DEFINITIONS
Administrator – Ireneusz Gralik conducting business activity under the name: “Ireneusz Gralik” with
its registered office in Warsaw 03-289, Kąty Grodziskie 19 c/46, NIP 554-040-11-88, REGON
090391460 Personal data: any information relating to an identified or identifiable natural person
through one or more factors specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person, including the IP address of the device, location data,
online identifier and information collected through cookies and other similar technology. GDPR:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 7 April 2016 on the
protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC. Service: service available at
hps://gralik.pl User: any natural person visiting the Website or using one or more of the services or
functionalities made available on the Website. Policy: this Privacy Policy.
PROCESSING OF DATA IN CONNECTION WITH THE USE OF THE WEBSITE
In connection with the User’s use of the Website, the Administrator collects data to the extent
necessary to provide individual services offered on the Website, as well as information about the
User’s activity on the Website. Detailed rules and purposes of the processing of personal data
collected during the User’s use of the Website are described below.
PURPOSES AND LEGAL BASIS FOR DATA PROCESSING ON THE WEBSITE
Use of the Service Personal data of all persons using the Website (including IP address or other
identifiers and information collected through cookies or other similar technologies) who are not
registered Users (i.e. persons who do not have an account or profile on the Website) are processed by
the Administrator:
– for analytical and statistical purposes – then the legal basis for the processing is the legitimate
interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses of the Users’
activity, as well as their preferences, in order to improve the functionalities used and the services
provided; – in order to possibly establish, pursue or defend against claims
– the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the
GDPR) consisting in the protection of its rights;
– for marketing purposes of the Administrator and other entities, in particular related to the
presentation of behavioural advertising. The User’s activity on the Website, including his/her personal
data, is recorded in system logs (a special computer program used to store chronological a record
containing information about events and activities related to the IT system used to provide services
by the Administrator). The information collected in the logs is processed primarily for purposes
related to the provision of services. The Controller also processes this data for technical,
administrative, security and management purposes, as well as for analytical and statistical purposes –
in this respect, the legal basis for the processing is the legitimate interest of the Controller (Article
6(1) of the Controller’s Act). 1(f) GDPR). Registration on the Website
Persons who register on the Website are asked to provide the data necessary to create and operate
an account. In addition, in order to facilitate the service, the User may provide, in the sengs of their
account, additional data – such data may be deleted at any time. Providing data marked as
mandatory is required in order to create and operate an account, and failure to provide it results in
the inability to create an account. Providing other data is voluntary. Personal data is processed: – in
order to provide services related to maintaining and maintaining an account on the Website – the
legal basis for processing is the necessity of processing for the performance of a contract (Article
6(1)(b) of the GDPR), and in the scope of data provided optionally – the legal basis for processing is
consent (Article 6(1)(a) of the GDPR); – for analytical and statistical purposes – the legal basis for the
processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in
analysing the Users’ activity on the Website and the manner in which the account is used, as well as
their preferences, in order to improve the functionalities used; in connection with the legitimate
interest, the data may also be made available to entities from the Administrator’s capital group for
the above-mentioned purposes, including for the purpose of building profiles that may be used to
improve the quality of services and adjust the content offered on the Website by these entities; in the
case of appropriate consent(s), these profiles may also be used to present advertisements tailored to
the interests and preferences of the User; – in order to possibly establish, pursue or defend against
claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of
the GDPR) consisting in the protection of its rights;
– for the Administrator’s marketing purposes. The Administrator allows logging in to the account on
the Website via social networking sites (Facebook, Google). If the User chooses this form of login, the
Website, aer the User’s prior consent, will download from the User’s account within the social
network only the data necessary to register and operate the account. If the User posts any personal
data of other persons (including their name, address, telephone number or e-mail address) on the
Website, they may do so only on the condition that they do not violate the provisions of applicable
law and the personal rights of such persons.
ORDERING
Placing an order for the purchase of Goods by the Website User involves the processing of their
personal data. Providing data marked as mandatory is required in order to accept and handle the
order, and failure to provide it will result in its non-execution. Providing other data is optional.
Personal data is processed:
– in order to fulfil an order placed – the legal basis for the processing is the necessity of processing for
the performance of the contract (Article 6(1)(b) of the GDPR); in the case of the data provided
optionally, the legal basis for the processing is consent (Article 6(1)(a) of the GDPR);.
