PRIVACY POLICY

PRIVACY POLICY (www.chopinvodka.pl)

1. The protection of Users’ personal data is of the utmost importance. The Administrator of this Website, therefore, makes every effort to make Users feel safe to entrust their personal data when using the Website.

2. The User is a natural person, legal person or organisational unit without legal personality, to whom the law grants legal capacity and who is a user of the electronic services available on the Website.

3. This privacy policy: explains the principles and scope of processing of the User’s personal data; their rights; the obligations of the Administrator of these data; and informs about the use of cookies.

4. The Administrator applies the most modern technical measures and organisational solutions, ensuring a high level of protection of the processed personal data and protection against access by unauthorised persons.

I. PERSONAL DATA ADMINISTRATOR

The Administrator of the personal data is Podlaska Wytwórnia Wódek “POLMOS” Spółka Akcyjna, at Frascati 12, correspondence address: ul. Kolejowa 10, 08-110 Siedlce, entered into the Register of Entrepreneurs kept by the District Court in Warsaw, Commercial Division, under the National Court Register Number (pol. Krajowy Rejestr Sądowy [KRS]): 0000027198, Tax Identification Number (pol. Numer Identyfikacji Podatkowej [NIP]): 8210007656 (hereinafter referred to as the “Administrator”).

II. PURPOSE OF PROCESSING PERSONAL DATA

1. The Administrator processes the User’s personal data in order to:

1.1. Each time, the purpose, scope and recipients of data processed by the Administrator result from the actions taken by the Customer on the Website.

1.2. Possible purpose of collecting Customer’s personal data by the Administrator:

1.2.1. Conclusion and implementation of a Sales Agreement.

1.3. Possible recipients of the personal data of the Administrator’s Customers:

1.3.1. In the case of a Customer who uses courier delivery method on the Website, the Administrator makes the collected Customer’s personal data available to selected carrier or intermediary carrying out the shipments at the request of the Administrator.

1.4. The Administrator may process the following personal data of Customers using the Website: name and surname; e-mail address; contact telephone number; delivery address (street, house number, apartment number, postal code, city, country), address of residence/business/registered office (if different from the delivery address), as well as the company name and tax identification number (NIP) of the Customer.

1.5. Providing personal data referred to in the point above is necessary for the conclusion and implementation of the Sales Agreement. Each time, the scope of data required to conclude the contract is indicated in advance on the Website and in the Store’s Regulations.

2. This means that these data are needed in particular to

a. conclude a contract;

b. make settlements;

c. deliver goods ordered by the User or perform services;

3. The User may also agree to receiving information about news and promotions, which will also cause the Administrator to process personal data in order to send the User commercial information, including new products or services, promotions or sales.

4. Personal data are also processed as part of the fulfillment of legal obligations incumbent upon the data Administrator and performance of tasks, in the public interest, among others, to perform tasks related to security and defense or storage of tax documentation.

5. Personal data may also be processed for the purposes of direct marketing of products, securing and pursuing claims or protection against claims of the User or a third party, as well as marketing of services and products of third parties or own marketing, which is not direct marketing.

III. TYPE OF DATA

1. The Administrator processes the following personal data, the provision of which is necessary to:

a. make purchases via the Website:

– name and surname;

– gender;

– delivery address;

– phone number;

– e-mail address;

b. data provided by the User optionally:

– date of birth;

– personal identification number (PESEL) (in the case of a request to issue an invoice);

– tax identification number (NIP) (in the case of a request to issue an invoice to the entrepreneur).

2. In addition, the Administrator also processes the following data:

– address of residence/business/registered office;

– the company name and tax identification number (NIP) of the Customer;

IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA

1. Personal data is processed in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88, hereinafter referred to as: “GDPR”.

2. The Administrator processes personal data only after obtaining the User’s consent at the time of confirmation of the transaction made on the Website.

3. Consent to processing of personal data is completely voluntary; however, the lack of consent prevents completing purchases via the Website.

V. RIGHTS OF THE USER

1. The User may, at any time, request information from the Administrator about the scope of processing personal data.

2. The User may, at any time, request correction or rectification of their personal data. 

3. The User may, at any time, withdraw their consent to the processing of their personal data without giving a reason. The request not to process the data may relate to a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receive commercial information or relate to all purposes of data processing. Withdrawal of consent for all processing purposes will result in the deletion of the User’s account from the Website, along with all personal data of the User previously processed by the Administrator. The withdrawal of consent will not affect the actions already taken.

