Privacy Policy
Privacy Policy
§1 Introduction
GIORRE online store, ran at the internet address: giorre.com belonging to
the company Silvexcraft Mateusz Wójcik Sp. k. attaches the utmost importance to protect the privacy of its clients
with regard to the transfer of personal data to the Customer Contact Department, with commitment to protect the
privacy of customers and take their responsibility for the security of their data seriously. We will clearly and
transparently inform our clients about what information we collect and what we do with it.
This Privacy
Policy sets out the following:
What kind of personal information do you collect and process with respect
to be our client and in connection with the use of our website and online services;
- Where do we get data from;
- What we do with this data;
- How we store data;
- Who we transfer / disclose data to;
- How we implement your data protection law;
- How we proceed with data protection rules.
All personal data is collected and processed in accordance with the legislation on the protection of personal
data in force in Poland and the European Union.
All personal data is collected and processed in
accordance with the legislation on the protection of personal data in force in Poland and the European
Union.
§2 Definitions:
Administrator - personal data administrator indicated
in point III Politics.
Personal data - all informations about a physical person identified or
identifiable by one or more specific factors determining physical, physiological, genetic, psychological, economic,
cultural or social identity, including device IP, location data, internet identifier and information collected
through cookies and other similar technology.
Policy - this privacy policy.
RODO - Regulation
of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons
with regard to the process of personal data and on the free flow of such data and the repeal of Directive 95/46 /
EC.
Website - a website maintained by the Administrator at giorre.com
User (Customer) - any
natural person visiting the Website or using one or several services or functionalities described in the
Policy.
§3 Data of the Personal Data Administrator:
We would like to inform
you that the administrator of your personal data is Silvexcraft Mateusz Wójcik Sp. k. with registered office in
Krasne 951, 36-007 Krasne, NIP: 5170373027, REGON: 363361395, entered in the register of entrepreneurs of the
National Court Register by the District Court in Rzeszów, XII Economic Division of the National Court Register under
number 0000588340, hereinafter referred to as "GIORRE". Contact with GIORRE regarding the protection of personal
data is possible at the following e-mail address: [email protected].
§4 Data Protection
Inspector
GIORRE has a Data Protection Supervisor - currently it is Mr. Maciej Strączkowski,
who will help you with all matters related to the protection of personal data, in particular, he will answer any
questions regarding the processing of your personal data. Contact with the Inspector is possible at the following
e-mail address: [email protected].
§5 Objectives and grounds for processing personal
data:
To provide services in accordance with the field of our entity activity, GIORRE
processes your personal data - for various purposes, but always in accordance with the law. Below you will find
specific purposes for the processing of personal data together with the legal law basis.
Account
registration on the Website:
Persons who register in the GIORRE online store are asked to provide the
data necessary to create and service the account. Providing data marked as obligatory is required to set up and
service an account, and lack of them results in the inability of setting up an account. Data such as gender and date
of birth can be provided by the user optionally. The above data is transmitted via the contact form available at
giorre.com
Personal data is processed:
In order to provide services related with running and
servicing an account in the online store GIORRE - the legal basis for processing is the necessity of processing to
execute the contract (Article 6 paragraph 1 letter b). Possibly, in the field of optional data - the legal basis for
processing is consent (Article 6 (1) (a) and the RODO);
for analytical and statistical purposes - the
legal basis of the processing is the legitimate interest of the Administrator (Article 6 paragraph 1 point f) of the
RODO consisting in analyzing your activity on the Website, the way you use the account, and your preferences to
improve the functionalities ;
in order to possibly set and enforce claims or defend them - the legal
basis of the processing is the legitimate interest of the Administrator (Article 6 (1) letter f) of the RODO
consisting in the protection of its rights;
for marketing purposes of the Administrator - a detailed
description of the objectives and legal grounds can be found in the marketing and direct marketing
tab.
Placing orders on the Website:
Placing an order (purchase of goods) by the customer of
the GIORRE online store involves the processing of his personal data. Providing data marked as mandatory is required
in order to accept and service the order, and lack of results in the lack of its
implementation.
Personal data is processed:
in order to execute the order - the legal basis
for processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR); for optional
data, the legal basis for the processing is consent (Article 6 (1) (a) and (GDP));
in order to fulfill
statutory obligations imposed on the Administrator, resulting in particular from tax regulations and accounting
regulations - the legal basis for processing is the legal obligation (Article 6 paragraph 1 letter c) of the
GDPR);
for analytical and statistical purposes - the legal basis of the processing is the legitimate
interest of the Administrator (Article 6 paragraph 1 point f) of the RODO consisting in analyzing the Users'
activity on the Website, as well as their shopping preferences in order to improve the functionalities
used;
in order to possibly set and enforce claims or defend against them - the legal basis of the
processing is the legitimate interest of the Administrator (Article 6 (1) letter f) of the RODO consisting in the
protection of its rights.
