1 Data controller and definitions
1.1 The administrator of the personal data of the Customers / Users of the Online Store is: Firma Handlowa LEAN Andrzej Leśniewski, phone: +48 884877700, NIP: 6491006793, REGON: 272604112.
1.2 You can contact the data administrator:
· 1.2.1 at the correspondence address: Oświatowa 44, 42-400 Zawiercie;
· 1.2.2 at the e-mail address: firstname.lastname@example.org
1.3 User - a natural person entering the website / pages of the Online Store or using the services or functionalities described in this Policy.
1.4 Customer - a natural person with full legal capacity, a natural person who is a Consumer, a legal person or an organizational unit without legal personality, which the law grants legal capacity, which concludes a Distance Sale Agreement with the Seller.
1.5 Online Store - a website run by the Seller, available at the following e-mail addresses (websites): leantoys.eu through which the Customer / User can obtain information about the Goods and their availability, and purchase the Goods or order the service.
1.6 Newsletter - information, including commercial information within the meaning of the Act of July 18, 2002. on the provision of electronic services (i.e. Journal of Laws 2019 item 123) from the Seller, sent to the Customer / User by electronic means; its receipt is voluntary and requires the consent of the Client / User.
1.7 Account - a set of data stored in the Online Store and in the Seller's ICT system regarding a given Customer / User as well as orders placed by him and concluded contracts, with the use of which the Customer / User may place orders and conclude contracts.
2 Purposes, legal bases and time of data processing
2.1 In order to implement the Distance Sale Agreement, the Seller processes:
· 2.1.1 information on the User's device to ensure the correct operation of the services: computer IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data on activity on the Website, including individual subpages.
· 2.1.2 information on geolocation, if the User has consented to the access of the service provider to geolocation. Geolocation information is used to provide you with more customized product and service offers.
2.2 This information does not contain data on the identity of the Users, but, in combination with other information, may constitute personal data and, therefore, the Administrator provides them with full protection under the GDPR.
2.3 This data is processed in accordance with Art. 6 sec. 1 lit. b GDPR, in order to provide the service, i.e. a contract for the provision of electronic services in accordance with the Regulations and in accordance with art. 6 sec. 1 lit. a GDPR in connection with the consent to the use of certain cookies or other similar technologies, expressed by the appropriate settings of the web browser in accordance with the Telecommunications Law or in connection with the consent to geolocation. The data is processed until the end of the User's use of the Online Store.
3 Administrator's marketing activities
3.1 On the website of the Online Store, the Controller may post marketing information about its products or services. Displaying this content is made by the Administrator in accordance with art. 6 (1) (f) of the GDPR, in accordance with the Controller's legitimate interest in the publication of content related to the services provided and the content of promotional campaigns in which the Controller is involved. At the same time, this action does not violate the rights and freedoms of Users, Users expect to receive similar content, and even expect it or it is their direct purpose of visiting the website / pages of the Online Store.
4 Recipients of user data
4.1 The Administrator discloses the personal data of users only to processing entities under the concluded contracts for entrusting the processing of personal data in order to provide services to the Administrator, e.g. hosting and operating the Website, IT services, marketing and PR services.
5 Sending personal data to third countries
5.1 Personal data will not be processed in third countries.
6 Rights of data subjects
6.1 Every data subject has the right:
· 6.1.1 access (Article 15 of the GDPR) - obtaining confirmation from the Administrator whether its personal data is processed. If data about a person is processed, he is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, about the period of data storage or the criteria for determining them, on the right to request rectification, deletion or limitation of the processing of personal data due to the data subject and to object to such processing;
· 6.1.2 to receive a copy of the data (Article 15 (3) of the GDPR) - to obtain a copy of the data subject to processing, the first copy being free of charge, and the Administrator may charge a reasonable fee for subsequent copies, resulting from administrative costs;
· 6.1.3 for rectification (Article 16 of the GDPR) - requesting rectification of incorrect personal data concerning her or supplementing incomplete data;
· 6.1.4 to delete data (Article 17 of the GDPR) - requests to delete their personal data, if the Administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing;
· 6.1.5 to limit processing (Article 18 of the GDPR) - requests to limit the processing of personal data, when:
o 126.96.36.199 the data subject questions the correctness of personal data - for a period allowing the Administrator to check the correctness of such data,
o 188.8.131.52 the processing is unlawful and the data subject opposes their removal, requesting the restriction of their use,
o 184.108.40.206 The administrator no longer needs these data, but they are needed by the data subject to establish, assert or defend claims,
o 220.127.116.11 the data subject has objected to the processing - pending verification whether the legitimate grounds of the controller override those of the data subject;
· 6.1.6 to transfer data (Article 20 of the GDPR) - to receive personal data concerning it in a structured, commonly used machine-readable format, which it provided to the Administrator, and request to send this data to another Administrator, if the data is processed on the basis of the consent of the person the data subject or the contract concluded with it and if the data is processed in an automated manner;
· 6.1.7 to object (Article 21 of the GDPR) - to object to the processing of their personal data for the legitimate purposes of the administrator, for reasons related to its particular situation, including profiling. Then the Administrator assesses the existence of valid, legitimate grounds for processing that override the interests, rights and freedoms of data subjects, or the grounds for establishing, investigating or defending claims. If, according to the assessment, the interests of the data subject are more important than the interests of the administrator, the Administrator will be obliged to stop processing data for these purposes;
· 6.1.8 to withdraw consent at any time and without giving any reason, but the processing of personal data carried out before the withdrawal of consent will still remain lawful. Withdrawal of consent will result in the Administrator ceasing to process personal data for the purpose for which the consent was given.
