Data controller responsible for personal data processing is:
SISCOM S.C. Didyk, Siwek
ul. Bysewska 30
80-298 Gdańsk
[email protected]
Thank you for showing interest in our online shop. Protection of your privacy is very important for us. Below you can find detailed information on the way we handle your data.
1. Access data and hosting
Our websites can be accessed without providing personal data. Every time a website is called up, the server automatically records only the so-called server logs, e.g., name of requested file, your IP address, date and time of call-up, amount of transferred data and the requesting Internet service provider (so-called access logs) and it documents website call-up.
These data are analysed only for the purpose of ensuring proper functioning of our website and improving our offer. According to Article 6(1)(f) of the GDPR, the above serves to secure our legitimate interest consisting in optimal and proper presentation of our websites and offer. All access data are deleted within seven days from the end of your visit to the website.
Hosting
Hosting and website display services are partially provided on our behalf by our service providers within data processing entrustment. Unless this Privacy policy states otherwise, all access data and data collected in forms provided for this purpose on our website shall be processes on their servers. In case of any questions concerning our service providers and grounds of our cooperation, please contact us. Our contact details can be found in section “Our contact details and your rights.”
2. Data collection and processing for the purpose of agreement execution, contact and creating a customer account
We collect personal data only when you voluntarily provide them to us by placing an order or contacting us (e.g., via a contact form or e-mail). Mandatory fields are marked as such because the data they contain are necessary for the performance of the contract or handling of the matter on which you are contacting us. Without providing these data we are not able to finalise an order or contact you. What data are collected results directly from the forms where they are entered. We use the data provided by you according to Article 6(1)(b) of the GDPR in order to execute an agreement and answer your queries. Moreover, if pursuant to Article 6(1)(f) of the GDPR you will give consent to create a customer account – we will process your personal data that are necessary for this purpose. Further information on the processing of your data, in particular on the transfer of data to our service providers for order, payment and dispatch processing, can be found in the following sections of this Privacy policy.
After complete execution of an agreement or deleting your customer account, processing of your personal data shall be limited, while after expiry of data storage periods stipulated in tax regulations and accounting act, these data shall be deleted (Article 6(1)(c) of the GDPR), unless you agree to further use of these data (Article 6(1)(a) of the GDPR) or, pursuant to applicable law, we will reserve the right to further use the data for other purposes, of which, in such a case, you are informed in this Privacy policy. Your customer account can be deleted any time. For this purpose, please send us a message to our contact address indicated in section “Our contact details and your rights” or use relevant functionality in your customer account settings.
Goods management system
For order processing and agreement execution we also use a third party goods management system. Our service providers provide services for us in this regard under a data entrustment agreement. In case of any questions concerning our service providers and grounds of our cooperation with them, please contact us. Our contact details can be found in section “Our contact details and your rights”.
3. Transfer of data in order to execute delivery
In order to execute an agreement (Article 6(1)(b) of the GDPR) we pass on your data to a forwarding company contracted to deliver the ordered products.
4. Transfer of data in order to execute payment
In order to execute payments in our online shop we cooperate with third party service providers who process electronic online payments, and we pass on your data to payment processing company that you choose on order placement. This serves to execute the agreement (Article 6(1)(b) of the GDPR).
Data processing to prevent fraud and optimise payments
In some cases, we may share with our service providers some additional information that may be used by them together with information necessary for payment processing. Then, these service providers act as processors on our behalf and provide us with services for fraud prevention and optimisation of payment processes (e.g., invoicing, analysis of contested payments, accounting support). Pursuant to Article 6(1)(f) of the GDPR, this serves our legitimate interests in protecting against fraud and abuse and efficient payments management.
5. Marketing channels: electronic mail (e.g., newsletter)
Advertisement sent by e-mail after newsletter subscription
If you subscribe to our newsletter, we will use the data you provide us with to send you our newsletter electronically on a regular basis on the basis of your consent (Article 6(1)(a) of the GDPR). You can opt out from the newsletter any time by sending a message to our contact address indicated in section “Our contact details and your rights”, or by using a relevant link in the newsletter. Once you opt out, we will delete your e-mail address, unless you give your explicit consent for further use of your data in other purposes or we reserve the right to use those data in cases permitted by law, of which, in such a case, you are informed in this Privacy policy.
