Privacy Policy

The privacy policy describes the rules for our processing of information about you, including personal data and cookies.

1. General information

  • This privacy policy defines the principles of processing personal data obtained through the online store kebese.com , hereinafter referred to as the "Website".
  • The operator of the website and the Controller of personal data is Jakub Parszewski conducting business activity under the name KEBESE Jakub Parszewski with its registered office in Łódź, at ul. Kossaka 3/42, 93-213 Łódź, NIP 9820393144, REGON 540910592 , e-mail address: info@kebese.com .
  • The User may contact the Administrator:
    • via e-mail to the following address: info@kebese.com
    • by post: KEBESE Jakub Parszewski with its registered office in Łódź, at ul. Kossaka 3/42, 93-213 Łódź.
  • The User's personal data are processed in accordance with the Personal Data Protection Act of 10 May 2018 and the Act on the provision of electronic services of 18 July 2002 (Journal of Laws No. 144, item 1204, as amended) and also in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation".
  • Using the Service, including making purchases by the User, is voluntary. Similarly, providing personal data by the Service User is voluntary, subject to two exceptions:
    • concluding agreements with the Administrator - failure to provide personal data necessary to conclude and execute the Sales Agreement with the Administrator in the cases and to the extent indicated on the Website and in the Regulations and this Privacy Policy results in the inability to conclude this agreement,
    • statutory obligation of the Administrator - providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing on the Administrator the obligation to process personal data (e.g. processing data for the purpose of keeping tax or accounting books) and failure to provide them will prevent the Administrator from fulfilling these obligations.
  • The Administrator takes special care to protect the interests of persons whose personal data he processes, and in particular is responsible and ensures that the data he collects are:
    • processed in accordance with the law,
    • collected for specified, lawful purposes and not subject to further processing incompatible with those purposes,
    • factually correct and adequate in relation to the purposes for which they are processed,
    • stored in a form which enables identification of data subjects for no longer than is necessary to achieve the purpose of processing,
    • processed in a way that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.
  • The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met:
    • the data subject has consented to the processing of his or her personal data for one or more specific purposes;
    • processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract;
    • processing is necessary to fulfil a legal obligation incumbent on the Administrator;
    • processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
  • The Service performs the functions of obtaining information about Users and their behavior in the following manner:
    • through data entered voluntarily in forms, which are entered into the Operator’s systems.
    • by saving cookie files (so-called "cookies") in end devices.
  • The Administrator may process personal data in the Online Store for the following purposes, on the following grounds, in the following periods and to the following extent:

The purpose of data processing

Legal basis for processing and data storage period

Scope of processed data

Execution of the Sales Agreement or taking action at the request of the data subject before concluding the above agreements. In other words, order fulfillment.

Article 6(1)(b) of the GDPR Regulation (performance of a contract)The data is stored for the period necessary to perform, terminate or otherwise expire a concluded contract.

Maximum scope: first name and last name; e-mail address; contact telephone number; address of residence/business/registered office (street, house number, apartment number, postal code, city, country), delivery address (if different from the address of residence/business/registered office). In the case of Users who are not consumers, the Administrator may additionally process the company name and the Tax Identification Number (NIP) of the User.

The range given is the maximum.

Direct Marketing

Article 6 section 1 letter f) of the GDPR Regulation (legitimate interest of the administrator) Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject arising from the business activity conducted by the Administrator. The limitation period is specified by law, in particular the Civil Code (the basic limitation period is six years, and for claims related to business activity three years, while for a sales agreement two years).

The administrator may not process data for the purposes of direct marketing in the event of an effective objection in this respect by the data subject.

Email address

Newsletter

Article 6(1)(a) of the GDPR Regulation (consent)The data is stored until the data subject withdraws consent to further processing of his or her data for this purpose.

Name, email address

The Customer's expression of opinion on the concluded Sales Agreement

Article 6(1)(a) of the GDPR The data is stored until the data subject withdraws the consent to further processing of his or her data for this purpose.

