Privacy Policy
Respecting your rights and respecting the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (RODO), we declare that we are committed to maintaining the security and confidentiality of the personal data obtained. All of the store’s employees have been properly trained in the processing and protection of personal data.
DEFINITIONS
Administrator – Manufaktura Barrels Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (00-105) at ul. Twarda 18, KRS – 0000904285, NIP – 5252865707, REGON – 389142879.
Data personal – all information about an identified or identifiable natural person through one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person, including image, voice recording, contact data, location data, information contained in correspondence, information collected through recording equipment or other similar technology.
Policy – This Privacy Policy.
RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 7, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Data subject – Any natural person whose personal data is processed by the Administrator, such as one who directs an email inquiry to the Administrator.
DATA PROCESSING BY THE CONTROLLER
In connection with its business activities, the Administrator collects and processes personal data in accordance with the relevant laws, including in particular the RODO, and the data processing rules provided for therein.
The controller ensures transparency of data processing, in particular, always informs about data processing at the time of collection, including the purpose and legal basis of processing – such as when concluding a contract for the sale of goods. The controller shall ensure that the data is collected only to the extent necessary for the stated purpose and processed only for the period of time necessary.
When processing data, the Administrator shall ensure its security and confidentiality, as well as access to information about such processing for data subjects. If, despite the security measures in place, there is a breach of personal data protection (e.g., data “leakage” or data loss), the Administrator shall inform data subjects of such an event in a manner consistent with the regulations.
CONTACT THE ADMINISTRATOR
Contact with the Administrator is possible via e-mail address: sklep@mojadestylarnia.pl
or mailing address: Manufaktura Barrels Sp. z o.o., 00-105 Warsaw, ul. Hard 18.
SECURITY OF PERSONAL DATA
In order to ensure the integrity and confidentiality of data, the Administrator has implemented procedures that allow access to personal data only to authorized persons and only to the extent necessary due to the tasks they perform. The administrator uses organizational and technical solutions to ensure that all operations on personal data are recorded and performed only by authorized persons.
In addition, the Administrator shall take all necessary measures to ensure that its subcontractors and other cooperating entities also provide a guarantee of the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
The administrator conducts a risk analysis on an ongoing basis and monitors the adequacy of the data safeguards in place to address identified risks. If necessary, the Administrator shall implement additional measures to enhance data security.
PURPOSES AND LEGAL GROUNDS FOR DATA PROCESSING BY THE CONTROLLER
E-mail and traditional correspondence
In the case of e-mail or traditional mail correspondence addressed to the Administrator that is not related to the services provided to the sender or any other agreement concluded with the sender, the personal data contained in such correspondence is processed solely for the purpose of communication and handling of the matter to which the correspondence relates.
We will send you an e-mail if you give us your e-mail address and ask us to contact you. You may also receive an e-mail from us in connection with the processing of an order placed remotely. You can also receive an email from us as part of the newsletter service we run. We may also send you marketing information by e-mail if we have received your prior consent to send such messages (e.g. to remind you of purchases that are in your shopping cart).
The legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting of correspondence addressed to it in connection with its business activities.
The administrator processes only personal data relevant to the matter to which the correspondence relates. All correspondence is stored in a manner that ensures the security of the personal data and other information contained therein and is disclosed only to authorized persons.
Phone contact
When contacting the Administrator by telephone, on matters unrelated to the contract concluded or services provided, we may request personal data only if it is necessary to handle the matter to which the contact relates. The legal basis in such a case is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting of the need to handle a reported business-related matter.
Telephone conversations can also be recorded, in which case, at the beginning of the conversation, information in this regard is provided. Calls may be recorded to verify the quality of the service provided and to verify the work of consultants, as well as for statistical purposes. The recordings are available only to the Administrator’s employees and the Administrator’s hotline staff.
