Privacy Policy

The protection of Users’ privacy is of particular importance to us. For this reason, Users of the kominki-lumar.com/gb/ website (hereinafter referred to as the Online Shop) are guaranteed the highest standards of privacy protection. PHU LUMAR LUCYNA SZCZĘCH, as the data controller, ensures the security of the personal data provided by Users.

In view of the above and in accordance with the requirements introduced by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 2016.119.1 of 4 May 2016) (hereinafter referred to as the GDPR), this Privacy Policy has been adopted by PHU LUMAR LUCYNA SZCZĘCH to ensure the security of personal data.

This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with their use of the Online Shop and other related websites, communications and services.

A User is any data subject using the Online Shop and other related websites, communications and services. (hereinafter referred to as the User).

The controller of personal data collected in the Online Store is PHU LUMAR LUCYNA SZCZĘCH, Składowa 1 (access from Ceramiczna Street), 34-400 Nowy Targ, Tax Identification Number (NIP): 7352171307, National Business Registry Number (REGON): 492900797 (hereinafter referred to as the Controller).

To the extent necessary to perform the contract concluded between the User and the Controller, as well as to the extent necessary for the Controller to take action at the User’s request, and to the extent necessary to fulfil a legal obligation incumbent on the Controller - the processing of the User’s personal data takes place on the basis of a legal provision, namely Article 6(1)(b) and (c) of the GDPR, without the need for the User to consent to the processing of their personal data. In all other respects, the provision of personal data by the User is voluntary. However, to the extent that consent to the processing of the User’s personal data has been given by the User solely for marketing purposes, the provision of personal data by the User is voluntary; however, a refusal to give consent or the withdrawal of consent will prevent the Controller from informing the User about new offers and discounts.

I. USER CONSENT

By using the Online Store, the User accepts that the Controller collects, uses and discloses non-personal and personal data in accordance with this Privacy Policy. However, the User has control over how their data is used and shared, as described in detail in Chapter V of this Privacy Policy, “User Rights”.

Where personal data is processed on the basis of the User’s consent, the User has the right to withdraw their previously given consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal. The Controller informs the User of the possibility of withdrawing consent before the User gives their consent.

In the event of a change to this Privacy Policy, if the User continues to use the Online Store, this action shall be deemed to constitute consent to the current terms of the Privacy Policy.

II. PERSONAL DATA PROCESSED BY THE CONTROLLER

1. Methods of collecting personal data
   1. Personal data obtained directly from the User
      The Controller obtains personal data in two ways. The first method is to obtain personal data directly from the User, through:
      • the User sending a message via the contact form provided on the Online Shop,
      • the User creating a customer account in the Online Shop,
      • placing an order for goods or services in the Online Shop,
      • the User contacting the Controller to obtain technical support, make a complaint or for any other purpose.
   2. Personal data obtained from other sources
      The Controller also obtains personal data from sources other than directly from the User, namely:
      by recording how the User uses the Online Store via cookies and other technologies, and by receiving error reports or usage data from software running on the User’s device,
      • from partners with whom the Controller offers goods and services or conducts joint marketing activities.
2. Personal data processed by the Controller
   The scope of personal data concerning Users collected by the Controller may vary depending on the purpose of processing personal data.
   The Controller collects, among other things, the following personal and non-personal data:
   • Login name,
   • First name and surname / company name / first name and surname of the business owner or the first names and surnames of business owners operating as a partnership,
   • Correspondence address,
   • Telephone number,
   • Email address,
   • Tax Identification Number (NIP),
   • Business Registration Number (REGON),
   • Computer IP address,
   • Payment details, if the User makes a purchase in the Online Shop.
   • Information contained in cookies and similar technologies regarding the User’s interaction with the Administrator’s Online Shop.

In addition, the Administrator collects data regarding the content of the User’s files and messages where this is required to fulfil an order placed or to provide the User with a customer account service, including: the subject and content of emails, the text or other content of instant messages, audio and video recordings of video messages, audio recordings and transcripts of voice messages received by the User or text messages dictated by them.

The Controller also collects information provided by the User, including opinions and reviews of goods and services, and information provided for the purpose of obtaining technical support. Furthermore, when contact is made, the Controller collects the content of the message.

III. METHOD OF DATA PROCESSING – PURPOSES OF THE ADMINISTRATOR’S PROCESSING OF PERSONAL DATA

The manner in which the Controller processes personal data relating to the User depends on the extent to which the User uses the Online Shop.

