Privacy and cookies policy of the Online Shop www.atout.cc
This document specifies the Privacy and cookies policy of the Online Shop atout.cc (,,Online Shop”). The Administrator of the Online Shop is Michał Krzysik, conducting business activity under the business name ATOUT Michał Krzysik, entered to the Central Registration and Information on Economic Activity (CEIDG) maintained by the Minister of Development, address: Bajeczna Street 20/62, 31-566 Kraków, Number (NIP): Taxpayer Identification 8133479537, National Official Register of Business Entities (REGON) number: 364448678.
The words with capital letters bear the meanings defined in the rules and regulations of the Online Shop.
Personal data collected by the Administrator of the Online Shop is processed pursuant to the provisions of the Regulation of the European Parliament and of the (EU) Council 2016/679 of 27/04/2016 on the protection of natural persons as regards personal data processing, on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, pg. 1) hereinafter referred to as: GDPR.
The Administrator of the Online Shop does the utmost to protect privacy and information shared with him and related to Customers of the Online Shop. The Administrator exercises due diligence to choose and apply proper technical measures, including ones of programming and organisational character, to ensure the protection of data; he especially secures data against sharing with unauthorised people, disclosure, loss, damage, unauthorised modification, and processing in breach of applicable legal provisions.
Target customers of Products and Services available at the website are not children under 16 years of age. The Controller of personal data does not provide for intentional acquisition of data related to children under 16 years of age.
Controller of personal data
The Controller of your personal data is:
ATOUT Michał Krzysik
Bajeczna Street 20/62, 31-566 Kraków
Regarding your personal data, you may contact the Controller of personal data via:
- e-mail adress: firstname.lastname@example.org
- mail: Bajeczna Street 20/62, 31-566 Kraków
- telephone: +48 501 380 128
Aims of and legal basis for personal data processing
The Controller of personal data processes your personal data for the following purposes and within this scope:
- to take actions before entering into the agreement on your request (to create your account, etc.), that is data specified in the registration form in the Online Shop, to be exact your e-mail address, password and sex; if the Account is registered with an external authentication service, such as Google+ or Facebook, we save your full name, and if while buying Products, we keep your full name and data specified to facilitate the delivery of the order, such as the delivery address; to provide Services which require the creation of the Account, such as: keeping the history of orders or to inform you about statuses of orders, we process your data specified in the Account and data specified while buying Products;
- to provide services which do not require that you create the Account or purchase any Product, that is to browse the website of the Online Shop and search for Products, we process personal data related to your activity in the Online Shop, in other words information about Products you browse, data on sessions of your device, operating system, browser, location, unique ID, IP address;
- to fulfil the Product sales agreement (to deliver ordered Products, etc.), we process personal data specified as you buy Products, such as your full name, e-mail, address and payment information; if you purchase Products via your Account, we also save your password;
- to compile statistics on the use of respective functionalities available in the Online Shop, to facilitate the use of the Online Shop and to ensure the IT safety of the Online Shop, we process personal data related to your activity in the Online Shop and amount of time spent on each web page of the Online Shop, your search history, location, IP address, device ID, as well as data related to your web browser and operating system;
- to establish, assert and exercise legal claims and defend ourselves against them in court proceedings and other enforcement authorities, we may process your personal data specified while buying Products or creating the Account, together with other data necessary to prove the existence of a legal claim or which stems from a legal requirement, injunction or another legal procedure;
- to handle complaints, claims and requests, and to reply to questions from Customers, we process personal data specified by you in the contract form, complaints, claims and requests or to answer questions in another way and certain personal data you specify in your Account, as well as information related to the order for a specific Product and other Services we provide which are the reason for your complaint, claim or request and data contained in documents enclosed to your complaints, claims and requests;
- to market our Products and Services as well as our customers’ and partners’, including remarketing, we process personal data you specify as you create and update your Account, information related to your activity in the Online Shop, including orders, which are registered and stored with cookies, especially the history of orders, searches and clicks in the Online Shop, login and registration dates, history and your activity related to our communication with you. In the case of remarketing, we use data on your activity to reach you with our marketing messages outside the Online Shop and, with this end in mind, we use services of external providers. These services involve displaying our messages on websites other than the one of the Online Shop. You will find more details in the provisions related to cookies;
- for contests and loyalty programs, that is to inform you about the number of your points, prizes or to advertise Products and Services in our range, we use your personal data specified in the Account and data specified as you register for contests or loyalty programs. Detailed information on the subject is always specified in conditions for the participation in a given contest or loyalty program;
- for us or our partners to research the market and survey opinions, that is information about orders, your data specified in the Account as you buy Products, e-mail address. We do not use data collected during the market research and opinion survey for advertising. Detailed hints are provided in information on a given survey or where you enter your data.
