PRIVACY POLICY OF WEBSITE EMBRYOSWAGYU.COM
TABLE OF CONTENTS:
-
GENERAL PROVISIONS
-
BASIS FOR DATA PROCESSING
-
AIM, BASIS AND PERIOD OF DATA PROCESSING ON THE WEBSITE
-
DATA RECIPIENTS ON THE WEBSITE
-
PROFILING ON THE WEBSITE
-
RIGHTS OF DATA SUBJECTS
-
COOKIES ON THE WEBSITE, OPERATIONAL DATA AND ANALYTICS
-
FINAL PROVISIONS.
-
GENERAL PROVISIONS
-
This privacy policy of the Website is informational in nature, which means that it does not impose any obligations on the Website Service Recipients. First and foremost, the privacy policy contains rules of personal data processing by the Controller on the Website, including the bases, aims and the period of personal data processing and the rights of data subjects, as well as information about the use of cookies and analytical tools on the Website.
-
The Controller of the personal data gathered through the Website is GIGAWAT SOLAR SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ based in Olsztyn (registered office address and correspondence address: ul. Głowackiego 28/706, 10-448 Olsztyn); entered in the Register of Entrepreneurs of the National Court Register under KRS [National Court Register] 0000729808; registry court keeping the documentation of the company: District Court in Olsztyn, 8th Economic Division of the National Court Register; share capital: PLN 5,000.00; NIP [Tax Identification Number] 7393914260, REGON [National Official Business Register] 380074604 and the e-mail address: info@embryoswagyu.com – hereinafter referred to as the "Controller" and being the Website Service Provider at the same time.
-
Personal data on the Website are processed by the Controller under the effective provisions of the law, including but not limited to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as "GDPR". Official text of GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
-
It is allowed to use the Website, including the conclusion of contracts. Similarly, the provision of personal data by the Website Service Recipient connected with that use is voluntary, to the exclusion of the following two exceptions: (1) conclusion of contracts with the Controller – refusal to provide the personal data necessary to conclude and perform a contract of provision of Electronic Service or the Sale Contract with the Controller, in cases and to the extent specified in the Terms and Conditions of the Website and this privacy policy, will result in inability to conclude such a contract. In this case, the provision of personal data is a contractual requirement and if a data subject is willing to conclude a given contract with the Controller, they must provide the required data. The scope of the data required for the conclusion of a contract is always specified on the Website and in the Terms and Conditions of the Website beforehand; (2) statutory obligations of the Controller - providing personal data is a statutory obligation arising from the commonly governing law imposing the obligation to process the personal data on the Controller (e.g. data processing for the purpose of keeping tax or accounting books) and lack of such data renders performance of such obligations impossible for the Controller.
-
The Controller strives to protect the interest of the data subjects whose data are processed by it and, especially, guarantees that the data gathered by it are: (1) processed according to the law; (2) gathered for the specified lawful purposes and not subjected to further processing that is contrary to those purposes; (3) correct and adequate to the purposes for which they are processed; (4) stored in a form allowing to identify the data subjects, not longer than necessary to accomplish the purpose of processing and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
-
Taking into account the nature, scope, context and purposes of processing and the risk of the infringement of rights or freedoms of natural persons with various probability levels and scale of threat, the Controller implements proper technical and organisational measures for the processing to be carried out according to the said regulation and for the Controller to be able to prove it. In the case of need, those measures are subject to reviews and updates. The Controller applies technical measures preventing unauthorised acquisition and modification of the personal data sent electronically.
-
Any capitalised words, expressions and acronyms in this privacy policy (e.g. the Service Provider, the Website, the Electronic Service) are to be understood according to their definition as specified in the Terms and Conditions of the Website available on the pages of the Website.
-
BASIS FOR DATA PROCESSING
-
The Controller may process personal data in cases – and to the extent – in which at least one of the following conditions has been met: (1) the data subject expressed their consent to the processing of their personal data for one or more specific purposes; (2) the processing is required for performing a contract a party to which is the data subject or for taking action at the request of the data subject before the conclusion of a contract; (3) the processing is required for the fulfilment of the legal obligation burdening the Controller; or (4) the processing is required for purposes resulting from the legitimate interests pursued by the Controller or a third party, except for the situations where the interests or the fundamental rights and freedoms of the data subject, requiring protection of personal data, are paramount to the above interests, especially if the data subject is a child.
