Definitions and general information
- Data Controller – the data controller is INDIVIDUELLE Sp. z o.o. with its registered office in Gdańsk, ul.Jana Uphagena 18, 80-237 Gdańsk, entered into the Register of Entrepreneurs of the National Court Register under No. 0000701199, registration files filed with the District Court Gdańsk-Północ in Gdańsk, VII Economic Division of the National Court Register, NIP: 5833269958, REGON: 368597850, e-mail: [email protected]
- Personal data – information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
- Cookies – means IT data, in particular small text files, recorded and stored on the devices through which the User accesses the Website.
- Data Controller Cookies – means Cookies placed by the Data Controller, related to the provision of electronic services by the Data Controller through the Website.
- External Cookies – means Cookies placed by the Data Controller’s partners, through the website of the Service.
- Website – means the website: kanga.exchange/shop.
- Profiling – means a form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyse or predict aspects concerning personal preferences and interests.
- User – by User we mean any person visiting the Website, using a computer, tablet, phone or mobile device and the Internet.
Legal grounds for the processing of User data and their scope
- Personal data collected by the Data Controller shall be processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as “RODO”), the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000) and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2017, item 1219, as amended).
- The Data Controller only processes personal data that the User has provided in connection with the use of the Website. The processing of Users’ data takes place within the scope of:
- contact establishment- on the basis of Article 6(1)(a) of the RODO, i.e. on the basis of the consent given by the data subject,
- completion of an order (scope of data: name, surname, address, e-mail address, telephone number, optional company name if applicable) – on the basis of Article 6(1)(b) RODO, i.e. for the performance of a contract to which the User is a party,
- collection of receivables – on the basis of Article 6(1)(f) of the RODO, i.e. on the basis that the processing is necessary for purposes deriving from the legitimate interests pursued by the Data Controller or by a third party,
- fulfillment of legal obligations of the Data Controller in connection with running the business – on the basis of Article 6(1)(c) of the RODO, i.e. due to the fact that the processing is necessary to fulfil a legal obligation of the Controller,
- carrying out product or service marketing activities, including the running of a newsletter – on the basis of a separately granted consent (Art. 6(1)(a) RODO),
- sending commercial information by electronic means on the basis of a separately granted consent (Art. 6(1)(a) RODO),
- use of telecommunications terminal equipment and automatic calling systems for direct marketing purposes in accordance with Article 172 of the Act of 16 July 2004. Telecommunications Law (Journal of Laws of 2017, item.1907 as amended) – on the basis of separately granted consent.
- Browsing the content of the Website does not require any personal data other than automatically acquired information about connection parameters.
Lawfulness of processing and application of appropriate safeguards
- The Data Controller processes the data in accordance with the law, collects it for the designated legitimate purposes and does not subject it to further processing incompatible with those purposes. Data is only collected to the extent that it is adequate, necessary and necessary in relation to the purposes for which it is processed. The Users’ personal data may be transferred by the Administrator to third parties who may be interested in concluding a contract with the User, the detailed content of which will be determined directly between the User and the third party.
- The Data Controller does not process any specific categories of personal data.
- The Data Controller makes every effort to protect the Users’ personal data from unauthorised access by third parties and, in this respect, applies organisational and technical security measures at a high level. The Administrator shall not make personal data available to any unauthorised recipients in accordance with the mandatory legal provisions in this regard. The Data Controller may entrust another entity, by means of a written agreement, with the processing of personal data on behalf of the Data Controller. Data may be made available to entities authorised to receive them under mandatory legal provisions.
- The Administrator uses server, connection and Website security. All connections related to the execution of electronic payments by the Users, if such an option is selected, will take place via a secure encrypted SSL connection. However, the measures taken by the Administrator may not be sufficient if Users fail to comply with the security rules.
Automatic processing of personal data (profiling)
- In order to provide the most advantageous, customised, personalised offer to its Users and for the purposes necessary for the conclusion or performance of a contract between the Data Subject and the Data Controller, and in the event of the Data Subject’s express consent, the Data Controller may use Profiling.
- In the case of processing for direct marketing purposes including Profiling, processing based on the legitimate interests of the Data Controller, for scientific, historical and statistical research purposes, data subjects have the right to object on grounds relating to the particular situation of the data subject. The Data Controller shall not take a decision which is based solely on automated processing, including Profiling, and materially affects the data subject. The Data Controller shall implement appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the Data Controller, to express one’s point of view and to contest a decision resulting from automated processing.
