Privacy policy

1. GENERAL PROVISIONS

1.1. This Privacy Policy of an Online Store is of informative nature, which means that it shall be no source of obligations for Service Users or Customers of the Online Store. The Privacy Policy contains, above all, the principles concerning the processing of data by the Controller in the Online Store, including the basis, purpose and scope of personal data processing and the rights of data subjects as well as information regarding the use of cookies and analytical tools in the Online Store.

1.2. The Controller of the personal data collected via the Online Store shall be Karol Konop conducting business under name "Zarządzanie IT, Karol Konop" entered into the Central Registration and Information on Business of the Republic of Poland kept by the Minister competent for economic issues, having the address of running the business activity and mailing address: ul. Raduńska 8B, 80-027 Gdańsk, NIP (tax ID no.) 5833080008, REGON (National Business Registry Number) 382231002, e-mail address: chrust@chrustfolkmusic.pl ,– hereinafter referred to as “Controller” and being simultaneously the Service Provider of the Online Store and the Seller.

1.3. Personal data in the Online Store shall be processed by the Controller in accordance with the binding legal regulations, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

1.4. Using the Online Store, including shopping, is voluntary. Similarly, providing personal data by the Service User or the Customer using the Online Store is voluntary, subject to two exceptions:

(1) entering into contracts with the Controller– failure to provide the personal data necessary for the conclusion and performance of the Contract of Sale or a contract for the provision of an E-Service with the Controller in the cases and within the scope indicated on the website of the Online Store and the Terms and Conditions of the Online Store and this Privacy Policy shall result in no possibility to enter into the contract. Providing personal data is a contractual requirement in such a case and if the data subject is willing to enter into the contract with the Controller, they shall be obligated to provide the required data. The scope of the data required to enter into the contract is each time specified in advance on the website of the Online Store and in the Terms and Conditions of the Online Store;

(2) statutory obligations of the Controller– specifying the personal data is a statutory requirement resulting from the commonly binding legal regulations obligating the Controller to process the personal data (e.g. processing data to fiscal books and ledgers) and failure to specify the data will render it impossible for the Controller to perform the obligations.

1.5. The Controller assures due diligence to protect the interest of persons being data subjects, in particular being responsible and liable for and assuring that the data collected are:

(1) processed in accordance with the Act;

(2) collected for specific, legal purposes and not subject to further processing inconsistent with the purposes;

(3) correct as regards the subject matter and adequate as regards the purpose of the processing;

(4) stored in a form making it possible to identify the people they apply to, no longer than it proves necessary to attain the purpose of processing and

(5) processed in a manner ensuring security of the personal data, including the protection against illicit or illegal processing or accidental loss, damage or destruction, with the use of appropriate technical and organisational measures.

1.6. Taking into account the nature, scope, context and purpose of processing as well as the risk of breaching the rights or freedoms of natural persons with varied likelihood and degree of threat, the Controller is implementing appropriate technical and organisational measures so that the processing takes place pursuant to the Regulation and it is possible to show it. The measures are reviewed and updated, as necessary. The Controller applies technical measures preventing the acquisition and modification of personal data sent electronically by unauthorised persons.

1.7. Any words, phrases and acronyms used in this privacy policy starting with a capital letter (e.g. Seller, Online Store, E-Service) shall be understood in accordance with the definition contained in the Terms and Conditions of the Online Store available on the websites of the Online Store.

2. BASIS FOR THE PROCESSING OF DATA

2.1. The Controller is authorised to process the personal data in cases, and to the extent, when at least one of the following conditions is met:

(1) the data subject consented to the processing of their data to one or more specified ends;

(2) processing is necessary for contract performance the data subject is a party to, or to take actions to the request of the data subject, prior to contract conclusion;

(3) processing is necessary to meet the legal obligation of the Controller; or

(4) processing is necessary for the needs resulting from the legally justified interests of the Controller or third party, except for situations when the interests or basic rights and freedoms of the data subject override such interests and they require personal data protection, especially when the data subject is a child.

