PRIVACY AND COOKIES POLICY OF ksiegarniaipn.pl

ONLINE STORE CONTENTS:

1. GENERAL PROVISIONS
2. BASIS FOR DATA PROCESSING
3. PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
4. RECIPIENTS OF DATA IN THE ONLINE STORE
5. PROFILING IN THE ONLINE STORE
6. RIGHTS OF DATA SUBJECTS
7. COOKIES AND ANALYTICS IN THE ONLINE STORE
8. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. The privacy policy of the Online Store is informational, which means that it is not a source of obligation for Service Users or Customers of the Online Store. The privacy policy contains, first and foremost, rules regarding personal data processing by the Controller in the Online Store, including the basis, purposes, and scope of personal data processing and rights of data subjects, as well as information on the use of cookies and analytical tools in the Online Store.

1.2. The Controller of personal data collected through the Online Store is DANTE G. BARAN, G. FUGIEL SPÓŁKA JAWNA with its registered office in Kraków (registered office and delivery address: ul. Ojcowska 1, 31-344 Kraków); entered into the Register of Entrepreneurs of the National Court Register under the number KRS [National Court Register Number] 0000767656; the registry court where the company's records are kept: District Court for Kraków- Śródmieście in Kraków, XI Commercial Department of the National Court Register; NIP [Tax Identification Number]: 6791351324; REGON [National Official Business Registry Number]: 351088477, e-mail address: prawa@ksiegarniaipn.pl, contact telephone number: 530-473-263 – hereinafter referred to as Online Store Service Provider and Seller.

1.3. In the Online Store, personal data are processed by the Controller in accordance with applicable laws, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the „GDPR” or „the GDPR Regulation”. Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4. The use of the Online Store, including making purchases, is voluntary. Similarly, the related provision of personal data by the Service User or Customer using the Online Store is voluntary, subject to two exceptions: (1) conclusion of agreements with the Controller – failure to provide personal data necessary for the conclusion and performance of a Sales Agreement or an agreement for the provision of an Electronic Service with the Controller in the cases and to the extent indicated on the website of the Online Store and in the Regulations of the Online Store and this Privacy Policy prevents the conclusion of such an agreement. In such cases, the provision of personal data is a contractual requirement and if the data subject wishes to enter into an agreement with the Controller, they are obliged to provide the required data. Each time the scope of data required to conclude an agreement is indicated beforehand on the website of the Online Store and in the Regulations of the Online Store; (2) the Controller's statutory obligations – the provision of personal data is a statutory requirement resulting from universally binding legal regulations imposing an obligation on the Controller to process personal data (e.g. processing of data for tax or accounting purposes) and the failure to provide such data will prevent the Controller from performing these obligations.

1.5. The Controller shall exercise due care to protect the interests of persons whose personal data it processes and, in particular, shall be responsible for and ensure that the data it collects are: (1) processed lawfully; (2) collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes; (3) substantively correct and adequate in relation to the purposes for which they are processed; (4) stored in a form which enables the identification of data subjects for a period no longer than necessary for the achievement of the purpose of the processing; and (5) processed in a way which ensures adequate security of personal data, including protection against unauthorised or unlawful processing as well as against accidental loss, destruction or damage, by means of appropriate technical or organisational measures.

1.6. Having regard to the nature, scope, context, and purposes of the processing, as well as the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the GDPR Regulation and to be able to demonstrate it. These measures are reviewed and updated as needed. The Controller uses technical measures to prevent unauthorised persons from obtaining and modifying personal data transmitted electronically.

1.7. All words, phrases and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) shall be understood in accordance with the definition contained in the Regulations of the Online Store available at the websites of the Online Store.

2. BASIS FOR DATA PROCESSING

2.1. The Controller shall be entitled to process personal data where, and to the extent that, at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specified purposes; (2) the processing is necessary for the performance of an agreement to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into an agreement; (3) the processing is necessary for the performance of a legal obligation imposed on the Controller; or (4) the processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, in particular where the data subject is a child.

2.2. In each case, the processing of personal data by the Controller requires the existence of at least one of the grounds indicated in point 2.1 of the privacy policy. Specific grounds for the processing of personal data of Service Users and Customers of the Online Store by the data Controller are indicated in the next section of the privacy policy - with reference to a given purpose of personal data processing by the Controller.

3. PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE

3.1. Each time, the purpose, basis, period, and scope as well as recipients of the personal data processed by the Controller result from the activities undertaken by a given Service User or Customer in the Online Store. For example, if the Customer decides to make purchases in the Online Store and chooses in-person collection of the purchased Product instead of courier delivery, their personal data will be processed in order to perform the Sales Agreement concluded but will no longer be made available to the carrier performing the shipment on behalf of the Controller.

3.2. The Controller may process personal data within the framework of the Online Store for the purposes, on the basis and for periods indicated in the table below:

Purpose of data processing	Legal basis for data processing	Period of data storage
Performance of the Sales Agreement or an agreement for the provision of an Electronic Service or taking steps at the request of the data subject prior to the conclusion of the above-mentioned agreements.	Article 6 par. 1 letter (b) of the GDPR Regulation (performance of the agreement) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;	Data is stored for a period required to perform, terminate, or otherwise expire the concluded Sales Agreement or Agreement for the Provision of an Electronic Service.
Direct marketing	Article 6 par. 1 letter (f) of the GDPR Regulation (legitimate interests pursued by the controller) – processing is necessary for purposes resulting from the Controller's legitimate interests – consisting in caring for the interests and the positive image of the Controller, his Online Store, and seeking to sell the Products.	The data is stored for the period of the existence of legitimate interest pursued by the Controller, however, not longer than for the limitation period for the Controller's claims with regard to the data subject arising on the grounds of the Controller's business activity. The limitation period is determined by law, in particular, the Civil Code (the basic limitation period for claims related to the conduct of business is three years, and for sales agreements - two years). The Controller may not process data for direct marketing purposes if the data subject has raised an effective objection in this respect.
Marketing	Article 6 par. 1 letter (a) of the GDPR Regulation (consent) – the data subject has consented to the processing of his or her data by the Controller for marketing purposes.	Dane Data is stored until the withdrawal of consent by the data subject for further processing of his or her data for this purpose.
The expression of opinion about the Sales Agreement concluded by the Customer	Article 6 par. 1 letter (a) of the GDPR Regulation – the data subject has consented to the processing of his or her personal data for the purposes of expression of opinion.	Data is stored until the withdrawal of consent by the data subject for further processing of his or her data for this purpose.
Tax purposes	Article 6 par. 1 letter (c) of the GDPR Regulation in conjunction with Art. 86 § 1 of the Tax Ordinance, consolidated text of 17 January 2017 (Dz. U. /Journal of Laws/ of 2017 item 201 as amended) – the processing is necessary for the performance of a legal obligation imposed on the Controller.	Data is stored for the period required by law that obliges the Controller to store tax records (until the expiry of the limitation period for tax liability unless tax laws provide otherwise).
Determination, pursuit or defence of claims that the Controller may assert or that may be asserted against the Controller	Article 6 par. 1 letter (f) of the GDPR Regulation (legitimate interest pursued by the controller) – processing is necessary for purposes resulting from the Controller's legitimate interests – consisting in the determination, pursuit, or defence of claims that the Controller may assert or that may be asserted against the Controller.	The data is stored for the period of the existence of legitimate interest pursued by the Controller, however, not longer than for the limitation period for the claims that may be raised against the Controller (the basic limitation period for claims against the Controller amounts to six years).
Using the Online Store website and ensuring its correct operation	Article 6 par. 1 letter (f) of the GDPR Regulation (legitimate interests pursued by the controller) – processing is necessary for purposes resulting from the Controller's legitimate interests – consisting in running and maintaining the Online Store website.	The data is stored for the period of the existence of legitimate interest pursued by the Controller, however, not longer than for the limitation period for the Controller's claims with regard to the data subject arising on the grounds of the Controller's business activity. The limitation period is determined by law, in particular, the Civil Code (the basic limitation period for claims related to the conduct of business is three years, and for sales agreements - two years).
Keeping statistics and traffic analysis in the Online Store	Article 6 par. 1 letter (f) of the GDPR Regulation (legitimate interests pursued by the controller) – processing is necessary for purposes resulting from the Controller's legitimate interests – consisting in keeping statistics and analysing traffic in the Online Store for the purposes of improving the operation of the Online Store and increasing the sales of Products.	The data is stored for the period of the existence of legitimate interest pursued by the Controller, however, not longer than for the limitation period for the Controller's claims with regard to the data subject arising on the grounds of the Controller's business activity. The limitation period is determined by law, in particular, the Civil Code (the basic limitation period for claims related to the conduct of business is three years, and for sales agreements - two years).

