With the disclosure to the business entity “A&M” RZEPA I WSPÓŁNICY SPÓŁKA JAWNA – personal data (and specifying the category of personal data of customers), which is related to making contacts to place an Order or placing an Order in the Online Store, it is indicated that:

  1. The administrator of personal data is the business entity “A&M” RZEPA I WSPÓŁNICY SPÓŁKA JAWNA, tax number: 5492440516, National Business Registry Number: 360835409, National Court Register: 0000544909, registered office address: ul. Szkolna 98, 32-641 Przeciszów, e-mail address: biuro@domkisauny.pl, website of the Online Store: https://domkisauny.pl
  2. personal data will be processed for the following purposes:
    1. conclusion of the Sales Agreement or taking actions necessary and clearly aimed at concluding the Sales Agreement and implementing the provisions of this Agreement, under which the data subject is a Party;
    2. enabling proper external communication with people showing interest in the offer of the Online Store, which is caused by the Administrator’s legitimate interest, and thus enabling communication with external entities;
  3. providing personal data when placing an Order is voluntary, but necessary to correctly place an Order in the Administrator’s Online Store, or to contact the Administrator;
  4. personal data may be made available in the scope of the procedure for performing and in order to perform the Agreement concluded with the Customer, to the following entities:
    1. providing accounting services for the Administrator necessary to meet the obligation of correct settlement;
    2. providing services in the field of shipping/delivery/transport of Products purchased in the Online Store;
  5. personal data are stored only for the period necessary to perform the Sales Agreement concluded with the Customer, and to ensure the necessary protection against possible claims;
  6. every person has the right to access their own personal data and has the right to rectify, delete and limit processing and also has the right to transfer their personal data and the right to object, as well as the right to withdraw consent at any time without affecting the legality of the consent made before its withdrawal;
  7. every person has the right to lodge a complaint with the competent supervisory authority as part of the protection of personal data, if he finds that the processing of data concerning that person may violate applicable provisions on the protection of personal data;
  8. ersonal data will not be subject to automated decision making and/or profiling;
  9. personal data will not be transferred by the Administrator outside the European Economic Area (EEA), but with the proviso that such an activity (transfer) may be carried out by suppliers (e.g. Microsoft) of global cloud services; authentication (MFA, Azure Active Directory) or cybersecurity are considered examples of global services; it should be noted that Microsoft performs transfers outside the European Economic Area using security mechanisms based on standard contractual clauses in accordance with art. 46 sec. 2 GDPR;
  10. very person has the right to lodge a complaint with the competent supervisory authority as part of the protection of personal data, if he/she considers that the processing of personal data concerning that person may violate the currently applicable provisions of law in the field of personal data protection.