Capitalised terms have the meanings defined in the Terms and Conditions of this Online Store.
The personal data collected by the Online Store Administrator are processed in accordance with the provisions of regulation of the European Parliament and of the Council (EU) 2016/679 of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119/1), hereinafter referred to as GDPR.
The Online Store Administrator takes particular care in order to protect the privacy of Online Store Customers and the information provided by these Customers. The Administrator exercises due diligence in choosing and applying appropriate technical measures, also in respect of programming and organisation, to ensure protection of the data processed; in particular, he protects the data from release to unauthorized persons, disclosure, loss and destruction, unauthorized modification and from illegal processing.
The possibility of using the Articles and Services available on the website is not offered to children under the age of 16. The Personal Data Controller does not envisage intentional collection of data on children under the age of 16.
Personal Data Controller
The controller of your personal data is:
Tutuconcept sp. z o.o.
ul. Warszawska 16/1, 81-317 Gdynia
For matters related to your personal data you can contact the Personal Data Controller by:
- email: firstname.lastname@example.org
- mail: ul. Warszawska 16/1, 81-317 Gdynia
- telephone: 530 081 756
The aims of and legal basis for personal data processing
The Personal Data Controller processes your personal data for the following purposes and in the following scope:
- to take action before the conclusion of agreement at your request (e.g. create an account), on the basis of the data submitted in the Online Store registration form, i.e. the email address, password, sex; for accounts created via an external authentication service (e.g. Google+, Facebook) we collect your name; if you register to purchase Articles, we collect your name and the data submitted to enable order fulfilment, such as the shipping address; in order to provide Services that require creating an Account such as order history or order status notification, we process your data given in the Account and during the purchase of Articles;
- to provide Services which do not require an Account and the purchase of Articles, i.e. Online Store browsing or Articles search, we process the personal data relating to your activity in the Online Store, i.e. data on the Articles you are viewing, data relating to the sessions of your device, operating system, browser, location and unique ID, IP address;
- to perform the agreement for the sale of Articles (e.g. deliver the Articles ordered), we process the personal data provided by you during the purchase of Articles, such as your name, email, address details, details of your payment and, if you make a purchase through your Account, your password;
- to generate statistics of use of the individual functionalities available in the Online Store, to help you use the Online Store and ensure security of the Online Store IT system, we process the personal data relating to your activity in the Online Store and the amount of time spent on each of the subpages in the Online Store, your search history, location, IP address, device ID, your web browser data and your operating system;
- to establish, investigate and enforce claims and to defend against third party claims in court proceedings and other law enforcement authorities, we may process your personal data submitted during the purchase of Articles or Account creation and other data necessary to prove the existence of the claim or data which arise from a legal requirement, court order or other legal procedure;
- to investigate complaints, consider requests and answer Customers’ questions, we process the data you submit in the contact form, complaints and requests or in queries submitted in another form and some personal data you submitted in your Account as well as data relating to Orders for Articles and other Services we provide that are the basis for the claim, complaint or request, and the data contained in the documents attached to the claims, complaints and requests;
- for purposes relating to the marketing and of our Articles and Services and those of our clients and partners (including remarketing) we process the personal data provided by you during the creation and updating of your Account, data on your activity in the Online Store, including the orders, which are recorded and stored via cookies, and in particular order history search history, clicks in the Online Store, login and registration dates, the history and your activity connected with our communications with you. With respect to remarketing, we use the data on your activity in order to convey our marketing messages to you outside the Online Store, for which purpose we use third party service providers. These services consist of displaying our messages on websites other than Online Store. You can find details relating to this activity in the provisions concerning cookies;
- to organise competitions and loyalty programs i.e. notifications of points collected or notifications of wins and to advertise our products and services, we use your personal data given in your Account and in the competition or loyalty program entry form. The relevant details are given in each case in the terms and conditions of participation in a particular competition or loyalty program;
- for market research and customer survey purposes by us or our partners, i.e. order information, your data supplied in the Account or during the purchase of Articles, email address. We do not use the data collected as part of market research and customer surveys for advertising purposes. Detailed explanations are given in the survey information or in the area where you enter your data.
