1.2. The controller of personal data collected via the Online Shop is the limited liability company NATURAL ELEMENT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw (registered office address and service address: ul. Biały Kamień 2/10, 02-593 Warszawa), entered in the Register of Entrepreneurs of the National Court Register under number KRS 0000578938; the registry court, where the files are kept for the company: District Court for the capital city of Warsaw in Warsaw, XIII Commercial Division of the National Court Register; share capital: PLN 105 000; NIP (taxpayer identification number): 5223039987, REGON (business statistical identification number): 362666425, e-mail: firstname.lastname@example.org -hereinafter referred to as the "Controller", and this company is concurrently the Service Provider of the Online Shop services and the Seller.
1.3. Any personal data of a User and a Customer are processed in accordance with the [Polish] Personal Data Protection Act dated 29 August 1997 (Dz.U. (journal of laws) of 1997 no. 133 item 883, as amended), (hereinafter referred to as: The Personal Data Protection Act and the Electronic Services Act dated 18 July 2002 (Dz.U. (journal of laws) of 2002 no. 144 item 1204, as amended).
1.4. The Controller will exercise all care in order to protect the interests of the data subjects and, in particular, ensure that the collected data is processed by the Controller in accordance with the law; collected for identified legitimate purposes and not processed further not in line with these purposes; correct and relevant in relation to the purposes for which they are processed and are stored in a form, which permits identification of data subjects no longer than it is necessary to achieve the purpose of the processing.
1.5. Any capitalised words, phrases and acronyms that appear in this site (e.g. Seller, Online Shop, Electronic Service) should be understood as defined in the Terms and Conditions of the Online Shop available on the pages of the Online Shop.
2. PURPOSE AND EXTENT OF THE COLLECTED DATA AND RECIPIENTS OF THE DATA
2.1. The purpose, extent and recipients of the data processed by the Controller are each time the outcome of actions taken by the User or the Customer in the Online Shop. For example, if the Customer opts for personal pick up instead of messenger service when placing the Order, their personal data will be processed with a view to conclude and perform the Contract of Sale, but they will not be made available to the carrier, which handles deliveries on behalf of the Controller.
2.2. Personal data of the Users or the Customer are collected by the Controller for the following purposes:
1.1.1. To enter and perform the Contract of Sale or the contract for the provision of Electronic Services (e.g. Account).
1.1.2. To run direct marketing of the Controller’s own products or services.
1.1.3. To have the Customer provide a review for the concluded Contract of Sale.
2.3. Personal data of the Users of the Online Shop may be forwarded to the following recipients:
1.1.4. When the Customer uses the postal service or messenger delivery method in the Online Shop, the Controller will forward the collected personal data of the Customer to the selected carrier or agent, which handles deliveries on behalf of the Administrator.
1.1.5. When the Customer uses the electronic or card payment method in the Online Shop, the Controller will forward the collected personal data of the Customer to the selected operator, which processes such payments for the Online Shop.
1.1.6. When the Customer has agreed to review the concluded Contract of Sale, the Controller will forward the collected personal data of the Customer to the selected operator, which processes reviews for the Contract of Sales entered via the Online Shop.
2.4. The Controller can process the following personal data of Users or Customers using the Online Shop: name and surname; e-mail address; contact telephone number; delivery address (street, house number, unit number, postcode, city/town, country), residential/business/registered office address (if different from delivery address). For non-consumer Users or Customers, the Controller can also process the company name and tax identification number (NIP) of the user or the Customer.
2.5. The provision of personal data listed in the above section may be necessary for the conclusion or performance of the Contract of Sale or the contract for the provision of Electronic Services via the Online Shop. The scope of data required to conclude a contract is always specified on the page of the Online Shop and in the Terms and Conditions of the Online Shop.
3. COOKIES AND OPERATIONAL DATA
3.1. Cookies are small items of text information in the form of text files. They are sent by the server and saved on the machine of the visitor to the Online Shop (for example, on your computer’s or laptop hard drive, or on smartphone’s memory card, depending on what device is used by the visitor of our Online Shop). For more details on Cookies and a bit of history see: https://en.wikipedia.org/wiki/HTTP_cookie.
