Home | Privacy policy

Privacy policy

Privacy policy
1. This document specifies the rules for the processing and protection of personal data of Customers of the Online Store available at www.ceglanapasja.pl
2. The owner of the Online Store and the Administrator of your personal data is:

Brick Passion

Street Szewczyka 51B

44-230 Czerwionka – Leszczyny

NIP: 6423104678

REGON 366666340

Phone: 696-385-565

3. Personal data collected by the Administrator via the Online Store are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (OJ EU No. 119, p. 1) (General Data Protection Regulation, GDPR) and other currently applicable, i.e. throughout the period of processing specific data, provisions of the law on data protection personal data. Personal data means information relating to an identified or identifiable natural person (hereinafter referred to as Personal Data). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, one or more factors specific to the physical, genetic, mental, economic or cultural or social identity of an individual.

4. The Administrator takes special care to respect the privacy of customers visiting his Online Store.
§ 1 Type of data processed, purposes and legal basis

1. The Administrator collects information regarding natural persons performing legal transactions not directly related to their activities, natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organizational units that are not legal persons, to which the Act grants legal capacity, conducting business activities on their own behalf. business or professional activity, hereinafter referred to as Customers.

2. The purposes of processing Customers’ Personal Data by the Administrator are in particular:

a) registering an account in the Online Store in order to create an individual account and manage this account. Legal basis – necessary to perform the contract for the provision of the Account service – art. 6 section 1 letter b GDPR;

b) placing an order in the Online Store in order to execute the sales contract. Legal basis – necessary to execute the sales contract – art. 6 section 1 letter b GDPR;

3. When placing an order in the Online Store, the Customer provides the following data:

a) e-mail address;

b) address details: postal code and city, country, street, house/apartment number;

c) name and surname;

d) telephone number.

4. Entrepreneurs provide the above data and additionally:

a) The name of the Entrepreneur’s company;

b) NIP number.

5. In order to determine, pursue and enforce claims, some personal data provided by the Customer as part of using the functionality may also be processed, including: name, surname, data regarding the use of services, if the claims result from the way in which the Customer uses services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest – art. 6 section 1 letter f GDPR, consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
6. Personal data collected by the Administrator are voluntarily provided to him in connection with concluded sales contracts or the provision of services via the Online Store, with the proviso that failure to provide the data specified in the forms in the Registration process makes it impossible to register and set up a Customer Account, and in situation of placing an order without Registering a Customer Account, will make it impossible to place and process the order.

§ 2 Who can we transfer your data to and how long it is stored

1. The catalog of recipients of Personal Data processed by the Administrator results primarily from the scope of services used by the Customer. The Customer’s personal data is transferred to service providers used by the Administrator to run the Online Store. The Administrator’s service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are subject to the Administrator’s instructions regarding the purposes and methods of processing this data – processors – or independently determine the purposes and methods of their processing – controllers.

a) Processing entities – the Administrator uses suppliers who process personal data only at the Administrator’s request and these include, among others, providers of hosting or ICT services, accounting services, providing marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns, companies performing marketing campaigns, software servicing companies.

b) Administrators – the Administrator also uses suppliers who do not act solely on its instructions and determine the purposes and methods of using Customers’ personal data themselves. They provide electronic payment services and banking services.

2. Location – Service providers are based in Poland and other countries of the European Economic Area (EEA).

3. Customers’ personal data are stored:

a) If the basis for the processing of personal data is consent, the Customer’s personal data are processed by the Administrator until the consent is revoked. After its revocation, personal data are stored for a period corresponding to the limitation period for claims that may be raised by the Administrator and that may be raised against him. Unless a specific provision provides otherwise, the limitation period is 10 years, and for claims for periodic benefits and claims related to running a business activity, 3 years.
b) If the basis for data processing is the performance of a contract, the Customer’s personal data are processed by the Administrator for as long as it is necessary to perform the contract. After this time, personal data is processed for a period corresponding to the limitation period for claims. Unless specific provisions provide otherwise, the limitation period is 10 years, for claims for periodic benefits and claims related to running a business activity – 3 years.