Categories of relevant personal data
The Controller of personal data processes the following categories of relevant personal data:
– contact information;
– information related to your activity in the Online Shop;
– information related to your orders in the Online Shop;
– information related to your complaints, claims and requests;
– information related to marketing services.
Voluntary provision of personal data
Your submission of required personal data is voluntary and is the condition on which the Controller of personal data may provide you with services via the Online Shop.
Data processing time
Personal data will be processed for a period necessary to deliver orders, provide services and for marketing activities and other services provided on behalf of the Customer. Personal data will be erased in the following cases:
- when the data subject asks for it to be erased or withdraws his/her consent to its processing;
- when the data subject does not take any actions for 10-plus years (inactive contact);
- after receiving the notification that stored data is expired or inaccurate.
Some data within this scope: e-mail and full name, may be stored for the next three years for evidentiary purposes or to hand complaints and legal claims related to services provided by the Online Shop – these types of data will not be used for marketing.
Information on orders for Products and paid services, contests and loyalty programs will be stored for five years from the date an order is delivered.
We store data on Customers who are not logged in for a period corresponding to the life cycle of cookies saved on devices or until they are deleted from the Customer’s device by the Customer.
Your personal data related to preferences, behaviours and selection of marketing content may be used as basis for automated decisions to determine sales opportunities of the Online Shop.
Recipients of personal data
We share your personal data with the following categories of recipients:
|Paypal Polska sp. z o.o. located in Warsaw
|Execution of payment
|Dotpay S.A. located in Kraków
|Execution of payment
|mBank S.A. located in Warsaw
|Execution of payment
|Poczta Polska S.A. (Polish Post) located in Warsaw
|Execution of order
- national authorities, such as the prosecutor’s office, Inspector General for Personal Data Protection, President of the Office of Competition and Consumer Protection, if they ask us for it,
- providers of services we use to run the Online Shop, for instance to deliver orders. Depending on contractual arrangements and circumstances, these entities, acting on our request or independently, specify aims and processing methods; you will find the index of providers below:
Rights of the data subject
Under the GDPR, you have the right to:
- request the access to your personal data;
- request that your personal data be rectified;
- request that your personal data be erased;
- request that the processing of your personal data be restricted;
- object to the processing your personal data;
- request that your personal data be
The Controller of personal data, without undue delay – at any rate, within a month since the request is received – will inform you about actions taken in relation to your request. If necessary, the period of one month may be extended for the next two months due to a complicated character or your request or a number of requests.
At any rate, the Controller of personal data will inform you about the extension of this period within a month since the request is received and specify the cause for delay.
Right of access to personal data (Art. 15 GDPR)
You have the right to be informed by the Controller of personal data if your personal data is processed.
If the Controller processes your personal data, you have the right to:
- access it;
- be informed about aims of the processing, categories of processed personal data, recipients or categories of recipients of this data, planned retention period for your personal data or criteria to establish this period, your rights under the GDPR and the right to complain to the supervisory authority, about the source of this data, automated decision-making, including profiling and protection used in relation to the transfer of this data outside the European Union;
- receive a copy of your personal data.
If you would like to request the access to your personal data, send your request to this address: email@example.com
Right to rectification of personal data (Art. 16 GDPR)
If your personal data is inaccurate, you have the right to request that the Controller rectify it immediately.
You also have the right to request that the Controller complete your personal data.
If you would like to request that your personal data be rectified or completed, send your request to this address: firstname.lastname@example.org
If you have registered in the Online Shop, you may rectify and complete your personal data by yourself after logging in the Online Shop.
Right to erasure of personal data, referred to as “the right to be forgotten” (Art. 17 GDPR)
You have the right to request that the Controller of personal data erase your personal data, if:
- it is no longer necessary for purposes for which it has been acquired or otherwise processed;
- you have withdrawn your consent in so far as your personal data has been processed under your consent;
- Your personal data has been processed illegally;
- you have objected to the processing of your personal data for direct marketing, including profiling, in so far as this processing is related to direct marketing;
- you have objected to the processing of your personal data in relation to the processing necessary to perform a task in the public interest or processing for purposes derived from legally justified interests pursued by the Controller of personal data or third party.
