WWW.DDBIM.PL PRIVACY POLICY

This Privacy Policy (hereinafter referred to as “the Policy”) contains information concerning processing your personal data in connection with your use of DDBIM online store at https://shop.ddbim.pl/ (hereinafter referred to as “the Store”).

All capitalized terms not otherwise defined in the Policy have the meaning defined in the Terms and Conditions available at https://www.ddbim.pl/terms-of-sale/

Personal Data Controller

The controller of your personal data is DDBIM Dawid Dyrcz, Aleja Armii Krajowej 143/7b, 43-300 Bielsko-Biała, Poland, NIP 5472135313, REGON 387820950.

Contact with the Controller

In all matters related to the processing of personal data you can contact the Controller via:

• email: support@ddbim.pl
• mail: Aleja Armii Krajowej 143/7b, 43-300 Bielsko-Biała, Poland

Measures for personal data protection

The Controller uses modern organisational and technical safety measures to ensure the best possible protection of your personal data and ensures that they are processed in accordance with the provisions of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “the GDPR”), the Act of 10 May 2018 on the Protection of Personal Data and other personal data protection legislation.

Information on personal data being processed

Using the Store requires processing of your personal data. In the table below, you will find detailed information about the purposes and legal basis of the processing, the period of the processing as well as information whether the provision of your personal data is obligatory or voluntary.

Purpose of processing	Personal data processed	Legal basis
Conclusion and performance of Sales Agreement, Agreement on Provision of Digital Content or Mixed Agreement.	1)      first name; 2)      second name; 3)      phone number; 4)      email address; 5)      delivery address (street, house number, apartment number, city/town, postal code, country); 6)      NIP (Taxpayer Identification Number) – if the Buyer is an entrepreneur or an entrepreneur with consumer rights.	Art. 6(1)(b) of the GDPR (the processing is necessary to perform the Agreement concluded with the data subject or to take steps to conclude this Agreement)
Providing the aforementioned personal data is a condition for the conclusion and performance of the Sales Agreement, Agreement on Provision of Digital Content or Mixed Agreement (the provision of such data is voluntary but should you fail to provide your personal data, you will be unable to conclude and performed the above Agreement or Agreements). The Controller will process the above personal data until statute of limitation on the claims arising from the above Agreement or Agreements expires.

 

Purpose of processing	Personal data processed	Legal basis
Handling a complaint	1)      first name; 2)      second name; 3)      email address; 4)      phone number; 5)      order number; 6)      correspondence address (street, house number, apartment number, city/town, postal code, country);	Art. 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject. In this case, the obligations include: responding to a complaint – Art. 7(a) of Consumer Rights Act; exercising the Buyer’s right under warranty – Art. 556 and others of the Civil Code)
Providing the above personal data is a condition for receiving a response to the complaint or exercising the Buyer’s rights under warranty (the provision of such data is voluntary but if you fail to provide your personal data, you will not receive a response to your complaint and you will be unable to exercise your rights under warranty). The Controller will process the above personal data for the period of complaint procedure (but no longer than for 14 days). In case of exercising Buyer’s right warranty the Controller will process the personal data until they expire.

 

Purpose of processing	Personal data processed	Legal basis
Sending a newsletter	1)      first name; 2)      email address.	Art. 6(1)(f) of the GDPR (processing is necessary in order to pursue the Controller’s legitimate interest, which, in this case, consists in informing users about novelties and discounts in the Store)
Providing your email address is voluntary, but necessary if you wish to receive the newsletter (if you fail to provide your email address you will not receive the newsletter). The Controller will process your email address until an effective objection is lodged or the purpose of the processing is achieved.

 

Purpose of processing	Personal data processed	Legal basis
Sending email notifications (e.g. informing about the order)	1)      first name; 2)      second name; 3)      email address;	Art. 6(1)(f) of the GDPR (processing is necessary in order to pursue the Controller’s legitimate interest, which, in this case, consists in informing Clients about the actions taken in relation to the provision of services)
Providing the above personal data is voluntary but necessary in order to receive information about the activities related to the provision of services (if you fail to provide the personal data you will not receive this information). The Controller will process the aforementioned personal data until an effective objection is lodged or the purpose of the processing is achieved.

 

Purpose of processing	Personal data processed	Legal basis
Handling of a contact form	1)      full name; 2)      email address;	Art. 6(1)(a) of the GDPR (personal data is processed on the basis of a given consent)
Providing the above personal data is voluntary, but necessary in order to receive a response to an inquiry (if you fail to provide your personal data you will not receive a response). The Controller will process the above personal data until you withdraw your consent, but no longer than until the response to the inquiry is provided.