6.2 In order to exercise the above-mentioned rights, the data subject should contact the Administrator using the contact details provided and inform him about which right and to what extent he wants to exercise.
7 President of the personal data protection office
7.1 The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection with its seat in Warsaw, ul. Stawki 2, which can be contacted as follows:
· 7.1.1 by post: ul. Stawki 2, 00-193 Warsaw;
· 7.1.2 via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;
· 7.1.3 Helpline: 606-950-0000.
8 Data protection officer
8.1 In each case, the data subject may also contact the Data Protection Officer directly by e-mail or in writing to the Data Administrator's address provided in point. 2.
10.1 The online store performs the functions of obtaining information about customers, users and their behavior in the following way:
· 10.1.1 by voluntarily entering information in forms for purposes resulting from the function of a specific form;
· 10.1.2 by saving cookies in end devices (so-called "cookies");
· 10.1.3 by collecting web server logs by the hosting operator of the Online Store (necessary for the proper operation of the website).
10.2 Cookies (so-called cookies) are IT data, in particular text files, which are stored on the Customer's / User's end device and are intended for using the Online Store website. Cookies usually contain the name of the website they come from, the storage time on the end device and a unique number.
10.3 Cookies are used for the following purposes:
· 10.3.1 creating statistics that help to understand how the Customers / Users of the Online Store use websites, which allows improving their structure and content;
· 10.3.2 maintaining the Client / User session (after logging in), thanks to which the Client / User does not have to re-enter the login and password on each subpage of the Online Store;
· 10.3.3 determining the Customer's profile in order to display product recommendations and matched materials in advertising networks, in particular the Google network.
10.4 Software for browsing websites (web browser) usually allows cookies to be stored on the end device of the Client / User by default. Clients / Users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies.
10.6 Cookies placed on the Client's / User's end device may also be used by advertisers and partners of the Online Store cooperating with the Online Store.
10.7 Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the manner in which the Customer uses the Online Store. For this purpose, they may keep information about the Customer's navigation path or the time spent on a given page.
10.8 The customer may refuse to consent to the processing of cookies by not accepting the consent to their processing displayed on the website (this may result in incorrect operation of the Online Store website).
10.10 On the website of the Online Store there are plugins that can transfer data of Customers / Users to Administrators such as: Facebook, Google, Instagram, LinkedIn, YouTube, Salesmanago, Gemius.
10.11 In order to correctly implement the Distance Selling Agreement, the Administrator may share the data of Customers / Users with courier entities. The currently available delivery methods in the Online Store are available at https://leantoys.eu/Shipping-Methods-cinfo-eng-15.html.
10.12 In order to correctly implement the Distance Selling Agreement, the Administrator may make the data of Customers / Users available to online payment systems. The currently available payment methods in the form of prepayments in the Online Store are available at https://leantoys.eu/Terms-of-Service-cinfo-eng-14.html.
11.1 The customer may consent to receive commercial information by electronic means by selecting the appropriate option in the registration form or at a later date in the appropriate tab. If such consent is given, the Customer / User will receive the information (Newsletter) of the Online Store, as well as other commercial information sent by the Seller to the e-mail address provided by him.
11.2 The Customer may at any time opt out of receiving the Newsletter on his own by checking the appropriate box on his Account page or by going to the form https://leantoys.eu/newsletter.php, clicking the appropriate link in the content of each Newsletter or via the Office Customer Service.
12.1 The Customer may not post in the Online Store or provide the Seller with any content, including opinions and other illegal data.
12.2 The Client / User gains access to the Account after registration.
12.3 As part of registration, the Customer / User provides the account type or gender, name, surname, company name, tax identification number, data for issuing a sales document, shipping data, e-mail address and chooses a password. The Customer / User ensures that the data provided by him in the registration form is true. Registration requires reading the Regulations carefully and marking on the registration form that the Customer / User has read the Regulations and fully accepts all its provisions.
12.4 When the Customer is granted access to the Account, an agreement for the provision of electronic services relating to the Account is concluded for an indefinite period between the Seller and the Customer. The consumer may withdraw from this contract on the terms set out in the Regulations.
12.5 Account registration on one of the websites of the Online Store means also registration enabling access to other websites where the Online Store is available.
12.6 The Customer / User may terminate the contract for the provision of electronic services at any time with immediate effect, informing the Seller about it via e-mail or in writing to the address of the Data Administrator provided in point. 2.
12.7 The Seller has the right to terminate the contract for the provision of services regarding the Account in the event of cessation of the provision or transfer of the Online Store service to a third party, breach by the Customer / User of the law or the provisions of the Regulations, and in the event of inactivity of the Customer / User for a period of 6 months. The contract is terminated with a seven-day notice period. The Seller may stipulate that re-registration of the Account will require the consent of the Seller.