Email address

Tax bookkeeping

Article 6 section 1 letter c) of the GDPR Regulation in connection with Article 86 § 1 of the Tax Ordinance Act, i.e. of 17 January 2017 (Journal of Laws of 2017, item 201). The data is stored for the period required by law requiring the Administrator to store tax books (until the expiry of the limitation period for the tax liability, unless tax laws provide otherwise)

Name and surname; address of residence/business/registered office (if different from the delivery address), company name and tax identification number (NIP) of the Service Recipient or Customer

Determining, pursuing or defending claims that may be raised by the Administrator or that may be raised against the Administrator

 

Article 6 section 1 letter f) of the GDPR Regulation Data is stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims against the data subject arising from the Controller's business activity. The limitation period is specified by law, in particular the Civil Code (the basic limitation period is six years, and for claims related to business activity three years, while for a sales agreement two years).

 

Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, postal code, city, country), address of residence/business/registered office (if different from the delivery address). In the case of Users who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the User.

 

2. Selected data protection methods used by the Administrator

  • Taking into account the nature, scope, context and purposes of processing and the risk of violating the rights or freedoms of natural persons with varying likelihood and severity of the threat, the Controller implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Controller applies technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically and for this purpose applies the following protection measures:
    • the places where you log in and enter personal data are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login data entered on the website are encrypted on the User's computer and can only be read on the target server,
    • personal data stored in the database is encrypted in such a way that only the Administrator with the key can read it. Thanks to this, the data is protected in case the database is stolen from the server,
    • In order to protect data, the Administrator regularly makes backup copies,
    • An important element of data protection is the regular updating of all software used by the Administrator to process personal data, which in particular means regular updates of programming components.

3. Hosting

  • The website is hosted (technically maintained) on the operator's server: shopify.com

4. User rights and additional information on how data is used

  • For the proper functioning of the Website, including concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities, hereinafter referred to as "Recipients". Users' personal data may be transferred to the following groups of recipients:
    • carriers, forwarders, courier brokers - in the case of a Customer who uses the Service to deliver the Product by post or courier, the Administrator makes the collected personal data of the User available to the selected carrier, forwarder or intermediary carrying out shipments on behalf of the Administrator to the extent necessary to complete the delivery of the Product to the User,
    • entities handling electronic payments or payment cards - in the case of a User who uses electronic payments or payment cards on the Website, the Administrator makes the collected personal data of the User available to the selected entity handling the above payments on the Website at the request of the Administrator to the extent necessary to handle the payment made by the User,
    • service providers supplying the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct business activities, including the Website (in particular, providers of computer software for running the Website, e-mail and hosting providers, and providers of software for managing the company and providing technical support to the Administrator) - the Administrator makes the collected personal data of the User available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy,
    • providers of accounting, legal and advisory services, providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) - the Administrator makes the collected personal data of the User available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy,
    • authorized employees and collaborators – the Administrator provides the User’s personal data to employees and collaborators only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy,
    • marketing service providers – if the User consents, the Administrator may make the data available to entities that provide marketing services, including sending our commercial information (newsletter) electronically,
  • The Controller does not transfer data in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – ​​the Controller transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
  • The user has the following rights:
    • access to your personal data at any time,
    • rectify your personal data if it is incorrect,
    • deletion of data if:

- personal data are no longer necessary for the purposes for which they were collected or processed,

- The User has withdrawn a specific consent to the extent that personal data were processed based on his consent,

- The user has objected to the use of his/her data for marketing purposes,

- personal data are processed unlawfully,

- personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State to which the Controller is subject,

- personal data have been collected in connection with the provision of information society services,

    • restrict the processing of your personal data if:

- The User questions the accuracy of the personal data – for a period allowing the accuracy of such data to be verified;

- the processing of data by the Administrator is unlawful,

- The Administrator no longer needs personal data for processing purposes, but the User needs them to establish, pursue or defend claims,

- The User objects to the processing of his/her data for purposes arising from legitimate interests pursued by the Administrator or by a third party – until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for the User's objection,

