WHISBEAR ONLINE STORE AND WEBSITE
1. PERSONAL DATA CONTROLLER
1.1. Personal data of the Buyers shall be processed by the Seller, i.e. Whisbear sp. z o.o. with its registered seat in Warsaw, at ul. Zielona 32, 02-913 Warsaw, entered into the companies’ register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register, under KRS number 0000555169, tax identification number (NIP) 7010481536, statistical number (REGON) 36137404 (hereafter the ‘Controller’).
1.2. Controller may be reached, in particular, via the following e-mail address: firstname.lastname@example.org. Data protection officer may be reached via the following e-mail address: email@example.com. Mrs. Zuzanna Sielicka – Kalczyńska was appointed as the data protection officer.
2. SCOPE AND TERM OF PROCESSING
2.1. The scope of personal data processed by the Seller shall be determined by data supplemented and sent by the Buyer on an appropriate form. Buyer’s personal data subject to processing may include their e-mail address, name and surname, telephone number, address of residence/ delivery, computer’s IP address, name and surname of the Buyer’s child.
2.2. In case the Seller shall obtain information that the services are used by the Buyer in a way contrary to the Terms and Conditions or applicable provisions of law (unauthorized use), the Seller may process the Buyer’s personal data to the extent necessary to establish their liability.
2.3. The Buyer’s personal data shall be processed for a period of 5 years from the date of placing of the last Order, while in the case of Newsletter subscribers data shall be processed until the termination of the Newsletter contract, and after that data shall be deleted unless its processing is necessary due to another legal basis.
2.4. Seller shall not transfer personal data to third countries.
2.5. Buyers’ personal data shall not be processed in an automated way.
3. PURPOSE AND GROUNDS FOR PROCESSING
3.1. Buyers’ personal data shall be processed in order to: (a) comply with the applicable provisions of the law, (b) perform contracts of sale, provide services by electronic means, in particular User Accounts maintenance and other activities indicated in the Terms and Conditions; (c) perform Seller’s promotional and commercial activities.
3.2. The legal basis for personal data processing in the case:
3.2.1. referred to in 3.1(a) shall be the statutory authorization to process data necessary for the purpose of complying with the applicable law,
3.2.2. referred to in 3.1(b) shall be the statutory authorization for processing necessary for the performance of the contract, if the data subject is a party to it or if it shall be necessary to take action before the conclusion of the contract at the request of the data subject,
3.2.3. referred to in 3.1(c) shall be the voluntary consent of the Buyer.
3.3. Providing personal data is voluntary, however lack of consent for processing of personal data labelled as mandatory shall prevent the Seller from processing Orders and providing services to the Buyer.
4. DATA RECEIPIENTS
4.1. The Seller may entrust personal data processing to third parties. In such a case Buyer’s data may be received by: Whisbear.pl Online Store hosting provider, Whisbear.pl Online Store maintenance (including Newsletter) provider, payment processing company (including PayLane Sp. z o.o. with its registered seat in Gdańsk at ul. Arkońska 6/A3, postal code: 80-387, under KRS number: 0000227278; to the extent necessary to service payments for an Order), accounting firm, flagship store, carrier.
4.2. Personal data collected by the Seller may also be made available to the relevant state authorities at their request and on the basis of relevant legal provisions, or to other persons and entities – in cases prescribed by the law.
4.3. Each entity to whom the Seller shall entrust Buyer’ personal data for processing purposes, based on a personal data processing agreement (hereafter the ‘Agreement’), guarantees an appropriate level of security and confidentiality regarding personal data processing. The entity that shall process Buyer’s personal data based on the Agreement may process the Buyer’s personal data through another entity only on the basis of a prior consent of the Seller.
5. THE RIGHTS OF THE DATA SUBJECT
5.1. Each Buyer shall have the right to: (a) delete personal data collected about them, either from the system belonging to the Seller as well as from databases of entities with which the Seller cooperates or cooperated, (b) restrict personal data processing, (c) transfer personal data pertaining to the Buyer and collected by the Seller, including to receive them in a structured form, (d) demand access to their personal data and their rectification from the Seller, (e) raise objections regarding processing, (f) withdraw consent granted to the Seller, at any time and without affecting the compliance with the applicable law of personal data processing which was performed prior to the withdrawal of consent; (g) lodge a complaint against the Seller to a supervisory authority.