-
The processing of personal data by the Controller always requires the occurrence of at least one of the conditions specified in Point 2.1 of the privacy policy. Specific bases for the processing of the personal data of the Website Service Recipients by the Controller are indicated in the next point of the privacy policy – in relation to a given purpose of the processing of personal data by the Controller.
-
AIM, BASIS AND PERIOD OF DATA PROCESSING ON THE WEBSITE
-
The aim, period and the recipients of the data processed by the Controller result from the actions taken by a given Service recipient on the Website.
-
The Controller may process personal data on the Website for the following purposes, on the following bases and for the following period:
Purpose of data processing |
Legal basis for data processing |
Data storage period |
Performing a contract of provision of the Electronic Service, the Sale Contract or taking action at the request of the data subject before the conclusion of the above contracts |
Art. 6 Section 1 Letter b) of GDPR (performance of contract) – the processing is required for performing a contract a party to which is the data subject or for taking action at the request of the data subject before the conclusion of a contract; |
Data are stored for a period necessary for the performance of or by the termination or other expiry of the concluded Sale Contract or a contract of provision of the Electronic Service. |
Direct marketing |
Article 6 section 1 letter f) of GDPR (legitimate interest of the controller) - processing is necessary for the purposes arising from the legitimate interests of the Controller - consisting in taking care of the interests and good reputation of the Controller, its Website and aiming at providing Electronic Services and selling Products. |
Data are stored for the period in which the legitimate interest of the Controller exists, no longer, however, than for the period of prescription of the Controller's claims towards the data subject regarding the business activity conducted by the Controller. The prescription period is specified by the provisions of the law, especially the Civil Code (the basic prescription period for claims connected with the pursuit of business activity is three years and for sale contracts – two years). The Controller cannot process data for the purposes of direct marketing if the data subject expresses their effective objection in this respect. |
Marketing |
Art. 6 Section 1 Letter a) of GDPR (consent) – the data subject has expressed their consent to the processing of their personal data by the Controller for marketing purposes |
The data are kept until the withdrawal of the data subject's consent to further processing of their data for that purpose. |
Maintenance of books of accounts |
Art. 6 Section 1 Letter c) of GDPR in conjunction with Art. 74 Section 2 of the Accounting Act, consolidated text of 30 January 2018 (Journal of Laws of 2018, item 395) – processing is required for the fulfilment of the legal obligation imposed on the Controller |
The data are kept for the period required by the provisions of the law that make the Controller keep books of accounts (5 years counting from the beginning of the year following the financial year which the data pertain to). |
Establishment, pursuit or defence of claims the Controller may raise or which may be raised against the Controller |
Article 6 section 1 letter f) of GDPR (legitimate interest of the controller) - processing is necessary for the purposes arising from the legitimate interests of the Controller - consisting in establishment, pursuit or defence of claims the Controller may raise or which may be raised against the Controller. |
Data are stored for the period in which the legitimate interest of the Controller exists, no longer, however, than for the period of prescription of claims that may be raised against the Controller (the basic prescription period for claims against the Controller is six years). |
Use of the Website and ensuring its proper functioning |
Article 6 section 1 letter f) of GDPR (legitimate interest of the controller) - processing is necessary for the purposes arising from the legitimate interests of the Controller - consisting in operating and maintaining the Website. |
Data are stored for the period in which the legitimate interest of the Controller exists, no longer, however, than for the period of prescription of the Controller's claims towards the data subject regarding the business activity conducted by the Controller. The prescription period is specified by the provisions of the law, especially the Civil Code (the basic prescription period for claims connected with the pursuit of business activity is three years and for sale contracts – two years). |
Keeping statistics and analysis of traffic on the Website |
Article 6 section 1 letter f) of GDPR (legitimate interest of the controller) - processing is necessary for the purposes arising from the legitimate interests of the Controller - consisting in keeping statistics and analysis of traffic on the Website for the purpose of improvement of Website functioning and extension of provided Electronic Services and Product sale. |
Data are stored for the period in which the legitimate interest of the Controller exists, no longer, however, than for the period of prescription of the Controller's claims towards the data subject regarding the business activity conducted by the Controller. The prescription period is specified by the provisions of the law, especially the Civil Code (the basic prescription period for claims connected with the pursuit of business activity is three years and for sale contracts – two years). |
-
DATA RECIPIENTS ON THE WEBSITE
-
For the purposes of proper functioning of the Website, including for the purposes of proper provision of Electronic Services and performance of the Sales Contract by the Controller, it is necessary for the Controller to use services of third parties (e.g. software provider). The Controller uses exclusively services of processors who provide sufficient guarantees of implementation of the relevant technical and organisational safeguards so that the processing meets the requirements of GDPR and protects the rights of the data subjects.
