Formal information at the beginning – the site administrator is Sara Jira, who runs a business under the name “Sara Jira ART”, ul. Śmiechówka 21, 34-511 Kościelisko, NIP 7361732372.
Short version – the most important information
I care about your privacy, but also for your time. That is why I have prepared for you a shortened version of the most important rules related to privacy protection.
- By creating a user account, subscribing to the newsletter, placing an order, submitting a complaint, withdrawing from the contract, or simply contacting me, you provide me with your personal data, and I guarantee that your data will remain confidential, secure and will not be shared with any third parties without your explicit consent.
- I entrust the processing of personal data only to verified and trusted entities providing services related to the processing of personal data.
- I do not transfer your personal data to third countries, international organizations, nor do I use profiling based on personal data. Even if I use forms of personalized advertising, as part of the tools that allow me to carry out such activities, your personal data is not processed. This means that such tools only process information that does not allow me to identify you.
- I use Google Analytics analytical tools. Therefore, the tracking code is implemented in the code of my website, which collects information related to your activity on the website. This information is not personally identifiable. The tracking code uses Google LLC cookies for the Google Analytics service. From the page level, using the mechanism used to manage cookies, you can disable the Google Analytics tracking code. You can also block Google Analytics tracking code at any time by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.
- I use my own cookies for the proper operation of the site, in particular the user account and the ordering process. In addition, own cookies can be used to track your activities undertaken as part of the store, especially to display you hints about recently viewed products.
- The website is stored on an external server, which, like every server, generates logs. The logs store information such as the IP address, server date and time, information about the web browser and the operating system. Logs are for operational and technical purposes only.
If the above information is not enough for you, below you will find further details.
The administrator of your personal data collected in connection with the use of the website and the store, including in particular contact is Sara Jira conducting business activity under the name “Sara Jira ART”, ul. Śmiechówka 21, 34-511 Kościelisko, NIP 7361732372.
The purposes, legal basis and period of personal data processing are indicated separately for each purpose of data processing (see description of individual purposes of personal data processing below).
Permissions. The GDPR grants you the following potential rights related to the processing of your personal data:
- the right to access your data and receive a copy thereof,
- the right to rectify (correct) your data,
- the right to delete data (if you think there are no grounds for me to process your data, you can request that I delete it),
- The right to limit data processing (you can request that I limit the processing of data only to their storage or performance of activities agreed with you, if in your opinion I have incorrect data or I process it unreasonably),
- the right to object to data processing (you have the right to object to the processing of data on the basis of a legitimate interest; you should indicate the specific situation that you think justifies my cessation of the objection processing. I will stop processing your data for these purposes, unless I show that the grounds for my data processing prevail over yours rights or that your data is necessary for me to determine, assert or defend claims),
- the right to transfer data (you have the right to receive from me in a structured, commonly used machine-readable format the personal data that you provided to me on p withdrawal of the contract or your consent. You can order me to send this data directly to another entity),
- the right to lodge a complaint from the supervisory authority (if you find that I am processing the data unlawfully, you can file a complaint to the President of the Office for Personal Data Protection or another competent supervisory authority).
The rules related to the implementation of the abovementioned rights are described in detail in art. 16 – 21 GDPR. I encourage you to read these regulations. For my part, I think it is necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to all the processing of your personal data. For your convenience, I have made an effort to indicate your rights as part of the description of individual personal data processing operations.
I would like to emphasize that you always have one of the rights indicated above – if you consider that I have violated the provisions on the protection of personal data when processing your personal data, you have the opportunity to lodge a complaint with the supervisory body (the President of the Office for Personal Data Protection).
Security. I guarantee the confidentiality of all personal data provided to me. I ensure that appropriate security measures and personal data protection required by the provisions on the protection of personal data are taken. Personal data is collected with due diligence and adequately protected against access by unauthorized persons.
