I. DATA ADMINISTRATOR
The Administrator of the personal data is Pro Design Studio Paulina Domaradzka/GOOD4BOOK, based in Dzierżoniów at ul. Cybulskiego 28, 58-200 Dzierżoniów, Poland, NIP: 882-212-86-87; Tax ID: PL8822128687, hereinafter referred to as the Administrator.
The Administrator, with a view to ensuring the security of the personal data entrusted to it, informs that it has implemented technical and organizational measures, resulting from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) and other laws. The Administrator shall ensure that personal data are processed lawfully, are collected for the specified purposes and are not further processed in a way incompatible with those purposes.
The Administrator has implemented pseudonymization and anonymization of personal data in order to limit access to them. We try to limit the period of storing personal data.
Information on personal data can be found in the footer of good4book.com.
The contact with the Administrator regarding the protection of personal data is possible at the following email address: gdpr@good4book.com.
II. PURPOSES AND GROUNDS FOR PROCESSING PERSONAL DATA
The Administrator processes personal data for various purposes, always in accordance with the law. If the user uses the Services, we store its personal data for as long as necessary to provide the services it has chosen. We usually keep user’s personal data for as long as it is our customer and for a certain period of time after the expiry of its contractual relationship. Below are the purposes of processing personal data:
- For the purpose of handling the inquiries, they are processed for the duration of the correspondence, then feed the customer base and are processed for the purpose of the agreement, or are removed if there is no possibility of cooperation. In the case of a clear closure of the talks, the data are removed from the working system databases, and from the security copy before the expiry of 90 days. Legal basis: Article 6 (1)(b) of the GDPR;
- The personal data provided during a visit to the Website, registering in the Website’s database, placing an order, in accordance with the Regulations, in the form of a name, surname, email address, correspondence address, telephone number, are processed for the period resulting from the concluded agreement. The data are processed for the time until the end of the agreement, then in connection with the Administrator’s obligations and on the basis of legally justified interests. It concerns the necessity of data storage due to tax regulations and accounting acts. Legal basis: Article 6 (1)(b, f, c) of the GDPR;
- After completion of the agreement, due to the need to be able to defend oneself against claims or to assert one’s rights, which are governed by the Civil Code;
- Research and analysis of website activity. Personal data, such as: date and time of the website visit, type of operating system, approximate location, type of web browser used to browse the website, time spent on the site, subpages visited, subpage where the contact form was filled in. The Administrator’s interest is to learn about the customers’ activity on the website. Legal basis: Article 6 (1)(f) of the GDPR;
- Cookie files are IT data, especially text files, which are stored in the device of the Website User. Cookies usually contain the domain name of the website from which they come, the time of their storage on the terminal device and a unique number. The Website can place a cookie in the browser, if the browser allows it. The browser allows the Website to access only the cookies placed by the Website, and not the files placed by other Internet pages. We use cookies in order to adjust the content of the Website to the User’s preferences and optimize the use of the Website, e.g. cookies allow to recognize the device and display the Website adjusted to individual needs (e.g. language and currency selection). Cookies allow to maintain the User’s session, thanks to which the User does not have to duplicate login activities. Cookies are used to detect abuse of authentication. At any time, you can change the settings of your web browser to block the use of cookies or each time you can get information about their placement in your device. Many cookies are anonymized for us, without additional information – on their basis, we are not able to identify your identity. Internet browsers may contain default settings for automatic acceptance of cookies in the terminal device. Disabling or limiting the use of cookies may cause difficulties in using the website, e.g. the necessity of frequent logging in, longer loading period of the website, limitations in functionality. We leave you the choice in this respect. Legal basis: Article 6 (1)(b) of the GDPR;
- Website administration. These are data such as IP address, date and time of the server, web browser information, operating system information. These data are saved automatically in the server logs, each time the Website is used. Administering the website without using the server and without this automatic saving is not possible. The interest of the Administrator is to administer the website. Legal basis: Article 6 (1)(f) of the GDPR;
- Services for major business activities, including the opportunity to contact you about the offer and to discuss the conclusion of the agreement. After the correspondence is closed, the data is deleted within 90 days. Legal basis: Article 6 (1)(b) of the GDPR;
- Receiving marketing and commercial information. With your prior consent, we process your data until you withdraw your consent. As soon as your consent is withdrawn and the 30 days necessary for deletion of your data from our system databases have expired, your data will be deleted. Legal basis: Article 6(1)(a) of the GDPR
- Processing of data on the basis of entrustment agreements concluded with the personal data administrators. In situations such as gift vouchers, Writer’s Cards as a gift and other services provided by GOOD4BOOK. As soon as the service is performed and in accordance with the agreement, GOOD4BOOK as the Administrator returns or removes personal data completely. The period of processing of personal data depends on the time specified in the agreement with the Administrator. You will receive all information regarding your rights and the fact that you entrust us as a processor with the processing of your personal data from the Personal Data Administrator. GOOD4BOOK ensures that it cooperates closely with the Administrator in providing you with information about data processing.
