1. This Privacy Policy specifies the principles for processing of personal data acquired via www.karinmarkers.com  online shop (hereinafter: “Online Shop”).

2. The owner of the Online Shop and data controller is the K. T. Skalscy “Karin” Sp. J with its registered seat in Jabłonna  (05-110), ul. Modlińska 209, entered into the National Court Register under the no.: 0000086131, VAT ID: 5240401741, National Official Register of Business Entities no. (REGON): 006925118, hereinafter referred to as the K.T. Skalscy “Karin” Sp. J

3. Personal data collected by K. T. Skalscy “Karin” Sp. J via Online Shop are processed in compliance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to also as the GDPR.

4. K. T. Skalscy “Karin” Sp. J acts with utmost care to respect the privacy of the Customers visiting its Online Shop.

§ 1 Type of processed data, purposes and legal basis

1. K. T. Skalscy “Karin” Sp. J collects information on natural persons performing the act of law not related directly with their activity, natural persons conducting a business or professional activity on their own behalf and natural persons representing the legal persons or organisational units without a legal personality, to which the act grants a legal capacity, conducting a business or professional activity on their own behalf, hereinafter referred to jointly as the Customers.

2. Personal data of Customers are collected in the following cases:

  a) registration of account in the Online Shop in order to create an individual account and account management. Legal basis: necessary for performance of the agreement on providing the Account service (Article 6(1)(b) of the GDPR);

  b) placing the order in the Online Shop to perform the sales agreement. Legal basis: necessary for performance of the sales agreement (Article 6(1)(b) of the GDPR);

  c) use the contact form service in the Online Shop to perform the agreement provided electronically. Legal basis: necessary for performance of the agreement on providing the contact form service (Article 6(1)(b) of the GDPR).

3. When registering  an account in the Online Shop, the Customer provides:

  a) email address;

  b) address data:

  a. postal code and locality;

  b. street and house/apartment no.;

  c) full name;

  d) phone no.

4. When registering an account in the Online Shop, the Customer creates an individual access password to its account. The Customer can modify the password at a later point of time, as laid down in §5.

5. When placing the order in the Online Shop, the Customer provides the following data: 

  a) email address;

  b) address data:

  a. postal code and locality;

  b. street and house/apartment no.;

  c) full name;

  d) phone no.

6. For the Entrepreneurs, this scope of data is additionally extended by:

  a) company of the Entrepreneur;

  b) VAT ID no.

7. When using the contact form service, the Customer provides the following data:

  a) email address;

  b) full name.

8. When using the Shop Website, additional information can be collected, including in particular: IP address assigned to the Customer’s computer or external IP address of the Internet provider, name of domain, type of search engine, access time, type of operating system.

9. The other collected Customer data include navigation data, including information on links that were clicked or other activities taken in our Online Shop. Legal basis – legitimate interest (Article 6(1)(f) of the GRPR), consisting in facilitated use of services provided electronically and improved functionality of these services.

10. For establishment, exercising or enforcement of claims, certain personal data provided by the Customer when using the functionalities of the Online Shop can be processed, including among others: name, surname, data on using the services, if the claims results from the way the Customer uses the services, other data necessary to prove the existence of claim, including the size of suffered damage.  Legal basis – legitimate interest (Article 6(1)(f) of the GRPR), consisting in p establishment, exercising or enforcement of claims and defence against claims in the proceeding before the courts and other state authorities.

11. Transferring of personal data to the K. T. Skalscy “Karin” Sp. J is voluntary with regard to the concluded sales agreement or providing the services via Shop Website, provided that failure to provide data specified in the forms in the Registration process prevents Registration and creating the Customer Account and when placing the order without Registration of the Customer Account it prevents placing and execution of the Customer’s order. 

§ 2 To whom data are provided and entrusted and how long are they stored?

1. Personal data of a Customer are transferred to providers of services used by the K. T. Skalscy “Karin” Sp. J when running the Online Shop. Service providers, to which personal data are transferred, depending on contractual obligations and circumstances, follow the instructions of the K. T. Skalscy “Karin” Sp. J regarding the purposes and methods of data processing (processors) or establish the purposes and methods of their processes by their own (controllers). 

  a) Processors: K. T. Skalscy “Karin” Sp. J uses the providers that process personal data only on request of the K. T. Skalscy “Karin” Sp. J. These include among others the providers of hosting services, accounting services, providing the marketing systems, systems analysing traffic in the Online Shop and analysing the effectiveness of marketing campaigns; 

  b) Controllers: K. T. Skalscy “Karin” Sp. J uses the providers that do not operate only on request and establish the purposes and methods of use of personal data of Customers on their own. These entities provide e-payment and banking services.

