of the website available at konopkashoes.com
Privacy protection principles
According to GDPR, personal data is equal to any information about an identified or identifiable natural person (i.e. a specific adult or child), such as e.g. name and surname or identification number.
The data controller ensures that your data is processed in accordance with the law, including:
the provisions of the Regulation of the European Parliament and of the Council of the European Union 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /EC (general regulation on data protection; hereinafter referred to as: "GDPR");
the provisions of the Act of 16 July 2004 regarding the Telecommunications Law;
the provisions of the Act of 10 May 2018 on the protection of personal data;
the provisions of the Act of 18 July 2002 on providing electronic services.
Furthermore, the controller ensures protection of your personal data by applying appropriate organisational and technical measures aiming at preventing interference with the privacy of users by third parties.
The data controller, bearing in mind the assumptions of Article 5 of GDPR, applies the following principles when processing data: compliance with the law, fairness and transparency, purpose limitation, data minimisation, correctness, storage restrictions as well as integrity and confidentiality, and adequacy in relation to the purpose of processing.
The website use is protected with a secure SSL protocol, which significantly increases data protection on the Internet (a special standard of data transmission on the Internet, in which the transmission is encrypted, as opposed to regular transmission, where the transmission takes place as open text).
The Controller of your Personal Data is Klaudia Konopka, managing a business with the following name: FIRMA HANDLOWA KLAUDIA - Konopka Klaudia, Stanisław Dolny 400A, 34-130 Kalwaria Zebrzydowska, VAT ID: 5512567988, REGON (Registration No.): 121029493, email: firstname.lastname@example.org phone:+48 515-462-139
The data controller acts with due care so that no violation in the protection of personal data is committed, which in the light of GDPR is understood as a security breach leading to accidental or unlawful destruction, loss, modification, unauthorised disclosure or unauthorised access to personal data sent, stored or otherwise processed.
Personal data processing
Your personal data is processed by the Controller in line with the applicable laws,
for the following relevant purposes - depending on what feature of the website or what service the data subject uses or has used (because these data is obtained solely from the user's activity on the Controller's website, and its scope depends on which services or features the user decided to use and which services and features were/are/will be available on the website at the time of the said user activity; therefore, only relevant and adequate data is processed, in line with the principles indicated at the beginning, and related only to the user's activity and not going beyond this activity):
respectively, pursuant to Article 6 (1)(a) of GDPR:
in order to carry out a free subscription service to the Data Controller's newsletter;
respectively, pursuant to Article 6 (1)(b) of GDPR:
in order to use the features of the Website;
in order to conclude an agreement remotely with the Controller or to take action at the request of the data subject, before concluding an agreement remotely with the Controller;
in order to fulfil the obligations of the agreement; including for the purpose of providing services regarding the account and solving technical problems, as well as contacting the user in connection with its implementation;
respectively, pursuant to Article 6 (1)(c) of GDPR:
in order to fulfil legal obligations resulting from the generally applicable provisions which are binding for the Controller: including for accounting and tax purposes; in order to fulfil the obligations regarding complaints (processing complaints and claims) regarding agreements concluded via the website; in order to provide information at the request of an official state authority on the basis of specific regulations, e.g. the police, prosecutor's office, court;
respectively, pursuant to Article 6 (1)(f) of GDPR due to the legitimate interest of the Controller in the form of the following purposes:
in order to possibly establish, investigate or defend against claims of data subjects (including the purpose of debt collection, conducting court proceedings and then enforcement proceedings);
for archiving purposes to secure information, i.e. agreements and billing documents, if any (due to the fulfilment of the accountability obligation resulting from GDPR);
for analytical purposes, i.e. to choose services matching the needs of users; optimising our products based on user feedback, user interest, application technical logs; optimising service processes based on the sales and after-sales service processes, including complaints (possessing information about statistics of the activities carried out by the Controller makes it possible for it to improve business);
in order to offer the Controller's products and services directly to users (marketing or direct offer of products and services (marketing) of companies cooperating with the Controller (Controller's business partners) without the use of electronic communication means (the legitimate purpose is to conduct marketing activities promoting the business or other entities)
in order to offer the Administrator's products and services directly to users (marketing or to offer directly products and services (marketing) of companies cooperating with the Administrator (Administrator's partners) with the use of electronic communication means - whereas these activities due to other applicable regulations, in particular the Telecommunications Law and the Act on the provision of electronic services, are carried out only on the basis of relevant consents, provided that such consents have been obtained.
