The website functions to obtain information about the user and their behavior in the following way:

• by covering fees in information;
• by saving in final cookies (so-called “cookies”);
• by collecting web server logs by the website’s hosting operator (necessary for the proper operation of the website).

DEFINITIONS

1. Administrator - Marcin Kordacki running a business under the name Marcin Kordacki, with a permanent place of business in the province. Pomeranian, poviat pucki commune Kosakowo, places. Dębogórze, Sezamkowa, no. 12, lok. 2, 81-198, post office Kosakowo, with delivery address: voivodeship. POMORSKIE, poviat pucki commune Kosakowo, places. Dębogórze, Sezamkowa, no. 12, lok. 2, 81-198, post office Kosakowo, NIP no.: 7772600092, REGON no.: 301271105, e-mail address: [email protected], telephone: +48 606 229 937;Polityka - niniejsza Polityka prywatności;
2. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
3. Website - website run by the Administrator at www.kordacki.com, within which the Administrator’s Online Store operates.
4. User - any natural person visiting the Website or using one or more services or functionalities described in the Policy.
5. Personal data - means any information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, the economic, cultural or social identity of the individual;
6. Profiling - means any form of automated processing of personal data, which involves the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or predict aspects regarding the effects of work of this natural person, his or her economic situation, health, personal preferences, interests , reliability, behavior, location or movement;
7. Categories of personal data - The Administrator will process the following data: contact information: e-mail, telephone number, name and surname/company, country, product shipping address, IP number or other identifiers and information collected via cookies or other similar technologies.

PURPOSES AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA ON THE WEBSITE

Using the website.

Personal data of all persons using the Website (including the IP address or other identifiers and information collected via cookies or other similar technologies) are processed by the Administrator for the following purposes.

Personal data is processed for the following purposes:

PURPOSE OF PROCESSING	LEGAL BASIS
In order to provide services electronically in the scope of making content collected on the Website available to Users.	The legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR)
For analytical and statistical purposes.	The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting analyzes of Users’ activities as well as their preferences in order to improve the functionalities used and the services provided.
In order to possibly determine and pursue claims or defend against claims.	The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in the protection of his rights;

Server logs.

The User’s activity on the Website, including his/her Personal Data, is recorded in system logs (a special computer program used to store a chronological record containing information on events and activities related to the IT system used to provide services by the Administrator).

The information collected in the logs is processed primarily for purposes related to the provision of services. The above data is not associated with specific people viewing the websites - within the meaning of the law they are anonymous. The above data are used only for server administration purposes. The Administrator also processes them for administrative and technical purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes - in this respect, the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) GDPR).

Registration on the website.

• Providing data marked as mandatory is required to set up and operate a User account, and failure to provide them results in the inability to set up an account.
• Providing other data is voluntary.
• Users who register on the Website are asked to provide the data necessary to create and operate an account.
• In order to facilitate service, the User may provide additional data, thereby consenting to their processing. Such data can be deleted at any time.

Personal data is processed for the following purposes:

PURPOSE OF PROCESSING	LEGAL BASIS
In order to provide services related to maintaining and servicing an account on the Website.	The legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR).
For analytical and statistical purposes.	The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting analyzes of Users’ activities as well as their preferences in order to improve the functionalities used and the services provided.
In order to possibly determine and pursue claims or defend against claims.	The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in the protection of his rights;

If the User posts any personal data of other persons on the Website (including their name and surname, address, telephone number or e-mail address), he or she may do so only provided that the law and personal rights of these persons are not violated.

Placing orders.

• Placing an order (purchase of a Product) by the Website User involves the processing of his Personal Data.
• Providing data marked as mandatory is required to accept and process the order, and failure to provide it results in the order not being processed.
• Providing other data is optional.

Personal data is processed for the following purposes:

PURPOSE OF PROCESSING	LEGAL BASIS
In order to process the placed order.	The legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR).
W celu realizacji obowiązków ustawowych ciążących na Administratorze, wynikających w szczególności z przepisów podatkowych i przepisów o rachunkowości.	In order to fulfill the statutory obligations imposed on the Administrator, resulting in particular from tax regulations and accounting regulations.
In order to possibly determine and pursue claims or defend against claims.	The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in the protection of his rights.
For analytical and statistical purposes.	The legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in conducting analyzes of Users’ activity on the Website, as well as Users’ purchasing preferences in order to improve the functionalities used.

