RODO

GDPR Information Obligation

The following information is a concise, understandable, and transparent summary of the details included in the Privacy Policy regarding the Data Controller, the purpose and method of processing personal data, and your rights related to such processing, in the form required to fulfill the GDPR information obligation. Detailed information about the processing methods and entities involved in this process is available in the indicated policy.

Who is the Data Controller?

The Data Controller (hereinafter referred to as the "Controller") is the company "Ewa Wawrzycka – Iconic & Fashion & Image IFI", operating at the address: Kamieni 5/7U, 55-002 Dobrzykowice, with the tax identification number (NIP): 8942607485, providing electronic services through the Website.

How can you contact the Data Controller?

You can contact the Controller in one of the following ways:

  • Postal address - Ewa Wawrzycka – Iconic & Fashion & Image IFI, Kamieni 5/7U, 55-002 Dobrzykowice

  • Email address - demo@sklep.pl

  • Phone - 609325345

  • Contact form - available at: /contact

Has the Controller appointed a Data Protection Officer?

Based on Article 37 of the GDPR, the Controller has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, please contact the Controller directly.

Where do we obtain personal data from?

Data is obtained from the following sources:

  • from individuals to whom the data relates
  • in case of registration using social media platforms, from these platforms – with the informed consent of the individuals

What is the scope of the personal data we process?

The Website processes ordinary personal data, voluntarily provided by the individuals concerned.
(e.g. name and surname, username, email address, phone number, IP address, etc.)

The detailed scope of processed data is available in the Privacy Policy.

What are the purposes of processing personal data?

Personal data voluntarily provided by Users is processed for one of the following purposes:

  • Provision of electronic services:
    • Registration and maintenance of the User's account on the Website and related functionalities
    • Newsletter service (including sending advertising content with consent)
    • Commenting / liking posts on the Website without the need to register
  • Communication of the Controller with Users regarding the Website and data protection
  • Ensuring the legitimate interest of the Controller

What are the legal grounds for data processing?

The Website collects and processes Users' data based on:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, GDPR)
    • Art. 6(1)(a)
      the data subject has given consent to the processing of his or her personal data for one or more specific purposes
    • Art. 6(1)(b)
      processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
    • Art. 6(1)(f)
      processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party
  • Act of 10 May 2018 on the Protection of Personal Data (Polish Journal of Laws 2018, item 1000)
  • Act of 16 July 2004 – Telecommunications Law (Polish Journal of Laws 2004, No. 171, item 1800)
  • Act of 4 February 1994 on Copyright and Related Rights (Polish Journal of Laws 1994, No. 24, item 83)

What is the legitimate interest pursued by the Controller?

  • For the purpose of establishing, exercising, or defending legal claims – the legal basis is our legitimate interest (Art. 6(1)(f) GDPR) consisting in the protection of our rights;
  • For assessing potential clients’ risk
  • For evaluating planned marketing campaigns
  • For conducting direct marketing

For how long do we process personal data?

As a rule, the indicated personal data is stored only for the duration of the services provided via the Website by the Controller. They are deleted or anonymized within 30 days from the end of the provision of services (e.g., deletion of a registered user account, unsubscribing from the Newsletter, etc.).

In exceptional situations, in order to safeguard the legitimate interests of the Controller, this period may be extended. In such a case, the Controller will store the indicated data, from the time the User requests its deletion, for no longer than 3 years in the event of a violation or suspected violation of the Website’s terms and conditions by the data subject.

Who are the recipients of personal data?

As a rule, the sole recipient of the data is the Controller.

However, data processing may be entrusted to other entities providing services to the Controller in order to maintain the Website’s operation.

Such entities may include, among others:

  • Hosting providers, offering hosting or related services for the Controller
  • Companies providing Newsletter distribution services
  • IT support and service companies responsible for infrastructure maintenance
  • Companies processing online payments for goods or services offered through the Website (when making a purchase)
  • Companies processing mobile payments for goods or services offered through the Website (when making a purchase)
  • Accounting companies handling the Controller’s bookkeeping (when making a purchase)
  • Companies responsible for delivering physical products to the User (postal / courier services when making a purchase)

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union, unless they are published as a result of the User’s individual action (e.g., posting a comment or entry), which will make the data accessible to anyone visiting the Website.

Will personal data be subject to automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have in relation to personal data processing?

  • Right of access
    Users have the right to obtain access to their personal data, exercised upon request submitted to the Controller.

  • Right to rectification
    Users have the right to request the immediate rectification of inaccurate personal data and to complete incomplete data, exercised upon request submitted to the Controller.

  • Right to erasure ("right to be forgotten")
    Users have the right to request the immediate erasure of personal data, exercised upon request submitted to the Controller.

    For user accounts, erasure means anonymization of data that enables the User’s identification.

    For the Newsletter service, the User may independently remove their personal data by using the unsubscribe link provided in each email message.

  • Right to restriction of processing
    Users have the right to restrict the processing of personal data in cases specified in Art. 18 GDPR, e.g., contesting the accuracy of personal data, exercised upon request submitted to the Controller.

  • Right to data portability
    Users have the right to receive their personal data from the Controller in a structured, commonly used, and machine-readable format, exercised upon request submitted to the Controller.

  • Right to object
    Users have the right to object to the processing of their personal data in cases specified in Art. 21 GDPR, exercised upon request submitted to the Controller.

  • Right to lodge a complaint
    Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.