Close

PRIVACY POLICY OF THE ONLINE STORE

www.agtom.eu

 

  1. The Personal Data Controller for the website at www.agtom.eu, hereinafter referred to as the "Website," is Agtom Sp. z o.o., with its registered office at ul. Mogilska 97, 31-545 Krakow, NIP (Tax Identification Number): 6783154951, REGON (National Business Registry Number): 36170647600000, entered into the National Court Register by the District Court for Krakow - Śródmieście in Krakow, XI Commercial Division of the National Court Register, under KRS number: 0000561845, share capital PLN 10,000.00 (fully paid), email: agtom@agtom.eu.
  2. Respecting your rights as data subjects and in compliance with applicable laws, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR," the Act of 10 May 2018 on the Protection of Personal Data (hereinafter referred to as the "Act"), and other relevant data protection provisions, we commit to maintaining the security and confidentiality of the personal data obtained from you. All employees have been appropriately trained in the processing of personal data, and our company, as the Personal Data Controller, has implemented appropriate safeguards and technical and organizational measures to ensure the highest level of personal data protection. We have implemented data protection procedures and policies in accordance with GDPR, which ensure legal compliance and the integrity of data processing, as well as the enforceability of all your rights as data subjects. Additionally, where necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e., the President of the Personal Data Protection Office (hereinafter referred to as "PUODO").
  3. Any inquiries, requests, or complaints regarding the processing of personal data by our company (the Personal Data Controller), hereinafter referred to as "Inquiries," should be directed to the following e-mail address: agtom@agtom.eu or in writing to the address of the Personal Data Controller, i.e., Agtom Sp. z o.o., ul. Mogilska 97, 31-545 Krakow. The content of the Inquiry should clearly specify:
    1. the data of the person or persons to whom the Inquiry relates,
    2. the event that is the reason for the Inquiry,
    3. your demands and the legal basis for these demands,
    4. the expected manner of resolving the matter.
  4. In our Online Store, we collect the following personal data:
    1. first and last name – when placing an Order, you will be asked to provide your first and last name so that we can fulfill the Order and contact you,
    2. residential address – we need this to fulfill Orders by shipping the Product you have ordered,
    3. phone number – we may call you to confirm an Order or in case of unexpected events (such as a product being out of stock), while proposing the most favorable solution,
    4. e-mail address – we use your e-mail address to send you an Order confirmation and to contact you if necessary in connection with the fulfillment of your Order. If you have subscribed to our newsletter, we will also send you commercial information once or twice a month,
    5. NIP (Tax Identification Number) – we collect the NIP from entrepreneurs and individuals who request an invoice and have a NIP number,
    6. device IP address – information resulting from the general principles of connections made on the Internet, such as the IP address (and other information contained in system logs), is used by the Online Store administrator for technical purposes. IP addresses may also be used for statistical purposes, in particular to collect general demographic information (e.g., about the region from which the connection is made).
  5. Providing the data indicated in the preceding point is necessary in the following cases:
    1. when making a purchase in our Online Store using the Order Form available on the website (Order without logging in/registering an Account),
    2. for your registration in the Buyer database, which is voluntary; in this case, we store the data you provide in our database to facilitate your future purchases in our Online Store,
    3. to provide the newsletter subscription service – if you wish to be informed about interesting events and commercial offers, you can subscribe to our newsletter; subscription is voluntary and you can unsubscribe at any time.
  6. Our Online Store uses Cookies technology to adapt its functioning to your individual needs. Therefore, you can agree to have the data and information you enter remembered, so that you can use them on your next visit to our Online Store without having to re-enter them. Owners of other websites will not have access to this data and information. However, if you do not agree to the personalization of the Online Store, we suggest disabling Cookies in your web browser options.
  7. Each of you, as a user of our Online Store, has the option to choose whether and to what extent you want to use our services and share information and data about yourself, as specified in this Privacy Policy.
  8. Your personal data is processed by our company as the Personal Data Controller for the purpose of executing sales agreements and any additional services provided to you (i.e., data subjects) and offered in the Online Store. In accordance with the principle of data minimization, we process only those categories of personal data that are necessary to achieve the purposes mentioned in the preceding sentence.
  9. We process personal data for the time necessary to achieve the purposes listed in the preceding point. Personal data may be processed for a period longer than indicated in the preceding sentence if such an entitlement or obligation imposed on the Personal Data Controller results from specific legal provisions or if the service we provide is continuous (e.g., newsletter subscription).
  10. The source of the personal data processed by the Personal Data Controller is the data subjects themselves.
  11. Your personal data is not transferred to a third country within the meaning of the GDPR provisions.
  12. We do not share any personal data with third parties without the express consent of the data subject. Personal data may be shared without the consent of the data subject only with public law entities, i.e., authorities and administration (e.g., tax authorities, law enforcement agencies, and other entities with authorization in generally applicable laws).
  13. Personal data may be entrusted for processing to entities that process such data on behalf of our company as the Personal Data Controller. In such a situation, as the Personal Data Controller, we conclude a data processing agreement with the processing entity. The processor processes the entrusted personal data, but only for the needs, to the extent, and for the purposes indicated in the processing agreement referred to in the preceding sentence. Without entrusting your personal data for processing, we would not be able to conduct our business in the Online Store or deliver shipments with the ordered Products to you. As the Personal Data Controller, we entrust personal data for processing to entities:
    1. providing hosting services for the website on which our Online Store operates,
    2. providing postal, courier, and transport services for the delivery of shipments with ordered Products,
    3. providing other services to us as the Personal Data Controller, which are necessary for the current operation of the Online Store.
