We collect and store all personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /WE (hereinafter: “GDPR”) and the Act of 18 July 2002 on the provision of electronic services
Personal data administrator
The administrator of Personal Data is IDEALAB limited liability company with its registered office in Krakow, ul. Bulgarska 15 lok. LU3, 30-409 Kraków, registered in the Register of Entrepreneurs of the National Court Register by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register, under the number KRS 0000552098, REGON 361183877, NIP 6772387835.
You can contact us:
a) By post, to the address: ul. Bulgarska 15/LU3, 30-409 Krakow, Poland;
b) By e-mail to the following address: [email protected];
c) By phone: +48 577-555-864, +48 533-711-016;
What data we process
We process your personal data, which you will provide us with in particular in the order form or in the contact form or by subscribing to the newsletter or by sending us an e-mail, or by submitting a complaint or withdrawing from the contract. We also process your bank account number from which you will make payments or to which we will make refunds. In the case of issuing a VAT invoice, we additionally process the company name, address of residence or business address, NIP number. In addition, we also store your data regarding your behavior, including transactions, complaints and the history of correspondence and contacts with us, activity on: our website and in the online store, our profiles on social networking sites, our accounts on third party websites (such as e.g. . Dawanda.pl). These are data such as products viewed, IP addresses or device identifiers, cookie data and locations, correspondence, contacts. For the purposes of establishing, pursuing and defending claims, we may also collect data regarding the PESEL or NIP number and the address of residence.
Purposes and bases of processing
Orders. When placing an order, you must provide the data necessary to complete the order, such as name and surname, correspondence address, e-mail address, telephone number. Providing data is voluntary, but necessary to place an order.
The data provided to us in connection with the order are processed in order to perform the order (Article 6(1)(b) of the GDPR), issue an invoice (Article 6(1)(c) of the GDPR), include the invoice in our accounting documentation (Article 6(1)(c) of the GDPR), 6(1)(c) of the GDPR) and for archival and statistical purposes (Article 6(1)(f) of the GDPR).
Order data will be processed for the time necessary to complete the order, and then until the expiry of the limitation period for claims under the concluded contract. In addition, after this period, the data may still be processed by us for statistical purposes.
newsletter. If you want to subscribe to the newsletter, you must provide us with your e-mail address via the newsletter subscription form. Providing data is voluntary, but necessary to subscribe to the newsletter.
The data provided to us when subscribing to the newsletter is used to send you the newsletter, and the legal basis for their processing is your consent (Article 6(1)(a) of the GDPR) expressed when subscribing to the newsletter.
The data will be processed for the duration of the newsletter, unless you unsubscribe earlier, which will remove your data from the database.
You can correct your data stored in the newsletter database at any time, as well as request their removal by unsubscribing from the newsletter.
Complaints and withdrawal from the contract. If you submit a complaint or withdraw from the contract, you provide us with personal data contained in the complaint or declaration of withdrawal from the contract, which includes your name, address, telephone number, e-mail address, bank account number. Providing data is voluntary, but necessary to submit a complaint or withdraw from the contract.
The data provided to us in connection with the submission of a complaint or withdrawal from the contract are used to implement the complaint procedure or the procedure for withdrawing from the contract (Article 6(1)(c) of the GDPR).
The data will be processed for the time necessary to carry out the complaint procedure or withdrawal procedure. Complaints and declarations of withdrawal from the contract may also be archived for statistical purposes.
Email contact. By contacting us via e-mail, including sending an inquiry via the contact form, you provide us with your e-mail address as the sender’s address. In addition, you can also include other personal data in the content of the message. Providing data is voluntary, but necessary to make contact.
In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from initiating contact with us. The legal basis for post-contact processing is the justified purpose of archiving correspondence for internal purposes (Article 6(1)(c) of the GDPR).