4. RECIPIENTS OF DATA IN THE ONLINE STORE

4.1. For the proper functioning of the Online Store, including the execution of Sales Agreements concluded, it is necessary for the Controller to use services of external entities (such as a software provider, courier, or payment processor). The Controller shall only use such processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.

4.2. Personal data may be transferred by the Controller to a third country, in which case the Controller ensures that this will be done in relation to a country that provides an adequate level of protection – in compliance with the GDPR Regulation, and, in the case of other countries, that the transfer will take place on the basis of standard data protection clauses. The Controller ensures that the data subject is able to obtain a copy of his or her data. The Controller transfers the collected personal data only in the case and to the extent necessary to fulfill the given purpose of data processing compliant with this Privacy Policy.

4.3. The Controller does not transfer data in every single case and to all recipients or categories of recipients indicated in the privacy policy - the Controller only transfers data if it is necessary for the fulfilment of a given purpose of personal data processing and solely to the extent necessary for its fulfilment. For example, if the Customer chooses personal collection, their data will not be transferred to the carrier cooperating with the Controller.

4.4. Personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

4.4.1 carriers / forwarders / courier brokers / entities managing the warehouse and/or the shipping process – in the case of a Customer of the Online Store who has the Product delivered by mail or courier, the Controller makes the collected personal data available to the selected carrier, forwarder or broker that conducts shipments at the Controller's request; if the shipment is made from an external warehouse – to the entity managing the warehouse and/or the shipping process – in the extent necessary for delivering the Product to the Customer.

4.4.2 entities processing electronic or credit card payments – in case of a Customer who uses the electronic or credit card payment method in the Online Store, the Controller makes the collected personal data of the Customer available to a selected entity processing the aforementioned payments in the Online Store at the Controller's request to the extent necessary to process the payment made by the Customer.

4.4.3 providers of an opinion poll system – in the case of a Customer who agreed to express his or her opinion about the concluded Sales Agreement, the Controller makes the collected personal data available to the selected entity providing the opinion poll system for the evaluation of the Sales Agreements concluded in the Online Store at the Controller's request to the extent necessary for the Customer to express an opinion using the opinion poll system.

4.4.4 service providers supplying the Controller with technical, IT and organisational solutions, which enable the Controller to conduct its business activities, including the Online Store and the Electronic Services provided by means of the Store (in particular, providers of computer software for running the Online Store, e-mail and hosting providers, as well as providers of business management and technical support software for the Controller) – the Controller makes the collected personal data of the Customer available to a selected provider acting at the Controller's request only in the case and to the extent necessary to implement a given purpose of data processing in accordance with this Privacy Policy.

4.4.5 providers of accounting, legal and advisory services performing accounting, legal or advisory support activities for the Controller (in particular an accounting office, a law firm or a debt collection agency) – the Controller makes the collected personal data of the Customer available to a selected provider acting at the Controller's request only in the case and to the extent necessary to implement a given purpose of data processing in accordance with this Privacy Policy.

4.4.6 providers of social plug-ins, scripts, and other similar tools placed on the Online Store website that enable the browser of the person visiting the Online Store website to download content from the providers of the abve-mentioned plug-ins (e.g. logging in using a social network login data) and to transfer the visitor's personal data for this purpose to these providers, including:

4.4.6.1 Meta Platforms Ireland Ltd. – the Controller uses Facebook social plug-ins on the Online Store website (e.g. Like button, Share button, or logging in using Facebook login data) and therefore collects and shares personal data of the Service User using the Online Store website with Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) in the extent and in compliance with the privacy policy available at: https://www.facebook.com/about/privacy/ (the data includes information about activities on the Online Store website – including information about the device, sites visited, purchases, ads displayed and the manner in which the services are used – regardless of whether the Service User has a Facebook account and is logged in to Facebook).