Personal data in the form of a recording of the conversation is processed:
- for purposes related to servicing customers and clients via a hotline, where the Administrator provides such a service – the legal basis for processing is the necessity of processing to provide such a service (Article 6(1)(b) RODO);
- in order to monitor the quality of service and verify the work of hotline consultants – the legal basis for processing is the Administrator’s legitimate interest (Article 6(1)(f) of the RODO) in ensuring the highest possible quality of service for the benefit of clients and customers.
Social media
The administrator processes the personal data of people who have liked our social profiles maintained within popular social networks. The data is processed to enable the maintenance and ongoing management of our profiles, including communicating with the community and organizing events or contests, under the terms of the functionalities of each social media and their rules and regulations. Data of community members is also processed for statistical and analytical purposes, and may be processed for the purpose of claiming and defending against claims. The legal basis for processing your personal data is our legitimate interest (Article 6(1)(f) RODO).
Collection of data in connection with the provision of services or performance of other contracts
The rules for the Administrator’s processing of customers’ personal data in connection with the services offered, especially services provided online, are defined in separate policies, available on the website of these services https://mojadestylarnia.pl .
Data collection in business relationships
In connection with its operations, the Administrator also collects personal data in other instances – such as during business meetings, at industry events or through the exchange of business cards – for the purposes of establishing and maintaining business contacts. The legal basis for the processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting of networking in connection with its activities.
In connection with the Administrator’s cooperation with business partners, among others. business customers and suppliers, the Administrator processes the contact data of persons designated as business contacts in the relationship with the Administrator, such as persons responsible on the partner’s side for the performance of the contract with the Administrator. The administrator processes the contact information of such persons for the purpose of ongoing communication with business partners and maintaining contacts with them. The legal basis for the processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting of communication with business partners.
Personal data collected in such cases are processed only for the purpose for which they were collected, and the Administrator shall ensure their adequate protection.
Data processing in information systems
Personal data is processed in an IT environment, which means that it may also be temporarily stored and processed to ensure the security and proper functioning of IT systems, e.g. in connection with making security copies, testing changes to IT systems, detecting irregularities or protecting against fraud and attacks.
DATA RECIPIENTS
In connection with the conduct of activities that require the processing of personal data, they are disclosed to external entities, including, in particular, suppliers responsible for the provision and operation of IT systems and equipment, entities providing legal, accounting, auditing, consulting services, couriers. The data is also disclosed to the Administrator’s affiliates, as well as to businesses selling the Administrator’s product range.
The Administrator reserves the right to disclose selected information concerning the data subject to the competent authorities or to third parties who make a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
TRANSFER OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA
The level of protection for personal data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when necessary and with an adequate degree of protection, primarily by:
- cooperation with entities, processing personal data in countries for which the relevant decision of the European Commission has been issued;
- Use of standard contractual clauses, issued by the European Commission;
- application of binding corporate rules approved by the relevant supervisory authority;
- in the case of data transfers to the US, cooperation with entities participating in the Privacy Shield program, approved by a decision of the European Commission.
The controller always informs about the intention to transfer personal data outside the EEA at the stage of collection.
PERIOD OF PROCESSING OF PERSONAL DATA
The period of data processing by the Administrator depends on the type of service provided and the purpose of the processing. The period of processing of the data specified may also result from regulations, in case they provide the basis for processing. In the case of data processing on the basis of the legitimate interest of the Administrator – e.g. for security reasons – the data are processed for a period of time allowing for its realization or until an effective objection to the data processing is made. If processing is based on consent, the data is processed until the consent is withdrawn. Where the basis for processing is necessity for the conclusion and performance of the contract, the data will be processed until the contract is terminated.
The period of data processing may be extended in case the processing is necessary for the establishment, investigation or defense against possible claims, and thereafter, only if and to the extent required by law. At the end of the processing period, the data is irreversibly deleted or anonymized.
RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA
In connection with the Administrator’s processing of your data, you have a number of rights:
- you can get information about how and to what extent we process your data and, in addition, a copy of your personal data. In case your request includes copies of data you will help us by indicating a copy of what data you would like to receive. The administrator may charge a fee for second and subsequent copies, of which you will be notified. The amount of the fee will correspond to the cost of its preparation;
- You can request rectification of your data (if it has been erroneously recorded or if it has changed), deletion (if there is no basis for the Administrator to process it), or restriction of processing (if you want the Administrator to process your data only to a limited extent, pending the resolution of your objection or request for rectification, and if you want the data to be stored in connection with your claims);
- you may request that your data that you have provided to us be transferred in a structured, commonly used, machine-readable format. You can independently transfer the data you receive to the administrator of your choice. In addition, if it is technically feasible, with appropriate security standards, we can do this for you at your request.
- in case the processing of your data by the Administrator is carried out on the basis of a legitimate interest, you may object to such processing;
- If you believe that our processing of your data violates your rights tell us about it. We try to respond to the comments and suggestions of our users. You also have the right to file a complaint to the supervisory authority (in Poland – the General Inspector of Personal Data Protection).
The request for the implementation of the rights of data subjects, can be submitted:
- In writing to the address: Manufaktura Barrels Sp. z o.o., 00-105 Warsaw, ul. Hard 18.
- via email to: sklep@mojadestylarnia.pl.
The request should, as far as possible, indicate precisely what the request is about, i.e. in particular:
- What right the requester wants to exercise (e.g., the right to receive a copy of the data, the right to erasure, etc.);
- what processing the request concerns (e.g., use of a specific service, activity on a specific website, receipt of a newsletter containing commercial information to a specific email address, etc.);
- What processing purposes the request relates to (e.g., marketing purposes, analytical purposes, etc.).
If the Administrator is unable to determine the content of the request or identify the requester based on the notification made, it will ask the requester for additional information.
Applications will be responded to within a month of receipt. If it is necessary to extend this period, the Administrator will inform the applicant of the reasons for such extension.
The response will be provided to the e-mail address from which the application was sent, and in the case of applications sent by letter, by regular mail to the address indicated by the applicant, unless the content of the letter indicates a desire to receive feedback to the e-mail address (in which case the e-mail address must be provided).
PRIVACY POLICY UPDATE
This privacy policy will be updated periodically to reflect these changes and corresponding changes in our information use practices. Whenever we change this privacy policy, we will also change the date on it to indicate when the changes were made. We encourage you to review this privacy policy regularly when you use our services. If we make substantial changes to this privacy policy we will actively inform you in advance of the changes being made, especially if the changes involve changes to our services, so that you can decide whether you want to continue using them. In particular, if we have an email address for you then we can inform you of the change by email or we can inform you via a message on our websites.
Cookies
In order for our websites and the tools provided on them to function properly, and to present information that matches your interests and preferences based on your history of activity on our sites, we use a technology known as “cookies.”
These are small text files that are stored by your browser on your computer or other device (e.g. phone, tablet) to store information to identify you or your browser, or to remember your history of activity on our websites or interactions with our content and communications.
Through our cookies and third-party cookies, the following information about you may be recorded and stored: technical information about your device (including device ID, MAC address, IP address, operating system, device settings, in particular the language set, screen resolution, type of web browser), data about your activity on our sites (including time and length of your visit to the site, sub-pages visited, goods added to your shopping cart), information about your interactions with the content we provide (e.g. advertisements you have viewed, consents you have given, or that you have opened correspondence you have received from us (e.g., emails), clicked on a link contained therein).
Cookies help us make your stay on the site smooth and as personal as possible. They show us what all users are doing on our site, and this helps us improve the user experience. We may also use cookies to recognize your browser or device, store information about your preferences, provide certain features and collect information about your interactions with us online, use the content we provide and receive communications from us.
We use cookies for the following purposes:
To provide the services you have requested (so-called essential cookies). They are necessary to enable you to use our services on the websites (including enabling you to use certain functionalities and access secure areas). We use our own essential cookies, among others. to allow you to pay for your order, to remember your shopping cart or the stage of your order, to seamlessly navigate our websites without having to repeat the authentication process each time. If you block the necessary cookies, some of the functionality of our websites may not be available.