Privacy Policy

  1. This Privacy Policy sets out the rules for the processing of personal data obtained via the online store www.centrumkas.pl (hereinafter referred to as the "Online Store").
  2. The owner of the Online Store and at the same time the data controller is Stanisław Grzelak, conducting business activity under the name BAJT Stanisław Grzelak with its registered office at ul. Wokulskiego 3/15, 08-300 Sokołów Podlaski, entered into the Central Register and Information on Business Activity maintained by the Minister of Development, NIP: 823-000-32-71, REGON: 710273369, tel. 48 (25) 787 22 87, e-mail: bok@centrumkas.pl, hereinafter referred to as CentrumKas.
  3. Personal data collected by CentrumKas via the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as GDPR.
  4. CentrumKas takes special care to respect the privacy of customers visiting the Online Store.

§ 1 Type of data processed, purposes and legal basis

  1. CentrumKas collects information on natural persons performing legal acts not directly related to their business activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to which the act grants legal capacity, conducting business or professional activity on their own behalf, hereinafter collectively referred to as Customers.
  2. Customers' personal data are collected in the event of:
    • placing an order in the Online Store in order to perform the sales contract. Legal basis: necessity to perform the sales contract (Article 6, paragraph 1, letter b of the GDPR),
    • contact via e-mail or contact form in order to take steps before concluding a contract at the request of the data subject. Legal basis: consent to data processing (Article 6(1)(a) of the GDPR).
  3. When placing an order in the Online Store, the Customer provides the following data:
    • email address;
    • address details:
      postal code and city;
      country (state);
      street with house/apartment number.
    • name and surname;
    • phone number.
  4. In the case of Entrepreneurs, the above scope of data is additionally extended to include:
    • the Entrepreneur's company;
    • Tax Identification Number.
  5. When using the CentrumKas Online Store, additional information may be collected, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
  6. Navigational data may also be collected from Customers, including information about the links and hyperlinks they choose to click or other actions they take in our Online Store. Legal basis: legitimate interest (Article 6, paragraph 1, letter f, GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
  7. For the purpose of establishing, pursuing and enforcing claims, certain personal data provided by the Customer as part of using the functionalities in the Online Store may be processed, such as: first name, last name, data regarding the use of services if the claims result from the manner in which the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - legitimate interest (Article 6, paragraph 1, letter f of the GDPR), consisting in the establishment, pursuit and enforcement of claims and defense against claims in proceedings before courts and other state authorities.
  8. Personal data provided to CentrumKas are provided to it voluntarily in connection with concluded sales contracts or the provision of services via the Online Store, provided, however, that failure to provide the data specified in the form during the ordering process will prevent the submission and execution of the Customer's order.

§ 2 Who is the data shared or entrusted to and how long is it stored?

  1. Customers' personal data is transferred to service providers used by CentrumKas to operate the Online Store. Depending on contractual arrangements and circumstances, these service providers are either subject to CentrumKas's instructions regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of processing (controllers).
    • Processors. CentrumKas uses suppliers who process personal data solely on CentrumKas' instructions. These include, among others, suppliers of hosting services, accounting services, transport services, marketing systems, systems for analyzing traffic in the Online Store, and systems for analyzing the effectiveness of marketing campaigns;
    • Data Controllers. CentrumKas uses providers who do not act solely on instructions and independently determine the purposes and methods of using customer personal data. They provide electronic payment and banking services.
  2. Location. Service providers are based primarily in Poland and other countries of the European Economic Area (EEA).
  3. Customers' personal data are stored:
    • If consent is the basis for personal data processing, the Customer's personal data will be processed by CentrumKas until the consent is revoked, and after the consent is revoked, for a period corresponding to the limitation period for claims that CentrumKas may raise and that may be brought against it. Unless a specific provision provides otherwise, the limitation period is ten years, and for claims for periodic benefits and claims related to business operations, three years.
    • If the basis for data processing is the performance of a contract, then CentrumKas processes the Customer's personal data for as long as necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is ten years, and for claims for periodic benefits and claims related to business activity, three years.
  4. If you make a purchase in the Store, your personal data may be transferred to a courier company in order to deliver the ordered goods.
  5. Navigation data may be used to provide Customers with better service, analyze statistical data and adapt the Online Store to Customer preferences, as well as to administer the Online Store.
  6. CentrumKas, in the event of a request addressed to it, makes personal data available to authorized state authorities, in particular organizational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Cookie mechanism, IP address

