Agraf Agraf - dystrubotor marki Promostars

Privacy Policy General provisions

This privacy policy of the Website is for informational purposes only, meaning it does not constitute a source of obligations for individuals using the Website. The privacy policy primarily includes the principles regarding the processing of personal data collected by the Administrator on the Website, including the basis, purposes, and duration of processing personal data, as well as the rights of the individuals to whom the data pertains, and information regarding the use of Cookies and similar technologies and analytical tools on the Website.

The administrator of the personal data collected through the Website is Rafał Sadowski, conducting business under the name AGRAF RAFAŁ SADOWSKI, registered in the Central Register and Information on Business Activity of the Republic of Poland maintained by the minister responsible for economic affairs, with the following details: place of business and mailing address: ul. Sielska 14B, 10-802 Olsztyn, NIP 7391509176, REGON 510629772, email address: biuro@promostars.pl, contact phone number: +48 895273474 – hereinafter referred to as the “Administrator,” who is also the Owner of the Website.

Personal data on the Website is processed by the Administrator in accordance with applicable legal regulations, in particular in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation.” The official text of the GDPR Regulation can be found at: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

Using the Website is voluntary. Similarly, providing personal data by the user of the Website is also voluntary, with the caveat that not providing certain data required to use a specific functionality of the Website may result in an inability to access that functionality (e.g., the contact form). In such cases, providing personal data is a contractual requirement, and if the individual whose data is being processed wishes to use a specific functionality offered on the Website by the Administrator, they are obliged to provide the required data. The scope of data required to use the functionality of the Website is indicated by the Administrator on the Website (e.g., before filling out the contact form).

The Administrator exercises particular diligence to protect the interests of individuals whose personal data is processed by them, and in particular, they are responsible and ensure that the data collected by them is:

  1. processed lawfully;
  2. collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes;
  3. accurate and relevant to the purposes for which it is processed;
  4. stored in a form that allows identification of the individuals concerned for no longer than is necessary to achieve the purpose of processing; and
  5. processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Considering the nature, scope, context, and purposes of processing, as well as the risk of infringement of the rights or freedoms of natural persons with varying likelihood and severity of threat, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Administrator employs technical measures to prevent unauthorized persons from accessing and modifying personal data transmitted electronically.

All words, expressions, and acronyms appearing in this privacy policy and beginning with a capital letter should be understood according to their meaning as defined in this document.

LEGAL BASES FOR DATA PROCESSING

The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met:

  1. the person whose data is being processed has given consent to the processing of their personal data for one or more specified purposes;
  2. the processing is necessary for the performance of a contract to which the person whose data is being processed is a party, or to take steps at the request of the person prior to entering into a contract;
  3. the processing is necessary for compliance with a legal obligation to which the Administrator is subject; or
  4. the processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular when the data subject is a child.

The processing of personal data by the Administrator requires the existence of at least one of the bases indicated above. The specific bases for processing users’ personal data on the Website by the Administrator are indicated in the next section of the privacy policy – in relation to a specific purpose of personal data processing by the Administrator.

PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING ON THE WEBSITE

Each time, the purpose, basis, period, and recipients of the personal data processed by the Administrator result from the actions taken by a given user on the Website.

The Administrator may process personal data on the Website for the following purposes, on the following bases, and for the periods specified in the table below:

Purpose of data processingLegal basis for data processingData retention period
Use of electronic services provided by the Administrator on the WebsiteArticle 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract, such as responding to an inquiry submitted by the user via the contact formData is retained for the period necessary to perform, terminate, or otherwise expire the contract with the Administrator, e.g., for the time needed to respond to the user’s inquiry sent via the contact form.
Direct marketingArticle 6(1)(f) of the GDPR (legitimate interests of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator – aimed at safeguarding the interests and good reputation of the Administrator and striving to provide servicesData is retained for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject in relation to the business activities conducted by the Administrator. The limitation period is defined by law, particularly the Civil Code (the basic limitation period for claims related to business activities is three years).

The Administrator may not process data for direct marketing purposes if the data subject has effectively objected to such processing.

