1.1 The administrator of personal data of the website at https://oleje-ziebice.pl is the company “MWM Marek Borowski”, with its registered office in Ziębice. tel. 506 088 143, e-mail: biuro@oleje-ziebice.pl. The owner of the company is Marek Borowski.
1.2 The purpose of collecting and processing personal data is to process them in the website’s computer system, specifically for financial reporting purposes.
1.3 The provision of information on the collection and processing of personal data of the website’s client takes place immediately after such a person submits a request for such data to be provided by the Administrator, but not longer than 24 hours. Communication with the controller of personal data shall be free of additional charges.
1.4 The customer of the website provides his personal data voluntarily, and their submission is required for the conclusion of a contract between the owner of the online shop and the customer. Providing personal data is connected with the acceptance of their processing by the administrator for the purposes mentioned above.
1.5 Only personal data of a website client who is a physical person are processed.
1.6 The Administrator processes the customer’s personal data as long as it is necessary for the proper performance of the contract and offering services after its performance.
2.1 The legal basis for requiring the customer’s personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, known as the GDPR.
3.1 The term ‘personal data’ means information needed to identify an individual, in particular his or her name and location data. It is used only for the purposes mentioned in this document.
3.2 A dataset is any structured set of personal data available according to specific criteria.
3.3 Processing means an operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.4 A personal data controller is a physical or legal person, public authority, entity or other entity which independently or jointly with others determines the purposes and means of personal data processing.
3.5 Data security in an IT system – it shall be understood as the implementation and use of appropriate technical and organisational measures ensuring data protection against unauthorized processing.
3.6 A person’s consent to the processing of their personal data – this is a declaration of intent, the content of which is consistent with the processing of personal data of the person who makes the declaration. Such consent may not be implied or implied by a declaration of will with different content. Such consent may be revoked at any time.
4.1 The processing of the personal data of the Customer of the website is necessary for the performance of the contract to which the Customer wishes to be a party, or when it is necessary prior to the conclusion of the contract, in accordance with the GDPR Regulation.
4.2 Prior to the conclusion of the contract, the website owner shall present the terms and conditions of the service to the customer and familiarise the customer with the provisions of the contract and the protection of his personal data. After reading the above mentioned, the customer agrees to the processing of his personal data in the appropriate field of the form.
4.3 The consent given by the customer becomes the basis for the processing of his personal data.
4.4 The consent referred to in clause 4.2 may be revoked at any time and in any form, and this declaration of intent of the customer is binding on the data controller.
4.5 The consent given prior to the conclusion of the contract also covers the processing of personal data in the future, if the purpose of the processing has not changed and the owner of the online shop is obliged under the contract to update or repair the subject of the contract.
5.1 The personal data controller undertakes to exercise special care in order to protect the interests of the data subjects. In particular, these data are to be processed only for designated and legitimate purposes.
5.2 Processing of data not in accordance with the purpose stated in the contract is not permitted.
5.3 The Administrator undertakes never to request information from the customer related to his race or ethnic origin, political opinions, religious or philosophical beliefs, religious, party or trade union membership, as well as data on health, genetic code, addictions or sexual life and data on convictions, punishment and criminal fines, as well as other judgments given in judicial or administrative proceedings.
6.1 Every person has the right to control the processing of data concerning them contained in data filing systems, in particular the right to obtain information on the purpose, scope and method of processing of data contained in such a system, to request completion, updating, correction of personal data, temporary or permanent suspension of their processing or their deletion if they are incomplete, outdated, untrue or have been collected in violation of the law or are no longer necessary for the purpose for which they were collected and other information listed in the GDPR regulation.
7.1 If the data subject proves that the personal data are incomplete, outdated, untrue or have been collected in violation of the Act or are unnecessary for the purpose for which they were collected, the controller shall be obliged, without undue delay, to complete, update, correct the data, temporarily or permanently suspend the processing of the questioned data or remove them from the filing system, unless it concerns personal data for which the mode of supplementing, updating or correcting them is defined by separate acts.
Translated with www.DeepL.com/Translator
7.2 The data subject has the right to request the controller to rectify immediately any personal data relating to him that are inaccurate. Taking into account the purposes of processing, the data subject shall have the right to request completion of incomplete personal data, including by submitting an additional statement.
7.3 The Administrator shall notify the rectification or erasure of personal data or the restriction of processing which he has carried out, within a period not exceeding 24 hours.
8.1 The Administrator undertakes to apply security measures to ensure the security of the personal data processed, appropriate to the risks and categories of data to be protected.
8.2 In particular, the controller shall protect customer data against unauthorised disclosure and processing in a manner inconsistent with the law and the contract.
9.1 Personal data provided by the customer will not be sent to any third country.
10.1 The customer providing personal data has the right to contact the office of personal data protection if he suspects that his data is being used for purposes not in accordance with the contract or the law, or if he feels in any other way that his data is at risk.
11.1 The data subject has the right to request the controller to delete the personal data concerning him/her immediately and the controller is obliged to delete the personal data without undue delay if the customer has terminated the contract with the owner of the online shop, has withdrawn his or her consent to the use of his or her personal data or if this results from the other possibilities listed in Article 17(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. (FAME)
11.2 The Administrator undertakes not to publish personal data provided to it by the customer.
11.3 The data subject has the right to request the administrator to restrict the processing of such data.
11.4 The data subject has the right to object at any time, on grounds relating to his particular situation, to the processing of personal data relating to him. The controller may no longer process such personal data unless he demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims.