The Controller of personal data collected via the Website is LUQAM SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA with the registered office in Kraków (address and mailing address: ul. Kamieńskiego 47, 30-644 Kraków; entered into the Register of Entrepreneurs of the National Court Register under the KRS number 0000442347; the registration court, in which the company"s documentation is kept: District Court for Kraków Śródmieście (Kraków City Centre) in Kraków, XI Commercial Division of the National Court Register, Tax ID Number (NIP): 6793087067; National Business Registry Number (REGON): 122736324; e-mail address email@example.com - hereinafter referred to as “Controller” and being simultaneously the Service Provider of the Website.
Contact details of the data protection officer designated by the Controller: Malgorzata Worobik, e-mail address: firstname.lastname@example.org.
The personal data in the Website are processed by the Controller in accordance with applicable law, in particular in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or “ GDPR Regulation". Final legal text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
The Controller assures due diligence to protect the interest of persons being data subjects, in particular being responsible and liable for and assuring that the data collected are: (1) is processed in accordance with the law; (2) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (3) technically correct and adequate in regards to the purpose, for which it is processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. The measures are reviewed and updated, as necessary. The Controller applies technical measures preventing the acquisition and modification of personal data sent electronically by unauthorised persons.
02Grounds for processing personal data
Processing of personal data is admissible only when - and to the extent that - at least one of the following prerequisites occurs (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
03Purpose, basis, and scope of data processing in the website
Each time the purpose, basis, period and scope of processing and the recipients of data processed by the Controller correspond to actions performed in the Website by the Service User or Customer. The Controller may process the personal data in the Website for the purposes, on the bases, within the periods and scope, as follows:
|PURPOSE OF PERSONAL DATA PROCESSING||Legal basis for processing and retention period
||SCOPE OF PERSONAL DATA PROCESSING
|Implementation of the Reservation Contract or Contract for the Provision of Electronic Services, or taking action at the request of the data subject prior to entering in the a/m contracts||Article 6 paragraph 1 point b. of the GDPR (performance of the contract)Data is kept for the period necessary for the performance, termination or expiry of the contract otherwise concluded.||Maximum scope: name and surname, e-mail address; contact telephone number; residence address/business address/head office (if other than the delivery address). In the case of Service Users or Customers who are not consumers, the Controller may additionally process the name of the company and tax identification number (NIP) of the Service User or Customer.The above constitutes the maximum scope – in the case of e.g. collecting a product personally, one does not have to specify the delivery address.|
|Direct marketing||Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the Controller)The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity amounts to three years, and for a Reservation Contract two years).The Controller may not process the data for the needs of direct marketing in the case of expressing clear objection in this field by the data subject.||E-mail address|
|Marketing||Article 6, par. 1, point a) of the GDPR Regulation (consent)The data are stored until the data subject withdraws the consent to further process their data to that end.||Name, e-mail address|
|Keeping tax books||Article 6, par. 1, point c) of the GDPR Regulation in relation with Article 74 par. 2 of Tax Ordinance Act of 30 January 2018 (Journal of Laws of 2018 item 395). The data shall be stored for the legally required period, requesting the Controller to keep accounts (5 years from the beginning of the year following the financial year to which they relate).||Name and surname; address of residence /business address/head office, the company name and VAT no. (NIP) of the Service User or the Customer.|
|Determining, pursuing or defence of claims on the side of the Controller, or ones that may arise as regards the Controller.||Article 6, par. 1, point f) of the GDPR RegulationThe data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity amounts to three years).||Name and surname; phone no.; e-mail address; address of residence/business address/head office. In the case of Service Users or Customers who are not consumers, the Controller may additionally process the name of the company and tax identification number (NIP) of the Service User or Customer.|
04Data recipients in the website
05Profiling in the online store
06The rights of the data subject
07Cookies in the website, operational data and analytics
Cookie files (Cookies) are small pieces of text information in the form of text files, sent by a server and recorded by the User visiting the Website (e.g on the computer’s, or laptop’s hard drive, or on a smartphone memory card – depending on which device is used when visiting the Website). Detailed information on Cookies, as well as the history of their creation can be found, among other places, here: http://pl.wikipedia.org/wiki/Ciasteczko. The Controller processes the data contained in Cookie files during the visitors’ use of the Website for the following purposes: identification of Service Users as logged in to the Website and informing that they are logged in; recording Products added to the shopping cart in order to place an Order; recording of data from the filled out Order Forms, questionnaires or the Website login data; adjusting the Website’s contents to the Service User’s individual preferences (e.g. regarding colours, fonts, website layout), and optimizing the use of the Website; keeping anonymous statistics which present the way that the Website is used. remarketing, namely evaluating the conduct of visitors of the Website through anonymous analysis of their activities (e.g. repeated visits on particular pages, key words etc.) to create their profile and provide them with adverts matching their interests, also when they visit other web pages in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. As a standard, most Internet browsers by default accept the saving of Cookie files. Every user has the possibility to specify the conditions of Cookie file use via the Internet browser’s settings. This means, that it is possible to partially (e.g. temporarily) restrict or completely disable the saving of Cookie files on the User’s computer – in the latter case, however, it may influence specific functionalities of the Website. The Internet browser setting in terms of Cookie files are significant from the point of view of consent to use Cookie files by our Website – in accordance with the regulations, such consent may also be expressed through adjusting the Internet browser settings. If a Users do not express such consent, they are asked to change the Cookie settings in their Internet browser. Detailed information regarding changing Cookie file settings and individual removal of them in the most popular Internet browsers are available in the Internet browser’s help section and at the following websites (please click the appropriate link):
- Chrome browser
- Firefox browser
- Internet Explorer browser
- Opera browser
- Microsoft Edge browser
The Controller may use Google Analytics and Universal Analytics services in the Website provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The services help the Controller to analyse the frequency of visits in the Website. The data collected are processed under the above services in an anonymous manner (the so-called operational data, which make it impossible to identify a person) to generate statistics helpful while administering the Website. The data are of collective and anonymous nature, i.e. they do not contain any identifying features (personal data) of the visitors of the Website. Using the above services in the Website, the Controller collects such data as the sources and medium of acquiring visitors of the Website and the manner of their conduct on the Website, information concerning their devices and browsers used to visit the web page, IP and domain, geographical data and demographic data (age, sex) and interests. It is possible to easily block sharing information with Google Analytics as regards the activity on the Website page – install to that end an Opt-out Browser Add-on made available by Google Ireland Ltd. at: https://tools.google.com/dlpage/gaoptout?hl=pl. The Controller may use Facebook Pixel service, which is provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The service helps the Controller to measure an effectiveness of adverts and to find out what actions the users of the Website undertake in order to show them matching adverts. Detailed information about the Pixel Facebook features can be found at the address: https://www.facebook.com/business/help/742478679120153?helpref=page_content. Managing Facebook Pixel is possible through ads settings on a Facebook user’s account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.