TABLE OF CONTENTS

1. General provisions
2. Grounds for data processing
3. Purpose, basis, period and scope of data processing on the website
4. Recipients of data on the website
5. Profiling on the website
6. Rights of the data subject
7. Cookies on the website, operational data and analytics
8. Changing the privacy policy
9. Final provisions


 

1. General provisions

1.1. This privacy policy of the Website available at the address, hereinafter referred to as the Website, is informative, which means that it is not a source of obligations for users of the Website. The privacy policy contains mainly rules regarding the processing of personal data by the Administrator on the Website, including the grounds, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools on the Website.

1.2. The administrator of personal data collected via the Website is the company ROAD INVESTMENTS ROBERT BABIŚ ul. Skowronków 1 E, 39-200 Dębica Nip: 792 179 45 24 - hereinafter referred to as the "Administrator". The e-mail address is: babyblanca@op.pl.

1.3. Contact details of the data protection officer appointed by the Administrator: e-mail address: babyblanca@op.pl.

1.4. Personal data on the Website are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.5. Using the Website is voluntary. Similarly, the provision of personal data by the user of the Website is voluntary.

1.6. The administrator takes special care to protect the interests of persons to whom the personal data processed by him is concerned, and in particular is responsible and ensures that the data collected by him are: (1) processed in accordance with the law; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form enabling the identification of persons to whom they relate, no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage by appropriate technical or organizational measures.

1.7. Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probability and severity of the threat, the Administrator implements appropriate technical and organizational measures to ensure that the processing takes place in accordance with this regulation and to be able to prove it. These measures are reviewed and updated as necessary. The administrator uses technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.

2. Grounds for data processing

2.1. The administrator is entitled to process personal data in cases where - and to the extent in which - at least one of the following conditions is met: (1) the data subject has consented to the processing of his personal data for one or more specific purposes ; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary to fulfill the legal obligation incumbent on the Administrator; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where these interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data , in particular when the data subject is a child.

2.2. The processing of personal data by the Administrator requires each time the existence of at least one of the bases indicated in point 2.1 of the privacy policy. The specific grounds for the processing of personal data of users of the Website by the Administrator are indicated in the next section of the privacy policy - in relation to the given purpose of personal data processing by the Administrator.

3. Purpose, basis, period and scope of data processing on the website

3.1. Each time the purpose, basis, period and scope as well as the recipients of personal data processed by the Administrator result from actions taken by a given user on the Website.

3.2. The Administrator may process personal data on the Website for the following purposes, on the following grounds, in the following periods and scope:

Purpose of data processing Legal basis for processing and period of data storage Scope of data processed

Direct Marketing 1 lit. f) GDPR Regulations (legitimate interest of the administrator)

The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of claims against the data subject due to the business activity conducted by the Administrator. The limitation period is defined by law, in particular the Civil Code (the basic limitation period for claims related to running a business is three years, and for a sales contract - two years).

The administrator may not process data for the purpose of direct marketing in the event of an effective objection in this regard by the data subject.

E-mail address

Marketing Article 6 para. 1 lit. a) GDPR Regulations (consent)

The data is stored until the data subject withdraws his consent for further processing of his data for this purpose.

Name, surname, e-mail address

Determining, investigating or defending claims that may be raised by the Administrator or which may be raised against the Administrator Article 6 par. 1 lit. f) GDPR Regulations

The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of claims against the data subject due to the business activity conducted by the Administrator. The limitation period is defined by law, in particular the Civil Code (the basic limitation period for claims related to running a business is three years, and for a sales contract - two years).

First name and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / seat (if different from the delivery address).

In the case of Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer.

Conclusion and performance of contracts with the Administrator's contractors Art. 6 sec. 1b GDPR - for the duration of the contract and settlements after its completion Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / seat (if different from the delivery address).

In the case of Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer.

Fulfilling the legal obligations incumbent on the Administrator, e.g. issuing

or storing invoices and other accounting documents, answering complaints Art. 6 sec. 1c GDPR - for the period which the law requires to store data, Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / seat (if different from the delivery address).

In the case of Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer.

Verification of payment credibility Art. 6 sec. 1f GDPR - for the period necessary to make such an assessment when concluding, extending or extending the scope of the contract. Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / seat (if different from the delivery address).

In the case of Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer.

Detecting and preventing fraud Art. 6 par. 1c and 1f of the GDPR) - for the duration of the contract, and then for the period after which the claims expire or for the duration of the proceedings conducted by the competent public authorities Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / seat (if different from the delivery address).

In the case of Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer.

For the purposes of recruitment, Art. 6 sec. 1a and 1c of GDPR) - for the duration of the recruitment process (unless consent has been granted for the processing of data for the purposes of this and future recruitment Name and surname; e-mail address; data contained in the attached CV and cover letter; other data contained in the message;

For the purposes of property protection in the monitored area, Art. 6 sec. 1d and 1e) - for a period of 30 days Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / seat (if different from the delivery address).

In the case of Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer.

In order to make contact as a legitimate interest of the administrator, Art. 6 sec. 1 lit. f of the general regulation on the protection of personal data of 27 April 2016. Name and surname; e-mail address; other data contained in the message body;

In other cases, personal data is processed only on the basis of previously granted consent in the scope and for the purpose specified in the consent of Art.6 par. 1a of the GDPR - for the period from granting consent to its withdrawal. First name and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / seat (if different from the delivery address).

In the case of Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Customer.

4. Recipients of website data

4.1. For the proper functioning of the Website, it is necessary for the Administrator to use the services of external entities (such as, for example, a software provider). The administrator uses only the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.