3.2. When a visitor uses the Online Shop, the Controller can process data contained in Cookies for the following purposes:
1.1.7. to identify the Users as being logged in to the Online Shop and show that they are logged in;
1.1.8. to remember the Products added to the basket to be ordered;
1.1.9. to remember data filled in in an Order Form, survey or the Online Shop login information;
1.1.10. to customize the content of the Online Shop to preferences of the user (e.g. colour, font size, page layout) and optimize the use of pages in the Online Shop;
1.1.11. to make anonymous statistics on how the Online Shop is used.
3.3. Most web browsers available in the market accepts Cookies by default. Anyone may set the Cookies use conditions in the web browser settings. This means that the User can for example, partially limit (e.g. temporarily) or completely disable the saving of Cookies. In the latter case, however, this may affect some functionalities of the Online Shop (for example, it may be impossible to follow the entire ordering procedure through the Order Form as the Products will not be saved in the basket during the ordering steps).
3.5. The details on how to change settings for Cookies and have them removed in the most popular web browsers are available in the help section of the web browser and on the following websites (just click the link):
3.6. in Chrome
3.7. in Firefox
3.8. in Internet Explorer
3.9. in Opera
3.10. in Safari
3.11. in Microsoft Edge
3.12. The Controller processes anonymised operational data associated with your use of the Online Shop (IP address, domain) to generate statistics to assist in the administration of the Online Shop. This data is anonymous pooled data, i.e they do not contain any properties that identify visitors of the Online Shop. This data is not disclosed to any third parties.
4. GROUNDS FOR THE PROCESSING OF DATA
4.1. The provision of personal data is voluntary for the User or the Customer, but the failure to provide personal data required in the Online Shop or the T&C of the Online Shop that are necessary for the conclusion or performance of the Contract of Sale or the contract for the provision of Electronic Services will make it impossible to conclude such contract.
4.2. The processing of personal data of the User or the Customer is required for [the Seller or the Service Provider] to perform the contract or undertake actions requested by the User or the Customer prior to the conclusion of the contract. In the case that the data is processed for direct marketing purposes of the Controller’s own products or services, the grounds for such processing is (1) the prior consent of the User or the Customer, or (2) the serving of legally justified purpose by the Controller (in accordance with art. 23 par. 4 of the Personal Data Protection Act the legally justified purpose shall mean, in particular, direct marketing of the Controller’s own products or services).
4.3. In the case that the data is processed to obtain a Customer’s review concerning the Contract of Sale concluded, the grounds for such processing is the consent of the User or the Customer.
5. RIGHT TO REVIEW, ACCESS AND CORRECT THE DATA
5.1. A User or a Customer has the right to access and correct their personal data.
5.2. Any data subject has the right to inspect the processing of their data as contained in the dataset held by the Controller, including but not limited to the right to request to supplement, update or correct the personal data, temporarily or permanently suspend the processing or remove the data if they are incomplete, outdated, untrue or collected in violation of the act or are no longer necessary for the purpose for which they were collected.
5.3. In the case that the User or the Customer gives their consent to the processing of their data for the purposes of direct marketing of Controller’s products or services, such consent may be revoked at any time.
5.4. In the case, when the Controller intends to process or processes data of the User or the Customer for the purposes of direct marketing of their own products or services of the Controller, the data subject will also have the right to (1) personally request in writing to cease the processing of their data due to a particular situation of such data subject, or to (2) object that their data be so processed.
6. FINAL PROVISIONS
6.2. The Controller applies the technical and organisational measures to ensure the protection of the processed personal data as relevant to the risks and categories of protected data and, in particular, protects the data against their unauthorized disclosure, capture by an unauthorized person, illegal processing and against their modification, loss, damage or destruction.
6.3. The following technical measures are made available by the Controller to prevent unauthorised capture and modification of the personal data sent electronically:
1.1.12. Dataset protected against unauthorised access.
1.1.13. Login and password protected access to the Account.
1.1.14. SSL certificate.