I. CONTROLLER AND CONTACT: Controller of Your personal data (hereinafter referred to as the “Data”) is: Tedee spółka z ograniczoną odpowiedzialnością, a limited liability company with its registered office in Warsaw at 2 Altowa Street, entered into the register of entrepreneurs of the National Court Register under the number KRS 0000712451, register files of which are kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, NIP (tax identity number) 7010795542, REGON (statistical number): 369188621, with share capital amounting to PLN 2,400,000 (hereinafter referred to as the “Controller”) Contact: Should you have any doubts regarding the processing of your Data, please contact us by sending an email to: [email protected]
II. SCOPE OF DATA : We can obtain your Data directly from You, including contact information obtained through the electronic ordering procedure. Especially, but not always, these Data may include: User ID, name, surname, correspondence address, e-mail address, phone number (legal ground: Article 6 point 1 letter b of GDPR) and information provided while using the Service, including information collected by cookies such as e.g. User ID, name, surname, address, e-mail address, phone number (legal ground: Article 6 point 1 letter f of GDPR).
III. PURPOSE AND LEGAL GROUNDS OF DATA PROCESSING :
|Purpose of Data processing||Legal grounds of Data processing||Execution of Agreement, including the use of the e-store, entering into and executing Transactions, and security, especially - preventing hacking attacks||Article 6 point 1 letter b of GDPR (processing for the purpose of performance of a contract)||Statistical measurements||Article 6 point 1 letter b of GDPR (processing for the purpose of performance of a contract) or, if such measurements are not necessary for the purpose of agreement performance - Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)||Own marketing||Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)||Newsletters||Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)||External marketing (third party marketing), especially retargeting and marketing statistics and analytics||Article 6 point 1 letter a of GDPR (consent of the Data subject)||Tax, accounting and other purposes resulting from Controller’s legal obligations||Article 6 point 1 letter c of GDPR (processing necessary to fulfill legal obligations of the Controller)|
IV. RETENTION PERIOD : We only process the Data for as long as it is necessary. When the purpose of the Data processing has been fulfilled, the Data will be deleted in accordance with our data retention policy, unless we are legally obliged to keep such Data. Depending on the legal grounds of processing, the Data may be processed for the following periods of time:
- if they are processed based of a ground of necessity to execute the Agreement - for the term of the Agreement and until expiry of claim limitation period related thereto (the Controller may decide to anonymise or delete the Data beforehand);
- if they are processed based on a ground of a legitimate interest of the Controller - until a successful objection is filed (the Controller may decide to anonymise or delete the Data beforehand);
- if they are processed based on a consent - until withdrawal thereof (the Controller may decide to anonymise or delete the Data beforehand);
- if they are processed based on a ground of fulfilling a legal obligation of the Controller - in the scope and for a period necessary to fulfil such obligations in compliance with binding laws.
V. VOLUNTARY PROVISION OF DATA : The provision of the Data is voluntary.
VI. DATA RECIPIENTS : Recipients of the given Data categories may be: a) Our service providers such as e.g. IT or accounting services, b) authorities entitled to receive the Data in compliance with binding provisions of law. Any transfer of the Data to the recipient takes place only on a valid and legally binding ground.
VII. YOUR RIGHTS : At any time You are granted the right to withdraw your consent - to the extent that your Data are processed based on your consent. Remember that withdrawal of your consent does not impact lawfulness of processing before such withdrawal. Moreover, at any time You are granted right to object against processing of your Data - to the extent that your Data are processed based on legitimate interests pursued by the Controller. Your rights include also: right to access your Data, including receiving a copy thereof; right of rectification of your Data; right of erasure of your Data (only in cases foreseen by GDPR); right to restrict processing of your Data; right to Data portability; right to file a complaint to the President of the Personal Data Protection Authority (www.uodo.gov.pl).
VIII. TRANSFER THE DATA TO THIRD COUNTRIES : For the moment, we do not plan to transfer the Data to third countries (i.e. the countries outside the EEA (European Economic Area)). Should it, however, happen, it will be executed in compliance with all requirements resulting from the binding provisions of law. Should a transfer take place to an entity located in a third country that does not provide an appropriate level of protection, we will apply security measures such as standard contractual clauses approved by the European Commission.
IX. NO AUTOMATED DECISION MAKING : As part of our marketing and Service improvement activities, we analyse the Data in IT systems, using various filters and tools. We perform these activities based on our legitimate interest (legal ground: Article 6 point 1 letter f of GDPR), which consists in searching and grouping categories of persons in order to determine which advertising messages may be of their interest, as well as to improve our Services. We do not make any automatic decisions towards You based on the results of the activities described above.