Spaio - Privacy & cookies policy - Online shop

Privacy & Cookies Policy

 

Privacy policy

 

The company -  PPHU Tespol Tadeusz Koralewski based in Konstantynów Łódzki,  27 Łódzka Street, NIP no. 831-100-20-57 and REGON no. 730173706

Mail: tespol@tespol.pl

Telephone number: +48 42 211 06 06

 (hereinafter referred to as the Seller) is responsible for processing customer’s personal data (the Administrator).

 

The Seller collects, stores and processes information about customer if he or she uses Seller’s website to view or buy products or if customer voluntarily provide Seller with such information, for example when the customer subscribe to Seller’s mailing list, enter a promotion or competition. This information will be processed by electronic means and includes:

- contact details including name, email, telephone number and address;

- login and account information, including screen name, password and unique user ID;

- payment or credit card information;

- personal preferences including customer’s marketing and cookie preference.

 

The customer, by registering and by giving his or hers personal data or making purchases in the seller’s e-shop allows to process his or her personal data for the above-mentioned purposes. 

Personal data is transmitted by the customer on a voluntary basis, however, not providing specific data during the registration process, makes the registration impossible as well as prevents from the submission and implementation of the Customer’s order in the case of the contract without the registration of Customer’s account.

 

The data will be processed by the Seller only and exclusively for the purposes of order processing and issuing the bill of sale (receipt or VAT invoice) of the services provided by the seller electronically and shipment of products. The Seller processes the data when the customer has given consent to the processing of his or her personal data for the purpose of buying products and subscribe to Seller’s mailing list (article 6 point 1 a) of  REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016) and when processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (article 6 point 1 b) of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016).

 

The customer has the right to:

1. withdraw his or her consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;

2. request from the Seller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;

3. lodge a complaint with a supervisory authority.

 

To exercise one of the right mentioned above, the Customer shall write a message by e-mail to the Seller on address: info@spaio.it

 

The Seller has the right to share gathered data with his trading partners, only with a view of quick and efficient realization of customer’s orders. The list of the trading partners is here.


The Seller will use its best endeavours to secure and protect customer’s data against its unauthorised access or use. The Seller is processing and collecting abovementioned information:

- lawfully, fairly and in a transparent manner in relation to the customer,

 - only for specified, explicit and legitimate purposes mentioned in this Privacy Policy and not further processed in a manner that is incompatible with those purposes;

- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

- in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

The Seller will store the personal data only for the period of time, in which he performs the contract concluded with the Customer or only for the time of current subscription for the mailing list.

 

Right of access

The Customer has the right to obtain from the Seller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(a)  the purposes of the processing;

(b)  the categories of personal data concerned;

(c)  the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

(d)  where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e)  the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(f)  the right to lodge a complaint with a supervisory authority;

(g)  where the personal data are not collected from the data subject, any available information as to their source;

(h)  the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Right to rectification

The Customer has the right to obtain from the Seller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Customer has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (‘right to be forgotten’)

1. The `customer has the right to obtain from the Seller the erasure of personal data concerning him or her without undue delay and the Seller has the obligation to erase personal data without undue delay where one of the following grounds applies:

(a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

(b) the data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

(c) the personal data have been unlawfully processed;

(d) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Seller is subject.

Right to restriction of processing

The Customer has the right to obtain from the Seller restriction of processing where one of the following applies:

(a) the accuracy of the personal data is contested by the Customer, for a period enabling the Seller to verify the accuracy of the personal data;

(b) the processing is unlawful and the Customer opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the Seller no longer needs the personal data for the purposes of the processing, but they are required by the Customer for the establishment, exercise or defence of legal claims.

Right to data portability

1. The Customer has the right to receive the personal data concerning him or her, which he or she has provided to a Seller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Seller to which the personal data have been provided, where:

(a) the processing is based on consent, and

(b) the processing is carried out by automated means.

2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

 

 

The policy refers to 'cookies'


1. Cookies constitute IT data, mostly text files, which are placed at the terminal equipment of the User and are intended for the use of the websites. Cookies usually contain the name of the website they come from, the time of being stored on the terminal device and a unique number.
2. The seller applies "cookies" which during the use of the Store's website by customers are stored by the vendor’s server on the hard drive of the customer’s terminal equipment.
3. The seller uses Cookies for the following purposes:
 a. configuration of the service and to ensure its security and reliability;
 b. memorization of the information about users' terminal equipment and user and their authentication;
 c. for seller’s product offer development;
 d. statistical.
4. The seller uses two types of cookies: session and persistent. Session cookies – these are temporary files stored in the terminal equipment of the user till log-off time, leaving the website or disabling software (web browser). "Persistent” cookies are stored in the terminal equipment of the user till log-off time, leaving the website or disabling software (web browser).
5. The seller informs that limitation of the use of cookies may affect some of the functionalities available on the e-shop website or even make the use of them impossible.
6. If the user does not wish cookies to be used, he can switch them off in his browser.

7. Under the following addresses information on popular browsers can be found as well as the advice how to fit preferences for the cookies:

· Microsoft Internet Explorer: http://www.microsoft.com/info/cookies.htm

· Mozilla Firefox:

http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html

· Google Chrome Google Chrome

http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647.

 

Collection, acquisition, scope and purpose of collecting personal data

The Administrator informs Users that he entrusts the processing of personal data to the following entities: - Edrone Sp. z o. o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197 - in order to use the edrone.me mailing system for sending the newsletter, - Edrone Sp. z o. o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197: - for marketing purposes only and exclusively for the needs of e-mail, SMS and social media campaigns launched or indicated by the Administrator using the edrone system, The Administrator informs that it uses the following technologies to track activities undertaken by the user/Customer within the Store's website: - edrone tracking codes - in order to analyze the statistics of the Store's website, as well as for marketing purposes only for the needs of e-mail, SMS and social media campaigns launched or indicated by the Administrator using the edrone system.