fbpx
$0,00 Cart
$0,00 Cart

Privacy Policy

of online shop Chrapamimalowane.pl

Introduction

This document – issued on the basis of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance) – hereinafter referred to as RODO or General Regulation, and the Act of May 10, 2018, on the protection of personal data (Journal of Laws Item 1000), hereinafter referred to as the Act – is referred to in common language as Privacy Policy.

 

In order to carry out the services specified in the Regulations of the Snoopy Painted store and to protect the fundamental rights and freedoms of all natural and legal persons using the service, in particular, their right to the protection of personal data, the principles of processing information on the Users of the service have been regulated.

 

The types of personal data collected, collected and processed result from the way in which one uses the service – and thus provides certain information (personal data) to the Personal Data Administrator. At each stage, personal data are subject to the protection required by law and the data subject has a number of rights related to the processing of their data, about which this document is about.

 

Who collects, collects and processes personal data:

 

The administrator of the www.chrapamimalowane.pl website is the administrator of the personal data, i.e.

 

Centaurus Foundation Fund with its registered office in Wroclaw, 6-8 Walbrzyska Street, 52-314 Wroclaw, entered in the register of associations, social and professional organizations, foundations and independent public health care institutions kept (entity also entered in the register of entrepreneurs) in the National Court Register by the District Court in Wroclaw, VI Economic Department of the National Court Register under the number KRS 0000278299, REGON: 140974200, NIP: 8943068607.

 

Contact:

kontakt@chrapamimalowane.pl

Mailing address – to the address of the registered office

Contact the personal data inspector:

e-mail biuro@kancelarie-warszawa.com.pl

correspondence address – Law Office, 4/20B Biała St., 00-895 Warsaw.

 

What data are processed:

 

All information and data are provided by Users voluntarily when using the site, e.g. when registering, one fills in the appropriate fields of the registration form and accepts it. The administrator of the service sends a message to the email address provided, containing a link, the acceptance of which is tantamount to consent to the processing of personal data under the terms of the Personal Data Protection Policy and Privacy Policy.

 

If the User makes a purchase within the framework of paid public benefit activities on the site we process :

name,

mailing address,

e-mail address.

If the User has agreed to receive (e.g. newsletter), the User’s email address is processed.

If the User contacts the Administrator of the site process may be:

name,

mailing address,

e-mail address,

telephone number

– depending on the method of contact.

We process data from cookies stored on your device.

 

Legal basis for processing personal data:

 

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)

Act of May 10, 2018, on the protection of personal data (Journal of Laws, item 1000).

 

The legality of processing:

 

Article 6 of the RODO

Processing is lawful only if, and to the extent that, one or more of the following conditions are met:

 

  1. the data subject has consented to the processing of his or her personal data for one or more specified purposes;
  2. processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject prior to entering into a contract;
  3. processing is necessary for the fulfilment of a legal obligation incumbent on the controller;
  4. processing is necessary to protect the vital interests of the data subject or another natural person;
  5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority vested in the controller;
  6. processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

 

Subparagraph (f) of the first paragraph shall not apply to processing carried out by public authorities in the performance of their tasks.

 

Conditions for consent:

 

Article 7 of the RODO

 

  1. If processing is based on consent, the controller must be able to demonstrate that the data subject has consented to the processing of their personal data.
  2. If the data subject gives his or her consent in a written statement that also concerns other matters, the request for consent must be presented in a way that makes it clearly distinguishable from the other matters, in an understandable and easily accessible form, in clear and simple language. The part of such a statement by the data subject in violation of this Regulation shall not be binding.
  3. The data subject has the right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. The data subject is informed of this before he or she gives consent. Withdrawal of consent must be as easy as giving consent.
  4. In assessing whether consent has been given voluntarily, the greatest possible consideration shall be given to whether, among other things, the performance of a contract, including the provision of a service, is conditional on consent to data processing, if the processing of personal data is not necessary for the performance of that contract.

 

Conditions for the child’s consent in the case of information society services.

