Let us begin with a formal notice – the website administrator is Dotnetos sp. z o. o. headquartered in Pruszków, Sadowa 15/15, Social Security (NIP) number: 5342584337, REGON number: 380637817
Brief overview of most relevant information
Should the information outlined above not seem sufficient, below you will find all explained in detail.
Within the meaning of personal data protection regulations, your personal data administrator is Dotnetos sp. z o. o. headquartered in Pruszków, Sadowa 15/15, Social Security (NIP) number: 5342584337, REGON number: 380637817
Purposes, legal bases and the duration of personal data processing are indicated separately for each purpose of processing (see description of individual purposes of processing personal data below).
Rights. The GDPR assures you the following rights in relation to the processing of your personal data:
The regulations related to the exercise of the rights stated above are set out in detail in Articles 16 to 21 of the GDPR. We encourage you to familiarise yourself with these regulations. For our part, we consider it necessary to explain to you that these rights are not absolute and will not apply to all processing of your personal data. For your convenience, we have made every effort to outline the rights to which you are entitled.
We would like to underline that one of the rights indicated above remains inalienable to you – if you deem that we have violated the regulations on personal data protection while processing your personal data, you have the right to lodge a complaint to the supervisory authority (President of the Office for Personal Data Protection).
Security. We guarantee the confidentiality of any personal information you provide us with. We ensure that all security and personal data protection measures are taken as required by data protection regulations. Personal data are collected with due diligence and accurately protected against unauthorized access.
Register of entities. We entrust the processing of personal data to the following entities:
All entities to which we entrust the processing of personal data guarantee the application of appropriate personal data protection and security measures required by law.
Processing purposes and activities
User account. To create a new user account, you must enter your e-mail address and define a password for the account. Providing this information is voluntary, but necessary to create a user account. While editing your user profile, you can provide further information about yourself, i.e. your name, billing address and shipping address. The provision of these data is completely voluntary, as you can keep your user account without providing further details. In this case, you will have to enter data each time you place an order.
The data you enter in your user account are processed solely for the purpose of maintaining your account and ensuring that you can access it. The purpose of entering the data in your user account is to facilitate placing orders in the shop by pre-filling the data on the order form.
The legal basis for the processing of your personal data within a user account is the implementation of the agreement on account management, which you conclude accepting the store regulations, as stipulated in Article 6(1)(b) of the GDPR.
The data collected in your account are processed within the Synchronization Expert platform and stored on Microsoft servers.
Your data will be processed within your account as long as you keep a user account. Your data will be deleted from the database upon the deletion of your account, except the data about orders placed.
You can at any time access your personal data processed within your account by logging into your user account. Upon logging into your account, you can at any time modify your data, or delete it, except for data about orders placed. You are also free to delete your account at any time.
You also have the right to data portability under Article 20 of the GDPR.
Orders. When placing an order, you must provide the data necessary to complete the order, i.e. name and surname, billing address, e-mail address. Providing data is voluntary, yet necessary to place an order.
The data provided to us in connection with the order are processed for the purpose of processing the order (Article 6(1)(b) of the GDPR), issuing the invoice (Article 6(1)(c) of the GDPR), incorporating the invoice into our accounting records (Article 6(1)(c) of the GDPR) and for archival and statistical purposes (Article 6(1)(f) of the GDPR).
The data contained in the order placed through the store are processed within the Synchronization Expert platform and stored on Microsoft servers.
If you have a user account, your order will be displayed in the account order history.
Each order is followed by an invoice. Invoices are issued with the use of the WFIRMA system and are provided to Bogusław Baut Biuro Rachunkowe.
Orders are also registered in our internal database for archival and statistical purposes.
Order data will be processed for the time necessary for the execution of the order, and then until the expiry of the limitation period for claims under the contract. Furthermore, after the expiry of this period, data may still be processed for statistical purposes. Please also note that we are obliged to keep invoices with your personal data for a period of 5 years following the end of the tax year in which the tax liability arises.
For data collected on orders placed, you do not have the possibility to correct these after the order is completed. Nor can you object to the processing of the data and demand their deletion until the limitation period for claims under the contract has expired. Likewise, you may not object to the processing of data or demand the deletion of invoice data. After the period of limitation for claims from the concluded contract has expired, you may object to the processing of your data for statistical purposes or demand the deletion of your data from our database.
W stosunku do danych o zamówieniach przysługuje Ci również prawo do przenoszenia danych, o którym mowa w art. 20 RODO.
Newsletter. If you wish to subscribe to the newsletter, you must provide us with your e-mail address via the newsletter subscription form.
The data provided while subscribing to the newsletter are used to forward you the newsletter and the legal basis for their processing is your consent (Article 6(1)(a) of the GDPR) expressed while making your subscription.
The data are processed through our mailing system.
The data will be processed for the duration of the newsletter subscription, unless you unsubscribe beforehand – which will delete your data from our database.
You can at any time correct your data stored in the newsletter database and request their deletion by unsubscribing from the newsletter. You also have the right to data portability under Article 20 of the GDPR.
Complaints and withdrawal. If you make a complaint or withdraw from a contract, you provide us with personal data included in the complaint or withdrawal statement containing your name, address, telephone number, e-mail address, and bank account details.
The data provided within a complaint or withdrawal from a contract shall be used for the purpose of the complaint or withdrawal procedure (Article 6(1)(c) of the GDPR).
The data will be processed for the time necessary for the complaint or withdrawal procedure. Complaints and withdrawal statements may also be archived for statistical purposes.
Data provided in complaints and withdrawal statements cannot be modified. Nor can you object to the processing of the data and demand their deletion until the limitation period for claims under the concluded contract has expired. However, after the expiry of the statute of limitations for claims from the concluded contract, you may object to the processing of your data for statistical purposes and demand the deletion of your data from our database.
E-mail contact. When contacting us by e-mail, or sending an inquiry via a contact form, by the same token you provide us with your e-mail address as the sender's address. Additionally, you may also include other personal data in your message.
In this case, your personal data are processed for the purpose of contacting you and the basis for processing is under Article 6(1)(a) of the GDPR, that is your consent resulting from initiating contact with us. The legal basis for the post-contact processing is the legitimate purpose of archiving correspondence for internal purposes (Article 6(1)(c) of the GDPR).
The content of the correspondence may be archived and we are not able to clearly state when it will be deleted. You have the right to request the history of your correspondence with us (if it has been archived), as well as to request its deletion, unless archiving is justified by our overriding interests, such as defending against potential claims from you.
Cookies and other tracking technologies
Cookies are small bits of text information stored on your terminal device (e.g. computer, tablet, smartphone) that can be read by our ICT system.
For more details see below.
Third-party cookies. Our website, like most nowadays websites, uses features provided by third parties, which involves the use of third-party cookies. The use of such cookies is described below.
Marketing. We use marketing tools such as Facebook Pixel to target your ads. This involves the use of Facebook cookies. Within your cookie settings, you may decide whether or not you agree to our use of Pixel Facebook.
There are Vimeo videos embedded on our website. Playing a Vimeo video involves Vimeo cookies collected within its service.
Using the website involves sending queries to the server where the site is stored. Each query addressed to the server is saved in the server logs.
The logs contain your IP address, date and time of the server, information about your web browser and operating system you use. Logs are saved and stored on the server.
The data stored in the server logs are not associated with specific individuals using the site and are not used to identify you.
The server logs represent only support material used to administer the website and their content is not disclosed to anyone except those authorized to administer the server.