Privacy Policy of MM GIN SHOP
§ 1 General provisions
-
The administrator of the personal data of the users of the website located under the domain tessellis.pl is MM GIN SHOP SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Sośnicowice ul. Kozielska 2, 44-153 entered in the National Business Register kept by the District Court in Gliwice, X Economic Division of the National Court Register under KRS no.: 0001015367 , NIP: 9691655977 , REGON: 524269156 , share capital: PLN 5,000 (hereinafter: "Administrator").
-
Contact with the Administrator is possible:
(1) by e-mail: kontakt@tessellis.pl
(2) in writing at the Administrator's address: ul. Kozielska 2, 44-153, Sośnicowice. -
The purpose of this Policy is to specify the actions taken with regard to personal data collected via the Administrator's website and related services and tools used by its users, as well as in the activity of concluding and performing contracts in contact outside the website.
-
If necessary, the provisions of this Policy may be amended. The change will be communicated to users by announcing the new content of the Policy and, in the case of the base of persons who have consented to the processing of data by e-mail or who have provided e-mail data in the performance of contracts, they will also be notified of the change by e-mail.
§ 2 Processing grounds, purposes and storage of personal data
-
Users' personal data shall be processed in accordance with the General Data Protection Regulation, the Data Protection Act, the Personal Data Protection Act of 10.05.2018 and the Act on the Provision of Electronic Services of 18.07.2002.
-
In the case of the processing of personal data on the basis of an e-mail or complaint sent by the user, such processing takes place on the basis of Art. 6 para. 1 lit. b of the General Data Protection Regulation, according to which the processing is necessary in order to take action at the request of the data subject.
-
If the user's separate consent has been obtained, his/her personal data may also be processed by the controller for marketing purposes, including the sending of commercial information by electronic means to the e-mail address indicated by the user (Article 6(1)(a) of the General Data Protection Regulation).
-
When the Administrator concludes and performs a sales contract or service contracts, the other party is obliged to provide the data necessary for the conclusion of the contract (which is a contractual requirement and, with regard to tax numbers, also a statutory requirement) and for this purpose the Administrator processes personal data (art. 6(1)(b) of the General Data Protection Regulation).
-
In the case of research and analysis for the purpose of improving the performance of the available services (e.g. tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for data processing.
-
Users' personal data shall be stored for no longer than is necessary to achieve the purpose of the processing, i.e.until the withdrawal of consent if processing is based on such consent, until the statute of limitations of the Administrator's and the other party's claims concerning the performance of the concluded agreements (in thein the case of sales/service contracts 2 years, counting to the end of the year) and until the fulfilment of an enquiry directed by e-mail or until the completion of the processing of complaints.
-
The Administrator may use profiling for direct marketing purposes, but the decisions made on its basis by the Administrator do not concern the conclusion or refusal of a contract or the possibility of using electronic services. The effect of the use of profiling may be, for example, to grant a person a discount, to send them a discount code, to remind them of unfinished purchases, to send them a product proposal that may match the person's interests or preferences, or to offer better terms and conditions compared to a standard offer. Despite the profiling, it is the individual who freely decides whether to take advantage of the discount received in this way or the better terms and conditions and make a purchase. Profiling involves the automatic analysis or prediction of a person's behaviour on the Administrator's website, e.g. by adding a specific product to the shopping cart, browsing a specific product page, or by analysing previous activity history on the website. The condition for such profiling is that the Administrator has the personal data of the person in question in order to be able to subsequently send him or her e.g. a discount code.
-
To the extent necessary for the proper functioning of the website, its functionality, the website may, during the use of the website by the User, collect other information, including but not limited to:
-
IP address;
-
device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g. Apple Identifier for Advertising ["IDFA"] or advertising identifier on an Android device ["AAID"]),
-
platform type,
-
browser data, including browser type and preferred language;
-
Taking into account the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of varying probability and severity, the Administrator shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent unauthorised persons from acquiring and modifying, personal data transmitted electronically.
§ 3 Data sharing
-
The Administrator shall ensure that all personal data collected is used to fulfil obligations towards users. This information will not be made available to third parties except when:
-
the express consent of the data subjects to do so is given beforehand, or
-
if an obligation to provide this data is or will be imposed by applicable law, e.g. to law enforcement agencies.
-
-
In addition, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
- service providers supplying the Administrator with technical, IT and organisational solutions that enable the Administrator to carry out its business activities, including the website and the electronic services provided through it (in particular, computer software providers, marketing agencies, email andhosting, providers of business management and technical support software to the Administrator and the product delivery operator) - the Administrator shall make the collected personal data of the Customer available to the selected provider acting on his/her behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.