Maintaining tax recordsArticle 6(1)(c) of the GDPR in conjunction with Article 86 § 1 of the Tax Ordinance of January 17, 2017 (Journal of Laws of 2017, item 201, as amended) – processing is necessary to comply with a legal obligation to which the Administrator is subjectData is retained for the period required by law mandating the Administrator to keep tax records (until the expiration of the limitation period for tax obligations, unless tax laws provide otherwise)
MarketingArticle 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the AdministratorData is retained until the data subject withdraws their consent for further processing of their data for this purpose.
Establishing, pursuing, or defending claims that may be raised by the Administrator or that may be raised against the AdministratorArticle 6(1)(f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Administrator – related to establishing, pursuing, or defending claims that the Administrator may raise or that may be raised against the AdministratorData is retained for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject in relation to the business activities conducted by the Administrator. The limitation period is defined by law, particularly the Civil Code (the basic limitation period for claims that may be raised against the Administrator is six years).
Using the Website and ensuring its proper functioningArticle 6(1)(f) of the GDPR (legitimate interests of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator – related to operating and maintaining the WebsiteData is retained for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims of the Administrator against the data subject in relation to the business activities conducted by the Administrator. The limitation period is defined by law, particularly the Civil Code (the basic limitation period for claims related to business activities is three years).
Conducting statistics and analyzing traffic on the WebsiteArticle 6(1)(f) of the GDPR (legitimate interests of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator – related to conducting statistics and analyzing traffic on the Website to improve its functioningData is retained for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims of the Administrator against the data subject in relation to the business activities conducted by the Administrator. The limitation period is defined by law, particularly the Civil Code (the basic limitation period for claims related to business activities is three years).

DATA RECIPIENTS ON THE WEBSITE

For the proper functioning of the Website, it is necessary for the Administrator to use the services of external entities (such as a software provider). The Administrator only uses the services of those processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

Personal data may be transferred by the Administrator to a third country, provided that the Administrator ensures that such transfer occurs to a country that provides an adequate level of protection in accordance with the GDPR, and in the case of other countries, that the transfer is based on standard data protection clauses. The Administrator ensures that the data subject has the right to obtain a copy of their data. The Administrator transfers the collected personal data only in cases and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.

The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary to achieve the specific purpose of processing personal data and only to the extent necessary to accomplish it.

Users’ personal data from the Website may be transferred to the following recipients or categories of recipients:

  • service providers supplying the Administrator with technical, IT, and organizational solutions that enable the Administrator to conduct business activities, including their Website

PROFILING

The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling as mentioned in Article 22(1) and (4) of the GDPR, and at least in these cases, to provide essential information about the principles of such decision-making, as well as the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides in this section of the privacy policy information regarding possible profiling.

The Administrator may use profiling on the Website for direct marketing purposes, but decisions made on this basis by the Administrator do not concern the conclusion or refusal to conclude a contract or the ability to use electronic services on the Website. Despite profiling, the individual freely decides whether they want to take advantage of the discount or offer provided by the Administrator.

Profiling on the Website may involve the automated analysis or prediction of a person’s behavior on the Site, e.g., by analyzing their previous activity history on the Website. A prerequisite for such profiling is that the Administrator possesses personal data of the individual so that they can subsequently send, for example, a discount code or an offer.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects concerning them or similarly significantly affects them.

RIGHTS OF THE DATA SUBJECT

  • Right of access, rectification, restriction, erasure, or data portability – the data subject has the right to request access to their personal data from the Administrator, to rectify it, to erase it (“the right to be forgotten”), or to restrict processing, as well as the right to object to processing and the right to data portability. The detailed conditions for exercising the aforementioned rights are specified in Articles 15-21 of the GDPR.
  • Right to withdraw consent at any time – the data subject whose data is processed by the Administrator based on consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint with a supervisory authority – the data subject whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
  • Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or task) or (f) (legitimate interest of the Administrator), including profiling based on these provisions. In such a case, the Administrator may no longer process these personal data unless they demonstrate the existence of compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or grounds for establishing, exercising, or defending legal claims.
  • Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that the processing is related to such direct marketing.

In order to exercise the rights mentioned in this section of the privacy policy, you can contact the Administrator by sending a relevant message in writing or by email to the address indicated at the beginning of the privacy policy.

