§ 1 Definitions
Data controller – the entity which alone or jointly with others determines the purposes and means of processing personal data is Olga Osip – Ossip Design, ul. Biała 8, 31-215 Kraków, NIP: 5492260530.
RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal data – any information about an identified or identifiable natural person.
Processing of personal data – means any operation on personal data, for example collecting, storing, modifying, viewing, sharing, matching or linking, deleting. In connection with the Customer’s use of the Site, the Data Controller processes data to the extent necessary for the proper provision of the services, in accordance with the principle of minimisation set out in Article 5(1)(c) of the RODO.
Website – the website operated by the Data Controller at https://room-box.pl.
Shop – the online shop, operated by the Data Controller at https://room-box.pl.
Customer – any natural person visiting or using the website.
§ 2 Purpose and legal basis of processing
Depending on the purpose of the processing of personal data, the individual processing operations are based on different legal bases, the retention period of the personal data varies, as well as the scope of the data collected.
|Purpose of personal data processing||Legal basis for personal data processing||Personal data retention period||Personal data scope|
|Processing of contracts with customers of the online store||Art. 6 ust. 1 lit. b RODO||The data shall be processed for the duration of the contract and, after its termination, until the expiry of the limitation periods for contractual claims||Name, address, e-mail address, telephone number, address details and identification data for invoicing, billing data|
|Returns and complaints handling||Art. 6 ust. 1 lit. b RODO
Art. 6 ust. 1 lit. c RODO w związku z:
– ustawą z dnia 30 maja 2014 r. o prawach konsumenta;
– ustawą z dnia 29 września 1994 r. o rachunkowości
|Data are processed for 1 year after the warranty expiry date or settlement of the complaint||Name, address, e-mail address, telephone number, bank account number|
|Determination, investigation and defence of claims||Art. 6 ust. 1 lit. f RODO||The data are processed until the expiry of the limitation periods for contractual claims – in accordance with the applicable legislation.||Name, surname, address|
|Maintenance of accounts and bookkeeping||Article 6(1)(c) of the RODO in connection with:
– the Act of 11 March 2004 on Value Added Tax
– Act of 29 September 1994 on accounting
|Data shall be processed for the period laid down by law – in principle 5 years calculated from the beginning of the year following that in which the accounting document was drawn up||Name, address, e-mail address, number
invoice number, telephone account number, billing details
|Newsletter||Art. 6 ust. 1 lit. a RODO||Data is processed until consent is withdrawn.||Name, email|
|Handling of enquiries made via the contact form||Art. 6 ust. 1 lit. a RODO||Data is processed until consent is withdrawn.||Name, telephone number, e-mail address, other data provided voluntarily by the person making the enquiry|
|Maintaining social media accounts to promote the brand (Facebook, Instagram, YouTube)||Art. 6 ust. 1 lit. f RODO||Data are processed until an objection is lodged||For details on data processing in connection with the use of social media, please refer to the privacy policies of the individual sites Facebook Instagram YouTube|
§ 3 Recipients of the data
In connection with its operations, the Data Controller shares personal data with the following entities:
§ 4 Rights of data subjects
1. Service users have the following rights:
2. In the case of processing carried out on the basis of consent, the Service Recipient has the right to withdraw that consent at any time, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
§ 5 Data requirement
§ 6 Transfer of data to a third country or international organisation
Data is not transferred to a third country or international organisation.
§ 7 Automated decision-making
Data is not subject to automated decision-making.
§ 8 Cookies
§ 9 Final provisions