Formal information to begin with: The controller of your personal data is “Serafin Studio” ul. Łomżyńska 16, 26-600 Radom, NIP: 9482477477.
Brief version – key information
We care about your privacy, but also about your time. That’s why we have prepared an overview of the most important principles related to the privacy protection.
1)We process the personal data you provide to us when creating a user account, placing an order, sending a complaint, withdrawing a contract, subscribing to a newsletter, or simply contacting us.
2)The information we collect about you may include: your name, address of residence, address of your registered office or permanent business activity, NIP number, e-mail address, telephone number, or any other data contained in of the correspondence you exchange with us. We do not always store all the information indicated above. Its scope depends on the content of the forms you fill our or messages you send to us.
3)We make every effort, using appropriate technical and organisational safeguards, to protect you private data and ensure that it remains safe, isn’t lost, or misused by third parties.
4)Your personal data is entrusted to be processed only to carefully verified and trusted entities bound with us by contractual obligation.
5)We transfer your data to UAB “MailerLite” due to the collected data being storaged on MailerLite system servers. There’s no need to worry – the MailerLite system provider guarantees an adequate level of data protection.
6)We do not make any decisions which would have legal or otherwise serious effects on you, based solely on the automated processing of your personal data.
7)We monitor and analyse your behaviour on our websites for statistical, optimisation and marketing purposes. In this respect, we use the following tools: Google Analytics, Facebook Pixel. These tools give us access to a lot of information related to your use of our store, but this information remains anonymous in the sense that we are unable to establish your identity based on it. These tools may collect the following information about you: approximate location, device, operating system and browser you are using, gender, age range, interests, time spent on the site, page views, page breaks between pages, clicks on individual links, other actions taken within the website. This information is not matched with your personal information and does not allow us to identify you. This information may be transferred to the United States of America (USA). The Service Providers guarantees an adequate level of data protection by applying standard contractual clauses and joining the Privacy Shield programme.
8)We use external marketing tools to target advertisements at you when you browse the Internet. We use the Facebook Ads advertising system associated with Pixel Facebook and the Google Ads system associated with Google Analytics.
9)The store uses social media plugins based on third-party cookies (social network providers). By clicking on the social networking buttons available on our sites, information about such activity is collected by social networking administrators and may be stored on servers located in the United States of America (USA). These social network controllers guarantee an adequate level of data protection by applying standard contractual clauses and joining the Privacy Shield program.
11)The store is hosted on the external server, which, like all servers, generates logs. The logs store information such as IP address, date and time of the server, browser and operating system details. The logs serve exclusively operational and technical purposes.
12)Regardless of our best efforts to ensure your privacy and confidentiality in connection with the use of the store, we still encourage you to be aware of your Internet use and to consider such options as customizable privacy settings in your web browser, management of behavioural advertising settings (e.g. http://www.youronlinechoices.com/, https://www.networkadvertising.org/choices), use of incognito mode in your web browser, installation of additional plugins to ensure your privacy (e.g. https://www.ghostery.com).
The above information is preliminary in nature. We encourage you to read the further details below.
The controller of your personal data is Parkita LTD, 20 Medway Court, Birches Road, RH12 4NL Horsham, NIP: PL5263158729.
The purposes, legal basis and period of personal data processing, are indicated separately for each purpose of data processing (see description of individual purposes of processing personal data below).
Data subject rights. The GDPR grants you the following rights in relation to the processing of your personal data:
1.the right to access and request the copy of you personal data;
2.the right to rectify (correct) you personal data;
3.the right to erase your data (you have the right to demand that your personal data is deleted if you deem the data processing unlawful;
4.the right to limit the processing of data (you can demand that we limit the processing of data only to the storage of data or to the performance of activities agreed with you if you deem the data processing unlawful;
5.the right to object to the processing of data (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate the specific situation that you believe justifies our cessation of the processing. We will stop processing your data for these purpose unless we can demonstrate that the grounds for our data processing take precedence over your rights or that your data is necessary for us to establish, process or investigate a claim);
6.the right to transfer data (you have the right to receive your personal data in a machine-readable format in order to forward it or have it forwarded to another controller);
7.the right to lodge a complaint with the supervisory authority (if you deem our data processing unlawful, you may lodge a complaint with your national Data Protection Commissioner or another competent supervisory authority).