  1. The Online Store uses small files called cookies. They are saved by CentrumKas on the end device of a visitor to the Online Store, if the web browser allows it. A cookie typically contains the name of the domain from which it originates, its expiration date, and an individual, randomly selected number identifying the file. Information collected using these types of files helps to tailor the products offered by CentrumKas to the individual preferences and actual needs of visitors to the Online Store. They also enable the development of general statistics on visits to the products presented in the Online Store.
  2. CentrumKas uses two types of cookies:
    • Session cookies: After ending a browser session or turning off the computer, the stored information is deleted from the device's memory. The session cookie mechanism does not allow the collection of any personal data or confidential information from customers' computers.
    • Persistent cookies: These cookies are stored in the memory of the Customer's end device and remain there until they are deleted or expire. The persistent cookie mechanism does not allow the collection of any personal data or any confidential information from the Customer's computer.
  3. CentrumKas uses its own cookies for the following purposes:
    • ensuring the Customer's session in the Online Store, thanks to which the Customer can add products to the Cart.
  4. CentrumKas uses external cookies to:
    • collecting general and anonymous statistical data via Google Analytics analytical tools (external cookie administrator: Google Inc. based in the USA);
  5. The cookie mechanism is safe for the computers of Online Store Customers. In particular, it is impossible for viruses or other unwanted software or malware to enter Customers' computers this way. However, Customers have the option of limiting or disabling cookie access to their computers in their browsers. If this option is used, the Online Store will still be available for use, except for functions that, by their nature, require cookies.
  6. Below we present how you can change the settings of popular web browsers regarding the use of cookies:
  7. CentrumKas may collect Customer IP addresses. An IP address is a number assigned to the computer of a visitor to the Online Store by the Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned to the computer dynamically, meaning it changes with each Internet connection, and is therefore generally treated as non-personally identifiable information. The IP address is used by CentrumKas to diagnose technical server problems, create statistical analyses (e.g., to determine which regions receive the most visits), as information useful in administering and improving the Online Store, as well as for security purposes and to identify server-burdening, unwanted automated programs for browsing the Online Store's content.
  8. The Online Store contains links and references to other websites. CentrumKas is not responsible for the privacy policies of such websites.

