- Controller – Małgorzata Mikołajczak, performing business operations under the following name: Małgorzata Mikołajczak, ul. Anny Jagiellonki 43/17, 80-034 Gdańsk, NIP [Tax Identification Number]: 583-192-12-25 REGON [Statistical Number]: 220291300.
- Website – the website accessible at the following address: www.littleheavenshop.com and its sub-sites and other language versions.
- User – each entity using the Website.
- Product – every commodity being subject to the sales agreement executed via the Website.
- The Controller may also be contacted at the following e-mail address: firstname.lastname@example.org
1. The User may provide his/her personal data to the Controller through the forms available on the Website such as:
◦ Order Form; ◦ Registration Form; ◦ Contact Form.
- The Controller shall be the User’s personal data Controller.
- The data provided by the User to the Controller in the Order Form, Registration Form and Contact Form shall be processed pursuant to Article 6(1a) and (1b) of GDPR in order to perform the Product sales agreement, issue and send a VAT invoice to the User or any other document confirming execution of a sales agreement and taking the aforementioned Controller’s accounting documentation into account as well as establishing contact with the Controller and handling correspondence pertaining to his/her company and the Products he/she offers.
- The User’s personal data will be stored in the Controller’s database for the entire period of the Website’s functioning, and the issued documents confirming execution of the sales agreement will remain in the accounting documentation for the period required by the general provisions of the law. The data provided to the Controller in the Contact Form will be processed by the Controller during the entire time of exchange of correspondence between the Parties.
- The Controller shall ensure full confidentiality of any and all personal data provided to him/her.
- Provision of personal data by the User shall be voluntary, but required for the User’s undertaking the operation for which a given form has been designed.
- The Controller shall not make data provided to him/her by the User available to any third parties.
- Personal data shall be collected with due care and shall be properly protected against any access by unauthorised persons.
- The User shall have the following rights:
– The right to demand access to his/her personal data, to correct it, delete or limit the scope of processing;
– The right to file objection to personal data processing,
– The right to transfer personal data;
– The right to withdraw consent for personal data processing for a specific purpose, if the User has expressed such consent before;
– The right to file a complaint to the supervisory authority in relation to personal data processing by the Controller in the event that the User considers his/her personal data to be processed in an illegitimate way.
10.The Controller shall entrust personal data processing to the following entities:
◦ ultimahost.pl Szeliga Spółka Jawna, ul. Dowborczyków 25, 90-019 Łódź, NIP [Tax Identification Number]: 9671354758, REGON [Statistical Number]: 341287109 entered into the National Court Register under the following number: KRS 0000423178 in order to store personal data on the server;
◦ Infakt Biuro Rachunkowe Spółka z ograniczoną odpowiedzialnością, ul. Kącik 4, Kraków 30-549, NIP 6793078430 entered into the National Court Register under the following number: 0000402984 for the Controller to use the system for issuing invoices documenting the agreement executed via the Website;
- The Controller shall make the collected personal data of the Buyer available to a specific carrier or an intermediary performing the supply of a Product as contracted by the Controller and consistent with the Buyer’s choice;
- In the case of a User who used the option of a web-based payment in an Online Shop on the Website, the Controller shall provide the collected personal data of the Buyer to this entity processing the aforementioned payments to the extent required for completing such payment.11. The aforementioned entities guarantee confidentiality of data saved in their data bases.
- The Controller shall use cookie files (referred to as “cookies”) i.e. small text information stored on the User’s device.
- Cookie files may be read by the Controller’s IT system.
- The Controller stores cookie files on the User’s device, and then obtains access to information contained therein for statistical purposes, for marketing purposes (remarketing) and in order to ensure proper operation of the Website.
- The Controller informs the User that there is an option for configuring the Web browser in such a manner that will prevent storing cookies on the User’s device, which may significantly impede using the Website.
- The Controller also informs the User that cookies may be deleted by the User after they have been saved by the Controller through relevant functionalities of the Web browser, software designed for this purpose or using proper tools available in the operating system used by the User.
The Controller shall inform the User that he/she uses technologies tracking actions undertaken by the User on the Website, i.e.:
- Facebook conversion pixel – in order to manage advertisements on Facebook and perform re-marketing actions;
- Google Analytics tracking code – in order to analyse the Website statistics, including the length of the User’s visit on specific sub-sites of the Website and analysis of other of the User’s actions on the Website.
- Using the Website shall involve sending queries to the server on which the Website is stored.
- Every query addressed to the server is saved in server logs. These logs include, inter alia, the User’s IP address, server date and time, as well as the information on Web browser and the operating system used by the User.
- Logs shall be saved and stored on the aforementioned server.
- The data saved in server logs shall not be attributable to specific persons using the Website and shall not be used by the Controller for any identification of the User.
- Server logs shall operate solely as support material designed for Website administration, and their content shall not be disclosed to anyone apart from the persons authorized to administer the server.