The administrator of personal data collected through the website is Estarami Limited Liability Company with its registered office in Łódź (address: Wróblewskiego 19a / 19, 93-578 Łódź, correspondence address: Dubois 8/2, 93-491 Łódź; NIP: 9542779875; REGON: 367790756, entered into the National Court Register under the number 0000686748. Email address: firstname.lastname@example.org.
In all matters regarding personal data, please contact the Administrator at the following email address: email@example.com. The title of the message should include the text “GDPR”.
The Administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him is processed in accordance with the law, collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes, substantively correct and adequate in relation to the purposes for which they are processed and stored in a form that allows identification of the persons to whom they relate, no longer than necessary to achieve the purpose of processing. The administrator treats the provided data as confidential and does not disclose it to unauthorized persons.
The administrator also informs about automated decision making, including profiling in order to match the presented content to the user’s preferences and to improve the functioning of our website.
Purpose and scope of data processing
The purpose of personal data processing by the administrator are all activities and processes leading to the implementation of the contract for the sale of products available on the website, sending these products to the customer, as well as subsequent possible complaint handling.
The administrator processes the following personal data of clients: name and surname, e-mail address, contact telephone number, correspondence address (street, house number, apartment number, zip code, city, country). In the case of customers who are not at the same time consumers, the administrator additionally processes the company name and tax identification number (NIP). For customers who have a customer account on the website, the history of placed orders, storage and saved projects are also processed.
Providing personal data referred to in point 7 is necessary to provide services as part of the website and conclude sales contracts. The scope of required data is always indicated.
In the case of conclusion and performance of sales contracts, customer data is processed until the administrator fulfills the contract, i.e. Delivery of products to the customer, and then until the claims arising from the contractual relationship have expired. In the case of other services (customer account management), personal data is processed until the customer has the account.
In the case of customers who use electronic payment methods, the administrator transfers customers’ personal data – only to the extent that it is necessary for the customer to make a payment via the paying agent – the paying agent chosen by the customer.
In the case of customers who use the product delivery services to the customer, the administrator transfers customers’ personal data – only to the extent necessary to make the delivery – to the carrier chosen by the customer: a) Poczta Polska SA with its registered office in Warsaw (address: ul. Rodzinskich 8, 00-940 Warsaw, Poland), number in the Register of Entrepreneurs of the National Court Register: 0000334972, or b) UPS Polska Sp. Zoo. with its registered office in Warsaw (address: 1/3 Prądzyńskiego St., 01-222 Warsaw, Poland), number in the Register of Entrepreneurs of the National Court Register: 0000036680.
The basis for data processing and the rights of the data subject
Using the website and concluding contracts, which involves the need to provide personal data, is completely voluntary. The data subject independently decides whether he wants to start using the services or conclude a contract in accordance with the website’s regulations.
In accordance with art. 6 clause 1 GDPR, data processing is permissible, inter alia, when: a) the data subject has consented to the processing of his personal data for one or more specific purposes, b) the processing is necessary for the performance of a contract to which the person is a party,
data subject, or to take action at the request of the data subject before the conclusion of the contract, c) processing is necessary to fulfill the legal obligation of the administrator. In addition, it should be emphasized that the consent of the data subject to their processing is a voluntary, specific, informed and unequivocal demonstration of the will in the form of a statement or explicit confirmation action in order to allow the processing. At the same time, the administrator has the right to process personal data of the data subject to the extent and for the purpose necessary to fulfill a legitimate interest, if the processing does not violate the rights and freedoms of the data subject.
In accordance with art. 15 – art. 18 and art. 20 – art. 21 GDPR, the data subject has, among others: a) the right to access his own data, b) the right to rectify data, c) the right to delete data (“the right to be forgotten”), d) the right to limit processing, ) the right to object to the processing of data concerning her, including profiling. The data subject also has the right to transfer data (in particular transaction history) and to submit a complaint to the supervisory body of the President of the Office for Personal Data Protection.
In order to realize the rights referred to in p. 15 you can use the options under the customer’s account or by sending an appropriate e-mail to the following address: firstname.lastname@example.org in writing to the administrator’s correspondence address.
via the contact form. Cookies used by the administrator are safe for the user’s device. In particular, it is not possible for viruses or other unwanted software or malicious or spyware to enter your device this way.
The website uses the following cookies: a) “session” – temporary files stored on the terminal device until leaving the website (going to another page, logging out or turning off the browser); b) “permanent” – stored on the terminal device until the time specified in their parameters or until they are removed by the User; c) “necessary” – enabling the use of services provided as part of the website, e.g. authentication files; d) cookies for security purposes, e.g. detecting fraud in the field of authentication on the website; e) “performance” – enabling the collection of information on how to use the website pages; f) “functional” – enabling the user to remember selected settings and personalize the user interface, eg Language, font size; g) “advertising” – enabling adaptation of the presented advertising content to the user’s preferences.
The administrator monitors user information using the Google Analitics tool. The administrator does not allow logging in to the website using accounts on other websites (Facebook, Google, etc.) due to the security of user data. Cookies are
used to guarantee the highest standard of the website, limiting their use may adversely affect some website functionalities. Cookies saved on the user’s end device can also be used by advertisers and trusted administrator partners.
The administrator uses technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects the data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable laws and change, loss, damage or destruction.
The Service Provider provides the following technical measures to prevent the unauthorized acquisition and modification of personal data sent electronically: a) securing the data set against unauthorized access, b) using a secure communication encryption protocol (SSL), c) access to the account only after providing an individual login and passwords, d) data processing only by authorized persons.