privacy policy

I. General Information

This document defines the privacy policy rules for the online store https://ruchomadeska.pl/ (hereinafter referred to as “the Online Store”). The data controller for the Online Store is Ontrops Sp. z o.o. based in Olsztyn (11-041), ul. Hozjusza 1, NIP 7393973050, REGON 5231258050.

II. Personal data

  1. Personal data collected by the Administrator are processed on the basis of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR), the current Act on the Protection of Personal Data, and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2002, No. 144, item 1204, as amended).
  2. The Administrator collects information voluntarily provided by customers of the Online Store. However, the provision of marked personal data is a condition for placing an order, and the consequence of not providing them will be the inability to order products in the store.
  3. In addition, the Administrator may record information about connection parameters, such as IP addresses, for technical purposes related to server administration and for collecting general demographic statistical information (e.g., about the region from which the connection is made), as well as for security purposes.
  4. The Administrator makes every effort to protect the privacy and information provided to him regarding customers of the Online Store. The Administrator carefully selects and applies appropriate technical, including programming and organizational measures, to ensure the protection of processed data, in particular by securing data against unauthorized disclosure, disclosure, loss, and destruction, unauthorized modification, as well as against their processing in violation of applicable laws.
  5. Personal data will be processed in accordance with the principles set out in Art. 5 of the GDPR. Personal data will be:
  • processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness, and transparency’);
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
  • accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
  • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
  • processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).
  1. As part of the Administrator’s use of tools that support their current operations provided by companies such as Google, the Customer’s Personal Data may be transferred to a country outside the European Economic Area, particularly to the United States of America (USA) or another country where the entity collaborating with the Administrator maintains tools for processing Personal Data in collaboration with the Administrator. In the case of transferring data from Europe to the USA, some entities located there may additionally provide an adequate level of data protection under the so-called Privacy Shield program (more information on this topic is available at: https://www.privacyshield.gov/)

III. Legal basis

  1. The legal basis for processing the Client’s personal data is primarily the necessity to perform a contract of which the Client is a party or the necessity to take action at the Client’s request before entering into such a contract (Article 6(1)(b) of the GDPR).
  2. In other purposes, the Client’s personal data may be processed on the basis of:a) applicable law – when processing is necessary to fulfill a legal obligation imposed on the Administrator, e.g. when the Administrator settles sales agreements based on tax or accounting regulations (Article 6(1)(c) of the GDPR);b) necessity for other than the above-mentioned purposes arising from legally justified interests pursued by the Administrator or by a third party, in particular to establish, pursue or defend claims, conduct correspondence with Clients, also through contact forms (including responding to Clients’ messages), market and statistical analysis (Article 6(1)(f) of the GDPR).
  3. Personal data processed for the purpose of purchase fulfillment will be processed for the period necessary to fulfill purchases and orders, after which the data subject to archiving will be kept for the period appropriate for the limitation of claims.

IV. Recipients of personal data

Recipients of the Customer’s data may be entities executing the order on behalf of the Administrator and handling it: shipping companies, accounting companies, suppliers of goods, suppliers of IT solutions, payment processing companies, banks, companies providing marketing services, providers of telecommunications services, law firms, authorized state authorities.

V. Customer’s rights in the protection of personal data

  1.  Due to the voluntary nature of the provision of personal data by the Customer, they have the right to access their personal data, the right to correct them, the right to restrict processing, the right to data portability, the right to delete, to object, the right to withdraw consent at any time.
  2.  If it is determined that the processing of personal data violates the provisions of the RODO, the data subject has the right to file a complaint with the President of the Office for Personal Data Protection.
  3. The detailed conditions of the above-described rights are indicated in Articles 15-22 of the RODO.