6. OTHER DATA
6.1. The whisbear.pl Online Store may store http queries, therefore some information may be stored in the server’s log files, including the IP address of the computer from which the query came from, the name of the Buyer’s station – the identification performed by the http protocol, if possible, date and system time of registration on the whisbear.pl Online Store website and the arrival of a query, the number of bytes sent by the server, the URL of the page previously visited by the Buyer in case the Buyer entered by clicking on a link, information about the Buyer’s browser, information regarding errors that occurred during the execution of the http transaction. Logs can be collected as material required for proper administration of the whisbear.pl Online Store. Only the persons authorized to administer the information system shall have access to that information. Log files can be analyzed in order to compile traffic statistics on the whisbear.pl Online Store page and in order to compile statistics regarding the errors that occur. Summary of such information shall not identify the Buyer.
7. INFORMATION SECURITY
7.1. Seller shall apply technical and organizational measures ensuring protection of personal data being processed shall be appropriate to threats and categories of data protected. Seller shall, in particular, secure data technically and organizationally against unauthorized access, removal by an unauthorized person, processing infringing the provisions of the Act as well as their change, loss, damage or destruction. Among others, SSL (Secure Socket Layer) certificates shall be used. Seller has also implemented appropriate technical and organizational measures, such as pseudonymization, which are designed to effectively implement data protection principles (such as data minimization) and to provide the necessary safeguards in order to meet the requirements of the GDPR and protect the rights of data subjects.
7.2. Seller shall implement all adequate technical measures specified in Arts. 25, 30, 32-34, 35-39 of the GDPR which provide increased protection and security of Buyer’s personal data being processed.
7.3. In order to log in to an Account, respective login and password shall be entered. In order to ensure an adequate level of security, the Account password shall exist – within the scope of the whisbear.pl Online Story – only in an encrypted form. Moreover, registration and logging in to the Account shall be executed over a secure https connection. Communication between the Buyer’s device and servers shall be encrypted using the SSL protocol.
7.4. At the same time, the Seller points out that the use of the Internet and services provided by electronic means, especially the use of publicly available Wi-Fi networks, may involve specific ICT risks, such as: the presence and operation of worms, spyware or malware , including computer viruses, as well as the possibility of being exposed to cracking or phishing (password hunting), and others. In order to obtain detailed and professional information about maintaining security on the Internet, the Seller recommends that entities specializing in IT services shall be consulted.
8.2. Seller shall use two types of cookies: session cookies which shall be permanently deleted the moment the browser is shut down; and permanent cookies, which shall remain after the browser on the Buyer’s device was shut down, and remain on the Buyer’s device until they are deleted.
8.3. Based on cookies, both session cookies and permanent cookies, it shall not be possible to determine the identity of the Buyer. Cookies do not allow any personal data to be downloaded. Whisbear.pl Online Store cookies are safe for the Buyer’s device, in particular they do not allow any viruses or other software to be installed on the device.
8.4. Files generated directly by the whisbear.pl Online Store can not be read by other websites. External cookies (i.e. cookies placed by the Seller’s partners) can be read by an external server.
8.5. Buyer may enable external cookies to be saved on their device, in accordance with the browser manufacturer’s manual, however this may result in some parts or features of the whisbear.pl Online Store becoming unavailable.
8.6. Seller shall use their own Cookies for the following purposes: authentication of the Buyer at the whisbear.pl Online Store and maintenance of the Buyer’s session; configuration of the whisbear.pl Online Store and adjustment of the website content to the Buyer’s preferences, such as: recognition of the Buyer’s device, saving the settings selected by the Buyer; ensuring data security and the use of Whisbear.pl Online Store; audience analysis and research; providing advertising services.
8.7. Seller shall use external cookies for the following purposes: creating statistics (anonymous) which allow the usability of the Whisbear.pl Online Store to be optimized via analytical tools such as Google Analytics; the use of interactive features using social networks, including: Facebook, Instagram, Pinterest and YouTube.
8.8. Buyer may independently change the cookies’ settings at any time, specifying the conditions for their storage through the web browser settings or by otherwise configuring the service. Buyer may also delete cookies stored on his device at any time, in accordance with the browser manufacturer’s manual.
8.9. Detailed information about cookies is available in the web browser settings.
9. FINAL PROVISIONS