The owner of the Online Shop and the data controller is Chitone sp. z o.o., having its registered office in Lębork (84-300) at ul. Pionierów 15, entered into the register of entrepreneurs of the National Court Register kept by the District Court for Gdańsk-Północ in Gdańsk, VIII Commercial Department of the National Court Register, under the following number: 0000758954, share capial of PLN 5,000, Tax ID: 8411724198, national business registry number REGON: 381875111, hereinafter referred to as “Chitone sp. z o.o.”
The personal data collected by Chitone sp. z o.o. via the Online Shop are processed in conformity with the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free
movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Chitone sp. z o.o. applies special care to respecting the privacy of the Customers visiting the Online Shop.
§ 2 Type of personal data subject to processing, purpose and legal basis of processing
Chitone sp. z o.o. collects information related to natural persons carrying out legal transactions indirectly linked to their activity, natural persons conducting an economic or professional activity on their own account, as well as natural persons representing legal persons or organisational units not being legal persons, whom the legislation grants legal capacity, conducting an economic or professional activity on their own account, hereinafter jointly referred to as the “Customers.”
The personal data of the Customers is collected in the following cases:
a) upon registration of an account with the Online Shop in order to create and manage an individual account. Legal basis: necessity to perform a contract to manage an Account (Art. 6.1.b of GDPR);
b) upon placing an order with the Online Shop, in order to perform a contract of sale. Legal basis: necessity to perform a contract of sale (Art. 6.1.b of GDPR);
c) upon subscription of the Newsletter in order to perform a contract for the provision of services by electronic means. Legal basis: consent of a person to whom data relates to perform a contract of provision of the Newsletter services (Art. 6.1.b of GDPR);
Upon registration of an account with the Online Shop the Customer shall enter their:
Upon registration of an account with the Online Shop the Customer shall set an individual access password thereto. The Customer shall be entitled to change the password thereafter as described in §6.
Upon placing an order with the Online Shop, the Client shall enter their following personal data:
a) e-mail address;
a) zip code / city;
b) street and house/apartment number.
c) name and surname;
d) telephone number.
Entrepreneurs shall additionally enter the following:
a) their company name;
b) its tax identity number NIP.
To use the Newsletter service the Client shall enter their e-mail address only.
Additional information may be collected while using the Online Shop Website, in particular: the IP address assigned to the Client’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
In addition, the Customers’ navigation data may be collected, including links and references which the Clients click on, or data related to other activities performed while visiting our Online Shop. Legal basis - legitimate interest (Art. 6.1.f of GDPR) in facilitating the use of services provided by electronic means and in improving their functionality.
To establish and exercise claims, additional personal data provided by the Customer may be processed as part of using the functions of the Online Shop, such as: name, surname, data related to using the services, in the case of claims resulting from the manner in which the Customer uses the services, other data required to prove that a claim exists, including the extent of the damages incurred. Legal basis - legitimate interest (Art. 6.1.f of GDPR) in establishing, enforcing and defending against claims in a proceeding before courts and other public administration bodies.
Provision of personal data to Chitone sp. z o.o. shall be voluntary in connection with the sales contracts concluded or in connection with the provision of services through the Online Shop Website; however, a failure to provide the data specified in the data forms during the Registration process shall render Registration and creation of an account impossible. Likewise, processing an order placed without prior Customer Account Registration shall be impossible.
§ 3 Who shall personal data be made available or entrusted to and how long shall they be stored?
The Customer’s personal data shall be transmitted to the providers of the services used by Chitone sp. z o.o. for the purposes of operating its Online Shop. The service providers to whom personal data shall be made available, depending on the contractual provisions and circumstances, must follow Chitone sp. z o.o.’s instructions regarding the purposes and methods of processing such data (data processors) or determine the said purposes and methods on their own (data controllers).
a) Data processors Chitone sp. z o.o. uses the services of suppliers who process personal data solely upon Chitone sp. z o.o. orders. They include suppliers providing hosting and accounting services, marketing systems, systems for analysing the Online Shop traffic, systems for analysing the efficiency of marketing campaigns.
b) Data controllers Chitone sp. z o.o. uses the services of suppliers who not only follow its instructions but also make their own decisions regarding the purposes and methods of using the Customer’s personal data. They provide electronic payment and banking services.
Location The service suppliers have their registered offices mainly in Poland and other countries of the European Economic Area (EEA).
The personal data of the Customers shall be stored as follows:
a) where the grounds for their processing is a consent, the personal data of the Customer shall be processed by Chitone sp. z o.o. until the consent is withdrawn and, following its withdrawal, for a period corresponding to the period of limitation of claims that Chitone sp. z o.o. may raise and that may be raised against it. If a special provision does not indicate otherwise, the period of limitation of claims shall be six years and for claims related to periodic benefits and an economic activity - three years.
b) where the basis for their processing is performance of a contract, the personal data of the Customer shall be processed by Chitone sp. z o.o. for as long as is necessary to perform a contract and thereafter for a period corresponding to the period of limitation of claims. If a special provision does not indicate otherwise, the period of limitation of claims shall be six years and for claims related to periodic benefits and an economic activity - three years.