- Time of processing personal data
- Personal data will be processed for a period of time:
- necessary for the performance of the contracts concluded through the Website, including after their completion due to the parties’ ability to exercise their contractual rights, as well as for the possible assertion of claims – until the expiry of the limitation period for claims;
- until the withdrawal of the consent given or the submission of an objection to data processing – in cases where the User’s personal data are processed on the basis of a separate consent.
- The Data Controller also keeps Users’ personal data when this is necessary to fulfil its legal obligations, resolve disputes, enforce User obligations, maintain security, prevent fraud and abuse.
- The Data Controller provides the Users with the exercise of the rights referred to in point. 2 below. In order to exercise the rights, a relevant request should be sent by e-mail to: [email protected].
- The User has the right to:
- access to the content of the data – in accordance with Article 15 RODO,
- correction/updating of data – in accordance with Article 16 RODO,
- erasure of data – pursuant to Article 17 RODO,
- restriction of data processing – in accordance with Article 18 RODO,
- data portability – in accordance with Article 20 RODO,
- to object to the processing of your data – in accordance with Article 21 RODO,
- to withdraw consent at any time, whereby the withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent before its withdrawal – pursuant to Article 7(3) RODO,
- to lodge a complaint with a supervisory authority – in accordance with Article 77 RODO.
- The Data Controller considers the submitted requests immediately, but no later than within one month of their receipt. However, if – due to the complicated nature of the request or the number of requests – the Data Controller is not able to consider the User’s request within the indicated time limit, the Data Controller shall inform the User about the intended extension of the time limit and indicate a time limit for the consideration of the request, but not longer than 2 months.
- The Data Controller shall notify about the rectification or erasure of the personal data or the restriction of the processing he has carried out in accordance with the User’s request to any recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.
- In order to complete the contract, the Data Controller may share the data collected from Users with entities including, in particular: employees, co-workers, entities providing legal services to the Administrator, IT services, operators of online payment systems, the accounting office keeping the Administrator’s books, third parties, by which is meant a Partner or Contractor, as defined in the Terms of Service.
- In such cases, the amount of data provided is limited to the required minimum. Furthermore, the information provided by Users may be made available to the competent public authorities if required by applicable law.
- For recipients not mentioned above, the personal data processed shall not be made available externally in a form that would allow any identification of Users, unless the User has given their consent.
- Users’ personal data will not be transferred to countries outside the European Economic Area.
Cookies and their usage
- When using the Website, small files are stored on the User’s terminal equipment, in particular text files which contain information to remember login data, last selected products, products in the User’s basket (hereinafter: “cookies”). Cookies also enable the collection of statistical data referred to in point 2 below.
- Cookies do not contain any data identifying a User, which means that it is not possible to establish a User’s identity from them. The cookies used by the Website are not in any way harmful to the User or the device and do not interfere with the User’s software or settings.
- The cookie system does not interfere with the operation of the User’s computer and can be deactivated.
- Cookies enable:
- maintaining a User session (after logging in) so that the User does not have to re-enter their login and password on each sub-page of the Website;
- creating viewing statistics for sub-pages of the Website.
- We would like to remind you that, as a general rule, browsers are set by default to allow the storing of cookies.
- If the User does not agree to these files being stored on the terminal device, the User should change the settings of the Internet browser they are using.
- Preventing cookies from being stored can consist of:
- not saving cookies on the terminal device;
- informing the User every time a cookie is stored on the device; deleting files after using the Website.
- In order to use the option that is suitable for you, please refer to the information on cookie management, which can usually be found in the “Settings” of your browser or in the “Help” section.
- The Data Controller informs that in the event that files are necessary for the operation of the Website, limiting their use may hinder the use of the Website.
Changing the privacy and cookies policy
- The Data Controller is entitled to modify this document, of which the User will be informed in a manner enabling them to become acquainted with the changes before they come into force, e.g. by posting relevant information on the main pages of the Website, and in the case of significant changes also by sending a notification to the e-mail address indicated by the User.
- Further use of the Website after the publication or sending of a notification of changes to this document shall be deemed to be your consent to the collection, use and sharing of your personal data according to the updated content of the document.
- This document does not limit any of the User’s rights under generally applicable law.