Valid from 20.09.2021r.
Identity of the data controller
1. The administrator of the personal data provided during the use of the Website and Online Store operated under the name www.attyeofficial.com is C'ana Spółka Z Ograniczoną Odpowiedzialnością, Mikołaja Kopernika 13/1, 00-359 Warsaw, NIP: 5252674226, REGON: 365292741, KRS: 0000634303
2. The data shall be processed in accordance with currently applicable laws; i.e. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: RODO), the Act of 10 May 2018 on data protection, as well as the Act of 18 July 2002 on the provision of electronic services.
1. The following definitions shall apply in this Policy:
a) Service/Store - the Internet service available at www.attyeofficial.com through which the User may: browse its content (blog, online store), contact the data controller (contact form), place orders for products and goods (online store), order commercial and marketing information (newsletter).
b) Personal data controller - the entity that decides on the purpose and means of data processing, in this policy it is understood as: C'ana Spółka Z Ograniczoną Odpowiedzialnością, Mikołaja Kopernika 13/1, 00-359 Warsaw.
c) User - the natural person whose data is subject to and who uses the services available on the Website/Shop.
d) Personal data - any information that without excessive time and cost can lead to the identification of a natural person, including his/her identification, address and contact data.
Purposes of data processing
1. The controller shall process personal data for the following purposes:
e) performance of a contract to which the data subject is a party or to take action at the request of the data subject, i.e. placing and processing of an order in the online store, realization of the person's rights related to the execution of the order, including guarantees and warranties, etc.
f) registration and creating an account in the Service,
g) documenting a sale or provision of a service, including issuing a bill or invoice to a natural person,
h) answering a question through a contact form or through contact details available on the Website,
i) to market the controller's own products and services in the traditional way,
j) sending commercial and marketing information of the data controller to the e-mail address provided by the User during subscription to a newsletter, with the consent of the data subject,
k) to send opinions on the controller's services and products via external satisfaction services, such as [e.g. Opineo, Ceneo, etc.] with the consent of the data subject,
l) to assert rights and claims by the data controller or the data subject.
2. Provision of data is necessary to carry out the order, issue a sales document, assert claims, as well as answer questions.
3. Providing other data is voluntary.
4. Failure to provide the required data prevents the implementation of services, including ordering and contact.
Ways of data obtaining
1. The User's personal data is collected directly from the data subjects, i.e. by:
m) filling in a form with contact details when submitting an inquiry via a form on the website,
n) filling in a newsletter subscription form,
o) filling in an order form in the online store,
p) registering an account on the Website,
q) providing data to prepare and conclude a contract,
r) direct contact with the data controller using the contact details available on the website or in a traditional form in the place of business.
Scope of data processing
1. The scope of personal data processed has been limited to the minimum necessary to provide services within the scope of:
s) submitting an inquiry via the contact form or by means of contact data available on the website: e-mail address phone number, e-mail address, first name, possible other data provided voluntarily by the data subject,
t) subscribing to a newsletter: first name, e-mail address,
u) placing an order in the online store: name and surname, e-mail address, telephone number, delivery address, possibly the address of the collection point,
v) registering an account in the Service or online store: name and surname, e-mail address, password, login,
w) issuing a bill or an invoice: name and surname or name of the entity, address of its registered office, Tax Identification Number,
x) preparation and conclusion of an agreement: name and surname, address, ID card number, etc.
Period of data processing
1. Personal data shall be processed for the period necessary to fulfill the purpose for which they were collected, i.e.:
y) for the duration of the concluded contract,
z) for the period necessary to document the executed agreement or service, including issuing a bill or invoice - data shall be stored for 5 years, counting from the end of the calendar year in which the deadline for tax payment expired,
aa) for the period necessary to answer the question asked via the contact form or by phone,
bb) until the time of revocation of consent, if the processing of data is based on the consent of the data subject.
Recipients of the data
The User's personal data may be entrusted to other entities in order to perform services commissioned by the data controller, in particular to entities within the scope of:
a) website hosting,
b) servicing and maintaining the IT systems in which the data are processed, including for the purposes of newsletter automation, issuing invoices, order processing, etc.
c) accounting services,
d) maintenance of office services,
e) courier services broker,
f) droppshipping and order processing.
2. The User's personal data may also be made available to entities supporting the data controller, including entities providing courier and postal services, online payment processing.
3. User personal data are not transferred to third countries or international organizations.
Rights of data subjects
1. The data subject shall have:
a) The right of access to and rectification of the content of the data,
b) the right to erasure of data, unless other legal provisions obliging the controller to archive data for a specific period of time are in force,
c) the right to data portability, provided that the data processing is based on a contract or on the consent of the data subject, and the data processing is carried out by automated means,
d) the right to object to the processing of data for direct marketing purposes, carried out by the controller within the framework of a justified legal interest, as well as to the restriction of processing,
e) the right not to be subject to automated profiling, where the controller would make decisions based solely on automated profiling and produce legal effects for or similarly affect the data subject,
f) the right to control the processing of the data and to be informed of who the controller is and to be informed of the purpose, scope and means of the processing, the content of the data, the source of the data, and the manner of disclosure, including the recipients or categories of recipients of the data,
g) the right to withdraw consent at any time where the processing was based on the data subject's consent. Revocation of consent shall not affect the lawfulness of processing carried out on its basis before its revocation,
h) The right to lodge a complaint to the President of the Office for Personal Data Protection (PUODO), if a person considers that the processing of his/her data is incompatible with the regulations currently in force in this regard.
2. In order to exercise the right to control data, access to data content, correction of data, as well as other rights, please contact the data controller.