VI. Cookies policy

  1.  We use cookies on our website (Legal basis Article 6(1)(f) RODO).
  2.  When browsing the Online Store, “cookies” files are used, i.e. small text information that is stored on the Customer’s terminal device in connection with the use of the Online Store. Their use is aimed at the proper operation of the Internet Store.
  3. The “cookies” files used by the Administrator are safe for the Customer’s devices. In particular, by this means it is not possible for viruses or other unwanted software or malware to get into the Customers’ devices. These files allow us to identify the software used by the Customer and customize the Online Store individually for each Customer. Cookies usually contain the name of the domain from which they come, the time they are stored on the device and the assigned value.
  4. The Administrator uses three types of “cookies”:
    • Session cookies: they are stored on the device of the Online Store Customer and remain there until the session of a given browser ends. The stored information is then permanently deleted from the memory of the device of the Online Store Customer. The mechanism of session cookies does not allow collecting any personal data or any confidential information from the device of the Internet Shop Customer.
    • Persistent cookies: they are stored on the device of the Internet Store Customer and remain there until they are deleted. Ending the session of a given browser or switching off the device does not delete them from the device of the Internet Store Customer. The mechanism of permanent cookies does not allow collecting any personal data or any confidential information from the device of the Internet Shop Customer.
    • “Analytical” cookies allow to better understand the way the Customer interacts with the content of the Store, help to better organize its layout. “Analytical” cookies collect information about how the Customer uses the Store, the type of page from which the Customer was redirected, as well as the number of visits and the time of the Customer’s visit to the Store. This information does not record specific personal data of the Customer, but is used to develop statistics on the use of the Store.
  5. Session cookies: they are stored on the device of the Online Store Customer and remain there until the session of a given browser ends. The stored information is then permanently deleted from the memory of the device of the Online Store Customer. The mechanism of session cookies does not allow collecting any personal data or any confidential information from the device of the Internet Shop Customer.
    Persistent cookies: they are stored on the device of the Internet Store Customer and remain there until they are deleted. Ending the session of a given browser or switching off the device does not delete them from the device of the Internet Store Customer. The mechanism of permanent cookies does not allow collecting any personal data or any confidential information from the device of the Internet Shop Customer.
    “Analytical” cookies allow to better understand the way the Customer interacts with the content of the Store, help to better organize its layout. “Analytical” cookies collect information about how the Customer uses the Store, the type of page from which the Customer was redirected, as well as the number of visits and the time of the Customer’s visit to the Store. This information does not record specific personal data of the Customer, but is used to develop statistics on the use of the Store.
  6. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the Customer uses the Online Store. For this purpose, information about the Customer’s navigation path or the time spent on a given page may be stored.
  7. In terms of information about the Customer’s preferences collected by the Google advertising network, the Customer can view and edit the information resulting from “cookies” using the tool: https://www.google.com/ads/preferences/html/blocked-cookies.html.
  8. The Customer may independently and at any time change the settings for “cookies”, specifying the conditions for their storage and access by “cookies” to the Customer’s device. Changing the settings referred to in the preceding sentence, the Customer may do so through the settings of the Internet browser or through the configuration of the service. These settings can be changed, in particular, in such a way as to block the automatic handling of “cookies” in the settings of the web browser or inform about their placement on the Client’s device each time. Detailed information about the possibility and methods of handling “cookies” is available in the settings of your software (web browser).
  9. To learn how to manage cookies, including how to disable them in your browser, you can use your browser’s help file. You can get acquainted with this information by pressing the F1 key in your browser. In addition, you will find relevant tips on the subpages, depending on the browser you are using: Firefox, Chrome, Safari, Internet Explorer / Microsoft Edge.
  10. The customer can delete cookies at any time using the available functions in the browser he uses.
  11. Rrestricting the use of “cookies”, may affect some of the functionality available on the website of the Online Store.

VII. Final provisions

The Administrator reserves the right to make changes to this Privacy Policy. Such changes may be necessary or needed, for example, in the event of changes in the law, new guidelines of supervisory authorities, changes in the technology by which we process personal data, as well as changes in the ways, purposes or basis of our processing of personal data.

In matters related to the protection of personal data, it is possible to contact us by e-mail at: info@ruchomadeska.pl or by postal mail by writing to: Ontrops Sp. z o.o., 1 Hozjusza St.; 11-041 Olsztyn.