PRIVACY POLICY

OF THE KAMAPROPS.COM ONLINE STORE

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. GROUNDS FOR DATA PROCESSING
  3. PURPOSE, GROUNDS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
  4. DATA RECIPIENTS IN THE ONLINE STORE
  5. PROFILING IN THE ONLINE STORE
  6. DATA SUBJECT RIGHTS
  7. ONLINE STORE COOKIES AND ANALYTICS
  8. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1.This Privacy Policy is for informational purposes only, which means that it does not impose any obligations on any Customer or Client of the Online Store. Privacy Policy primarily introduces the rules of personal data processing by the Administrator in the Online Store, including a grounds, purposes and duration of personal data processing and rights of data subjects, as well as information on the use of cookies and analytical tools in the Online Store.

1.2.The controllers of the personal data obtained through the Online Store are partners conducting business activity on the basis of a civil code partnership under the name KAMAPROPS SP. Z O.O. (business and service address: Piekoszowska 37A lok. IIp, 25-621 Kielce, POLAND), NIP (Taxpayer Identification Number) of the civil code partnership: 9592041195, REGON (National Business Registry Number): 388382877, KRS (National Court Registry Number): 0001069853, email address: info@kamaprops.com, phone number: +48 533 330 306, i.e:

      1. KAMILA REDZISZ, conducting business activity under the business name KAMAPROPS KAMILA REDZISZ (business address: Al. Szajnowicza-Iwanowa 19/16, 25-636 Kielce, POLAND) entered in the Central Registration and Information on Business Activity of the Republic of Poland held by a respective Minister of Economy, NIP: 6572441240, REGON: (National Business Registry Number) 260098339;
      2. PAWEŁ REDZISZ, conducting business activity under the business name "SOLAR" PAWEŁ REDZISZ (business address: Al. Szajnowicza-Iwanowa 19/16, 25-636 Kielce, POLAND) entered in the Central Registration and Information on Business Activity of the Republic of Poland held by a respective Minister of Economy, NIP: 9591337893, REGON: (National Business Registry Number) 388218876.

- hereinafter jointly referred to as " Controller" and being Service Provider of the Online Store and Vendor at the same time

1.3.Personal data are processed by the Controller in the Online Store with respect to the applicable legal provisions and, specifically, pursuant to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC -- hereinafter referred to as "GDPR" or the "General Data Protection Regulation". An official text of the GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

1.4.Using and making purchases from the Online Store is voluntary. Similarly, the related disclosure of personal data by the Customer or Client using the Online Store is voluntary, subject to two exceptions: (1) entering into agreements with the Controller - failure to provide personal data necessary for the conclusion and performance of a Sales Agreement or an agreement for the provision of an Electronic Service with the Controller in the cases and to the extent specified on the Online Store website, in the Regulations of the Online Shop and in this Privacy Policy shall result in the impossibility of concluding that agreement. Disclosure of personal data in this case is a contractual requirement, and if the data subject wishes to enter into a agreement with the Controller, that person is required to disclose relevant data. Each time the amount of data required to conclude an agreement is specified in advance on the website of the Online Store and in the Regulations of the Online Store; (2) Controller's statutory obligations - disclosure of personal data is a statutory requirement resulting from generally applicable legal provisions imposing an obligation to process personal data on the Controller (e.g. processing of data for the purpose of keeping tax books) and failure to provide such data prevents the Controller from performing those obligations.

1.5.The controller shall exercise special care to protect the rights of the individuals whose personal data it processes, and in particular shall be responsible for and ensure that the data it collects are: (1) lawfully processed; (2) collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes; (3) substantively accurate and adequate to the purposes for which it is processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary to fulfil the purpose of processing; and (5) processed in a manner which ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or corruption, by means of appropriate technical or organizational measures.

1.6.Considering the nature, scope, context and purposes of processing and the risk of infringement of the various rights or liberties of individuals, the Controller shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with the GDPR and shall be able to prove it. These measures are reviewed and updated if necessary. The Controller utilizes technical measures to prevent unauthorized individuals from obtaining and manipulating personal data sent electronically.

