PRIVACY POLICY FOR THE TAKSUBA ONLINE STORE INCLUDING INFORMATION REQUIRED UNDER ARTICLE 13 GDPR
1. General Information
1.1. This Privacy Policy of the Online Store, hereinafter referred to as the “Policy”, is informational in nature, which means that it does not constitute a source of obligations for Customers of the Online Store and is not an agreement or terms and conditions.
1.2. All words, expressions and abbreviations used on this page and beginning with a capital letter, for example Seller, Online Store, Electronic Service, shall be understood in accordance with their definitions contained in the Terms and Conditions of the Online Store available at https://taksuba.com/
1.3. In the event of any doubt or inconsistency between this Policy and the consents granted by a given person, irrespective of the provisions of this Policy, the basis for the Administrator’s actions and for determining their scope shall always be the voluntarily granted consents or the provisions of law applicable in a given situation.
2. Personal Data Controller
2.1. In fulfilment of the obligation arising from Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data (“GDPR”), we inform you that the Controller of your personal data is Geometric Goods spółka z ograniczoną odpowiedzialnością with its registered office in Kraków, address: ul. Tadeusza Kościuszki 47/30, 30-114 Kraków, Poland,
registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register, KRS number: 0000934542, NIP: 6772471263, hereinafter referred to as the “Administrator”.
2.2. The Administrator may be contacted in matters concerning personal data protection and the exercise of your rights by email at: taksuba.store@gmail.com, or in writing at the Company’s registered office address or at the Administrator’s correspondence address: ul. Tadeusza Kościuszki 47/30, Kraków 30-114, Poland, where the Company conducts its business activity. The Data Protection Officer may also be contacted using the above contact details.
2.3. If you provide additional consent, the controllers of data obtained on the basis of your online activity using technologies such as cookies may also include our trusted partners.
3. Purposes and Legal Basis for the Processing of Personal Data
3.1. The Administrator processes the following personal data:
a) Personal Data provided in the form when registering an Account or placing Orders in the Online Store, in particular: first and last name; email address; contact telephone number; address (street, house number, apartment number, postal code, city/town, country), residential/business/registered office address, if different from the delivery address, bank account number, and in the case of Customers who are not consumers, additionally company name and tax identification number [NIP], as well as other data collected during the use of the Online Store;
b) Personal Data provided when using the contact form or submitted when filing a complaint;
c) Other data, in particular data obtained based on the Customer’s activity on the Internet or in mobile applications, including data obtained via the Online Store or other communication channels with the Customer, using cookies and similar technologies.
3.2. Your Personal Data will be processed for the following purposes:
a) conclusion and performance of the Agreement for the Provision of Services (Account) or taking steps at the request of a prospective Customer prior to its conclusion. We process your data in order to maintain your Account so that you can benefit from the advantages it offers, for example placing orders without having to complete forms each time, accessing purchase history, managing your consents on the website, etc., and enabling you to use other services available on our website. Legal basis: Article 6(1)(b) GDPR, processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
b) conclusion and performance of the Sales Agreement or taking steps at the request of a prospective Customer prior to its conclusion. We need your personal data to process your order and perform the concluded agreement, in particular to confirm its placement and to reserve or send the selected Goods to you, as well as to contact you in this matter if necessary. Legal basis: Article 6(1)(b) GDPR, processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c) accepting and handling complaints. Legal basis: Article 6(1)(c) GDPR, processing is necessary for compliance with a legal obligation to which the controller is subject;
d) presenting advertisements, offers or promotions/discounts concerning goods or services of the Administrator and its partners, whose current list is provided within the Online Store, intended for all recipients. Legal basis: Article 6(1)(a) GDPR, the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
e) assessment and analysis of the Customer’s activity and information, including as part of automated processing of Personal Data (profiling), in order to present general advertisements, offers or promotions/discounts concerning goods or services of the Administrator and its partners, tailored to the interests of a given Customer, without significantly affecting their decisions, as well as for market and statistical analyses. Legal basis: Article 6(1)(f) GDPR, processing is necessary for the purposes of the legitimate interests pursued by the controller;
