Privacy policy

PRIVACY POLICY OF THE ONLINE STORE

 

 

1. The administrator of personal data collected through the online store www.curiovizn.com is Błażej Szala, conducting business activity in the form of a civil partnership PPHU PRODRAF Rafał Szala place of business and address for correspondence: ul. Fabryczna 16, 43-600 Jaworzno, NIP: 6321182083, REGON: 277648462, email address: support@curiovizn.pl, hereinafter referred to as the „Administrator,” also acting as the „Service Provider.”

2. Personal data collected by the Administrator through the website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as „GDPR.”

3. All terms or expressions written in capital letters in this Privacy Policy shall be understood in accordance with their definition contained in the Terms and Conditions of the online store www.curiovizn.com

 

 

 

 

 

1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes the personal data of Service Users of the www.curiovizn.com

– when registering an Account in the Store to create an individual account and manage it based on Article 6(1)(b) GDPR (performance of a contract for the provision of electronic services in accordance with the Terms and Conditions of the Store),

– when placing an Order in the Store to perform a Sales Agreement based on Article 6(1)(b) GDPR (performance of a sales contract),

– when subscribing to the Newsletter to send commercial information electronically. Personal data is processed after separate consent is given, based on Article 6(1)(a) GDPR.

2. TYPES OF PERSONAL DATA PROCESSED. The Service User provides, in the case of:

– Account: email address,

– Orders: first name and last name, address, tax identification number (NIP), email address, phone number,

– Newsletter: first name and last name, email address.

3. DATA RETENTION PERIOD. The personal data of Service Users are stored by the Administrator:

– in the case where the processing of data is based on the performance of a contract, for as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. If a special provision does not specify otherwise, the limitation period is six years, and for claims related to periodic benefits and claims related to business activity – three years,

– in the case where the processing of data is based on consent, for as long as the consent is not withdrawn, and after the withdrawal of consent, for a period of time corresponding to the limitation period for claims that the Administrator may assert and that may be asserted against him. If a special provision does not specify otherwise, the limitation period is six years, and for claims related to periodic benefits and claims related to business activity – three years.

Additional information may be collected during the use of the Store, including: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.

After giving separate consent based on Article 6(1)(a) GDPR, data may also be processed for the purpose of sending commercial information electronically or making telephone calls for direct marketing – in accordance with Article 10(2) of the Act of 18 July 2002 on the provision of electronic services or Article 172(1) of the Act of 16 July 2004 – Telecommunications Law, including those directed as a result of profiling, provided that the Service User has given appropriate consent.

The Administrator may also collect navigation data, including information about links and references that Users decide to click on or other actions taken in the Store. The legal basis for this type of activity is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) consisting in facilitating the use of services provided electronically and improving the functionality of these services.

Providing personal data by the Service User is voluntary.

The Administrator takes special care to protect the interests of the persons whose data is processed, and in particular ensures that the data collected by him is:

– processed lawfully,

– collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes,

– substantively correct and adequate in relation to the purposes for which they are processed, and stored in a form that allows the identification of the persons to whom they relate, no longer than is necessary to achieve the purpose of processing.

 

 

 

1. The personal data of Service Users are transferred to service providers used by the Administrator in the operation of the Store, in particular to:

– entities performing product delivery,

– payment system providers,

– providers of opinion survey systems,

– accounting office,

– hosting provider,

– software providers enabling business activity,

– entities providing mailing systems,

– providers of software necessary for the operation of the online store.

2. Service providers (referred to in point 1 of this paragraph), to whom personal data are transferred – depending on contractual arrangements and circumstances – either follow the Administrator’s instructions regarding the purposes and methods of data processing (processors) or independently determine the purposes and methods of their processing (administrators).
3. The Administrator informs Service Users that he entrusts the processing of personal data, among others, to Edrone Sp. z o.o., ul. Lekarska 1, 31-203 Krakow, NIP: 676-248-20-64, KRS: 0000537197 – for the purpose of using the edrone.me mailing system for sending newsletters, and for marketing purposes only and exclusively for email, SMS, and social media campaigns initiated or indicated by the Administrator using the edrone system.
4. Personal data of Service Users are stored exclusively in the European Economic Area (EEA), subject to § 5 points 5 and 7 and § 6 of the Privacy Policy.

 

 

 

1. A person whose data is processed has the right to access the content of their personal data and the right to rectify, delete, limit processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the legality of processing based on consent before its withdrawal.

2. The legal basis for the Service User’s requests:

– access to data – Article 15 GDPR,

– rectification of data – Article 16 GDPR,

– deletion of data (the right to be forgotten) – Article 17 GDPR,

– limitation of processing – Article 18 GDPR,

– data portability – Article 20 GDPR,

– objection – Article 21 GDPR,

– withdrawal of consent – Article 7(3) GDPR.

