PRIVACY POLICY

  1. GENERAL PROVISIONS:
    1. This Privacy Policy applies to the website: https://leds.design
    2. SKL Plus sp. z o.o. with its registered office at ul. Błażeja 70D, 61–608 Poznań is the operator of the website and the Data Controller of personal data voluntarily provided by the Customers.
    3. E-mail address to the Data Controller: office@leds.design

 

  1. Personal data are used by the website operator to:
    1. Provide services;
    2. Prepare, pack and ship the order;
    3. Operate the comments system.

 

  1. The Service acquires data from:
    1. Data provided voluntarily by the customers in the website forms;
    2. Cookies

 

  1. Personal data obtained by the website are collected and processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the Protection of Individuals with respect to the Processing of Personal Data and on the Free Movement of Such Data and on the repealing of Directive 95/46/EC (General Data Protection Regulation) – GDPR and the Personal Data Protection Act of May 10, 2018.

 

  1. The data are processed by the Data Controller in the following cases:
    1. The customer uses the contact form;
    2. Registration in the Online Shop system;
    3. Use of the option of shopping without logging in.

 

  1. Types of personal data processed by the data controller:

Name

Place of residence

E–mail address

Telephone number

 

  1. PERSONAL DATA RETENTION PERIOD

Users’ personal data shall be stored by the Data Controller:

  1. where data processing is based on the performance of a contract, the data shall be retained as long as necessary for performance of the contract and thereafter for a period corresponding to the limitation period for claims. Unless otherwise stipulated by specific provisions, the limitation period shall be six years, whereas in case of claims related to periodic performance and claims related to business activities this period shall be three years.
  2. where data processing is based on a consent for data processing, the data shall be retained until the consent is revoked and after the consent is revoked, for a period of time corresponding to the limitation period for claims which may be asserted by and against the Data Controller. Unless otherwise stipulated by specific provisions, the limitation period shall be six years, whereas in case of claims related to periodic performance and claims related to business activities this period shall be three years.

 

During use of the website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the User’s Internet provider, domain name, browser type, access time, operating system type.

 

Also, navigation data may be collected from the Users, including links they choose to click on or other actions taken on the website. The legal basis for such procedure is derived from the Data Controller’s legitimate interest (Article 6 (1)(f) of GDPR) in facilitating the use of services provided electronically and in improving the functionality of these services.

  1. THE RIGHT TO CONTROL, ACCESS AND CORRECT OWN DATA

The data subject shall have the right of access to his/her personal data and the right of rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

The legal basis of the User’s request:

Access to data – Article 15 of GDPR

Rectification of data – Article 16 of GDPR.

Deletion of Data (the right to be forgotten) – Article 17 of GDPR.

Restriction of Processing – Article 18 of GDPR.

Data Portability – Article 20 of GDPR.

Objection – Article 21 of GDPR

Withdrawal of Consent – Article 7(3) of GDPR.

When the User makes a request for the exercise of the above rights, the Data Controller shall either immediately comply with the request or refuse to comply with it, but no later than within one month of receipt of the request. However, if the Data Controller is unable to fulfil the request within one month due to the complexity of the request or the number of requests, it shall fulfil the request within the following two months with prior information to the User about the intended extension of the deadline and providing reasons therefor within one month of receipt of the request.

If it is established that the processing of personal data violates the provisions of GDPR, the data subject shall have the right to file a complaint to the President of the Data Protection Office.

  1. COOKIES

The Data Controller’s website uses cookies. Installation of cookies is necessary for proper provision of services on the website. Cookies contain information necessary for the proper functioning of the website and enable the development of general statistics of website visits.

The Data Controller uses its own cookies to better understand how the User interacts with the website content. The cookies collect information about how the User uses the website, the type of website from which the User was redirected, the number of visits and the length of the User’s visit to the website. This information does not record specific personal data about the User, but is used to compile statistics about the use of the website in order to further improve it. The User is entitled to decide on the access of cookies to his/her computer by selecting them in advance in a browser window. Detailed information on the possibility and methods of using cookies is available in the software (browser) settings.

 

  1. FINAL PROVISIONS

The Data Controller shall apply technical and organisational measures to ensure the protection of the personal data processed, appropriate to the risks and categories of data protected, and the Data Controller shall particularly protect the data against their disclosure to unauthorised persons, against their appropriation by an unauthorised person, against their processing in violation of the applicable legislation, and against their alteration, loss, damage or destruction.

The Data Controller shall provide appropriate technical measures to prevent unauthorised persons from obtaining and modifying personal data sent electronically. In matters not regulated by this Privacy Policy, GDPR and other Polish law regulations shall apply respectively.

     The Data Controller may entrust the processing of data to entities with which it cooperates, e.g. a hosting company, by entering into appropriate agreements with them to guarantee an appropriate security of the entrusted data.