The administrator of the personal data collected via the online store www.hustlab.com l is Ambient Investment Kacper Borkowski registered in the Central Register of Business Activity and Information of the Republic of Poland kept by the competent minister for economy, place of business and address for delivery: Chmielna 2/31, 00-020 Warszawa, NIP: 5291825706, REGON: 382882580, electronic mail address (e-mail): email@example.com, hereinafter referred to as “Administrator” and being at the same time “Service Provider”.
(2) Personal data collected by the Administrator through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “RODO”.
TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
1.1.registering an Account in the Store, in order to create and manage an individual account, pursuant to Article 6 (1) (b) of the RODO (performance of a contract for the provision of electronic services in accordance with the Rules of the Store),
1.2. placing an order in the Store, in order to perform a sales agreement, pursuant to Article 6 (1) (b) of the RODO (performance of a sales agreement).
2.1. Account: first and last name, login, address, e-mail address. 2.2 Order: name and surname, address, Tax Identification Number, e-mail address, telephone number.
3.1.if the basis of data processing is the performance of the contract, for as long as it is necessary for the performance of the contract, and after that for a period corresponding to the period of limitation of claims. Unless a specific provision of law provides otherwise, the period of limitation shall be six years, and for claims for periodic performance and claims related to the conduct of business activity – three years.
3.2.where data processing is based on consent, for as long as the consent is not revoked, and after the revocation of consent for a period of time corresponding to the period of limitation of claims which the Administrator may assert and which may be asserted against him. Unless otherwise specified in a specific provision, the limitation period is six years, and for claims for periodic performance and claims related to the conduct of business – three years.
4th While using the Shop additional information may be collected, in particular: the IP address assigned to Customer’s computer or an external IP address of the Internet provider, domain name, browser type, access time, operating system type.
(5) After giving separate consent, under Article. 6(1)(a) RODO data may also be processed to send commercial information by e-mail or make telephone calls for direct marketing – respectively, in connection with Article. 10(2) of the Act of 18 July 2002 on electronic services or Article. 172(1) of the Act of 16 July 2004 – Telecommunications Law, including those targeted by profiling, if the Customer has given the appropriate consent.
(6) Customers may also be collected navigational data, including information about links and references that they choose to click on or other actions taken in the Store. The legal basis for such activities is the legitimate interest of the Administrator (Article 6(1)(f)
of the RODO), consisting of facilitating the use of services provided electronically and improving the functionality of these services. (7) Personal data provided by the User is voluntary.
8th The Administrator shall exercise due diligence in order to protect the interests of data subjects, and in particular to ensure that the data collected by him/her are
8.2.collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes, 8.3. data is substantively correct and adequate in relation to the purposes for which they are processed, and stored in a form which allows the identification of data subjects for no longer than it is necessary to achieve the purpose of processing.
SHARING OF PERSONAL DATA
First Customers’ personal data is transferred to providers of services used by the Administrator to conduct the Shop, in particular to:
1.1.entities performing the delivery of Products, 1.2.providers of payment systems,
1.4. hosting provider,
1.5.supplier of software enabling to conduct business, 1.6.entities providing mailing system,
1.7. provider of software needed to operate the online store. 2. (2) The providers of services referred to in point 1 of this paragraph, to whom the personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the instructions of the Administrator as to the purposes and means of processing those data (processors) or determine themselves the purposes and means of processing (controllers).
RIGHT OF CONTROL, ACCESS TO AND CORRECTION OF OWN DATA 1.
First The data subject has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the legality of the processing carried out on the basis of consent before its withdrawal.
Legal grounds for the Customer’s request:
2.1.Access to data – Article 15 of the RODO.
2.2 Rectification of data – Article 16 of RODO.
2.3. erasure of data (so-called right to be forgotten) – Article 17 RODO. 2.4.Restriction of processing – Article 18 RODO. 2.5.Data portability – Article 20 RODO. 2.6. Objection – Art. 21 RODO
2.7. withdrawal of consent – art. 7 (3) RODO.
