Privacy Policy ONLINE STORE BOXIA.WORLD
Dear Customer/User
We care about your privacy and want you to feel comfortable and safe when using our services, which is why we have prepared a document from which you will receive detailed information regarding the processing of your personal data.
Contents:
1. Introduction
2. General information
3. Recipients of personal data of the Online Store
4. Obtaining, collecting purposes, scope and activities of personal data processing
5. Rights of data subjects
6. Cookie mechanism, operational data and analytics
7. Final provisions
§ 1
Entry
1. This Privacy Policy sets out the rules for the processing and protection of personal data of Users and Customers of the Online Store (including potential Customers) using the Online Store available at the Internet address: BOXIA.WORLD, hereinafter referred to as the Store. The document describes primarily the basis, purposes and scope of personal data processing, indicates the entities to which the data is entrusted, and also contains information on cookies and analytical tools used within the Online Store.
2. All words and expressions used in this document and starting with a capital letter (e.g. Customer, Seller, Order, Store) have the meaning given to them in the Regulations of the Online Store, which is available on the Store's website.
3. The administrator of personal data collected via the Online Store, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of April 27, 2016 (OJ EU L No. 119, p. 1), hereinafter referred to as GDPR, is Michał Wroniszewski, running a business under the name Affordable Michał Wroniszewski, entered in the Central Register and Information on Economic Activity, with the address of the principal place of business and delivery address: Polna 14. 55-330 Wilkszyn, NIP: 8942706603, REGON: 522090507, e-mail address: shop@boxia.world , hereinafter referred to as the Administrator and being at the same time the Online Store Service Provider and the Seller.
5. Users' personal data are processed in accordance with the provisions on the protection of personal data and the Act of July 18, 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
6. The personal data administrator declares that the Privacy Policy has an informative role, which means that it is not a source of obligations for Users and Customers of the Online Store. Its purpose is to define the activities undertaken by the Administrator and to describe the services, tools and functionalities related to the Online Store and used by the Customers of the Online Store, e.g. to register an account, place an order, use the contact form, use a discount code, subscribe to the Newsletter or other activities undertaken within the Online Store.
§ 2
General information
1. The Online Store Administrator makes every effort to protect the privacy of Users and Customers of the Online Store and all data and information obtained from them. It selects and applies technical protection measures with due care, both programming and organizational, thus ensuring complete protection against their disclosure, disclosure, loss, destruction, unauthorized modification or processing in violation of applicable law.
2. The Administrator informs that the Online Store uses a transmission protocol that ensures the security of data transmission on the Internet, namely it has the SSL (Secure Socket Layer v3) protocol installed. This is a type of security that involves encoding data before sending it from the Customer's browser and decoding it after it safely reaches the Store's server. The information sent from the server to the client is also encoded and, after achieving the goal, decoded.
3. Data collected by the Administrator are processed in accordance with the law, respecting the principles of reliability and transparency, are collected to the minimum extent necessary for the specified purposes and processed in accordance with them, not subject to further processing inconsistent with these purposes, adequate and substantively correct in relation to the purpose and stored in a way that allows identification of data subjects. The data storage period depends on the purpose of processing and is limited to the moment the intended purpose is achieved.
4. The Online Store Administrator has access to the data under the terms specified in the Regulations and the Privacy Policy, but may entrust Customers' personal data to external entities cooperating with the Administrator. Such entrustment is possible only on the basis of appropriate personal data entrustment agreements concluded between the Administrator and the processing entity. The contracts contain a provision specifying the scope and conditions of processing personal data necessary to provide the services. The Administrator declares that it cooperates only with entities that guarantee the security of personal data processing processes by implementing security measures that meet the requirements specified in the GDPR.
5. The Administrator has the right, as well as the statutory obligation, to provide information regarding the Online Store's Customers to public authorities, e.g. in connection with conducting proceedings regarding possible violations of the law, or to third parties who submit such a request under the applicable provisions of Polish law.
