1. The Personal Data Controller for the website available at: www.rainbowsocks.com, hereinafter referred to as the Online Shop, is Iwuc sp. z o.o. with registered office at the following address: Kłobucka B8/28, 02-699 Warsaw, Poland, registered in the register of entrepreneurs of the National Court Register by the District Court for the capital city of Warsaw, XIII Commercial Division of the National Court Register under the KRS number: 0000636355, Tax ID (NIP): 9512418776, National Business Registry Number (REGON): 36537132800000, postal address: Brain Embassy, Postępu 15, 02-676 Warsaw, Poland, e-mail address: firstname.lastname@example.org.
2. With respect to your rights as personal data subjects (i.e. persons to whom the data relates) and with respect to the mandatory rules of law, including especially the Regulation of the European Parliament and the Council (EU) 2016/679 of 27 April 2016 on protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/WE (General Data Protection Regulation), hereinafter referred to as GDPR, the Personal Data Protection Act of 10 May 2018 (Dz. U. 2018, item 1000, hereinafter referred to as the Act), and other relevant personal data protection regulations, we commit to maintaining security and confidentiality of all personal data gathered from you. All our employees have been properly trained in personal data protection and, as the Personal Data Controller, we have introduced new security measures, as well as technical and organisational means, in order to ensure the highest possible level of personal data protection. We have introduced appropriate procedures and policies to process personal data in accordance with GDPR, so that personal data processing occurs lawfully and reliably and you, as data subjects, may execute all your relevant rights. Additionally, if needed, we cooperate with the regulatory body within the territory of the Republic of Poland, i.e. the President of the Data Protection Authority (hereinafter referred to as PDPA).
3. Our Online Shop collects the following personal data:
a) name and surname – may be processed, when, as users of our Online Shop (including as customers or potential customers), you give them to us via e-mail, registration form, order form, contact form available in the Online Shop, traditional mail or via phone, as well as for the purposes of correctly addressing parcels containing your ordered Products and providing any other services,
b) home or postal address – is necessary for the purposes of proper postage of ordered Products; sharing it is mandatory when shopping in our Online Shop,
c) telephone number – may be processed in cases of telephone contact between us and you (including as customers or potential customers), as well as when you provide us your telephone number via e-mail, registration form, order form or contact form available in our Online Shop or traditional mail in order to allow us to contact you when needed for the purposes of shipping the ordered Products or answering questions relating to our offering,
d) e-mail address – may be processed, when, as users of our Online Shop (including as customers or potential customers), you give it to us during contact via e-mail, registration form, order form or contact form available in our Online Shop, as well as via traditional mail or via phone; we use the e-mail to confirm placed orders, contact you whenever needed in order to facilitate realising placed orders, or to answer any questions relating to our offer; if you consented to receive marketing data and are subscribed to our newsletter, the e-mail shall also be used for the purposes of providing trade information several times each month,
e) Tax ID / NIP – we collect the tax ID from entrepreneurs and customers requesting us to issue an invoice,
f) device IP address or browser identifier – the general information relating to the usage of Internet-based connections, such as IP addresses (and other information contained in system logons) are used for technical or statistical purposes, specifically collecting general demographic data (e.g. about the region from which a connection is received),
g) other data may be collected within the scope of conducting other matters, or may be provided by you, as users of our Website (including as customers and potential customers), via e-mail, contact form available in the Online Shop, traditional mail or via phone.
4. Providing above-mentioned data is necessary in cases listed above, including especially:
a) for the purpose of placing an order in the Online Shop via an order form,, including placing the order without registering (creating an Account) in the Online Shop,
b) for the purpose of shipping Products ordered in the Online Shop,
c) for the purpose of answering your questions or enabling contact via e-mail, contact form available in the Online Shop, traditional mail or telephone,
d) for the purpose of voluntary registration – creating an Account in the Online Shop; in such cases we store your data to enable easier usage of the Online Shop in the future, until deregistration (deleting one’s Account),
e) in order to execute the newsletter service (subscription) – if you want to be informed of interesting events and marketing offers, you may subscribe to our newsletter; the subscription is not mandatory and you may unsubscribe at any time.
5. Our Online Shop utilises the Cookies technology to match its functionality to your individual needs. You may therefore consent to having your entered data and information saved, so that they may be later on used on subsequent visits to the Online Shop website without having to enter them again. Owners of other Websites will not have access to this data and information. If, however, you do not agree to personalisation of the Online Shop, you may disable the Cookies in your Internet browsers.