1.7.All words, phrases and acronyms found in this privacy policy that begin with a capital letter (e.g. Vendor, Online Store, Electronic Service) shall be understood as defined in the Regulations of the Online Store available on the websites of if it.

2. GROUNDS FOR DATA PROCESSING

2.1.The Controller is authorized to process personal data where, and to the extent that, one or more of the following conditions are met: (1) the data subject has given consent to the processing of his/her personal data for one or more specified purposes; (2) processing is necessary for the performance of an agreement to which the data subject is party or in order to take action at the request of the data subject prior to entering into an agreement; (3) processing is necessary to fulfil any legal requirements or (4) processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are surpassed by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular if the data subject is a child.

2.2.Processing of personal data by the Controller requires, each time, at least one of the grounds indicated in Point 2.1 of this privacy policy. Specific grounds for processing the Service Recipients and Customers personal data by the Controller are indicated in the subsequent Point of the privacy policy - with reference to a given purpose of personal data processing by the Controller.

3. PURPOSE, GROUNDS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE

3.1.Each time, the purpose, ground, duration and recipients of the personal data processed by the Controller results from the actions taken by a respective Service Recipient or Client in the Online Store or by the Controller.

3.2.The Administrator may process personal data within the Online Store for the following purposes, on the grounds and for the duration indicated in the table below:

Purpose of data processing

Legal basis for the processing of personal data

Data retention period
Performing a Sales Agreement or an agreement for the provision of Electronic Services, or taking action at the request of the data subject prior to entering into the abovementioned agreements Article 6(1), letter b) of the GDPR (performance of an agreement) - processing is necessary for the performance of an agreement to which the data subject is a party, or to take action at the request of the data subject prior to entering into an agreement Data shall be stored for a period necessary to perform or terminate the concluded Sales Agreement or an agreement for the provision of Electronic Services.
Direct marketing Article 6(1), letter f) of the f) GDPR (legitimate interests of the Controller) - processing is necessary for purposes resulting from the Controller's legitimate interests - involving taking care of the interests and good reputation of the Controller, his Online Store and efforts to sell the Products

The data shall be stored for the duration of the legitimate interest pursued by the Controller, however, no longer than the duration of the limitation period of the Controller's claims against the data subject on account of the Administrator's business activity. The limitation period shall be determined by the provisions of law, in particular of the Civil Code (basic limitation period for claims related to the conduct of business activities is three years, and for the Sales Agreement - two years).

The Controller shall not process the data for the purposes of direct marketing if the data subject has filed an effective objection in this respect.
Marketing Article 6(1), letter a) of the a) GDPR (consent) - the data subject has given consent for his/her personal data to be processed for marketing purposes by the Controller The data is kept until the data subject withdraws his or her consent to further handling of his/her data for this purpose.
Keeping a revenue registry Article 6(1), letter c) of the GDPR in conjunction with an Article 86(1) of the Tax Ordinance Act of 17 January 2017 (Polish Journal of Laws of 2017, item 201, as amended) - processing is necessary for compliance with a legal obligation to which the Controller is subject The data is stored for a duration required by law requiring the Controller to keep revenue records (for the limitation period of tax obligations, unless tax laws provide otherwise).
Determining, pursuing or defending claims that the Controller may raise or that may be raised against the Controller Article 6(1), letter f) of the of the GDPR (legitimate interest of the Controller) - processing is necessary for the purposes arising from the Controller's legitimate interests - concerning the determination, assertion or defense of claims,which may be raised by the Controller or which may be raised against the Controller The data shall be stored for the duration of the legitimate interest pursued by the Controller, however, no longer than the duration of the limitation period of the Controller's claims against the data subject on account of the Controller's business activity (basic limitation period for the claims against the Controller is six years).
Using the Online Store's website and ensuring its proper operation Article 6(1), letter f) of the of the GDPR (legitimate interest of the Controller) - processing is necessary for the purposes arising from the Controller's legitimate interests - concerning running and maintaining the Online Store website The data shall be stored for the duration of the legitimate interest pursued by the Controller, however, no longer than the duration of the limitation period of the Controller's claims against the data subject on account of the Administrator's business activity. The limitation period shall be determined by the provisions of law, in particular of the Civil Code (basic limitation period for claims related to the conduct of business activities is three years, and for the Sales Agreement - two years).
Statistics and traffic analysis of the Online Store Article 6(1), letter f) of the of the GDPR (legitimate interest of the Controller) - processing is necessary for the purposes arising from the Controller's legitimate interests - concerning making statistics and traffic analysis of the Online Store in order to improve its retail operations and increase sales of the Products. The data shall be stored for the duration of the legitimate interest pursued by the Controller, however, no longer than the duration of the limitation period of the Controller's claims against the data subject on account of the Controller’s business activity. The limitation period shall be determined by the provisions of law, in particular of the Civil Code (basic limitation period for claims related to the conduct of business activities is three years, and for the Sales Agreement - two years).