1. Orders, customer account (performance of a contract)
   If the User decides to place an order for goods or services presented in the Online Shop, the Controller will process the User’s personal data to the extent necessary to conclude a sales contract or a contract for the provision of services and to ensure the proper performance of the contract concluded with the User.
   If the User creates a customer account on the Online Store, the Controller uses the User’s personal data for the proper performance of the contract for the provision of electronic services, including the authentication and authorisation of the User’s access to the customer account.
2. Communication (performance of the contract, legitimate interest pursued by the Controller)
   The Controller uses the User’s personal data to communicate with them in a personalised manner. This communication involves sending emails, posting notifications on websites and using other means within the framework of the Online Shop and the customer account service provided, including text messages and push notifications. The content communicated to the User relates to the goods and services offered, i.e. the availability of services and how to use them, the security of personal data, network updates, reminders, as well as the Administrator’s suggested offers.
   Communication with the User also concerns customer support. Personal data is used to assist the User, resolve issues and respond to their complaints.
   The Controller also uses the User’s personal data to enable them to comment on the Controller’s activities, the Online Shop, services and goods.
3. Advertising (consent, legitimate interest pursued by the Controller)
   The Controller uses the User’s personal data to offer them personalised advertisements, provided the User has consented to such activities or where a business relationship has been established between the Controller and the User. These advertisements relate to both the Administrator’s offers and those of entities cooperating with the Administrator.
   The advertisements presented to the User are tailored individually to each User (so-called “profiling”) through the use of:
   • data provided directly by the User,
   • data collected whilst the User is using the Online Shop,
   • information provided by third parties,
   • data derived from advertising technologies, such as cookies,
   • web beacons, pixels, ad tags and mobile identifiers.
   The Controller does not share the User’s personal data with third-party advertisers or advertising networks without the User’s consent. However, if the User clicks on an advertisement displayed to them, the advertiser will be informed of this.
4. Improving the Online Shop (the Administrator’s legitimate interest)
   The Administrator uses the User’s personal data for analytical and statistical purposes in order to continuously improve the Online Shop, the goods and services offered by the Administrator, to provide better solutions, and to add new features and capabilities.
   Personal data relating to Users is also used by the Controller for market research, public opinion surveys and economic analysis in order to continuously improve the Online Store.
5. Security (the Administrator’s legitimate interest)
   The Administrator uses the User’s personal data to monitor, prevent, detect and combat fraud and abuse, to protect other Users from such abuse, and to ensure network and information security. Where there is a reasonable suspicion that a criminal offence has been committed, the User’s personal data will be used to investigate the likely commission of a criminal offence or other breach of this Privacy Policy by unauthorised persons.
6. Pursuit of claims (the Controller’s legitimate interest)
   Where the User decides to use the Online Shop, in particular by creating a customer account or placing an order for goods or services through it, the Controller may process the User’s personal data to the extent necessary to pursue any claims arising from its business activities, as well as to analyse potential breaches of the rules governing the use of the Online Store.
7. Tax records (compliance with a statutory obligation)
   Where the User places an order for goods or services via the Online Shop, the Controller will process the User’s personal data to the extent necessary for maintaining tax records and settling accounts in respect of the orders fulfilled.

IV. DISCLOSURE OF PERSONAL DATA BY THE CONTROLLER

The User’s personal data is or may be disclosed to the following categories of recipients:

1. entities providing certain services in the sales process, i.e. courier/postal service providers, payment institutions acting as intermediaries in the processing of payments by Users for orders placed for goods or services;
2. advertising or marketing service providers, where the purpose is the direct marketing of the Controller’s own services;
3. providers of legal and advisory services and those supporting the Controller in pursuing claims (in particular law firms and debt collection agencies);
4. entities processing personal data on behalf of the Controller, e.g. technical service providers operating the technical infrastructure necessary to run the Online Shop;
5. entities authorised to obtain data under applicable law, e.g. courts or law enforcement agencies, when they make a request based on an appropriate legal basis.

V. USER RIGHTS

The User has the right to decide on their personal data by making choices regarding the disclosure of specific personal data, including privacy settings. However, in such a situation, the User must be aware that they will not be able to fully utilise certain features of the Online Store or services offered by the Controller.

Should the User wish to exercise their rights as a data subject, they may contact the Controller by sending an email to biuro@kominki-lumar.com. The User may exercise some of their rights as a data subject via their customer account on the Online Store.

