Privacy Policy

Publication date:

PRIVACY AND COOKIES POLICY

version valid from 01/11/2020.

 

Table of Contents

1. What is the Privacy Policy?

1.1. Who is the administrator of the website www.rojax.pl?

2. Personal data. 

2.1. What legal act regulates the processing of your personal data?

2.2. Who is the administrator of your personal data?

3. How we process your personal data that you provide to us.

3.1. What personal data do we process and for what purposes do we process them?

3.2. Voluntary provision of personal data.

3.3. Recipients of personal data.

3.4. Automated decision making (including profiling).

3.5. Will we transfer your personal data outside the EEA or to an international organization?

4. What are your rights in relation to the processing of your personal data by us?

4.1. The right to access personal data (Article 15 of the GDPR).

4.2. The right to rectify personal data (Article 16 of the GDPR).

4.3. The right to delete personal data, the so-called "The right to be forgotten" (Art. 17 GDPR).

4.4. The right to submit a request to limit the processing of personal data (Article 18 of the GDPR).

4.5. The right to object to the processing of personal data (Article 21 of the GDPR).

4.6. The right to request the transfer of personal data (Article 20 of the GDPR).

4.7. Complaint to the supervisory authority.

5. Cookies.

5.1. General information.

5.2. Security.

5.3. Types of cookies.

5.4. Objectives.

 

1. What is the Privacy Policy?

We would like to familiarize you with the details of the processing of your personal data by us to give you full knowledge and comfort in using our website.

Since we operate in the internet industry ourselves, we know how important it is to protect your personal data. Therefore, we make special efforts to protect your privacy and the information you provide to us.

We carefully select and apply appropriate technical measures, in particular those of a programming and organizational nature, ensuring the protection of personal data processed. Our website uses encrypted data transmission (SSL), which ensures the protection of your identifying data.

In our Privacy Policy you will find all the most important information regarding the processing of your personal data by us. 

We ask you to read it and we promise it will not take more than a few minutes.

1.1. Who is the administrator of the website www.rojax.pl?

The administrator of the website www.rojax.pl is Paweł Czekański, running a business under the name PRZEDSIĘBIORSTWO HANDLOWO-USŁUGOWE "ROJAX" Paweł Czekański, entered in the register of entrepreneurs of the Central Register and Information on Economic Activity kept by the minister competent for economy at ul. Lubelska 50, 35 - 233 Rzeszów, NIP 8130205006, REGON 005134969 (i.e. we).

2. Personal data.

2.1. What legal act regulates the processing of your personal data?

Your personal data is collected and processed by us in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95 / 46 / EC (general regulation on data protection) (Journal of Laws UE L 119, p. 1), commonly known as: GDPR. To the extent not regulated by the GDPR, the processing of personal data is governed by the Personal Data Protection Act of May 10, 2018.

2.2. Who is the administrator of your personal data?

The administrator of your personal data is:

Przedsiębiorstwo HANDLOWOŁUGOWE "ROJAX" Paweł Czekański

ul. Lubelska 50

35 – 233 Rzeszów

telephone: +48 730 007 163

e-mail: sklep@rojax.pl

 

You can contact us regarding your personal data via:

 - e-mail: sklep@rojax.pl

- traditional mail: ul. Lubelska 50

35 – 233 Rzeszów

- telephone: +48 730 007 163

3. How we process your personal data that you provide to us.

3.1. What personal data do we process and for what purposes do we process them?

We offer you many different services on our website, for the purposes of which we process different personal data on different legal bases.

Objective

Personal data

Legal basis for processing

Data storage time

conclusion and performance of the contract

name, surname, address, tax identification number, REGON number, e-mail address, telephone number, bank account number, payment card number

art. 6 sec. 1 lit. b) GDPR, i.e. processing in order to take action at your request, before concluding a contract and processing necessary for the performance of a contract to which you are a party

until the expiry of the limitation period for claims relating to the performance of the contract

account in the online store

e-mail adress

art. 6 sec. 1 lit. b) GDPR, i.e. processing in order to take action at your request, before concluding a contract and processing necessary for the performance of a contract to which you are a party

until the account is deleted

posting opinions about goods

name

art.6 sec. 1 lit. f) GDPR, i.e. processing to implement our legitimate interest, consisting in presenting opinions on goods and the course of transactions on the website of the online store

until you object to the processing of personal data

contact form

e-mail address, name

art. 6 sec. 1 lit. f) GDPR, i.e. processing in order to implement our legitimate interest in responding to your message

until you object to the processing of personal data

analysis of traffic on the website of the Online Store

 