2. Location. The Service providers have their seat primarily in Poland and in the other countries of the European Economic Area (EEA).

3. Personal data of Customers are stored:

  a) In the case, when the basis for processing of personal data is the consent, the personal data of Customer are processed by K. T. Skalscy “Karin” Sp. J until the consent is revoked and upon revoking of consent for the time period corresponding to the period of limitation of claims that might be lodged by and against K. T. Skalscy “Karin” Sp. J. Unless any specific provision states otherwise, the limitation period is six years, while for the claims for periodic benefits and related to business activity – three years.

  b) When the basis for data processing is performance of the agreement, personal data of the Customer are processed by K. T. Skalscy “Karin” Sp. J until it is necessary to perform the agreement, and later for the period corresponding to the period of limitation of claims. Unless any specific provision states otherwise, the limitation period is six years, while for the claims for periodic benefits and related to business activity – three years.

4. When purchasing in the Online Shop, personal data can be transferred, depending on the Customer’s choice, to the following entities to deliver the ordered products:

  a) DPD courier company with its seat in Warsaw

  b) UPS courier company with its seat in Warsaw 

 

5. Navigation data can be used to ensure better service to Customers, analysis of statistical data and tailoring the Online Shop to the Customer preferences as well as administration of Online Shop.

6. On request, the K. T. Skalscy “Karin” Sp. J provides access to personal data to the authorised state authorities, in particular organisational units of the Prosecutor’s Office, Police Forces, President of the Office for Personal Data Protection, President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications. 

§ 3 Cookies mechanism, IP address

1. The Online Shop uses small files called cookies. These are saved by the K. T. Skalscy “Karin” Sp. J on end device of the visitor of the Online Shop, provided that the search engine enables doing so. A cookie file usually contains the name of its domain, “time of expiry” and individual random number identifying that file. Information collected by such files support tailoring the products offered by K. T. Skalscy “Karin” Sp. J to the individual preferences of the Online Shop visitors. They enable also development of individual visit statistics for products presented in the Online Shop.

2. K. T. Skalscy „Karin” Sp. J uses two types of cookies:

  a) Session cookies: upon closing the session of a given search engine or turning off the computer, any saved information is deleted from the device’s memory. The session cookies mechanism prevents collection of any personal data or confidential information from the Customers’ computers. 

  b) Permanent cookies: these cookies are stored in the memory of and end device of the Customer and remain there until deleted or expired. The permanent cookies mechanism prevents collection of any personal data or confidential information from the Customers’ computers.

3. K. T. Skalscy “Karin” Sp. J uses its own cookies to:

  a) authenticate the Customer in the Online Shop and enabling the Customer’s session in the Online Shop (after logging-in) without the need to re-enter login and password by the Customer at each subpage of the Online Shop;

  b) perform analyses and research and audit of viewing, including in particular to develop anonymous statistics to better understand the way the Customers use the Shop Website, which enables improvement of its structure and content.

4. K. T. Skalscy “Karin” Sp. J uses external cookies to:

  a) promote the Online Shop via facebook.com social media service (external cookies administrator: Facebook Inc with its seat in the USA or  Facebook Ireland with its seat in Ireland);

  b) presenting on the information websites of the Shop of a map with location of K. T. Skalscy “Karin” Sp. J office using the maps.google.com web service (external cookie administrator: Google Inc with its seat in the USA);

  c) present the opinions on the Shop websites downloaded from the external Internet service opineo.pl (external cookie administrator: Opineo Sp. z o.o. with its seat in Wroclaw);

  d) present advertising tailored to the Customer’s preferences with the use of e-advertising tool - Google AdSense (external cookie administrator: Google Inc with its seat in the USA);

5. The cookies mechanism is safe for the computers of the Online Shop Customers. Cookies do not enable viruses or any other unwanted or malicious software into the Customers’ computers. Nevertheless, the Customers can limit or disable access of cookies to the computer via their search engines. When using this option, the Customers will be able to use the Online Shop except from the functions that require cookies by nature.

