INFORMATION ON PROCESSING OF PERSONAL DATA
I. Personal data administrator
1. The administrator of personal data within the meaning of art. 4 point 4 RODO  is Dawid Banaczek engaged in a business under PRO Dawid Banaczek at ul. St. Wojciecha 37, 80-044 Gdańsk, NIP: 5911434585, REGON: 220339060.
2. Contact details of the data administrator: a) telephone: +48 503 302 310; b) e-mail address: firstname.lastname@example.org.
3. Administrator in accordance with art. 32 para. 1 RODO adheres to the principle of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data processed in connection with its operations.
4. Providing personal data by the client is voluntary but necessary in order to conclude a contract with the data administrator.
5. Data controller processed personal data in the form of identification data (name and surname and company name), address data, tax identification number and other registration numbers, contact details (phone number) and identification data of persons indicated for contact by the client.
II. Purpose and basis of personal data processing
The administrator processes personal data for the following purposes:
a) concluding and implementing sales contracts with clients, based on the concluded contract (Article 6 paragraph 1 letter b) of the GDPR);
b) providing services electronically via the Online Store (eg providing the possibility of registration and having an Online Shop customer account);
c) handling the complaint process, based on the obligation incumbent on the data controller in relation to applicable law (Article 6 (1) (c) of the RODO);
d) accounting related to the issue of settlement documents, based on the provisions of tax law, including the Act dated. September 29, 1994 on accounting and the Act dated. 11.03.2004 on tax on goods and services (Article 6 (1) (c) of the GDPR);
(e) archiving of data for a possible determination, investigation or defense against claims, which is the legitimate interest of the controller (Article 6 (1) (f) of the RODO);
f) direct marketing of own products, which is the legitimate interest of the controller (Article 6 (1) (f) of the RODO) or takes place based on the consent of the data subject (Article 6 (1) (a) and (GDP));
g) contact by phone or via electronic mail, in particular in response to inquiries addressed to the data controller, which is the legitimate interest of the controller (Article 6 (1) letter f of the RODO);
h) sending technical information about the functioning of the Online Store and the services used by the client, which is the legitimate interest of the data controller (Article 6 (1) letter f of the RODO).
III. Recipients of data. Transmission of data to third countries
1. Recipients of personal data processed by the data controller may be subcontractors - entities whose services are used by the data controller during the processing of data, eg accounting offices, law offices.
2. Recipients of personal data may also be postal operators, couriers or other transport companies through which the data controller performs the delivery of products to clients.
3. Personal data may be transferred to entities based outside the European Economic Area, i.e. to Google LLC as a Google Analytics service provider and Google AdWords, and to Optimizely Inc. as an Optimizely service delivery, based on appropriate legal safeguards, which are standard clauses of personal data protection approved by the European Commission.
IV. The period of storage of personal data
The data controller shall store personal data for the duration of the contract concluded with the data subject and after its termination for purposes related to pursuing claims related to the contract, performance of obligations under applicable law, but not for more than 10 years, unless the consent to the processing of data has been withdrawn beforehand, and the processing of data can not be continued on a basis other than the consent of the data subject.
V. The rights of the data subject
1. Any person whose personal data is processed by an administrator has the right to access their data, the right to rectify it, delete it ("the right to be forgotten"), processing restrictions, the right to data transfer, the right to object and the right to withdraw consent to process data at any time.
2. Any person who considers that his or her personal data are processed by the administrator in violation of the provisions of the GDPR or other relevant provisions of law, regarding the processing of personal data