Marketing:
The Administrator processes Users' personal data in
order to carry out marketing activities, which may consist in:
directing e-mail notifications about
interesting offers or content, which in some cases contain commercial information;
carrying out other
types of activities related to direct marketing of goods and services (sending commercial information by electronic
means);
in order to implement marketing activities, the Administrator in some cases uses profiling, i.e.
through the so-called geolocation, gaining knowledge about the country of the User's place of residence, using the
GIORRE online store and the so-called segmentation - that is, selecting customers who have not placed any orders
since registering their account in the GIORRE online store in order to send an offer or a discount code to such
customer at the e-mail address provided by the Customer. This means that due to automatic data processing, the
Administrator evaluates selected factors concerning natural persons in order to analyze their behavior or create a
forecast.
Direct marketing:
If the Customer has agreed to receive marketing information
via e-mail, SMS and other electronic communication means, the User's personal data will be processed for the purpose
of sending such information. The basis for data processing is the legitimate interest of GIORRE consisting in the
sending of marketing information within the limits of the consent granted by the User (direct marketing). The User
has the right to object to the processing of data for direct marketing purposes, including profiling. The data will
be stored for this purpose for the duration of the legitimate interest of GIORRE, unless the User objects to receive
the information.
Social media:
The administrator processes the personal data of Users visiting
Administrator profiles carried out in social media (Facebook, Instagram, YouTube, Pinterest, Pinterest). These data
are processed only in connection with running a profile, including to inform Users about the activity of the
Administrator and to promote various types of events, services and products, as well as to communicate with users
via the functionality available in social media. The legal basis for the processing of personal data by the
Administrator for this purpose is its legitimate interest (Article 6 (1) letter f) of the RODO, which consists in
promoting its own brand and building and maintaining a brand-related society.
Consideration of
complaints:
In order to process a complaint, we process your personal data, such as: name, e-mail
address, order number, or address - if there is a refund, or bank account number - if there is a
refund.
The legal basis for such data processing is art. 6 par. 1 lit. b RODO, which allows personal data
to be processed, if it is necessary to perform the contract or take steps to conclude the
contract.
E-mail notifications:
In order to send an e-mail notification to the Customer in
connection with the service being provided, we process personal data such as: e-mail address and order
number.
The legal basis for such data processing is art. 6 par. 1 lit. f RODO, which allows personal data
to be processed, if, in this way, the Personal Data Controller performs its legitimate interest (in this case, the
interest of the Company is to inform you about activities related to the service in order to increase the comfort of
using the website);
Telephone contact:
In order to contact us on matters related to the
service, we process personal data such as: phone number, order number.
The legal basis for such data
processing is art. 6 par. 1 lit. a RODO, which allows personal data to be processed on the basis of a voluntary
consent;
Registers and records of the GDP:
In order to create registers and records related to
the GDP, including, for example, the register of clients who raised an objection in accordance with the GDPR, we
process personal data such as: name and e-mail address, because firstly, the provisions of the GDPR impose on us
documentation obligations to demonstrate compliance and accountability, and secondly, if you object to the
processing of your personal data, for example, for marketing purposes, we need to know who should not use direct
marketing, because you do not want it.
The legal basis for such data processing is, first, art. 6 par. 1
lit. c RODO, which allows personal data to be processed, if such processing is necessary to fulfill the obligations
arising from the law by the Administrator of Personal Data; secondly, art. 6 par. 1 lit. f RODO, which allows
personal data to be processed, if, in this way, the Personal Data Controller performs its legitimate interest (in
this case, the interest of the Company is to have knowledge about people who fulfill their rights resulting from the
GDPR);
cookies:
In order to use cookies on the website, we process such text information
(cookies will be described in a separate section). The legal basis for such processing is art. 6 par. 1 lit. a RODO,
which allows personal data to be processed on the basis of a voluntary consent (the first time you enter the
website, you will be asked for permission to use cookies);
Website administration:
In order to
administer the website, we process personal data such as: IP address, server date and time, information about the
web browser, information about the operating system - these data are automatically saved in the so-called server
logs, each time a website belonging to the Company is used. It would not be possible to administer the website
without using the server and without this automatic saving. The legal basis for such data processing is art. 6 par.
1 lit. f RODO, which allows personal data to be processed, if in this way the Personal Data Controller execute its
legitimate interest (in this case, the Company's interest is to administer the website);
Comments on the
Website:
In order to post a comment on the website of the GIORRE online store, we process personal data
such as your name and surname. The legal basis for such processing is art. 6 par. 1 lit. and the RODO, which allows
personal data to be processed on the basis of a voluntary consent (in this case, we assume that adding of a comment
is a simultaneous consent to the processing of personal data).
cookies:
GIORRE on its website,
like other entities, uses the so-called cookies, i.e. short text information, saved on a computer, phone, tablet or
other user device. They can be read by our system, as well as by systems belonging to other entities, which services
we use (eg Facebook, Google).