Art. 6 sec. 1 lit. f) GDPR, i.e.

processing for implementation

the Administrator's legitimate interest in analyzing customer traffic on the Store's website.

for 26 months from the collection of data or until an objection to the processing of personal data is raised

direct marketing of own goods and services, including remarketing

name, surname, company, mailing address, information stored in cookies, location, history of viewed products

Art. 6 sec. 1 lit. f) GDPR, i.e.

processing for implementation

the legitimate interest of the Administrator consisting in direct marketing of own services, including remarketing

until you object to the processing of personal data or it is determined that your data has become obsolete

 

determination, investigation and enforcement of claims and defense against claims in proceedings before courts and other state authorities

 

name, surname, address, PESEL number, NIP number, REGON number, e-mail address, telephone number, IP number, bank account number, payment card number

art. 6 sec. 1 lit. f) GDPR, i.e. processing in order to implement our legitimate interest, consisting in establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities

until the expiry of the limitation period for claims relating to the performance of the contract

fulfillment of legal obligations resulting from legal regulations, in particular tax and accounting regulations

name, surname, company, PESEL number, NIP or REGON number, e-mail address, telephone number, correspondence address, payment card number

 

Art. 6 sec. 1 lit. c) GDPR, i.e. processing is necessary to fulfill legal obligations incumbent on us, resulting from legal provisions, in particular tax and accounting regulations

until the expiry of the legal obligations incumbent on the Administrator, which justified the processing of personal data

 

3.2. Voluntary provision of personal data.

Providing the required personal data by you is voluntary, but it is a condition for us to provide services to you (e.g. creating an account).

3.3. Recipients of personal data.

The current list of entities to which we disclose your personal data can be found in the attachment at the bottom of the privacy policy.

3.4. Automated decision making (including profiling).

Your personal data will not be used for profiling or for automated decision-making regarding you.

3.5. Will we transfer your personal data outside the EEA or to an international organization?

In order to use Google tools for creating statistics as well as marketing and remarketing activities, your personal data may be transferred to the United States, where Google LLC servers are located.

Google LLC is on the Privacy Shield List (link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) and applies the Data Security Model Contractual Clauses approved by the European Commission.

 

4. What are your rights in relation to the processing of your personal data by us?

Under the GDPR, you have the right to:

  • request access to your personal data
  • request rectification of your personal data
  • request the deletion of your personal data
  • requests to limit the processing of personal data
  • object to the processing of personal data
  • requests to transfer personal data

If you submit any of the above requests to us, without undue delay - and in any case within one month of receiving the request - we will provide you with information about the actions taken in connection with your request.

If necessary, we can extend the monthly period by another two months due to the complex nature of the request or the number of requests.

In any case, we will inform you within one month of receiving the request to extend the deadline and provide you with the reasons for the delay.

4.1. The right to access personal data (Article 15 of the GDPR).

You have the right to obtain information as to whether we process your personal data.

If we process your personal data, you have the right to:

  • access to personal data,
  • obtain information about the purposes of processing, categories of personal data being processed, about the recipients or categories of recipients of this data, the planned periodabout storing your data or about the criteria for determining this period, about your rights under the GDPR and about the right to lodge a complaint with the President of the Office for Personal Data Protection, about the source of this data, about automated decision making, including profiling, and about security measures used in connection with with the transfer of these data outside the European Union;
  • obtain a copy of your personal data.

If you want to request access to your personal data, please submit your request to: sklep@rojax.pl.

4.2. The right to rectify personal data (Article 16 of the GDPR).

If your personal data is incorrect, you have the right to request that we correct your personal data immediately. You also have the right to request that we supplement your personal data.

If you want to request rectification or supplementation of your personal data, please submit your request to: sklep@rojax.pl.

4.3. The right to delete personal data, the so-called "The right to be forgotten" (Art. 17 GDPR).

You have the right to request the deletion of your personal data when:

  • Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you have withdrawn your specific consent to the extent that personal data was processed based on your consent;
  • Your personal data has been processed unlawfully;
  • you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent to which the processing of personal data is related to direct marketing;
  • you have objected to the processing of your personal data in connection with the processing necessary to perform a task carried out in the public interest or the processing necessary for the purposes of the legitimate interests pursued by us or a third party.

Despite the request to delete personal data, we may process your data further in order to establish, assert or defend claims about which you will be informed / informed.

