PRIVACY POLICY FOR THE WEBSITE

WWW.LAVITA.PL  

  1. DOMINO POLSKA spółka z ograniczoną odpowiedzialnością entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, 9th Commercial Department of the National Court Register, under KRS number: 0000931550, NIP (Tax Identification Number): 8821005310, REGON (National Official Business Register number): 890277850, correspondence address: ul. Popiełuszki 14, 58-260 Bielawa, hereinafter referred to as the Controller, is the controller of personal data of the users of the website operating at the address lavita.pl, hereinafter referred to as the Website.
  2. The Controller has implemented appropriate safeguards and technical and organisational measures, including a Personal Data Protection Policy and procedures, and has trained its employees who process your personal data within the scope of their duties, in order to ensure an adequate level of personal data protection, having regard to the applicable legislation, including in particular the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR, the Act of 10 May 2018 on the protection of personal data, hereinafter referred to as the Act, and other relevant data protection legislation.
  3. The Controller has appointed a Data Protection Officer, namely the legal counsel Martyniusz Rak, e-mail address: iod@domino.pl.
  4. The following personal data is collected through the Website:
  5. first and last name, email address, telephone number - they may be processed when, as users of our Website (including customers or potential customers), you provide them by email, post or telephone contact, for the purpose of:
  • enabling contact with you if necessary in connection with the processing of your order,
  • providing you with answers to your questions regarding the offer on the Website,
  1. NIP (Tax Identification Number), residence/office/principal establishment address - this data is collected from businesses and individuals who request an invoice and have a NIP number, for the purpose of issuing an invoice, and in the case of natural persons who are consumers, a residence address is sufficient,
  2. your device's IP address or browser identifier - information resulting from the general principles of Internet connections, such as the IP address and other information contained in system logs, is used for technical and statistical purposes, including in particular for collecting general demographic information (e.g. about the region from which the connection is made),
  3. other potential data may be collected in the context of the conduct of specific cases or may be provided by you as a user of the Website (including as a customer or potential customer) via email, post or telephone contact.
  4. The Website uses the technology of cookies in order to adjust its functioning to your individual needs. Therefore, you can agree that the data and information you have entered will be remembered, so that it can be used the next time you visit the Website without having to enter them again. The owners of other websites will not have access to these data and information. If, on the other hand, you do not agree to the use of such functionalities, then please deactivate cookies in the options of your Internet browser.
  5. You, i.e. the data subjects, are the source of the personal data processed by the Controller.
  6. Legal bases for processing your personal data include:
  7. Article 6(1)(b) of GDPR, i.e. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  8. Article 6(1)(c) of GDPR, i.e. processing is necessary for compliance with a legal obligation to which the controller is subject, including in particular obligations under accounting, tax and archiving legislation;
  9. Article 6(1)(f) of GDPR, i.e. processing is necessary for the purposes of the legitimate interests pursued by the Controller, which is the establishment, assertion or defence of claims until they have become time-barred, or until the end of the relevant proceedings if they have been commenced within this period, which applies in particular to your possible claims relating to the orders placed or to the Controller's business activities, or

- where the above grounds do not apply -

  1. Article 6(1)(a) of GDPR, i.e. your consent to the processing of your personal data for one or more specific purposes.
  2. Providing your personal data is voluntary and each user of the Website decides whether and to what extent they wish to make use of the Controller's offer and services and provide their personal data, taking into account the terms resulting from the content of this Privacy Policy. Nevertheless, the provision of personal data is necessary for the purposes referred to in point 4 above, as well as a condition for the conclusion and performance of a sales or service agreement and its execution, and therefore the failure to provide such data results in the impossibility to conclude such agreement.
  3. In accordance with the principle of minimisation referred to in Article 5(1)(c) of GDPR, the Controller shall only process those categories of personal data which are necessary to achieve the purposes referred to in point 4 above.
  4. The Controller shall not make personal data available to third parties without your express consent. Without your consent, your personal data may be disclosed only to entities which are duly authorised under applicable laws, including in particular administrative authorities, tax authorities, law enforcement agencies and other authorised entities.
  5. Your personal data may be entrusted by the Controller for processing:
  6. to IT companies providing hosting services, maintaining Internet domains and servicing the computer systems used by the Controller,
  7. to the companies providing other services to the Controller, which are necessary for the Controller's day-to-day operations,

hereinafter jointly referred to as the Processors. In such situation, the Controller shall enter into data processing agreements with the Processors and the Processors shall process the entrusted personal data, but only for the needs, to the extent and for the purposes indicated in the data processing agreement.

