PRIVACY AND COOKIES POLICY
I. Definitions and general information
Administrator - the administrator of the personal data is Marta Zawadzka, doing business under the name MARTA ZAWADZKA MARTAGALLERY.COM, Świętokrzyska 30/55 street, 00-116 Warsaw, NIP: 9661556549, e-mail: firstname.lastname@example.org .
Personal data - information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
Cookies - means IT data, in particular small text files, recorded and stored on the devices through which the User accesses the Website.
Administrator Cookies - means Cookies placed by the Administrator, related to the provision of electronic services by the Administrator through the Website.
External Cookies - means Cookies placed by the Administrator's partners, through the website of the Service.
Service/Website - means the website: https:// martagallery.com
Profiling - means a form of automated processing of personal data which involves the use of personal data to evaluate certain personal factors of an individual, in particular to analyse or predict aspects concerning personal preferences and interests.
User - means any person visiting the Website, using a computer, tablet, phone or mobile device and the Internet.
II. Legal basis for the processing of User data and its scope
1. Personal data collected by the Administrator shall be processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as 'GDPR'), the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000) and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2017, item 1219, as amended).
2. The Administrator only processes personal data that the User has provided in connection with the use of the Website. The processing of Users' data takes place within the scope of:
1. to establish contact - on the basis of Article 6(1)(a) of the GDPR, i.e. on the basis of the consent given by the data subject,
2. the execution of the order (scope of data: name, surname, address, e-mail address, telephone number, optional company name if applicable) - on the basis of Article 6(1)(b) of the GDPR, i.e. for the performance of a contract to which the User is a party,
3. debt recovery - on the basis of Article 6(1)(f) of the GDPR, i.e. because the processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party,
4. fulfilment of legal obligations incumbent on the Administrator in connection with the conduct of its business activities - on the basis of Article 6(1)(c) of the GDPR, i.e. because the processing is necessary for the fulfilment of a legal obligation incumbent on the Administrator,
5. to carry out marketing activities for products or services, including the running of the newsletter - on the basis of a separately granted consent (Article 6(1)(a) GDPR),
6. to send commercial information by electronic means on the basis of a separately granted consent (Article 6(1)(a) GDPR),
7. use of telecommunications terminal equipment and automatic calling systems for direct marketing purposes in accordance with Article 172 of the Act of 16 July 2004. Telecommunications Law (Journal of Laws of 2017, item.1907 as amended) - on the basis of separately granted consent.
3. Viewing the content of the Website does not require the provision of personal data other than automatically acquired information about your connection parameters.
III. Lawfulness of processing and application of appropriate safeguards
1. The Administrator shall process the data lawfully, collect them for designated legitimate purposes and not subject them to further processing incompatible with those purposes. Data are collected only to the extent that is adequate, necessary in relation to the purposes for which they are processed. The Users' personal data may be transferred by the Administrator to third parties who may be interested in concluding a contract with the User, the detailed content of which will be determined directly between the User and the third party.
2. The Administrator does not process special categories of personal data.
3. The Administrator makes every effort to protect the Users' personal data from unauthorised access by third parties and, in this respect, applies organisational and technical security measures at a high level. The Administrator shall not make personal data available to any unauthorised recipients in accordance with the mandatory legal provisions in this regard. The Administrator may entrust another entity, by means of a written agreement, with the processing of personal data on behalf of the Administrator. Data may be made available to entities entitled to receive them under mandatory legal provisions.
4. The Administrator uses server, connection and Service security. All connections related to the execution of electronic payments by the Users, if such an option is selected, will take place via a secure encrypted SSL connection. However, the measures taken by the Administrator may not be sufficient if Users fail to comply with the security rules.
IV. Automatic processing of personal data (profiling)
1. In order to provide the most advantageous, tailored, personalised offer to its Users and for the purposes necessary for the conclusion or performance of a contract between the data subject and the Administrator, and in the event of the data subject's express consent, the Administrator may use Profiling.
2. In the case of processing for direct marketing purposes including Profiling, processing based on the legitimate interests of the Administrator, for scientific, historical and statistical research purposes, data subjects have the right to object on grounds relating to the particular situation of the data subject. The Administrator shall not take a decision which is based solely on automated processing, including Profiling, and materially affects the data subject. The Administrator shall implement appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, at least the right to obtain human intervention on the part of the Administrator, to express one's point of view and to contest a decision resulting from automated processing.
