Privacy Policy
The Privacy policy was last updated on April 24, 2024
1. General Provisions
1.1. This Privacy Policy explains the methods of collecting, processing, and storing personal data necessary for the use of our store, purchasing products, and providing services electronically through the website at gicleon.com (hereinafter referred to as the “Service”), as well as in the context of the Newsletter subscription.
1.2. The Data Controller of Users’ personal data is Art Studio Sławomir Paszko (hereinafter referred to as the “Administrator”).
1.3. The processing of personal data is carried out in accordance with the Regulation of the European Parliament and of the Council (EU) No. 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (known as the General Data Protection Regulation, GDPR).
1.4. The data collected by the Administrator will be:
-
processed in accordance with applicable laws,
-
collected for clearly defined purposes and will not be processed further in a manner that is inconsistent with those purposes,
-
accurate and adequate in relation to the purposes for which they are processed,
-
stored for no longer than is necessary to achieve the purpose of processing.
2. Data Protection Officer
2.1. In accordance with Article 37 of the GDPR, the Administrator has not designated a Data Protection Officer (DPO). For issues related to data processing, including personal data, it is recommended to contact the Administrator directly.
3. Purpose of Data Processing and Third-Party Access
3.1. While using our services, visiting our website, or placing an order, we may ask you to voluntarily provide personal data necessary for the registration process and/or purchase completion. It is important that the information you provide is accurate and up-to-date to ensure operational efficiency.
3.2. We will make every effort to protect your privacy by ensuring the confidentiality and security of your personal data based on the following principles:
-
Order-related communication: The primary reason for contacting you will be to manage your order and keep you informed about its status, from confirmation to delivery, and also in the case of returning products.
-
Newsletter subscription: By subscribing to our newsletter, you agree to receive information about offers, news, and promotional materials (we are trying to tailor them to your interests, but we do not guarantee this). Subscription is optional, and without it, communication will be limited to essential information related to your order.
-
Legal purposes and protection of the Administrator’s legitimate interests: There may be situations where it will be necessary to contact you for legal reasons. This includes responding to legal requirements, addressing compliance issues, or other matters that necessitate action to protect the legitimate legal interests of the Administrator or to fulfill legal obligations.
-
Service and data protection user communication: In some cases, it may be necessary to contact you regarding the operation of the Service and data protection.
-
Sharing information with delivery partners: For the purpose of fulfilling orders, it is necessary to share selected personal information with external logistic/postal service providers.
-
Sharing information with payment processing partners: To complete transactions, it is necessary to share selected personal data with entities or employees responsible for handling payments.
-
Sharing information with employees or partners: It is necessary to transfer selected personal data to individuals or entities responsible for preparing and shipping the order, as well as handling accounting.
-
For analytical and statistical purposes, based on the legitimate interest of the Administrator, which involves analyzing user activity and preferences to optimize the services and products offered, using tools such as Google Analytics (you can block tracking by using appropriate tools, e.g., https://tools.google.com/dlpage/gaoptout). Entities providing such services may have access to this data.
-
Hosting service providers: Such companies may have access to data as part of providing hosting services or related services to the Administrator.
3.4. User data collected anonymously and automatically is processed for the purpose of:
-
Conducting statistics
-
Remarketing
-
Displaying ads tailored to user preferences
-
Managing affiliate programs
-
Protecting the legitimate interest of the Administrator
3.5. In each of the cases mentioned above (point 3.2.), providing data is optional but necessary for entering into a contract or using additional functionalities of the Service.
4. How long we will process personal data
4.1. Personal data voluntarily provided by Users:
The processing of your data will continue until the legal obligation to process it ceases, therefore until:
-
the legal obligation requiring us to process your personal data no longer exists, or
-
a period of time will pass after which it will no longer be possible to pursue, establish and/or defend any claims, or
-
you will withdraw your consent to the processing of data, noting that if we are under a legal obligation to process your data, for example, for tax purposes, withdrawing your consent will be ineffective, and the processing will end when this legal obligation concludes, or
-
you decide to withdraw your consent to receive our newsletter (we will stop sending the newsletter to the provided email address within 48 hours).