Data recipients. Your personal data may be processed by entities whose services I use to process personal data, such as:
- store software provider – to store personal data as part of the store system on the server, including the mailbox server,
- courier companies – to use the services of courier companies that deliver orders to you,
- an accounting office – to use services accounting, in connection with which your personal data is processed,
- an entity providing website maintenance services – to use services that may involve access to your personal data,
- other entities involved in the implementation process orders – in connection with the forwarding of your order external entities that will carry out the order.
The recipients indicated above process data on the basis of entrustment agreements concluded, guaranteeing the use of appropriate measures for the protection and security of personal data required by law.
If necessary, your personal data may be transferred to law firms for purposes related to the provision of legal services for me requiring access to personal data.
In addition, if necessary, your personal data may be disclosed to entities or bodies authorized to access the data on the basis of legal provisions, such as police, security services, courts, prosecutors, etc.
Information that is not personal data. In connection with website management, I also use additional tools such as Google Analytics, but the information processed as part of Google Analytics is not personal data because it does not allow me to identify you. The information I am talking about here is, in particular:
- information about the operating system and the internet browser you use,
- subpages that you view as part of my website and store,
- time spent on my website and in the store and on their subpages ,
- transitions between individual subpages within my page and store,
- Source from which you go to my page and store store,
- Your age range,
- Your gender,
- Your approximate location limited to the city,
- Your interests determined on the basis of online activity.
I do not combine the information indicated above with your personal data, which are in my databases. This information is anonymous and does not allow me to identify you. This information is stored on the servers of the suppliers of individual tools, and these servers can most often be located all over the world. However, due to the fact that in this case there is no processing of personal data as data that identifies your person, the provisions of the GDPR in the scope of data transfer to a third country do not apply.
As for your personal data that I process, you will find relevant information below.
Purposes and activities of personal data processing.
Orders. When placing an order, you must provide data necessary to complete the order, such as name, billing address, email address and telephone number. Providing data is voluntary, but necessary to place an order.
The data provided to me in connection with the order is processed for the purpose of performing the order (Article 6 (1) (b) of the GDPR), issuing an invoice (Article 6 (1) (c) of the GDPR), including the invoice in the accounting documentation (Article 6 para. 1 lit.c GDPR) and for archival and statistical purposes (Art.6 para. 1 lit.f GDPR).
Data on orders will be processed for the time necessary to complete the order, and then until the expiry of the limitation period for claims under the contract. In addition, after this deadline, the data can still be processed by me for statistical purposes. Also remember that I have an obligation to store invoices with your personal data for a period of 5 years from the end of the tax year in which the tax obligation arose.
In the case of order data, you cannot correct this data after the order has been processed. You also can not object to the processing of data and demand the deletion of data until the expiry of the limitation period for claims under the contract. Similarly, you cannot oppose the processing of data and demand the deletion of data contained in invoices. After the expiry of the limitation period for claims arising from the contract concluded, you may object to my processing of your data for statistical purposes, as well as to demand the deletion of your data from the database.
In relation to data on orders, you also have the right to transfer data referred to in art. 20 GDPR.
Complaints and withdrawal from the contract. If you make a complaint or withdraw from the contract, you provide me with personal data contained in the content of the complaint or statement of withdrawal from the contract, which includes name, address, telephone number, e-mail address, bank account number. Providing data is voluntary, but necessary to make a complaint or withdraw from the contract. The data provided to me in connection with the submission of a complaint or withdrawal from the contract is used to carry out the complaint procedure or the procedure for withdrawal from the contract (art.6 par.1 lit.c GDPR).
The data will be processed for the time necessary to complete the complaint or withdrawal procedure. Complaints and statements of withdrawal may also be archived for statistical purposes.
In the case of data contained in complaints and declarations of withdrawal from the contract, you cannot rectify this data. You also can not object to the processing of data and demand the deletion of data until the expiry of the limitation period for claims under the contract. After the expiry of the limitation period for claims under the contract, you may, however, object to my processing of your data for statistical purposes, as well as demand that your data be removed from the database.
Contact. By contacting me, you naturally provide me with your personal data contained in the content of the correspondence, in particular the email address and name. Providing data is voluntary, but necessary to make contact.
