PRIVACY AND DATA SECURITY POLICY
The following document explains the principles and scope of processing of Customers' personal data, their rights and duties of the store as a data controller. We emphasize that the Candytm store uses the latest technical measures and organizational solutions to ensure a high level of protection of personal data being processed and protection against unauthorized access.
1. Personal data controller
Wojciech Czyżowicz conducting business activity under the name CANDY, NIP 7521430066, 97-320 Wolbórz ul. Garncarska 43
2. Processing of personal data
The Customer who intends to use the services of the Candytm online store will be asked to provide personal data. These data will be processed only for purposes related to the functioning of the store and the provision of services offered in it.
3. Purpose of processing
Customer's personal data are necessary for the proper provision of services, in particular for:
- sending the newsletter,
- registering in the website,
- concluding the sales contract,
- making settlements,
- delivering the ordered goods,
- exercising consumer rights.
4. Types of data
To properly provide services, we need such data as:
- first name and last name,
- shipping address,
- email address and phone number,
- payment information,
- company details if the purchase is made by an entrepreneur.
5. Legal basis
Personal data are processed in accordance with the provisions of the GDPR (the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016). The basis for the processing of personal data is primarily Article 6 GDPR.
6. Conditions for providing data
We process your personal data with your consent, given at the time of registration in the online store and at the time of confirmation of the transaction carried out in the store. Consent to the processing of personal data is completely voluntary, however, in some cases it may be necessary to conclude a contract or other activities related to the provision of services by the Candytm store.
7. Rights of the person providing personal data
You always have the right to request access to your personal data. You can request that we correct or rectify your personal data at any time. You can also do it yourself using the KONTO tab after logging into the online store.
You can withdraw your consent to the processing of personal data at any time without giving a reason. The request may relate to the purpose of processing indicated by you. Withdrawal of consent for all processing purposes will result in the deletion of your account in the online store and your data will not be processed by us. Withdrawal of consent will not affect the activities carried out so far.
At any time, you can object to the processing of your data both in full and for the purpose you specify. The objection will not affect any actions already carried out. Making an objection will delete your account in the online store and your data will not be processed by us.
You can request that we restrict the processing of your personal data, whether for a specific period of time or to a certain extent; we will follow your decision. This request will not affect your previous activities.
You can request that we transfer your data that we have to another administrator. For this purpose, please contact us via the contact form or by email, specifying the name and address of the entity to which we will transfer your data and their scope.
You can request information about the scope of your personal data processing by us at any time. We are required to inform you no later than one month after receiving each request about our actions.
8. Processing period
We will store your personal data as long as you are an active customer. We store your data until you delete your account in the online store. Account deletion may take place at your request, but also if you withdraw your consent to the processing of your data, object to the processing of your personal data or request their removal.
9. Data security
When processing your personal data, we use state-of-the-art organizational and technical measures in accordance with applicable law, including encryption with an SSL certificate.
10. Outsourcing personal data
Your personal data may be outsourced to entities cooperating with the Candytm store to the extent necessary to provide services, i.e. for the purpose of preparing the goods you ordered, carrying out the payment process and delivering packages. We never provide your data, sell it or exchange it for commercial or marketing purposes. Personal data are not transferred outside the European Union.
The Customer has the option of subscribing to our newsletter by providing an email address and consenting to the processing of personal data for the purpose of sending commercial and marketing information by email. Through the newsletter, we inform you about our latest products or promotions. The Customer may at any time unsubscribe from the newsletter by clicking the link in the newsletter received or by sending an email to the address: firstname.lastname@example.org
13. Google Analytics
14. INFORMATION OF THE PERSONAL DATA CONTROLLER BASED ON ARTICLE 13 PARAGRAPHS 1 AND 2 OF THE GENERAL DATA PROTECTION REGULATION (GDPR)
In connection with the entry into force and the need to apply the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter the "Regulation"), we provide the following information regarding the processing of your personal data.
The online store processes your personal data for the following purposes:
A) to provide your personal data to ING Bank Śląski S.A. ("Bank") in relation to:
a. providing by the Bank to the Online Store of the service of providing access to the infrastructure for handling payments via the Internet (the legal basis: Article 6(1)(f) of the Regulation).
b. servicing and clearing by the Bank of payments made by customers of the Online Store via the Internet using payment instruments (the legal basis: Article 6(1)(f) of the Regulation).
c. verifying by the Bank of the proper performance of contracts concluded with the Online Store, in particular to ensure the protection of payers' interests in connection with their complaints (the legal basis: Article 6(1)(f) of the Regulation).
B) to transfer your personal data to Twisto Polska sp. z o.o. in connection with the possibility of proposing payment for the purchased goods or service by Twisto Polska sp. z o.o. under the order agreement covering the "Buy with Twisto" purchasing formula and making this purchasing formula available through the Online Store, as well as for verification by Twisto Polska Sp. z o.o. of the due performance of such mandate contracts (the legal basis: Article 6(1)(f) of the Regulation).
In connection with the processing of personal data for the purposes set out above, your personal data may be made available by the Online Store to other recipients or categories of recipients of personal data, which may be:
a) ING Bank Śląski S.A.
b) Twisto Polska sp. z o.o.
If you provide your personal data to conclude a contract with the Online Store, providing your personal data is a condition for concluding this Contract. Providing personal data in this situation is voluntary, however, the consequence of not providing this data will be the inability to conclude a contract with the Online Store.
If you provide your personal data in order to transfer your personal data to Twisto Polska sp. z o.o. before the conclusion of the contract for the sale of goods (or services) purchased in the Online Store, the transfer of these data is a condition of the conclusion of the sales contract in connection with the business model adopted by the Online Store.
If you provide your personal data to the Bank in connection with the handling and settlement of payments made by you to the Online Store using payment instruments, providing data is required in order to make the payment and provide confirmation of its making by the Bank to Online Store item.
If you provide your personal data to the Bank for the purpose of verification by the Bank of the proper performance of contracts concluded with the Online Store, in particular to ensure protection of payers' interests in connection with their complaints, providing these data is required in order to enable the implementation of the contract concluded between the Online Store and the Bank.
In the case of your personal data being forwarded to Twisto Polska sp. z o.o. in connection with the possibility of offering you payment for the goods or services purchased by you by Twisto Polska sp. z o.o. under the order agreement covering the "Buy with Twisto" purchasing formula and making this formula available by the Online Store, providing this data and processing it for this purpose is required in connection with the business model adopted by the Online Store and in order to perform the contract concluded between the Online Store and Twisto Polska Sp. z o.o.
15. Final regulations
If you think that the Candytm store processes your personal data improperly, you can contact us. You also have the right to lodge a complaint with a supervisory authority.
16. Contact with the controller