Privacy Policy for the TAKSUBA Online Store in accordance with Article 13 of the GDPR
1. General Information
1.1. This privacy policy of the Online Store (hereinafter referred to as the "Policy") is informative, which means it is not a source of obligations for the customers of the Online Store and is not a contract or regulation.
1.2. Any words, expressions, and abbreviations used on this page and starting with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood according to their definition contained in the Online Store Regulations available at https://taksuba.com/
1.3. In case of doubts or conflicts between the Policy and the consents given by a person, regardless of the provisions of the Policy, the basis for the Administrator's actions and the scope of activities shall always be the voluntarily given consents or the applicable law in a given situation.
2. Personal Data Administrator
2.1. In fulfilling the obligation under Article 13 of the General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data ("GDPR"), we inform you that the Administrator of your personal data is Geometric Goods spółka z ograniczoną odpowiedzialnością based in Kraków, address: ul. Tadeusza Kościuszki 47/30, 30-114 Kraków, Poland,
registered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register, KRS number: 0000934542, NIP: 6772471263, hereinafter referred to as the "Administrator".
2.2. You can contact the Administrator regarding personal data protection and the exercise of your rights via email at taksuba.store@gmail.com or in writing at the company's registered address or the correspondence address of the Administrator: ul. Tadeusza Kościuszki 47/30, Kraków 30-114, Poland, where the company's activities are conducted. You can also contact the Data Protection Officer using the above contact details.
2.3. If you give additional consent, the administrators of data obtained based on your Internet activity using technologies such as cookies may also be our trusted partners.
3. Purposes and Legal Basis of Personal Data Processing
3.1. The Administrator processes the following personal data:
a) Personal data provided in the form during account registration or order placement in the Online Store, in particular: name and surname; email address; contact phone number; address (street, house number, apartment number, postal code, city, country), residence/business address/headquarters address (if different from the delivery address), bank account number, and in the case of non-consumer customers, additionally the company name and tax identification number [NIP]) and other data collected during the use of the Online Store;
b) Personal data provided when using the contact form or submitted when filing complaints;
c) Other data, particularly obtained based on the Customer's activity on the Internet or in mobile applications, including obtained via the Online Store or other communication channels with the Customer, using cookies and similar technologies.
3.2. Your personal data will be processed in the following scope:
a) Conclusion and execution of the Service Agreement (Account) or taking action at the request of the future Customer before its conclusion (we process your data to maintain your account, so you can enjoy the benefits it offers, such as placing orders without having to fill out forms each time, accessing purchase history, managing your consents on the site, etc., and enabling you to use other services available on our site), legal basis: Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract);
b) Conclusion and execution of the Sales Agreement or taking action at the request of the future Customer before its conclusion (we need your personal data to fulfill your order and perform the concluded contract - in particular, to confirm its placement and reserve or send the selected goods to you, as well as to contact you if necessary regarding this matter); legal basis: Article 6(1)(b) GDPR (processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract);
c) Receiving and handling complaints, legal basis: Article 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the controller is subject);
d) Presenting advertisements, offers, or promotions (discounts) related to the goods or services of the Administrator and its partners (the current list is provided within the Online Store) intended for all recipients, legal basis: Article 6(1)(a) GDPR (the data subject has given consent to the processing of their personal data for one or more specific purposes);
e) Assessing and analyzing the activity and information about the Customer, including as part of automated personal data processing (profiling), to present general advertisements, offers, or promotions (discounts) related to the goods or services of the Administrator and its partners, tailored to the interests of the particular Customer (without significantly affecting their decisions), as well as market and statistical analyses, legal basis: Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller);
f) Asserting claims and defending against claims, including third parties - when using most of the Online Store's functionalities; legal basis: Article 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller);
g) Fulfilling legal obligations arising from provisions, e.g., tax and accounting, especially in the case of paid contracts, legal basis: Article 6(1)(c) GDPR (e.g., issuing and storing accounting documents, providing responses, fulfilling obligations arising from the rights of data subjects, cooperating with state administration bodies);
h) Conducting correspondence with Customers, including responding to Customer messages, legal basis: Article 6(1)(a) GDPR (the data subject has given consent to the processing of their personal data for one or more specific purposes);
i) In the case of an adult Customer, with their additional consent, personal data may also be processed to present, create, grant, and execute dedicated advertisements, offers, or promotions (discounts) concerning the goods or services of the Administrator and its partners, tailored to their preferences (profiling), through automated decision-making, which may have legal effects on them or similarly significantly affect them, e.g., through a short-term discount exclusively dedicated to such a person based on their shopping history and behaviors on our site, legal basis: Article 6(1)(a) GDPR (the data subject has given consent to the processing of their personal data for one or more specific purposes);
3.3. The Administrator specifies the following categories of personal data recipients:
a) Personal data may be transferred to entities supporting the Administrator's business processes, e.g., entities providing postal or courier services, accounting, tax, legal services;
b) In cases described in separate legal provisions and in accordance with the procedure specified in these provisions, personal data may be transferred to authorized state administration bodies;
c) Personal data may be processed using external and internal IT infrastructure, including hosting service providers, as well as transferred to entities operating the Administrator's IT systems or providing IT tools that meet GDPR security requirements.