- providers of accounting, legal or advisory services that provide accounting, legal or advisory support to the Administrator (in particular an accounting office, a law firm or a debt collection agency) - the Administrator shares the Customer's personal data with a selected provider acting on the Administrator's behalf only when and if necessary for the relevant purpose of data processing in accordance with this privacy policy. The Administrator shall make the collected personal data of the Client available to the selected provider acting on his/her behalf only in the case and to the extent necessary to fulfil the given purpose of data processing in accordance with this privacy policy.
-
The Administrator may share anonymised data (i.e.anonymised data (i.e. data which does not identify specific Users) to external service providers in order to better identify the attractiveness of advertisements and services to Usersand to this extent, due to the location of the software providers, the data may be transferred - subject to data protection rules - tothird countries, which, however, provide standard contractual provisions approved by the European Commission for the processing of personal data or which are authorised to do so on the basis of bilateral agreements on the entrustment of data processing between the European Union and the third country in question and which is not a member of the European Economic Area. These entities in the case of the Controller are:
-
Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyse website statistics, Google Tag manager: for managing scripts by easily adding code snippets to a website or application, and for tracking user actions on theGoogle Ads: for the display of sponsored links in Google search results and on Google AdSense partner websites,
-
Meta Platforms, Inc. (registered office: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel for tracking conversions from Facebook ads, optimising them on the basis of collected data and statistics, and building a targeted audience list for future advertising.
-
The Administrator's website may use the functionality of Google Analytics, a web audience analysis service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyse how visitors use the website. The information generated by the cookie about visitors' use of the website is generally transmitted to and stored by Google on servers in the United States. In accordance with current IT standards, the IP addresses of visitors to the Administrator's website are abbreviated. Only in exceptional cases is the complete IP address transferred to a Google server in the United States and shortened there. On behalf of the Administrator, Google will use this information for the purpose of evaluating the website for its users, compiling reports on website traffic and providing other services relating to website traffic and internet usage to website operators. Google will not associate the IP address transmitted within the scope of Google Analytics with any other data in its possession. For more information on how Google Analytics collects and uses data, please visit Google's official website at:www.google.com/policies/privacy/partners. In addition, any User can prevent Google from collecting and processing data about their use of the website by downloading and installing a browser plug-in at the following link:http://tools.google.com/dlpage/gaoptout.
-
The Administrator's website may use Google reCaptcha, a service of Google LLC. on the basis of Art. 6 ist. 1 lit. f) RODO. In this context, the analysis of various information is used to determine whether the input is carried out by a human or by an automated programme. The generated information is sent to a Google server in the USA and stored there. The collection and analysis of the data does not enable us or Google to identify your identity. In particular, the information is not associated by Google with your personal data.
-
When sharing data with third parties, the controller makes every effort to ensure that this is done only with entities certified under the (former) EU-US and Switzerland-US Privacy Shield programmes, which are available atwww.privacyshield.gov. Such entities, when handling information originating from the European Economic Area (EEA), will do so in accordance with the Accountability for Onward Transfer principle of the Privacy Shield programme. Where appropriate, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of 16 July 2020 in relation to the EU-US Privacy Shield and the European Data Protection Board guidelines, the Administrator shall continue to assess the legal regime of the countries to which data is transferred and, where necessary, update measures to ensure adequate levels of protection.
§ 4 Rights of the User
-
The User whose personal data is processed has the right to:
-
access, rectification, restriction, erasure or portability - The data subject has the right to request from the Controller access, rectification, erasure of his/her personal data ("right to be forgotten") or to restrict processing, and has the right to object to processing, and has the right to data portability. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the RODO Regulation.
-
to withdraw their consent at any time - a person whose data are processed by the Controller on the basis of their consent (pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the RODO Regulation). a) of the RODO Regulation), he/she has the right to withdraw consent at any time without affecting the lawfulness of the processing performed on the basis of consent before its withdrawal.
-
lodge acomplaint with a supervisory authority - the person whose data is processed by the Controller has the right to lodge a complaint with asupervisory authority in the manner and mode specified in the provisions of the RODO Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection in Warsaw.
-
objection - the data subject has the right to object at any time - for reasons related to his/her particular situation - to the processing of personal data concerning him/her based on Art. 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling on the basis of these provisions. In such a case, the controller shall no longer be allowed to process these personal data unless the controller demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
-
objections regardingdirect marketing - where personal data are processed for the purposes of direct marketing (based on the legitimate interest of the Controller, not on the basis of the data subject's consent), the data subjectdata subject has the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
-
The exercise of the aforementioned rights shall take place on the basis of the user's request sent to the email address kontakt@tessellis.pl. Such request should include the user's name.
-
The user shall ensure that the data he/she provides or publishes on the website is correct.