Contact forms.

The administrator provides the opportunity to contact him using electronic contact forms.

• Providing data marked as mandatory is required to accept and handle the inquiry, and failure to provide it results in the inability to process it. Providing other data is voluntary.
• Using the form requires providing Personal Data necessary to contact the User and answer the inquiry.
• The user may also provide other data to facilitate contact or handling of the inquiry.

Personal data is processed for the following purposes:

| PURPOSE OF PROCESSING | LEGAL BASIS | | To identify the sender and handle his inquiry sent via the form provided. | The legal basis for processing is the necessity of processing to perform a contract for the provision of a service (Article 6(1)(b) of the GDPR); in the scope of optional data, the legal basis for processing is consent (Article 6(1)(a) of the GDPR). |

Social networking sites (Facebook, YouTube, Twitter, Google+).

• The Administrator processes Personal Data of Users visiting the Administrator’s profiles on social media (Facebook, YouTube, Twitter, Google+).
• This data is processed in connection with maintaining the profile, including to inform Users about the Administrator’s activity and to promote various types of events, services and products.
• The legal basis for the processing of Personal Data by the Administrator for this purpose is his legitimate interest (Article 6(1)(f) of the GDPR), consisting in promoting his own brand.

PERSONAL DATA PROCESSING PERIOD.

• The period of data processing by the Administrator depends on the type of service provided and the purpose of processing.
• As a rule, data is processed for the duration of the provision of the service or execution of the order, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator.
• The data processing period may be extended if processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent required by law.
• After the processing period, the data is irreversibly deleted or anonymized.

DATA RECIPIENTS.

• In connection with the provision of services, Personal Data will be disclosed to external entities, in particular suppliers responsible for operating IT systems, entities such as payment operators and banks, couriers, entities providing accounting services (in connection with the execution of the order). In addition, they will be made available to the Administrator’s contractors to whom the Administrator entrusts the execution and delivery of orders for products marked with print on demand, i.e. Printful, ShineOn, Printify, Snipcart, MailChimp.

• The Administrator reserves the right to disclose selected information about the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

TRANSFER OF DATA OUTSIDE THE EEA.

The level of protection for Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary and ensuring an adequate level of protection, primarily through:

• cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the assurance of an adequate level of protection of Personal Data;
• application of standard contractual clauses issued by the European Commission;
• application of binding corporate rules approved by the competent supervisory authority;
• in the event of data transfer to the USA - cooperation with entities participating in the Privacy Shield program, approved by the decision of the European Commission.

The Administrator always informs about the intention to transfer Personal Data outside the EEA at the stage of their collection.

USER PERMISSIONS.

Users have the following rights:

• the right to information about the processing of personal data - on this basis, the Administrator will provide the User, after submitting a request, with information about data processing, including, in particular, the purposes and legal basis for processing, the scope of data held, the entities to which it is disclosed and the planned date of data deletion;
• the right to obtain a copy of the data - on this basis, the Administrator will provide the User with a copy of the processed data regarding the User submitting the request;
• the right to rectification - the Administrator is obliged to remove any possible inconsistencies or errors in the Personal Data being processed and to supplement them if they are incomplete and if they receive a request for rectification. The Administrator informs that a registered User may supplement or change his/her data in the Your account tab;
• the right to delete data - on this basis, the User may request the deletion of data whose processing is no longer necessary to achieve any of the purposes for which they were collected;
• the right to limit processing - if such a request is made, the Administrator ceases to perform operations on Personal Data - except for operations to which the User whose data concerns has consented - and to store them, in accordance with the adopted retention principles or until the reasons for limiting data processing no longer exist ( e.g. a decision of the supervisory authority will be issued authorizing further data processing);
• the right to transfer data - on this basis - to the extent that the data is processed in an automated manner in connection with the concluded contract or consent - the Administrator issues the data provided by the User to whom they concern, in a format allowing the data to be read by a computer. It is also possible to request that this data be sent to another entity, provided, however, that there are technical possibilities in this respect both on the part of the Administrator and the indicated entity;
• the right to object to the processing of data for marketing purposes - the User may at any time object to the processing of Personal Data for marketing purposes, without the need to justify such objection;
• the right to object to other purposes of data processing - the User may at any time object - for reasons related to his particular situation - to the processing of Personal Data which is carried out on the basis of the legitimate interest of the Administrator (e.g. for analytical or statistical purposes or for reasons related to protection of property); any objection in this respect should include justification;
• the right to withdraw consent - if the data is processed on the basis of consent, the User has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing carried out before its withdrawal;
• the right to complain - if it is considered that the processing of Personal Data violates the provisions of the GDPR or other provisions regarding the protection of Personal Data, the User may submit a complaint to the authority supervising the processing of Personal Data competent for the place of habitual residence of this person, his place of work or the place of the alleged commission. violations. In Poland, the supervisory authority is the President of the Personal Data Protection Office. https://uodo.gov.pl/pl/p/prezes-i-urzad.