Sending the newsletter
The newsletter is sent as part of the outsourcing of data processing on our behalf by an external service provider. In case of any questions concerning our service providers and grounds of our cooperation with them, please contact us. Our contact details can be found in section “Our contact details and your rights”.
Sending an invitation to share your opinion on your purchase
If during or after placing an order you have agreed to that (pursuant to Article 6(1)(a) of the GDPR), we will use your e-mail address to send you an electronic invitation to comment on a purchase made in our shop. Sending comments/reviews takes place via our review system. You can withdraw your consent any time by sending a message to our contact address indicated in section “Our contact details and your rights”, or by using a relevant link in the invitation message.
6. Use of cookies and similar technological tools for web analytics and marketing purposes
If you have given your consent to do so (Article 6(1)(a) of the GDPR), we use cookies and other similar technological tools of external service providers indicated below on our website. Once the purpose of the processing has been fulfilled and the use of a particular technological tool has ended, the data collected through the use of these tools will be deleted. You can withdraw your consent at any time. Details on withdrawing consent and your right to object can be found in section “Cookies and similar technologies”. Further information can be found on the websites of specific service providers. In case of any questions concerning our service providers and grounds of our cooperation with them, please contact us. Our contact details can be found in section “Our contact details and your rights”.
Use of Google services
We use the below technological tools provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland („Google”). The information collected automatically by Google technologies regarding the use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. The European Commission has not issued a decision on the adequate level of data protection for the U.S. Our cooperation is based on standard data protection clauses adopted by the European Commission. In the event that your IP address is processed when using Google’s technology tools, your address will be shortened before being saved on Google’s servers by enabling IP anonymisation. Only in exceptional cases your full IP address will be sent to Google server and shortened there. Unless otherwise specified for individual Google technologies described in this Privacy policy, the processing of data takes place on the basis of a data co-controlling agreement concluded with Google in accordance with Article 26 of the GDPR. More details on data processing by Google can be found in privacy policy on Google’s website.
Google Analytics
For the purpose of analysing the use of our website, we use Google Analytics, a web analytics tool from Google, which automatically processes your data for this purpose (IP address, time of visit, device and browser information, as well as information regarding the use of our website) and generates a pseudonymised user profile on the basis of these data. Cookies can be used for this purpose. As a rule, your IP address is not linked with other data collected by Google. Data processing in Google Analytics takes place based on data entrustment agreement concluded with Google.
In order to optimise our website, offer and make it more attractive, we have also enabled data sharing settings for “Google products and services.” This enables Google to access data that are collected and processed in Google Analytics and to use them in order to improve products and services provided by Google. Sharing data with Google for this purpose takes place based on additional agreement concluded between data controllers. We have no influence on further data processing by Google.
Google Ads
We use Google Ads to promote our website in search results and on third party websites. For this purpose, when you visit our website, a Google remarketing cookie will be automatically stored on your device, which allows the display of advertisements matching your interests on the basis of the pages you visit, by processing your data (IP address, time of visit, device and browser information, as well as information regarding the use of our website) by means of a pseudonymous identifier (ID). Further data processing takes place only if you have enabled ad personalization feature in your Google account settings. In such case – if you are simultaneously logged in to Google during your visit to our website, Google will use your data together with the data collected by Google Analytics to create and define so-called target group lists for remarketing purposes on different devices.
Use of Facebook services
Facebook Analytics
With Facebook Analytics, statistics on user activity on our site are generated on the basis of data concerning your use of our site which are collected by means of the Facebook Pixel tool. Data processing by Facebook takes place based on data entrustment agreement. Data analysis (statistics on website use) serves to optimise our website and make it more attractive.
Facebook Ads
Facebook Ads allows us to advertise our website on Facebook and other platforms. We set the parameters of a given advertising campaign. Facebook is responsible for accurate implementation, and in particular for the decision to display a particular advertisement to given users. Unless otherwise specified for individual features and tools, the processing of data takes place on the basis of a data co-controlling agreement in accordance with Article 26 of the GDPR. Joint liability is limited to data collection and transfer to Facebook Ireland. It does not cover further data processing by Facebook Ireland.