6. The Administrator may share anonymized personal data with other entities, including partners of the Online Store, in order for the Customer to express opinions on concluded Sales Agreements, improve the quality of services provided by the Online Store or the mentioned entities or participate in scientific research.
7. The use of services and tools made available in the Online Store, as well as providing personal data by the User, is voluntary. However, providing them may be necessary to conclude and perform the Sales Agreement or the Agreement for the provision of Electronic Services in the Online Store, and their absence will prevent the conclusion of such an Agreement. The scope of data necessary to conclude the Agreement is indicated on the Online Store website and in the Online Store Regulations.
8. The Customer using the services and tools made available in the Online Store confirms that he/she has read the provisions of this Privacy Policy and the Regulations of the Online Store, and at the same time consents (if necessary) to the use of his/her personal data in accordance with these provisions by checking the appropriate checkboxes. posted on the Online Store website (the content of the checkboxes determines the purpose for which the personal data provided will be used).
§ 3
Recipients of personal data of the Online Store
1. In order to ensure the proper operation of the Online Store, including the implementation of concluded Sales Agreements, the Administrator uses the services of external entities. The Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
2. Examples of recipients of personal data of Online Store Customers are:
• carriers, intermediaries, forwarders - when the Customer making a purchase in the Online Store chooses the delivery method by courier,
• entities handling electronic or payment card payments - the Administrator entrusts the Customer\'s personal data to the entity handling a given payment to the extent necessary to provide the service,
• entities operating the opinion survey system, entities providing systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns; entities conducting marketing campaigns,
• providers of services supporting the work of the Online Store Administrator, e.g. suppliers of computer software for running the Online Store, e-mail, companies operating the mailing system for sending Newsletter, hosting providers,
• lending entities enabling customers to make payments in installments,
• entities providing accounting services.
3. Data recipients (external entities) process personal data on the basis of appropriate entrustment agreements signed with the Online Store Administrator. These entities collect, process and store personal data in accordance with their regulations and privacy policies.
4. The Administrator entrusts the processing of personal data of Service Recipients and Customers of the BOXIA.WORLD Online Store to suppliers, subcontractors and independent third parties who perform specific tasks on our behalf.
§ 4
Obtaining, collecting purposes, scope and processing activities
1. The Administrator obtains information about Users, among others: by collecting server logs, IP addresses, software and hardware parameters, pages viewed, mobile device identification number and other data regarding devices and system use. The above information will be collected in connection with the use of the Online Store. These data are not used by the Administrator to identify the User/Customer.
2. Navigation data may also be collected from Customers, including information about links and references or other activities undertaken in the Online Store to facilitate the use of services provided electronically and to improve the functionality of these services.
3. The Administrator reserves the right to filter and block messages sent through the internal messaging system, in particular if they are spam, contain prohibited content or otherwise threaten the security of Online Store Users.
4. As part of the Online Store, the Administrator processes Customers' personal data for the following purposes:
• taking action before concluding the contract at the request of the Customer; guaranteeing full service for the Store User, including setting up and managing an account/accounts, contacting Users in response to inquiries sent via the contact form, livechat support, contacting Users via e-mail in response to submitted inquiries,
• providing services that do not require creating an account and purchasing Goods, i.e. browsing the websites of the Online Store, using the Goods search engine, monitoring the activity of all and specific Users,
• customizing the offer and User experience,
• performance of the Sales Agreement or the Agreement regarding the provision of Services electronically,
• keeping statistics on the use of individual functionalities available in the Online Store, facilitating the use of the Online Store and ensuring the IT security of the Online Store,
• determining, pursuing and enforcing claims and defending against claims in court proceedings and other enforcement bodies,
• considering complaints, grievances and requests, as well as answering questions,
• direct marketing of products and services,
• Newsletter sending,
• organizing competitions and loyalty programs,
• carrying out research and analysis to improve available services.
