obligation results from legal provisions, it is necessary for the performance of the contract or if the data subject has given appropriate consent. .
17. The administrator, to the extent necessary to provide the service to a given customer, or with his consent, may transfer his personal data:
• the operator of the on-line payment system, PayPal Polska Sp. z o.o. with its registered office in Warsaw (ul. Emilii Plater 53, 00-113 Warsaw) as the data controller, entered into the register of entrepreneurs kept by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under number 0000289372 with share capital PLN 506,500 fully paid, with NIP: 5252406419, being an entity providing payment services within the meaning of the Act of August 19, 2011 on payment services (Journal of Laws 2011.199.1175 as amended). The transfer concerns the data necessary to make the payment by Paypal Polska, in particular: name and surname, e-mail address, telephone number,
• the operator of the online payment system, DotPay SA, with its registered office in Kraków, 30-552 Kraków, at 72 Wielicka Street, as the data controller, entered into the register of entrepreneurs kept by the District Court Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under number 0000296790, with share capital of PLN 4,000,000.00, paid in full in cash, with NIP number 634-26-61-860, NIP EU PL6342661860, being an entity providing payment services within the meaning of the Act of August 19, 2011 on payment services (Journal of Laws 2011.199.1175 as amended). The transfer concerns the data necessary to complete the payment by DotPay, in particular: name and surname, e-mail address, telephone number.
• the operator of the on-line payment system, TPAY.COM Krajowy Integrator Płatności S.A., based in Poznań, 61-808 Poznań, ul. Św. Marcina 73/6 as the data administrator, entered in the register of entrepreneurs kept by the District Court in Poznań, Commercial Division of the National Court Register under number 0000412357, with share capital of PLN 4,848,500, paid in full in cash, with NIP number 7773061579, REGON number 300878437, being an entity providing payment services within the meaning of the Act of 19 August 2011 on payment services (Journal of Laws 2011.199.1175 as amended). The transfer concerns the data necessary to make the payment by TPAY.COM, in particular: name and surname, e-mail address, telephone number.
18. The administrator uses IP addresses collected during internet connections for technical purposes related to server administration and to collect general, statistical demographic information (e.g. about the region from which the connection is made), as well as for security purposes, including possible automatic identification server-loading programs for browsing the content of the Online Store.
19. Customers' personal data, the Administrator stores:
• when providing services - for the time necessary to complete the contract;
• in marketing activities, including profiling and analytics - until the Customer withdraws the consent.
20. If the Customer does not consent to the processing of his data for purposes other than the provision of services, personal data will not be used for these purposes.