Privacy
Privacy policy
25 of May 2018
- INTRODUCTION
The purpose of this Privacy Policy is to present the rules for the processing and protection of personal data resulting from the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 /WE (General Data Protection Regulation - RODO).
- PERSONAL DATA ADMINISTRATOR
Barbara Mikuła is the administrator of your personal data operating under the company Mystic Production Sp. z o.o., Minoga 127, 32-046 Minoga, PL5130261894, numer REGON: 384087213, 32-046, Skała post office, contact phone: 12 38 915 10., e-mail address: rodo@mystic.pl. The administrator makes decisions about the purposes and methods of processing your data and is responsible for the security and lawfulness of the processing of your data. If you have any questions or concerns regarding the protection of your personal data, please contact the administrator using the contact details provided above.
The administrator is the owner of the Mystic Production brand and runs an e-shop, available at the website www.mystic.pl
- RULES FOR THE PROCESSING OF PERSONAL DATA
The administrator makes every effort to ensure that your personal data is properly protected and processed in accordance with the law. The data processing rules are as follows.
Personal data must be:
- processed lawfully, fairly and transparently for the data subject ("lawfulness, fairness and transparency");
- collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with these purposes; ("Purpose limitation");
- adequate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimization");
- correct and, if necessary, updated; all reasonable steps must be taken to ensure that personal data that are incorrect in view of the purposes for which they are processed are immediately deleted or rectified ("correctness");
- kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the data are processed ("storage limitation");
- processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures ("integrity and confidentiality").
- HOW DO WE OBTAIN THE DATA WE PROCESS?
We collect the data directly from you when you register as an E-shop User and when you place an order. You can also provide us with your data when you simply contact the Administrator, e.g. in order to obtain information.
- WHAT CATEGORIES OF DATA DO WE PROCESS?
The scope of data that we process depends on the service provided by the Administrator you use.
If you register as an E-Store User, the scope of data that we ask you to provide includes your name, surname, address (city where you live, zip code, street and house or apartment number), e-mail address, telephone number and also login and password that you create yourself.
You can also provide us with your fax number, and if you act as an entrepreneur - the name of your company.
- FOR WHAT PURPOUSE AND ON WHAT BASIS WE PROCESS DATA?
We process your data primarily because it is necessary to provide the service you are interested in - keeping your User account, including enabling you to track the status of orders and create a history of your orders and the execution of orders placed by you.
The basis for the processing of personal data is primarily your consent. It is voluntary, but it is necessary for us to initiate a proper service.
In particular, your personal data is necessary for such activities as concluding a contract (which occurs as a result of placing an order or registering on the website), sending the ordered goods or issuing an invoice. We can also process personal data in order to contact you in connection with the implementation of the order and in connection with the handling of the possible complaint process.
After concluding the contract, we may process your data, the processing of which is necessary to perform the contract.
If you give additional consent by checking the appropriate box in the registration form, we may also process your personal data for marketing purposes, i.e. to inform you about new products, services and promotions offered by the Administrator.
If you give additional consent by checking the appropriate box in the registration form, we may also process your data in order to profile the presented and delivered marketing content and to automatically suggest solutions tailored to the individual needs of the User.
If you give your consent, your personal data will also be processed in an automated manner, also in the form of profiling. This processing is carried out by the automatic use of data collected via the IP address, cookies, Google Analytics and data automatically transmitted by your web browser in order to best adapt the presented and transmitted content to your needs and to facilitate navigation on the website (e.g. by automatic completion of data in form fields on the website).
You can revoke your consent to the processing of personal data at any time by sending an e-mail to the following address: rodo@mystic.pl,
If you withdraw your consent to the processing of personal data necessary for the provision of a given service, for which your consent is required, we will not be able to provide this service.
We can also process your data due to our legitimate interest (e.g. defense against legal claims), as well as if the processing is necessary to fulfill the legal obligation incumbent on the administrator, for example resulting from tax regulations.
- COOKIES
The mystic.pl website uses cookies.
As a rule, cookies do not constitute personal data, but certain information stored in "cookies" (e.g. regarding preferences), especially when combined with other information about the website user, may be treated as personal data. Such personal data may be processed on the basis of the consent granted regarding the automatic suggestion of solutions referred to above.
Details on cookies are contained in the Regulations on the use of cookies, available at: https://www.mystic.pl/Regulamin-cterms-pol-18.html
- HOW LONG DO WE KEEP YOUR PERSONAL DATA?
