Data Protection Declaration
1. THE ADMINISTRATOR OF PERSONAL DATA
The Administrator of your personal data is LABBVENN Jolanta Szewczak based in ul. 11 Listopada 3/1, 58-160 Świebodzice; NIP (tax identification number): 886-260-11-21; National Official Business Register REGON: 022438305; e-mail address: email@example.com- being at the same time the the Controller and the Seller.
The Administrator is particularly diligent to protect the interests of persons to whom the data relates. In particular, he makes sure that data collected by him is processed pursuant to the law; collected for nated purposes consistent with the law and is not subject to further processing, inconsistent with these purposes; substantively correct and adequate as compared to the purposes for which is it processed as well as stored in a form enabling the identification of persons to whom it relates, not longer than it is necessary to achieve the purpose of processing.
2. PURPOSE AND SCOPE OF DATA COLLECTION
2.1. Each time the purpose, scope and recipient of data processed by the Administrator results from actions taken by the Customer or the Customer in the Online Store.
2.2. Possible goals of collecting personal data of Customers or Customers by the Administrator:
- conclusion of a purchase - sale agreement via the www.labbvenn.com website - the legal basis for data processing is the performance of the contract (Article 6 (1) (b) of the GDPR);
- direct marketing of the Administrator's own products or services - (Article 6 (1) letter f)
- Fulfillment of duties resulting from the legal provisions of the administrator, in particular in the scope of accounting, issuing invoices and accounting documents, answering complaints and ensuring network security in accordance with applicable regulations. (Legal basis: Article 6 (1) (c) of the GDPR - legal obligation)
- consideration of complaints, investigations and defense in the event of mutual claims (Article 6 paragraph 1 point f) of the GDPR),
- sending commercial information by electronic means - only in case of consent by the User (Article 6 (1) (b) of the GDPR) .
- answers to the Customer's inquiry submitted via the contact form or e-mail. The legal basis for data processing is our legitimate interest in responding to your request pursuant to art. 6 (1) f GDPR point. If the contact is aimed at concluding a contract, the additional legal basis for processing is art. 6 (1) b GDPR point.
2.3 Possible recipients of personal data
a)In the case of the Customer who uses the Online Store's method of delivery by mail or courier, the Administrator shall make the Customer's collected personal data available to a chosen carrier that executes shipments requested by the Administrator, in the scope and time necessary to complete the delivery. If delivery of goods takes place by the transport service provider:
Spółka General Logistics Systems Poland Spółka z o.o , based in Głuchowie, Komorniki (62-052), ul. Tęczowa 10, KRS 0000005009, nr NIP 785-15-61-831 (tax identification number), in accordance with art. 6 (1) punkt b GDPR.
Poczta Polska Spółka Akcyjna, ul. Rodziny Hiszpańskich 8, 00-940 Warszawa NIP: 525-000-73-13, KRS: 0000334972, in accordance with art. 6 (1) punkt b GDPR.
(Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, in accordance with Art. 6 (1) point a GDPR,
b)In the case of the Customer who uses the Online Store's method of paying via electronic payments or by payment card the Administrator shall make the Customer's personal data available to a chosen entity that operates the above payments at the Online Store, in the scope and time necessary for making the payment.
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” via PayPal, we transmit your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). The transfer takes place in accordance with Art. 6 (1) point b GDPR and only insofar as this is necessary for payment processing.
When paying via Przelewy24 we transmit your payment data to PayPro S.A. based in Poznaniu (60-327), by ul. Konclerskiej 15, KRS 0000347935 the transfer takes place in accordance with Art. 6 (1) point b GDPR and only insofar as this is necessary for payment processing.
2.4 The Administrator processes the following personal data from Service Users (Customers): name and surname; e-mail address; contact telephone number; address (street, building number, apartment number, postal code, city, country). In the case of Service Users (Customers) not being consumers at the same time, the Administrator additionally processes the company name as well as the tax identification number (NIP).
2.5 Providing personal data referred to in item 2.4. is necessary for the Service Provider to provide Electronic Services as part of the Online Store or conclude a Sales Agreement for the Products. The scope of required data is also indicated in the Regulations of the Online Store and before the provision of a given Electronic Service or concluding a Sales Agreement at the Online Store's website.