§ 5 Cookies
-
Cookies are IT data, in particular text files, stored on the users' terminal equipment (usually on the computer's hard drive or on a mobile device) for the purpose of storing certain settings and data by the user's browser in order to use websites. These cookies allow the website to recognise the user's device and display the website accordingly, providing comfort during use. The storage of "cookies" therefore allows the website and the offer to be prepared appropriately for the user's preferences - the server recognises the user and remembers preferences such as visits, clicks, previous actions, among others.
-
"Cookies" contain, in particular, the domain name of the website from which they originate, the duration of their storage on the end device and a unique number used to identify the browser from which the website is connected.
-
Cookies are used for:
-
-
adapting the content of the websites to the user's preferences and optimising the use of the websites,
-
create anonymous statistics which, by helping to determine how a user uses websites, make it possible to improve their structure and content,
-
providing website users with advertising content tailored to their interests.
-
Cookies are not used to identify you personally and your identity cannot be established from them.
-
The main classification of cookies is as follows:
-
Essential cookies - these are absolutely essential for the proper functioning of the website or the functionality the user wishes to use, as without them we would not be able to provide many of the services we offer. Some of them also ensure the security of the services we provide electronically.
-
Functional cookies - are important for the operation of the website due to the fact that:
- they serve to enrich the functionality of the websites; without them, the website will work correctly, but will not be adapted to the user's preferences,
- they serve to ensure a high level of website functionality; without them, the level of website functionality may be reduced, but their absence should not prevent the website from being used at all,
- serve the majority of website functionality; their blocking will result in selected functions not working properly.
-
Business cookies - allow the implementation of the business model on the basis of which the website is made available; their blocking will notblocking them will not result in the unavailability of all functionality, but may reduce the level of service provision due to the website owner's inability to realise the revenue that subsidises its operation. Advertising cookies, for example, fall into this category.
-
Websiteconfiguration cookies - allow you to set functions and services on websites.
-
Cookies for websitesecurity and reliability - enable verification of authenticityand optimisation of website performance.
-
Authentication cookies - allow you to be informed when you are logged in so that the website can show you relevant information and features.
-
Session research cookies - allow information to be recorded about how users use the website. These may relate to the most frequently visited pages or possible error messages displayed on certain pages. Session state cookies help to improve services and the browsing experience.
-
Cookies forwebsite processes - to ensure the smooth functioning of the website and its functions.
-
Ad serving cookies - to display adverts that are of greater interest to users and of greater value to publishers and advertiserscookies can also be used to personalise advertising, as well as to display advertisements outside of websites.
-
Location-aware cookies - allow the information displayed to be tailored to the user's location.
-
Analytics, research or audience audit cookies - allow the website owner to better understand their users' preferences and, through analysis, improve and develop products and services. Typically, the website owner or research company collects information anonymously and processes trend data without identifying the personal data of individual users.
-
As a general rule, the use of cookies to adapt the content of websites to the user's preferences does not imply the collection of any information that identifies the user, although this information may sometimes be personal data, i.e. data enabling the attribution of certain behaviour to a specific user. Personal data collected using cookies may only be collected in order to perform specific functions for the user. Such data is encrypted in such a way that it cannot be accessed by unauthorised persons.
-
The cookies used by this website are not harmful either to the user or to the terminal device used by the user, so for the proper functioning of the website it is recommended not to disable their use in browsers. In many cases, the web browsing software (web browser) allows by default the storage of information in the form of "cookies" and other similar technologies on the user's terminal device. The user can change the browser's use of "cookies" at any time. To do so, the browser settings must be changed. How to change the settings varies depending on the software (browser) you are using. You will find relevant instructions on the subpages, depending on the browser you are using.
-
As part of its cookie technology, the Administrator may use tracking pixels or clear GIF files to collect information about your use of its services and your response to marketing messages sent by email. A pixel is software code that allows an object, usually an image the size of a pixel, to be embedded on a page, which provides the ability to track user behaviour on the web pages where it is deployed. Once the appropriate consent has been given, the browser automatically establishes a direct connection to the server storing the pixel, so the processing of the data collected by the pixel is carried out within the framework of the data protection policy of the partner who administers the aforementioned server.
-
The Administrator may use web log files (which contain technical data, such as the user's IP address) to monitor traffic on its services, troubleshoot technical problems, detect and prevent fraud and enforce the User Agreement.
-
The administrator informs that the website does not respond to DNT (Do Not Track) signals. Do Not Track), while you may disable certain forms of online tracking, including certain analytics and personalised advertising, by changing the cookie settings in your browser or through our cookie consent tools (if applicable).
-
Detailed information on how to change your cookie settings and how to delete cookies yourself in the most popular web browsers is available in your browser's help section and on the following pages (just click on the link):
Chrome
Firefox
the Opera browser
Safari
the Microsoft Edge browser -
Please refer to the user guide for your mobile device for details on how to manage cookies on your mobile phone or other mobile device.