The purposes of processing Users’ personal data and the legal basis for processing
The purpose of processing Users’ personal data is the performance of the order for the delivery of the Promotional Materials made by the Users through on-line platform available at www .riae.orderyoni.com. website and delivering ordered Promotional Materials to the Users.
User’s personal data that are processed for the purposes indicated in the previous paragraph are: – name and surname, which provision by the User is necessary to his or her identification; – e-mail address, which provision by the User is necessary for the Controller to communicate with the User and to inform the User about the terms of reception of the ordered Promotional Materials; – delivery address which includes: street, city, zip code, street and home number, which provision is necessary to address the delivery of the Promotional Materials ordered by the User; – bank account number, from which the User makes the payment for the ordered Promotional Materials.
The legal basis for processing User’s personal data for the purpose specified in paragraph 1 above, is the Article 6 (1) point b) of GDPR i.e. necessity of processing for the performance of the Promotional Materials delivery agreement concluded by the Controller with the User through the Platform. Legal basis for processing User’s data may be also Article 6 (1) point b) of GDPR, i.e. legitimate interests pursued by the Controller, if the processing is necessary to the establishment, exercise or defence of Controller’s legal claims resulted from the Promotional Materials delivery agreement concluded with the User.
The Recipients of the User’s personal data
User’s personal data may be, to the extent necessary, transferred to entities that provide services for the Controller. In particular User’s personal data may be transferred to entities that provide delivery services in order to delivery ordered Promotional Materials to the User, as well as to entities that provide legal, accounting and IT services.
If the Promotional Materials are to be delivered outside Poland, the Controller may transfer User’s personal data to overseas entities that provide delivery services, including entities from the outside of the European Economic Area.
The period for which the User’s personal data will be stored
By reason of processing his or her personal data, the User has the following rights:
The right to access to his or her personal data, by which the User may obtain information about, in particular the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the User’s personal data have been or will be disclosed and the envisaged period for which the User’s personal data will be stored
The right to rectify inaccurate personal data or to complete the incomplete personal data;
The right to obtain erasure of his or her personal data, if the legal bases for processing User’s personal data no longer exist;
The right to obtain from the controller restriction of processing if: the accuracy of the personal data is contested by the User; the processing is unlawful, but the User opposes the erasure of his or her personal data; the Controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims or if the User has objected to processing pursuant to Article 21 of GDPR.
The right to data portability, i.e. the right to receive the personal data concerning the User, which he or she has provided to a Controller, in a structured, commonly used and machine-readable format and a right to transmit those data to another controller;
The right to object from processing, if the legal basis for processing is the legitimate interest pursued by the Controller (Article 6 (1) point f) of GDPR);
Right to lodge a complaint to a supervisory authority, which in Poland is the President of the Personal Data Protection Office (PUODO), if the User considers that the processing of personal data relating to him or her infringes GDPR.
Necessity of provision of personal data by the User
Provision of personal data by the User is not obligatory, but necessary to order Promotional Materials through the platform by the User. Failure to provide required personal data precludes the possibility of ordering Promotional Materials through the Platform by the User.
The User’s personal data shall not undergo automated decision-making, including profiling.
Information about cookies files
The entity that place information in the form of cookies files („cookies”) and other similar technologies in the User’s terminal equipment (i.e. computer, laptop or smartphone) and gain access to them is the Controller.
Cookies files are computer data, in particular text files, that are stored in terminal equipment of every User. Cookies include domain’s name, period of their storage in the terminal equipment and the unique name. Cookies files may contain information, which may be necessary for proper functioning of the website. Cookies files may contain unique number, which identify User’s device, but which does not identify the User as a natural person.
Due to the time of existence of cookies files („cookies”) and other similar technologies, the Controller uses one kind of these files – „session” cookies i.e. temporary files stored in User’s terminal equipment until exit from the website. These cookies files do not collect any information about the User, that may be used for marketing purposes neither do not memorize websites visited by the User.
If the User does not give consent to save and receive information through cookies files, the User may change the conditions of their placement by configuring his or her web browser. However, it may lead to no possibility of using the Platform available at www.riae.orderyoni.com website or to its inappropriate functioning.
Security of Users’ personal data
The Controller undertakes all possible measures to ensure the Users high level of security of their processed personal data and for that reason the Controller:
uses all technical and organisational measures required by the law, in particular related to security of processing personal data;
uses measures that enable permanent confidentiality, integrity, availability and resistance of systems used to data processing;
ensures Users safe and cyphered connection during the transmission of personal data.