 

Purpose of processing	Personal data processed	Legal basis
Fulfilling tax obligations (e.g. issuing VAT invoices, keeping accounting records)	1)      full name / company; 2)      address of residence/seat; 3)      NIP (Tax Identification Number); 4)      order number.	Art. 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject. In this case, this applies to the obligations under tax law)
Providing the above personal data is voluntary, but it is necessary in order for the Controller to meet their tax obligations (if you fail to provide these personal data, the Controller will be unable to fulfil the above obligations). The Controller will process the above personal data for a period of 5 years from the end of the year in which the deadline for the payment of tax for the previous year expired.

 

Purpose of processing	Personal data processed	Legal basis
Compliance with personal data protection obligations	1)      first name; 2)      second name; 3)      the contact details you provided (email address; mailing address; telephone number).	Art. 6(1)(c) of the GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject. In this case, this applies to the obligations under personal data protection provisions)
Providing the above personal data is voluntary, but it is necessary in order for the Controller to properly fulfil their obligations under the provisions on personal data protection, including exercising your rights under the GDPR (if you fail to provide the above data it will be impossible to exercise your rights properly). The Controller will process the above personal data until the expiry of the limitation periods of any claims for the infringement of personal data protection provisions.

 

Purpose of processing	Personal data processed	Legal basis
Establishing, pursuing or defending against claims	1)      first name; 2)      second name; 3)      company; 4)      email address; 5)      address of residence/seat; 6)      PESEL (Polish Resident Identification Number) / KRS (National Court Register Number); 7)      NIP (Tax Identification Number).	Art. 6(1)(f) of the GDPR (processing is necessary in order to pursue the Controller’s legitimate interest, which, in this case, consists in establishing, pursuing or defending against claims that might arise in connection with the performance of the Agreements concluded with the Controller)
Providing the above data is voluntary, but it is necessary in order to establish, pursue or defend against claims that might arise in connection with the performance of the Agreements concluded with the Controller (if you fail to provide the above data the Controller will not be able to undertake the aforementioned actions) The Controller will process the above personal data until the expiry of the limitation periods of any claims that might arise in connection with the performance of the Agreements concluded with the Controller.

 

Purpose of processing	Personal data processed	Legal basis
Analysis of your activity in the Store	1)      date and time of your visit to the Store; 2)      IP of the device; 3)      type of your operating system; 4)      approximate location; 5)      type of your web browser; 6)      time spent in the Store; 7)      browsed Products; 8)      subpages visited and other actions taken in the Store.	Art. 6(1)(f) of the GDPR (processing is necessary in order to pursue the Controller’s legitimate interest, which, in this case, consists in obtaining information about your activity in the Store)
Providing the above personal data is voluntary, but it is necessary in order for the Controller to obtain information about your activity in the Store (if you fail to provide these personal data, the Controller will be unable to obtain this information). The Controller will process the aforementioned personal data until an effective objection is lodged or the purpose of the processing is achieved.

 

Purpose of processing	Personal data processed	Legal basis
Store management	1)      IP address; 2)      server date and time; 3)      browser information; 4)      information about operating system.   The above data are recorded automatically in so-called server logs each time the Store is used (managing the Store without the use of server logs and automatic recording would not be possible).	Art. 6(1)(f) of the GDPR (processing is necessary in order to pursue the Controller’s legitimate interest, which, in this case, consists in making sure the Store functions properly)
Providing the above data is voluntary, but it is necessary in order for the Store to function properly (if you fail to provide these data the Store will not function properly). The Controller will process the aforementioned personal data until an effective objection is lodged or the purpose of the processing is achieved.

Personal data recipients

The recipients of personal data are the following external entities cooperating with the Controller, e.g.:

1. a hosting company;
2. providers of online payment systems;
3. a newsletter service provider;
4. companies providing tools to analyse activity in the Store and targeting direct marketing activities at the Store’s users (e.g. Google Analytics, Smartlook);
5. an accounting services company.

Moreover, the data may be transferred to public or private entities if such an obligation arises from generally applicable law, a final and binding sentence or final and biding administrative decision.

Transfer of personal data to a third country

In connection with the Controller’s use of tools such as Google Analytics, Smartlook, PayPal, and Mailchimp, your personal data may be transferred outside the European Economic Area and Switzerland to the following third countries: USA, Chile, Singapore and Taiwan (Republic of China). The transfer of the above data to third countries is based on contractual clauses ensuring an adequate level of protection which are in line with the standard contractual clauses set out in the European Commission’s Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.