4. DATA RECIPIENTS IN THE ONLINE STORE

4.1.In order for the Online Store to function properly, including the performance of Sales Agreements, the Controller has to use the services of third parties (such as software providers, couriers or payment processors). Controller shall only employ those processors that provide satisfactory guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and secures rights of the data subjects

4.2.Personal data can be transferred by the Controller to a third country, whereby the Controller ensures that in such a case this shall take place with the country providing an adequate degree of protection - in accordance with the GDPR, and in the case of other countries that the transfer shall take place on the basis of standard data protection clauses. Controller shall ensure that the data subject is able to obtain a copy of his/her data. Controller shall transfer obtained Personal Data only if and to the extent necessary to fulfill the specific purpose of the processing in accordance with this Privacy Policy.

4.3.Data transfer by the Controller does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy - the Controller transfers data only if it is necessary for the achievement of a given objective of personal data processing and only to the extent necessary for its achievement.

4.4.Personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

      1. carriers / freight forwarders / brokers couriers / entities operating the warehouse and/or the dispatch process - in case of a Customer who uses the mail or courier product delivery type in the Online Store, the Collector makes the obtained personal data of the Customer available to the selected carrier, freight forwarder or broker performing the shipment on the request of the Collector, and if the shipment is made from an external warehouse - to the entity operating the warehouse and/or the dispatch process - to the extent necessary to complete the delivery of the Product to the Customer.
      2. entities processing electronic or credit card payments - if a Custom er uses the electronic or credit card payments in the Online Store, the Collector shall make available the collected personal data of the Customer to a chosen entity processing the above payments in the Online Store at a request of the Controller and to the extent necessary to process a payment made by the Customer.
      3. service providers supplying the Controller with technical, IT and organizational solutions, which enable the Controller to conduct business operations, including the Online Store and the Electronic Services provided by means of it (in particular, providers of computer software for the Store, e-mail and hosting providers, as well as providers of business management and technical support software for the Controller) - the Controller shall make the collected personal data of the Client available to a chosen provider acting on its behalf only in the case and to the extent necessary to accomplish a given target of data processing in accordance with this Privacy Policy.
      4. providers of accounting, legal and advisory services granting accounting, legal or advisory support to the Collector (in particular an accounting firm, a law firm or a debt collection agency) - the Collector makes the collected personal data of the Client available to the selected provider acting on his behalf only in the case and to the extent necessary to accomplish the given target of data processing in accordance with this Privacy Policy.
      5. providers of social plugins, scripts and other similar tools enabling the Online Store visitor's web browser to download content from the providers of the aforementioned plug-ins (e.g. logging in using social media name and password) and transfer the visitor's personal data to those providers for that purpose, including:
        1. Facebook Ireland Ltd. - The Controller uses Facebook social plugins on the Online Store website (e.g. Like button, Share or logging in using Facebook name and password), collects and discloses personal data of the Customer using the Online Store website to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy policy available here: https://www.facebook.com/about/privacy/ (this data includes information regarding activities on the Online Store - including information about device, sites visited, purchases made, ads displayed, and how the Client uses the services - regardless of whether he/she has a Facebook account and is logged to it).