3.4. The Administrator declares that in each case, the sharing or transfer of personal data for processing is based on the data subject's consent or a data processing agreement or a legal obligation.
3.5. Data will be stored for the time necessary to achieve the purposes for which they were collected, but not longer than 6 years from the date of the termination of the Agreement (in accordance with Article 118 of the Civil Code).
4. Rights to Update, Modify, Delete, and Access Personal Data
4.1. In connection with the processing of your personal data by the Administrator, you have the right to:
- Request access to your personal data;
- Request the correction of your personal data;
- Request the deletion or restriction of the processing of your personal data;
- Transfer your personal data (processed based on the Agreement);
- Object to the processing of personal data in cases specified in Article 21 of the GDPR;
- File a complaint with a supervisory authority (President of the Personal Data Protection Office).
5. Transfer of Personal Data Outside the EEA
5.1. As part of the Administrator's use of tools supporting its daily activities, provided by companies such as Google, the Client's personal data may be transferred to a country outside the European Economic Area, particularly to the United States of America (USA), Israel, or another country where the cooperating entity maintains tools used for personal data processing in cooperation with the Administrator.
5.2. Appropriate safeguards for transferred personal data have been ensured by the Administrator through the use of standard data protection clauses adopted by the European Commission and data processing agreements that meet GDPR requirements. When transferring data from Europe to the USA, some entities located there may additionally provide an adequate level of data protection under the Privacy Shield program (more information on this is available at https://www.privacyshield.gov/).
5.3. The Client has the right to obtain a copy of the safeguards used by the Administrator concerning the transfer of personal data to a third country by contacting us.
6. Voluntary Provision of Personal Data
6.1. Providing personal data by the Client in the Online Store is voluntary, but it is necessary to use certain functionalities of our store, for example, to place an Order and settle it (conclusion and performance of the Sales Agreement) or register an Account (conclusion and performance of the Service Agreement) or use our forms.
Each time, the scope of data required to conclude the appropriate contract is indicated in advance in the Online Store (we mark the data that is necessary to conclude the contract/use a specific functionality), within other communication channels with the Customer, or in the Regulations. Failure to provide personal data may result in the inability to effectively perform the above actions.
7. Profiling
7.1 The Administrator, for the purposes of presenting general advertisements, offers, or promotions (discounts) intended for all Customers, tailored to the interests of the given Customer, may familiarize himself with his preferences, for example, by analyzing how often he visits the Online Store. This allows for a better understanding of the Customer's expectations and adapting to their needs, without significantly affecting their decisions. Thanks to the Administrator's use of advanced technologies, these actions will often be performed by the system in an automated manner, ensuring that the content sent is the most up-to-date and the Customer can quickly get acquainted with it.
7.2. In the case of adult Customers, the mentioned analysis of interests or preferences will also serve to create, grant, and execute dedicated and highly tailored advertisements, offers, or promotions (discounts), in an automated manner, which may have legal effects on them or similarly significantly affect them, potentially limiting access to them to other Customers (option not available to Customers who are not adults and have not consented to such actions by the Administrator). Such actions differ from regular "profiling" (i.e., adapting our messages, banners to your interests) by having a significant impact on your choices as a consumer, meaning, for example, that the result may be a very favorable, time-limited offer addressed exclusively to you based on your shopping history and behaviors on our site, which other Customers will not have access to. The more often a given Customer uses the Administrator's services and purchases its Goods, the better promotions and surprises can be prepared for them.
8. Policy Regarding "Cookies"
8.1. Who do "cookies" concern?
Due to the fact that the technology of cookies (or similar functionality) used by the Administrator collects information about every person visiting the Online Store, the following provisions of the Policy apply to individuals using the Online Store, regardless of whether they are its Customers (placing Orders, reserving Goods, or having an Account) (hereinafter also referred to as the "Visitor").
8.2. What technology do we use?
The Online Store uses technology that stores and accesses information on a computer or other device connected to the network (in particular, using cookies or similar solutions) to ensure the maximum comfort of using the Online Store, including for statistical purposes and to tailor the content presented to the Visitor's interests, the Administrator's partners, and advertisers. During the visit to the Online Store, data on the Visitor's Internet activity may be automatically collected.
Due to the fact that the Administrator may use solutions with functionality similar to cookies - please refer to the following Policy provisions accordingly to these technologies as well.
8.3. What are "cookies"?
A cookie is a small text file sent by a server and stored on the Visitor's device (usually on the hard drive of a computer or mobile device). It stores information that the Online Store may need to adjust to the ways the Visitor uses it and to collect statistical data regarding the Online Store (e.g., about which pages were visited, which elements are downloaded) and data on the domain name of the internet service provider or the Visitor's country of origin.
8.4. Do "cookies" collect your personal data?
When the Visitor uses the Online Store, cookies are used to enable the identification of their browser or device - cookies collect various types of information that are generally not personal data (they do not allow the identification of the Visitor). Some information, depending on its content and usage, may, however, be associated with a specific person - assigning certain behaviors to a specific Visitor, for example, by linking them with data provided during Account registration in the Online Store - and thus be considered personal data.
For information collected by cookies that can be associated with a specific person, the provisions of the Policy relating to Personal Data, particularly regarding the rights of the data subject, apply. Information regarding the information collected by cookies is also provided, among other things, in the information clause posted in a visible and easily accessible place during the first visit to the Online Store.
8.5. On what legal basis do we use "cookies"?
Obtaining and storing information using cookies is possible based on the Visitor's consent. By default, web browsers or other software installed on a computer or other device connected to the network allow cookies to be placed on such a device, and thus collect information about Visitors. In the settings of the web browser or in the privacy management settings on our site, the consent given for the use of cookie technology, including our partners, can be modified or revoked at any time (however, some parts of the Store may not work properly). Withdrawing consent does not affect the lawfulness of processing carried out based on consent before its withdrawal (detailed information on how to withdraw consent is provided in the following points of this Policy). The legal basis for processing such obtained data is the Administrator's legitimate interest, which is the need to ensure the highest quality of content presented by the Administrator by tailoring it to the Visitor's preferences and marketing - including direct marketing - of the Administrator's goods and services or its partners, while in such a case, the partners do not participate in the processing of the Client's data. On the other hand, to the extent that the Administrator's partners may also have direct access to this information – the legal basis for such processing is the voluntary consent given by the Client.
8.6. What do we use "cookies" for?
The used cookies are primarily intended to make it easier for the Visitor to use the Online Store, for example, by "remembering" the information provided once so that they do not have to provide it each time, as well as to tailor its content, including the presented advertisements, to their preferences. Cookies also serve to increase the usability and personalization of the Online Store's content, including presenting, creating, granting, and executing advertisements, offers, or promotions (discounts) dedicated to a given Visitor according to their interests (this applies only to situations where they are an adult and have consented to such actions).
Using cookie technology in the Online Store allows the Administrator to become familiar with the Visitor's preferences - for example, by analyzing how often they visit the Online Store. Analyzing online behaviors helps to better understand the habits and expectations of Visitors and adapt to their needs and interests. Thanks to this technology, it is possible to present Visitors with advertisements tailored to their needs and interests and prepare better promotions and surprises for adult Visitors who have consented to it.
Based on cookies, the Administrator also uses technology that allows for reaching Visitors with advertising messages who have previously visited the Online Store while using other websites.
8.7. Can you object to the use of information obtained from "cookies"?
The Visitor can object to the actions taken by the Administrator for the purposes described above. In the case of consent given by the Visitor, including for the presentation, creation, granting, and execution of dedicated advertisements, offers, or promotions (discounts) tailored to their preferences, it can be withdrawn at any time - however, this will not affect the lawfulness of processing carried out based on consent before its withdrawal.
8.8. What types of "cookies" do we use, and are they harmful?
Cookies used in the Online Store are not harmful to the Visitor or the computer/end device used by them, so we recommend not disabling them in browsers. The Online Store uses two types of cookies: session cookies, which remain stored on the computer or mobile device of the Visitor until logging out from the website or disabling the software (web browser), and persistent cookies, which remain on the Visitor's device for the time specified in the cookie parameters or until they are manually deleted in the web browser.
8.9. How long will the information collected by "cookies" be stored?
Depending primarily on the purposes and legal basis for processing the personal data collected by cookies, they may be stored for the time specified in the Policy.
The personal data collected by cookies concerning a Visitor who is not a Client will be stored until an objection is raised. The Administrator may delete personal data if they are not used for marketing purposes within 3 years unless the law obliges the Administrator to process personal data for a longer period.
