- Administrator - Bartosz Sikora running a business registered under the name of BARTOSZ SIKORA Cottonmose.eu, Bursztynowa 10, 05-090 Podolszyn Nowy, NIP: 9512163862
- Personal data - all information about a natural person identified or identifiable by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, location data, internet identifier and information collected via cookies and other similar technology.
- GDPR - Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
- Website - a website run by the Administrator at cottonmoose.eu
- User - any natural person visiting the Website or using one or more services or functionalities described in the Policy.
2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE WEBSITE
- This Policy defines the rules and purposes of processing personal data collected when using the Website by the User.
- In connection with the User's use of the Website, the Administrator collects data to the extent necessary to provide the services offered and to complete the order.
- The Administrator processes the following personal data of Users: name and surname, shipping address, phone number, e-mail address (e-mail), bank account number and for the purposes of issuing a VAT invoice: business or seat address, company, tax identification number.
- Providing the data from point 3 above is voluntary but necessary to make purchases via the Website and to complete the order.
3. PURPOSES AND BASIS FOR PROCESSING OF PERSONAL DATA
Users' personal data are processed:
- to provide electronic services consisting in presenting the content to Users on the Website and for the purpose of processing the order, its subsequent handling, including handling returns or complaints. Then the legal basis for data processing is the necessity of processing to perform the contract (Article 6 (1) (b) of the GDPR), and in the scope of optional data, the legal basis for processing is the User's consent (Article 6 (1) (a) of the GDPR).
- in order to fulfill the statutory obligations incumbent on the Administrator, resulting in particular from tax and accounting regulations - the legal basis for processing is the legal obligation of the data Administrator (Article 6 (1) (c) of the GDPR).
- in order to possibly establish and pursue claims or defend against them - the legal basis for processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR) consisting in the protection of his rights.
4. RECIPIENTS OF PERSONAL DATA
The recipients of personal data processed by the Administrator may be:
- people authorized by the Administrator to process data for the purpose of order fulfillment,
- entities providing the Administrator with services related to order processing (i.e. entities handling electronic payments, shipping carriers, providing advertising or accounting services),
- entities authorized under generally applicable provisions of law.
5. PERIOD OF PROCESSING OF PERSONAL DATA
- Personal data will be processed for the duration of the contract, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the Administrator's legitimate interest.
- The period of data processing may be extended when the processing is necessary to establish and pursue any claims or defend against them, and after that time only in the case and to the extent that it will be required by law. After the expiry of the processing period, the data is irreversibly deleted.
6. RIGHTS OF PERSONS WHO THE DATA CONCERNS
1. Every data subject has the right to:
- access to their personal data, may also request their correction, rectification, deletion, and limitation of their processing,
- to object to their processing,
- to transfer your data,
- to withdraw consent to their processing at any time, which will not affect the lawfulness of their processing, which was made on the basis of consent before its withdrawal.
2. In connection with the processing of personal data, the persons whose data is processed have a complaint to the supervisory authority.
7. CONTACT FORMS
The administrator allows you to contact him using electronic contact forms. Using the form requires providing personal data necessary to contact the User and answer the inquiry. The User may also provide other data to facilitate contact or handling the inquiry. Providing data marked as mandatory is required to process the inquiry, and failure to do so results in the inability to fulfill it. Providing other data is voluntary.
8. TRANSFER OF DATA OUTSIDE EEA
The Administrator does not transfer Users' personal data outside the EEA.
9. SECURITY OF PERSONAL DATA
- The administrator conducts an ongoing risk analysis to ensure that personal data is processed in a safe manner, i.e. primarily to ensure that only authorized persons have access to this data and only to the extent that it is necessary for the services provided.
- The administrator ensures that all operations on personal data are recorded and performed by authorized persons. The administrator also makes sure that these persons guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
- Most cookies contain the name of the Website, storage time and a unique number. Other information collected automatically when visiting the Website, in particular, the IP address, domain name, browser type, operating system, etc.
- The administrator uses own cookies for the following purposes: a) configuration of the website, user authentication on the website, implementation of processes necessary for the full functionality of websites, b) analysis and research as well as audience audit, creating anonymous statistics, c) ensuring the security and reliability of the Website.
- The administrator of the service uses external cookies to collect general and anonymous static data via analytical tools, such as Google Analytics.
11. CONTACT DETAILS OF THE ADMINISTRATOR
Contact with the Administrator is possible via the e-mail address: firstname.lastname@example.org or the address: BARTOSZ SIKORA Cottonmose.eu Bursztynowa 10, 05-090 Podolszyn Nowy.
The policy is verified on an ongoing basis and updated if necessary.