Third In order to exercise the rights referred to in point 2, you can send an appropriate email to the address: firstname.lastname@example.org. 4th In the event of the Customer’s claim under the above rights, the Administrator shall comply with the request or refuse to comply with it immediately, but no later than within one month of receipt. If, however, due to the complexity of the request or the number of requests, the Administrator will not be able to comply with the request within one month, he will comply within a further two months by informing the Service Recipient, within one month of receipt of the request, of the intended extension of the deadline and the reasons for it.
(5) If it is determined that the processing of personal data violates the provisions of RODO, the data subject shall have the right to lodge a complaint with the President of the Office for Personal Data Protection.
The SiteAdministrator uses “cookies” files. 2.
Installation of “cookies” is necessary for the proper provision of services at the Shop website. Cookies contain the information necessary for the proper functioning of the site, and they also give the possibility to develop general statistics about visits to the website.
The website uses two types of cookies: “session” and “permanent”. 3.1 “Session” cookies are temporary files, which are stored in
3.1 “Session” cookies are temporary files that are stored in the Customer’s end device until logging off (leaving the Site). 3.2 “Permanent” cookies are stored in the terminal equipment of the Customer for the time specified in the parameters of cookies or until they are deleted by the Customer. 4.
Administrator uses its own cookies to better understand the way of interaction of the Clients with the content of the site. The cookies collect information about the use of the website by the Client, the type of website from which the Client was redirected and the number of visits and the time of the Client’s visit to the website. This information does not record specific personal data of the client, but is used to compile statistics on website use.
5th Administrator uses external cookies to collect general and anonymous statistical data through Google Analytics analytical tools (administrator of external cookies: Google Inc. based in the U.S.). 6th Cookies can also be used by advertising networks, especially Google, to display ads tailored to the manner in which the Customer uses the Store. For this purpose, they can store information about the path of navigation of the Customer or the time of stay on a particular page.
7th The Customer has the right to decide on the access of cookies to his computer by selecting them in advance in his browser window. Detailed information on the possibility and methods of using cookies are available
in the software settings (web browser).
ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE STORE
(1) The Store uses so-called social plugins (“plugins”) of social networks. By displaying the website www.hustlab.pl, containing such a plug-in, the Service Recipient’s browser will establish a
direct connection to the servers of Facebook, Instagram and Google.
The content of the plugin is transmitted by the respective service provider directly to the user’s browser and integrated into the website. Through this integration, service providers receive information that the client’s browser has viewed the page
www.hustlab.pl, even if the client does not have a profile with the service provider or is not currently logged in. This information (along with the Client’s IP address) is sent by the browser directly to the provider’s server (some servers are located in the U.S.) and stored there.
(3) If the Client is logged into one of the above social networks, the service provider will be able to directly associate the visit to www.hustlab.pl with the Client’s profile in that social network. If the Client uses one of the plug-ins, e.g. by clicking the “Like” button or the “Share” button, the relevant information will also be sent directly to the provider’s server and stored there. The purpose and scope of data collection and its further processing and use by service providers, as well as the possibility of contact and the rights of the Customer in this regard and the possibility of making settings to ensure protection of the Customer’s privacy are described in the privacy policies of service providers: 5.1. https://www.facebook.com/policy.php
5.2. https://help.instagram.com/519522125107875? helpref=page_content 5.3. https://policies.google.com/privacy? hl=pl&gl=ZZ.
If the User does not want the social networks to associate the data collected during visits to www.hustlab.pl directly with his/her profile on a given website, he/she must log out from that website before visiting www.hustlab.pl. Service Recipient can also completely prevent the loading of plug-ins on the website by using appropriate extensions for the browser, such as blocking scripts using “NoScript”.
The Client has the possibility to decide whether the Service Provider will be able to use Google AdWords (the administrator of external cookies: Google Inc. based in the USA) in relation to him. §7
(1) The Administrator shall apply technical and organizational measures to ensure the protection of personal data processed, appropriate to the risks and categories of data covered by the protection, in particular to protect data from unauthorized access, acquisition by an unauthorized person, processing in violation of applicable laws, and alteration, loss, damage or destruction. (2) The Administrator provides appropriate technical measures to prevent acquisition and modification by unauthorized persons of personal data transmitted electronically.