General provisions
- This Privacy Policy explains our rules for collection and use of personal data in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as GDPR).
- We describe for what purpose and on what basis we process your personal data, and what rights you have in connection with our data processing.
- Personal data is any information that can identify you, i.e. your name, phone number, e-mail address and address for delivery of purchases.
- The Controller of your personal data is ROS-SWEET Sp. z o.o with its headquarters at 37-100 Łańcut, 2 Przemysłowa Street, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Rzeszów, XIIth Economic Department under the KRS number 0000252710 with the share capital of PLN 600,000, NIP 8151702738, REGON 180112363, which operates the ROS-SWEET website at https://ros-sweet.pl/.
- We collect personal data to the minimum extent possible. In collecting this data, we strive to ensure that they are reliable and up-to-date. If the collected personal data ceases to be necessary for a given purpose and there is no legal obligation to keep them, then, as far as possible, we try to delete, destroy or permanently prevent them from being associated with a specific person.
What personal information do we collect?
- Through the contact form (under “Contact Us” or “Ask for Product”): first and last name, e-mail address, phone number. We use them only for the feedback and respond to your inquiry.
- Through the registration form: first and last name, e-mail address, telephone number, IP address, as well as address data for the delivery of goods (recipient’s name, street, house number, apartment number, postal code, city, country). This data are needed to set up your account and process the orders you place, as well as to record sales.
- Through the newsletter sign-up form: e-mail address. The data obtained in this way are used only to send commercial information (e.g. about news or promotional actions).
What rights you have under GDPR?
- Right of access – under this entitlement, you have the right to obtain confirmation as to whether your data are actually processed by the Store. If your data are actually processed, you have the right to obtain from us the following information:
- the purpose for which the personal data are processed (e.g., execution of a contract, etc.),
- categories of personal data that are subject to processing (e.g., first and last name, address data);
- information about the recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients who are located outside the EU (so-called third countries);
- to the extent possible, the planned period of storage of personal data, and when this is not possible, the criteria for determining this period;
- information about your rights, i.e. the right to demand rectification, erasure or restriction of data processing from the Controller, as well as to object to such processing (provided, of course, that these specific rights are available in a given case);
- information on right to lodge a complaint with a supervisory authority;
- information about automated decision-making, including profiling, and relevant information about the principles of decision-making, as well as the significance and anticipated consequences of such processing for the data subject.
- The right to erasure of data, the so-called “right to be forgotten” – you have the right to demand that the Website immediately delete your personal data, if one of the following circumstances arises:
- personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- you revoke the consent on the basis of which the processing took place and there is no other legal basis for processing;
- you object to the processing and there are no overriding legitimate grounds for processing. At that moment, your personal data will be deleted from our base;
- personal data were processed illegally;
- deletion of personal data is required to fulfill a legal obligation.
- The right to limit processing – if you make such a request, the processing of personal data will be limited only to their storage in the following cases:
- you question the accuracy of your personal data – for a period that allows the Controller to verify the accuracy of the data;
- processing is unlawful and instead of deletion you request a restriction on the use of your personal data;
- the Controller no longer needs the personal data for the purposes for which they were processed, but the data subject needs them to bring, exercise or defend a claim under the law;
- you have filed an objection to the processing, which will be effective upon clarification of whether the objection is justified.
- Right to rectification – you have the right to request that we promptly rectify your inaccurate personal data. In addition, taking into account the purposes of processing, you have the right to request the completion of incomplete personal data
- Right to lodge a complaint – you also have the right to lodge a complaint with the competent supervisory authority responsible for data protection. The relevant supervisory authority in Poland is the Personal Data Protection Office. ROS-SWEET Sp. z o.o., based in Łańcut, as a data Controller, is responsible for exercising these rights in accordance with applicable legislation. If you have any questions or requests regarding the scope and exercise of your rights and need to exercise a specific data protection right, please contact the Data Protection Officer at: rodo@ros-sweet.pl.
Scope of data processing
We process personal data only if:
- you are asked to consent to the processing of data for a designated purpose (Article 6(1)(a) of GDPR), e.g. responding to your inquiry,
- processing is necessary for the fulfillment of obligations to you (Article 6(1)(b) of GDPR), if you are or will be a party to a contract in connection with the purchase of goods in our store, and to take action at the request of the data subject.
- processing is necessary in order to comply with legal obligations or is directly mandated by law (Article 6(1)(c) of GDPR), e.g. when personal data must be shared with state authorities and for tax records.
- the processing is necessary for the pursuit of the legitimate interests of the Controller or a third party and does not unduly affect your fundamental rights and freedoms (Article 6(1)(f) of GDPR), e.g. to assert or defend claims that the Controller may bring or that may be brought against the Controller, and for statistical purposes (including data analysis and profiling), among others.
Sharing of the of personal data
- ROS-SWEET Sp. z o.o., based in Łańcut, shares your personal data only with such entities and organizations that protect them and act in accordance with applicable data protection laws.
