Privacy policy
CREATEAGIFT
-
General information
-
This document specifies the privacy principles applicable in the Online Shop www.createagift.eu (hereinafter referred to as the “Online Shop”).
-
For the purposes of data protection legislation, we are the data controller of your personal data - STprint Sp. z. o.o., with its registered seat in 32-007 Wola Batorska, Wola Batorska 961, Vat number: PL6793113617, REGON(National Business Registry No.): 362038462, entered in the Register of Entrepreneurs kept by the District Court for the Krakow -Sródmiescie, XI Commercial Division of the National Court Register under the KRS number: 0000566687, e-mail: contact@createagift.eu , Tel: +48 123337318.
-
Personal information collected by the Controller shall be processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR).
-
The controller collects information provided voluntarily by the Online Shop Customers. However, the provision of marked personal data is a condition for placing an order, while the consequence of not ordering will be the inability to order products in the store. Using the online shop requires the processing of the customer's personal data in the scope of first name, last name, phone number and email address, address of residence.
-
Moreover, the controller may record the information about connection parameters, like IP addresses, for technical purposes, for server administration and for collection of general, statistical demographic information (e.g. about the region from which the connection comes), and also for security purposes.
-
The Controller shall make an extra effort in order to protect privacy and information about the Online Shop Customers provided to him. The Controller shall exercise due diligence when selecting and applying appropriate technical measures, including those of programming and organizational nature, in order to protect the processed data, and in particular he shall protect the data from unauthorized access, disclosure, loss and destruction, unauthorized modification, and also from their processing with the breach of the applicable provisions of law.
-
Personal data will be processed in accordance with the principles of art. 5 GDPR.
Personal data will be:
-
processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
-
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);
-
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
-
accurate and, where necessary, kept up to date (‘accuracy’);
-
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
-
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
-
Purpose for Processing
-
The basis for the processing of the Customer's Personal Data is primarily the necessity to perform the contract to which he is a party or the need to take action at his request prior to its conclusion (Article 6 par 1 (b) of GDPR).
-
After expressing separate consent, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes (Article 6 par. 1 (a) GDPR).
-
In other purposes, the Customer's Personal Data may be processed on the basis of:
-
applicable law when processing is necessary to fulfill the legal obligation of the Controller e.g. when based on tax regulations or accounting one, The Controller settles concluded sales contracts (Article 6 (1) (c) GDPR);
-
indispensable for purposes other than those mentioned above resulting from legitimate interests pursued by the Controller or by a third party, in particular to determine, assert or defend claims, market and statistical analyses Article 6 (1) (f) GDPR).
-
We wish to inform you that we do not perform automated decision making, also on the basis of profiling.
-
The personal data we collect and use
-
We ensure that the collection and use of your personal data is lawful. Therefore, for the purposes listed below, we only use your personal data if one of the following conditions apply:
-
You have given us your consent;
-
We need your personal data for the performance of a contract you enter into with us, such as when you purchase a product through the website;
-
We need to comply with legal obligations;
-
We need to protect your vital interests;
-
Your data is necessary for the public interest, or
-
We have a legitimate interest in processing the personal data.
-
Category of Personal Data :
-
Name and contact details (such as first name, last name, company name, country/region, street address, phone number and email address.)
-
Purchase information/history.
-
Device information: information about your computer, phone or other device you use to view the website such as device type, operating system, hardware version, browser type, unique device identifier, IP address and advertising ID. Log information.
-
Payment information (we don’t store this information).
-
Term of Personal Data Processing
-
In compliance with the applicable legal provisions, we process your personal data for a term of time that is necessary to meet the designated purpose. After such term, the personal data of Customers will be irrevocably deleted or destroyed.
-
Personal data processed covered by the consent statement will be processed until the consent is revoked.
-
We process personal data during the term of the agreement, as well as during a period of expiry of claims resulting from the provisions of the Polish Civil Code.
-
Recipients of personal data
-
Recipients of the Customer's personal data may by entities performing the order at the Seller's request and handling it, such as: shipment companies, accounting companies, suppliers of the goods, assembly services, providers of IT solutions, payment processing companies, banks, companies providing marketing services, telecommunication providers, law offices, authorized state authorities.
-
Online payments are processed by “Stripe" and PayPal (Europe) S.à r.l. & Cie, S.C.A., 5. Etage, 22-24 Boulevard Royal, 2449 Luxembourg ).
-
Transaction data, including personal data, may be transferred to “Stripe“ or PayPal to the extent necessary to handle payment for the order. The Customer has the right to access their data and correct it. The provision of data is voluntary and at the same time necessary for the use of the website."
-
Your rights on personal data concerning you
-
Due to the voluntary nature of providing your personal data, you have the right to
-
access to your personal data (Art. 15 GDPR);
-
rectify your personal data (Art. 16 GDPR);
-
delete your personal data ("the right to be forgotten" – Art.17 GDPR);
-
restrict the processing of your personal data (Art. 18 GDPR);
-
transfer your personal data (Art. 20 GDPR);
-
to object (Art. 21 GDPR);
-
If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Office for Personal Data Protection.
-
Withdrawal of consent to the processing of data does not affect the lawfulness of data processing made by the Controller on the basis of consent before its withdrawal.
-
Requests for the processing of personal data can be submitted by e-mail: contact@createagift.eu .