Privacy policy
ONLINE STORE PRIVACY POLICY TIGNUM.PL
TABLE OF CONTENTS:
GENERAL PROVISIONS BASIS FOR DATA PROCESSING PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE RECIPIENTS OF DATA IN THE ONLINE STORE PROFILING IN THE ONLINE STORE RIGHTS OF THE DATA SUBJECT COOKIES IN THE ONLINE STORE AND ANALYTICS FINAL PROVISIONS
- GENERAL PROVISIONS
1.1. This privacy policy of the Online Store is informational, which means that it is not a source of obligations for the Service Users or Customers of the Online Store. The privacy policy primarily contains rules on the processing of personal data by the Administrator in the Online Store, including the basis, purposes, and duration of processing personal data, and the rights of the persons to whom the data relate, as well as information on the use of Cookies and analytical tools in the Online Store. 1.2. The administrator of personal data collected through the Online Store is “TIGNUM” LIMITED LIABILITY COMPANY with its registered office in Pabianice (registered office address and delivery address: Słonecznikowa 22, 95-200 Pabianice); entered into the Register of Entrepreneurs of the National Court Register under the number KRS 0000108460; the registry court where the company's documentation is kept: District Court for Łódź-Śródmieście in Łódź Commercial Court, XX Economic Department of the National Court Register; share capital: 121,000 PLN; Tax Identification Number (NIP): 8310004628; Statistical Number (REGON): 005273487, e-mail address: sklep@tignum.com.pl, contact phone number: 42 213 97 38, and fax number: 42 226 30 39 - hereinafter referred to as “Administrator” and also being the Service Provider of the Online Store and the Seller. 1.3. Personal data in the Online Store are processed by the Administrator in accordance with the applicable law, in particular in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679 1.4. Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the Service User or Customer using the Online Store is voluntary, subject to two exceptions: (1) concluding agreements with the Administrator – not providing in the cases and to the extent indicated on the Online Store website and in the Online Store Terms and Conditions and this privacy policy of the personal data necessary for the conclusion and performance of the Sales Agreement or the contract for the provision of Electronic Services with the Administrator results in the impossibility of concluding the said contract. Providing personal data in such a case is a contractual requirement, and if the person to whom the data relates wants to conclude a given contract with the Administrator, they are obliged to provide the required data. Each time, the scope of data required to conclude the contract is indicated beforehand on the Online Store website and in the Online Store Terms and Conditions; (2) statutory obligations of the Administrator – providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing on the Administrator the obligation to process personal data (e.g., processing data for the purpose of keeping tax or accounting books) and the lack of their provision will prevent the Administrator from fulfilling these obligations. 1.5. The Administrator takes special care to protect the interests of the persons whose personal data are processed by him, and in particular is responsible and ensures that the data collected by him are: (1) processed in accordance with the law; (2) collected for specified, lawful purposes and not subjected to further processing inconsistent with these purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form that allows identification of the persons they relate to, no longer than is necessary to achieve the purpose of processing, and (5) processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by using appropriate technical or organizational measures. 1.6. Taking into account the nature, scope, context, and purposes of processing as well as the risk of violation of the rights or freedoms of natural persons with varying likelihood and severity of the threat, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR Regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Administrator applies technical measures to prevent unauthorized persons from acquiring and modifying personal data transmitted electronically. 1.7. All words, expressions, and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Online Store Terms and Conditions available on the Online Store pages.
- BASIS FOR DATA PROCESSING
2.1. The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular when the data subject is a child. 2.2. The processing of personal data by the Administrator requires, each time, the presence of at least one of the bases indicated in point 2.1 of the privacy policy. Specific bases for the processing of personal data of Service Users and Customers of the Online Store by the Administrator are indicated in the next point of the privacy policy – in relation to the specific purpose of processing personal data by the Administrator.
- PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
3.1. Each time, the purpose, basis, period, and recipients of personal data processed by the Administrator result from actions taken by a given Service User or Customer in the Online Store or by the Administrator. For example, if a Customer decides to make a purchase in the Online Store and chooses to collect the purchased Product in person instead of courier delivery, their personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier executing shipments on behalf of the Administrator. 3.2. The Administrator may process personal data within the Online Store for the following purposes, on the bases, and for the periods indicated in the table below:
Purpose of data processing |
Legal basis for data processing |
Data Retention Period |
Execution of the Sales Agreement or agreement for providing Electronic Services, or undertaking actions at the request of the person whose data it concerns, before concluding the aforementioned agreements. |
Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract. |
The data is stored for the period necessary to execute, terminate or otherwise expire the concluded Sales Agreement or agreement for providing Electronic Services. |
Direct Marketing |
Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – the processing is necessary for the purposes of the legitimate interests pursued by the controller – consisting in caring for the interests and good image of the controller, his online store, and striving to sell products. |
The data is stored for the duration of the legitimate interest pursued by the controller, but no longer than the period of limitation of the controller's claims against the person to whom the data relates, arising from the controller's business activities. The period of limitation is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to conducting business activities is three years, and for the Sales Agreement, two years). The controller cannot process data for the purposes of direct marketing in the event of an effective objection in this regard by the person to whom the data relates. |
Marketing |
Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Administrator |
Data is stored until the withdrawal of consent by the data subject for further processing of their data for this purpose. |
Maintaining accounting books |
Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act of 30 January 2018 (Journal of Laws of 2018, item 395 as amended) - processing is necessary to fulfill a legal obligation incumbent on the Administrator. |
The data is stored for the period required by the legal provisions obliging the Administrator to keep accounting records (5 years, starting from the beginning of the year following the financial year to which the data relates). |
Establishment, pursuit, or defense of claims that may be raised by the Administrator or that may be raised against the Administrator. |
Article 6(1)(f) of the GDPR (legitimate interest of the controller) – processing is necessary for the purposes arising from the legally justified interests of the Administrator – consisting in the establishment, pursuit, or defense of claims that may be raised by the Administrator or that may be raised against the Administrator. |
The data is stored for the period of existence of the legally justified interest pursued by the Administrator, but no longer than the period of limitation of claims that may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years). |
Use of the Online Store website and ensuring its proper functioning. |
Article 6(1)(f) of the GDPR (legitimate interest of the controller) - processing is necessary for the purposes arising from the legitimate interests of the Controller - consisting in the operation and maintenance of the Online Store website. |
Data is stored for the period of the existence of the legally justified interest pursued by the Controller, but no longer than the period of limitation of claims of the Controller against the person whose data concern, related to the business activity conducted by the Controller. The limitation period is determined by the legal provisions, in particular the Civil Code (the basic limitation period for claims related to conducting business activity is three years, and for the Sales Agreement two years). |
Conducting statistics and analyzing traffic in the Online Store |
Article 6 (1) (f) of the GDPR (legitimate interest of the administrator) – processing is necessary for the purposes arising from the legitimate interests of the Administrator – consisting in conducting statistics and analyzing traffic in the Online Store in order to improve the functioning of the Online Store and increase sales of Products. |
The data is stored for the period of the existence of the legitimate interest pursued by the Administrator, but not longer than the period of limitation of claims against the person whose data is concerned, related to the business activity conducted by the Administrator. The period of limitation is determined by legal provisions, in particular the Civil Code (the basic period of limitation for claims related to conducting business activity is three years, and for the Sales Agreement two years). |
- RECIPIENTS OF DATA IN THE ONLINE STORE
4.1. For the proper functioning of the Online Store, including the execution of concluded Sales Agreements, it is necessary for the Administrator to use services of external entities (such as a software provider, courier, or payment processing entity). The Administrator only uses the services of those processors who provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects. 4.2. Personal data may be transferred by the Administrator to a third country, with the Administrator ensuring that in such a case it will be in relation to a country providing an adequate level of protection – consistent with the GDPR, and in the case of other countries, that the transfer will be based on standard data protection clauses. The Administrator ensures that the data subject has the ability to obtain a copy of their data. The Administrator transfers the collected personal data only in the case and to the extent necessary to achieve the given purpose of data processing consistent with this privacy policy. 4.3. The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary for the realization of a given purpose of personal data processing and only to the extent necessary for its realization. For example, if a Customer uses personal pickup, their data will not be transferred to the carrier cooperating with the Administrator. 