In accordance with applicable law, we may transfer your data to processors them at our request - subcontractors of our services and entities providing the Company technical and organizational solutions enabling the day-to-day management of the unit, ie the supplier teleinformation services, accounting office, legal services, courier and postal services, companies professionally utilizing documents, as well as entities authorized to obtain data on the basis of applicable law, e.g. courts or law enforcement bodies - of course only if they make a request based on an appropriate legal basis.
Data will not be transferred to third countries.
3. REPORTING OBJECTIONS
You have the right to object to the processing of data based on art. 6 (1) f, including profiling of your data.
The administrator informs that everyone has the right to access their data and the right to rectify, delete, limit processing, the right to data transfer, the right to raise objections, the right to withdraw consent at any time without affecting the legality of processing, which was made on consent before it is withdrawn.
The administrator also informs that everyone has the right to lodge a complaint to the President of UODO, when he / she considers that the processing of personal data violates the provisions of the general regulation on the protection of personal data of 27 April 2016
4. COOKIES AND OPERATIONAL DATA
4.1. The Cookies are small text information in text files, sent by the server and saved on the part of the user visiting the Online Store (e.g. on the hard drive of a computer/laptop or a smartphone's memory card – depending on the device used when visiting our Online Store).
4.2. The Administrator processes data contained in Cookies when visitors use the Online Store's website for the following purposes:
4.2.1. to remember Products added to the cart in order to place an Order;
4.2.2. to conduct anonymous statistics showing the manner of using the Online Store's website as well as test the Service Users' needs, excluding the personal identification of Service Users.
4.3. Usually, the majority of web browsers available on the market accept Cookies by default. Everyone has the opportunity to define the conditions for using Cookies by means of settings in their own web browser. This means that saving Cookies on your computer may be partially limited (e.g. in time) or entirely disabled – in the latter case, however, this may affect certain functionalities of the Online Store (e.g. it may be impossible to pass the Order's path through the Order Form).
4.5. Detailed information on changing setting regarding Cookies and their unassisted removal in the most popular web browsers are available in the web browser's help section and at the following websites (click a given link):
4.6. The Administrator also processes anonymized operational data (the so-called logs – IP address, the domain) to generate statistics helpful in administering the Online Store. This data is of a collective and anonymous nature, i.e. it does not contain features identifying the persons visiting the Online Store. Logs are not disclosed to third parties.
5. THE PERIOD OF DATA PROCESSING
Personal data will be processed for the period required to perform the contract, required to meet the requirements of applicable laws or other period resulting from internal operational requirements, such as properly providing access to services, facilitating the management of user relationships or responding to legal claims and regulatory inquiries, depending on which period is longer. The period of processing personal data may be extended each time for a period of limitation of claims, if the processing of personal data will be necessary to seek possible claims or defend against such claims by the administrator. To the extent that personal data is processed for marketing communication and marketing analyzes, the data will be processed until the relevant consent is withdrawn.
8. RIGHTS OF THE DATA SUBJECT
The applicable data protection law grants you comprehensive rights of data subjects the data to administrator with regard to the processing of your personal data, about which we inform you below :
Right of access by the data subject pursuant to Art. 15 GDPR
-Right to rectification pursuant to Art. 16 GDPR
-Right to erase (“right to be forgotten”) pursuant to Art. 17 GDPR
-Right to restriction of processing pursuant to Art. 18 GDPR
-Right to be informed pursuant to Art. 19 GDPR
-Right to data portability pursuant to Art. 20 GDPR
-Right to withdraw a given consent pursuant to Art. 7 (3) GDPR
-Right to lodge a complaint pursuant to Art. 77 GDPR
The above rights can be exercised in accordance with the rules described in art. 16 - 21 GDPR, by sending a message to the e-mail address: firstname.lastname@example.org
All received applications will be treated with particular attention and implemented in the shortest possible time. In the case of some submissions (of complex nature or concerning the processing of data subject to specific legal regulations) the implementation time may be longer, however, in each case, within one month you will be informed about the actions we have taken to complete the application.
6. FINAL PROVISIONS
The Administrator uses technical and organizational measures ensuring the protection of processed personal data appropriate to hazards as well as to the category of data under protection, in particular he protects data against their disclosure to unauthorized persons, being taken away by an unauthorized person, processing with violation of binding regulations as well as change, loss, damage or destruction.
The Service Provider makes the following technical measures available to prevent unauthorized persons from obtaining and modifying personal data sent electronically: The protection of the data set against unauthorized access, including the SSL certificate