to test user satisfaction and determine the quality of our customer service;
to ensure security and prevent violations and fraud;
to organise promotional campaigns, loyalty programs and activities in which users can participate;
in order to handle requests sent using the contact form, other requests, including ensuring accountability, as long as the given forms are available on the website at a given period (for the legitimate purpose of responding to requests and enquiries sent through the contact form or using another method, including storage of such requests and replies for the purposes of maintaining the principle of accountability).
As noted above, user data is related to their activity on the website, and therefore all data from website users is collected in two ways:
information provided voluntarily by the user - providing such data takes place by filling out the appropriate registration and contact forms, if they are available on the website; if the provision of required data is a condition for the conclusion of an agreement, the category of such data (e.g. email) is adequately described;
information obtained while using the website - such information may include:
information in server logs - the Administrator's server saves such data as page requests sent by the user, date and time of the request and response, device data (e.g. device model), browser type, browser language, operating system type automatically,
information collected by the Google Analytics tool in the process of monitoring website visit statistics,
IP address - each computer connected to the Internet has a unique number assigned, i.e. an IP address; on its basis, you can, for instance, identify the country from which a given user connects to the Internet,
text files ("cookies") sent to the user's computer when visiting a website;
server logs - by collecting web server logs by the hosting operator functioning at the website address.
In line with the provisions of the applicable laws, depending on the scope and purpose of the processed data, such data may be transferred to other entities that will process them, within the scope of the given purpose of processing, respectively:
in the case of the Controller providing a service or supply (sale) of items other than by electronic means, but by means of an agreement concluded remotely, entities providing post or courier services, if the subject of the agreement is to be shipped/delivered by traditional methods; banks or entities managing electronic payment systems, if it is necessary to make financial settlements; entities supporting the Controller in activities carried out on its behalf in order to perform the agreement; entities providing legal assistance - in order to exercise the rights provided for by law, secure rights and pursue claims under the agreement;
in each case, state authorities or other entities authorised under the provisions of the law, in order to fulfil obligations imposed on the Controller by the applicable laws, e.g. the police, prosecutor's office, tax office;
entities providing marketing services - to support the Controller in promoting goods, organizing promotional campaigns, loyalty programs and other campaigns;
entities handling ICT systems and providing IT services - in terms of maintaining the correct operation of systems, updating and fixing them as well as introducing or improving features;
entities supporting the Controller's activities at its request - including suppliers of external systems - in order to support, improve or develop the Controller's activities;
if personal data is processed for a specific purpose, taking into account what features are (were) available on the website, respecting the principles of data processing and specified in GDPR, as well as the period for which certain data may be stored.
The data is subject to being shared to external entities only in line with principles and restrictions provided for by the law.
Data storage period
Personal data is stored for a period no longer than it is necessary to achieve the objectives described above - including the proper functioning of the Controller's activities, taking into account the limitation periods for claims and the period justified by the need to store accounting documentation in line with the provisions of the applicable laws, the provisions of law obliging the Controller to store documents (taking into account the limitation period for tax obligations), while respecting the principle of accountability. This is done as follows:
data contained in agreements, proxies and annexes to such agreement is stored for a period of up to three months after the expiry of the limitation period for claims resulting from the agreement;
data provided using the available forms on the website is stored for a period of three years in order to respect the principle of accountability;
documents related to the warranty and the complaints will be kept for a period of one year after expiry of the warranty period or the period required for processing a complaint, depending on which of these circumstances occurs later, unless the period described in point (a) lapses earlier due to the claim limitation period;
data for marketing purposes in the case of data processing on the basis of a consent provided for by the law - will be stored until the consent is withdrawn; whereas in the case of processing such data on the basis of the legitimate purpose of the Controller - until an objection is raised.