4. The User may, at any time, request, without giving a reason, that the Administrator delete their data. The request to delete the data will not affect the actions taken so far. Deleting data means the simultaneous deletion of the User’s account, along with all personal data saved and processed to date by the Administrator.

5. The User may at any time object to the processing of personal data, both in the scope of all User’s personal data processed by the Administrator, as well as only to a limited extent, e.g. as to the processing of data for a specifically indicated purpose. The objection will not affect the actions taken to date. Objecting will result in the deletion of the User’s account, along with all personal data saved and processed to date by the Administrator.

6. The User may request the restriction of the processing of personal data, whether for a specified period or without a time limit, but to a specified extent, which the Administrator will be obliged to comply with. This request will not affect the actions taken to date.

7. The User may request, that the Administrator transfers the processed User’s personal data to another entity. For this purpose, the User should write a request to the Administrator, indicating to which entity (name, address) the User’s personal data should be transferred and which specific data the User wishes the Administrator to provide. Once the User confirms their wish, the Administrator will transfer, in electronic form, the User’s personal data to the indicated entity. Confirmation of the request by the User is necessary for the security of User’s personal data and to ensure the request comes from an authorised person.

8. The Administrator shall inform the User about actions taken within one month of receiving one of the requests specified in the previous paragraphs.

VI. OUTSOURCING DATA PROCESSING TO OTHER ENTITIES

1. The Administrator may outsource processing of personal data to entities cooperating with the Administrator, to the extent necessary to carry out the transaction, e.g. to prepare ordered goods and deliver shipments or provide commercial information from the Administrator (the latter applies to Users who have agreed to receiving commercial information).

2. Apart from the purposes indicated in this Privacy Policy, the Users’ personal data will not be made available to third parties in any way, or transferred to other entities, for the purpose of sending marketing materials by these third parties.

3. Personal data of Website Users is not transferred outside the European Union.

4. This Privacy Policy complies with the provisions resulting from Article. 13 (1) and (2) of GDPR.

VII. COOKIES

1. The Website uses cookies or similar technology (hereinafter collectively referred to as “cookies”) to collect information about the User’s access to the Website (e.g. using a computer or smartphone) and their preferences. Cookies are used, among others, for advertising and statistical purposes and to adapt the Website to the individual needs of the User.

2. Cookies are fragments of information that contain a unique reference code that the Website sends to the User’s device to store and sometimes track the information about the used device. Usually, they do not allow identification of the User. Their main function is to make the Website more suitable for the User.

3. Some of the cookies present on the Website are available only for the duration of the web session and expire when the browser is closed. Other cookies are used to recognise the User after returning to the Website. They are then stored for a longer period.

4. All cookies present on the Website are set by the Administrator.

5. All cookies used by this Website comply with applicable European Union laws.

6. Most Users and some mobile browsers automatically accept cookies. If the User does not change their settings, cookies will be stored in the device’s memory.

7. The User may change their preferences regarding the acceptance of cookies or change their browser to receive appropriate notifications each time the cookie function is set. To change the settings for accepting cookies, the browser settings need to be adjusted.

8. It is worth remembering that blocking or deleting cookies may prevent taking full advantage of the Website.

9. Cookies will be used for the necessary session management, including:

a. creating a special login session for the Website User, so the Website remembers that the User is logged in and their requests are delivered in an effective, secure and consistent manner; 

b. recognising a User who has previously visited the Website, so the number of unique users who have used the Website can be identified, and so that sufficient capacity for the number of new users can be ascertained;

c. recognising whether the Website visitor is registered on the Website;

d. recording information from the User’s device, including cookies, IP address and information about the used browser, to diagnose problems, administer and track the use of the Website;

e. adjusting the elements of the graphic layout or the content of the Website;

f. collecting statistical information about how the User uses the Website in order to be able to improve it and determine which areas are most popular with Users.

VIII. FINAL PROVISIONS

1. The Website may contain links to other websites. The Administrator suggests that when visiting other sites, Users should refer to the privacy policy established therein. This Privacy Policy applies only to this particular Website.

2. The Administrator declares that they endeavor to ensure a high level of security for the Customers concerning the use of the Website, and to this end:

a. applies the technical and organisational measures required by law, in particular in the field of security of the personal data processing;

b. applies measures to ensure: 

– the ability to continuously ensure confidentiality, integrity, availability and resilience of processing systems and services; 

– the ability to quickly restore the availability and access to personal data in the event of a physical or technical incident; 

– regular testing, assessing and evaluating the effectiveness of technical and organisational measures to ensure the processing security.

3. In matters not covered by the Privacy Policy, the legal provisions on the processing of personal data, including the GDPR, apply.