f) pursuing claims and defending against claims, including claims of third parties, in connection with the use of most functionalities of the Online Store. Legal basis: Article 6(1)(f) GDPR, processing is necessary for the purposes of the legitimate interests pursued by the Administrator;
g) fulfilment of legal obligations arising from applicable provisions, for example tax and accounting regulations, especially in the case of paid agreements. Legal basis: Article 6(1)(c) GDPR, for example issuing and storing accounting documents, providing responses, fulfilling obligations resulting from the rights of data subjects, and cooperation with public administration authorities;
h) conducting correspondence with Customers, including responding to Customers’ messages. Legal basis: Article 6(1)(a) GDPR, the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
i) In the case of an adult Customer, subject to their additional consent, Personal Data may also be processed for the purpose of presenting, creating, granting and implementing advertisements, offers or promotions/discounts dedicated to that Customer and relating to goods or services of the Administrator and its partners, tailored to the highest possible degree to the Customer’s preferences (profiling), as a result of automated decision-making which may produce legal effects concerning the Customer or similarly significantly affect the Customer, for example by granting a short-term discount dedicated exclusively to that person for a specific Product recently viewed in our store. Legal basis: Article 6(1)(a) GDPR, the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
3.3. The Administrator indicates the following categories of recipients of personal data:
a) personal data may be transferred to entities supporting the Administrator’s business processes, for example entities providing postal or courier services, accounting, tax and legal services;
b) in cases described in separate provisions of law and in accordance with the procedure specified therein, personal data may be transferred to authorised public administration authorities;
c) personal data may be processed using external and internal IT infrastructure, including by hosting service providers, and may also be transferred to entities operating the Administrator’s ICT systems or providing IT tools that meet GDPR requirements regarding system security.
3.4. The Administrator declares that in each case the disclosure or transfer of personal data for processing takes place on the basis of the consent of the data subject, a data processing agreement, or a legal obligation.
3.5. Data will be stored for the period necessary to achieve the purposes for which it was collected, however no longer than 6 years from the date of termination of the Agreement, in accordance with Article 118 of the Civil Code.
4. Rights to Update, Modify, Delete and Access Personal Data
4.1. In connection with the processing of your personal data by the Administrator, you have the right to:
- request access to your personal data;
- request rectification of your personal data;
- request deletion or restriction of processing of your personal data;
- data portability with respect to personal data processed on the basis of an Agreement;
- object to the processing of personal data in the cases specified in Article 21 GDPR;
- lodge a complaint with the supervisory authority, the President of the Personal Data Protection Office.
5. Transfer of Personal Data Outside the EEA
5.1. As part of the Administrator’s use of tools supporting its ongoing business activity, provided for example by Google, the Customer’s Personal Data may be transferred to a country outside the European Economic Area, in particular to the United States of America (USA), Israel or another country in which an entity cooperating with such provider maintains tools used for the processing of Personal Data in cooperation with the Administrator.
5.2. Appropriate safeguards for the transferred Personal Data have been ensured by the Administrator through the use of standard data protection clauses adopted pursuant to a decision of the European Commission and data processing agreements meeting GDPR requirements. In the case of data transfers from Europe to the USA, some entities located there may additionally provide an adequate level of data protection under the so-called Privacy Shield programme. More information on this subject is available at: https://www.privacyshield.gov/.
5.3. The Customer has the right to obtain a copy of the safeguards applied by the Administrator with respect to the transfer of Personal Data to a third country by contacting us.
6. Voluntary Provision of Personal Data
6.1. Providing Personal Data by the Customer in the Online Store is voluntary; however, it is necessary in order to use certain functionalities of our store, for example to place an Order and settle it, conclude and perform the Sales Agreement, register an Account, conclude and perform the Agreement for the Provision of Services, or use our forms.