§ 4 Rights of data subjects

  1. Right to withdraw consent - legal basis: Article 7(3) of the GDPR.
    • The customer has the right to withdraw any consent given to CentrumKas.
    • Withdrawal of consent takes effect from the moment of withdrawal of consent.
    • Withdrawal of consent does not affect the processing carried out by CentrumKas in accordance with the law before its withdrawal.
    • Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities which, according to the law, CentrumKas may only provide with consent.
  2. Right to object to data processing - legal basis: Article 21 of the GDPR.
    • The Customer has the right to object at any time - for reasons related to his/her particular situation - to the processing of his/her personal data, including profiling, if CentrumKas processes his/her data based on a legitimate interest, e.g. marketing of CentrumKas products and services, keeping statistics on the use of individual functionalities of the Online Store and facilitating the use of the Online Store, as well as satisfaction surveys.
    • Unsubscribing via e-mail from receiving marketing communications regarding products or services will mean the Customer's objection to the processing of his or her personal data, including profiling for these purposes.
    • If the Customer's objection proves to be justified and CentrumKas has no other legal basis for processing personal data, the Customer's personal data will be deleted to the processing of which the Customer has objected.
  3. Right to erasure of data ("right to be forgotten") - legal basis: Article 17 GDPR.
    • The customer has the right to request the deletion of all or some of his or her personal data.
    • The customer has the right to request the deletion of personal data if:
      a) the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
      b) withdrew a specific consent to the extent that personal data were processed based on his consent;
      c) has objected to the use of his data for marketing purposes;
      d) personal data are processed unlawfully;
      e) personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which CentrumKas is subject;
      f) the personal data were collected in connection with the provision of information society services.
    • Despite a request to delete personal data, in connection with an objection or withdrawal of consent, CentrumKas may retain certain personal data to the extent that processing is necessary to establish, pursue, or defend legal claims, as well as to comply with a legal obligation requiring processing under EU law or the law of the Member State to which CentrumKas is subject. This applies in particular to personal data including: first name, last name, and email address, which are retained for the purpose of handling complaints and claims related to the use of CentrumKas services, and additionally, residential/mailing address and order number, which are retained for the purpose of handling complaints and claims related to concluded sales contracts or the provision of services.
  4. Right to restrict data processing - legal basis: Article 18 GDPR.
    • The customer has the right to request the restriction of the processing of their personal data. Submitting a request, until it is resolved, prevents the use of certain functionalities or services that would involve the processing of the data covered by the request. CentrumKas will also not send any communications, including marketing communications.
    • The customer has the right to request the restriction of the use of personal data in the following cases:
      a) when he/she questions the accuracy of his/her personal data – then CentrumKas limits their use for the time needed to check the accuracy of the data, but no longer than for 7 days;
      b) when the processing of data is unlawful and instead of deleting the data, the Customer requests the restriction of their use;
      c) when personal data are no longer necessary for the purposes for which they were collected or used but are needed by the Customer to establish, pursue or defend claims;
      d) when he has objected to the use of his data – then the restriction takes place for the time needed to consider whether – due to the specific situation – the protection of the Client’s interests, rights and freedoms outweighs the interests pursued by the Controller in processing the Client’s personal data.
  5. Right of access to data - legal basis: Article 15 of the GDPR.
    • The Customer has the right to obtain confirmation from the Controller whether he processes personal data, and if so, the Customer has the right to:
      a) obtain access to your personal data;
      b) obtain information on the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period of storage of the Customer's data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), the Customer's rights under the GDPR and the right to lodge a complaint with the supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
      c) obtain a copy of your personal data.
  6. Right to rectification - legal basis: Article 16 of the GDPR.
    a) The Customer has the right to request immediate rectification of any inaccurate personal data concerning them by the Controller. Taking into account the purposes of processing, the Customer whose data is processed has the right to request the completion of incomplete personal data, including by providing an additional statement, by sending a request to the email address specified in §6 of the Privacy Policy.
  7. Right to data portability - legal basis: Article 20 of the GDPR.
    a) The Client has the right to receive their personal data provided to the Controller and then send it to another personal data controller of their choice. The Client also has the right to request that the Controller send their personal data directly to such controller, if technically feasible. In such a case, the Controller will send the Client's personal data in a CSV file, which is a commonly used, machine-readable format that allows the data to be sent to another personal data controller.
  8. If the Customer exercises the above rights, CentrumKas will either comply with the request or refuse to comply with it immediately, but no later than one month after receiving it. However, if – due to the complex nature of the request or the number of requests – CentrumKas is unable to comply within one month, it will comply within the next two months, informing the Customer within one month of receiving the request of the intended extension and the reasons for it.
  9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his or her personal data and the exercise of his or her rights.
  10. The Customer has the right to request CentrumKas to provide a copy of the standard contractual clauses by sending an inquiry in the manner indicated in §6 of the Privacy Policy.
  11. The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding a violation of his or her rights to personal data protection or other rights granted under the GDPR.

§ 5 Security management

  1. CentrumKas provides customers with a secure and encrypted connection when transmitting personal data. CentrumKas uses an SSL certificate issued by one of the world's leading companies in the field of security and encryption of data transmitted over the internet.
  2. CentrumKas never sends any correspondence, including electronic correspondence, asking for login details, e-mail or bank login details.

§ 6 Changes to the Privacy Policy

  1. The Privacy Policy may be subject to change, of which CentrumKas will inform Customers 7 days in advance.
  2. Please send any questions regarding the Privacy Policy to: bok@centrumkas.pl
  3. Last modified on: 12/05/2020.