III. RIGHTS OF THE OWNER OF PERSONAL DATA
1. When processing personal data by the Administrator, you have the following rights:
- to access your personal data;
- to correct your personal data;
- to delete your personal data;
- to limit the processing of your personal data;
- to oppose the processing of your personal data;
- to transfer your personal data.
2. The rights are not absolute, in some situations, we may legitimately refuse to exercise them. If we refuse to grant a request, it is only after careful consideration and only if it is necessary to refuse the request.
3. At any time you have the right to object to the processing of personal data on the basis of the Administrator’s legitimate interest in the specific situation. The Administrator may refuse to take account of an objection if it demonstrates that:
- there are legitimate grounds for processing which take precedence over the interests of the owner of the personal data and its rights and freedoms; or
- there are grounds for establishing, investigating or defending claims.
4. You can exercise your rights by sending an email to gdpr@good4book.com
IV. REQUIREMENT TO PROVIDE PERSONAL DATA
Providing personal data requested by the Administrator on the Website is voluntary and depends on your decision. In many cases, failure to provide personal data will make it impossible to use the offered services or make contact. In cases where the Administrator processes your data as a processor, the basis of data processing and the consequences of providing or not providing the data are determined by your Administrator.
V. AUTOMATED DECISION MAKING AND PROFILING
We do not make automated decisions, including on the basis of profiling in relation to persons leaving their personal data on the Administrator’s website.
VI. RECIPIENTS OF PERSONAL DATA
1. We use the help of other parties, which requires them to have access to personal data. These are e.g. entities providing IT, hosting, legal services or cooperating in the execution of agreements and orders. The Administrator cares about the security of personal data and for this purpose concludes a data processing entrustment agreement with the aforementioned entities, strictly defining the processing conditions, the scope of access to data and possible processing operations. The Administrator shall ensure that after the end of the agreement the data are permanently deleted by this entity, as well as reserves the right to control this entity.
2. It may be the case, for example, that we will have to transfer your personal data to public bodies on the basis of a relevant legal provision or decision of a competent authority. These are entities entitled by law to receive personal data, and the regulations indicate the situations in which an entity may request such a disclosure. It is extremely difficult for us to predict who may request personal data, however, for our part, we ensure that each case of a request for personal data is carefully analyzed in order not to provide information to an unauthorized person.
VII. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
As a business operator, the Administrator, when offering a range of services in the business process, uses IT tools by means of which personal data can be transferred, depending on the service, to third countries within the meaning of the GDPR, in order to perform the agreement. Legal basis: Article 49 (1)(a) and (b) of the GDPR. The agreement in question may be an agreement between the owner of personal data and the Administrator, for whom GOOD4BOOK is only a processor, or, to an individual extent, an agreement between the owner of personal data and GOOD4BOOK as the Administrator.
Our Website may contain links to or from the websites of our partner networks, advertisers and partners. When you click on such a link, please note that these websites have their own privacy policies and cookie policies and we do not accept any responsibility for these websites.
VIII. RIGHT TO COMPLAIN
You have the right to lodge a complaint with the President of the Office for Personal Data Protection if, in your opinion, your personal data is being processed in violation of the law. We hope that you would like to inform us of any doubts in this respect in the first place.
IX. FINAL PROVISIONS
1. As far as not covered by this Privacy Policy, the provisions of the Regulations, the Civil Code and the relevant Polish laws, as well as European Union law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) apply.
2. This Privacy Policy is effective from 1 July 2020.