Each time, the scope of data required to conclude the relevant agreement is indicated in advance in the Online Store, as we mark the data that must be provided in order to conclude the agreement or use a specific functionality, within other communication channels with the Customer or in the Terms and Conditions. The consequence of failing to provide Personal Data may be the inability to effectively perform the above actions.
7. Profiling
7.1. For the purpose of presenting general advertisements, offers or promotions/discounts intended for all Customers in a manner tailored to the interests of a given Customer, the Administrator may analyse the Customer’s preferences, for example by analysing how often the Customer visits the Online Store. This enables the Administrator to better understand the Customer’s expectations and adapt to their needs, without significantly affecting their decisions. Due to the Administrator’s use of advanced technologies, the above activities will often be performed automatically by the system, so that the content sent will be as up to date as possible and the Customer will be able to review it quickly.
7.2. In the case of adult Customers, the above analysis of interests or preferences will also serve to create, grant and implement dedicated advertisements, offers or promotions/discounts tailored to them to the highest possible degree, in an automated manner, which may produce legal effects concerning them or similarly significantly affect them, potentially limiting access to such offers for other Customers. This option is not available to Customers who are not adults and who have not consented to such actions by the Administrator. These actions differ from ordinary “profiling”, for example adjusting our communications or banners to your interests, in that their result may significantly affect your choices as a consumer, for example by resulting in a very favourable, temporary offer addressed exclusively to you based on your purchase history and behaviour on our website, to which other Customers will not have access. The more often a given Customer uses the Administrator’s services and purchases its Goods, the better promotions and surprises may be prepared for them.
8. Cookie Policy
8.1. Who do cookies apply to?
Since the cookie technology, or technology with functionality similar to cookies, used by the Administrator collects information about every person visiting the Online Store, the following provisions of the Policy apply to persons who use the Online Store, regardless of whether they are Customers of the Store, place Orders, reserve Goods or have an Account, hereinafter also referred to as the “Visitor”.
8.2. What technology do we use?
The Online Store uses technology that stores and accesses information on a computer or other device connected to the network, in particular using cookies or related solutions, in order to ensure maximum comfort when using the Online Store, including for statistical purposes and to tailor the advertising content of the Administrator, its partners and advertisers presented to the interests of the Visitor. During a visit to the Online Store, data concerning the Visitor’s online activity may be collected automatically.
Since the Administrator may use solutions with functionality similar to cookies, the following provisions of the Policy should also be applied accordingly to such technologies.
8.3. What are cookies?
A cookie file is a small piece of text information sent by a server and stored on the Visitor’s device, usually on a computer hard drive or mobile device. It stores information that the Online Store may need in order to adapt to the Visitor’s way of using it and to collect statistical data concerning the Online Store, for example information about which pages were visited, which elements were downloaded, as well as data concerning the domain name of the Internet service provider or the country of origin of the Visitor.
8.4. Do cookies collect your personal data?
When a Visitor uses the Online Store, cookies are used to identify their browser or device. Cookies collect various types of information which, as a rule, do not constitute personal data, as they do not allow the Visitor to be identified. However, depending on their content and method of use, some information may be linked to a specific person, by assigning certain behaviours to a specific Visitor, for example by linking them with data provided when registering an Account in the Online Store, and may therefore be considered personal data.
With respect to information collected by cookies that may be linked to a specific person, the provisions of this Policy concerning Personal Data shall apply, in particular those relating to the rights of the data subject. Information concerning data collected by cookies is also provided, among other places, in the information clause displayed in a visible and easily accessible place during the first visit to the Online Store.