Cookies meet a lot of functions on the website, most often useful, which we
will try to describe below (if the information is insufficient, please contact us):
ensuring security -
cookies are used to authenticate users and prevent unauthorized use of the Customer's panel. They are therefore used
to protect the Customer's personal data against unauthorized access;
impact on the processes and
efficiency of using the website - cookies are used to ensure that the website works efficiently and that you can use
the functions available on it. It is possible, among other things, by remembering the settings between subsequent
visits on the website. Thanks to them, you can efficiently browse the website and individual
subpages;
state of the session - cookies often record information about how visitors use the website, for
example which subpages are displayed most often. They also enable identification of errors displayed on some
subpages. Cookies used to save the so-called "Session state" helps, therefore, improve services and increase the
comfort of browsing;
maintaining session status - if the client logs in to his panel, cookies allow the
session to be sustained. This means that after switching to another subpage, you do not have to enter your login and
password again each time, which contributes to the comfort of using the website;
creating statistics -
cookies are used to analyze how Users use the website (how many websites are open, how long they stay on that
website, which strike a chord, etc.). Thanks to this, you can constantly improve the website and customize its
operation to the preferences of Users. In order to track activity and create statistics, we use Google tools, such
as Google Analytics. Beyond reporting website usage statistics, the Google Analytics pixel is also designed, along
with some of the cookies described above, to help with displaying more well-chosen content to the user on Google
services (e.g. Google search engine) and across the entire web;
using social functions - on the website
we have so-called pixel Facebook and Instagram, which allows you to like our fanpage in these websites while using
the site. However, to make this possible, we must use the cookies provided by Facebook and
Instagram.
Importantly, many cookies are for us anonymized - basing on them, without additional
information, we are unable to identify your identity.
Your web browser allows cookies to be used on
your device so please ensure that you agree to the use of cookies at the first visit. However, if you do not wish
to use cookies while browsing the website, you can change the settings in the web browser – block completely the
automatic support for cookies or request notification whenever cookies are placed on the device. Settings can be
changed at any time.
While respecting the autonomy of all people using the website, we feel, however,
obliged to notify you that disabling or limiting the use of cookies may cause quite serious difficulties in using
the website, eg in the form of having to log in to each subpage, a longer period of loading the page, restrictions
on the use of functionality, restrictions on liking the Facebook page etc.
§7 The right to
withdraw consent:
If the processing of personal data takes place on the basis of consent,
you can withdraw your consent at any time – according to your discretion
If you would like to withdraw
your consent to the processing of personal data, it is sufficient for this purpose:
send an email
directly to GIORRE to [email protected] or
send an email to the Data Protection Officer at
[email protected] or
select the appropriate box in the Customer panel, in the tab "My Account" →
"Personal Data" or
click the link in the e-mail message attached at the end of every message
sent.
If the processing of your personal data took place on the basis of consent, its withdrawal does not
mean that the processing of personal data up was illegal to this point. In other words, until the withdrawal of
consent, we have the right to process your personal data and its cancellation does not affect the legality of the
present processing.
§8 Requirement to provide personal data:
1. Providing any personal data is
voluntary and depends on your decision. However, in some cases, providing certain personal data is necessary to meet
your expectations in the use of services offered by GIORRE.
2.So that we could be able to process your
order, it is necessary to provide your e-mail address - without this we are unable to provide electronic information
on the status of order fulfillment.
3. In order for you to receive an order, it is necessary to provide
your address details - without this we are unable to deliver your order.
4. In order to be able to contact you,
you need to provide a telephone number - without this we are not able to contact you in case of questions regarding
the order, delivery or significant changes in the GIORRE offer.
§9 Automated decision making and
profiling:
In order to carry out marketing activities, the Administrator uses profiling in
some cases, i.e. through the so-called geolocation, gaining knowledge about the country of the User's place of
residence, using the GIORRE online store and the so-called segmentation - that is, selecting customers who have not
placed any orders since registering their account in the GIORRE online store in order to send such an offer or a
discount code to the e-mail address provided by the Customer. This means that due to automatic data processing, the
Administrator evaluates selected factors concerning natural persons in order to analyze their behavior or create a
forecast.
Recipients of personal data:
In connection with the provision of your services,
personal data will be disclosed to exogenous entities, including in particular suppliers responsible for the
operation of IT systems, entities such as banks and payment operators, entities providing accounting, legal, audit,
consulting, courier (in connection with carrying out the order), marketing agencies (in the field of marketing
services) and entities associated with the Administrator and business partners.