The Controller may provide you with a copy of your data transferred to a third country.

Rights

You have certain rights in connection with the processing of personal data:

• you have the right to be informed about what personal data concerning you are processed by the Controller and to receive a copy of such data (the right of access). The first copy of the data is free of charge; the Controller may charge a fee for the subsequent copies;
• if the data processed become outdated or incomplete (or otherwise incorrect), you have the right to request a rectification;
• in certain situations, you may ask the Controller to delete your personal data, e.g. when:
  1. the Controller does not longer need your personal data for the purposes you were informed about;
  2. you have effectively withdrawn your consent to the processing of your personal data (unless the Controller has the right to process the data on another legal basis);
  3. the processing is unlawful;
  4. the Controller must remove the data under the Controller’s legal obligation;
• in case the Controller processes your personal data on the basis of a given consent to the processing or in order to perform an Agreement concluded with the Controller, you have the right to transfer your data to another controller;
• when personal data are processed by the Controller on the basis of your consent to the processing, you have the right to withdraw that consent at any time (withdrawal of consent does not affect the lawfulness of processing carried in accordance with the consent before its withdrawal);
• if you believe that the personal data processed are incorrect, the processing is unlawful or that the Controller no longer needs specific data, you may request that the Controller only store the data and cease to carry out any operations on the data, for a specified, required period of time (e.g. necessary to verify the correctness of the data or pursuing claims);
• you have the right to object to the processing of your personal data based on the Controller’s legitimate interests. If your objection is successfully raised, the Controller will cease to process the personal data for the above purpose;
• you have the right to lodge a complaint with the Head of the Office for Personal Data Protection if you believe that the personal data processing violates the provisions of the GDPR.

Cookies

1. The Controller informs that the Store uses “cookies” installed on your end device. They are small text files which can be read by the Controller’s system and the systems belonging to other entities whose services are used by the Controller (e.g. Google, Smartlook).
2. The Controller uses cookies for the following purposes:
   1. ensuring proper functioning of the Store – cookies allow the Store to operate smoothly and make it possible for its users to use its functions and navigate comfortably through individual subpages;
   2. increasing the comfort of browsing the Store – cookies make it is possible to detect errors on some subpages and constantly improve the subpages;
   3. creation of statistics – cookies are used to analyse the way users use the Store. It allows us to improve the Store and adjusts its functioning to the users’ preferences;
   4. marketing activities – cookies allow the Controller to present the users with ads adjusted to their preferences.
3. The Controller may place both permanent and temporary (session) cookies on your device. Session cookies as usually removed once you close the browser. However, closing the browser does not remove permanent cookies.
4. The information about the cookies used by the Controller is displayed in the panel at the bottom of the Store’s website. You can decide whether you want to enable or disable cookies of different categories (except for necessary cookies) and change these settings at any time.
5. Data collected by cookies do not allow the Controller to identify you.
6. The Controller uses the following cookies or tools that use cookies:

 

TOOL	SUPPLIER	FUNCTIONS AND SCOPE OF DATA COLLECTION	DURATION
Necessary cookies (WordPress, WooCommerce)	The Controller	These files needs to be enabled in order for the Store website to function properly, therefore you cannot disable them. The files (which collect, among others, your device’s IP number) allow us to inform you about the cookies used on the Store’s website.	Most of the necessary cookies are session cookies, but some remain on your end device for 12 month or until they are deleted.
Google Analytics	Google	This tool makes it possible to collect statistical data on how the Store is used by Clients, including the number of visits, the duration of the visit, the search engine used, and the location. The collected data help us improve the Store and make it more customer-friendly.	Up to 2 years or until their removal (whichever occurs first).
Smartlook	Smartlook.com, s.r.o. Šumavská 524/31, Veveří, 602 00 Brno	This tool makes it possible to collect statistical data on how the Store is used by Clients, including the number of visits, the duration of the visit, the location and screen recording which includes mouse movements on website and clicked links but not includes personal data filled in any forms or boxes. The collected data help us improve the Store and make it more customer-friendly.	Up to 2 years or until their removal (whichever occurs first).

 

7. By using most of the commonly used browsers, you can check whether cookies have been installed on your device. You can also delete the installed cookies and block their installation by a website or different websites in the future. However, disabling or restricting the use of cookies may cause serious difficulties in using the Store, e.g. the necessity to log in to each subpage, longer time needed for the Store to load, limitations in the use of certain functionalities.

Final Provisions

To all matters not settled herein generally applicable provisions on the protection of personal data shall apply.

This Policy is effective from 9^th August 2021