2.2. The processing of personal data by the Controller each time requires having at least one basis indicated in item 2.1 of the privacy policy. Specific bases for processing personal data of the Service Users or the Customers of the Online Store by the Controller are specified in the following point of the privacy policy – as regards the specific goal of processing personal data by the Controller.

3. PURPOSE, BASIS, PERIOD AND SCOPE OF PROCESSING DATA IN THE ONLINE STORE

3.1. Each time, the purpose, basis, period and scope as well as the recipients of personal data being processed by the Controller result from actions undertaken by a given Service User or Customer in the Online Store. For instance, in the case the Customer decides to purchase a product in the Online Store and selects collecting the purchased Product personally instead of shipment, their personal data will be processed with a view of performing the Contract of Sale entered into, but they will not be made available to the courier delivering the shipment to the Controller’s order.

4. DATA RECIPIENTS IN THE ONLINE STORE

4.1. For the needs of proper Online Store functioning, inclusive of the performance of the Contracts of Sale entered into, it shall be necessary for the Controller to make use of external companies’ services (e.g. software provider, courier, or payment system provider). The Controller uses solely the services of such processing entities which ensure sufficient guarantee to implement appropriate technical and organisational measures so that the processing meets the requirements set out in the GDPR Regulation and protects the rights of data subjects.

4.2. Providing data by the Controller does not take place in every case and not to all the recipients or categories of recipients defined in the privacy policy – the Controller provides the data only in the case it proves necessary to attain a given purpose of personal data processing and solely within the necessary scope. For instance, in the case the Customer selects collecting an item personally, their data will not be given to the carrier being the Controller’s collaborator.

4.3. Personal data of the Online Store Service Users or Customers may be provided to the following recipients or categories of recipients:

4.3.1. carriers/forwarders/couriers– in the case of a Customer who selects the Online Store to deliver the Product by post or courier, the Controller makes the collected Customer’s personal data available to the selected carrier, forwarder or agent performing shipment for the Controller to the extent necessary to deliver the Product to the Customer.

4.3.2. entities servicing electronic payments or by payment card - in the case of a Customer who uses the Online Store with the method of electronic payments or by payment card, the Administrator provides the Customer's collected personal data to the selected entity servicing the above payments in the Online Store at the request of the Administrator to the extent necessary to handle payments made by the Customer .

4.3.3. service providers supplying the Administrator with technical, IT and organisational solutions, enabling the Administrator to run a business, including the Online Store and Electronic Services provided through it (in particular computer software providers to run the Online Store, e-mail and hosting providers and management software providers company and providing technical assistance to the Administrator) - the Administrator provides the collected personal data of the Customer to a selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

4.3.4. accounting, legal and counselling services providers rendering for the Controller accounting, legal or counselling services(in particular an accounting agency, law firm or debt collection company) – the Controller makes the collected personal data of the Customer available to the selected provider operating to their order only in the case and to the extent necessary for attaining a given purpose of data processing in accordance herewith.

4.3.5. providers of social plugins, scripts and other similar tools placed on the Online Store website that enable the browser of the person visiting the Online Store website to download content from the providers of the aforementioned plugins (e.g. logging in using social network login details) and transferring personal data of the visitor to these providers for this purpose , including

4.3.5.1. Meta Platforms Ireland Ltd. - The Administrator uses Facebook social plugins on the Online Store website (e.g. the Like button, Share or login using Facebook login details) and therefore collects and provides personal data of the Service Recipient using the Store website to Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy rules available here: https://www.facebook.com/about/privacy/ (this data includes information about activities on the Online Store website - including information about the device, visited websites, purchases, displayed advertisements and how to use services - regardless of whether the Service Recipient has a Facebook account and is logged in to Facebook).