5. PROFILING IN THE ONLINE STORE

5.1.The GDPR imposes a duty on the Controller to provide information on automated decision-making, including profiling, as referred to in the Articles 22(1) and 22(4) of the GDPR, and - at least in those cases - relevant information regarding the grounds on which they are undertaken, as well as the significance and the foreseeable consequences of such processing for the data subject. Give the above, the Controller provides information on possible profiling in this section of the privacy policy.

5.2.The Controller can use profiling in the Online Store for direct marketing purposes, however decisions made on its basis by the Controller shall not concern conclusion or withdrawal from the Sales Agreement or possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be e.g. granting a given person a discount, sending him/her a discount code, reminding him/her of unfinished shopping, sending a proposal of a Product which may correspond to the interests or preferences of a given person or offering better conditions in comparison with the standard offer of the Online Store. Despite the profiling, it is the person concerned who freely decides whether to use the discount received and make a purchase from the Online Store.

5.3.Profiling in the Online Store involves an automatic analysis or prognosis of a given person's behavior on the Store's website e.g. by adding a particular Product to the shopping cart, browsing the page of a particular Product in the Online Store or by analyzing the history of purchases made in the Online Store. Such profiling is dependent on the Controller possessing the person's personal data in order to be able to send, for example, a discount code to such a person.

5.4.The data subject has the right not to be affected by a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning the data subject or significantly affects him or her in a similar manner.

6. DATA SUBJECT RIGHTS

6.1.Right of access, correction, limitation, deletion or transfer - The data subject has the right to require the Controller to access, correct, delete ("right to be forgotten") or limit processing of his/her personal data and has the right to object to processing and to transfer his/her data. Detailed conditions for the exercise of the rights indicated above are indicated in the Articles 15-21 of the GDPR.

6.2.Right to revoke consent at any time - a person whose data is processed by the Controller on the basis of expressed consent (pursuant to the Article 6(1), letter a) or Article 9(2), letter a) of the GDPR), has the right to revoke consent at any time without affecting the legitimacy of the processing that was carried out on the basis of consent before its revocation.

6.3.Right to file a complaint to the supervisory authority - the person whose data is processed by the Controller has the right to file a complaint to the supervisory authority in the manner and form specified in the provisions of the GDPR and Polish laws, in particular the Personal Data Protection Act. A supervisory authority in Poland is the President of the Personal Data Protection Office (UODO).

6.4.Right to object - The data subject has the right to object at any time, on grounds relating to his/her specific situation, to the processing of personal data concerning him/her pursuant to the Article 6(1), letter e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. The Controller shall in that case no longer be permitted to process such personal data unless the Controller provides compelling legitimate grounds for the processing which surpass the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defense of claims.

6.5.Right to object to direct marketing - if personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him/her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.

6.6.In order to exercise the rights referred to in this section of the privacy policy, you can contact the Controller by sending a proper message in writing or by e-mail to the Controller's address indicated in the preamble of this privacy policy or by using the contact form available at the Online Store website.

7. ONLINE STORE COOKIES AND ANALYTICS

7.1.Cookies are small pieces of data in the form of text files sent by a server and stored on the website of the Online Store (e.g. on the hard drive of a computer, laptop or smartphone memory card - depending on the device used by the visitor to our Online Store). Detailed information regarding cookies as well as the history of their creation can be found, among others, here: https://pl.wikipedia.org/wiki/HTTP_cookie.

7.2.The Cookies that may be sent by the Online Store website can be divided into different types, according to the following criteria:

Their supplier:

  1. own (created by the Controller's Online Store website) and
  2. belonging to third parties (other than the Controller)

Their retention period on the website visitor's device:

  1. session (kept until you log out of the Online Store or close your web browser) and
  2. persistent (stored for a certain period of time, defined by the parameters of each file or until manually deleted)

The purpose of their use:

  1. necessary (allowing proper operation of the Online Store's website),
  2. functional/preference (allowing to match the website of the Online Store to the preferences of a person visiting the site),
  3. analytical and performance (gathering information on the use of the website),
  4. marketing, advertising and social media (gathering information on a person visiting the Online Store's website in order to display advertisements to that person, personalize them, measure effectiveness and conduct other marketing activities, also on the websites different than the Online Store's website, such as social networking sites or other websites belonging to the same advertising networks as the Online Store)

