WHAT IS THE PRIVACY POLICY?
We would like to familiarize you with the details of our processing of your personal data to give you full knowledge and comfort in using our website. Since we operate in the internet industry ourselves, we know how important it is to protect your personal data. Therefore, we make special efforts to protect your privacy and the information you provide to us. We carefully select and apply appropriate technical measures, in particular those of a programming and organizational nature, ensuring the protection of processed personal data. Our website uses encrypted data transmission (SSL), which ensures the protection of data identifying you. In our Privacy Policy you will find all the most important information regarding our processing of your personal data. We ask you to read it and we promise that it will not take you more than a few minutes.
Who is the administrator of the website www.aticanails.pl?
The administrator of the website is Individual Entrepreneur Atica Valeriia Petryk in Bydgoszcz, at Bydgoszcz
85-097 Jagiellonska 36A/19 NIP 9671470602, REGON 526897164
PERSONAL DATA
What legal act regulates the processing of your personal data?
Your personal data is collected and processed by us in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95 /46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1), commonly known as: GDPR. To the extent not regulated by the GDPR, the processing of personal data is regulated by the Personal Data Protection Act of May 10, 2018.
Who is the administrator of your personal data?
The administrator of your personal data is Individual Entrepreneur Atica Valeriia Petryk in Bydgoszcz, at Bydgoszcz, 85-097 Jagiellonska 36A/19 NIP 9671470602, REGON 526897164,
phone: +48666256811, email: valeria@atica.com.ua
• e-mail: valeria@atica.com.ua,
• traditional mail: Bydgoszcz
85-097 Jagiellonska 36A/19
phone: +48 666256811
HOW DO WE PROCESS YOUR PERSONAL DATA THAT YOU PROVIDE TO US?
What personal data do we process and for what purposes do we process it?
On our website, we offer you many different services for which we process various personal data, based on various legal bases.
|
Objective |
Personal data |
Legal basis for processing |
Data storage time |
|
conclusion and performance of the contract |
name, surname, correspondence address, NIP, e-mail address, telephone number, |
art. 6 section 1 letter b) GDPR, i.e. processing in order to take action at your request, before concluding a contract and processing necessary to perform a contract to which you are a party |
until the expiry of the limitation period for claims regarding the performance of the contract |
|
setting up and maintaining an account |
name, surname, e-mail address, telephone number, mailing address |
art. 6 section 1 letter b) GDPR, i.e. processing in order to take action at your request, before concluding a contract and processing necessary to perform a contract to which you are a party |
until the expiry of the limitation period for claims regarding the performance of the contract |
|
adding opinions |
name, e-mail address, |
art. 6 section 1 letter f) GDPR, i.e. processing in order to pursue our legitimate interest, consisting in presenting opinions regarding goods and the course of transactions on the online store website |
until you object to the processing of your personal data |
|
newsletter |
e-mail address, first name, last name |
art. 6 section 1 letter a) GDPR, i.e. processing based on your consent to the processing of your personal data |
until the date you withdraw your consent to the processing of personal data |
|
ask about the product” form |
e-mail adress |
art. 6 section 1 letter f) GDPR, i.e. processing in order to pursue our legitimate interest, consisting in maintaining continuity of communication and enabling contact with us in matters of our business activities |
until you object to the processing of your personal data |
|
traffic analysis on the online store website |
name, address, IP address, browser data |
Art. 6 section 1 letter f) GDPR, i.e. processing in order to pursue our legitimate interest in analyzing customer traffic on the store’s website |
until you object to the processing of your personal data |
|
direct marketing of own goods and services, including remarketing |
name, address, IP address, browser data |
Art. 6 section 1 letter f) GDPR, i.e. processing for the purpose of pursuing our legitimate interest in direct marketing of our own services, including remarketing |
until you object to the processing of your personal data |
|
determination, investigation and enforcement of claims and defense against claims in proceedings before courts and other state authorities |
name, surname, residential address, NIP, REGON, e-mail address, telephone number, IP number, bank account number, payment card number |
art. 6 section 1 letter f) GDPR, i.e. processing in order to pursue our legitimate interest, consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities |
until the expiry of the limitation period for claims regarding the performance of the contract |
|
fulfillment of legal obligations arising from legal regulations, in particular tax and accounting regulations |
name, surname, company, NIP or REGON, e-mail address, telephone number, correspondence address, payment card number |
Art. 6 section 1 letter c) GDPR, i.e. processing is necessary to fulfill our legal obligations arising from legal provisions, in particular tax and accounting provisions |
until the expiry of the legal obligations imposed on the Administrator, which justified the processing of personal data |
Voluntary provision of personal data
Providing the required personal data by you is voluntary, but it is a condition for us to provide services to you (e.g. sending a newsletter or creating an account).
Automated decision-making (including profiling)
We do not make decisions about you in an automated manner and we do not use profiling.
Will we transfer your personal data outside the EEA or to an international organization?