7. Social media
Social media
Social media plug-ins (buttons) Facebook
Our website uses the so-called social media plug-ins (buttons). These plug-ins are available via a HTML link, which ensures that during your visit to our website which contains such plug-ins (buttons) no automatic, direct connection is established with the servers of a given social media service operator. Once you click on one of these buttons (plug-ins), your browser will open a new window displaying a website of a given social media service where you can confirm your use of a given button, e.g. “Like” or “Share”.
Our activity in social media: Facebook, Instagram
If you have given your consent in this regard to a given social media portal (Art. 6(1)(a) of the GDPR), when you visit our account/profile on this social media portal, your data will be automatically collected and stored for web analytics and marketing purposes. Based on these data pseudonymised user profiles are created. They can be used, for example, to place so-called personalised advertisements that probably match your interests within and outside of these social media portals. Usually, cookies are used for this purpose.
Please refer to the privacy policies of the individual social media services linked below for detailed information on the processing and use of your data, as well as information on your rights and the configuration of your privacy settings and contact details for your enquiries. You can also contact us, should you need assistance in this area.
Facebook is a social media service offered by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”). Automatically processed data concerning your activity and usage of our Fan Page on Facebook are usually sent to Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA server and saved there. The European Commission has not issued a decision on the adequate level of data protection for the U.S. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing within your visits to our Facebook Fan Page takes place pursuant to Article 26 of the GDPR, on the basis of joint arrangements between the co-controllers which can be found here. Further information concerning data processing within your visits to our Facebook Fan Page (information on page statistics features) can be found here.
Instagram is a social media service offered by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Facebook Ireland”). Automatically processed data concerning your activity and usage of our Fan Page on Instagram are usually sent to Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA server and saved there. The European Commission has not issued a decision on the adequate level of data protection for the U.S. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing within your visits to our Instagram Fan Page takes place pursuant to Article 26 of the GDPR, on the basis of joint arrangements between the co-controllers which can be found here. Further information concerning data processing within your visits to our Facebook Fan Page (information on page statistics features) can be found here.
8. Our contact details and your rights
Data subjects have the following rights:
- pursuant to Article 15 of the GDPR: the right to be informed about the processing of data within the scope of this Article;
- pursuant to Article 16 of the GDPR: the right to rectify your inaccurate or incomplete personal data;
- pursuant to Article 17 of the GDPR: so-called “right to be forgotten”, meaning the right to erase your personal data stored with us, insofar as their further processing is not necessary:
- to exercise the right of freedom of speech and information;
- to fulfil a legal obligation;
- due to public interest;
- to establish, pursue or defend claims;
- pursuant to Article 18 of the GDPR: the right to restrict processing of personal data if:
- you question the accuracy of these data;
- the processing is illegal, and you object to data erasure;
- we no longer need the personal data, but you need them to establish, pursue or defend claims;
- you have objected to the processing, pursuant to Article 21;
- pursuant to Article 20 of the GDPR: the right to receive the data provided to us in a structured, commonly used and machine-readable format and to transmit it to another controller;
- pursuant to Article 77 of the GDPR: the right to lodge a complaint with supervisory authority (the President of the Office for Personal Data Protection “OPDP”).
If you have any questions about the collection, processing and use of your personal data, or if you wish to request information, rectification, restriction of processing or erasure of your data, or if you wish to revoke your consent or object to the use of certain data, please contact the data controller indicated at the beginning of this Privacy policy directly.
The right to object
If we process personal data in the manner described in this privacy policy in order to safeguard our legitimate interests, then you may object to the processing of your data for this purpose – with future effect. If the processing is for the purpose of direct marketing, you can exercise your right to object any time. If the processing is carried out for other purposes, you only have the right to object on grounds relating to your particular situation. Once you have exercised your right to object, we will not continue to process your personal data unless we demonstrate that there are compelling legitimate grounds for the processing and they override your interests and rights, or if the processing is for the assertion, exercise or defence of legal claims.
The above sentence does not apply if the processing is carried out for the purpose of direct marketing. In such case, once you have exercised your right to object, we will not continue to process your personal data.