This Privacy Policy is a document related to the Gibbarosa Store Regulations. Definitions of terms used in this Privacy Policy are included in the Regulations. The provisions of the Regulations shall apply accordingly.

This policy is informative and meets the information obligations imposed on the data controller by the GDPR, i.e. Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95 /46/EC.

PERSONAL DATA ADMINISTRATOR

The administrator of Customers' personal data is Klaudia Doerffer-Maciejewska, ul. Pańska 98/43, 00-837 Warsaw, NIP:5272819165,

1.1. Contact with the Personal Data Administrator may be made in particular by e-mail via the e-mail address hello@gibbarosa.com

PURPOSE, SCOPE AND PERIOD OF PROCESSING

2.1. The purpose and scope of the processed personal data is determined by the scope of consents and supplemented data sent using the appropriate form. The processing of Customers' personal data concerns the name and surname, telephone number, e-mail address, delivery address / to which the invoice is to be issued, NIP, computer IP address and other data necessary to perform services provided in accordance with the Regulations. The nature of the services provided by the Seller makes it impossible to provide them anonymously.

2.2. Customers' personal data will be processed in order to: (a) implement the law, (b) execute Orders and Sales Agreements, create an Account and implement other contracts for the provision of electronic services, including consideration of complaints and optimization of the Seller's services, (c) promotional and commercial purposes of the Seller.

2.3. Providing personal data and consenting to the sending of commercial offers is voluntary, but the lack of consent to the processing of personal data marked as obligatory in the form will prevent the Seller from performing services and performing contracts.

2.4. If the Seller receives information about the Customer's use of the services contrary to the Regulations or applicable regulations (unauthorized use), the Seller may process the Customer's personal data to the extent necessary to determine his liability.

2.5. The legal basis for the processing of personal data in the case referred to above in section 2.2. lit. a, is the statutory authorization to process data necessary to act in accordance with the law, and in the case referred to above in section 2.2. lit. b.c., it is a contractual authorization to process personal data in the event that it is necessary to fulfill legally justified purposes pursued by the Data Seller or data recipients and the Customer's consent.

2.6. The Customer's personal data will be processed until the Account is deleted, unsubscribes from the Newsletter or for a period of 5 years from the date of placing the last Order (depending on which action takes place later), and after that time they will be deleted, unless their processing is necessary on a different legal basis.

2.7. The seller does not transfer personal data to third countries.

DATA RECIPIENTS

3.1. The Seller may entrust the processing of personal data to third parties in order to perform the activities indicated in the Regulations and customer service, then the recipients of the Customer's data may be: a hosting provider for the Store, a company that technically supports the Store, a payment processing company, the Seller's accounting office, carrier.

3.2. Personal data collected by the Seller may also be made available to: relevant state authorities at their request on the basis of relevant legal provisions or other persons and entities - in cases provided for by law.

3.3. Each entity to which the Seller entrusts the processing of the Customer's personal data, based on the personal data processing agreement (hereinafter the "Entrustment Agreement"), guarantees an appropriate level of security and confidentiality of personal data processing. The entity processing the Customer's personal data based on the Entrustment Agreement may process the Customer's personal data through another entity only on the basis of the Seller's prior consent.

3.4. Disclosure of personal data to unauthorized entities according to this Privacy Policy may take place only with the prior consent of the Customer to whom the data pertains.

RIGHTS OF THE DATA SUBJECT

4.1. Each Customer has the right to: (a) delete personal data collected about him/her both from the system belonging to the Seller and from the databases of entities with which the Seller cooperates or cooperated, (b) limit data processing, (c) transfer personal data collected by the Seller about the Customer, including to receive them in a structured form, (d) request the Seller to access and rectify their personal data, (e) object to processing, (f) withdraw the Seller's consent at any time without affecting the compliance with the right to processing, which was made on the basis of consent before its withdrawal; (g) lodge a complaint against the Seller to the supervisory authority.