In order to use Google tools, your personal data may be transferred to the United States, where Google LLC servers are located. Google LLC is included in the list of entities participating in the Data Privacy Framework (link: https://www.dataprivacyframework.gov/s/participant-search), therefore the protection of personal data is adequate to the regulations in force in the European Union, in accordance with Commission Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of protection of personal data in accordance with the EU-USA Data Privacy Framework (link: https://commission.europa.eu/system/ files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework.pdf). In order to use Facebook and Instagram tools, your personal data may be transferred to the United States, where Meta Inc. servers are located. Meta Platforms Inc. is included in the list of entities participating in the Data Privacy Framework program (link: https://www.dataprivacyframework.gov/s/participant-search), therefore the protection of personal data is adequate in relation to the regulations in force in the European Union, in accordance with Commission Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of protection of personal data in accordance with the EU-USA Data Privacy Framework (link: https://commission.europa.eu/system/files/ 2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework.pdf). In order to use BingAds tools, your personal data may be transferred to the United States, where Microsoft Corporation’s servers are located. Microsoft transfers personal data from the European Economic Area, the United Kingdom and Switzerland to other countries, not all of which offer an adequate level of data protection in the opinion of the European Commission. For example, the laws of these countries may not guarantee you the same rights or they may not have a privacy oversight body to handle your complaints. When Microsoft engages in such transfers, it uses a variety of legal mechanisms, including contracts, such as standard contractual clauses published by the European Commission pursuant to Commission Implementing Decision (EU) 2021/914, to ensure that your rights are protected and that those protections are transferable with his data. Microsoft Corporation complies with the Privacy Shield Framework as agreed between the European Union and the United States and Switzerland and the United States in accordance with the United States Department of Commerce guidelines relating to the collection, use and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States, although Microsoft does not refer to the Privacy Shield Framework prepared by the European Union and the United States as a legal basis for the transfer of personal data in the light of the judgment of the Court of Justice of the European Union in case C-311/18. *Remember that the Privacy Shield is no longer a law in force in the European Union, but a program that sets certain personal data protection standards for entities that have their servers in the United States. Currently, it is a form of certification; entities entered into the Privacy Shield meet certain personal data protection standards.
WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH OUR PROCESSING OF YOUR PERSONAL DATA?
Pursuant to the GDPR, you have the right to:
• request access to your personal data,
• request rectification of your personal data,
• request the deletion of your personal data,
• requests to limit the processing of personal data,
• object to the processing of personal data,
• request the transfer of personal data.
If you submit any of the above-mentioned requests to us, we will provide you with information about the actions taken in connection with your request without undue delay – and in any case within one month of receiving the request. If necessary, we may extend the monthly deadline by another two months due to the complexity of the request or the number of requests. In any case, we will inform you within one month of receiving the request about the extension of the deadline and provide you with the reasons for the delay.
The right to access personal data (Article 15 of the GDPR)
You have the right to obtain information whether we process your personal data. If we process your personal data, you have the right to:
• access to personal data,
• obtaining information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned storage period of your data or the criteria for determining this period, about your rights under the GDPR and the right to lodge a complaint with the President of the Personal Data Protection Office , about the source of this data, about automated decision-making, including profiling, and about the safeguards used in connection with the transfer of this data outside the European Union;
• obtain a copy of your personal data.
If you want to request access to your personal data, please submit your request to: valeria@atica.com.ua
The right to rectify personal data (Article 16 of the GDPR)
If your personal data is incorrect, you have the right to request that we immediately correct your personal data. You also have the right to request that we complete your personal data. If you want to request correction or addition of your personal data, please submit your request to: valeria@atica.com.ua
The right to delete personal data, the so-called “right to be forgotten” (Article 17 of the GDPR)
You have the right to request the deletion of your personal data when:
• Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• you have withdrawn specific consent, to the extent that personal data were processed based on your consent;
• Your personal data was processed unlawfully;
• you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing;
• you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by us or a third party.
Despite submitting a request to delete personal data, we may continue to process your data in order to establish, pursue or defend claims, of which you will be informed. If you want to request the deletion of your personal data, please submit your request to: valeria@atica.com.ua
The right to request restriction of the processing of personal data (Article 18 of the GDPR)
You have the right to request restriction of the processing of your personal data when:
• you question the accuracy of your personal data – in such a case, we will limit the processing of your personal data for a period of time enabling us to check the accuracy of this data;
• the processing of your data is unlawful, and instead of deleting your personal data, you request the restriction of the processing of your personal data;
• Your personal data is no longer necessary for the purposes of processing, but it is needed to establish, pursue or defend your claims;
• you have raised an objection to the processing of your personal data – until it is determined whether our legitimate interests override the grounds indicated in your objection.
If you want to request the restriction of the processing of your personal data, please submit your request to: valeria@atica.com.ua
The right to object to the processing of personal data (Article 21 of the GDPR)
You have the right to object at any time to the processing of your personal data, including profiling, in connection with:
• processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the Personal Data Administrator or a third party;
• processing for direct marketing purposes.
If you want to object to the processing of your personal data, please submit your request to: valeria@atica.com.ua
The right to request the transfer of personal data (Article 20 of the GDPR)
You have the right to receive your personal data from us in a structured, commonly used, machine-readable format and to send it to another personal data controller. As standard, we will provide you with your personal data in CSV format. If you prefer that the data be made available to you in a different format, please indicate your preferred format in your request. Whenever possible, we will try to provide you with data in your preferred format. You can also request that we send your personal data directly to another administrator (if technically possible). If you want to request the transfer of your personal data, please submit your request to: valeria@atica.com.ua