1.1. Controller of personal data of users visiting Webpage and Store, including Buyers and Users, is the Towarzystwo Elektrotechnologiczne Qwerty Sp. z o.o. with the registered office in Lodz 94-250, ul. Siewna 21, entered into the Business Register of the National Court Register, entry number 0000035962, NIP [Taxpayer ID Number]: 7250009721; REGON [National Business Registry Number]: 008069250 (‘Controller’).
1.2. Controller processes the personal data in compliance with provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as ‘GDPR’).
2. Collected Data
Collected personal data include: given name and surname, name (company), business address or address of residence, delivery address, telephone number, e-mail, country, User’s login and password, IP address of a computer from which the registration was conducted or the order was placed. Personal data are collected at User’s registration and while completing the Order form.
3. Data Processing Purpose
Data shall be processed for the purposes such as:
3.1. Providing service in form of an Account with our Store – throughout the period of maintaining the Account on behalf of the User, until the User’s Account is deleted at their request – based on Art. 6 par. 1(b) GDPR;
3.2. Conclusion and execution of contract for the sales of goods through the Store – until the execution of the contract is completed – based on Art. 6 par. 1(b) and Art. 9 par. 2(h) GDPR;
3.3. Compliance with a legal obligation to which the Controller is subject, in particular resulting from the commercial law and tax law – by the period of 5 years, counting from the end of calendar year when the tax was due in relation to the conclusion and execution of the product sales contract executed through the Store, or longer if so required by the legal regulations – based on Art. 6 par. 1(c) and Art. 9 par. 2(h) GDPR;
3.4. Establishment, exercise or defence of legal claims which the Controller or Users can bring against each other (including data contained within the User Account, data concerning contracts for the sales of goods through the Store) – based on Art. 6 par. 1(f) and Art. 9 par. 2 (h) GDPR – within the limitation periods, defined under the laws;
3.5. Sending of newsletter with information content regarding new products offered by the Controller – until the consent is withdrawn – based on Art. 6 par. 1(a) GDPR;
4. Voluntary submission of data, consent to processing
4.1. Data submission shall be voluntary. However, data submission is necessary for the purpose of Registration or placement and execution of the Order.
4.2. User can submit their personal data, and at the same time refuse to give their consent for data processing for the purpose of receiving the newsletter.
4.3. In case the consent was given to process the User’s data for the aforementioned purposes, User can withdraw their consent at any time, by contacting Customer Service at email@example.com. Consent for receiving the newsletter can also be revoked by clicking an appropriate link, included in any newsletter. Withdrawal of the consent does not affect the compliance with the right to data processing, executed on the basis of the consent prior to its withdrawal.
5. Rights associated with processing of personal data
5.1. Anyone, whose personal data is processed, shall have the right to access their personal data, its rectification, deletion or right to object to the processing (if permissible under the applicable law), restriction of processing, as well as the right to transfer their data. Any person, whose data is processed, shall also have the right to lodge a complaint with the personal data protection authority.
5.2. User can contact the Data Protection Inspector at: firstname.lastname@example.org
5.4. Controller can refuse to delete the Data, if there are clear indications resulting from the legal regulations.
6. Protection of Data
6.1. Administrator and Processors shall take appropriate technical and organisational measures in order to ensure protection of processed data, and in particular to protect the data from disclosure to unauthorised parties, processing with violation of law and modification, loss, damage or destruction.
6.2. Only persons authorised by the Controller are allowed to process User’s data within the Controller’s organisation.
7.1. Data can be made available to entities authorised to receive it under the applicable legal regulations, including competent judicial authorities. Controller shall transfer the collected personal data to the government authorities, law-enforcement authorities and judicial authorities at their explicit request and only in situations defined law.