3. To exercise the rights referred to in point 2, you can send an appropriate email to: support@curiovizn.com.
4. In the event that the Service User exercises a right resulting from the above rights, the Administrator will fulfill the request or refuse to fulfill it immediately, but not later than within one month from its receipt. However, if – due to the complex nature of the request or the number of requests – the Administrator is unable to fulfill the request within one month, he will fulfill it within the next two months, informing the Service User in advance within one month of receiving the request – about the intended extension of the deadline and its reasons.
5. In case of finding that the processing of personal data violates the provisions of the GDPR, the person whose data it concerns has the right to lodge a complaint with the President of the Office for Personal Data Protection.

 

 

 

1. The Administrator’s website uses cookies.

2. The installation of „cookies” is necessary for the proper provision of services on the Store’s website. „Cookies” contain information necessary for the proper functioning of the website, and they also allow for the development of general statistics of website visits.

3. Two types of „cookies” are used on the website: „session” and „persistent” cookies.

„Session” cookies are temporary files that are stored on the User’s end device until logging out (leaving the website).

„Persistent” cookies are stored on the User’s end device for the time specified in the parameters of the „cookies” or until they are deleted by the User.

4. The Administrator uses his own cookies to better understand how Service Users interact with the content of the website. Cookies collect information about how the User uses the website, the type of website from which the User was redirected, and the number of visits and the time of the User’s visit to the website. This information does not record specific personal data of the User but is used to compile statistics on the use of the website.

5. The Administrator also uses external cookies to collect general and anonymous statistical data through Google Analytics analytical tools, external cookie administrator: Google LLC. based in the USA).

6. Cookies may also be used by advertising networks (in particular the Google network) to display ads tailored to the way the User uses the Store. For this purpose, they may retain information about the User’s navigation path or the time the User spends on a given page.

7. The Administrator informs that he uses tracking technologies to track actions taken by the User on the Store’s website, i.e., edrone tracking codes – for the purpose of analyzing website statistics and for marketing purposes only and exclusively for email, SMS, and social media campaigns initiated or indicated by the Administrator using the edrone system.

8. The Service User has the right to decide on the access of „cookies” to their computer by:

– selecting the types of „cookies” that they agree to be collected immediately after entering the Store’s website and the message about cookies appears,

– changing the settings of their browser. Detailed information on the possibilities and methods of handling „cookies” is also available in the software settings (web browser).

 

 

 

 

 

 

1. The Store uses so-called social plugins („plugins”) of social media services. By displaying the www.curiovizn.com website containing such a plugin, the User’s browser will establish a direct connection to the servers of Instagram, Pinterest, and Google.

2. The content of the plugin is transferred directly from the respective service provider to the User’s browser and integrated into the website. Thanks to this integration, service providers receive information that the User’s browser has displayed the www.curiovizn.com website, even if the User does not have a profile with the respective service provider or is not currently logged in to it. This information (along with the User’s IP address) is sent directly to the server of the respective service provider (some servers are located in the USA) and stored there.

3. If the User logs in to one of the above social media services, the service provider will be able to directly associate the visit to the www.curiovizn.com website with the User’s profile on that social media service.

4. If the User uses a given plugin, e.g., by clicking the „Like” button or the „Share” button, the relevant information will also be sent directly to the server of the respective service provider and stored there.

5. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and the rights of the User in this regard and the possibility of making settings to protect the User’s privacy, are described in the privacy policy of service providers:

– https://help.instagram.com/519522125107875?helpref=page_content

– https://policy.pinterest.com/pl/privacy-policy

– https://policies.google.com/privacy?hl=pl&gl=ZZ.

6. If the User does not want social media services to directly associate the data collected during visits to the www.curiovizn.com website with the User’s profile on that service, they must log out of that service before visiting the www.curiovizn.com website. The User can also completely prevent the loading of plugins on the website by using appropriate extensions for the browser, e.g., blocking scripts using „NoScript.”

7. The Administrator uses remarketing tools on his website, i.e., Google Ads. Their use involves the use of Google LLC cookies. cookies concerning the Google Ads service. As part of the mechanism for managing cookie settings, the Service User has the option to decide whether the Service Provider will be able to use Google Ads (external cookie administrator: Google LLC. based in the USA) in relation to them.

 

 

 

1. The Administrator applies technical and organizational measures ensuring the protection of processed personal data appropriate to the threats and categories of data covered by the protection, in particular, he ensures that the data collected by him is:

– processed lawfully,

– collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes,

– substantively correct and adequate in relation to the purposes for which they are processed and stored in a form that allows the identification of persons to whom they relate, no longer than is necessary to achieve the purpose of processing.

2. The Administrator provides appropriate technical measures to prevent the acquisition and modification of personal data by unauthorized persons, the taking of data by an unauthorized person, processing in violation of applicable regulations, and change, loss, damage, or destruction of data.

3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant Polish law regulations shall apply accordingly.