4. When making a purchase in the Online Store, personal data may be transferred, depending on the Customer’s choice, to the following entities in order to deliver the products ordered in the Online Store:

a) Poczta Polska S.A. based in Warsaw;

b) InPost Paczkomaty Sp. z o. o. based in Kraków, providing delivery services and operating the Paczkomaty post office box system.

c) DHL courier company

5. PayPal If the Online Store Customer chooses to pay via the Paypay payment system, his or her personal data is transferred to the extent necessary for implementation.

6. If a request is made to the Administrator to provide data, he will make personal data available to authorized state authorities, in particular organizational units of the Prosecutor’s Office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Cookies and IP addresses
1. The cookies used by the Administrator are primarily used to optimize the service of visitors when using the Online Store and enable the development of statistics on visits to the presented products in the Online Store. These files are saved by the Administrator on the end device of the person visiting the Online Store, if the web browser allows it. Cookies usually contain the name of the domain they come from, their “expiration time” and an individual, randomly selected number identifying these files.

2. Two types of cookies are used:

a) Session cookies – after ending the browser session or turning off the computer, the saved information is deleted from the device’s memory. The session cookies mechanism does not allow downloading any personal data or confidential information from Customers’ computers;

b) Persistent cookies – they are stored in the memory of the Customer’s end device and remain until they are deleted or expire. The persistent cookies mechanism does not allow downloading any personal data or confidential information from the Customer’s computer.

3. The administrator uses its own cookies to:

a) authenticate the Customer in the Online Store and provide him with a Customer session after logging in to the Customer Account;

b) anonymous statistics and analyzes that help understand how Customers use the Online Store.

4. The administrator uses external cookies to:
a) collecting static data via Google Analytics analytical tools – external cookie administrator: Google Inc. based in the USA;

b) presenting advertisements from the Google AdSense website – external cookie administrator: Google Inc. based in the USA;

c) promoting the Online Store on Facebook.com – external cookie administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland;

5. The cookie mechanism is completely safe for the computers of the Online Store’s customers. The customer may independently change the cookie settings at any time, specifying the conditions for storing them and accessing cookies to his device. Changes to the settings in question can be made by the Customer using the web browser settings. These settings can be changed in particular in such a way as to block the automatic handling of Cookies in the web browser settings or to inform about each time Cookies are placed on the Customer’s Device. Detailed information about the possibilities and methods of handling Cookies is available in the web browser settings. Blocking cookies may affect some functionalities available in the Online Store.

6. The Administrator may collect Customers’ IP addresses. The IP address is a number assigned to the computer of a person visiting the Online Store by the Internet service provider. The IP address is used by the Administrator to diagnose technical problems with the server, create statistical analyzes and improve the Online Store.

7. The Online Store contains links and references to other websites on the Internet and the Administrator is not responsible for the privacy policies applicable on these websites.

§ 4 Rights and obligations of the person to whom the Personal Data relates

1. The right to withdraw consent – legal basis: Art. 7 section 3 GDPR.

a) The Customer has the right to withdraw any consent he has given to the Administrator.

b) Withdrawal of consent takes effect from the moment of withdrawal.
c) Withdrawal of consent does not cause any negative consequences for the Online Store Customer, but may prevent further use of services or functionalities that can only be provided with consent.

2. The right to object to data processing – legal basis: Art. 21 GDPR.

a) The Customer has the right at any time to object to the processing of his personal data, including profiling, if the Administrator processes his data based on a legitimate interest, e.g. marketing of products and services, keeping statistics on the use of individual functionalities of the Online Store and facilitating using the Online Store, and customer satisfaction survey.

b) Resignation from receiving commercial messages regarding products or services, sent via e-mail, will constitute the Customer’s objection to the processing of his personal data, including profiling for these purposes.

c) If the Customer’s objection turns out to be justified and the Administrator has no other legal basis for processing personal data, the Customer’s data will be deleted, to the processing of which the Customer has objected.

