Terms of Service

Legal basis for processing personal data
Personal data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”).

Legal bases for personal data processing include:

1. Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the data subject’s request before entering into a contract (e.g., order fulfillment).
2. Article 6(1)(c) GDPR – processing is necessary to comply with a legal obligation to which the controller is subject (e.g., issuing a VAT invoice).
3. Article 6(1)(a) GDPR – the data subject’s consent to the processing of their personal data for one or more specified purposes (e.g., sending a newsletter).
4. Article 6(1)(f) GDPR – the controller’s or a third party’s legitimate interest (e.g., direct marketing of own products).

The Administrator undertakes to process personal data in accordance with GDPR principles, ensuring their protection and confidentiality.

1. General information

1. This policy applies to the Service operating at the URL: www.krzysztoflachowski.com
2. The operator of the Service and the controller of personal data is: KRZYSZTOF LACHOWSKI, os. Na Stoku, nr 63A, lok. 102 os. Na Stoku, nr 63A, lok. 102 Kielce 25-437, NIP: 6572985655
3. Operator’s contact email address: contact@krzysztoflachowski.com
4. The Operator is the controller of your personal data in relation to the data provided voluntarily in the Service.
5. The purpose of processing the Buyer’s data provided by the Buyer in connection with purchases in the Store is order fulfillment. The legal basis for processing personal data in this case is:
   – the sales contract or actions taken at the Buyer’s request aimed at its conclusion (Art. 6(1)(b) GDPR),
   – the legal obligation to which the Seller is subject related to accounting (Art. 6(1)(c) GDPR), and
   – the Seller’s legitimate interest in processing data to establish, pursue, or defend potential claims (Art. 6(1)(f) GDPR).

1. Through data voluntarily entered in forms, which are entered into the Operator’s systems.
2. Through files stored on end devices (so-called “cookies”).

2. Selected data protection methods used by the Operator

1. Login pages and those for entering personal data are protected in the transmission layer (SSL certificate). Thus, personal data and login data entered on the site are encrypted on the user’s computer and can only be read on the target server.
2. The Operator periodically changes its administrative passwords.
3. An important element of data protection is the regular updating of all software used by the Operator to process personal data, which especially means regular updates of software components.

3. Hosting

1. The Service is hosted (technically maintained) on servers of the operator: Shoper

4. Your rights and additional information regarding data use

1. In some situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to perform the contract concluded with you or to fulfill the Administrator’s obligations. This applies to the following groups of recipients:
   • couriers
   • postal operators
   • payment operators
   • accounting service providers
   • marketing service providers on behalf of the Administrator
2. Your personal data processed by the Administrator will not be retained longer than necessary to perform the activities specified by separate regulations (e.g., accounting). Regarding marketing data, they will not be processed longer than 3 years.
3. You have the right to request from the Administrator:
   • access to your personal data,
   • their correction,
   • deletion,
   • restriction of processing,
   • and data portability.
4. You have the right to object to processing under point 3 above for the purpose of pursuing the Administrator’s legitimate interests, including profiling, unless there are legally justified overriding reasons for data processing, particularly for establishing, pursuing, or defending claims.
5. You may lodge a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
6. Providing personal data is voluntary but necessary to operate the Service.
7. Automated decision-making, including profiling, may be conducted to provide services under the concluded contract and for the Administrator’s direct marketing.
8. Personal data is not transferred to third countries within the meaning of data protection regulations. This means that we do not send it outside the territory of the European Union.

5. Information in forms

1. The Service collects information voluntarily provided by the user, including personal data if provided.
2. The Service may record connection parameters (time stamps, IP address).
3. In some cases, the Service may write information that facilitates linking form data with the user’s email address. In such cases, the user’s email address may appear in the page URL containing the form.
4. Data entered in a form is processed for the purpose corresponding to the function of that form, e.g., for handling a service request, business contact, or registering services. In each case, the context and description of the form clearly inform what it is for.

6. Administrator logs

1. Information about user behavior on the Service may be logged. This data is used to administer the Service.

7. Key marketing techniques

1. The Operator uses statistical analysis of website traffic via Google Analytics (Google Inc., USA). The Operator does not transfer personal data to this service provider, only anonymized data. The service relies on cookies in the user’s end device. Users can view and edit preference information collected by Google’s ad network using: https://www.google.com/ads/preferences/
2. The Operator uses remarketing techniques to tailor ads to user behavior on the site, which may give the impression that personal data is used to track users; however, no personal data is actually transferred by the Operator to ad operators. The technological requirement for such actions is enabled cookie support.
3. The Operator uses the Facebook pixel. This technology informs Facebook (Facebook Inc., USA) that a person registered there visited the Service. It relies on data over which Facebook is the controller; the Operator does not share any additional personal data. The service relies on cookies in the user’s end device.

8. Information about cookies

1. The Service uses cookies.
2. Cookies are IT data, especially text files stored in the user’s end device and intended for use with the Service’s web pages. Cookies typically contain the website name, their storage duration on the device, and a unique number.
3. The entity placing cookies on the user’s device and accessing them is the Service operator.
4. Cookies are used for the following purposes:
   1. Maintaining a user session (after login), so the user does not need to re-enter login and password on each page.
   2. For purposes specified in the “Key marketing techniques” section above.
5. The Service uses two main types of cookies: “session” cookies and “persistent” cookies. Session cookies are temporary files stored in the user’s device until logout, leaving the site, or closing the browser. Persistent cookies are stored for a duration specified in cookie parameters or until the user deletes them.
6. Browsers usually allow cookies by default. Users can change these settings to delete or block cookies. For details, consult the browser’s help or documentation.
7. Limiting cookies may affect some functionalities available on the Service’s website.
8. Cookies placed on the User’s end device may also be used by entities cooperating with the Service Operator, in particular by companies such as: Google (Google Inc., based in the USA), Facebook (Facebook Inc., based in the USA), Twitter (Twitter Inc., based in the USA).

9. Managing cookies – how to give and withdraw consent in practice?

1. If the user does not want to receive cookies, they can change browser settings. Disabling cookies necessary for authentication, security, or remembering preferences may hinder, and in extreme cases may prevent, using the website.
2. To manage cookie settings, choose the browser you use from the list below and follow the provided instructions:
   • Edge
   • Internet Explorer
   • Chrome
   • Safari
   • Firefox
   • Opera

   Mobile devices:

   • Android
   • Safari (iOS)
   • Windows Phone