    • transfer your personal data, i.e. the right to receive a copy of your personal data in a structured, commonly used and readable format,
    • withdraw consent to the processing of personal data at any time.
  • The User has the right to request the restriction of the processing of his/her personal data in the cases indicated in paragraph 4 point 4. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will be associated with the processing of the data covered by the request. The Administrator will also not send any messages, including marketing ones.
  • The User has the right to object to the processing of the indicated personal data for the purpose of pursuing legally justified interests pursued by the Administrator, including profiling.
  • Despite the request to delete personal data in connection with the objection or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to comply with a legal obligation requiring processing under Union law or the law of a Member State to which the Administrator is subject.
  • In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator's e-mail address indicated at the beginning of the Privacy Policy or by using the contact form available on the website kebese.com .
  • Complaints about the Administrator’s actions may be lodged with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
  • Actions involving automated decision-making, including profiling, may be taken in relation to the User for the purpose of providing services under the concluded contract and for the purpose of conducting direct marketing by the Administrator.
  • Personal data is not transferred to third countries within the meaning of the provisions on the protection of personal data. This means that we do not transfer it outside the European Union.

 

5. Information in forms

  • The Website collects information provided voluntarily by the User, including personal data, if provided.
  • The service may save information about connection parameters (time stamp, IP address).
  • In some cases, the Service may save information that facilitates linking the data in the form with the e-mail address of the User filling out the form. In such a case, the User's e-mail address appears inside the url address of the page containing the form.
  • The data provided in the form is processed for the purpose resulting from the function of a specific form, e.g. to process a service request or sales contact, register services, etc. Each time, the context and description of the form clearly informs what it is used for.

 

6. Administrator Logs

  • Information about Users logging into the Service may be subject to retention. This data is used for the purpose of administering the service.

 

7. Important Marketing Techniques

  • The Administrator uses statistical analysis of website traffic through Google Analytics (Google Inc. based in the USA). The Administrator does not transfer personal data to the operator of this service, but only anonymized information. The service is based on the use of cookies on the User's end device. In terms of information about user preferences collected by the Google advertising network, the User can view and edit information resulting from cookies using the tool: https://www.google.com/ads/preferences/

  • The Administrator uses the Facebook pixel. This technology means that Facebook (Facebook Inc. based in the USA) knows that a given person registered with it uses the Service. In this case, it is based on data for which it is the Administrator, the Administrator does not transfer any additional personal data to Facebook. The service is based on the use of cookies in the User's end device.

 

8. Information about cookies

  • The website uses cookies.
  • Cookies files ("cookies") are computer data, in particular text files, which are stored on the end device of the Service User and are intended for using the websites of the Service. Cookies usually contain the name of the website from which they originate, the time of their storage on the end device and a unique number.
  • The entity that places cookies on the end device of the Website User and obtains access to them is the Administrator.
  • Cookies are used for the following purposes:
    • creating statistics that help understand how Service Users use websites, which enables improving their structure and content,
    • maintaining the Service User’s session (after logging in), thanks to which the User does not have to re-enter their login and password on each subpage of the Service;
    • determining the User’s profile in order to display tailored materials in advertising networks,
    • achieve the purposes set out above in the "Important Marketing Techniques" section.

  • The Service uses two basic types of cookies: "session cookies" and "persistent cookies". "Session" cookies are temporary files that are stored on the User's end device until logging out, leaving the website or disabling the software (internet browser). "Persistent" cookies are stored on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
  • Software for browsing websites (internet browser) usually allows cookies to be stored on the User's end device by default. Users of the Service can change the settings in this regard. The internet browser allows for deleting cookies. It is also possible to automatically block cookies. Detailed information on this subject is included in the help or documentation of the internet browser.
  • Limitations on the use of cookies may affect some of the functionalities available on the Service's websites.
  • Cookies placed on the end device of the Website User may also be used by entities cooperating with the Website Administrator, including : advertisers and partners and Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
  • It is recommended to read the privacy policies of these entities to learn about the principles of using cookies used in statistics: Google Analytics Privacy Policy.

 

9. Cookie management – ​​how to express and withdraw consent in practice?

  • If the user does not wish to receive cookies, they may change their browser settings. We reserve that disabling cookies that are necessary for authentication, security, and maintaining user preferences may make it difficult, and in extreme cases may even prevent, the use of www pages.