4.2. Regarding automatically-collected data that does not contain personal information (anonymous data):
These data, being anonymous statistics, are stored by the Administrator indefinitely to enable the conduct of analyses and statistics related to our Service.
5. Types of Collected Data
5.1. Our service collects various types of information about users. Some of this data is collected automatically and anonymously, while other data, which are personal, are voluntarily provided by users during registration for our services or while making purchases.
5.2. Automatically collected anonymous data includes (When referring to the term “anonymous data” or “anonymous information” anywhere in this Privacy Policy, Cookie Policy, and Terms and Conditions, we mean the following data):
-
IP address
-
Type of Internet browser
-
Screen resolution
-
Approximate location
-
Visited subpages of the service
-
Time spent on specific subpages
-
Operating system of the device
-
Address of the previously visited subpage
-
Referrer page address
-
Browser language
-
Internet connection speed
-
Internet service provider
-
Demographic data such as age and gender
5.3. Data collected during registration for services or purchase of products:
-
First and last name
-
Login
-
Email address
-
Delivery address
-
Phone number
-
IP address (automatically collected)
5.4. Data collected during subscription to the Newsletter service:
-
Email address
-
IP address (automatically collected)
5.5. Some data, not containing user-identifying information, may be stored in cookies. Similarly, some anonymous information may be shared with statistical service providers.
6. Information about Processing
6.1. Depending on the purpose for which they are processed, data – both personal data voluntarily provided by the user and anonymous data collected automatically – may be shared with the following categories of recipients:
-
Entities affiliated with the Administrator,
-
Entities cooperating with the Administrator,
-
Subcontractors, including IT service providers offering IT solutions and hosting,
-
Online payment service providers,
-
Courier and postal companies,
-
Law firms,
-
Accounting service providers,
- Tax and government authorities.
6.2. Personal data (except IP addresses) provided by users will not be transferred outside the European Economic Area (EEA) or to international organizations unless the user independently publishes such data (e.g., through comments), making it globally accessible to people visiting the service.
6.3. Data, whether personal or anonymous, may be subject to automated decision-making processes, including profiling. However, this process will not have any legal consequences for users nor will it significantly affect them.
6.4. Personal and anonymous data will not be resold to any third parties.
6.5. Anonymous data, which are collected automatically, may be transferred outside the EEA or to international organizations.
7. User Rights Regarding Personal Data
7.1. Every user of the Service has a range of rights related to the processing of their personal data, including:
-
The right to access their data, including the ability to correct it.
-
The right to request the deletion of their data.
-
The right to restrict the processing of their data.
-
The right to transfer their data to another data controller.
-
The right to object to the processing of data based on the legitimate interest of the administrator.
-
The right to withdraw consent to data processing at any time, which does not affect the legality of the processing that took place before the withdrawal of consent.
-
The right to object to the processing of their personal data.
-
The right to lodge a complaint with the competent supervisory authority responsible for personal data protection.
8. Legal Basis for the Processing of Personal Data
8.1. The Service processes and collects User data in accordance with applicable Polish and European legal regulations, based on the:
-
Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR)
-
Article 6(1)(a) of the GDPR, according to which data processing is permitted when the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
-
Article 6(1)(b) of the GDPR, according to which processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
-
Article 6(1)(f) of the GDPR, which allows for data processing if it is necessary for the purposes of the legitimate interests pursued by the data Administrator or by a third party.
-
-
The Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000)
-
The Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2004 No. 171, item 1800)
-
The Act of 4 February 1994 on copyright and related rights (Journal of Laws 1994 No. 24, item 83)
9. Contact to Administrator
9.1. You can contact the Administrator via:
-
Email address – contact@gicleon.com
-
Contact form – available at: gicleon.com/contact
10. Final Provisions
10.1. The Administrator reserves the right to make changes to the content of this Privacy Policy at any time without prior notice.
10.2. Updates to the Privacy Policy will be available on this subpage of the Service (in the Privacy Policy).
10.3. Changes become effective immediately upon their publication on the Service.
10.4. Should there be any uncertainty or disputes, the interpretation and construction of these Privacy Policy shall be conducted solely in Polish. Accordingly, all formal notices and communications should be conducted in Polish. The original document in Polish is accessible [here].