4.4. Personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients: 4.4.1. Carriers / forwarders / courier brokers / entities servicing the warehouse and/or the shipping process – in the case of a Customer using a postal or courier delivery method in the Online Store, the Administrator provides the collected personal data of the Customer to the selected carrier, forwarder, or intermediary executing shipments on behalf of the Administrator, and if the shipment is from an external warehouse – to the entity servicing the warehouse and/or the shipping process – to the extent necessary to carry out the delivery of the Product to the Customer. 4.4.2. Service providers supplying the Administrator with technical, IT, and organizational solutions, enabling the Administrator to conduct business activities, including the Online Store and Electronic Services provided through it (in particular providers of computer software for running the Online Store, email and hosting providers, and software providers for business management and technical assistance to the Administrator) – The Administrator provides the collected personal data of the Customer to the selected provider acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing consistent with this privacy policy. 4.4.3. Accounting, legal and advisory service providers providing the Administrator with accounting, legal, or advisory support (in particular an accounting office, law firm, or debt collection company) – The Administrator provides the collected personal data of the Customer to the selected provider acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing consistent with this privacy policy. 4.4.4. Providers of social media plugins, scripts, and other similar tools placed on the Online Store website, enabling the browser of the person visiting the Online Store website to download content from the providers of these plugins (e.g., logging in using login data from a social networking service) and transferring personal data of the visiting person to these providers for this purpose, including: 4.4.4.1. Meta Platforms Ireland Ltd. – The Administrator uses social media plugins of the Facebook service on the Online Store website (e.g., the Like button, Share or logging in using Facebook login data) and in connection with this collects and provides personal data of the Service User using the Online Store website to Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy principles available here: https://www.facebook.com/about/privacy/ (these data include information about activities on the Online Store website – including information about the device, visited websites, purchases, displayed advertisements, and the way of using services – regardless of whether the Service User has a Facebook account and whether they are logged into Facebook).
- PROFILING IN THE ONLINE STORE
5.1. The GDPR imposes an obligation on the Data Controller to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and – at least in those cases – significant information about the rules of their making, as well as the significance and expected consequences of such processing for the data subject. With this in mind, the Data Controller provides information in this section of the privacy policy concerning possible profiling. 5.2. The Data Controller may use profiling in the Online Store for direct marketing purposes, but decisions made on this basis by the Data Controller do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, granting a discount to a given person, sending her a discount code, reminding her of unfinished purchases, sending a proposal for a Product that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer of the Online Store. Despite profiling, it is up to the person to freely decide whether they want to use the discount received in this way, or better conditions, and make a purchase in the Online Store. 5.3. Profiling in the Online Store consists of the automatic analysis or prediction of a given person's behavior on the Online Store's website, for example by adding a specific Product to the basket, browsing the page of a specific Product in the Online Store, or by analyzing the history of purchases made in the Online Store. A condition for such profiling is the possession by the Data Controller of personal data of the given person, in order to then send her, for example, a discount code. 5.4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning the data subject or similarly significantly affects the data subject.
- RIGHTS OF THE DATA SUBJECT
6.1. The right of access, rectification, restriction, erasure, or portability – the data subject has the right to request the Data Controller to access their personal data, its rectification, erasure ("the right to be forgotten") or restriction of processing, and has the right to object to processing, as well as the right to data portability. The detailed conditions for exercising the above rights are specified in Articles 15-21 of the GDPR. 6.2. The right to withdraw consent at any time – the data subject, whose data is processed by the Data Controller based on expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR), has the right to withdraw consent at any time without affecting the legality of the processing carried out based on the consent prior to its withdrawal. 6.3. The right to lodge a complaint with a supervisory authority – the data subject, whose data is processed by the Data Controller, has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, particularly the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office. 6.4. The right to object – the data subject has the right to object at any time, for reasons related to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or task) or (f) (legitimate interest of the controller), including profiling based on these provisions. In such a case, the Data Controller is no longer allowed to process this personal data unless it demonstrates the existence of valid legally justified grounds for processing, overriding the interests, rights, and freedoms of the data subject, or grounds for establishing, pursuing, or defending claims. 6.5. The right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that the processing is related to such direct marketing. 6.6. In order to exercise the rights mentioned in this section of the privacy policy, one can contact the Data Controller by sending an appropriate written message or email to the Data Controller's address indicated at the beginning of the privacy policy or by using the contact form available on the Online Store's website.