5. PROFILING IN THE ONLINE STORE

5.1. The GDPR Regulation imposes an obligation on the Controller to inform about automated decision-making, including profiling, as referred to in Art. 22 par. 1 and 4 of the GDPR Regulation, and - at least in these cases - relevant information about the principles on which they are taken, as well as about the significance and the envisaged consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling in this section of the privacy policy.

5.2. The Controller can use profiling in the Online Store for direct marketing purposes but decisions made on its basis by the Controller shall not concern the conclusion of or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be e.g. granting a given person a discount, sending them a discount code, reminding about unfinished shopping, sending a proposal of a Product, which may correspond to the interests or preferences of a given person, or offering better conditions in comparison with the standard offer of the Online Store. Despite the profiling, it is up to the person to freely decide whether they wish to take advantage of the discount received in this way or of better conditions and make a purchase from the Online Store.

5.3. Profiling in the Online Store consists in automatic analysis or prediction of a given person's behaviour on the website of the Online Store, e.g. through adding a particular Product to the shopping cart, browsing the page of a particular Product in the Online Store, or through analysis of the previous history of purchases made in the Online Store. The condition for such profiling is that the Controller must have the personal data of the person in question in order to be able to send them, for example, a discount code.

5.4. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or affects them in a similarly significant way.

6. RIGHTS OF DATA SUBJECTS

6.1. Right to access, rectify, restrict the processing or erase data and the right to data portability - the data subject has the right to request the Controller to enable them to access, rectify or erase their personal data ("right to be forgotten"), as well as restrict or object to the processing thereof, and has the right to data portability. Detailed conditions for the exercise of the rights indicated above are specified in Art. 15-21 of the GDPR Regulation.

6.2. Right to withdraw consent at any time - the person whose data are processed by the Controller on the basis of consent (pursuant to Art. 6 par. 1 letter (a) or Art. 9 par. 2 letter (a) of the GDPR Regulation) has the right to withdraw their consent at any time without affecting the lawfulness of the processing carried out on the basis of such consent prior to its withdrawal.

6.3. Right to lodge a complaint with the supervisory authority – the person whose data is processed by the Controller has the right to lodge a complaint with the supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

6.4. Right to object – the data subject has the right to object at any moment, for reasons related to his or her specific circumstances, to the processing of his or her data, pursuant to art. 6 par. 1 letter (e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these regulations. In such a case, the Controller shall no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing, which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.

6.5. Right to object regarding direct marketing – if personal data is processed for the purposes of direct marketing, the data subject has the right to object to the processing of his or her personal data for the purposes of such marketing, including profiling, at any time, to the extent in which the processing of data is associated with such direct marketing.

6.6. In order to exercise rights referred to in this section of the Privacy Policy, you can contact the Controller by sending an appropriate message in writing or by electronic mail to the Controller's address provided at the beginning of the Privacy Policy or using the contact form available on the Online Store website.

7. COOKIES AND ANALYTICS IN THE ONLINE STORE

7.1. Cookie files (cookies) are small text information in the form of text files sent by the server and saved on the side of the visitor to the Online Store (e.g. on the hard drive of the computer, laptop, or smartphone memory card, depending on the device used by the visitor of the Online Store). Detailed information on cookie files and the history of their development can be found i.a. at: https://pl.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookie files that can be sent by the Online Store website can be divided into several types, according to the following criteria:

Based on their provider: own (created by the website of the Controller's Online Store) and owned by third parties (other than the Controller)

Based on the period of their storage on the device of the visitor to the Online Store: session (stored until logging off from the Online Store or closing the web browser) and permanent (stored for a specific time, defined by the parameters of each file, or until they are manually removed)

Based on their purpose: necessary (enabling the correct functioning of the Online Store website), functional/optional (enabling the customisation of the Online Store website according to the preferences of the visitor to the Online Store), analytical and performance (collecting information about the way the Online Store website is used), marketing, advertising, and social media (collecting information about the visitor to the Online Store website in order to display ads to the visitor, personalise ads, measure their effectiveness, and perform other marketing activities, including on websites separate from the Online Store website, such as social networking sites and other sites belonging to the same advertising networks as the Online Store)