5. PROFILING IN THE ONLINE STORE

5.1. The GDPR Regulation obligates the Controller to inform about the automated decision-making process, including profiling referred to in Article 22, par. 1 and 4 of the GDPR Regulation, and – at least in those cases – the vital information concerning the decision-making process as well as the meaning and foreseeable consequences of processing for the person being the data subject. Bearing in mind the above, the Controller specifies in this point of the privacy policy the information concerning the possible profiling.

5.2. The Controller may use profiling in the Online Store for direct marketing purposes, yet the decisions made on its basis by the Controller do not concern the conclusion or rejection to conclude the Contract of Sale, or the possibility to make use of E-Services in the Online Store. The result of profiling in the Online Store may be e.g. discount for a given person, sending a discount code, reminding about unfinished purchase process, sending Product offers, which may be related to the interests or preferences of the person, or offering better conditions as compared with the standard offer of the Online Store. Regardless of profiling, the person makes decisions freely, whether they want to use the discount given, or better conditions and buy a product in the Online Store.

5.3. Profiling in the Online Store consists in automatic analysis or forecast of the conduct of a given person on the website of the Online Store, e.g. by adding a given Product to the cart, browsing the page of a given product in the Online Store, or the analysis of the history of purchase in the Online Store. The condition for such profiling is for the Controller to have the personal data of the person, so that they can later send them e.g. a discount code.

5.4. The data subject shall have the right not to depend on the decision which is only based on automated processing, including profiling, and has some legal effects on the person or similarly affects them.

6. THE RIGHTS OF THE DATA SUBJECT

6.1. The right to access, rectify, restrict, erase or transmit – the data subject shall have the right to demand the Controller to have access to their personal data, rectify, erase (“the right to be forgotten”) or restrict the processing and shall have the right to object to the processing and transmit their data. Detailed conditions of the above rights shall be indicated in Articles 1522 of the GDPR Regulation.

6.2. The right to withdraw the consent at any time– the person whose data are being processed by the Controller on the basis of the consent given (pursuant to Article 6, par. 1, point a) or Article 9, par. 2, point a) of the GDPR Regulation), they shall have the right to withdraw their consent at any time without any impact on the compatibility with the right to process made based on the consent prior to the withdrawal.

6.3. The right to lodge a complaint with a supervisory body– the person whose data is being processed by the Controller shall have the right to lodge a complaint with a supervisory body in a manner and mode specified in the provisions of the GDPR Regulation and the Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland shall be the President of the Office for Personal Data Protection.

6.4. The right to object – the data subject shall have the right, at any time, to lodge a complaint – for reasons related to their particular situation – as regards the processing of their personal data based on Article 6, par. 1, point e) (public interest or official authority) or f) (legitimate interest of the controller) in the case of profiling based on the provisions. The Controller in such a case must stop processing the personal data, unless they show the existence of legally significant and justified bases for the processing, overriding the interests, rights and freedoms of the data subject, or the bases for determining, pursuing or defending the claims.

6.5. The right to object as regards direct marketing – in the case the personal data are being processed for the needs of direct marketing, the data subject shall have the right, at any time, to lodge a complaint as regards the processing of their personal data for the needs of such marketing, including profiling, to the extent to which the processing is related to direct marketing.

6.6. To perform the rights mentioned in this point of the privacy policy, one may contact the Controller by sending them an appropriate message in writing or via e-mail to the address of the Controller indicated at the beginning of the privacy policy or using the contact form available on the Online Store’s website.

7. COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS

7.1. Cookie files (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store website (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on what device it uses visiting our Online Store). Detailed information on cookies, as well as the history of their creation, can be found, among others, at here: https://pl.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookies that can be sent by the Online Store website can be divided into different types, according to the following criteria:

Due to their supplier:

1) own (created by the Administrator's Online Store website) and

2) belonging to third parties/entities (other than the Administrator)

Due to their storage period on the device of the person visiting the Online Store website:

1) session cookies (stored until logging out of the Online Store or turning off the web browser) and

2) permanent (stored for a specific time, defined by the parameters of each file or until manually deleted)

Due to the purpose of their use:

1) necessary (enabling the proper functioning of the Online Store website),

2) functional/preferential (enabling the adaptation of the Online Store website to the preferences of the person visiting the website),

3) analytical and performance cookies (collecting information on how to use the Online Store website),

4) marketing, advertising and social (collecting information about a person visiting the Online Store website in order to display advertisements to that person, personalize them, measure effectiveness and conduct other marketing activities, including on websites separate from the Online Store website, such as social networking sites or other websites belonging to the same advertising networks as the Online Store)

7.3. The Administrator may process the data contained in Cookies when visitors use the Online Store website for the following specific purposes:

Purposes of using cookies in the Administrator's Online Store:

identification of Service Recipients as logged in to the Online Store and showing that they are logged in (essential cookies)

remembering Products added to the basket in order to place an Order (necessary cookies)

remembering data from completed Order Forms, surveys or login details to the Online Store (essential and/or functional/preferential cookies)

adapting the content of the Online Store website to the individual preferences of the Service Recipient (e.g. regarding colors, font size, page layout) and optimizing the use of the Online Store websites (functional/preference cookies)

keeping anonymous statistics showing how the Online Store website is used (analytical and performance cookies)

displaying and rendering advertisements, limiting the number of advertisements displayed and ignoring advertisements that the Service Recipient does not want to see, measuring the effectiveness of advertisements, as well as personalizing advertisements, i.e. studying the behavior of people visiting the Online Store through anonymous analysis of their activities (e.g. repeated visits to specific websites, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their expected interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook, i.e. Meta Platforms Ireland Ltd. (files marketing, advertising and social cookies).

7.4. To check which Cookies (including the period of operation of Cookies and their provider) are currently sent by the Online Store website consult your web browser documentation.

7.5. By default, most web browsers available on the market accept cookies by default. Everyone has the option of specifying the terms of using cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving Cookies - in the latter case, however, it may affect some of the functionalities of the Online Store (for example, it may not be possible to complete the Order path through the Order Form due to for not remembering the Products in the basket during the next steps of placing the Order).

7.6. Web browser settings in the field of Cookies are important from the point of view of consent to the use of Cookies by our Online Store - in accordance with the regulations, such consent may also be expressed through the web browser settings. Detailed information on changing the settings for Cookies and their self-removal in the most popular web browsers is available on their websites.

7.7. The Administrator may use Google Analytics and Universal Analytics services in the Online Store provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Administrator keep statistics and analyze traffic in the Online Store. The collected data is processed as part of the above services to generate statistics helpful in administering the Online Store and analyzing traffic in the Online Store. These data are aggregated. The Administrator, using the above services in the Online Store, collects data such as sources and medium of acquiring visitors to the Online Store and the manner of their behavior on the Online Store website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age gender) and interests.

7.8. It is possible for an individual to easily block the sharing of their activity on the Online Store website with Google Analytics. To do this, they can install a browser add-on provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=pl

7.9. Due to the possibility of the Administrator using advertising and analytical services provided by Google Ireland Ltd. in the Online Store, the Administrator indicates that full information on the rules of processing data of people visiting the Online Store (including information stored in Cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services available at the following address: https://policies.google.com/technologies/partner-sites.

7.10. The Administrator may use the Facebook Pixel service in the Online Store provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator measure the effectiveness of advertisements and find out what actions visitors to the online store take, as well as display tailored advertisements to these people. Detailed information on the operation of the Facebook Pixel can be found at the following internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.11. Managing the operation of the Facebook Pixel is possible by setting ads in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Controller encourages that at the time of being transferred to other websites, become familiar with the privacy policy. This privacy policy shall apply only to the Online Store of the Controller.

Privacy policy

CHRUST