If a purchase is made through the Online Shop, personal data may be provided, depending on the Customer’s choice, to the following entities in order to deliver the goods ordered:
a) a courier company;
b) Poczta Polska S.A., having its registered office in Warsaw.
Where the Customer elects to make a payment via przelewy24.pl, their personal data shall be provided to the extent necessary to effect the payment to PayPro S.A. Agent Rozliczeniowy, having its registered seat in Poznań (60-327 Poznań, ul. Kanclerska 15), entered into the register of entrepreneurs kept by the District Court for Poznań - Nowe Miasto i Wilda in Ponzań, VIII Commercial Department of the National Court Register, under the following number: KRS 0000347935, Tac ID: 7792369887, national business registry number REGON: 301345068.
Navigation data may be used to provide the Customers with better services, analysis of statistical data, to adapt the Online Shop to the Customers’ preferences and to administer it.
Where the Customer subscribes the Newsletter, Chitone sp. z o.o. shall send to their e-mail address e-mails containing commercial information about promotions and new products available in the Online Shop.
Chitone sp. z o.o. shall make available personal data to public authorities, especially the organizational units of the Attorney’s Office, the Police, the President of the Personal Data Protection Office, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.
§ 4 Cookies, IP address
The Online Shop uses small-size files referred to as “cookies.” They are recorded by Chitone sp. z o.o. on the terminal equipment of a person visiting the Online Shop, where a browser so allows. A cookie file usually contains the name of the domain it originated from, its “expiry date” and an individual, random number identifying it. Information collected by means of cookie files helps adapt the products offered by Chitone sp. z o.o to the individual preferences and actual needs of the Online Shop’s visitors. It also allows preparing general visiting statistics related to the products presented in the Online Shop.
Chitone sp. z o.o. uses two types of cookie files:
a) Session cookies: following a browser session or following switching off the computer, the recorded information is deleted from its memory. The session cookies mechanism does not allow collecting any personal data or confidential information from the Customer’s computer.
b) Permanent cookies: cookies stored in the memory of the Customer’s terminal devices until deleted or expired. The permanent cookies mechanism does not allow collecting any personal data or confidential information from the Customer’s computer.
Chitone sp. z o.o. uses own cookies to:
a) authenticate the Customer in the Online Shop and secure their session therein (following logging in), as a result of which the Customer does not have to re-enter their login and password on each sub-page of the Online Shop;
b) research, analyse and audit the views, especially to create anonymous statistics to help understand how the Customers use the Online Shop’s website and, consequently, to improve its structure and content.
Chitone sp. z o.o. uses third-party cookies to:
a) present its Reliable Regulation Certificate via the rzetelnyregulamin.pl website (third-party cookies administrator: Rzetelna Grupa sp. z o.o., having its registered seat in Warsaw).
The cookies mechanism is safe for the Online Shop Customers’ computers. In particular, no viruses, malware or undesired software can penetrate the Customer’s computer through the cookies mechanism. Nevertheless, the Customer can use their browser to limit or deactivate access of cookie files to their computer. If the Customer does so, they shall not be able to use the Online Shop’s functions that require cookie files.
The following is a description of how the settings of popular Internet browsers can be modified regarding cookie files:
a) Internet Explorer;
b) Microsoft EDGE;
Chitone sp. z o.o. may collect the Customers’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Online Shop by the Internet services provider. An IP address allows Internet access. In most cases it is assigned to a computer dynamically, i.e. it changes with each connection to the Internet. An IP address is used by Chitone sp. z o.o. to diagnose technical problems with the server, create statistical analyses (e.g. identify the regions from which the biggest number of visits is recorded), as information useful in administering and improving the Online Shop, as well as for security purposes and to identify undesired automatic programmes for browsing the content of the Online Shop overloading the server.
The Online Shop contains links and references to other websites. Chitone sp. z o.o. shall not be liable for the privacy protection rules of such websites.
§ 5 The rights of data subjects
The right to withdraw a consent - legal basis: Art 7.3 of GDPR.
a) The Customer shall have the right to withdraw any consent granted to Chitone sp. z o.o.
b) A consent withdrawal shall become effective upon its filing.
c) A consent withdrawal shall not affect the processing performed by Chitone sp. z o.o. in conformity with the law prior to the withdrawal.
d) A consent withdrawal shall have no negative consequences for the Customer, however, it may prevent them from further use of the services or functions, which Chitone sp. z o.o. is entitled to provide only upon a consent.
The right to object to the processing of personal data - legal basis: Art. 1 of GDPR.
a) The Customer shall be entitled at any time to object to the processing of their personal data related to their particular situation, including profiling, where Chitone sp. z o.o. processes their personal data on the grounds of its legitimate interest e.g. marketing of products and services of Chitone sp. z o.o., managing the statistics related to the use of particular functions of the Online Shop and facilitating the use of the Online Shop, as well as conducting satisfaction surveys.
b) An e-mail unsubscribing marketing messages related to products and services shall mean the Customer’s objection to the processing of their personal data, including profiling to this effect.
c) If the Customer’s objection proves valid and Chitone sp. z o.o. has no other legitimate interest to process the Customer’s personal data, the data subject to the Customer’s objection shall be erased.