5. The Administrator informs that he collects, processes and stores the following customer data: name and surname, e-mail address (e-mail address), contact telephone number for order processing or contact from the store, delivery address of the Goods (street, house number , apartment number, postal code, city, country), address of residence/business/registered office (if different from the delivery address).
In the case of Service Recipients or Customers who are not Consumers, the Administrator may additionally process such data as: the name of the Company and the tax identification number (NIP) of the Service Recipient or Customer.
6. Personal data collected for the purposes indicated in the Privacy Policy will be stored for the period of provision of services (including electronic services and shipment of Goods) provided by the Administrator and for the period resulting from the limitation periods for claims, tax law provisions, Consumer rights or other rights. in this regard.
CONTACT WITH THE CUSTOMER
1. The basis for data processing in connection with customer service, which includes contact with the customer in order to answer the inquiry sent via e-mail or contact form, is Art. 6 section 1 letter a GDPR, i.e. consent to processing. If a contract is concluded after contact, the data will be processed pursuant to Article 6(1)(b) of the GDPR. The legal basis for processing after the possible termination of contact will be the justified purpose of archiving correspondence for the purpose of demonstrating its course in the future (pursuant to Article 6(1)(f) of the GDPR).
Providing personal data is voluntary, but necessary for the Administrator to contact the Customer/User of the Online Store.
ACCOUNT REGISTRATION
2. The data of the User who registers on the Website by creating an Account will be collected on the basis of consent to processing (Article 6(1)(a) of the GDPR). When the User decides to conclude a contract, the data will be processed pursuant to Art. 6 section 1 letter b GDPR.
3. To create an account, complete the registration form and provide basic personal data, i.e. e-mail address, etc., as well as a password consisting of the type of characters and their number consistent with the instructions. Creating an account is free of charge and requires the User's consent to provide data and confirmation of reading the Website's Privacy Policy
EXECUTION OF THE CONTRACT
4. When placing an order in the Online Store, the Customer provides personal data that is used to perform the contract, i.e. in connection with the execution of the Order (Article 6(1)(b) of the GDPR), issuing an invoice and performing other activities related to the provisions of tax law (Art. .6(1)(c). For archival and statistical purposes, data will be processed on the basis of the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).
5. The basis for data processing in order to establish, pursue or defend claims that may be raised by the Administrator or that may be raised against the Administrator is Art. 6 section 1 letter f GDPR.
6. Order data will be processed for the time necessary to complete the order and then until the limitation period for claims under the concluded contract expires. Moreover, after this deadline, the data may still be processed for statistical purposes.
NEWSLETTER
7. As part of the functionality on the Online Store website, the Newsletter service is available. The data provided in connection with subscribing to the Newsletter are used only to send the Newsletter, based on the consent given (pursuant to Article 6(1)(a) of the GDPR).
8. Voluntarily granted consent to sending the Newsletter or commercial information may be withdrawn at any time at the request of the Customer/User, which will be sent via e-mail. The Administrator, after receiving such a request, immediately, no later than within 48 hours from receiving information about the withdrawal of consent, deletes the Customer/User's data from the contact database used to transmit commercial information electronically.
9. As part of the Newsletter Service, you can at any time correct your data saved in the database, request their removal, resign from receiving the Newsletter, and exercise the right to transfer data referred to in Art. 20 GDPR.
CONTACT FORM
10. As part of the functionality of the Website, the Administrator provides the opportunity to contact him using an interactive form. Using the form requires providing personal data necessary to contact the User and answer the questions contained in the form. The user may also provide other data to facilitate contact or ordering a service. Providing data marked as mandatory is required to process the inquiry and/or accept the order, and failure to provide it may result in the inability to process it. Providing other data is voluntary.
11. In order to identify the sender and handle his inquiry sent via the form provided - the legal basis for processing is the necessity of processing to perform the contract for the provision of a service (Article 6(1)(b) of the GDPR).