  14. Personal data is not subject to profiling by the Personal Data Controller.
  15. In accordance with the provisions of the GDPR, every person whose personal data we process as a Personal Data Controller has the right to:
    1. be informed about the processing of personal data, as referred to in Art. 12 of the GDPR – the Controller is obliged to provide you, as data subjects, with the information specified in the GDPR (including, among others, its own data, contact details of the DPO, purposes and legal bases for processing personal data, recipients or categories of recipients of personal data, if any, or the period for which the data will be processed or the criteria for determining this period); this obligation must be fulfilled at the time of data collection (e.g., when a customer places an order in an online store), and if the data is not obtained from the data subject but from another source – within a reasonable period, depending on the circumstances; the Controller may refrain from providing this information if the data subject already has it,
    2. access their personal data, as referred to in Art. 15 of the GDPR – by providing us with personal data, you have the right to inspect and access it; this does not mean, however, that you have the right to access all documents on which your data appears, as they may contain confidential information; however, you have the right to information about what your data is and for what purpose we process it, and the right to obtain a copy of your personal data, with the first copy being provided free of charge, and for each subsequent copy, in accordance with the provisions of the GDPR, we charge a reasonable administrative fee corresponding to the cost of making the copy,
    3. rectify, complete, update, or correct personal data, as referred to in Art. 16 of the GDPR – if your personal data has changed, please inform us as the Personal Data Controller of this fact so that the data we hold is accurate and up-to-date; also, if no personal data has changed, but for any reason the data is incorrect or has been recorded incorrectly (e.g., due to a clerical error), please inform us to correct or rectify such data,
    4. erasure of data (the right to be forgotten), as referred to in Art. 17 of the GDPR – in other words, you have the right to request the "deletion" of data held by us as the Personal Data Controller and the right to request that we, as the Personal Data Controller, inform other controllers to whom we have transferred your data of the need to delete it. You can request the erasure of your personal data primarily when:
      1. the purposes for which the personal data were collected have been achieved, e.g., we have fully executed the sales agreement concluded with you,
      2. the basis for the processing of your personal data was solely consent, which was then withdrawn, and there are no other legal grounds for further processing of your personal data, e.g., if you unsubscribe from the newsletter and no longer use our company's offer in any other way,
      3. you have objected based on Art. 21 of the GDPR and you believe that we have no overriding legal grounds to continue processing your personal data,
      4. your personal data was processed unlawfully, i.e., for unlawful purposes or without any basis for processing personal data – please remember that in this case you must have a basis for your request,
      5. the need to delete your personal data arises from legal provisions,
      6. the personal data concerns a minor and was collected in connection with the provision of information society services,
    5. restriction of processing, as referred to in Art. 18 of the GDPR – you can apply to our company with a request to restrict the processing of your personal data (which would mean that until the matter is clarified, our company would primarily only store it), if:
      1. you contest the accuracy of your personal data, or
      2. you believe that we are processing your data without a legal basis, but at the same time you do not want us to delete this personal data (i.e., you are not exercising the right referred to in the preceding letter), or
      3. you have lodged an objection, as referred to in letter (f) of this point, or
      4. your personal data is needed to establish, pursue, or defend claims, e.g., before a court,
    6. data portability, as referred to in Art. 20 of the GDPR – you have the right to obtain your data in a format that allows it to be read on a computer and the right to transmit this data in such a format to another controller; this right applies to you only if the basis for processing your data was consent (e.g., for a newsletter subscription) or if the data was processed automatically,
    7. to object to the processing of personal data, as referred to in Art. 21 of the GDPR – you have the right to object if you do not agree to our processing of personal data that we have processed so far for legitimate purposes in accordance with the law; in particular, the right to object applies to the processing of your personal data for direct marketing purposes (e.g., newsletter subscription),
    8. not to be subject to profiling, as referred to in Art. 22 in conjunction with Art. 4(4) of the GDPR – in our Online Store, you will not be subject to automated decision-making or profiling within the meaning of the GDPR, unless you consent to it; additionally, we will always inform you about profiling if it were to take place,
    9. to lodge a complaint with a supervisory authority (i.e., the President of the Personal Data Protection Office), as referred to in Art. 77 of the GDPR – if you believe that we are processing your personal data unlawfully or are in any way violating the rights arising from generally applicable data protection laws.
  16. With regard to the right to erasure (the right to be forgotten), we note that in accordance with the provisions of the GDPR, you do not have the right to exercise this right if:
    1. the processing of your personal data is necessary for exercising the right to freedom of expression and information, e.g., if you have posted your data on a blog, in comments, etc.,
    2. the processing of personal data is necessary for our company to comply with legal obligations arising from the law – we cannot delete your data for the period necessary to comply with obligations (e.g., tax obligations) imposed on us by law,
    3. the processing of your data is done for the purpose of pursuing, establishing, or defending claims.
  17. If you wish to exercise your rights referred to in the preceding point, please use the appropriate tabs in the Online Store that allow you to delete your account and data collected in our Online Store, or please send a message by e-mail to the address: agtom@agtom.eu.
  18. Every identified case of a security breach is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, the data subjects are informed of such a breach of data protection regulations, and – if applicable – PUODO.
  19. All capitalized words have the meaning given to them in the Regulations of our Online Store, unless otherwise stated in this Privacy Policy.
  20. In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply. In case of non-compliance of the provisions of this Privacy Policy with the above-mentioned provisions, these provisions shall take precedence.

 


Close