If you want to request the deletion of your personal data, please submit your request to: sklep@rojax.pl.

4.4. The right to submit a request to limit the processing of personal data (Article 18 of the GDPR).

You have the right to request the restriction of the processing of your personal data when:

  • you question the correctness of your personal data - in this case, we will limit the processing of your personal data for a period allowing for the verification of the correctness of this data;
  • the processing of your data is unlawful, and instead of deleting your personal data, you will request the restriction of the processing of your personal data;
  • Your personal data are no longer needed for the purposes of processing, but they are needed to establish, assert or defend your claims;
  • you have objected to the processing of your personal data - until it is determined whether our legitimate interests override the grounds indicated in your objection.

If you want to restrict the processing of your personal data, please submit your request to: sklep@rojax.pl.

4.5. The right to object to the processing of personal data (Article 21 of the GDPR).

You have the right to object at any time to the processing of your personal data, including profiling, in connection with:

  • processing necessary to perform a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the Administrator of personal data or a third party;
  • processing for the purposes of direct marketing.

If you want to object to the processing of your personal data, please submit your request to: sklep@rojax.pl.

4.6. The right to request the transfer of personal data (Article 20 of the GDPR).

You have the right to receive your personal data from us in a structured, commonly used and machine-readable format and to send it to another personal data controller.

As a standard, we will provide you with your personal data in CSV format. If you prefer the data to be made available to you in a different format, indicate the preferred format in your request. Where possible, we will try to provide you with the data in the format you prefer.

You can also request that we send your personal data directly to another administrator (if it is technically possible).

If you want to request the transfer of your personal data, please submit your request to: sklep@rojax.pl.

 

4.7. Complaint to the supervisory authority.

If you believe that the processing of your personal data violates the provisions on the protection of personal data, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement

In Poland, the supervisory body within the meaning of the GDPR is the President of the Personal Data Protection Office, who replaced GIODO on May 25, 2018.

Find out more here.

 

5. Cookies.

5.1. Infogeneral rations.

When browsing the websites of the Online Store, "cookies" are used, hereinafter referred to as Cookies, i.e. small text information that is stored on your end device in connection with the use of the Online Store. Their use is aimed at the correct operation of the Online Store websites.

These files allow you to identify the software used by you and adjust the Online Store individually to your needs.

Cookies usually contain the name of the domain they come from, their storage time on the device and the assigned value.

5.2. Security.

The cookies we use are safe for your devices. In particular, it is not possible for viruses or other unwanted software or malware to enter your devices through cookies.

5.3. Types of cookies.

We use two types of cookies:

Session cookies: they are stored on your device and remain there until the end of the browser session. The saved information is then permanently deleted from the memory of your device. The session cookies mechanism does not allow the collection of any personal data or any confidential information from your device.

Persistent cookies: they are stored on your device and remain there until they are deleted. Ending the browser session or turning off the device does not delete them from your device. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from your device.

5.4 Goals.

We also use third party cookies for the following purposes:

  • configuration of the Online Store;
  • presentation of the Certificate of Conformity via the website solidregulamin.pl, the administrator of which is APM Poniatowska-Maj Kancelaria Prawna sp.k., based in Gdańsk, the Privacy Policy is available at the following link: - http://solidnyregulamin.pl/polityka-prywatnosci/;
  • creating statistics that help to understand how the Online Store customers use websites, which allows improving their structure and content through Google Analytics analytical tools, the administrator of which is Google Ireland Ltd. based in Ireland or Google LLC based in the USA The Google Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1;
  • determining the Customer's profile in order to display him matched materials in advertising networks, using the Google Ads online advertising tool, the administrator of which is Google Ireland Ltd. based in Ireland, the Google Privacy Policy is available at the following link: https://policies.google.com/privacy?fg=1.

To learn the rules of using Cookies, we recommend that you read the privacy policies of the above-mentioned companies.

Cookies can be used by advertising networks, in particular the Google network, to display advertisements tailored to your preferences. For this purpose, information about how you navigate on the web or when you use the website may be stored.

To view and edit information about your preferences collected by the Google advertising network, you can use the tool available at https://www.google.com/ads/preferences/.

By using the web browser settings or by using the service configuration, you can change your Cookie settings at any time, specifying the conditions for their storage and access to your device via Cookies. You can change these settings so as to block the automatic handling of cookies in your web browser settings or to inform about them each time they are placed on your device. Detailed information on the possibilities and methods of handling cookies is available in the settings of your software (web browser).