12. For analytical and statistical purposes - the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in maintaining statistics of inquiries submitted by Users via the Website in order to improve its functionality.
SERVICE OF ADDING COMMENTS WITHIN THE BLOG
1. To use the option of adding a comment on the blog, complete the form by entering your e-mail address and name. Providing data is voluntary, but necessary to add a comment.
2. The comment system posted on the Online Store website is operated by Affordable Michał Wroniszewski. The use of the comment system is based on the Customer/User's acceptance of the regulations for the provision of services by Affordable Michał Wroniszewski.
3. The data provided when adding a comment is used to publish the comment on the blog, and the legal basis for their processing is consent (Article 6(1)(a) of the GDPR) resulting from adding a comment.
4. Personal data will be processed for the duration of the existence of comments on the blog, the Customer/User may at any time ask for the comments to be deleted, then they will be deleted from the database.
5. The Customer/User may correct the data assigned to the comment and may exercise the right to transfer data.
SOCIAL MEDIA TOOLS
6. The website of the BOXIA.WORLD Online Store contains plug-ins and other social tools provided by social networking sites such as Facebook, TikTok, and Instagram. By displaying the Store's website on which such a plug-in has been placed, the User's browser will establish a direct connection to the Facebook, Google, Twitter or Instagram servers. The content of the plug-in is transferred by a given Service Provider directly to the User's browser and integrated with the website. This integration allows the Service Provider to receive information that the User's browser has displayed the website of the BOXIA.WORLD Online Store, even if the User does not have a profile with a given Service Provider or is not currently logged in to it. If the User is logged in to one of the social networking sites, the website service provider will be able to directly assign the visit to the Website to a given profile on a given social networking site.
If the Online Store User uses the "Like" or "Share" button, the appropriate information will also be sent directly to the server of the given Service Provider and stored there. In addition, this information will be published on a given social networking site and will appear, for example, on a Facebook wall. The purpose and scope of data collection and its further processing and use by the Service Providers, as well as the possibility of contact and Users' rights in this regard and the possibility of introducing settings ensuring privacy protection are indicated in the privacy policy of each Service Provider.
SOCIAL MEDIA TOOLS (FACEBOOK)
1. The website of the BOXIA.WORLD Online Store uses a plug-in and other tools provided by the Facebook social networking site. By displaying the website of the Online Store on which such a plug-in has been placed, the User's browser establishes a direct connection to the Facebook Administrator's server.
2. The content of the plug-in is transferred by a given Service Provider directly to the User's browser and integrated with the website. This integration allows the Service Provider to receive information that the User's browser has displayed the website of the BOXIA.WORLD Online Store, even if the User does not have a profile on the Facebook social networking site or is not currently logged in to it. If the User is logged in to the social networking site, the website service provider will be able to directly assign the visit to the Website to a given profile on the Facebook social networking site.
If the Online Store User uses the "Like" or "Share" button, the appropriate information will also be sent directly to the server of the given Service Provider and stored there. In addition, this information will be published on a social networking site and will appear, for example, on a Facebook wall. The purpose and scope of data collection and its further processing and use by the Service Providers, as well as the possibility of contact and Users' rights in this regard and the possibility of making settings ensuring privacy protection are indicated in the privacy policy of each Service Provider.
GOOGLE ADDS
3. The Administrator informs that by using Google Ads services, he promotes the Online Store website in search results and on third-party websites. Automatically, when visiting the Store's website, the so-called Remarketing cookie from Google, which enables the display of interest-based advertising using a pseudonymous identifier (ID) and based on the pages viewed by the Visitor.
The Google Ads service is provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, which has joined the Privacy Shield program to ensure an adequate level of personal data protection required by European regulations.
§ 5
Rights of data subjects
1. GDPR grants Customers/Users the above-mentioned rights, the list of which is provided below. They are available without giving a reason, but they are not absolute and will not apply to all activities related to the processing of personal data. If the Customer/User wants to exercise any of his rights, he may at any time send a declaration of will to the e-mail address of the Online Store or the address of the Administrator's registered office.