6. The method of changing the cookies settings in the popular search engines is presented below:

  a) Internet Explorer search engine;

  b) Microsoft EDGE search engine;

  c) Mozilla Firefox search engine;

  d) Chrome search engine;

  e) Safari search engine;

  f) Opera search engine.

7. K. T. Skalscy “Karin” Sp. J can collect the IP address of Customers. IP address is a number assigned to the computer of the Online Shop visitor by the Internet service provider. The IP number enables access to Internet. In vast majority of cases, it is assigned to a computer dynamically i.e. changes at each connection with Internet and therefore it is commonly treated as a non-personal identifier. The IP address is used by the K. T. Skalscy “Karin” Sp. J for diagnosing technical problems with the server, developing the statistical analyses (e.g. determination which regions generate the highest number of visits), as information supporting administration and improvement of the Online Shop as well as for security purposes and possible identification of undesired automatic programmes for viewing the content of the Online Shop that put additional strain on the server.

8. The online shop contains the links to the other websites. K. T. Skalscy “Karin” Sp. J bears no responsibility for the privacy protection rules applied on these websites.

§ 4 Right of data subjects

1. Right to withdraw consent - legal basis: Article 7(3) of the GRDP.

  a) A Customer has a right to withdraw each consent that it gave to K. T. Skalscy “Karin” Sp. J.

  b) Withdrawal of consent is effective from the moment of withdrawal.

  c) Withdrawal of consent has no effect on legal processing by K. T. Skalscy “Karin” Sp. J before the withdrawal.

  d) Withdrawal of consent shall result in no negative consequences to the Customer however may prevent further use of services or functionalities, which can be legally provided by K. T. Skalscy “Karin” Sp. J only upon consent.

2. Right to object to processing of personal data – legal basis: - Article 21 of the GRDP.

  a) A Customer has a right to object at any time – from the reasons related to its specific situation – to processing  of its personal data, including profiling, provided that K. T. Skalscy “Karin” Sp. J processes its data on the basis of a legitimate interest, e.g. marketing of products and services of K. T. Skalscy “Karin” Sp. J, keeping the statistics of use of individual functionalities of the Online Shop and facilitating the use of Online Shop as well as satisfaction survey.

  b) Withdrawal in a form of email message from sending the marketing communications on the products or services shall mean an objection of Customer to process its personal data, including profiling, for these purposes.

  c) Shall the objection of Customer be reasonable and shall K. T. Skalscy “Karin” Sp. J have no other legal basis to process the personal data, personal data of Customer subject to objection are to be delete.

3. Right to erasure (“right to be forgotten’) - legal basis: - Article 17 of the GRDP.

  a) The Customer has a right to request erasure of all or part of its personal data.

  b) The Customer has a right to request erasure of personal data, when: 

  a. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  b. the Customer withdrew consent on which the processing of personal data was based;

  c. the Customer objected to use of its personal data for marketing purposes;

  d. the personal data have been unlawfully processed;

  e. he personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the K. T. Skalscy “Karin” Sp. J is subject;

  f. the personal data have been collected in relation to the offer of information society services.

  c) Despite the request to erase personal data, with regard to objection or withdrawal of consent, K. T. Skalscy “Karin” Sp. J can keep certain personal data in the scope, in which processing is necessary for the establishment, exercise or defence of legal claims as well as or compliance with a legal obligation which requires processing in Union or Member State law to which the K. T. Skalscy “Karin” Sp. J is subject. This applies in particular to personal data covering: name, surname, email address, which are kept for examination of complaints and claims related to the use of services provided by K. T. Skalscy “Karin” Sp. J, or additionally an address of residence/correspondence address, order no., which are kept for the purposes of examination of complaints and claims related to the concluded sales agreements or provision of services. 

