§ 1. GENERAL PROVISIONS
1. This Privacy and Personal Data Protection Policy sets out the principles governing processing, collecting and using personal data of the users of the terdeals.com Website (the “Website”). The Data Controller is NPROFIT Kamil Rybicki with its registered office in Raczyce, at ul. Nowa 23, NIP: 622-267-70-48, REGON: 301581432 (the “Data Controller”).
2. Personal data of the Website User (the “User”) shall be processed in accordance with the Personal Data Protection Act of 10 May 2018 (the “Personal Data Protection Act”), the Act on the Provision of Electronic Services of 18 July 2002 and the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).
3. Personal Data provided by the User shall be processed to the necessary extent for the following purposes:
a) conclusion of an agreement for the provision of electronic services, its modification and termination, as well as handling related services,
b) processing User complaints and related services,
c) statistical and analytical purposes.
4. For other purposes, the User’s Personal Data may be processed on the basis of voluntarily granted consent and applicable legal regulations.
5. The Website contains links redirecting to other websites managed by other data controllers (e.g. online shops or web services providers), with their own respective privacy or cookie policies that the User is advised to consult before using such websites. This Privacy Policy applies only to the specified activities of the Data Controller.
§ 2. PERSONAL DATA USE AND USERS’ RIGHTS
1. The Data Controller may process the following information, which in certain cases may be personal data (Personal Data) of the Website Users, including:
- name and surname,
- e-mail address,
- User ID,
- data concerning an order placed with a discount coupon available on the Website (including the value of the order, the date and time of its placement),
- IP address
- metadata
- information about the Internet browser and operating system.
2. Providing Personal Data by the User is voluntary. However, it is necessary to enable the use of all functionalities of the Website, including publication of reviews or lodging complaints.
3. The User’s Personal Data shall be processed in the following circumstances:
- the processing is required in order to execute an agreement which the data subject is a party to or to take action at the request of the data subject prior to entering into such an agreement,
- the processing is required to ensure compliance with the legal obligations of the Data Controller,
- the processing is required for the purposes resulting from the legitimate interests pursued by the Data Controller, including in particular direct marketing of the Data Controller’s products or services, as well as for statistical and analytical purposes.
4. The User’s Personal Data shall be processed for the following period of time:
- to the extent that personal data is required for the execution of an agreement, it shall continue to be processed until the expiry of the statute of limitations for claims arising from such an agreement,
- to the extent that personal data is required for the purposes resulting from legitimate interests of the Data Controller, it shall continue to be processed until the data subject lodges a relevant objection,
- for tax and accounting purposes, personal data shall be processed in the scope and for the time period pursuant to the applicable regulations.
5. The Data Controller may entrust Personal Data processing to other entities, including accounting offices, based on a personal data processing agreement obliging such entities to secure the data in an appropriate way and not to use them for their own purposes.
6. Each time, after placing an order in a shop or with a web services provider, the operator of the relevant website, shall provide the Data Controller with anonymised data about the User.
7. The Users shall have the right to:
- access their personal data,
- rectify their personal data,
- delete their personal data,
- restrict the processing of their personal data,
- transfer their personal data,
- object to the processing of their personal data,
- revoke their consent to the processing of their personal data.
8. In order to exercise their rights, the Users should send an e-mail with a relevant request to: biuro@terdeals.com.
§ 3. COOKIES AND SERVER LOGS
1. The Data Controller uses cookies to ensure proper functioning of the Website, in particular to adjust the content of the Website to the User’s preferences and to optimise its navigation. In particular, these files allow to recognise the basic parameters of the User’s device (including device type, screen resolution, country of access) and to display the Website in accordance with the User’s preferences.
2. If the User refuses to have the cookie files stored on his/her terminal device, he/she can change the settings of the Internet browser. Examples:
- in Internet Explorer, cookies can be disabled by entering: Tools -> Internet Options -> Privacy,
- in Mozilla Firefox: Tools -> Options -> Privacy,
- in Google Chrome: Settings -> Show advanced settings -> Privacy -> Content settings -> Cookies.
Access paths may differ depending on the browser version used.
3. Cookies can be modified in the following way:
- by completely disabling them on the User’s terminal device,
- by informing the User each time a cookie is stored on the device,
- by deleting the cookies after closing the session.
4. The User may delete cookies at any time, by using appropriate Internet browser settings. However, restricting the use of cookies may affect some of the functionalities available on the Website.
5. Cookies are also used to collect general, anonymised statistical data through analytical and marketing tools:
- Google Analytics (administrator: Google Inc. based in the U.S.), which collects information about the User’s behaviour on the Website. Data concerning Users and events is stored on Google Analytics servers for the period of 38 months.
6. Some of the data processed by the Data Controller and the above-mentioned entities is anonymous and is not disclosed to other entities. Pursuant to the EU-US Privacy Shield agreement and the European Commission’s decision of 12 July 2016 IP/16/216, the transfer of personal data to entities based in the United States that have joined this agreement is deemed to ensure an adequate level of personal data protection, in accordance with Article 45 of the GDPR.
7. Each request made to the server through the Website is recorded in server logs, which record: the User’s IP address, the date and time of the server, information about the web browser and the operating system used by the User.
8. The logs are saved and stored on the server.
9. The data stored in server logs is not associated with particular individuals using the Website and is not used by the Data Controller for identification purposes.
10. The server logs are used only to support administration of the Website, and their content is not disclosed to anyone except to authorised persons.
§ 4. SECURITY MEASURES
1. The Data Controller applies appropriate technical and organisational measures to ensure adequate protection of the processed data, appropriate to the potential threats and the category of data, including, in particular:
- protecting the data against disclosure to or appropriation by unauthorised persons, its processing in violation of the applicable law, as well as against its modification, loss, damage or destruction,
- ensuring adequate control over personal data processing,
- keeping a register of persons authorised to process personal data,
- taking special care to oblige the persons authorised to process data to keep that data confidential, also after the termination of the agreements concluded with the Users,
- keeping documentation required by law, describing the manner of processing Personal Data, as well as the technical and organisational measures taken to ensure security of such data,
- ensuring that IT and telecommunication devices and systems used for personal data processing comply with the applicable legal requirements.
2. The User’s personal data is stored in a database, secured which technical and organisational measures, in accordance with the requirements of appropriate legal regulations.
3. Access to the database referred to in section 2 shall be allowed only to persons who have appropriate authorisation granted by the Data Controller.
§ 5. CHANGES IN THE PRIVACY POLICY
1. Should such a need arise, in particular due to legal or technological circumstances, the Data Controller may amend the Privacy Policy in order to:
- adjust the Privacy Policy to possible future changes in law, in particular concerning personal data protection, telecommunications law, electronic services and consumer rights,
- increase the security standards of the data provided by the User.
2. The User shall be notified of any changes to the Privacy Policy by a message displayed on the home page of the Website. With each change, a new version of the Policy will appear with a new date.
§ 6. CONTACT WITH THE DATA CONTROLLER AND REPORTING IRREGULARITIES
1. The User can, at ant time, contact the Data Controller directly by sending a letter or an e-mail to: biuro@terdeals.com.
2. Notifications of irregularities, comments or requests concerning the Privacy Policy can be sent by e-mail to the e-mail address indicated above. Each message will be considered and a response will be sent to the e-mail address provided therein.