7.3.The Controller
may process data contained in cookies when visitors use the website for the following specific purposes:

Purposes of using cookies in the Controller's Online Store identification of Customers as logged in at the Online Store and showing that they are logged in (necessary cookies)
saving Products added to the basket in order to place an Order (necessary cookies)
storing data from completed Order Forms, surveys or login data to the Online Store (essential and/or functional/preference cookies)
customization of the website content to the individual preferences of the Customer (e.g. as to colors, font size, page layout) and an improvement of the website's functionality (functional/preference Cookies)
keeping anonymous statistics showing how the Store's website is used (analytical and performance cookies)
displaying and rendering advertisements, limiting the number of advertisements displayed and ignoring advertisements which the Customer does not want to see, measuring the effectiveness of advertisements, as well as advertisement personalization, i.e. studying the features of visitors' behavior in the Online Shop through an anonymous analysis of their actions (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, even when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social media cookies)

7.4.Checking the most popular web browsers which cookies (including the duration of cookies and their provider) are sent at a given moment by the Online Store website is possible in the following way:

In Chrome browser:
(1) click on the lock icon on the left in the address bar, (2) go to the "Cookies" tab.		 In Firefox browser:
(1) click on the shield icon on the left in the address bar, (2) go to the "Allowed" or "Blocked" tab, (3) click the box for "Site-to-Site Tracking Cookies," "Social Media Tracking Elements," or "Content with Tracking Elements"		 In Internet Explorer browser:
(1) click the "Tools" menu, (2) go to the "Internet Options" tab, (3) go to the "General" tab, (4) go to the "Settings" tab, (5) click the "View Files" box
In Opera browser:
(1) click on the lock icon on the left in the address bar, (2) go to the "Cookies" tab.		 In Safari browser:
(1) click the "Preferences" menu, (2) go to the "Privacy" tab, (3) click in the "Manage Site Data" box		 Regardless of your browser, using the tools available at, for example: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/

7.5.By default, most web browsers on the market accept the storage of cookies. Everyone can define conditions for the use of cookies through the settings of the web browser. This means that it is possible, for example, to partially limit (e.g. temporarily) or completely disable the possibility of storing cookies - in the latter case, however, this may have an impact on some of the functionality of the Online Store (for example, it may not be possible to proceed to the Order through the Order Form due to the Products not being saved in the shopping cart during the subsequent steps of submitting an Order).

7.6.The settings of an Internet browser regarding cookies are important from the perspective of consent to the use of cookies by our Online Store - according to the regulations, such consent may also be expressed by means of browser settings. Detailed information on how to change the settings for cookies and how to delete them manually in the most popular web browsers is available in the help section of any web browser and on the following pages (click on the link):

In Chrome browser

In Firefox browser

in Internet Explorer browser:

in Opera browser:

In Safari browser:

In Microsoft Edge browser:

7.7.The Controller may use Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) for the Online Store. These services help the Collector to collect statistics and analyze the traffic in the Online Store. The collected data is processed as part of the above services to produce statistics that help to manage the Online Store and analyze traffic in its website. This data is of aggregate character. When using the above services for the Online Store, the Controller collects such data as the source and medium of acquiring visitors to the Online Store and the manner of their behavior on the Store's website, information on the devices and browsers from which they visit the site, IP and domain, geographic and demographic data (age, gender) and personal interests.

7.8.It is possible to block a given person from disclosing information to Google Analytics regarding his/her activity on the Store's website in an easy way - for this you can, for example, install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9.In connection with the Controller's willingness to use advertising and analytical services provided by Google Ireland Ltd. for the Online Store, the Controller indicates that full information on the rules of processing website visitors data (including information saved in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services, available at the following website address: https://policies.google.com/technologies/partner-sites.

8. FINAL PROVISIONS

8.1.The Online Store may contain links to other websites. The Controller urges to read the privacy policy posted on the other websites upon visiting them. This privacy policy applies only to the Controller's Online Store.