1. Personal data administrator
The administrator of personal data of Users using the store www.onfleek.com.pl is a company operating under the name OnFleek Sp. z o.o. with headquarters in Warsaw at ul. Grójecka 194/386, NIP: 7010621919, KRS 0000641499, REGON 365621423, hereinafter referred to as the Administrator.
The administrator processes personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of physical users with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (hereinafter referred to as "GDPR").
Contact in matters related to the management of personal data:
- written contact: OnFleek Sp. z o.o, ul. Piaskowa 1 Sołtyków, 26-640 Skaryszew
- e-mail contact: email@example.com
2. Purpose and scope of Data processing
The collected personal data includes: Name, Surname, Company name (optional), Country, Street name, building number / apartment number, Postal code, City, Telephone, E-mail address, credit card details, bank account number, User's login and password, address IP of the computer from which the registration was made or the order was placed.
Personal data is collected during the User's registration, filling in the Order form, subscription form for the newsletter, during e-mail or telephone communication.
The user provides his personal data voluntarily, with the reservation, however, that failure to provide specific data in the purchase process may prevent the submission and execution of the User's order.
The data is processed for the purpose of:
- Maintaining a User Account - for the period of keeping the Account for the User, until its liquidation by or at the request of the User - pursuant to art. 6 sec. 1 lit. b) RGDPR;
- Conclusion and implementation of contracts for the sale of products via the Store - pursuant to art. 6 sec. 1 lit. b) and art. 9 sec. 2 lit. h) GDPR;
- Implementation by the Administrator of its legal obligations, in particular resulting from the provisions of tax law or other legal provisions - pursuant to art. 6 sec. 1 lit. c) and art. 9 sec. 2 lit. h) GDPR;
- Establishing, investigating or defending against claims that the parties may have against each other (including data contained in the User Account, data regarding contracts for the sale of products via the Store - pursuant to art.6 par.1 lit.f) and art. 9 sec. 2 lit. h) GDPR.
In addition, the user may voluntarily provide his email address and subscribe to the newsletter, i.e. sending an email with marketing content regarding the products offered and articles published in the Store by the Administrator - until the consent is withdrawn - pursuant to art. 6 sec. 1 lit. a) GDPR;.
3. The right to access and correct data
Each user has the right to access their personal data, rectify it, delete it or the right to object to processing, limit processing, as well as the right to transfer data.
The administrator provides the option of removing personal data from the collection kept, in particular in the event of deleting the User Account. The administrator may refuse to delete personal data if the User has not paid all amounts due to the Seller or has violated applicable law, and the retention of personal data is necessary to clarify these circumstances and determine the User's liability.
The user has the option to lodge a complaint with the President of the Personal Data Protection Office if he or she believes that the processing of personal data violates the law.
4. Entities that will have access to Users' data
5. Data Protection
The Administrator processes Users' personal data in a safe manner, in accordance with the law, including with the Regulation of the European Parliament and the Council of the European Union 2016/679 of 27 April 2016 on the protection of physical users with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC - GDPR. Only persons authorized by the Administrator are allowed to process data.
The administrator makes every effort to ensure the best possible means of technical, physical and organizational protection of personal data against accidental or deliberate destruction, loss, disclosure, alteration, use. The Administrator processes the User's data in a manner consistent with the scope of the User's consent and in accordance with the legal requirements and the GDPR Act.
6. Profiling in the Store
The law impose an obligation on the Administrator to inform about automated decision-making referred to in art. 22 sec. 1 and 4, GDPR. The Administrator uses or may use profiling in the Store for direct marketing purposes.
The effect of using profiling in the Store may be, for example, a reminder about unfinished purchases, sending a Product proposal that may correspond to the interests or preferences of the User or proposing better conditions compared to the standard offer of the Store, it also allows the User to receive a discount or send a discount/promotion code.
Despite profiling, the User freely decides whether he will want to use the discount received in this way or better conditions and make a purchase in the Store.