 

Article 8 RODO

 

  1. If Article 6(1)(a) applies, in the case of information society services offered directly to a child, it is lawful to process the personal data of a child who has reached the age of 16. If the child is under 16, such processing is lawful only in cases where consent has been given or approved by the person with parental authority or custody of the child, and only to the extent of the consent given.

 

European Union member states may provide in their law a lower age limit, which must be at least 13 years old.

 

  1. In such cases, the administrator, taking into account available technology, shall make reasonable efforts to verify that the person with parental authority or custody of the child has consented or approved.
  2. 1 does not affect general provisions of contract law of the Member States, such as provisions on the validity, conclusion or effect of a contract with respect to a child.

 

Processing of special categories of personal data

 

Article 9 of the RODO

  1. The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning that person’s health, sexuality or sexual orientation is prohibited.
  2. 1 does not apply if one of the following conditions is met:
  3. the data subject has given his or her explicit consent to the processing of such personal data for one or more specific purposes unless Union or Member State law provides that the data subject may not waive the prohibition referred to in paragraph 1;
  4. processing is necessary for the fulfilment of obligations and the exercise of specific rights by the controller or the data subject in the fields of labour law, social security and social protection, insofar as authorized by Union law or Member State law, or by a collective agreement under Member State law providing for adequate safeguards for the fundamental rights and interests of the data subject;
  5. the processing is necessary to protect the vital interests of the data subject or another natural person, and the data subject is physically or legally incapable of giving consent;
  6. the processing is carried out within the framework of legitimate activities carried out with appropriate safeguards by a foundation, association or other non-profit entity with political, philosophical, religious or trade union purposes, provided that the processing concerns only members or former members of the entity or persons in regular contact with it in connection with its purposes, and that the personal data are not disclosed outside the entity without the consent of the data subjects;
  7. the processing relates to personal data obviously made public by the data subject;
  8. the processing is necessary for the establishment, investigation or defence of claims or in the exercise of justice by the courts;
  9. the processing is necessary for reasons of substantial public interest, on the basis of Union law or Member State law, which are proportionate to the aim pursued, do not prejudice the essence of the right to data protection and provide for adequate and specific measures to protect the fundamental rights and interests of the data subject;
  10. the processing is necessary for the purposes of preventive health or occupational medicine, assessment of the employee’s fitness for work, medical diagnosis, provision of health care or social security, treatment or management of health care or social security systems and services on the basis of Union or Member State law or in accordance with a contract with the health care professional and subject to the conditions and safeguards referred to in paragraph 3;
  11. the processing is necessary for reasons of public interest in the field of public health, such as to protect against serious cross-border health threats or to ensure high standards of quality and safety of healthcare and medicinal products or medical devices, on the basis of Union or Member State law, which provides for appropriate specific measures to protect the rights and freedoms of data subjects, in particular, professional secrecy;
  12. the processing is necessary for archival purposes in the public interest, scientific or historical research, or statistical purposes in accordance with Article 89(1), on the basis of Union or Member State law, which is proportionate to the designated purpose, do not prejudice the essence of the right to data protection, and provide for appropriate specific measures to protect the fundamental rights and interests of the data subject.

 

User rights – what can be requested:

 

Information provided when collecting data from the data subject

If the personal data of a data subject is collected from the data subject, the controller shall provide the data subject with all of the following information when obtaining the personal data:

  1. his or her identity and contact information and, where applicable, the identity and contact information of his or her representative:

 

Centaurus Foundation Fund with its registered office in Wrocław, Wałbrzyska Street No. 6-8, 52-314 Wrocław, entered in the register of associations, other social and professional organizations, foundations and independent public health care institutions kept (entity also entered in the register of entrepreneurs) in the National Court Register by the District Court in Wrocław, VI Economic Department of the National Court Register under KRS No. 0000278299, REGON: 140974200, NIP: 8943068607,

 

  1. when applicable – contact details of the Data Protection Officer:

 

e-mail – biuro@kancelarie-warszawa.com.pl

correspondence address – Kancelaria Adwokacka, 4/20B Biała St., 00-895 Warsaw,

 

  1. purposes of personal data processing, and legal basis for processing:

 

– on the basis of Article 6(1)(a) of the RODO, i.e. on the basis of expressed consent to the processing of personal data (e.g. acceptance of the Regulations),

– on the basis of Article 6(1)(b) RODO i.e. when processing is necessary for the performance of a contract to which the data subject is a party (e.g. contracts concluded with the Service Administrator),

– on the basis of Article 6(1)(c) RODO i.e. when processing is necessary for the fulfilment of a legal obligation (e.g. obligation of public authorities),

– on the basis of Article 6(1)(e) RODO i.e. when processing is necessary for the performance of a task carried out in the public interest (e.g. informing about the statutory goals of the Service Administrator, informing about collections, appeals for help),

– on the basis of Article 6(1)(f) RODO i.e. when processing is necessary for the purposes of the legitimate interests pursued by the Administrator,

 

  1. information about recipients of personal data or categories of recipients, if any:

 

the recipients of personal data – other than the Administrator – will be only entities authorized to obtain personal data under the law,

 

  1. the period for which personal data will be stored, and when this is not possible, the criteria for determining this period:

– processing on the basis of Article 6(1)(a) of the RODO – until withdrawal of consent,

– processing on the basis of Article 6(1)(b) RODO – for a period of 6 years / or based on the legitimate interest pursued by the controller for a longer period,

– processing on the basis of Article 6(1)(c) RODO – for a period of 50 years,

– processing on the basis of Article 6(1)(e) RODO – for a period of 5 years or until the withdrawal of consent,

– processing on the basis of Article 6(1)(f) RODO – for a period of 5 years or until the withdrawal of consent, information on automated decision-making, including profiling, data will be processed by automated means, including profiling.

 

User rights – what can be requested:

 

  1. The User has the right to demand from the Service Administrator access to personal data concerning the data subject.
  2. The User has the right to demand from the Service Administrator the rectification of his/her personal data processed by the Service Administrator.

 

The data subject has the right to demand from the Service Administrator the immediate rectification of personal data concerning him/her that is inaccurate. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by providing an additional statement.

 

  1. The user has the right to demand from the Service Administrator the deletion of his/her personal data processed by the Service Administrator.

 

The Data Subject has the right to demand from the Administrator the immediate deletion of the personal data concerning him/her, and the Administrator is obliged to delete the personal data without undue delay if one of the following circumstances applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

 

  1. the data subject has withdrawn the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a), and there is no other legal basis for the processing;
  2. the data subject objects under Article 21(1) to the processing and there are no overriding legitimate grounds for the processing or the data subject objects under Article 21(2) to the processing;
  3. the personal data has been processed unlawfully;
  4. the personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the controller is subject;
  5. the personal data were collected in connection with the offering of information society services referred to in Article 8(1).

 

The user has the right to request the Service Administrator to restrict the processing of his/her data processed by Service Administrator,

The data subject has the right to request from the Controller the restriction of processing in the following cases:

  1. the data subject questions the correctness of the personal data – for a period of time allowing the Administrator to verify the correctness of the data;
  2. the processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead a restriction on its use;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are needed by the data subject to establish, assert or defend claims;
  4. the data subject has objected under Article 21(1) to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds for the data subject’s objection.

 

You have the right to object to the processing of your personal data.

The data subject has the right to object at any time – on grounds relating to his or her particular situation – to the processing of personal data concerning him or her based on Article 6(1)(e) or (f), including profiling under these provisions. The controller shall no longer be allowed to process such personal data unless the controller demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.

Join our newsletter!

The only certified and unique paintings in Poland, painted by the Centaurus Foundation’s pupils. The official shop of the Centaurus Foundation.

Facebook-f
Instagram
Youtube
  • English
  • Polish

Shop

Painted with Snores

More