1. Right of access to data
   The User is entitled to obtain confirmation from the Controller as to whether their personal data is being processed, and if so, they are entitled to access information regarding the details of the processing of their data, including in particular information on the purpose of the processing and the categories of data being processed.
   The User also has the right to request a copy of the personal data being processed.
2. Right to rectification
   The User has the right to have any personal data that is inaccurate rectified. They have the right to request the correction, supplementation or deletion of errors, inaccuracies and misleading information in the entire data set concerning them.
   Personal data that is incorrect cannot be the subject of supplementation; that is, the User may not request the replacement or supplementation of existing data with incorrect data.
   Where the personal data being processed is incomplete, the User may submit an additional statement to supplement it. Such a statement may be submitted in any form, including electronically.
3. Right to erasure (right to be forgotten)
   The User has the right to request the erasure of their personal data if one of the following circumstances applies:
   1. the User’s personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
   2. the User has withdrawn the consent on which the processing is based and there is no other legal basis for the processing;
   3. the User objects to the processing of their personal data;
   4. the personal data has been processed unlawfully;
   5. the personal data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which the Controller is subject;
   6. the personal data has been collected in connection with the provision of information society services.
   The right to be forgotten applies to the User only where they exercise their right to erasure and only where the personal data concerning them has been made public by the Controller.
4. Right to restriction of processing
   The User has the right to restrict the processing of their personal data in the following cases:
   1. The User disputes the accuracy of the personal data – for a period allowing the Controller to verify the accuracy of such data;
   2. the processing is unlawful and the User objects to the erasure of the personal data, requesting instead that its use be restricted;
   3. The Controller no longer requires the User’s personal data for processing purposes, but the User requires it to establish, exercise or defend legal claims;
   4. the User has objected to the processing – until it is determined whether the Controller’s legitimate grounds override the User’s grounds for objection.
   In the event of a restriction on processing, the Controller may process personal data, with the exception of storage, solely:
   1. with the User’s consent; or
   2. for the purpose of establishing, exercising or defending legal claims, or
   3. for the purpose of protecting the rights of another natural or legal person, or
   4. for reasons of substantial public interest of the Union or of a Member State.
5. Right to data
   portability The User has the right to receive, in a structured, commonly used format, the personal data concerning them which they have provided to the Controller, and has the right to transmit that data to another controller.
   The User also has the right to request that their personal data be transmitted by the Controller directly to another controller, where technically feasible.
6. Right to object
   The User has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data:
   1. in the public interest, in the exercise of official authority vested in the Controller,
   2. to processing for direct marketing purposes, including profiling where it is related to such direct marketing,
   3. for a legitimate interest of the Controller.
   The procedure for considering the objection and all communication are free of charge; it is also possible to lodge an objection electronically.
7. Right to lodge a complaint
   The User has the right to lodge a complaint with the Office for Personal Data Protection, in particular in the Member State of their habitual residence, their place of work or the place where the alleged infringement occurred.

VI. COOKIES AND OTHER TECHNOLOGIES USED BY THE CONTROLLER

The Controller uses cookies and other similar technologies to ensure an optimal experience for the User’s visit to the Online Shop, to enable faster and easier access to information, and to offer Users increasingly improved functionality of the Online Shop, as well as for marketing and remarketing purposes (including necessary analytical activities and the creation of marketing profiles based on the User’s activity on individual subpages of the Online Store). Cookies are fragments of code in the form of text files that respond to HTTP requests sent to the Administrator’s server. The Online Shop also uses other available technologies that allow information to be stored in the browser in appropriate data stores (Session Storage, Local Storage), and fragments of code from analytical tools provided by other suppliers are also placed there, which enable cookies to be stored in the domains of those services. The storage of information or access to it does not result in any configuration changes to the User’s device or the software installed on it. Information contained in cookies and similar technologies is considered personal data only in conjunction with other personal data available regarding a given User. If the User does not consent to the storage and retrieval of information in cookies or similar technologies, they may change the cookie settings via their web browser or use the so-called opt-out option on the website of the provider of the relevant technological solution. Detailed information regarding the technologies used by the Controller is available in the Cookie Policy.

VII. OTHER IMPORTANT INFORMATION

1. Protection of personal
   data security The Controller implements various measures to ensure the security of the User’s personal data. The secure use of the services offered is ensured by the systems and procedures in place to protect against unauthorised access to and disclosure of data. Furthermore, the systems and procedures used by the Controller are regularly monitored to detect any potential threats. Personal data obtained by the Controller is stored in computer systems to which access is strictly limited.
2. Storage of personal
   data The period for which Users’ personal data is stored may vary, as different purposes for processing such data may be specified in relation to the personal data of different Users.
   The Controller stores personal data for the period necessary to achieve the specified purposes, i.e.:
   1. for analytical and statistical purposes – for the period necessary to achieve the objectives related to the effective operation and development of the Online Shop;
   2. in the case of order fulfilment and the provision of services to the User – for the duration of the contract and the limitation period for claims;
   3. for the period required by law in relation to the purpose of maintaining tax records and settlements under executed contracts;
   4. in the case of processing personal data for marketing purposes – for the duration of the business relationship with the User, unless the User objects to such processing for these purposes beforehand;
   In each of the above cases, after the expiry of the necessary processing period, data may be processed only to safeguard the pursuit of claims or defence against them, and after that time only if and to the extent required by law.
   Users’ personal data is stored in the Controller’s database, which employs technical and organisational measures to ensure the protection of the data being processed in accordance with the requirements set out in applicable law. Only the Controller has access to the database.
3. Changes to the Privacy
   Policy In order to update the information contained in this Privacy Policy and to ensure its compliance with applicable law, this Privacy Policy may be amended. As the content of the document changes, the date of its update, as stated at the beginning of this Privacy Policy, will be amended. However, the User will be notified of any significant changes via a notice posted on the Online Shop’s website or directly. In order to obtain information on how personal data is protected, the Controller recommends that Users regularly review these Privacy Policy rules.
4. Contact details
   In the event of any queries regarding personal data protection or to obtain information concerning this Privacy Policy, the User may contact the Controller via email at biuro@kominki-lumar.com or by post at the following address: Składowa 1 (access from Ceramiczna Street), 34-400 Nowy Targ.