COOKIES ON THE WEBSITE AND ANALYTICS

Cookies are small text information in the form of text files sent by the server and stored on the side of the person visiting the Website (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on which device the visitor is using to access our Website). Detailed information about cookies, as well as the history of their creation, can be found, among others, here: https://pl.wikipedia.org/wiki/HTTP_cookie.

Cookies that may be sent by the Website can be divided into various types according to the following criteria:

Based on their provider:

  1. own (created by the Administrator’s Website) and
  2. those belonging to third parties (other than the Administrator)
Based on their duration of storage on the device of the visitor to the Website:

  1. session (stored until the visitor leaves the Website or closes the web browser) and
  2. persistent (stored for a specific period defined by the parameters of each file or until manually deleted)
Based on the purpose of their use:

  1. necessary (enabling the proper functioning of the Website),
  2. functional/preferential (allowing the customization of the Website to the preferences of the visitor),
  3. analytical and performance (collecting information on how the Website is used),
  4. marketing, advertising, and social (collecting information about the visitor to display ads to them, personalize them, measure effectiveness, and conduct other marketing activities, including on websites separate from the Website, such as social media platforms or other sites belonging to the same advertising networks as the Website)

The administrator may process data contained in cookies while visitors are using the Website for the following specific purposes:

Purposes of Using Cookies on the Administrator’s Websiteremembering data from filled forms (necessary and/or functional/preferential cookies)
customizing the content of the Website to the individual preferences of the user (e.g., regarding colors, font size, layout) and optimizing the use of the Website (functional/preferential cookies)
conducting anonymous statistics showing how the Website is used (analytical and performance cookies)

Checking in the most popular web browsers which cookies (including their lifespan and provider) are currently being sent by the Website can be done in the following way:

In Chrome browser:

  1. click the padlock icon on the left side of the address bar,
  2. go to the “Cookies” tab.
In Firefox browser:

  1. click the shield icon on the left side of the address bar,
  2. go to the “Allowed” or “Blocked” tab,
  3. click on “Third-party tracking cookies,” “Social media tracking items,” or “Content with tracking elements.”
In Internet Explorer browser:

  1. click the “Tools” menu,
  2. go to the “Internet Options” tab,
  3. go to the “General” tab,
  4. go to the “Settings” tab,
  5. click on “View files.”
In Opera browser:

  1. click the padlock icon on the left side of the address bar,
  2. go to the “Cookies” tab.
In Safari browser:

  1. click the “Preferences” menu,
  2. go to the “Privacy” tab,
  3. click on “Manage website data.”
Regardless of the browser, using tools available, for example, on the site: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/

By default, most internet browsers available on the market accept cookies. Everyone has the ability to define the conditions for using cookies through their own browser settings. This means that one can partially limit (e.g., temporarily) or completely disable the ability to save cookies – however, in the latter case, this may affect some functionalities of the Website.

The browser settings regarding cookies are important from the perspective of consent to the use of cookies by our Website – according to regulations, such consent can also be expressed through the browser settings. Detailed information on how to change cookie settings and delete them independently in the most popular internet browsers is available in the help section of the browser and on the following pages (just click on the respective link):

The Administrator may use Google Analytics services on the Website provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Administrator maintain statistics and analyze traffic on the Website. The collected data is processed within these services to generate statistics useful for administering the Website and analyzing traffic on the Website. This data is aggregated in nature. By using these services on the Website, the Administrator collects data such as sources and mediums for acquiring visitors to the Website, as well as their behavior on the Website, information about the devices and browsers they use to visit the site, IP and domain, geographic data, and demographic data (age, gender) and interests.

It is possible for an individual to easily block the sharing of information about their activity on the Website with Google Analytics – for this purpose, one can, for example, install the browser extension provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=en.

In connection with the possibility for the Administrator to use advertising and analytical services provided by Google Ireland Ltd. on the Website, the Administrator indicates that complete information about the rules for processing data of individuals visiting the Website (including information stored in Cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services available at the following web address: https://policies.google.com/technologies/partner-sites.

In our offer clothing of the Promostars group

Copyright (C) promostars.pl
Informacje
Przeiń na górę