4.2. The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.

4.3. Personal data of the Website users may be transferred to the following recipients or categories of recipients:

service providers providing the Administrator with technical, IT and organizational solutions enabling the Administrator to run a business, including the Website (in particular computer software providers to run the Website, e-mail and hosting providers and software providers for company management and providing technical assistance to the Administrator) - The administrator provides the collected personal data of the user to a selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

5. Profiling on the website

5.1. The GDPR Regulation imposes an obligation on the Administrator to inform about automated decision-making, including profiling referred to in art. 22 sec. 1 and 4 of the GDPR Regulation, and - at least in these cases - relevant information about the rules for their adoption, as well as the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides information on possible profiling in this point of the privacy policy.

5.2. The Administrator may use profiling on the Website for direct marketing purposes. The effect of using profiling on the Website may be, for example, sending a product proposal that may correspond to the interests or preferences of a given person. Despite profiling, a given person makes a free decision whether they want to learn more about the proposed product.

5.3. Profiling on the Website consists in an automatic analysis or forecast of a given person's behavior on the Website, e.g. by adding a specific browsing of a specific Product page on the Website, or by analyzing the history of visits to the Website.

5.4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects or significantly affects that person.

6. Rights of the data subject

6.1. The right to access, rectify, limit, delete or transfer - the data subject has the right to request the Administrator to access his personal data, rectify it, delete ("the right to be forgotten") or limit processing and has the right to object to processing, and also has the right to transfer their data. Detailed conditions for the exercise of the above-mentioned rights are set out in Art. 15-21 of the GDPR Regulation.

6.2. The right to withdraw consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to art.6 par.1 lit.a) or art. 9 sec. 2 lit. a) of the GDPR Regulation), it has the right to withdraw consent at any time without affecting the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.

6.3. The right to lodge a complaint to the supervisory body - the person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Personal Data Protection Office.

6.4. Right to object - the data subject has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data based on art. 6 sec. 1 lit. e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally valid grounds for processing, overriding the interests, rights and freedoms of the data subject, or the grounds for establishing, investigating or defending claims.

6.5. Right to object to direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of his personal data for such marketing purposes, including profiling, to the extent which processing is related to such direct marketing.

6.6. In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator's address indicated at the beginning of the privacy policy or using the contact form available on the Website.

7. Cookies on the website, operational data and analytics

7.1. Cookies (cookies) are text information in the form of text files, sent by the server and saved on the side of the person visiting the Website (e.g. on the hard drive of a computer, laptop or on a smartphone's memory card - depending on which device is used by our visitor. Webpage).

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by the web server to the web browser and stored by the browser of the computer or smartphone. The identification data is sent back to the server each time the browser sends a request to open a page on the server. Cookies can be "persistent" or "session" cookies: persistent cookies will be stored by your web browser and will remain valid until the expiration date you set, unless you delete them before the expiration date; the session cookie expires at the end of the user's session when the web browser is closed. Cookies typically do not contain any information that identifies you, but the personal information we store about you may be linked to information stored in and obtained from cookies.

7.2. The Administrator may process the data contained in Cookies when visitors use the Website for the following purposes:

remembering data from completed Order Forms or surveys;

adjusting the content of the Website to the individual preferences of the user (e.g. regarding colors, font size, page layout) and optimizing the use of the Website;

keeping anonymous statistics showing how to use the Website;

remarketing, i.e. research on the behavior of visitors to the Website by anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their expected interests, also when they visit other websites on the Google Inc. advertising network and Facebook Ireland Ltd .;

7.3. By default, most internet browsers available on the market accept cookies by default. Everyone has the option to define the terms of using cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving cookies - in the latter case, however, it may affect some of the functionalities of the Website.

7.4. The web browser settings for cookies are important from the point of view of consent to the use of cookies by our website - in accordance with the law, such consent may also be expressed through the settings of the web browser. In the absence of such consent, the browser settings for cookies should be changed accordingly.

7.5. Detailed information on changing the settings for cookies and their self-removal in the most popular web browsers is available in the help section of the web browser.

7.6. The Administrator may use Google Analytics and Universal Analytics services provided by Google Inc. on the Website. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA. These services help the Administrator to analyze traffic on the Website. The collected data is processed as part of the above services in an anonymised way (these are so-called operational data that make it impossible to identify a person) to generate statistics helpful in administering the Website.The data are aggregate and anonymous, i.e. they do not contain identifying features (personal data) of visitors to the Website.The Administrator using the above services on the Website collects such data as the sources and medium of obtaining visitors to the Website and the manner of their behavior on the Website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age, gender) and interests.

7.7. It is possible for a given person to easily block information about their activity on the Website by a given person - for this purpose, you can install a browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.8. The Administrator may use the Facebook Pixel service on the Website, provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland). This service helps the Administrator measure the effectiveness of advertisements and find out what actions are taken by visitors to the Website, as well as display relevant advertisements to these people. Detailed information on the operation of Facebook Pixel can be found at the following internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.9. Managing the operation of Facebook's Pixel is possible through the ad settings in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. Changing the privacy policy

8.1. The current content of the Privacy Policy and cookies of the website babyblanca.pl from 21/02/2020.

8.2. babyblanca.pl reserves the right to change the above Privacy Policy by publishing a new Privacy Policy on this website.

8.3. If you have additional questions regarding the protection of privacy, please contact the Administrator.

9. Final provisions

8.1. The website may contain links to other websites. The administrator urges that after switching to other websites, read the privacy policy established there. This privacy policy applies only to the Administrator's Website.