SUBMITTING REQUESTS RELATED TO THE EXERCISE OF RIGHTS.

• A request regarding the exercise of Users’ rights can be submitted:
  • in writing to the Administrator’s address;
  • or electronically to the e-mail address: [email protected];
• The request should, as far as possible, indicate precisely what the request concerns, i.e. in particular:
  • what rights the person submitting the application wants to exercise (e.g. the right to receive a copy of data, the right to delete data, etc.);
  • what processing process the request concerns (e.g. use of a specific service, activity on a specific website, etc.);
  • what processing purposes the request concerns (e.g. marketing purposes, analytical purposes, etc.).
• If the Administrator is unable to identify a natural person based on the submitted request, he will ask the applicant for additional information. Providing such data is not obligatory, but failure to provide it will result in the request being refused.
• The request may be submitted in person or through a representative (e.g. a family member). For data security reasons, the Administrator encourages you to use a power of attorney in a form certified by a notary or an authorized legal advisor or attorney, which will significantly speed up the verification of the authenticity of the request.
• A response to the notification should be provided within one month of its receipt. If it is necessary to extend this deadline, the Administrator informs the applicant about the reasons for this action and the extension date.
• In the case where the request was sent to the Administrator electronically, the response is provided in the same form, unless the applicant requested a response in a different form. In other cases, the answer is provided in writing. If the deadline for fulfilling the request makes it impossible to respond in writing, and the scope of the applicant’s data processed by the Administrator allows contact via electronic means, the response should be provided electronically.
• The procedure for submitted applications is free of charge. Fees may only be charged if:
  • submitting a request for the second and each subsequent copy of the data (the first copy of the data is free of charge); in such a case, the Administrator may require payment of a fee of USD 180. The above fee includes administrative costs related to fulfilling the request;
  • the same person submitting requests that are excessive (e.g. extremely frequent) or clearly unjustified; in such a case, the Administrator may require payment of a fee of USD 180. The above fee includes communication costs and costs associated with taking the requested actions;

If the decision to impose a fee is questioned, the data subject may submit a complaint to the authority supervising the processing of Personal Data competent for the person’s habitual residence, place of work or place of the alleged infringement. In Poland, the supervisory authority is the President of the Personal Data Protection Office.

The Administrator does not use/uses automated processing of personal data, such as profiling, in order to adapt the offer to the Customer’s personal preferences.

SECURITY OF PERSONAL DATA.

• The Administrator conducts risk analysis on an ongoing basis to ensure that Personal Data is processed in a safe manner - ensuring, above all, that only authorized persons have access to the data and only to the extent necessary for the tasks they perform.
• The Administrator ensures that all operations on Personal Data are recorded and performed only by authorized employees and collaborators.
• The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities guarantee the use of appropriate security measures whenever they process Personal Data on behalf of the Administrator.
• The User Account on the website is password protected and only authorized persons have access to it.
• Remember that as a User, you are obliged to appropriately protect your login password to the Account on the Website against disclosure to third parties.
• Remember that the Administrator is not responsible or liable for any risk related to your disclosure to third parties of your login or password to your Account on the Website (also in the event of their improper security) or enabling the use of your Account in any other way.
• If you notice that your account on the Website has been used by an unauthorized person, or you notice any other violation of the security rules for using the Website, please notify the Administrator by sending an e-mail to [email protected] or by phone: +48 606 229 937.

CONTACT DETAILS

Contact with the Administrator is possible via the correspondence address Sezamkowa 12/2, Dębogórze 81-198 Poland, e-mail address: [email protected], telephone: +48 606 229 937.

