PRIVACY POLICY OF THE WEBSITE

WWW.RELAXLURES.COM


  1. Wiesława Kowalczyk conducting business activity under the company name “RELAX IMPORT-EXPORT Wiesława Kowalczyk”, principal place of business and correspondence address: ul. gen. Władysława Sikorskiego 39, 58-260 Bielawa, registered in the Central Register and Information on Economic Activity (CEIDG), Tax ID (NIP): 8822122851, National Business Registry Number (REGON): 363038719, e-mail: info@relaxlures.com, hereinafter referred to as the Controller, is the Personal Data Controller of the users of the website operating at: relaxlures.com, hereinafter referred to as the Website.
  2. The Controller has introduced appropriate securities and technical and organisational measures, including the Personal Data Protection Policy and procedures, and has trained its employees who process Your personal data in the scope of their duties, in order to ensure the appriopriate level of personal data protection with respect to the mandatory rules of law, including especially the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, the Polish Personal Data Protection Act of 10th of May  2018, hereinafter referred to as the Act, and the other relevant personal data protection laws.
  3. The Controller appointed the Data Protection Officer, who is attorney-at-law Martyniusz Rak, e-mail: iod@relaxlures.com.
  4. The following personal data is collected on the Website:
    1. name and surname, e-mail address, telephone number, address - may be processed when, as users of our Website (including clients or potential clients), You provide them via e-mail, contact form, traditional mail or by telephone contact in order to:
      1. enabling contact with You if there is such a need,
      2. answering questions related to the offer of the Website,
      3. free use of the Website, in particular to browse our offer and add products as favorites to the "Wish List",
    2. IP address of a device or Internet browser identifier – the general information relating to the usage of Internet-based connections, such as IP addresses and other information contained in the system logons, which are used for technical and statistical reasons, especially collecting general demographic data (e.g. about the region, from which a connection is received),
    3. other data may be collected within the scope of conducting other matters or may be provided by You as users of our Website (also as clients and potential clients) via e-mail, contact form, traditional mail or by telephone contact.
  5. Our Website utilises the cookies technology to match its functionality to Your individual needs. Therefore, You can agree that the data and information You enter will be remembered, so that You can use them the next time when You visit our Website without having to re-enter them. The owners of other websites will not have access to this data and information. If, however, You do not agree to personalisation of the Website, You may disable the cookies in Your Internet browsers.
  6. The source of the personal data processed by the Controller is You, i.e. the data subjects.
  7. The legal basis for processing of Your personal data is:
    1. art. 6.1.b of the GDPR, i.e. processing is necessary to perform the sales or service contract to which You are a party or in order to take steps at Your request prior to entering into such a contract with the Controller, or
    2. art. 6.1.c of the GDPR, i.e. processing is necessary for compliance with a legal obligation to which the Controller is subject, including in particular provisions on accounting, tax and archival issues, or
    3. art. 6.1.f of the GDPR, i.e. the legitimate interests pursued by the Controller, what is the establishment, exercise or defence of legal claims, until they lapse or until the relevant proceedings are completed, if they were initiated during this period, which applies in particular to Your possible claims related to the order or to the economic activity of the Controller, or
      - when the above legal basics for data processing are not applicable –
    4. art. 6.1.a of the GDPR, i.e. Your consent to the processing of personal data for specific purposes.
  8. Providing personal data is voluntary and each user of the Website decides, whether and to what extent, intend to use the Controller's offer and services or transfer Your personal data, taking into account the principles resulting from the content of this Privacy Policy. Nevertheless, providing personal data is necessary to achieve the purposes referred to in point 4 above, as well as is a condition for the conclusion and implementation of the sales or service contract and its implementation, and therefore failure to provide them results in the inability to conclude such a contract.
  9. Pursuant to the principle of data minimisation referred to in art. 5.1.c of the GDPR, the Controller processes only the categories of personal data that are necessary to achieve the purposes referred to in point 4 above.
  10. The Controller does not share any of Your personal data to third parties without Your express consent. Your data may be shared without Your express consent only to entities with appropriate authorization in applicable law, i.e. administration authorities, tax authorities, law enforcement authorities and other authorized entities.
  11. Your personal data may be entrusted for processing by the Controller:
    1. IT companies providing hosting services, servicing internet domains and providing of IT systems used by the Controller,
    2. companies providing the Controller with other services, which are necessary for the current activity of the Controller,
      hereinafter jointly referred to as Processors.