7.3. The Controller may process data contained in Cookie files when visitors are using the Online Store website for the following specific purposes:

Purposes of using Cookie files in the Controller's Online Store	identification of Service Users as logged in the Online Store and showing that they are logged in (necessary Cookies)
	remembering Products added to the shopping cart for the purposes of placing an Order (necessary Cookies)
	remembering data from the filled Order Forms, polls, or Online Store login data (necessary/functional/optional Cookies)
	customising the content of the Online Store website to the Service User's individual preferences (e.g. regarding colours, font size, website layout) and optimising the use of the Online Store website (functional/optional Cookies)
	keeping anonymous statistics reflecting the way the Online Store website is used (analytical and performance Cookies)
	displaying and rendering advertisements and ignoring the advertisements that the Service User does not want to see, measuring the effectiveness of advertisements, and personalising advertisements, which involves studying the behaviour of visitors to the Online Store by anonymously analysing their activities (e.g. repeated visits on specific sites, keywords, etc.) in order to create their profiles and to target them with advertisements customised to their predicted interests, also when they visit other websites that belong to the advertising network of Google Ireland Ltd., Tradedoubler Ltd. and Meta Platforms Ireland Ltd. (marketing, advertising, and social media Cookies)

7.4. The most popular web browsers allow for checking which Cookie files (as well as the period of operation of Cookie files and their providers) are being sent by the Online Store website at a given moment in the following manner:

In Chrome browser: (1) in the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab	In Firefox browser:: (1) in the address bar, click on the shield icon on the left, (2) go to the "Allowed" or "Blocked" tab, (3) click on "Cross-site tracking cookies", "Social network tracking elements" or "Content with tracking elements"	W In Internet Explorer browser: (1) click on the "Tools" menu, (2) go to the "Internet options" tab, (3) go to the "General" tab, (4) go to the "Settings" tab, (5) click on "Display files"
In Opera browser: (1) in the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab.	in Safari browser: (1) click on the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on "Manage site data" box.	Irrespective of the browser, with tools available, for example, at:: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/

7.5. It is the standard for most web browsers available on the market to allow for saving Cookie files by default. Every user can set the terms for the use of Cookie files by customising the settings of their web browser. This means, for example, that it is possible to limit (e.g. for a specific period of time) or to completely block the saving of Cookie files – however, the latter option may impact some functionalities of the Online Store (for example, it may become impossible to trace the Order path through the Order Form, as Products will not be remembered at the subsequent stages of placing the Order).

7.6. The browser Cookie settings are important for granting consent to the use of Cookies by our Online Store – according to the regulations, the consent can also be granted through browser settings. Detailed information on changing Cookie settings and manual removal of Cookie files in the most popular web browsers can be found in the browser "Help" section and on the following sites (click a link to open):

• for Chrome
• for Firefox
• for Internet Explorer
• for Opera
• for Safari
• for Microsoft Edge

7.7. In the Online Store, the Controller may use the services of Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) These services enable the Controller to keep statistics and to analyse traffic in the Online Store. The collected data are processed as part of the above-mentioned services to generate statistics that support the administration of the Online Store and the analysis of traffic in the Online Store. The data are aggregated. Using the above-mentioned services in the Online Store, the Controller collects data such as the sources and medium of acquisition of visitors to the Online Store, information about the devices and browsers they use to visit the site, IP and domain information, geographical data, demographic data (age and sex), and interests.

7.8. A person can easily block the sharing of information about their activities on the Online Store website to Google Analytics – in order to do this, they can, for example, install a browser add-on provided by Google Ireland Ltd. which can be accessed at: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9. Since the Controller can use advertising and analytics services provided by Google Ireland Ltd. in the Online Store, the Controller points out that full information about the terms of processing of personal data of persons visiting the Online Store (including information recorded in the Cookie files) by Google Ireland Ltd. can be found in the privacy policy for Google services available at: https://policies.google.com/technologies/partner-sites.

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Controller encourages users accessing other sites to get acquainted with the privacy policy set out there. This privacy policy applies only to the Controller's Online Store.