Your data may be processed by our subcontractors, i.e. entities whose services we use to process data and provide services to you or fulfill orders in the online store, including in particular:
a) our employees and associates who must have access to data to be able to perform our obligations or activities for you;
b) to entities processing your personal data on our behalf and participating in the performance of our activities:
– to store personal data on the server;
– in order to use the mailing system in which your data is processed, if you have subscribed to the newsletter;
– in order to handle the shipping process, which involves the processing of your data necessary for the delivery of the order;
– in order to use the services of courier companies that deliver orders to you;
– in order to use IT support, manage websites in connection with which the entity providing support may have access to your personal data collected as part of the website or store;
– to make refunds or to ensure the operation of the direct debit service;
– in order to provide advisory, audit, legal, tax and accounting services.
The GDPR grants you the following potential rights related to the processing of your personal data:
1) the right to access personal data;
2) the right to rectify personal data;
3) the right to delete personal data;
4) the right to limit the processing of personal data;
5) the right to object to the processing of personal data against:
a) our processing of your personal data for marketing purposes, i.e. for the purposes of advertising campaigns and other marketing activities, including the so-called profiling (e.g. if you do not wish, for example, offers or advertisements for our products, but after receiving the above-mentioned objection, we should stop processing your data for marketing purposes);
b) we process your personal data for purposes resulting from the so-called legitimate interest pursued by us, other than marketing, for reasons related to your particular situation, however, when you submit such an objection to us, we will no longer be able to process your personal data, unless we demonstrate the existence of: valid legitimate grounds for processing that will prevail over your interests, rights and freedoms or grounds for establishing, pursuing or defending claims;
6) the right to transfer data;
7) the right to withdraw consent to the processing of personal data, if you have given such consent.
The rules related to the implementation of the indicated rights are described in detail in Art. 16-21 GDPR. We encourage you to familiarize yourself with these regulations. For our part, we consider it necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to all activities of processing your personal data.
In addition, if you believe that we have violated the provisions on the protection of personal data when processing your personal data, you have the option of lodging a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection.
You can also always ask us to provide you with information about what data we have about you and for what purposes we process it. All you have to do is send a message to: [email protected].
We guarantee the confidentiality of any personal data provided to us. We ensure that all security and personal data protection measures required by the provisions on the protection of personal data are taken. Personal data is collected with due diligence and properly protected against access by unauthorized persons.
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our teleinfo system
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone), which can be read by our ICT system (own cookies) or ICT system of third parties (third party cookies).
Some of the cookies we use are deleted after the end of the web browser session, i.e. after it is closed (so-called session cookies). Other cookies are stored on your end device and enable us to recognize your browser the next time you visit the website (persistent cookies).
Own cookies. We use our own cookies to ensure the proper operation of the website, in particular the ordering process and logging in to the user account.
Web analysis and statistics
Google Analytics. We use the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. We carry out activities in this area based on our legitimate interest, consisting in creating statistics and analyzing them in order to optimize our websites.
Google Analytics automatically collects information about your use of our website. The information collected in this way is most often transferred to a Google server in the United States and stored there.
Due to the IP anonymization activated by us, your IP address is shortened before forwarding. Only in exceptional cases is the full IP address transferred to a Google server in the USA and shortened there.
Due to the fact that Google LLC is based in the USA and uses technical infrastructure located in the USA, it joined the EU-US-Privacy Shield program in order to ensure an adequate level of protection of personal data required by European regulations. As part of the agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified by the Privacy Shield.
If you are interested in details related to data processing under Google Analytics, we encourage you to read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.
In addition, our website uses plugins and other social tools provided by social networking sites, such as Facebook, Instagram, Twitter, Google, Pinterest.
By displaying our website containing such a plug-in, your browser will establish a direct connection with the servers of social network administrators (service providers). The content of the plugin is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed our website, even if you do not have a profile with a given service provider or are not currently logged in to it. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.
If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to our website to your profile on a given social networking site.
The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policies of individual service providers.
a) Facebook – https://www.facebook.com/legal/FB_Work_Privacy;
b) Instagram – https://help.instagram.com/519522125107875?helpref=page_content,
c) Twitter – https://twitter.com/en/
d) Google – https://policies.google.com/privacy?hl=pl,
e) Pinterest – https://policy.pinterest.com/en/privacy-policy.
If you do not want social networking sites to assign data collected during visits to our website directly to your profile on a given website, you must log out of this website before visiting our website. You can also completely prevent the loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.