V. Length of processing of personal data
1. Personal data will be processed for a period of:
1. necessary for the performance of the contracts concluded through the Website, including after their execution due to the parties' ability to exercise their contractual rights, as well as for the possible assertion of claims - until the expiry of the limitation period for claims;
2. until such time as you withdraw your consent or object to the processing of your data - in cases where your personal data are processed on the basis of a separate consent.
2. The Administrator shall also store Users' personal data where this is necessary to comply with its legal obligations, resolve disputes, enforce User obligations, maintain security, prevent fraud and abuse.
VI. User rights
1. The Administrator shall ensure that the Users exercise the rights referred to in point. 2 below. In order to exercise the rights, it is necessary to send an appropriate request (relevant request) by e-mail to: email@example.com
2. The User has the right to:
1. access to the content of the data - in accordance with Article 15 GDPR,
2. to rectify/update the data - in accordance with Article 16 GDPR,
3. deletion of data - in accordance with Article 17 GDPR,
4. restriction of data processing - in accordance with Article 18 GDPR,
5. data portability - in accordance with Article 20 GDPR,
6. to object to the processing of the data - in accordance with Article 21 GDPR,
7. to withdraw the consent given at any time, whereby the withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal – in accordance to Article 7(3) GDPR,
8. to lodge a complaint with a supervisory authority - in accordance with Article 77 GDPR.
3. The Administrator shall consider the submitted requests immediately, but no later than within one month of their receipt. However, if - due to the complicated nature of the request or the number of requests - the Administrator will not be able to consider the User's request within the indicated time limit, the Administrator shall inform the User about the intended extension of the time limit and indicate a time limit for the consideration of the request, but not longer than 2 months.
4. The Administrator shall notify the rectification or erasure of the personal data or the restriction of the processing it has carried out in accordance with the User's request to any recipient to whom the personal data have been disclosed, unless this proves impossible or involves a disproportionate effort.
VII. Provision of information
1. In order to perform the contract, the Administrator may share the data collected from Users with entities including, in particular: employees, co-workers, entities providing legal services to the Administrator, IT services, operators of online payment systems, accounting office keeping the Administrator's books, third parties, by which is meant a Partner or Contractor, as defined in the Terms and Conditions of Service.
2. In such cases, the amount of data provided is limited to the required minimum. Furthermore, the information provided by Users may be made available to the competent public authorities if required by applicable law.
3. To recipients not mentioned above, the personal data processed shall not be made available externally in a form that would allow any identification of Users, unless the User has given his/her consent.
4. Users' personal data will not be transferred to countries outside the European Economic Area.
VIII. Cookies and how they are used
1. When using the Website, small files are stored on the User's terminal equipment, in particular text files which contain information to remember login data, last selected products, products in the User's basket (hereinafter: "cookies"). Cookies also allow the collection of statistical data referred to in point 2 below.
2. Cookies do not contain any data identifying a User, which means that it is not possible to establish a User's identity from them. The cookies used by the Website are not in any way harmful to the User or the device and do not interfere with the User's software or settings.
3. The cookie system does not interfere with the operation of the User's computer and can be deactivated.
4. Cookies enable:
1. maintaining a User session (after logging in) so that the User does not have to re-enter his/her Login and Password on each sub-page of the Website;
2. creation of viewing statistics for sub-pages of the Website.
5. We would like to remind you that, as a general rule, browsers are set by default to allow the storing of cookies.
6. If the User does not agree to these files being stored on the terminal device, the User should change the settings of the Internet browser he/she is using.
7. Preventing cookies from being stored can consist of:
1. not to save cookies on your terminal equipment;
2. informing the User each time a cookie is stored on the device; deleting files after using the Website.
8. In order to use the option that is appropriate for you, please refer to the information on cookie management, which can usually be found in the "Settings" of your browser or in the "Help" section.
9. The Administrator informs that in the event that files are necessary for the operation of the Website, limiting their use may hinder the use of the Website.
IX. Amendment of the privacy and cookies policy
1. The Administrator is entitled to amend this document, of which the User will be notified in a manner enabling him/her to become acquainted with the changes before they come into force, e.g. by posting relevant information on the main pages of the Service, and in the case of significant changes also by sending a notification to the e-mail address indicated by the User.
2. Your continued use of the Website after the publication or dispatch of a notification of changes to this document shall be deemed to be your consent to the collection, use and sharing of your personal data according to the updated content of the document.
3. This document does not limit any of your rights under generally applicable law.