The rules related to the exercise of the abovementioned rights are described in detail in Articles 16-21 of the GDPR. We encourage you to familiarise yourself with these regulations. On our part, we think it is necessary to explain to you that the rights indicated above are not absolute and will not apply to all processing of your personal data.
We would like to point out that there’s one right among the ones indicated above that is always available to you – if you believe that we have violated the regulations of personal data protection while processing your personal data, you have the possibility to lodge a complaint with the supervisory authority (your national Data Protection Commissioner).
Security. We ensure the confidentiality of any personal data provided to us. We ensure that appropriate security and personal data protection measures are taken as required by the regulations on personal data protection. Personal data is collected with due diligence and properly protected against access by unauthorized parties.
Data recipients. Your personal data may be processed by entities whose services we use and whose services involve or may involve the processing of personal data. This applies in particular to the following entities:
1.hosting provider that stores data on their server,
2.courier companies that deliver orders,
3.provider of the mailing system that shore your data if you subscribe to the newsletter,
4.accounting firm providing accounting services,
5.law firm that obtains access to data if it is necessary for providing legal assistance to us,
6.service provider of website maintenance services that obtains access to the data if the performed technical work concerns areas where personal data is located,
7.other sub-contractors that gain access to the data if the scope of their activities requires such access.
Your personal data may also be transferred to tax offices to the extent necessary to fulfil your tax, clearing and accounting obligations. This applies in particular to all declarations, reports, statements and other accounting documents which contain your personal data.
Furthermore, if necessary, your personal data may be made available to entities, bodies or institutions entitled to access data under the law, such as police, security services, courts, public prosecutors’ offices.
Transfer of personal data to non-EU Member States. We transfer your personal data to non-EU countries due to using the tools that store personal data on servers located in non-EU countries, in particular the USA. The providers of these tools guarantee an adequate level of data protection through the appropriate compliance mechanisms provided by the GDPR, in particular by joining the Privacy Shield programme or using standard contractual clauses.
The storage of personal data on servers located in non-EU countries is carried out using the following tools:
- MailerLite mailing system, whose provider is UAB “MailerLite”, J. Basanavičiaus 15, LT-03108 Vilnius, Lithuania – in the scope of your name and e-mail address provided when subscribing to the newsletter,
MailerLite UAB ensures an adequate level of protection of personal data by applying the compliance mechanisms provided by the GDPR. Below you will find the links which contain information about the processing of personal data by this entity: https://www.mailerlite.com/legal.
Profiling and behavioural advertising. We do not make any decisions which would have legal or otherwise serious effects on you, based solely on the automated processing of your personal data, including profiling. We would like to point out that the tools we use do not give us access to any personal information that would allow us to establish your identity based. The information we are talking about here is, specifically, the following:
- details about your operating system and the Internet browser you use,
- time spent on the site,
- transitions between different subpages,
- the source from which you are coming to our site,
- the age range you are in,
- your gender,
- your approximate location (limited by the city location),
- your interests determined on the basis of your online activities.
The information indicated above is not matched with your personal information stored in our database and thus does not allow us to identify you. This information is stored on the servers of the tool providers, and these servers are most often located around the world.
Purposes and data processing activities
User account. When creating a user account, you must provide the information necessary to create an account, such as your e-mail address, and set a password. Providing this data is voluntary, but indispensable to creating an account. When editing the account data, you can provide additional information.
The data provided in connection with creating an account, is processed in order to provide you with an electronic service, meaning the possibility of using the user account. This service is provided on the basis of an agreement concluded in accordance with the principles described in the Rules and Regulations – in this respect, the legal basis for processing of your personal data is Article 6(1)(b) of the GDPR.
You can decide to delete your account at any time, but this will not lead to the deletion of your data from our database, as this data is necessary for us to possibly establish, defend or investigate a claim in relation to the contract for the provision of electronic services. Furthermore, your data is stored in the database after deletion of your account so that we can identify you as a returning user in the future if you decide to use the site again as a registered user. In this respect, the legal basis for processing your personal data is our legitimate interest – Article 6(1)(f) of the GDPR.
You can modify your account details at any time.