- We collect personal data only when you provide it to us by yourself, such as by filling out a form or sending an e-mail, under an order for goods, services or under inquiries.
- Your data may be transferred to the following recipients:
- postal operators, couriers and suppliers, in case it is necessary for the delivery;
- entities engaged in consulting, auditing activities;
- marketing agencies, if we obtain your consent to use your data to send commercial information or other marketing communications, or if it is permissible on the basis of the legitimate interest of the Controller;
- entities handling electronic payments or payment cards to the extent necessary to process the payment made by the Customer;
- service providers supplying the Controller with technical and IT solutions, enabling the operation of the online store and services provided through it (in particular, computer software providers, e-mail and hosting providers);
- data may also be transferred to entities or institutions entitled to obtain them under applicable law, e.g. to law enforcement agencies in the event that they submit a request for access to data, on an appropriate legal basis (e.g. for the purposes of ongoing criminal proceedings);
- to other entities, if it will result from arrangements with you.
Wskazane wyżej podmioty nie decydują samodzielnie o tym, w jaki sposób przetwarzać Państwa dane osobowe. Przetwarzanie przez nie danych osobowych ma miejsce tylko w zakresie, w jakim jest to niezbędne dla prowadzenia działalności przez administratora i nie będzie wykraczać poza zakres celów wskazanych w § 4. ROS-SWEET Sp. z o.o. z siedzibą w Łańcucie zawiera umowy powierzania z wymienionymi wyżej usługodawcami mające na celu chronić Państwa prywatność. Zasadniczo usługodawcy ci mogą przetwarzać dane jako podmioty przetwarzające, uzyskują dostęp do danych użytkownika wyłącznie w zakresie i na okres, jaki jest niezbędny w celu realizacji określonej usługi.
W ramach przyjętej Polityki Prywatności ROS-SWEET Sp. z o.o. z siedzibą w Łańcucie zobowiązuje się nie sprzedawać danych osobowych Klientów.
Automated decision-making and profiling
- Your personal data are processed by automated means and may be profiled.
- You can object to profiling at any time. Please note, however, that profiling will allow us to better match search results and advertisements to your preferences.
- From the moment of the objection, we are no longer allowed to process the personal data, unless we can demonstrate the existence of valid legitimate grounds for the processing, overriding the interests, rights and freedoms of the data subject, or prove grounds for the establishment, assertion or defense of claims.
Transfer to third countries
- If we transfer personal data to recipients outside the European Economic Area (EEA), this is only done if, for that third country, the European Commission has confirmed an adequate level of data protection.
Protection of personal data
- ROS-SWEET Sp. z o.o., based in Łańcut, applies technical and organizational measures to ensure the protection of personal data processing appropriate to the risks and categories of data, and in particular protects personal data.
- Only persons authorized to process personal data and obliged to keep such data confidential have access to them. Any entities entrusted with the processing of personal data under the contract are obliged to protect them using appropriate security measures and will be obliged not to transfer your data without our consent and knowledge.
Storage period
The period of processing of your personal data depends on the purpose for which the data are processed.
- Order fulfillment: To the extent that your personal data are processed for the purpose of fulfilling orders, we will process them for the duration of the contract relating to the transaction, although we may extend this period by the statute of limitations for your claims, if the processing of such data is necessary for the establishment or assertion of claims, as well as for the defense against such claims.
- Collection of customer’s registration data: Until you explicitly request the deletion of your customer account, your data will be processed by our Store in a limited manner, amounting only to the storage of such data. This data will be stored only for the purpose of other contracts for the purchase and sale of products that you can conclude through our online platform.
- Keeping records for the purpose of demonstrating compliance with obligations under the law, in particular the Accounting Act and the Tax Ordinance Act: The period indicated in the relevant legislation – as a rule, these are 5-year periods, calculated from the end of the calendar year in which, for example, the invoice was issued.
- To assert or defend claims that the Controller may bring or that may be brought against the Controller: The data shall be retained for the period of existence of the legitimate interest pursued by the Controller, but no longer than the period of the statute of limitations for claims against the data subject arising from the Controller’s business activities. The statute of limitations is determined by law, in particular the Civil Code (the basic statute of limitations for claims related to the conduct of business is three years, and two years for a sales contract).
- Contact form: Until you withdraw your consent.
- Statistical activities (including data analysis and profiling): Until an objection is filed.
Final provisions
- In the event that you have any questions, objections or concerns regarding the content of this Privacy Policy, or the manner in which we process personal data, as well as complaints regarding such matters, please send an e-mail to the address listed in § 3 of this Policy.
- At the same time, we encourage you to contact the Controller in advance before filing a complaint in order to resolve any issues related to your personal data as quickly and conveniently as possible and, if possible, clarify doubts or resolve the problem through this channel.
- For our part, we thank you for your trust, and we will do our best to keep your data safe and our processing of it in accordance with the applicable law.
- ROS-SWEET Sp. z o.o. based in Łańcut reserves the right to make necessary changes and updates to this Privacy Policy by publishing new content on our website. After the change is made, the Privacy Policy will appear on the site with the new date.