3. The right to delete data, the right to be forgotten – legal basis: Art. 17 GDPR.

a) The customer has the right to send a request to delete all or some personal data.

b) The customer has the right to request the deletion of personal data if:

a. personal data are no longer necessary for the purposes for which they were collected or processed;

b. The Customer withdrew consent to the extent that the Customer’s data was processed based on his consent;

c. has objected to the use of his data for commercial or marketing purposes;

d. personal data are processed unlawfully;

e. personal data must be deleted in order to comply with a legal obligation provided for in Union law or the law of the Member State to which the Administrator is subject;

f. personal data were collected in connection with offering information society services.

c) Despite the request to delete personal data in connection with raising an objection or withdrawing consent, the Administrator may retain some personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfill the legal obligation requiring processing. them under Union law or the law of the Member State to which it is subject.

4. The right to limit data processing – legal basis: Art. 18 GDPR.
a) The Customer of the Online Store has the right to request restriction of the processing of his data. Submitting such a request makes it impossible to use certain functionalities or services, the use of which will involve the processing of data covered by this request.

b) The Online Store Customer has the right to request limitation of the use of personal data in the following situations:

a. in the event of inconsistency of your personal data, the Administrator limits their use for the time needed to check the correctness of these data;

b. when the data processing is unlawful and the Customer does not request their deletion but rather the restriction of their use;

c. when the Customer’s personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Customer to establish, pursue or defend claims;

d. if he has objected to the use of his data, then the limitation takes place for the time needed to consider whether, due to the special situation, the protection of the interests, rights and freedoms of the Customer outweighs the interests pursued by the Administrator by processing the Customer’s data.

5. Right to access data, legal basis: Art. 15 GDPR.

a) The Customer has the right to obtain confirmation from the Administrator whether his or her personal data is being processed, and if so, the Customer has the right to:

a. gain access to your personal data;

b. obtain information about the purposes of processing and the recipients or categories of recipients of this data, the planned data storage period or the criteria for determining this period, about the Customer’s rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the data source, and about automated decision-making , including profiling and security measures used in connection with the transfer of this data outside the European Union;

c. obtain a copy of your personal data.

6. The right to rectify data – legal basis: Art. 16 GDPR.

a) The Customer has the right to request the Administrator to immediately correct his or her personal data that is incorrect. Taking into account the purposes of processing, the Customer has the right to request that incomplete personal data be completed, including by submitting an additional statement, by sending an e-mail to the Administrator’s e-mail address.

7. The right to transfer data – legal basis: Art. 20 GDPR.
a) The Customer has the right to receive his/her data provided to the Administrator and then send it to another personal data administrator of his/her choice. The Online Store Customer also has the right to request that his/her personal data be sent by the Administrator directly to such an administrator, if technically possible. In this situation, the Administrator will send such Customer data in the CSV file format, which is a commonly used format.

8. If the Customer requests compliance with the above rights, the Administrator has the right to fulfill them or refuse them, and will do so immediately.

9. The Customer has the right to submit to the Administrator complaints, inquiries and requests regarding the processing of his personal data and the exercise of his rights.

10. The Customer has the right to request the Administrator to provide a copy of standard contractual clauses by sending an inquiry to the Administrator’s e-mail address.

11. The Customer has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding a violation of his rights to the protection of personal data or other rights granted under the GDPR.

§ 5 Personal Data Protection

1. The Administrator declares that he makes every effort to ensure a high level of security for Customers when using the Online Store and for this purpose:

a) applies technical and organizational measures required by law, in particular regarding the security of Personal Data processing;

(b) applies measures ensuring the ability to ensure the confidentiality, integrity, availability and resilience of processing systems and services at all times;

c) the ability to quickly restore the availability and access to Personal Data in the event of a physical or technical incident;

d) provides Customers of the Online Store with a safe and encrypted connection when sending personal data and when logging in to the Customer Account, using an SSL certificate.

2. All events affecting the security of the transmission of information and personal data, including suspected sharing of files containing viruses, should be reported to the Administrator via e-mail to the following e-mail address: ceglanapasja@gmail.com

§ 6 Final provisions

1. In matters not regulated in the Privacy Policy, the provisions of law regarding the processing of Personal Data, including the GDPR, apply.

2. The current version of the Privacy Policy is valid from January 1, 2024.