PRIVACY

 

1. Data controller and definitions
   5252358850. The Administrator of personal data of Customers / Users of the Online Store, also called the Seller, is: New Century Arts sp. z o.o. with its registered office in Warsaw (Ciasna 6, 00-232 Warsaw) entered into the National Court Register by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Department of the National Court Register, Commercial Department of the National Court Register under KRS number 0000691700, with a share capital of PLN 5,500,000, REGON: 140501601, NIP: 5252358850.
   5252358851. The Data Administrator can be contacted:

• at the correspondence address: NCA sp. z o.o. Ciasna 6,00-232 Warsaw
• by e-mail: sekretariat@nca.com.pl
  1. User – a natural person entering the website(s) of the Online Store or using the services or functionalities described in this Privacy Policy and Cookies.
  2. Customer – a natural person with full legal capacity, a natural person who is a Consumer, a legal person or an organizational unit without legal personality, to which the law grants legal capacity, which concludes a distance sale Agreement with the Seller.
  3. Online Store – an online service run by the Seller, available at electronic addresses (websites): www.joannajakubas.com through which the Customer / User can obtain information about the Goods and their availability and buy goods or order the provision of services.
  4. Account – a set of data stored in the Online Store and in the Seller’s ICT system regarding a given Customer / User and orders placed by him and concluded contracts, with the use of which the Customer / User can place orders and conclude contracts.
  5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

2. Purposes, legal bases and duration of data processing

   In order to implement the Distance Sales Agreement, the Seller processes:

• information about the User’s device in order to ensure the correct operation of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data on activity on the Website, including on individual subpages;
• information about geolocation, if the User has consented to the service provider’s access to geolocation. Geolocation information is used to provide more tailored offers of products and services;
• Users’ personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, NIP, bank account number or other personal data, the provision of which is necessary to complete the purchase, and which the Administrator requires in the purchase process.

1. This information does not contain data on the identity of Users, but in combination with other information may constitute personal data and therefore the Administrator covers them with full protection under the GDPR.
2. These data are processed in accordance with Article 6(1)(.b) of the GDPR, in order to provide the service, i.e. the contract for the provision of electronic services in accordance with the Regulations and in accordance with Article 6(1)(a) of the GDPR, in connection with consent to the use of certain cookies or other similar technologies, expressed by appropriate internet browser settings in accordance with the Telecommunications Law or in connection with consent to geolocation. The data is processed until the Customer/User ends using the Online Store.
3. The Administrator undertakes to take all measures required under Article 32 of the GDPR, i.e., considering the state of technical knowledge, the cost of implementation and the nature, scope and purposes of processing and the risk of violation of the rights or freedoms of natural persons of varying probability and severity, the Administrator implements appropriate technical and organizational measures to ensure a level of security corresponding to this risk.

 

3. Marketing activities of the administrator

On the Website of the Online Store, the Data Administrator may post marketing information about his products or services. The display of this content is carried out by the Data Administrator in accordance with Article 6(1)(f) of the GDPR, i.e. in accordance with the legitimate interest of the Data Controller consisting in the publication of content related to the services provided and promotional content of campaigns in which the Data Controller is involved. At the same time, this action does not violate the rights and freedoms of Customers / Users, Customers / Users expect to receive content of similar content, and even expect it or it is their direct purpose of visiting the website / pages of the Online Store.

 

4. Recipients of user data

The Data Administrator discloses users’ personal data only to processors under concluded contracts entrusting the processing of personal data in order to provide services to the Data Administrator, e.g. hosting and operation of the Website, IT services, marketing and PR services.

 

5. Transfer of personal data to third countries

Personal data will not be processed in third countries.