Relevant personal data categories
The Personal Data Controller processes the following categories of relevant personal data.
- contact details:
- data relating to the activity in the Online Store;
- data relating to orders in the Online Store;
- data relating to claims, complaints and requests;
- data relating to marketing services.
The voluntary nature of personal data provision
Your provision of your personal data is voluntary and is a condition for the provision of services by the Personal Data Controller via the Online Store.
Data processing time
Your personal data will be processed for the period necessary to fulfil orders, provide services, carry out marketing activities and other services performed for the Customer. Personal data will be erased in the following cases:
- if the person to whom the data apply requests their erasure or withdraws the consent granted;
- if the person to whom the data apply discontinues any activities for more than 10 years (inactive contact);
- upon receipt of information that the data are obsolete or inaccurate.
Some of the data (email address and name) can be stored for a further 3 years for the purposes of evidence and handling of complaints and claims relating to the services provided by the Online Store – these data will not be used for marketing purposes.
The data relating to orders for Articles and paid services, competitions and loyalty programs will be retained for a period of 5 years from the date of order delivery.
Non-logged customer data are stored for the time corresponding to the life cycle of the cookies stored on devices or until such cookies are deleted from the Customer’s device by the Customer.
Your personal data concerning preferences, behaviour and choice of marketing content may be used as a basis for taking automated decisions in order to determine the specific sales opportunities of the Online Store.
Personal data recipients
We provide your personal data to the following categories of recipients:
- public authorities, e.g. prosecutor’s office, Police, President of the Office for the Protection of Personal Data (PUODO), President of the Office of Competition and Consumer Protection (UOKiK), at their request;
- providers of services we use for Online Store operation, e.g. to fulfil orders. Depending on the contractual arrangements and circumstances, these entities operate on our order or independently determine the purposes and means of data processing; you can find a list of providers on our Online Store website under the following link: ………….
Rights of the data subject
Pursuant to GDPR you are entitled to:
- request access to your personal data;
- request rectification of your personal data;
- request erasure of your personal data;
- request restriction of personal data processing;
- object to personal data processing;
- request personal data portability.
The Personal Data Controller informs you about the actions taken in connection with your request without undue delay, and in any case within one month of receipt of your request. If necessary, the monthly time limit may be extended by a further two months in view of the complex nature of the request or the number of requests.
In any case, the Personal Data Controller will inform you of such extension within one month of receipt of the request, stating the reasons for the delay.
The right to access personal data (Article 15 of GDPR)
You are entitled to obtain confirmation from the Personal Data Controller as to whether or not your personal data are being processed.
If the Personal Data Controller is processing your personal data, you have the right to:
- access your personal data;
- obtain information about the purposes of the processing, the categories of personal data being processed, the recipients or categories of recipients of these data, the planned period of storage of your data or the criteria used to determine that period, your rights under GDPR and the right to lodge a complaint with a supervisory authority, the source of such data, the existence of automated decision-making, including profiling and the safeguards used in connection with the transfer of your data outside the European Union;
- request a copy of your personal data.
If you want to request access to your personal data, send your request to the following address: email@example.com
The right to rectify personal data (Article 16 of GDPR)
If your personal data are inaccurate, you have the right to request the Personal Data Controller to rectify your personal data without delay.
You can also request the Personal Data Controller to complete your personal data.
If you want to request the Personal Data Controller to rectify or complete your personal data, send your request to the following address: firstname.lastname@example.org
If you have registered in the Online Store, you can rectify or complete your personal data yourself after logging in to the Online Store.
The right to erase personal data, i.e. “right to be forgotten” (Article 17 of GDPR)
You have the right to request the Personal Data Controller to erase your personal data if:
- your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- you have withdrawn the consent on which your personal data processing was based;
- your personal data have been unlawfully processed;
- you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent the processing of your personal data is related to direct marketing;
- you have objected to the processing of your personal data in connection with the processing necessary for the implementation of a task carried out in the public interest or the processing needed for the purposes of legitimate interests pursued by the Personal Data Controller or a third party.