-
The personal data can be transferred by the Controller to a third party, and the Controller assures that in such a case the transfer shall be carried out to a country ensuring proper protection level - compliant with GDPR, and the data subject will have an option to obtain a copy of his/her data. The Controller transfers the collected personal data only in the case and in the scope necessary to pursue the given purpose of data processing according to this privacy policy.
-
The Controller does not transfer the data in all cases and not all recipients or categories of recipients specified in the privacy policy - the Controller transfers the data only when it is necessary to pursue the given personal data processing purpose and only in the scope necessary to pursue it.
-
The personal data of the Website Service Recipients may be transferred to the following recipients or categories of recipients:
-
carriers/forwarders/courier brokers/entities operating the warehouse and/or the shipment process - in the case of a Buyer who concludes the Sales Contract on the Website with the Controller, choosing the Product delivery option by postal mail or courier mail, the Controller makes the collected personal data of the Buyer available to the selected carrier, forwarder or broker executing shipments based on the Controller's instruction, and if the shipment is carried out from an external warehouse - to the entity operating and warehouse and/or shipment process - in the scope necessary to deliver the Product.
-
entities providing electronic payment or card payment services - in the case of a Service Recipient who uses the electronic or card payment method on the Website, the Controller makes the collected personal data of the Service Recipient available to the entity providing the above payment methods on the Website upon the Controller's instruction in the scope necessary to process the payment of the Service Recipient.
-
providers of services supplying technical, IT and organisational solutions to the Controller, allowing the Controller to conduct the business activity, including the Website and Electronic Services provided via it (in particular, providers of computer software used to operate the Website, providers of electronic mail and hosting as well as providers of software for corporate management and technical support for the Controller) - the Controller makes the collected personal data of the Service Recipient available to the selected provider acting based on its instructions only if it is and in the scope necessary to pursue the given purpose of data processing according to this privacy policy.
-
providers of accounting, legal and advisory services, providing accounting, legal or advisory support to the Controller (including but not limited to the accounting office, legal office or debt collection office) - the Controller makes the collected personal data of the Service Recipient available to the selected provider acting based on its instruction if it is and in the scope necessary to pursue the given purpose of data processing according to this privacy policy.
-
-
PROFILING ON THE WEBSITE
-
GDPR imposes on the Controller the obligation to inform about automated decision-making, including profiling referred to in Art. 22 sections 1 and 4 of GDPR - at in least in these cases - essential information regarding terms of making such decisions as well as meaning and expected consequences of such processing for the data subject. Bearing this in mind, in this point of the privacy policy, the Controller presents information regarding possible profiling.
-
The Controller can use profiling on the Website for the purposes of direct marketing, but the decisions made on this basis by the Controller do not regard conclusion or refusal to conclude a contract or option to use Electronic Services on the Website. The effect of use of profiling on the Website may be, for instance, granting a discount to the given person, remining about unfinished actions on the Website, sending a proposal regarding a Product that may correspond to the interests or preferences of the given person or proposal of conditions better than the standard offer of the Website, Despite profiling, it is the given data subject who can make freely the decision if he/she wishes to use the discount or better conditions received in this mode and to make a purchase on the Website.
-
Profiling on the Website consists in automatic analysis or projection of behaviour of the given person on the Website, or analysis of the history of activities taken on the Website. The condition for such profiling is possession by the Controller of personal data of the given data subject to then send, for instance, a discount to such a person.
-
The data subject has a right not to be subject to a decision which is based solely on automated processing, including profiling, and causes legal effects for that subject or has a significant effect on that subject in a similar manner.
-
RIGHTS OF DATA SUBJECT
-
Right to access, rectification, restriction, erasure or transfer - the data subject can request the Controller to provide access to his/her personal data, to rectify them, erase them ("right to be forgotten") or restrict their processing and has the right to raise an objection against processing as well as to transfer the data. Detailed conditions of exercising the above rights are provided for in Art. 15-21 of GDPR.