CHANGES TO THE PRIVACY POLICY

The policy is verified on an ongoing basis and updated, if necessary.

COOKIES AND SIMILAR TECHNOLOGY.

• The website uses cookies.
• Cookies are small text files installed on the device of the User browsing the Website. Cookies collect information that facilitates the use of the website - e.g. by remembering the User’s visits to the Website and the activities performed by him/her.
• “Service” cookies - the Administrator uses the so-called service cookies primarily to provide the User with services provided electronically and to improve the quality of these services. Therefore, the Administrator and other entities providing analytical and statistical services to him use cookies to store information or gain access to information already stored in the User’s telecommunications end device (computer, telephone, tablet, etc.). Cookies used for this purpose include:
  • cookies with data entered by the User (session identifier) for the duration of the session (user input cookies);
  • o authentication cookies used for services requiring authentication for the duration of the session (authentication cookies);
  • pliki cookies służące do zapewnienia bezpieczeństwa, np. wykorzystywane do wykrywania nadużyć w zakresie uwierzytelniania (ang. user centric security cookies);
  • session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);
  • persistent cookies used to personalize the User’s interface for the duration of the session or slightly longer (user interface customization cookies).
• “Marketing” cookies - The Administrator and its trusted partners may also use cookies for marketing purposes. For this purpose, the Administrator and trusted partners may store information or gain access to information already stored in the User’s telecommunications terminal device (computer, telephone, tablet, etc.).

ANALYTICAL AND MARKETING TOOLS USED BY THE ADMINISTRATOR’S PARTNERS.

• The Administrator and its Partners use various solutions and tools for analytical and marketing purposes. Below is basic information about these tools. Detailed information in this regard can be found in the privacy policy of the given partner.
• Google Analytics - Google Analytics cookies are files used by Google to analyze how the User uses the Website, to create statistics and reports on the functioning of the Website. Google does not use the collected data to identify the User or combine this information to enable identification. Detailed information about the scope and principles of data collection in connection with this service can be found at the following link: https://www.google.com/intl/pl/policies/privacy/partners.
• Google AdWords - Google AdWords is a tool that allows you to measure the effectiveness of advertising campaigns implemented by the Administrator, allowing for the analysis of such data as e.g. keywords or the number of unique users. The Google Adwords platform also allows us to display our ads to people who have visited the Website in the past. Information on data processing by Google in the scope of the above service is available at the link: https://policies.google.com/technologies/ads?hl=pl.
• Social plug-ins - the Website uses plug-ins from the Facebook social networking site. The use of these plug-ins involves the entity operating the Facebook social networking site leaving a cookie called “_fbp” on the User’s device. This file identifies browsers for the purpose of providing advertising and website analytics services. The administrator does not have detailed knowledge about the purpose and scope of data collection by the entity running the Facebook social networking site. More information about this cookie can be found at www.facebook.com/policies/cookies/, under the “cookies” link in the section titled “Why do we use cookies?”.

MANAGING COOKIE SETTINGS.

• The Website uses two basic types of cookies: “session cookies” and “persistent cookies”. “Session” cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser).
• “Permanent” cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.
• Software for browsing websites (web browser) usually allows cookies to be stored on the User’s end device by default. Users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies. For details, see your web browser’s help or documentation.
• Restrictions on the use of cookies may affect some of the functionalities available on the Website.
• Cookies placed on the User’s end device may also be used by advertisers and partners cooperating with the Website.
• The user may not consent to the processing of cookies by not accepting the consent to their processing displayed on the website (this may result in incorrect operation of the website).
• The use of cookies to collect data, including access to data stored on the User’s device, requires the User’s consent. This consent may be withdrawn at any time.
• Permission is not required only in the case of cookies whose use is necessary to provide a telecommunications service (data transmission to display content).
• Withdrawal of consent to the use of cookies is possible via browser settings. Detailed information on this topic can be found at the links below:
  • Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies
  • Mozilla Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
  • Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
  • Opera: http://help.opera.com/Windows/12.10/pl/cookies.html
  • Safari: https://support.apple.com/kb/PH5042?locale=en-GB
• The user can at any time verify the status of his or her current privacy settings for the browser used using the tools available at the links below:
  • http://www.youronlinechoices.com/pl/twojewybory
  • https://optout.aboutads.info/?c=2&lang=EN