The right to erasure (‘right to be forgotten’) - legal basis - Art. 17 of GDPR.
a) The Customer shall have the right to request erasure of all or some of their personal data.
b) the Customer shall have the right to request erasure of their personal data if:
such personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
the Customer withdraws consent on which the processing is based;
the Customer objects to the processing of their personal data for marketing purposes;
their personal data have been unlawfully processed;
their personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Chitone sp. z o.o. is subject;
their personal data have been collected in relation to the offer of information society services.
c) Despite a request to erase personal data in connection with filing an objection or a withdrawal, Chitone sp. z o.o. shall be entitled to keep certain personal data to the extent to which their processing is necessary to establish, exercise or defend legal claims, as well to meet the legal obligation requiring processing in conformity with the Union or Member State law to which Chitone sp. z o.o. is subject. This relates, in particular, to the following personal data: name, surname; e-mail address, which are kept for the purposes of handling complaints and claims related to the use of the services offered by Chitone sp. z o.o., or, additionally, residence/correspondence address, order number, which are kept for the purposes of handling complaints and claims related to the contracts to sell goods or provide services.
The right to restriction of processing - legal basis: Art. 18 of GDPR.
a) The Customer shall have the right to request restriction of processing of their personal data. Filing a request to this effect shall prevent the Customer from using certain functions of services requiring the processing of the data subject to such request until it is reviewed. Chitone sp. z o.o. shall also refrain from sending any messages, including marketing messages.
b) The Customer shall also be entitled to request restriction of processing of their personal data in the following cases:
the accuracy of the personal data is contested - in such case Chitone sp. z o.o. shall restrict their processing for a period required to verify the accuracy of the personal data, no longer, however than 7 days;
where the processing is unlawful, and the Customer opposes erasure of the personal data and requests restriction of their use instead;
where the personal data is no longer needed for the purposes of the processing, but they are required by the data Customer for the establishment, exercise or defence of legal claims;
where the Customer has objected to processing of their personal data - the restriction is introduced pending the verification whether, due to the particular situation, the legitimate interest, rights and freedoms of the Controller override those of the Customer.
The right of access - legal basis: Art. 15 of GDPR.
a) The Customer shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, the Customer has the right to:
access their personal data;
obtain information concerning the purposes of the processing, the categories of the personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the planned period of storage of the Customer’s data or the criteria of determining such period (where determining the planned processing period is not possible), the Customer's rights under GDPR and concerning the right to lodge a complaint with a supervisory authority, the source of such data, the automated decision-making, including profiling and security measures applied in connection with the transfer of such data outside the European Union.
c. obtain a copy of their personal data.
The right to rectification - legal basis: Art. 16 of GDPR.
The right to data portability - legal basis: Art. 20 of GDPR.
a) The Customer shall have the right to receive the personal data concerning them, which they have provided to a Controller and transmit those data to another controller of their choice. The Customer shall also have the right to request that their personal data be transmitted by the Controller directly such other controller, where technically feasible. In such case, the Controller shall transmit the Customer’s personal data in the csv format, being a commonly used format, suitable for machine reading and allowing transmission of the personal data received from one controller to another.
Where the Customer files a request resulting from the above-mentioned rights, Chitone sp. z o.o. shall meet such request or decline it as soon as possible, no later, however than within a month of receiving it. However, if due to a complex nature of a request or due to multiple requests Chitone sp. z o.o. is unable to meet them within a month, it shall meet them within two months, having informed the Customer within one month of receiving a request of the planned extension of the said deadline and about its causes.
The Customer shall be entitled to file complaints, enquiries and requests related to the processing of their personal data and exercising their rights.
The Customer shall have the right to lodge a complaint with the President of the Personal Data Protection Office regarding their personal data protection rights or other rights granted to them under GDPR.
§ 6 Security management - password
Chitone sp. z o.o. provides the Customers with a secure and encrypted connection during transmitting their personal data and during logging into the Customer Account on the Website. Chitone sp. z o.o. applies an SSL certificate issued by one of the world’s leading companies dealing with the security and encryption of data transmitted over the Internet.
Where a Customer holding an account in the Online Shop loses their access password, the Online Shop shall allow them to generate a new one. Chitone sp.zo.o. does not send password reminders. A password shall be stored in an encrypted format in a manner rendering its reading impossible. To generate a new password, type your e-mail address in the form available under the link “Forgot your password?” next to the Online Shop login window. The Customer shall receive an e-mail redirecting them to a dedicated form available on the Online Shop’s Website, where they shall be able to create a new password, such e-mail being sent to the address provided upon registration or saved during the last account profile change.
Chitone sp. z o.o. never sends any correspondence, including e-mails, requesting provision of login data, in particular, password to a Customer’s account.
Last modification date: 04.07.2019 r.