1.2. The Controller of personal data collected via the Shop is Agata Hofman who conducts business activity under name Business Art Accountancy Agata Hofman, entered into Business Activity Central Register and Information Record, place of conducting business activity: al. Jana Pawła II 11; 00-828 Warsaw, NIP [tax identification number] 1180580665, REGON [statistical number] 015154734, E-mail: firstname.lastname@example.org – hereinafter referred to as the “Controller”, at the same time also being the Service Provider of the Internet Shop and the Seller.
1.3. Personal data of the Purchaser are processed pursuant to the Act of 29 August 1997 on protection of personal data (Journal of Laws of 1997, No. 133, item 883, with further amendments) (hereinafter referred to as the Act on protection of personal data) and the Act of 19 July 2002 on provision of services by electronic means (Journal of Laws of 2002, No. 144, item 1204, with further amendments).
1.4. The Controller acts with special care in order to protect the interests of persons to whom such data pertains, in particular, the Controller ensures that the collected data are processed in conformity with the law; are collected for specified purposes in conformity with the law and are not subject to further processing incompatible with these purposes; are correct and adequate in relation to the purposes for which they are processed, and are stored in a manner which allows for identification of persons to whom they pertain, for no longer period than is necessary for achieving the purpose of processing.
1.5. All words, terms and acronyms appearing on this page and starting with a capital letter (e.g. the Purchaser, the Buyer, the Shop) shall be understood in accordance with their definitions included in the Regulations of sweetpearls.eu, available on the Shop’s website.
2.PURPOSE AND SCOPE OF COLLECTING DATA AND DATA RECIPIENTS
2.1. Every time, purpose, scope and recipients of personal data processed by the Controller steam from the actions undertaken by the Purchaser, in particular including personal data of the Purchaser shall be processed in order to conclude and perform remote Sales Contract, including also deliveries of the Goods to the Purchaser.
2.2. Possible purposes of collecting personal data of the Purchaser:
2.2.1. conclusion and performance of the remote Sales Contract;
2.2.2. direct marketing of the Shop’s products;
2.3. Possible recipients of the Purchaser’s personal data:
2.3.1. In case of the Purchaser who chooses delivery by post or courier from the Shop, the Controller shall provide collected personal data of the Purchaser to chosen carrier or intermediary who performs delivery under the Shop’s order;
2.3.2. In case of the Purchaser who chooses electronic payment or payment by a credit cart at the Shop, the Controller shall provide collected personal data of the Purchaser to chosen subject handling the aforementioned payments in the Shop.
2.4. The Controller may process the following personal data of the Purchasers who use the Shop: full name, E-mail address; telephone number; delivery address (street, house number, premises number, postal code, city, country), residence address/address of place where business activity is conducted/ address of the place of registered office (if different from delivery address). In case of the Purchaser who is not a consumer, the Controller may additionally process company’s name and tax identification number [NIP] of the Purchaser.
2.5. Providing personal data referred to in above section, it may be necessary to conclude and perform the remote Sales Contract. Every time the scope of data necessary in order to conclude the Contract is previously indicated at the website of the Shop.
3.1. The Controller also processes anonymous operational data connected with using the Shop (so called logs – IP address, domain) to generate statistics helpful in controlling the Shop and its website. These data are of collective and anonymous nature, that is they do not contain identification qualities of a person visiting the website of the Shop. Logs are not disclosed to third parties.
4.GROUNDS FOR DATA PROCESSING
4.1. Providing personal data by the Purchaser is voluntary; however, failing to provide personal data indicated at the Shop’s website to be necessary in order to conclude and perform the remote Sales Contract shall result in the lack of possibility to conclude such contract.
4.2. The basis for processing personal data of the Purchaser is the necessity to perform the contract to which the Purchaser is a party or undertaking, at its request, actions prior to its conclusion. In the event of processing personal data for the purposes of direct marketing of own products, the basis for such processing is (1) prior consent of the Purchaser or (2) performing legally justified purposes implemented by the Controller (in accordance with article 23 section 4 of the Act on protection of personal data, legally justified purpose shall be understood in particular as direct marketing of own products).
5.THE RIGHT TO CONTROL, ACCESS AND CORRECT ONE’S OWN DATA
5.1. The Purchaser has a right to access and correct its personal data.
5.2. Each person has a right to control processing of data which pertains to such person, included in the collection of data of the Controller, in particular a right to: request the completing, updating and correcting personal data, temporary or permanent stopping their processing or deleting, if they are incomplete, outdated, incorrect or have been collected unlawfully, or they are superfluous to the purpose for which they have been collected.
5.3. In the event that the Purchaser gives its consent to process data for the purposes of direct marketing of own products, the consent may be revoked at any time.
5.4. In the event that the Controller intends to process or processes data of the Purchaser for the purposes of direct marketing of own products, the person to whom such data pertains is authorised also to (1) submit a written, substantiated request to cease processing its data due to specific situation of the Purchaser or to (2) submit an objection against processing its data.
6.2. The Controller uses technical and organisational measures allowing for protecting processed personal data, relevant to hazards and data categories covered by protection, in particular it protects data against making them available to unauthorised parties, collecting by unauthorised party, processing with the infringement of valid provisions of the law and against change, loss, damage or destruction.
6.3. The Collector protects the collection of data against unauthorise