 

6. Rights of data subjects
   1. Each data subject has the right to:

• access (Article 15 of the GDPR) – obtaining confirmation from the Data Administrator whether its personal data are being processed. If data about a person are processed, he or she is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or about the criteria for determining them, about the right to request rectification, erasure or restriction of processing of personal data belonging to the person, to which the data relate, and to object to such processing;
• to receive a copy of the data (Article 15(3) of the GDPR) – to obtain a copy of the data subject to processing, whereby the first copy is free of charge, and for subsequent copies the Data Controller may impose a reasonable fee, resulting from administrative costs;
• to rectification (Article 16 of the GDPR) – request rectification of personal data concerning her that are incorrect, or supplement incomplete data;
• to delete data (Article 17 of the GDPR) – request the deletion of their personal data, if the Data Controller no longer has a legal basis for their processing or the data are no longer necessary for the purposes of processing;
• to limit processing (Article 18 of the GDPR) – request the restriction of the processing of personal data when:
  • the data subject disputes the accuracy of the personal data – for a period allowing the Data Controller to check the correctness of the data,
  • the processing is unlawful and the data subject opposes their erasure by requesting the restriction of their use,
  • The data controller no longer needs this data, but it is needed by the data subject to establish, exercise or defend claims,
  • the data subject has objected to the processing – until it is determined whether the legitimate grounds on the part of the controller override the grounds for objection of the data subject;
• to transfer data (Article 20 of the GDPR) – to receive in a structured, commonly used and machine-readable format the personal data concerning him or her, which she provided to the Data Controller, and to request the transfer of these data to another Controller, if the data are processed on the basis of the consent of the data subject or the contract concluded with him or her and if the data are processed in an automated manner;
• to object (Article 21 of the GDPR) – to object to the processing of her personal data for the legitimate purposes of the administrator, for reasons related to her special situation, including profiling. In such a case, the Data Controller assesses the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the Data Controller will be obliged to cease processing the data for these purposes;
• to withdraw consent at any time and without giving a reason, but the processing of personal data carried out before the withdrawal of consent will still remain lawful. Withdrawal of consent will result in the cessation of processing of personal data by the Administrator for the purpose for which this consent was expressed.
  1. To exercise the rights, the data subject should contact the Data Controller using the contact details provided and inform him or her of which right and to what extent he or she wishes to exercise.

 

7. President of the Office for Personal Data Protection

The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection with its registered office in Warsaw, Stawki 2 Street, which can be contacted as follows:

• by post: Stawki 2, 00-193 Warsaw;
• through the electronic mailbox available on the website: https://www.uodo.gov.pl/pl/p/kontakt;
• Hotline: 606-950-0000.

 

8. Data Protection Officer

In any case, the data subject may also contact the Administrator’s data protection officer directly by e-mail or in writing to the address of the Data Controller, provided in section 1 point 2 of this Privacy and Cookies Policy.

 

9. Changes to the Privacy Policy

The Privacy and Cookies Policy may be supplemented or updated in accordance with the current needs of the Administrator to provide up-to-date and reliable information to Customers /Users.

 

10. Cookies
    1. The online store performs the functions of obtaining information about Customers, Users and their behavior in the following way:

• through information voluntarily entered in the forms for the purposes resulting from the function of a specific form;
• by saving cookies in end devices (so-called “cookies”);
• by collecting web server logs by the hosting operator of the Online Store (necessary for the proper operation of the website).
  1. Cookies are IT data, in particular text files, which are stored in the Customer’s / User’s end device and are intended for using the Online Store website. Cookies usually contain the name of the website from which they originate, the time of their storage on the end device and a unique number.
  2. The Online Store uses cookies only after the Customer / User of the Store has given prior consent in this respect. Consent to the use of all cookies by the Online Store takes place by clicking the “Close” button when the message about the use of cookies by the Online Store is displayed or by closing this message.
  3. If the Customer/ User of the Online Store does not agree to the use of cookies by the Online Store, he may use the option: “I do not agree”, also available in the message about the use of cookies by the Online Store or make changes to the settings of the web browser he currently uses (however, this may cause incorrect operation of the Online Store website).
  4. In order to manage cookie settings, select your web browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
  5. The legal basis for the processing of personal data from cookies are the legitimate interests of the Data Administrator, consisting in ensuring high quality of services, ensuring the security of services.
  6. As part of the Online Store, two basic types of cookies are used: “session” (session cookies) and “persistent” (persistent cookies). “Session” cookies are temporary cookies that are stored in the User’s end device until logging out, leaving the Online Store or turning off the software (web browser). “Persistent” cookies are stored in the Customer’s / User’s final device for the time specified in the parameters of cookies or until they are deleted by the Customer / User.
  7. Cookies are used for the following purposes:
• creating statistics that help to understand how Customers / Users of the Online Store use websites, which allows improving their structure and content;
• maintaining the Customer’s /User’s session (after logging in), thanks to which the Customer/User does not have to re-enter the login and password on each subpage of the Online Store;
• determining the Customer’s/User’s profile to display product recommendations and tailored materials in advertising networks, in particular the Google network.
  1. Software for browsing websites (web browser) usually by default allows the storage of cookies on the Customer’s / User’s end device. Customers/Users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies.
  2. Restrictions on the use of cookies may affect some of the functionalities available on the Online Store’s websites.
  3. Cookies placed on the Customer’s / User’s end device and may also be used by advertisers and partners of the Online Store cooperating with the Online Store.
  4. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way in which the Customer / User uses the Online Store. For this purpose, they can keep information about the Customer’s navigation path or the time of staying on a given page.
  5. We recommend that you read the privacy policy of these companies to the Customer/User to learn about the rules of using cookies used in statistics: Google Analytics Privacy Policy.
  6. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way in which the Customer / User uses the Online Store. For this purpose, they can store information about the user’s navigation path or the time of staying on a given page.
  7. In the scope of information about the Customer’s / User’s preferences collected by the Google network, the Customer / User may view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/.
  8. On the website of the Online Store there are plugins that can transfer Customer/User data to Administrators such as: Facebook, Google, Instagram, LinkedIn, YouTube, Salesmanago, Gemius.
  9. To properly implement the Distance sale agreement, the Data Administrator may share the data of Customers / Users with courier entities. Currently available delivery methods in the Online Store are available at: www.joannajakubas.com.
  10. To properly implement the Distance Sales Agreement, the Administrator may share customer/User data with online payment systems. Currently available methods of payment in the form of prepayments in the Online Store are available at: www.joannajakubas.com

 

11. Account
    1. The Customer/User may not place in the Online Store or provide the Seller with content, including opinions and other unlawful data.
    2. The Customer/User gains access to the Account after registration.
    3. As part of the registration, the Customer / User provides the type of account or gender, name, surname, company name, NIP, data for issuing the sales document, shipping data, e-mail address, e-mail address and chooses a password. The Customer/User ensures that the data provided by him/her in the registration form are truthful. Registration requires careful reading of the Regulations and marking on the registration form that the Customer / User has read the Regulations and fully accepts all its provisions.
    4. At the time of granting the Customer/User access to the Account, an agreement for the provision of electronic services regarding the Account is concluded between the Seller and the Customer for an indefinite period. The Consumer may withdraw from this contract on the terms set out in the Regulations.
    5. Registration of an Account on one of the websites of the Online Store also means registration enabling access to other websites under which the Online Store is available.
    6. The Customer/User may terminate the contract for the provision of electronic services at any time with immediate effect, informing the Seller about it by e-mail or in writing to the address of the Data Administrator, provided in section 1 point 2 of this Privacy and Cookies Policy.
    7. The Seller has the right to terminate the contract for the provision of services regarding the Account in the event of cessation of the provision or transfer of the Online Store service to a third party, violation by the Customer / User of the law or provisions of the Regulations, as well as in the event of inactivity of the Customer / User for a period of 6 months. Termination of the contract takes place with a seven-day notice period. The Seller may stipulate that re-registration of the Account will require the permission of the Seller.