  1. Your personal data shall not be transferred to third countries or international organisations within the meaning of the GDPR. Should such transfers take place, then you will be informed in advance and the Controller will apply the safeguards referred to in Chapter V of the GDPR.
  2. The Controller shall process personal data for the period necessary to achieve the purposes indicated in point 4 above. Personal data may be processed for a longer period than indicated in that point where such an obligation imposed on the Controller results from specific legal provisions (e.g. with regard to the retention of accounting and tax records) or from the Controller's legitimate interest referred to in point 7(c) above (i.e. for the period of the statute of limitations for claims or the end of the relevant proceedings if they have been initiated within the period of the statute of limitations), and where the service the Controller provides is of a continuous nature.
  3. As a data subject, you have the right:
  4. to be informed of the processing of your personal data in accordance with Article 12 of the GDPR,
  5. to access your personal data in accordance with Article 15 of the GDPR,
  6. to correct, complete, update, rectify your personal data in accordance with Article 16 of the GDPR,
  7. to erasure of your data (the right to be forgotten) in accordance with Article 17 of the GDPR,
  8. to the restriction of processing in accordance with Article 18 of the GDPR,
  9. to data portability in accordance with Article 20 of the GDPR,
  10. to object to the processing of personal data in accordance with Article 21 of the GDPR,
  11. not to be subject to profiling in accordance with Article 22 in conjunction with Article 4(4) of the GDPR,

taking into account the rules on the use and exercise of those rights under the provisions of the GDPR.

  1. In the case of the legal basis referred to in paragraph 7(d) above, the Customer shall have the right to withdraw their consent at any time without affecting the lawfulness of the processing based on the consent before its withdrawal.
  2. In addition to the rights referred to in the two preceding points, you have the right to lodge a complaint with a supervisory authority (i.e. the President of the Personal Data Protection Office - address: ul. Stawki 2, 00-193 Warszawa, e-mail: kancelaria@uodo.gov.pl, tel. +48 606 950 000) referred to in Article 77 of the GDPR, if you believe that the processing of your personal data by the Controller violates the provisions of the GDPR.
  3. Your personal data will not be subject to automated decision-making, including profiling, by the Controller within the meaning of the provisions of the GDPR.
  4. Any enquiries, requests and complaints relating to the processing of personal data by the Controller and to the exercise of rights referred to in points 14-15 above, hereinafter referred to as Requests, should be addressed to the following e-mail address of the Data Protection Officer: iod@domino.pl or in writing to the following address of the Controller: ul. Popiełuszki 14, 58-260 Bielawa.
  5. The Request must contain: the data of the person or persons concerned, the occurrence giving rise to the Request, as well as, if possible, the content of the request, the legal basis for the request and the expected manner of resolving the matter. Each identified security breach shall be documented and, in the event of the occurrence of cases specified in the provisions of the GDPR or the Act, information about such breach of data protection legislation shall be provided, if applicable, to the data subjects (i.e. you) and to the President of the Personal Data Protection Office.
  6. The provisions of this Privacy Policy shall apply, to the extent possible, mutatis mutandis to all persons with whom the Controller has a legal relationship and in relation to whom the Controller is also the controller of their personal data, including, in particular, customers, contractors and participants in competitions, loyalty programmes or partnership programmes organised by the Controller.
  7. In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply. In the event of any inconsistency between provisions of this Privacy Policy and the aforementioned regulations, the latter shall prevail.