This Privacy Policy has been developed based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / WE, hereinafter referred to as GDPR.
PERSONAL DATA ADMINISTRATOR
1. The administrator of personal data of recipients-natural persons is IMPALL Rozwandowicz Bocheński Sp.K. with its registered office in Łódź, at ul. Pojezierska 95A, entered into the register of entrepreneurs under the KRS number: 0000971230, NIP: 729-261-96-25, whose registration files are kept by the District Court for Łódź – Śródmieście in Łódź, 20th Commercial Department. Contact with the Administrator is possible from Monday to Friday from 8:00 to 17:00, via email at: impall@impall.pl, by phone at +48 42 640 30 13. Website: Impall sewing machines.
REQUIREMENT TO PROVIDE AND CATEGORIES OF PROCESSED PERSONAL DATA
2. The administrator processes the following personal data of service recipients:
a. first name and last name,
b. e-mail address.
3. Providing personal data specified in point 2 is not a statutory requirement and is voluntary, but it is a condition of concluding a contract with the Administrator for the provision of electronic services, hereinafter referred to as the “Agreement”. If the recipient does not provide this data, then the Agreement will not be concluded.
4. During the term of the Agreement, the Administrator may enter into possession of other data of the recipient – the IP number of the device used by the recipient and data on the recipient’s use of a specific ICT network, software or devices, as well as how to use the Administrator’s website.
PURPOSES OF PROCESSING PERSONAL DATA
5. The administrator processes the personal data of service recipients for the following purposes:
a. conclusion and performance of the Agreement connecting the parties, in particular the proper performance of services and consideration of complaints,
b. fulfilling the legal obligations incumbent on the Administrator, in particular issuing and storing invoices and other accounting documents,
c. pursuing claims and defense against them,
d. detection and prevention of abuse,
e. direct marketing,
f. creating analyzes and statistics for the Administrator’s own needs, in particular reporting, marketing and market research, planning service development, testing the preferences and behavior of service recipients, for the purposes of improving the quality of services provided by the Administrator,
g. specified in points 5e and f after the performance of the Agreement – with the consent of the recipient,
h. transfer to third parties – with the recipient’s consent, to the extent and purpose covered by this consent.
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
6. The legal basis for the processing of personal data of service recipients for the purpose of:
a. in point 5a – constitutes art. 6 clause 1 b GDPR (performance of the Agreement),
b. in point 5b – constitutes art. 6 clause 1 c GDPR (legal obligation),
c. in point 5c-f – is Art. 6 clause 1 f GDPR (Administrator’s legitimate interest),
d. in points 5g and h – it is art. 6 clause 1 a GDPR (consent of the recipient).
TIME OF STORING PERSONAL DATA
7. The administrator will store personal data processed for the purpose specified:
a. in point 5a – for the duration of the Agreement and settlements after its termination,
b. in point 5b – for the time in which the Administrator instructs the law,
c. in point 5c and d – until the claims arising from the Contract are time-barred,
d. in points 5e and f – for the duration of the Agreement,
e. in points 5g and h – until the recipient withdraws his consent.
8. In accordance with art. 19 paragraph 2 of the Act on the provision of electronic services, after terminating the use of services, the Administrator may process only those personal data of the recipients that are:
a. necessary to settle the service and pursue claims for payment for using the service,
b. necessary for the purposes of advertising, market research and the behavior and preferences of the recipients with the purpose of the results of these surveys for the purposes of improving the quality of services provided by the Administrator – with the consent of the recipient,
c. necessary to clarify the circumstances of unauthorized use of the service,
d. allowed for processing on the basis of mandatory provisions of law or contract.
RECIPIENTS OF PERSONAL DATA
9. The administrator does not transfer personal data of service recipients to third parties, unless he obtains the prior explicit consent of the service recipient or if the law or obligation to provide this data results from generally applicable law.
10. The administrator entrusts the personal data of recipients to the following processors:
a. providing marketing and advertising services on behalf of the Administrator,
b. supporting the Administrator’s ICT systems,
c. providing the Administrator with postal, courier, payment, auditing, legal and accounting services.
TRANSMISSION OF PERSONAL DATA
TO THIRD COUNTRIES AND INTERNATIONAL ORGANIZATIONS
11. Personal data of service recipients will not be transferred outside the European Economic Area.
RIGHTS OF SERVICE RECIPIENTS
12. The Service Recipient has the following rights:
a. the right to request access to your data, i.e. confirmation that personal data concerning him are being processed,
b. the right to rectify data, i.e. request rectification of personal data concerning him that is incorrect,
c. the right to request the deletion of his personal data,
d. the right to request the restriction of his personal data,
e. the right to object to data processing,
f. right to data portability.
13. The scope of each of the rights specified in point 12 and the situations in which they can be exercised are determined by generally applicable law, in particular the GDPR.
14. The Service Recipient may exercise the rights set out in point 12 by contacting the Administrator.
RIGHT OF WITHDRAWAL OF CONSENT
15. If the processing of the recipient’s personal data is based on his consent, the recipient has the right to withdraw it at any time without affecting the lawfulness of the processing that was carried out on its basis before its withdrawal.
PROFILING
16. For the purposes set out in point 5c-f, the Administrator may perform automated analysis of data of recipients and develop predictions about their preferences or future behaviors. Profiling can in particular be used to analyze and forecast personal preferences or interests of service recipients. Such actions of the Administrator will not cause any legal consequences for the recipients, or similarly significantly affect their situation.
COOKIES
17. For the purposes set out in point 5c-f, the Administrator may use the so-called cookies. These are small text files placed on the recipient’s device, on the basis of which information is collected that allows in particular to identify the recipient’s device, its IP number and the browser used by the recipient.
18. The recipient can set his browser in this way – thanks to the appropriate options available in it – to disable the automatic installation of cookies, prevent their use or completely remove them from their device. The procedure for handling and deleting cookies varies depending on the browser used by the recipient.
19. Cookies are divided into:
a. temporary (session) – files temporarily in the browser cache that remain in it until the end of the session,
b. permanent – files remaining in the browser cache as long as the browser settings selected by the recipient allow it,
c. own – files managed by the Administrator,
d. external – files managed by third parties,
e. configuration – files related to the recipient’s movement on the Administrator’s website and ensuring its proper navigation. In particular, they allow you to follow the choices made by the recipient (language selection, font size used), recognize the device used by the recipient and manage the browsing session,
f. analytical – files used for statistical and analytical purposes,
g. advertising – files used for advertising purposes, e.g. to display personalized ads.
20. Detailed rules for the operation of cookies placed on the Administrator’s website are set out at the links below:
a. https://policies.google.com/privacy/update?hl=pl
b. https://www.google.com/analytics/learn/privacy.html?hl=pl
COMPLAINT TO THE SUPERVISORY AUTHORITY
21. The Service Recipient has the right to lodge a complaint with the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw if he believes that the processing of his personal data violates the law.
PROTECTION OF PERSONAL SERVICE PROVIDERS
22. The administrator uses appropriate technical and organizational measures to protect the personal data of service recipients against their loss, improper use or modification. Access rights to recipients’ personal data have been restrictively restricted so that these data are not in the hands of unauthorized persons.