I. The right to access data pursuant to Art. 15 GDPR.
The Customer/User may contact the Administrator at any time to confirm whether his or her data is being processed, and if this is the case, the Customer has the right to:
• to gain access to personal data,
• to receive information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of the Customer/User's data or about the criteria for determining this period (when it is not possible to determine the planned period of data processing), about the rights the Customer/User under the GDPR (when it is not possible to determine the planned data processing period), about the Customer's rights under the GDPR and about the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling and about safeguards used in connection with the transfer of this data outside the European Union,
• to obtain a copy of your personal data.
II. The right to rectify data pursuant to Art. 16 GDPR.
The Customer/User has the right to request the Administrator to immediately correct his or her personal data that is incorrect. You also have the right to request that your personal data be supplemented. To correct or supplement your personal data, please send information to the e-mail address of the Online Store.
III. The right to delete data (“right to be forgotten”) – implemented pursuant to Art. 17 GDPR.
a) The Customer/User may request the Administrator to delete all or some of his/her data,
b) The Customer/User has the right to request the deletion of his or her personal data when:
• personal data are no longer necessary for the purposes for which they were collected or processed,
• withdrew specific consent to the extent that personal data were processed based on the Customer/User's consent,
• objected to the use of his data for marketing purposes,
• personal data were processed unlawfully,
• personal data must be deleted in order to comply with a legal obligation provided for by Union law or the law of the Member State to which the Controller is subject;
• personal data was collected in connection with offering information society services,
c) despite the Customer/User requesting the deletion of personal data in connection with raising an objection or withdrawing consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfill legal obligations. an obligation requiring processing under Union law or the law of a Member State to which the Controller is subject,
d) deletion of personal data or cessation of their processing by the Administrator may result in the inability to provide services provided via the Online Store or limitation of the ability to use the functionality of the Online Store.
IV. Expressing consent to the processing of personal data and the right to withdraw consent is carried out pursuant to Art. 7. section 3 GDPR
a) The Customer/User, by accepting the declarations placed by the Administrator in the interactive form available on the Online Store website, consents to the processing of his or her data for specific purposes,
b) The Customer/User has the opportunity to consent to the processing of his data for additional purposes by accepting optional declarations proposed in the forms available on the Online Store website,
c) The Customer has the right to withdraw any consent he has given to the Administrator, withdrawal of consent will take effect from the moment of withdrawal of consent,
d) withdrawal of consent will not result in any negative consequences for the Customer, but may prevent further use of services or functionalities that, in accordance with the law, the Administrator can only provide with consent,
e) withdrawal of consent does not affect the processing of personal data carried out by the Administrator in accordance with the law before its withdrawal.
V. The right to object to data processing pursuant to Art. 21 GDPR
a) The Customer/User has the right to object at any time for reasons related to his/her special situation to the processing of his/her personal data, including profiling, if the Administrator processes personal data based on a legitimate interest,
b) resignation from receiving marketing information regarding products and services sent by the Customer/User in the form of an e-mail means the Customer/User's objection to the processing of his data, including profiling for these purposes,
c) if the Administrator has no other legal basis allowing the processing of the Customer's/User's data and the objection turns out to be justified, the personal data against which the objection was raised will be deleted.
VI. The right to request restriction of personal data processing pursuant to Art. 18 GDPR
The Customer/User has the right to request the restriction of his or her personal data when:
a) questions the accuracy of your personal data - the personal data administrator will limit the processing of your personal data for a period of time enabling the accuracy of these data to be checked,
b) the processing of the Customer/User's personal data is unlawful, and instead of deleting the personal data, the Customer/User requests the restriction of the processing of their personal data,
c) the Customer/User's personal data are no longer necessary for processing purposes, but they are needed to establish, pursue or defend the Customer/User's claims,
d) when the Customer/User has objected to the processing of his or her personal data - then processing is limited until it is determined whether the legitimate interests of the Personal Data Administrator override the grounds indicated in the Customer's/User's objection.