8.5. On what legal basis do we use cookies?
Obtaining and storing information using cookies is possible on the basis of consent given by the Visitor. As standard, Internet browsers or other software installed on a computer or other device connected to the network allow cookies to be placed on that device by default, and thus allow information about Visitors to be collected. In the settings of the Internet browser or within the privacy policy management settings on our website, consent granted for the use of cookie technology, including by our partners, may be modified or withdrawn at any time, although some parts of the Store may then not function properly. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal. Detailed information on how to withdraw consent is presented in the following sections of this Policy. The legal basis for the processing of data obtained in this way is the legitimate interest of the Administrator, consisting in the need to ensure the highest quality of content presented by the Administrator by adapting it to the preferences of Visitors and marketing, including direct marketing, of the goods and services of the Administrator or its partners, provided that in such case the partners do not participate in the processing of the Customer’s data. On the other hand, to the extent that the Administrator’s partners may also have direct access to this information, the legal basis for such processing is the Customer’s voluntary consent.
8.6. What do we use cookies for?
The cookies used are primarily intended to make it easier for the Visitor to use the Online Store, for example by “remembering” information once provided so that the Visitor does not have to provide it each time, and they also serve to adapt the Store’s content, including displayed advertisements, to the Visitor’s preferences. Cookies also serve to increase the usability and personalisation of the Online Store content, including presenting, creating, granting and implementing advertisements, offers or promotions/discounts dedicated to a given Visitor in accordance with their interests. This applies only where the Visitor is an adult and has consented to such activity.
Using cookie technology applied in the Online Store, the Administrator may analyse the Visitor’s preferences, for example by analysing how often the Visitor visits the Online Store. Analysis of online behaviour helps to better understand the habits and expectations of Visitors and to adapt to their needs and interests. Thanks to this technology, it is possible to present Visitors with advertisements tailored to their needs and interests and to prepare better promotions and surprises for adult Visitors who have consented to this.
Based on cookies, the Administrator also uses technology that enables advertising messages to reach Visitors who have previously visited the Online Store while they are using other websites.
8.7. Can you object to the use of information obtained from cookies?
The Visitor may object to actions undertaken by the Administrator for the purposes described above. If the Visitor has given consent, including consent to the presentation, creation, granting and implementation of dedicated advertisements, offers or promotions/discounts tailored to their preferences, such consent may be withdrawn at any time. However, this will not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
8.8. What types of cookies do we use and are they harmful?
Cookies used in the Online Store are not harmful either to the Visitor or to the computer/end device used by the Visitor, therefore we recommend not disabling them in browsers. The Online Store uses two types of cookies: session cookies, which remain stored on the Visitor’s computer or mobile device until logging out from the website or closing the software/browser, and persistent cookies, which remain on the Visitor’s device for the period specified in the cookie parameters or until they are manually deleted in the Internet browser.
8.9. How long will information collected by cookies be stored?
Depending primarily on the purposes and legal basis for processing Personal Data collected by cookies, such data may be stored for the period indicated in this Policy.
Personal Data concerning a Visitor who is not a Customer and collected by cookies will be stored until an objection is lodged. The Administrator may delete Personal Data if it has not been used for marketing purposes for 3 years, unless legal provisions require the Administrator to process Personal Data for a longer period.
Some Personal Data may be stored for a longer period in the event that the Visitor has any claims against the Administrator or for the purpose of pursuing claims by the Administrator or defending against claims, including claims of third parties, for the limitation period specified by applicable law, in particular the Civil Code.
In each case, the longer period of Personal Data storage shall apply.
8.10. Third-party cookies.
Cookies used by the Administrator primarily serve to optimise the Visitor’s experience when using the Online Store. However, the Administrator cooperates with other companies in the scope of their marketing/advertising activities. For the purposes of such cooperation, the browser or other software installed on the Visitor’s device also stores cookies from entities conducting such marketing activities, which may become controllers of the Customer’s personal data. Cookies sent by these entities are intended to ensure that the Visitor is shown only those advertisements that correspond to their individual interests and needs. In the Administrator’s opinion, displaying personalised advertising is more attractive to the Visitor than advertising unrelated to their needs. Without these files, this would not be possible, because the companies cooperating with the Administrator provide advertising content to Visitors.