Orders. When placing an order, you must provide the data necessary to complete the order, such as your name, billing address, e-mail address, telephone number, NIP number. Providing data is voluntary, but indispensable to placing an order.
The data provided in connection with the order, is processed for the purpose of performing the contract concluded by the fact of placing an order (Article 6(1)(b) GDPR), issuing an invoice (Article 6(1)(c) GDPR), including the invoice in the accounting records (Article 6(1)(c) GDPR) and for archiving and statistical purposes (Article 6(1)(f) GDPR).
Contract data will be processed for the time necessary for the execution of the contract and then until the expiry of the limitation period for claims under the contract. Furthermore, after the expiry of this period, the data may still be processed for statistical and archiving purposes, in particular to identify the returning customer. Also, remember that we are obliged to store the invoices with your personal data for a period of 5 years after the end of the tax year in which the tax liability arises.
In the case of order details, you do not have the possibility to correct this data after the order has been processed. You may also not object to the processing of the data and demand the deletion of the data until the limitation period for claims under the concluded contract expires. Likewise, you cannot object to the processing of data or demand the deletion of invoice data. After the period of limitation for claims from a concluded contract has expired, you may object to our processing of your data for statistical purposes and demand the deletion of your data from the database.
Complaints and withdrawal from the contract. By filing a complaint or withdrawing from the contract, you provide personal data included in the complaint or withdrawal statement, which includes your name, address, telephone number, e-mail address, and bank account number. Providing the data is voluntary, but indispensable to lodging a complaint or withdrawing from the contract.
The data provided in connection with the lodging of a complaint or withdrawal from the contract, is used for the purpose of processing the complaint or withdrawal procedure (Article 6(1)(c) of the GDPR) and then for archival purposes, which constitutes our legitimate interest (Article 6(1)(f) of the GDPR).
Data will be processed for the time necessary for the complaint or withdrawal procedure. Complaints and statements of withdrawal may also be archived for the purpose of demonstrating the course of the complaint or withdrawal procedure in the future.
In the case of data contained in complaints and declarations of withdrawal, you do not have the possibility to correct this data. Nor can you object to the processing of the data and demand the deletion of the data until the limitation period for claims under the concluded contract has expired. However, after the expiry of the statute of limitations for claims from the concluded contract, you may object to our processing of your data and demand the deletion of your data from our database.
Newsletter. By subscribing to the newsletter, you provide us with your e-mail address. Providing your e-mail address is voluntary, but indispensable to subscribing to the newsletter.
The data provided in relation to newsletter subscription, is used to send you the newsletter, and the legal basis for the data processing is your consent (Article 6(1)(a) of the GDPR) expressed when subscribing to the newsletter.
You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each newsletter message or by simply contacting us. Despite your cancellation of the newsletter, your data will still be stored in our database for the possible defence of claims relating to the sending of the newsletter to you, in particular for the purpose of demonstrating your consent to receive the newsletter and the time of its withdrawal, which constitutes our legitimate interest as referred to in Article 6(1)(f) of the GDPR.
You can correct your data saved in the newsletter service provider’s database at any time. If you object to the processing of your personal data and at the same time request the deletion of your data from our database, we will have to inform you that we will not delete your data from the database due to our legitimate interest as referred to in the preceding paragraph. The deletion of such data would prevent us from demonstrating, if necessary, that you have given your consent to receive the newsletter in the past.
The mailing system that we use keeps track of your actions in relation to the messages sent to you. As a result, we have information about which messages you have opened, in which messages you have clicked on links, etc.
Contact. When contacting us, you naturally provide us with your personal data contained in the content of the correspondence, in particular your e-mail address and name. Providing the data is voluntary, but necessary to make contact.
Your data is processed in this case for the purpose of contacting you, and the basis for data processing is Article 6(1)(f) of the GDR, i.e. our legitimate interest. The legal basis for post-contact processing is also our legitimate interest in archiving correspondence for internal purposes (Article 6(1)(f) of the FRA).
The content of the correspondence may be archived and we are not in a position to determine clearly when it will be deleted. You have the right to request the history of the correspondence you have carried out with us (if it has been archived), as well as to request its deletion, unless its archiving is justified by our overriding interests, for example the defence against potential claims on your part.