- COOKIES IN THE ONLINE STORE AND ANALYTICS
7.1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store's website (e.g., on the hard disk of a computer, laptop, or on the memory card of a smartphone – depending on the device used by the visitor of our Online Store). Detailed information about Cookies, as well as their history, can be found here: https://pl.wikipedia.org/wiki/HTTP_cookie. 7.2. Cookies that may be sent by the Online Store's website can be divided into different types, according to the following criteria:
Due to their provider:
|
Due to their storage period on the device of the person visiting the Online Store website:
|
Due to their purpose of use:
|
7.3. The Administrator may process data contained in Cookies when visitors use the Online Store's website for the following specific purposes:
7.4. Checking in the most popular web browsers what Cookies (including the duration of Cookies and their provider) are sent at a given moment by the Online Store's website is possible in the following way:
In the Chrome browser: (1) in the address bar, click on the padlock icon on the left, (2) go to the “Cookies” tab. | In the Firefox browser: (1) in the address bar, click on the shield icon on the left, (2) go to the “Allowed” or “Blocked” tab, (3) click on the field “Cross-site tracking cookies”, “Social media trackers”, or “Trackers in content”. |
In the Internet Explorer browser: (1) click the “Tools” menu, (2) go to the “Internet Options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click the “View Files” field. |
In the Opera browser: (1) in the address bar click on the padlock icon on the left side, (2) go to the “Cookies” tab. |
In the Safari browser: (1) click the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on the "Manage Website Data" field. |
Regardless of the browser, using tools available, for example, at: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/ |
7.5. By default, most web browsers available on the market accept the storage of Cookies. Everyone has the ability to set the terms of using Cookies through their own web browser settings. This means that one can, for example, partially limit (e.g., temporarily) or completely disable the possibility of storing Cookies – in the latter case, however, it may affect some functionalities of the Online Store (for example, it may be impossible to proceed through the Order Path via the Order Form due to not remembering Products in the basket during subsequent steps of placing the Order).
7.6. Web browser settings in the scope of Cookies are significant from the point of view of consent to the use of Cookies by our Online Store – according to regulations, such consent may also be expressed through the settings of the web browser. Detailed information on changing settings related to Cookies and their independent deletion in the most popular web browsers is available in the web browser help section and on the following pages (just click on the link):
- in the Chrome browser
- in the Firefox browser
- in the Internet Explorer browser
- in the Opera browser
- in the Safari browser
- in the Microsoft Edge browser
7.7. The Administrator may use Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Online Store. These services help the Administrator to conduct statistics and analyze traffic in the Online Store. Collected data is processed within the above services to generate statistics helpful in administering the Online Store and analyzing traffic in the Online Store. These data are aggregate in nature. Using the above services in the Online Store, the Administrator collects data such as sources and medium of acquiring visitors to the Online Store and how they behave on the Online Store website, information about the devices and browsers from which they visit the site, IP and domain, geographical data and demographic data (age, gender) and interests.
7.8. It is possible to easily block by an individual the sharing of information about their activity on the Online Store website to Google Analytics – for this purpose, for example, you can install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=en.
7.9. In connection with the possibility of using advertising and analytical services provided by Google Ireland Ltd. in the Online Store by the Administrator, the Administrator indicates that full information about the principles of processing data of people visiting the Online Store (including information stored in Cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services available at: https://policies.google.com/technologies/partner-sites.
- FINAL PROVISIONS
8.1. The Online Store may contain links to other websites. The Administrator encourages that after transitioning to other sites, one should familiarize themselves with the privacy policy established there. This privacy policy applies only to the Administrator's Online Store.