– in order to fulfil the statutory obligations incumbent on the Controller, resulting in particular from
tax and accounting regulations
– the legal basis for the processing is a legal obligation (Article 6(1)(c) of the GDPR); – for analytical
and statistical purposes
– the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the
GDPR) consisting in conducting analyses of the Users’ activity on the Website, as well as their
shopping preferences in order to improve the functionalities used;
– for the purpose of possible establishing, pursuing or defending against claims
– the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the
GDPR) consisting in the protection of its rights. Contact Forms The Administrator provides the
possibility to contact him using electronic contact forms. The use of the form requires the provision of
personal data necessary to contact the User and respond to the inquiry. The user may also provide
other data in order to facilitate contact or handling the inquiry. Providing data marked as mandatory
is required in order to accept and handle the inquiry, and failure to provide it results in the inability to
handle it. Providing other data is voluntary. Personal data is processed:
– in order to identify the sender and handle their inquiry sent via the provided form
– the legal basis for the processing is the necessity of processing for the performance of the contract
for the provision of services (Article 6(1)(b) of the GDPR);
– for analytical and statistical purposes – the legal basis for the processing is the legitimate interest of
the Controller (Article 6(1)(f) of the GDPR), consisting in keeping statistics of queries submied by
Users via the Website in order to improve its functionality.
MARKETING & ADVERTISING The Controller processes Users’ personal data in order to carry out
activities Marketing which may consist of:
– displaying marketing content to the User that is not tailored to their preferences (including
contextual advertising). The processing of personal data for this purpose is carried out in connection
with the implementation of the legitimate interest of the controller (Article 6(1) of the Processing
Act). 1(f) of the GDPR);
– displaying marketing content corresponding to the User’s interests (behavioural advertising). The
processing of personal data for this purpose also includes profiling of Users. The use of personal data
collected through this technology for marketing purposes, in particular in the promotion of thirdparty
services and goods, may require the User’s consent. In such a case, this consent may be
withdrawn at any time by means of the appropriate privacy sengs on the Website;
– sending e-mail notifications about interesting offers or content that contain commercial information
(newsleer service). In order to carry out marketing activities, in some cases the Administrator uses
profiling, including profiles created in connection with the User’s use of the services of other entities
from the Administrator’s capital group. This means that thanks to the automatic processing of Data
Controllerevaluates selected factors concerning natural persons in order to analyse their behaviour or
create a forecast of behaviour for the future. Personal data is processed:
– in order to provide the newsleer service – the legal basis for the processing is the necessity of
processing for the performance of a contract (Article 6(1)(b) of the GDPR);
– in the case of sending marketing content to the User as part of the newsleer – the legal basis for
processing, including profiling, is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR),
in connection with the consent to receive the newsleer;
– for analytical and statistical purposes – the legal basis for the processing is the legitimate interest of
the Controller (Article 6(1)(f) of the GDPR) consisting in conducting analyses of the Users’ activity on
the Website in order to improve the functionalities used;
– in order to establish, exercise or defend against claims, if any, – the legal basis for the processing is
the legitimate interest of the Controller (Article 6(1)(f) of the GDPR). SOCIAL NETWORKS The
Controller processes the personal data of Users visiting the Controller’s profiles in social media
(Facebook, YouTube, Instagram, Twier). This data is processed in connection with maintaining the
profile, organizing competitions and promoting various types of events, services and products. The
legal basis for the processing of personal data by the Controller for this purpose is its legitimate
interest (Article 6(1)(f) of the GDPR), consisting in the promotion of its own brand and products.
COOKIES AND SIMILAR TECHNOLOGY Cookies are small text files stored on the User’s device while
browsing the Website. Cookies usually contain the domain name of the website from which they
originate, the time they are stored on the end device and a unique number. In this Policy, information
about cookies also applies to other similar technologies used in the as part of the Service. “Service”
cookies The Administrator uses the so-called service cookies primarily in order to provide the User
with services provided electronically and to improve the quality of these services. Therefore, the
Administrator and other entities providing analytical and statistical services to the Administrator use
cookies to store information or gain access to information already stored in the User’s
telecommunications terminal equipment (computer, phone, tablet, etc.). The cookies used for this
purpose include:
– cookies with the User’s data (session ID) saved for the duration of the session (user input cookies);
– authentication cookies used for services that require authentication for the duration of the session
(authentication cookies);
– cookies used to ensure security, e.g. used to detect fraud in the field of authentication (user centric
security cookies);
– multimedia player session cookies (e.g. flash player cookies) for the duration of the session;
– persistent cookies used to personalize the User’s interface, for the duration of the session or longer
(user interface customization cookies),
– cookies used to monitor traffic on the website, i.e. data analytics, including cookies:
– Google Analytics (these are files used by Google – i.e. the entity to which the Administrator has
entrusted the processing of personal data
– in order to analyze the manner in which the Website is used by the User, “Marketing” cookies The
Controller and its Trusted Partners (Facebook, Google, push message operators) also use cookies for
marketing purposes, including in connection with directing behavioural advertising to Users. For this
purpose, the Administrator and Trusted Partners store information or gain access to information
already stored in the telecommunications device User’s end language (computer, phone, tablet, etc.).