-
Right to withdraw the consent at any time - the data subject whose data are processed by the Controller on the basis of granted consent (under Art. 6 section 1 letter a) or Art. 9 section 2 letter a) of GDPR), he/she has the right to withdraw such a consent at any time without effect on compliance with the law of the processing performed based on the consent prior to its withdrawal.
-
Right to submit a compliant to the supervisory authority - the data subject whose data are processed by the Controller can submit a compliant to the supervisory authority in the manner and mode specified in the provisions of GDPR and the Polish law, including but not limited to the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
-
Right to object - the data subject can raise an objection at any time - due to reasons connected with his/her specific situation - against processing of his/her personal data under Art. 6 section 1 letter e) (public interests or tasks) or f) (legitimate interest of the controller), including profiling under the said provisions. In such a case, the Controller will not be authorised to process the personal data anymore, unless it can prove existence of other legally justified bases for processing, superior towards the interests, rights and freedoms of the data subject or bases for establishment, pursuit or defence of claims.
-
Right to object to direct marketing - if personal data are processed for the purposes of direct marketing, the data subject may at any time object to the processing concerning his/her personal data for the purposes of such marketing, including profiling, in the scope in which the processing is connected with such direct marketing.
-
To exercise the rights referred to in this point of the privacy policy, the Controller can be contacted in writing or via electronic mail to the address of the Controller specified at the beginning of the privacy policy or using the contact form available on the Website.
-
COOKIES ON THE WEBSITE AND ANALYTICS
-
Cookies are small pieces of text information in the form of text files, sent by the service and saved on the side of the Website visitor (e.g. on the hard drive of the computer, laptop or memory card of the smartphone - depending on the device the Website visitor uses). Detailed information regarding Cookies as well as their history can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.
-
The Controller may process the data included in the Cookies when the users visit the Website for the following purposes:
-
identification of Service Recipients logged in on the Website and showing that they are logged in;
-
remembering data from the completed forms, surveys or logging data for the Website;
-
customisation of the Website content to the individual preferences of the Service Recipient (e.g. regarding colours, font size, page layout) as well as optimisation of Website use;
-
remarketing, i.e. studying the features of behaviour of the Website visitors through anonymous analysis of their actions (e.g. repeated visits on the specific websites, keywords, etc.) for the purpose of creation of their profile and supply of advertisements customised to their interests, also when they visit other websites on the Internet in the advertising network of Google Ireland Ltd. or Facebook Ireland Ltd.;
-
keeping anonymous statistics presenting the method of use of the Website.
-
-
Most Internet browsers available on market accept saving Cookies by default. You can set the terms of use of Cookies by means of settings of your browser. This means that it is possible to, for instance, restrict partially (e.g. temporarily) or disable in full the option of saving Cookies - in the latter case, however, it may affect certain functionalities of the Website.
-
The settings of the Internet browser regarding Cookies are significant from the point of view of consent for use of Cookies by our Website - according to the law, such a consent can be also granted through the Internet browser settings. If such a consent is denied, the settings of the browser regarding Cookies must be changes accordingly.
-
Detailed information regarding change of the Cookies settings and their individual deletion in the most popular Internet browsers are available in the help section of the website and on the following pages (click the given link):
Chrome browser
Firefox browser
Internet Explorer browser
Opera browser
Safari browser
Microsoft Edge browser
-
The Controller can use on the Website the Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller analyse the traffic on the website. The collected data are processed to generate statistics helpful in administration of the Website. These data are collective in nature The Controller, using the above services on the Website, collects such data as the source and medium of acquisition of the Browser visitors as well as their behaviour on the Website, information regarding devices and browsers from which they visit the page, IP and domain, geographical data and demographic data (age, sex) and interests.
-
Making information available to Google Analytics regarding behaviour of the given person of the Website may be easily blocked - to do this, install an add-on for the website made available by Google Ireland Ltd. here: https://tools.google.com/dlpage/gaoptout?hl=pl.
-
FINAL PROVISIONS
The Website may contain links to other websites. The Controller recommends reading the privacy policy of the website you enter. This privacy policy regards the Controller's Website only.