8.11. How to delete/block cookies?
The Visitor may change the way cookies are used by managing the consents granted within the privacy settings on our website or through the browser, including blocking or deleting cookies originating from the Online Store and other websites. To do this, the browser settings must be changed. The deletion method differs depending on the Internet browser used. Information on how to delete cookies should be available in the “Help” section of the selected Internet browser. Deleting cookies is not the same as deleting Personal Data obtained by the Personal Data Controller through cookies.
For example, in Internet Explorer, cookies can be modified via: Tools -> Internet Options -> Privacy; in Mozilla Firefox: Tools -> Options -> Privacy; and in Google Chrome: Settings -> Show advanced settings -> Privacy -> Content settings -> Cookies. Access paths may differ depending on the browser version used.
Detailed information on managing cookies on a mobile phone or other mobile device can be found in the user manual/instruction manual of the relevant phone or mobile device.
It is also possible to block third-party cookies while accepting cookies used directly by the Administrator, by selecting the option to block third-party website cookies.
8.12. What are the consequences of deleting or blocking cookies?
Restricting the use of cookies on a given device may prevent or significantly hinder the proper use of the Online Store, for example it may result in the inability to maintain a login session.
9. General Information
9.1. How can you contact us?
You may contact the Administrator at any time by sending a message by traditional mail or email to the Administrator’s address indicated at the beginning of this Policy, or by telephone at the telephone number indicated at the beginning of this Policy.
The Administrator stores correspondence for statistical purposes and in order to respond to enquiries as effectively and quickly as possible, as well as for the purposes of complaint handling and decisions on possible administrative interventions made on the basis of reports in the indicated Account. Addresses and data collected in this way will not be used for communication for any purpose other than handling the report.
When contacting the Administrator in order to perform specific actions, for example to file a complaint using a form, the Administrator may again request that the given person provide data, including personal data, for example first name, last name, email address, etc., in order to confirm that person’s identity, enable return contact in the given matter and perform the requested action. Providing such data is not mandatory, but may be necessary in order to perform the action or obtain the information requested by the person concerned.
9.2. How do we protect your data?
Taking into account the state of technical knowledge, the cost of implementation, and the nature, scope, context and purposes of processing, as well as the risk of violation of the rights or freedoms of natural persons of varying likelihood and severity, the Administrator applies appropriate technical and organisational measures to ensure protection of the Personal Data processed that is appropriate to the risks and categories of data protected. In particular, the Administrator protects data against disclosure to unauthorised persons, acquisition by an unauthorised person, processing in breach of applicable provisions, and alteration, loss, damage or destruction. Disclosure of information about the technical and organisational measures used to protect processing may weaken their effectiveness and therefore threaten the proper protection of Personal Data.
The Administrator makes available, as appropriate, for example the following technical measures preventing unauthorised persons from obtaining and modifying Personal Data transmitted electronically:
1. protection of the data set against unauthorised access;
2. SSL certificate on the pages of the Online Store where Personal Data is provided;
3. encryption of data used to authorise a person using the functionalities of the Online Store;
4. access to the Account only after providing an individual login and password;
5. links to other websites.
The Online Store may contain links to other websites. The Administrator encourages users to read the terms and conditions and privacy policies applicable to other websites. This Policy applies only to the indicated activities of the Administrator.
9.3. Can this Policy be changed, and how will you be informed?
The Administrator may change the Policy in the future, including for the following important reasons:
1. changes in applicable provisions of law, in particular regarding Personal Data protection, telecommunications law, services provided electronically, and provisions regulating consumer rights, affecting the rights and obligations of the Administrator or the rights and obligations of the data subject;
2. development of functionalities or Electronic Services dictated by the progress of Internet technology, including the use or implementation of new technological or technical solutions affecting the scope of the Policy;
3. The Administrator will each time place information about changes to the Policy on the website of the Online Store. With each change, the new version of the Policy will appear with a new date.
10. From when is this version of the Policy effective?
This version of the Policy is effective from 01.04.2024.