4. Right to restriction of processing - legal basis: - Article 18 of the GRDP.

  a) The Customer has the right to restrict processing of its personal data. Requesting the restriction, by the time of its examination, prevents the use of certain functionalities or services, using of which is related with processing of data covered by the request. K. T. Skalscy „Karin” Sp. J shall send no communications, including marketing.

  b) The Customer is entitled to request restriction of personal data use in the following cases: 

  a. when the accuracy of the personal data is contested – then the K. T. Skalscy “Karin” Sp. J restricts their use for the time period necessary to verify data accuracy, however in any case for the period not exceeding 7 days;

  b. when the processing is unlawful and the Customer opposes the erasure of the personal data and requests the restriction of their use instead;

  c. when the personal data are no longer needed for the purposes of the processing, but they are required by the Customer for the establishment, exercise or defence of legal claims;

  d. when the Customer has objected to processing – the restriction is applied for the time period necessary to examine, whether – due to specific situation – the protection of interests, rights and freedoms of the Customer override those of the Controller by processing the personal data of the Customer. 

5. Right of access  to data - legal basis: - Article 15 of the GRDP.

  a) The Customer shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning the Customer are being processed , and, where that is the case, the Customer shall have the right to:

  a. access to its personal data;

  b. obtain information on the purposes of the processing, categories of personal data concerned, recipients or categories of recipients of these data, the envisaged period for which the personal data will be stored or the criteria used to determine that period (when determination of the envisaged processing period  is impossible), the rights of the Customer under the GDPR and the right to lodge a complaint with a supervisory authority, on the source of these data, automated decision-making, including profiling and on the safeguards applied where personal data are transferred  outside the European Union;

  c. obtain a copy of its personal data.

6. Right to rectification - legal basis: - Article 16 of the GRDP.

  a) The Customer shall have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning the Customer. Taking into account the purposes of the processing, the Customer shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement., sending the request at the email address pursuant to §6 of the Privacy Policy.

7. Right of data portability - legal basis: - Article 20 of the GRDP.

  a) The Customer has the right to receive its personal data that were provided to the Controller and transfer them to the other personal data controller chosen by the Customer. The Customer is also entitled to request to send personal data by the Controller directly to such controller, if technically possible. In such case the Controller transfers the personal data of Customer in a form of a csv file, being a commonly used format, machine-readable and enabling transfer of the received data to the other personal data controller.

8. In the case of a request of the Customer in effect of one of the rights referred to above, the K. T. Skalscy “Karin” Sp. J satisfies the request or refuses to do so immediately, however in any case not later than within one month from receiving thereof. If, however – due to complex nature of the request or a number of requests -– K. T. Skalscy “Karin” Sp. J will be unable to satisfy the request within one month, it will satisfy it within the next two months informing the Customer in advance within one month from receiving the request – on the intended extension of the due date and the reasons thereof.

9. The Customer can lodge the complaints, inquiries and requests concerning processing of its personal data and enforcement of its rights to the Controller.

10. The Customer is entitled to request from the K. T. Skalscy “Karin” Sp. J to provide copies of standard contractual clauses, by lodging a request in a manner specified in §6 of the Privacy Policy.

11. The Customer has the right to lodge a complaint to the President of the Office of Personal Data Protection in the scope of infringing its rights to protection of personal data or any other rights granted under the GDPR.

§ 5 Security management - password

1. The K. T. Skalscy “Karin” Sp. J ensures the secure and encrypted connection during transfer of personal data and logging to the Customer Account in the Service to the Customers. The K. T. Skalscy “Karin” Sp. J has implemented the SSL certificate issued by one of the leading global companies in the area of security and encryption of transferred data via Internet.

2. When the Customer having the account in the Online Shop lost the password in any manner, the Online Shop enables generation of the new password. The K. T. Skalscy “Karin” Sp. J does not sent a password reminder. The password is stored in the encrypted form, in a manner preventing its reading. In order to generate new passport, one should provide the email address in the form available at the „Forgotten password” link displayed near the account logging form in the Online Store.  The Customer shall receive an email containing a link to a dedicated form available on the Shop Website, where it will be enabled to generate a new password, at the email address provided during registration or saved during the last modification of the account profile. 

3. The K. T. Skalscy “Karin” Sp. J does not send any correspondence, including electronic correspondence with a request to provide logging data and in particular password to the Customer account. 

§ 6 Amendments to the Privacy Policy 

1. The Privacy Policy can be amended, of which the K. T. Skalscy “Karin” Sp. J shall notify the Customers in 7 days in advance. 

2. Any inquiries related to the Privacy Policy should be sent at: karin@karin.com.pl

3. Last modified on: 16 July 2018.