Some personal data may be stored longer in case the Visitor has any claims against the Administrator or to pursue claims by the Administrator or defend against claims (also from third parties), for the period of their limitation specified by law, especially the Civil Code.
In any case, the longer storage period of personal data shall prevail.
8.10. Third-Party Cookies
The cookies used by the Administrator primarily serve to optimize the Visitor's service when using the Online Store. However, the Administrator cooperates with other companies in the scope of their marketing activities (advertising). For the purposes of this cooperation, the Visitor's browser or other software installed on their device saves cookies from entities conducting such marketing activities, which may become administrators of the Client's personal data. The cookies sent by these entities are intended to ensure that the Visitor is presented with only those advertisements that correspond to their individual interests and needs. In the Administrator's opinion, displaying personalized advertising is more attractive to the Visitor than advertising unrelated to their needs. Without these cookies, this would not be possible, as it is the companies cooperating with the Administrator that provide advertising content to the Visitors.
8.11. How to delete/block "cookies"?
The Visitor can change the way cookies are used by managing the consents given within the privacy settings on our site or through the browser, including blocking or deleting those that come from the Online Store (and other websites). To do this, change the browser settings. The way to delete differs depending on the web browser used. Information on how to delete cookies should be found in the "Help" tab of the selected web browser. Deleting cookies is not the same as deleting personal data by the Data Controller obtained through cookies.
For example, in Internet Explorer, cookies can be modified from: Tools -> Internet Options -> Privacy; in Mozilla Firefox: Tools -> Options -> Privacy; and in Google Chrome: Settings -> Show advanced settings -> Privacy -> Content settings -> Cookies. Access paths may vary depending on the browser version used.
Detailed information on managing cookies on a mobile phone or other mobile device can be found in the user manual/instruction manual of the respective phone or mobile device.
It is also possible to block third-party cookies while accepting cookies used directly by the Administrator (option "block third-party cookies").
8.12. What are the consequences of deleting or blocking "cookies"?
Limiting the use of cookies on a given device may prevent or significantly hinder the proper use of the Online Store, for example, it may be associated with the inability to maintain a login session.
9. General Information
9.1. How can you contact us?
You can contact the Administrator at any time by sending a traditional or electronic mail message to the Administrator's address provided at the beginning of the Policy or by phone at the number indicated at the beginning of the Policy.
The Administrator stores correspondence for statistical purposes and to provide the best and fastest response to inquiries, as well as in the scope of resolving complaints and making decisions based on reported requests for interventions in the indicated Account. Addresses and data collected in this way will not be used for communication for purposes other than the execution of the request.
When contacting the Administrator to perform specific actions (e.g., filing a complaint using a form), the Administrator may again ask the person to provide data, including personal data, e.g., in the form of their name, surname, email address, etc., to confirm their identity and enable contact back in the matter and perform the requested action. Providing this data is not mandatory but may be necessary to perform the action or obtain the information the person is interested in.
9.2. How do we secure your data?
The Administrator, considering the state of technical knowledge, implementation costs, nature, scope, context, and purposes of processing, as well as the risk of violating the rights or freedoms of natural persons of varying probability and severity of the threat, applies appropriate technical and organizational measures ensuring the protection of processed personal data appropriate to the threats and categories of data subject to protection, in particular, secures data against unauthorized access, collection by an unauthorized person, processing in violation of applicable regulations, and change, loss, damage or destruction. External disclosure of information on the technical and organizational measures ensuring the protection of processing may weaken their effectiveness, thus threatening the proper protection of personal data.
The Administrator appropriately applies, for example, the following technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically:
1. Securing the data set against unauthorized access;
2. SSL certificate on the pages of the Online Store where personal data is provided;
3. Encrypting data used for authorizing a person using the Online Store's functionalities;
4. Access to the Account only after providing an individual login and password;
5. Links to other websites.
The Online Store may contain links to other websites. The Administrator encourages you to familiarize yourself with the regulations and privacy policies applied to other websites. This Policy applies only to the actions of the Administrator.
9.3. Can this policy be changed, and how will you know about it?
The Administrator may change the Policy in the future, including for the following important reasons:
1. Changes in applicable regulations, particularly in the field of personal data protection, telecommunications law, services provided electronically, and consumer rights, affecting the rights and obligations of the Administrator or the rights and obligations of the data subject;
2. Development of functionalities or Electronic Services driven by the progress of internet technology, including the use/implementation of new technological or technical solutions, affecting the scope of the Policy;
3. The Administrator will each time post information about changes to the Policy on the Online Store's website. With each change, the new version of the Policy will appear with a new date.
10. Since when is this version of the Policy effective?
This version of the Policy is effective from April 1, 2024.