OTHER DATA

5.1. The store may store http queries, therefore some information may be stored in the server log files, including the IP address of the computer from which the query came, name of the Customer's station - identification carried out by the http protocol, if possible, system date and time registration on the Store's website and incoming inquiries, the number of bytes sent by the server, the URL address of the page previously visited by the Customer, if he entered via a link, information about the Customer's browser, information about errors that occurred during the http transaction. Logs may be collected as material for the proper administration of the Store. Only persons authorized to administer the IT system have access to the information. Log files can be analyzed in order to compile traffic statistics on the Store's website and errors. The summary of such information does not identify the Customer.

SECURITY

6.1. The Seller uses technical and organizational measures to ensure the protection of personal data being processed appropriate to the threats and categories of data protected, and in particular secures the data technically and organizationally against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of the Act and change, loss, damage or destruction , among others SSL certificates are used. The set of collected Customers' personal data is stored on a secured server and the data is also protected by the Seller's internal procedures in the field of personal data processing and information security policy.

6.2. To log in to the Account, it is necessary to provide a login and password. To ensure an appropriate level of security, the password to access the Account exists only in encrypted form. In addition, work with the Store takes place in a secure https connection. Communication between the Customer's device and servers, in particular when making payments, is encrypted using the SSL (Secure Socket Layer) protocol.

6.3. The seller has also implemented appropriate technical and organizational measures, such as pseudonymization, designed to effectively implement data protection principles, such as data minimization, and to provide the processing with the necessary safeguards to meet the requirements of the GDPR and protect the rights of data subjects. The seller implements all necessary technical measures specified in art. 25, 30, 32-34, 35-39 of the GDPR ensuring increased protection and security of the processing of the Customer's personal data.

6.4. At the same time, the Seller indicates that the use of the Internet and services provided electronically may be at risk of malware entering the ICT system and the Customer's device, as well as unauthorized access to the Customer's data, including personal data, by third parties. In order to minimize these threats, the Customer should use appropriate technical security measures, e.g. with the use of up-to-date anti-virus programs or programs protecting the Customer's identification on the Internet. In order to obtain detailed and professional information on maintaining security on the Internet, the Seller recommends obtaining them from entities specializing in this type of IT services.

COOKIES

7.1. In order for the Store to function properly, the Seller uses cookie technology. Cookies are information packages saved on the Customer's device via the Store, usually containing information in accordance with the purpose of the file, with which the Customer uses the Store.

7.2. Cookies usually containing the address of the Store, date of placement, expiration date, unique number and additional information in accordance with the purpose of the file.

7.3. The seller uses two types of cookies: session cookies, which are permanently deleted at the end of the customer's browser session, and permanent cookies, which remain after the end of the browser session on the customer's device until they are deleted.

7.4. Based on cookies, both session and persistent, it is not possible to determine the identity of the Customer. The Cookies mechanism does not allow you to download any personal data.

7.5. The Seller's cookies are safe for the Customer's device, in particular they do not allow viruses or other software to enter the device.

7.6. External Cookies (i.e. Cookies placed by the Seller's partners) can be read by an external server.

7.7. The customer may disable the saving of cookies on his device, in accordance with the browser manufacturer's instructions, but this may result in unavailability of some or all of the Store's functions.

7.8. The Seller uses own cookies for the following purposes: authentication of the Customer in the Store and maintaining the Customer's session; configuration of the Store and adjusting the content of the pages to the Customer's preferences, such as: recognizing the Customer's device, remembering the settings selected by the Customer; ensuring the security of data and the use of the Store; analyzes and audience research; providing advertising services.

7.9. The Seller uses External Cookies for the following purposes of creating (anonymous) statistics that allow optimizing the usability of the Store, through analytical tools, including Google Analytics, the use of interactive functions using the social networking site facebook.com, Instagram.com

7.10. The customer can independently change the settings for Cookies at any time, specifying the conditions for their storage, through the settings of the web browser or through the configuration of the service. The customer may also independently delete the cookies stored on his device at any time, in accordance with the instructions of the browser manufacturer.

7.11. Detailed information on the use of Cookies is available in the web browser settings.

FINAL PROVISIONS

8.1. This Privacy Policy enters into force on January 31, 2023.