- The administrator of personal data collected via the www.pyxisbackup.com online store is Tadeusz Smela, who runs a business named ComRad Tadeusz Smela entered into the Central Register and Information on Economic Activity of the Republic of Poland kept by the Minister of Economy, place of business and address for delivery: Kazimierza Wierzynskiego 1/2, 70-786 Szczecin, NIP: 9551457697, REGON: 810987841, e-mail address (e-mail): email@example.com, hereinafter referred to as “Administrator” and being also “Service Provider”.
- Personal data collected by the Administrator via the website are processed in accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (general regulation on data protection), hereinafter referred to as the GDPR.
TYPE OF PROCESSED PERSONAL DATA, PURPOSE AND SCOPE OF DATA COLLECTION
- PROCESSING PURPOSE AND LEGAL BASIS. The Administrator processes the personal data of the Service Users of the Store www.pyxisbackup.com in the case of:
a) account registration in the Store, in order to create an individual account and manage this Account, pursuant to art. 6 par. 1 lit. b GDPR (implementation of the contract for the provision of electronic services in accordance with the Store Regulations),
b) place an order in the Store, in order to perform a sales contract, pursuant to art. 6 par. 1 lit. b GDPR (performance of the contract of sale).
- TYPE OF PROCESSED PERSONAL DATA.
In case of:
a) Account. The Customer provides:
• First name and last name,
• E-mail address.
b) Customer Service Orders:
• First name and last name,
• E-mail address.
- PERIOD OF ARCHIVE OF PERSONAL DATA.
The personal data of the Service Users are kept by the Administrator:
a) if the basis for data processing is the performance of the contract, as long as it is necessary for the performance of the contract, and after that for the period corresponding to the period of limitation of claims. Unless a special rule provides otherwise, the period of limitation is ten years, and for claims for periodic benefits and claims related to running a business – three years.
b) if the basis for processing the data is consent until the consent is cancelled, and after the consent has been withdrawn for a period of time corresponding to the period of limitation of claims that may be raised by the Administrator and which may be raised against him. Unless a special rule provides otherwise, the period of limitation is ten years, and for claims for periodic benefits and claims related to running a business – three years.
- While using the Store, additional information may be downloaded, in particular: the IP address assigned to the Recipient’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
- Navigational data may also be collected from Service Users, including information about links and links in which they decide to click or other activities are undertaken in the Store. The legal basis for this type of activity is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
- Providing personal data by the Customer is voluntary.
- Personal data will also be processed in an automated way in the form of profiling, provided that the Service Recipient agrees on the basis of art. 6 par. 1 lit. a) GDPR. The consequence of profiling will be the assignment of a profile to a given person in order to take decisions regarding him or to analyze or predict his preferences, behaviours and attitudes.
- The administrator makes special care to protect the interests of data subjects, and in particular, ensures that the data collected by him are:
a) processed in accordance with the law,
b) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes,
c) factually correct and adequate in relation to the purposes for which they are processed and stored in a form allowing identification of persons they concern, no longer than it is necessary to achieve the purpose of processing.
DISCLOSURE OF PERSONAL DATA
- The personal data of the Customers are provided to service providers used by the Administrator while running the Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to the Administrator’s instructions as to the purposes and methods of data processing (processors) or independently determine the purposes and methods of their processing (administrators).
- The personal data of the Service Users are stored exclusively in the European Economic Area (EEA).
RIGHT OF CONTROL, ACCESS TO OWN DATA CONTENTS AND THEIR CORRECTION
- The data subject has the right to access their personal data and the right to rectify, delete, limit the processing, the right to data transfer, the right to raise objections, the right to withdraw consent at any time without affecting the lawfulness of processing, which was made on the basis of consent before its withdrawal.
- The legal basis of the Customer’s request:
a) Access to data – art. 15 GDPR
b) Rectification of data – art. 16 GDPR
c) Data removal (the so-called right to be forgotten) – art. 17 GDPR
d) Limitation of processing – art. 18 GDPR
e) Transfer of data – art. 20GDPR
f) Opposition – art. 21 GDPR
g) Withdrawal of consent – art. 7 par. 3 GDPR
- In order to exercise the rights referred to in point 2, you can send an appropriate e-mail to firstname.lastname@example.org.
- In the event of the Client obtaining the right resulting from the above rights, the Administrator fulfils the request or refuses to meet it promptly, however not later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – the Administrator will not be able to fulfil the request within a month, it will meet them within the next two months informing the Customer about the intended extension and its reasons.
- If it is found that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Office for the Protection of Personal Data.
- The Administrator’s website uses “cookies”.
- The installation of “cookies” is necessary for the proper provision of services on the Store’s website. The “cookies” files contain information necessary for the proper functioning of the website, and they also give the opportunity to compile general statistics of website visits.
- The website uses two types of “cookies”: “session” and “permanent”.
a) “Session” cookies are temporary files that are stored in the Customer’s end device until they log out (leave the site).
b) “Persistent” cookie files are stored in the Customer’s terminal device for the time specified in the “cookie” file parameters or until they are removed by the Service Recipient.
- The administrator uses his own cookies in order to better understand how the Customers interact with the content of the site. The files collect information about the method of using the website by the Service Recipient, the type of website from which the Recipient was redirected, and the number of visits and the time of the Customer’s visit to the website. This information does not record specific personal data of the Service Recipient, but it is used to develop statistics on the use of the website.
- The administrator uses external cookies to collect general and anonymous static data via analytical tools of Google Analytics (external cookie administrator: Google Inc., based in the USA).
- The Customer has the right to decide on the access of “cookies” on his computer by selecting them in the window of his browser. Detailed information about the possibilities and ways of handling “cookies” are available in the software (web browser) settings.
- The Administrator uses technical and organizational measures to ensure that personal data being processed is protected against hazards and categories of data protected, in particular, protects data against unauthorized access, being taken by an unauthorized person, processing in violation of applicable laws and changes, loss, damage or destruction.
- The Administrator shall make available appropriate technical measures to prevent the unauthorized persons from obtaining and modifying personal data sent electronically.