Despite your request to erase your personal data, the Personal Data Controller may continue processing your data in order to establish, investigate or defend claims, of which you will be notified.
If you want to request erasure of your personal data, send your request to the following address: email@example.com
The right to restriction of personal data processing (Article 18 of GDPR)
You have the right to request restriction of processing of your personal data if:
- you question the accuracy of your personal data – the Personal Data Controller will restrict the processing of your personal data for a period enabling verification of accuracy of your personal data;
- the processing of your personal data is unlawful and you request restriction of processing of your personal data instead of their erasure;
- Your personal data are no longer needed for the purpose of processing, but they are needed in order to establish, investigate or defend your claims;
- you have objected to the processing of your personal data – pending the verification whether the legitimate grounds of the controller override the grounds indicated in your objection.
If you want to request restriction of processing of your personal data, send your request to the following address: firstname.lastname@example.org
The right to object to personal data processing (Article 21 of GDPR)
You have the right to object at any time to the processing of your personal data, including profiling, in connection with:
- the processing necessary for the implementation of a task carried out in the public interest or the processing needed for the purposes of legitimate interests pursued by the Personal Data Controller or a third party;
- processing for direct marketing purposes.
If you want to object to the processing of your personal data, send your request to the following address: email@example.com
The right to personal to personal data portability (Article 20 of GDPR)
have the right to receive your personal data from the Personal Data Controller in a structured, commonly used and machine-readable format and to transmit those data to another personal data controller.
You have the right to have the personal data transmitted directly from the Personal Data Controller to another data controller (where technically feasible).
If you want to request the transfer of your personal data, send your request to the following address: firstname.lastname@example.org
The right to withdrawal your consent
You can withdraw the consent to processing of your personal data at any time.
The withdrawal of consent to processing of your personal data does not affect the lawfulness of processing based on your consent before its withdrawal.
If you want to withdraw the consent to processing of your personal data, send your request to the following address: email@example.com or use the respective functionalities of your Account.
Complaint to the supervisory authority
If you believe that the processing of your personal data violates the provisions of GDPR, you have the right to submit a complaint to the supervisory authority, in particular in the Member State of your habitual residence, your workplace or the place of the alleged infringement.
In Poland the supervisory authority within the meaning of the GDPR is the President of the Office for the Protection of Personal Data (PUODO).
When you browse the Online Store web pages, we use files known as “cookies” (hereinafter referred to as “Cookies”), i.e. small pieces of text information that are saved in your end device in connection with your use of the Online Store. They are intended to ensure correct functioning of the Online Store web pages.
These files make it possible to identify the software used by you and adapt the Online Store to your individual needs.
Cookies usually contain the name of the domain where they come from, the time of their storage in the device and an assigned value.
The Cookies used by us are safe for your equipment. In particular, no viruses or other unwanted software or malware can be transferred to your devices via the Cookies.
Types of Cookie files
We use two types of Cookies:
- Session Cookies: they are stored in your device and remain there until the end of the browser session. At the end of the session, the stored information is permanently deleted from the memory of your device. The session Cookie mechanism does not allow the download of any personal data or any confidential information from your device.
- Permanent Cookies: they are stored in your device and remain there until they are deleted. They are not removed from your device at the end of your browser session or when you shut down your device. The permanent Cookie mechanism does not allow the download of any personal data or any confidential information from your device.
We also use third party Cookies for the following purposes:
- Online Store configuration;
Cookies may be used by advertising networks, in particular Google, to display advertisements tailored to your preferences. Information about your manner of web navigation or the time of use of specific websites can be saved for this purpose.
To view and edit information about your preferences collected by Google advertising network, you can use the tool available at https://www.google.com/ads/preferences/.
Using the browser settings or service configuration, you can change the Cookie settings manually and at any time, specifying the conditions for Cookie storage and Cookie access to your device. These settings can be modified to block automatic Cookie handling by the web browser or notify you every time a Cookie is placed in your device. Detailed information about the options and methods of handling Cookies are available in your software (Web browser) settings.