7. As per the rule of minimisation, we only process the categories of personal data that are considered necessary for purposes specified in points 3 and 4 above.
8. We shall process the personal data only for however long it is necessary to achieve the purposes specified in points 3 and 4 above. Personal data may be processed for longer periods of time in cases where it is sanctioned or enforced on the Controller by the mandatory rules of law, when the Controller is legally justified in doing so, as per point 10.c below (i.e. for periods of lapsed claims or proceedings finalisation, if the proceedings had been started within the lapse period), or when the provided service is continuous (e.g. newletter subscription).
9. The source of personal data processed by the Personal Data Controller are you, i.e. the data subjects.
10. The legal basis for processing your personal data is:
a) art. 6.1.b of the GDPR, i.e. data processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, or
b) art. 6.1.c of the GDPR, i.e. processing is necessary for compliance with a legal obligation to which the Controller is subject, or
c) art. 6.1.f of the GDPR, i.e. legitimate interests pursued by the Controller, such as determining, demanding, or defending claims, until they lapse or until the relevant proceedings are completed, if they were initiated within that period, or
d) art. 6.1.a of the GDPR, i.e. your consent to the processing of personal data for one or more specific purposes, when other legal bases for data processing are not applicable – e.g. in cases of newsletter subscription.
11. Your personal data shall not be shared with any third country or international organisation, as per the GDPR. If the personal data is shared with a third country or an international organisation, you shall be duly informed thereof, and the Controller shall utilise relevant security measures, as per Chapter V of the GDPR.
12. No personal data is shared with any third parties without express consent of the data subject. Personal data may be shared without consent of the data subject only with legal public bodies, i.e. government and administrative bodies (e.g. tax offices, judicial authorities and other entities with a mandate stipulated by the relevant mandatory rules of law).
13. In cases where the Application features “Like” buttons or URLs redirecting users to the Controller’s social media accounts, specifically within the scope of IP addresses and browser identifiers, where the Controller utilises the following products:
a) Facebook (e.g. Facebook, Messenger, Instagram) – the above-mentioned data is processed and co-administered with the company Facebook Ireland Ltd., with registered office at the following address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland,
b) Pinterest – the above-mentioned data is processed and co-administered with the company Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland
If personal data is transferred to third countries in scenarios described in the point, the transfers occur as described in point 11.
14. Personal data may be shared with entities that process the data on our request, i.e. on the request of the Personal Data Controller. In such cases, as the Personal Data Controller, we conclude a contract for personal data processing with such an entity. The Processing Entity processes the shared personal data solely for purposes specified in the aforementioned contract. Without sharing the personal data with such entities we would not be able to conduct our business activity in our Online Shop, nor deliver to you any packages with your ordered Products. As the Personal Data Controller, we share the personal data for processing with the following entities:
a) providing hosting services for the Online Shop website,
b) providing postal, courier and shipping services for the ordered Products,
c) entities providing other services necessary for proper functioning of the Online Shop.
15. As the Controller, we do not profile personal data, as per the GDPR.
16. According to the GDPR, each person whose personal data is being processed by the Personal Data Controller has the right to:
a) be informed of the personal data processing, as per art. 12 of the GDPR,
b) access their personal data, as per art. 15 of the GDPR,
c) correct or update the personal data, as per art. 16 of the GDPR,
d) delete their data (the right to be forgotten), as per art. 17 of the GDPR,
e) limit the processing, as per art. 18 of the GDPR,
f) transfer the data, as per art. 20 of the GDPR,
g) object to the processing of their personal data, as per art. 21 of the GDPR,
h) In cases of legal bases, as per point 10.d above — the right to withdraw one's consent at any time, without affecting the legality of the processing conducted on the basis of the previously given consent,
i) restrict profiling, as per art. 22, relating to art. 4 of the GDPR,
j) file a complaints to a supervisory body (i.e. to the President of the Data Protection Authority), as per art. 77 of the GDPR,
subject to the rules of utilising and executing such rights, as per the GDPR.
17. Should you wish to exercise any of your abovementioned rights, please send an e-mail of the addresses email@example.com.
18. The Applications should clearly contain:
a) the data of the person or persons to whom the Application relates,
b) the event that the Application relates to,
c) the filed requests and their legal basis,
d) the desired means of solving the issue.
19. Each ascertained instance of security breach is documented, and should any of the events, as described by the GDPR or the Act, occur, the data subjects, as well as the PDPA, if applicable, shall be informed thereof.