PERSONAL DATA AND PROCESSING
Personal data are any information about an identified or identifiable physically person. An identifiable person is one that can be directly or indirectly identified, in particular on the basis of data such as name, last name, ID number, location data, e-mail address and other Processing of personal data means an operation or set of operations carried out on personal data by automated or non-automated manner. Personal data is processed by the administrator in accordance with the General Data Protection Regulation (hereinafter: ‘GDPR’) and in accordance with Polish data protection law, in particular the Data Protection Act of 10 may 2018.
CONTACT WITH ADMINISTRATOR
You can contact your administrator by:
- By sending a letter to an address ul Studencka 40/37 , 02-375 Warsaw.
- E-mail to email@example.com
THE PURPOSE AND LEGAL BASIS OF THE DATA PROCESSING
Personal data shall be processed by the controller for the following purposes and on a specified legal basis:
- in order to conclude and implement a contract for the sale of products available on the PomykalaStudio Website pursuant to art. 6 sec. 1 lit. b GDPR – in connection with the concluded contract;
- in order to handle inquiries sent via the contact form – based on the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR); the Controller’s legitimate interest is replying to received messages and correspondence;
- in order to run Facebook and Instagram, Behance and Youtube social profiles and to enable the data subject to be active on these profiles – based on the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR); the Controller’s legitimate interest is to promote the brand and pursue claims (this information applies to data processing by Karol Pomykała, and not by the owners of individual social networks);
- in order to handle the complaint process – based on the legitimate interest of the administrator (Article 6 of the Act 1 letter f of the GDPR); the Controller’s legitimate interest is to consider the notification which is the subject of the complaint and to defend against potential claims;
- In order to carry out marketing activities, on the basis of a legitimate interest of the administrator (Article 6 act (1)letter (f) GDPR); it is a legitimate interest of the administrator to carry out its own marketing;
- For the purposes of carrying out the dispatch of the newsletter, subject to the agreement of the service users (Article 6 act(1)letter(a))
- in order to keep accounting books – pursuant to art. 6 sec. 1 letter. c GDPR in connection with the Administrator’s obligation under art. 74 sec. 2 of the Accounting Act of September 29, 1994.
The administrator collects information about the users who use PomykalaStudio and their IP addresses, based on analysis of system logs. This information is necessary to properly maintain the IT infrastructure, ensure security, and manage incidents.
THE RECIPIENTS OF THE DATA
Personal data may be disclosed to other recipients, but the administrator shall do so lawfully. Recipients may be entities authorized to receive data under applicable law or entities entrusted by the Administrator with the processing of data on the basis of contracts concluded, in particular external IT providers supporting the activities of the administrator and the accounting firm. The data will not be transmitted outside the European Economic Area, except where the buyer is outside the European Economic Area and this will be necessary for the proper execution of the sales contract.
DATA RETENTION PERIODS
The storage of personal data depends on the purpose and legal basis of the processing. Personal data processed:
- For the sale of products available from PomykalaStudio, they will be held for the duration of the contract and thereafter for the duration of the claim.
- in order to handle requests from a contact form, they will be kept for the period necessary to handle the inquiry and thereafter for the duration of the claim;
- In order to maintain Facebook and Instagram social profiles and enable the data subject to be active on these profiles to be stored for the duration of the Facebook and Instagram Social Media Profile Administrator’s activity, this period may be extended until such time as the claim is solved;
- Personal data will be processed for the time necessary to handle the inquiry and then for the duration of the claim;
- For marketing purposes, they will be held for the duration of the agreement or until you have objected to the processing of the data for your own marketing purposes;
- For the purpose of sending the newsletter, they will be stored until the purpose for which they were collected has been met or until you have cancelled your consent;
- for the purpose of keeping the accounts, they shall be kept for the period required by the accounting rules.
RIGHTS OF DATA SUBJECTS T
he data subject shall have the right to access the data, to obtain copies of the data, to rectify the data, to delete the data, to restrict the processing of the data, to object to the processing of the data, to withdraw consent and to lodge a complaint with the Data Protection Office.
Right of access to data – on this basis, the controller shall inform the data subject if he is processing his data and, if so, inform him of the purposes of processing the data, the categories of data processed, the recipients of the data, the period of storage of the data, the automated processing of the data, the right of that person to lodge a complaint with the supervisory authority and, if the data were obtained from a source other than that person- the source of the data.
Right to obtain a copy of the data – on this basis, the Administrator shall issue a copy of the data to the data subject processed by the controller.
Right to correct data – on this basis, the Administrator modifies/straightens data upon request of the data subject and who has reported that the data are incorrect.
Right to delete data – on this basis, the data subject may request the deletion of personal data if all the purposes for which the data were collected have already been met.
Right to restrict processing – on that basis, the data subject may request the controller to cease operations on his data and the administrator shall cease processing and storage in accordance with the retention periods adopted until the reasons for the retention limit have ceased. This shall not apply where the data subject agrees to the processing of the data.
Right to transfer data – on this basis, the Administrator shall, at the request of the data subject, issue data in a readable format for the computer system.
Right to object – on that basis, the data subject has the right to object to the processing of his data by the controller for marketing purposes or to object to other processing purposes relating to his particular situation.
Right to withdraw consent – the data subject has the right to withdraw consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing of data prior to the withdrawal of consent. In order to implement his or her rights, the data subject should contact the administrator by letter or electronically, as specified in the paragraph headed “Contact the administrator”. Requests are answered within one month of receiving by the administrator. If it is necessary to extend this period, the administrator shall inform the person who made the request.
The right to lodge a complaint with the Personal Data Protection Office – if the data subject finds that the processing of his data by the Administrator violates the provisions on the protection of personal data, he or she has the right to submit a complaint to the supervisory office, which in Poland is the Personal Data Protection Office. (UODO)
- necessary for the operation of the websites – their use is necessary for the proper operation of the site. The visiting client can deactivate them in the browser, but this may affect the proper functioning of the site.
- for security purposes, they allow for the detection of fraud in the authentication of persons with access to the system;
- Settings/functionality – allows the functionality available on the website to work efficiently and capture the settings selected by the visiting customer, such as language, location, or selected font. Blocking these files will reduce the functionality of the page, but should not affect the ability to use it.