Use of cookies and collected through them, personal data for marketing purposes, in particular in the
field of promoting services and goods of third parties, requires the User’s consent. This consent can
be withdrawn at any time through the User’s browser sengs. You can agree to the storage of
cookies and information stored in localStorage technology on your device and to their use by us and
our Trusted Partners by not changing the sengs of the web browser you use, i.e. browser sengs
that allow you to accept cookies and localStorage technology aer you start using our Website, which
means consent to receive and use the above-mentioned cookies. technology in the manner described
above. You can also specify the possibility of storing or accessing cookies and information stored in
the localStorage technology at any time using the sengs of the soware installed on your device. If
you do not want to receive cookies, please use the option of the web browser used to connect to the
Website and select the automatic rejection option. These sengs usually also allow you to manage
cookies. Instructions on how to do this can be found on the website of the manufacturer of your
browser or, for example, on this page.
USER PERMISSIONS The User has the right to: access the content of the data and request their
rectification, deletion, restriction of processing, the right to transfer data and the right to object to
the processing of data, as well as the right to lodge a complaint with the supervisory authority
dealing with the protection of personal data. To the extent that the basis for the processing of the
User’s data is consent, the data will be processed until it is withdrawn. You can withdraw your
consent at any time. The withdrawal of consent does not affect the lawfulness of the processing
carried out before its withdrawal. In order to withdraw consent, the User may also send an e-mail to
the following address: irek@gralik.pl Right to object You have the right to object at any time to the
processing of your data for the purposes of direct marketing purposes, including profiling, if the
processing is based on the legitimate interest of the controller. You also have the right to request a
request at any time object to the processing of his/her data for reasons related to his/her particular
situation in cases where the legal basis for data processing is the legitimate interest of the Controller
(e.g. in connection with the implementation of analytical and statistical purposes, including profiling).
DATA RECIPIENTS Personal data obtained by the Administrator in connection with the provision of
services on the Website will be disclosed to external entities, including in particular suppliers
responsible for servicing IT systems used to provide services on the Website, marketing agencies (in
the field of marketing services), operators of plaorms for sending mailings, and entities related to
the Administrator, including companies from its capital group. Companies from the Controller’s
capital group will process personal data for analytical and statistical purposes, including for the
purpose of building User profiles, which will be used to improve the quality of services provided by
entities from the Controller’s group and to adjust the content offered on their Websites. If the User
gives their consent(s), the profiles may also be used to present the User with advertisements tailored
to their interests and preferences (e.g. if the User has agreed to provide the Newsleer service). The
Administrator reserves the right to disclose information concerning the User to competent
authorities or third parties who request such information, based on an appropriate legal basis and in
accordance with the provisions of applicable law.
SECURITY OF PERSONAL DATA The Controller conducts a risk analysis on an ongoing basis in order to
ensure that personal data is processed by it in a secure manner, ensuring, above all, that only
authorized persons have access to the data and only to the extent that it is necessary due to the tasks
performed by them. The Administrator shall ensure that all operations on personal data are
registered and performed only by authorized employees and associates. The Controller shall take all
necessary measures to ensure that its subcontractors and other cooperating entities guarantee the
application of appropriate measures whenever they process personal data on behalf of the
competent authority of the Administrator. The current version of the Policy has been adopted and
has been in force since 25 May 2018.
PERIOD OF PERSONAL DATA PROCESSING
The period of data processing by the Controller depends on the type of service provided and the
purpose of processing. As a rule, the data is processed for the duration of the provision of the service
or the execution of the order, until the consent is withdrawn or an effective objection to the
processing of data is submied in cases where the legal basis for data processing is the legitimate
interest of the Administrator. The period of data processing may be extended if the processing is
necessary to establish, pursue or defend against possible claims, but not longer than for 10 years, and
aer this period, only in the case and to the extent required by law. Aer the expiry of the processing
period, the data is irreversibly deleted.
CONTACT
Contact with the Administrator is possible through the correspondence address: “Ireneusz Gralik”
Warsaw 02-289 Kąty Grodziskie 19 c/46. The Data Controller has appointed a Data Protection Officer,
who can be contacted via e-mail irek@gralik.pl, in any maer relating to the processing of personal
data.