At the same time, the Controller informs that in line with Article 118 of the Civil Code, unless a special provision provides otherwise, the limitation period is ten years, and for claims regarding periodic provisions and claims related to managing a business - the limitation period is three years. In line with Article 74 item 2 point 4 of the Accounting Act, accounting documents relating to fixed assets under construction, loans, credit facilities and commercial contracts, claims filed in civil, criminal and tax proceedings, are stored for a period of 5 years from the beginning of the year following the financial year in which the operations, transactions and procedures were completed, repaid, settled or expired,
Rights related to data processing
The Controller also informs the data subject as follows:
the existence of the right of the data subject to request the Controller to provide access to and the possibility of rectification or deleting personal data or restriction of processing or to object to processing as well as the right to data transfer;
that if the processing takes place on the basis of a declaration of consent (legal basis, respectively: Article 6 (1)(a) or Article 9 (2)(a)) - the person expressing such a consent has the right to revoke it at any time, without affecting the lawfulness of data processing which was carried out on the basis of the consent before its revoking;
data provision is voluntary. Failure to provide the data necessary to conclude an agreement remotely, which is also necessary for the settlement of the Controller's business activity - i.e. failure to provide the data marked as necessary to conclude an agreement remotely via the website may prevent the conclusion of such an agreement (providing this data is a precondition for concluding the agreement). In the remaining scope, failure to provide data (or individual data components) may hinder or prevent the proper performance of other features or services available on the website.
the existence of a right of submitting a complaint to the supervisory body — the President of the Office for Personal Data Protection;
at the end of the storage period personal data will be deleted in accordance with the law;
to facilitate the use of the website while browsing it;
to later recognise the user in the event of re-connection of the website with the device on which they were saved;
to create statistics which help in understanding how the website users browse the pages which allows for the improvement of their structure and content;
to adjust the content of the website to specific user preferences and optimise user experience, tailored to the individual needs of the user.
The website uses the following types of cookies: "session" cookies are stored on the user's end device until logging out, leaving the website or closing the web browser; "persistent" cookies are stored on the user's end device for the time specified in the cookie parameters or until their deletion by the User; "performance" cookies enable the collection of information on the use of the website; "necessary" cookies enabling the use of services available on the website; "functional" cookies enabling the user to remember settings and personalisation of the user interface; "own" cookies posted by the website; "third party" cookies coming from a different external site than the Website.
The Controller hereby explains that this information is in no way combined with the personal data of the website user, and is not used to determine the user's identity. The extent of automatically collected data depends on the user's Internet browser settings. It is therefore recommended that the user checks the settings of their browser to find out what information is provided by it automatically or in order to change these settings. For this purpose, the user can read the "Help" section of the web browser used.
The Controller also explains that it is possible to change the conditions of storing or receiving cookies by changing the configuration of settings in web browsers, for example:
- in Internet Explorer
- in Microsoft Edge
- in Mozilla Firefox
- in Chrome
- in Opera
- in Safari
The web browser usually allows cookies to be stored by default on the User's end device. The website users can therefore change the settings in this regard. The web browser also makes it possible to delete cookies, as well as the possibility to automatically block cookies. Detailed information on cookies is included in the settings or documentation of the web browser used by the user. It should be noted that disabling cookies necessary for authentication processes, security or maintaining user preferences, if they exist on the website, may make it difficult and in extreme cases, also prevent the use of the website (or website functionality).
In addition, the Administrator explains that information about some of the users is subject to logging in the server layer. The data is used solely for the purpose of managing the site and to provide the most efficient hosting services. The browsed resources of the website are identified by URL addresses. In addition, the following may be saved: public IP address of the computer from which an enquiry was sent (it may be directly the user's computer); name of the customer's station - identification performed by the http protocol, if possible; user name provided in the authorization process, time of arrival of the enquiry, first line of the http request, http response code, bytes sent by the server, URL address of the page previously visited by the user (referrer link) - if the Controller's website was accessed via a link, information about the user's browser, information about errors that occurred during the execution of the HTTP transaction. The above data is not associated with specific users browsing the website. The above data is used solely for server administration purposes.
Data Processing Control
The Controller will make every effort to ensure all measures of physical, technical and organisational protection of personal data against their accidental or deliberate destruction, accidental loss, change, unauthorised disclosure, use or access, in accordance with all applicable provisions of the law.