    3. In such a situations, the Controller concludes with the Processors contracts for entrusting the processing of personal data, and the Processors process the entrusted personal data, but only for the needs, to the extent and for the purposes indicated in the entrustment agreements.
  12. In connection with the presence of buttons and connectors on the Website of the Controller's accounts in social media, in the field of data, in particular, IP or Internet browser identifier, if the Controller uses the products of:
    1. Facebook - the above data is processed on the basis of joint administration with Facebook Ireland Ltd. with its registered office at: 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland,
    2. Google (YouTube) - the above data is processed on the basis of joint administration with Google Ireland Ltd. with its registered office at: 4 Barrow St, D04 E5W5, Dublin, Ireland (Google Building Gordon House),
    3. Twitter - the above data is processed on the basis of joint administration with Twitter Inc. with its registered office at: 355 Market Street, Suite 900, San Francisco, CA 94103, California, United States.
      If, in the cases referred to in this point, the transfer of personal data to third countries takes place, it is done on the terms set out in point 13 below.
  13. Your personal data are not transferred to third countries or international organisations within the meaning of the provisions of the GDPR. If such a transfer takes place, You will be informed in advance and the Controller will apply the safeguards referred to in Chapter V of the GDPR.
  14. The Controller processes personal data for the period necessary to achieve purposes specified in the point 4 above. Personal data may be processed for a longer period than indicated in the preceding sentence, if such an obligation imposed on the Controller results from specific legal provisions (e.g. in the scope of keeping accounting and tax documentation) or from the legitimate interest of the Controller referred to in point 7 letter c above (e.g. for the period of limitation of claims or completion of relevant proceedings, if during the limitation period they were initiated), and also when the service provided by the Controller has continuous nature.
  15. As data subjects, You have the right to:
    1. be informed of the processing of personal data in accordance with art. 12 of the GDPR,
    2. have access to personal data in accordance with art. 15 of the GDPR,
    3. correct, supplement, update and rectification personal data in accordance with art. 16 of the GDPR,
    4. erasure the data (right to be forgotten) in accordance with art. 17 of the GDPR,
    5. restriction of processing in accordance with art. 18 of the GDPR,
    6. data portability in accordance with art. 20 of the GDPR,
    7. object to the processing of personal data in accordance with art. 21 of the GDPR,
    8. refuse profiling in accordance with art. 22 relating to art. 4.4 of the GDPR,
      taking into account the rules of using and exercising these rights resulting from the provisions of the GDPR.
  16. In the case of the legal basis referred to in point 7 letter d above, You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  17. In addition to the rights referred to in the two preceding points, You have the right to lodge a complaint with the supervisory authority (i.e. in Poland to the Prezes Urzędu Ochrony Danych Osobowych, address: ul. Stawki 2, 00-193 Warszawa, e-mail: kancelaria@uodo.gov.pl, tel. +48 606 950 000) referred to in art. 77 of the GDPR, if You are convinced that the processing of personal data by the Controller violates the provisions of the GDPR.
  18. Your personal data will not be subject to automated individual decision-making, including profiling, by the Controller within the meaning of the provisions of the GDPR.
  19. Any questions, requests or complaints relating to personal data processing by the Controller and with the implementation of the rights referred to in points 15-16 above, hereinafter referred to as the Applications, should be sent to the following e-mail of the Data Protection Officer: iod@relaxlures.com, or in writing to the address for correspondence of the Controller: ul. gen. Władysława Sikorskiego 39, 58-260 Bielawa.
  20. The Application should clearly contain: the data of the person or persons to whom the Application relates, the reason of the Application, and – if it is possible - the content of the request, its legal basis and the expected way of solving the issue.
  21. Each identified breach of security is documented, and in the event of cases specified in the provisions of the GDPR or the Act, such a breach of the provisions on the protection of personal data are informed - if applicable - to the data subjects (i.e. You) or the supervisory authority (i.e. in Poland to the Prezes Urzędu Ochrony Danych Osobowych).
  22. The provisions of this Privacy Policy apply, as far as possible, to all persons with whom the Controller is in legal relations and for whom it is also Personal Data Controller, including in particular to clients, contractors and participants of contests and partner programs organized by the Controller.
  23. All matters not regulated by this Privacy Policy shall be regulated by the relevant mandatory rules of law. If the provisions of this Privacy Policy not comply with the abovementioned rules of law, the above rules of law shall prevail.