VII. The right to request the transfer of personal data (Article 20 of the GDPR)
The Customer/User has the right to receive his/her personal data from the Administrator in a structured, commonly used, machine-readable format and to send it to another Personal Data Administrator.
You can also request that the Personal Data Administrator sends the Customer/User's personal data directly to another Administrator (if technically possible).
VIII. The customer also has the right to lodge a complaint with the President of the Office for Personal Data Protection regarding a violation of his or her rights to the protection of personal data or other rights granted under the GDPR.
§ 6
Cookie Policy, operational data and analytics
1. The online store uses small files called cookies, which are saved and stored on the computer or other end device of the Store's Users and Customers if the web browser allows it. Cookies usually contain the name of the domain they come from, the time they are stored on the Device and the assigned value.
2. Cookies are used to optimize the process of using the Store's website, to collect statistical data that allows to identify how Users use the Online Store's website, which allows improving the structure of the Online Store. They are also necessary to maintain the Customer's session after he leaves the Online Store.
3. The administrator uses two types of cookies:
a) Session cookies (temporary): are stored on the Customer's end device and remain there until the end of the browser session. The saved information is then permanently deleted from the device's memory. The session cookies mechanism does not allow downloading any personal data or any confidential information from the Customer's Device.
b) Persistent cookies: they are stored on the Customer's device and remain there until they are deleted. Ending a given browser session or turning off the Device does not delete them from the Customer's Device. The persistent cookies mechanism does not allow downloading any personal data or any confidential information from the Customer's Device.
4. The service administrator uses external cookies to:
a) optimization of the Store's offer
b) ensuring satisfaction with the Store's offer
6. The Administrator uses the Google Analitycs tracking code to analyze the statistics of the Online Store website and manage Ads advertisements; detailed information about Google Analytics can be found at https://support.google.com/analytics/answer/6004245.
7. In order to analyze website statistics of the Website, send web push and social media notifications launched or indicated by the Administrator via the system, one or more tracking codes are used.
8. In order to create personalized advertisements based on the behavior of people visiting the Online Store, and to monitor events on the Website, the Administrator uses the Facebook conversion pixel (a JavaScript code fragment). The information collected as part of the Facebook pixel is anonymous, i.e. it does not allow the Administrator to identify a given Person, it only provides information about activities undertaken within the Website. Detailed information on Facebook's use of data collected via the pixel is available at https://www.facebook.com/privacy/explanation.
9. The customer can change cookie settings at any time, using the web browser he or she is using, including blocking the ability to collect cookies. Such action may make it difficult or impossible to use the services and tools of the Online Store, including making it impossible to place an Order.
10. If the Customer decides that he does not agree to the use of cookies for the purposes described above, he can delete them manually at any time. Detailed instructions and information about cookies are included in the help menu of the web browser currently used by the Customer. Examples of web browsers that support the above-mentioned cookies are: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
11. Some external entities operating within the Online Store allow Users to withdraw consent to their collection and use of data for advertising purposes based on the Customer's activity. More information about this and the possibility of making a choice can be found, for example, on the website: www.yuoronlinechoices.com. Sharing information about activity on the Online Store's website with Google Analytics can be blocked using the information provided by Google Inc. browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
§ 7
Final Provisions
1. This Privacy Policy contains links to other websites, it is recommended to read the Privacy Policies and Regulations of these websites.
2. The above Privacy Policy applies only to the Administrator's Online Store.
3. It is possible to expand the offer of the Online Store, which makes it possible to change the content of the Privacy Policy, about which you will be informed with an appropriate message on the Store's website.
4. If you have additional questions regarding the Online Store's Privacy Policy, please send a message to the e-mail address provided by the Administrator: shop@boxia.world