In this case, your data is processed in order to contact you, and the basis for processing is art. 6 clause 1 lit. and GDPR, i.e. your consent resulting from initiating contact with me. The legal basis for post-contact processing is the legitimate purpose of archiving correspondence for internal purposes (Article 6 (1) (c) of the GDPR).
The content of correspondence may be archived and I cannot clearly determine when it will be deleted. You have the right to request the history of correspondence with you (if it has been archived), as well as to request its removal, unless its archiving is justified due to my overriding interests, e.g. defense against potential claims on your part.
Cookies and other tracking technologies
Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by my ICT system (own cookies) or the ICT system of third parties (third party cookies).
Some of the cookies I use are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow me to recognize your browser the next time you visit the site (persistent cookies).
If you want to learn more about cookies as such, you can read, for example, this material: https://pl.wikipedia.org/wiki/HTTP_cookie .
Below, you will find detailed information about cookies functioning as part of my website.
Google Analytics. I use Google Analytics provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. I implement activities in this area, based on my legitimate interest, consisting in creating statistics and analyzing them in order to optimize my website.
Google Analytics automatically collects information about your use of my site. The information collected in this way is usually transmitted to a Google server in the United States and stored there.
I emphasize that within Google Analytics I do not collect any data that would allow you to be identified. Therefore, the data collected as part of Google Analytics are not personal data. Information that I have access to as part of Google Analytics is, in particular:
- information about the operating system and the web browser you use,
- subpages that you view as part of my website and store,
- time spent on my website, store and on their subpages,
- transitions between individual subpages within my site and store,
- the source from which you go to my site and store.
As part of Advertising Features, I also do not collect personal data. The information I have access to is in particular:
- the age range you are in,
- your gender,
- your approximate location limited to the city,
- your interests determined on the basis of online activity.
In order to use Google Analytics, I have implemented a special Google Analytics tracking code in the code of my website. The tracking code uses Google LLC cookies for the Google Analytics service. From my website, using the mechanism for managing cookies, you can disable the Google Analytics tracking code. You can also block Google Analytics tracking code at any time by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.
Google Analytics and Google Analytics 360 services have been certified by the independent security standard ISO 27001. ISO 27001 is one of the most recognized standards in the world and confirms the fulfillment of relevant requirements by systems supporting Google Analytics and Google Analytics 360.
If you are interested in details related to data processing under Google Analytics, I encourage you to read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245 .
Social Tools. My website uses plugins and other social networking tools provided by social networking sites such as Facebook, Instagram and Pinterest.
By displaying my website containing such a plugin, your browser will establish a direct connection to the servers of the administrators of social networking sites (service providers). The content of the plugin is transmitted by the respective service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has viewed my website, even if you do not have a profile with a given service provider or are not currently logged in to it. This information (along with your IP address) is sent by your browser directly to the server of the given service provider (some servers are located in the USA) and stored there.
If you have logged in to one of the social networking sites, then this service provider will be able to directly assign a visit to my site to your profile on the given social networking site.
If you use a given plug-in, e.g. by clicking on the “Like” or “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.
In addition, this information will be published on the respective social network and will appear to people added as your contacts. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policies of individual service providers.
- Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
- Instagram – https://help.instagram.com/519522125107875?helpref=page_content,
- Pinterest – https://policy.pinterest.com/en/privacy-policy,
If you do not want social networking sites to match the data collected during visits to my website directly to your profile on a given website, then before visiting my website you must log out of this website. You can also completely prevent the plugins from loading on the page using the appropriate extensions for your browser, e.g. script blocking. In addition, from my level, using the mechanism for managing cookies, you can disable cookies for social tools, which will prevent the display of elements related to social functions on the page.
Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server’s logs.
Logs include, among others Your IP address, server date and time, information about the web browser and operating system you are using. Logs are saved and stored on the server.
The data saved in the server logs are not associated with specific people using the site and are not used by me to identify you.
Server logs are only auxiliary material used to administer the site, and their content is not disclosed to anyone except persons authorized to administer the server.