The Administrator
reserves the right to disclose selected information regarding your competent authorities or third parties who submit
a request for such information, based on an appropriate legal basis and in accordance with the current law. It is
extremely difficult for us to predict who may apply for the disclosure of personal data. Nevertheless, we assure you
that every request to disclose your personal data is analyzed very precisely and very carefully, so that we could
avoid informing unintensionally the unauthorized person.
Transfer of personal data to third
countries:
The level of protection of personal data outside the European Economic Area (EEA) differs from that
provided by European law. For this reason, the Administrator transfers personal data outside the EEA only when it is
necessary and with an adequate level of protection. The administrator always informs about the intention to transfer
personal data outside the EEA at the collection stage. The administrator transfers personal data outside the EEA
only when the client orders the commision (sending it) outside the EEA.
The period of processing
personal data :
In accordance with applicable law, we do not process your personal information
"infinity", but for the time that is needed to achieve the goal. After this period, your personal data will be
irretrievably deleted or destroyed.
In a situation where we do not need to carry out other operations on
your personal data than storing them (eg order fulfillment), until we permanently remove or destroy them, we
additionally secure them - through pseudonymisation. Pseudonymisation consists in such encryption of personal data
or a personal data set that it is impossible to read them without an additional key, and hence such information
becomes completely useless to an unauthorized person.
Regarding individual periods of personal data
processing, we kindly inform you that we process personal data for the period of:
the duration of the
contract - in respect of personal data processed in order to conclude and perform the contract;
3 years
or 10 years + 1 year - in respect of personal data processed in order to establish, assert or defend claims (the
length of the period depends on whether both parties are entrepreneurs or not);
6 months - in respect of
personal data that were collected when pricing the service, and at the same time the contract was not concluded
immediately;
5 years - in relation to personal data related to the fulfillment of obligations under tax
law;
until the consent is withdrawn or the purpose of processing has been achieved, but not for more than
five years - in respect of personal data processed on the basis of consent;
until the moment of rising an
objection or achieving the purpose of the processing, but not for more than 5 years - in respect of personal data
processed on the basis of the legitimate interests of the Personal Data Administrator or for marketing
purposes;
until the time of expiry or loss of usefulness, however, not longer than for three years - in
relation to personal data processed mainly for analytical purposes, the use of cookies and the administration of the
website.
We count the periods in years from the end of the year in which we started processing personal
data to improve the process of removing or destroying personal data. Separate timing for each event would entail
significant organizational and technical difficulties, as well as significant financial outlay, therefore setting
one date for removing or destroying personal data allows us to manage this process more efficiently. Of course, if
you use the right to be forgotten, such situations are considered individually.
The additional year
associated with the processing of personal data collected for the performance of the contract is dictated by the
fact that you can hypothetically claim a moment before the expiry of the limitation period, the request may be
delivered with a significant delay or you may incorrectly determine the limitation period of your
claim.
Data subjects' rights:
We kindly inform you that you have the right to:
- access to your personal data;
- correcting personal data;
- deletion of personal data;
- restrictions on the processing of personal data;
- opposition to the processing of personal data;
- transfer of personal data.
We respect your rights under the provisions on the protection of personal data and we try to facilitate their
fulfilment to the highest possible extent.
We would like to point out that these rights are not absolute
and therefore we may legally refuse you to comply with the law in certain situations. However, if we refuse to
accept the request, then only after careful consideration and only if the refusal to take into account the request
is necessary.
Regarding the right to object, we explain that you have the right to oppose the processing
of your personal data at any time on the basis of the legitimate interest of the Data Administrator (they are listed
in point V) in relation to your particular situation. However, you must remember that in accordance with the law, we
may refuse to take into account the objection, if we demonstrate that:
there are legitimate grounds for
processing that override your interests, rights and freedoms or
there are grounds for establishing,
investigating or defending claims.
In addition, you may object to the processing of your personal data
for marketing purposes at any time. In this situation, after receiving the objection, we will stop processing for
this purpose.
You can impliment your rights by:
sending an e-mail directly to GIORRE to the
address [email protected] or
sending an e-mail to the Data Protection Officer at [email protected]
or
click the link in the e-mail message attached at the end of every sent message.
Right to
file a complaint:
If you believe that your personal data is being processed contrary to the law in force,
you can complain to the President of the Office of Personal Data Protection.
Final
Provisions:
To the extent not covered by this Privacy Policy, there are provisions regarding
the protection of personal data.
Any changes you make to this Privacy Policy will be notified / notified
via email.
The privacy policy is verified on an ongoing basis and updated as necessary.
This
Privacy Policy is in force from May 25, 2018.