Despite the request that your personal data be erased, the Controller of personal data may still process your data to establish, assert and exercise legal claims, of which you will be informed.
If you would like to request that your personal data be erased, send your request to this address: email@example.com
Right to restriction of personal data processing (Art. 18 GDPR)
You have the right to restrict the processing of your personal data if:
- you question the accuracy of your personal data – the Controller of personal data will restrict the processing of your personal data for a period allowing for the verification of this data;
- if the processing of your personal data is unlawful and if you request that the processing of your personal data be restricted instead of having it erased;
- Your data is no longer required for processing but still necessary to establish, assert or defend your legal claims;
- if you have objected to the processing of your personal data – until it has been determined if legitimate interests of the Controller of personal data override the grounds you have specified in your objection.
If you would like to request that the processing of your personal data be restricted, send your request to this address: firstname.lastname@example.org
Right to object to personal data processing (Art. 21 GDPR)
You have the right to object to the processing of your personal data at any moment, including profiling, in relation to:
- processing necessary to perform a task in the public interest or processing for purposes derived from legally justified interests pursued by the Controller of personal data or third party;
- processing for purposes of direct marketing.
If you would like to object to the processing of your personal data, send your request to this address: email@example.com
Right to personal data portability (Art. 20 GDPR)
You have the right to receive your personal data from the Controller in a structured, commonly used and machine-readable format and to transmit it to another controller of personal data.
You may also request that the Controller of personal data send your personal data directly to another controller (if technically feasible).
If you would like to request that your personal data be transferred, send your request to this address: firstname.lastname@example.org
Right to withdraw consent
You may withdraw your consent to the processing of your personal data at any moment.
The withdrawal of your consent to the processing of your personal data does not affect the lawfulness of the processing based on your consent before the withdrawal.
If you would like to withdraw your consent to the processing of your personal data, send your request to this address: email@example.com or use the proper functions of the Account.
Complaint to the supervisory authority
In Poland, the supervisory authority within the meaning of the GDPR is the President of the Office for Personal Data Protection.
While browsing the web pages of the Online Shop, HTTP cookies are used, hereinafter referred to as cookies, in other words small text data files, saved on your end-device while using the Online Shop. Their use is aimed at facilitating the operation of our Online Shop website.
These files allow us to identify the software you are using and tailor our Online Shop to your needs.
Cookies usually contain the name of the domain from which they come, duration of their storage on the device and values assigned to them.
Cookies we use are safe for your devices. Therefore, no viruses and no unwanted or malicious software can affect your devices via cookies.
Types of cookies
We use two types of cookies:
- Session cookies: stored and kept on your device until the web browser is closed. Saved information is then permanently deleted from the memory of your device.
This mechanism does not allow the acquisition of any personal data or confidential information from your device.
Persistent cookies: stored and kept on your device until deleted. Closing the web browser or switching off the device does not cause them to be removed from your device. This mechanism does not allow the acquisition of any personal data or confidential information from your device.
- to present the Certificate of Conformity – via solidnyregulamin.pl – through the agency of GP Kancelaria Poniatowska-Maj Strzelec-Gwóźdź sp. p., registered in Kraków,
- to compile statistics, which allow us to understand how Customers use the Online Shop and to improve its structure and content with analytical tools: Google Analytics – through Google Inc., registered in the USA,
- to profile Customers, and display content tailored to them in advertising networks with online advertising tools: Google AdSense and Google Adwords – through Google Inc., registered in the USA,
- to analyse Customers’ behaviour – to tailor displayed content to their profiles, which facilitates the management of advertising campaigns with analytical tools: DoubleClick – through Google Inc., registered in the USA,
- to promote the Online Shop with social media: Facebook.com – through Facebook Inc., registered in the USA or Facebook Ireland, registered in Ireland,
Cookies may be used by advertising networks, especially Google, to display ads tailored to your preferences. To do so, information may be saved on your Internet behaviour or your activities on the website.
To browse and edit information on your preferences, collected by the advertising network of Google, you may use the tool available at this address: https://www.google.com/ads/preferences/.
You may change the cookie settings by yourself at any moment in the options of the web browser or service, to specify conditions for storing such files and granting access to your device via them. You may change these settings to block the automatic handling of cookies in the options of your web browser or to be informed every time they are stored on your device. Detailed information on the options and methods for handling cookies is available in the settings of your software (web browser).