After completing the order, the personal data provided by you may be further stored for the time necessary to consider and settle applications regarding the completed order, to provide services related to account management (in the case of registration on the website) and to provide the ordered marketing information. If you revoke your consent to the processing of data, or submit an effective objection, we will no longer process the data to the extent to which the revoked consent or effective objection related.
We may store your personal data until the expiry of the limitation period for any claims related to the selected service.
- DATA RECIPIENTS
As a rule, we do not transfer your personal data to third parties. However, we can do this if we conclude an agreement with a given entity to entrust the processing of personal data. Before doing so, we must make sure that this entity guarantees that all data processing security requirements are met. We may also transfer your personal data to entities cooperating with us (e.g. to legal offices), if it turns out to be necessary in connection with our legitimate interest, e.g. in the field of bringing or defending against legal claims. We may also transfer your data to a competent state authority body, if this authority requests it, acting on the basis of applicable law.
In order to fulfill your order, the personal data provided may be transferred to entities providing services in the field of parcel delivery and to companies servicing information processing systems with which we operate (e.g. entities maintaining our website). The data provided by us will take place only for the purpose of executing your order and providing marketing information - if you have given your consent.
Your personal data, as a rule, will not be transferred outside the European Economic Area, unless such transfer will result from automated data processing for which you have consented; in the latter case, the Controller will make sure that the service used meets the requirements of the GDPR.
- YOUR LAWS
General Data Protection Regulation (RODO) has significantly expanded the catalog of rights that you are entitled to.
Right to access your personal data
You have the right to obtain information about your personal data that we process in connection with the following problems:
- what are the purposes of processing personal data;
- what are the categories of relevant personal data;
- who is the recipient / categories of recipients to whom personal data have been or will be disclosed, in particular recipients in third countries or an international organization (in this case, you have the right to be informed about the appropriate safeguards related to the transfer);
- what is the expected period of storage of your personal data or what are the criteria for determining this period;
- additional information on the right to rectify, delete, limit processing, and object to the processing of personal data;
- additional information on the right to lodge a complaint with the supervisory body - the President of the Personal Data Protection Office;
- whether your personal data is used in the process of automatic decision-making, including profiling, and what are the rules for making these decisions and what is the significance and consequences of such processing;
You have the right to request a copy of the personal data processed by the Data Administrator.
Right to withdraw the consent
You have the right to withdraw your consent to the processing of personal data. However, it should be remembered that the withdrawal of consent will only affect the data the processing of which is based on consent and does not affect the lawfulness of the processing carried out prior to the withdrawal of consent.
Right to rectification
You have the right to correct your personal data that is incorrect and to supplement it if necessary. You should immediately notify the Data Controller if this data changes and the Data Controller corrects it.
Right to removal ("right to be forgotten")
You have the right to delete your personal data in the following situations:
- personal data are no longer needed in relation to the purposes for which they were collected or otherwise processed by the Data Administrator;
- you have withdrawn your consent on which the processing is based and there is no other legal basis for the processing;
- you have objected or objected to the processing (see below)
- personal data has been processed unlawfully;
- personal data must be deleted in order to comply with a legal obligation;
This means that the Data Controller will delete the data if there is no reason to further process it.
Right to restriction of processing
You have the right to demand that the processing of your data is restricted. You can ask the Data Administrator to stop processing certain types of data or to stop processing them in a specific way, if:
- your personal data is incorrect;
- the processing of your personal data is unlawful;
- your personal data is no longer needed for the purposes of processing, but is needed for the establishment, exercise or defense of legal claims;
- you have objected to the processing of your personal data (see below).
Right to data portability
You have the right to receive personal data that we process. In this case, the Data Administrator will send a copy of the files with this data in a structured, commonly used and machine-readable format so that you can transfer it to another entity. You can also ask the Data Administrator to transfer files directly to that other entity.
Right to object
You have the right to object to the processing of your data due to your being in a special situation. The administrator is no longer allowed to process this personal data, unless he demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing. for the purposes of direct marketing, personal data may no longer be processed for such purposes.
Right to lodge a complaint
If it is found that the processing of personal data violates your rights, you have the right to lodge a complaint with the President of the Office for Personal Data Protection.
The administrator encourages you to contact him first and make a joint attempt to explain and resolve the situation. We kindly ask you to contact us at the following e-mail address: rodo@mystic.pl
- FINAL PROVISIONS
This Privacy Policy is valid since 25 of May 2018. It can be amended by the Data Administrator who will inform you of such changes.