Privacy policy
This document regulates the Privacy and Cookies Policy
for the website available at https://megapix.com.pl, of which he is the owner
Fimoart Iwona Bębenek, ul. Długa 8, 32-050 Borek Szlachecki
§1 Personal Data Administrator
1.1 The administrator of your personal data is Fimoart Iwona Bębenek, ul. Długa 8, 32-050 Borek Szlachecki, NIP: PL9442018378, REGON: 128080650 (hereinafter referred to as: "Administrator").
1.2 Administrator's contact details:
Correspondence address: ul. Długa 8, 32 – 050 Borek Szlachecki
E-mail address: sklep@megapix.com.pl
Phone: 604 125 522
1.3 Pursuant to Art. 37 of the GDPR, the Personal Data Administrator has not appointed the Personal Data Protection Inspector (IODO) and performs the duties related to the protection of personal data independently.
§2 Definitions
Administrator - Personal Data Administrator, an entity that decides on the purposes and means of processing personal data
Personal data - this is information about natural persons, they relate to an identified or identifiable person, directly or indirectly; personal data are in particular an identification number, factors determining physical, physiological, mental, economic, cultural or social characteristics
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
Privacy and cookie policy - this document hereinafter referred to as the "Policy"
Website - a website run by the Administrator at the address: https://megapix.com.pl
Website User – any natural person visiting the Website or using at least one service provided by the Administrator or Website functions
Cookies - in Polish "cookies", are small information in the form of a text string placed or read by the website in the web browser used by the User
JDG Entrepreneurs - natural persons conducting business activity on the basis of an entry in the Central Register and Information on Economic Activity
§3 General provisions
3.1 The type of data collected by the Administrator depends on the service offered by the Administrator and used by the User.
https://megapix.com.pl.
3.2 The type of data collected by the Administrator depends on the service offered by the Administrator and used by the User.
3.3 Personal data will be processed by the Administrator in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as the general regulation on the protection of personal data, hereinafter "GDPR".
3.4 Providing any personal data is voluntary and depends on the User's decision. However, in some cases, providing certain personal data is necessary to meet the User's expectations regarding the use of services offered by the Administrator.
3.5 The services offered by the Administrator as part of the Website are offered to persons over 18 years of age. Therefore, the Administrator does not knowingly process children's personal data.
§4 Purpose, basis and time of data processing
4.1 Customer Account Registration
4.1.1 Whose data is processed?
The data of persons who have registered their account on the Website are subject to processing
https://megapix.com.pl.
4.1.2 What data is processed?
-
-
- name and surname
- username (nickname)
- e-mail address
- phone number
- delivery address
- billing address
- company name and NIP (JDG Entrepreneurs)
-
4.1.3 What is the purpose of data processing?
The data will be processed in order to provide services related to maintaining and servicing the account on the Website.
4.1.4 What is the legal basis for data processing?
-
-
- Preparation and performance of the contract - art. 6 sec. 1 letter b GDPR.
- The Administrator's legitimate interest in order to optimize the services provided - art. 6 sec. 1 letter f GDPR.
-
4.1.5 What is the data retention period?
The data is processed until the contract is performed (e.g. deletion of the account from the Website), and then for the period necessary to establish, pursue or defend against claims.
4.1.6 Is it necessary to provide data?
Providing data is voluntary, but without providing data it will not be possible to set up an account.
4.2 In-Store Order Handling:
4.2.1 Whose data is processed?
Data of people who placed an order on the website https://megapix.com.pl.
4.2.2 What data is processed?
-
-
- name and surname
- e-mail address
- phone number
- delivery address
- billing address
- company name and NIP (JDG Entrepreneurs)
-
4.2.3 What is the purpose of data processing?
The data will be processed for the purpose of order fulfillment, complaint proceedings, pursuing claims or defending against them, as well as in connection with the performance of obligations related to tax and accounting regulations.
4.2.4 What is the legal basis for data processing?
-
-
- Preparation and performance of the contract - art. 6 sec. 1 letter b GDPR.
- Preparation and performance of the contract - art. 6 sec. 1 letter b GDPR.
- Fulfillment of the legal obligation incumbent on the Administrator - art. 6 sec. 1 letter c GDPR.
-
4.2.5 What is the data retention period?
-
-
- The data is processed until the contract is performed, while the data obtained in order to fulfill legal obligations is processed until they are fulfilled.
- Data processed on the basis of a legitimate interest is processed until its implementation or until the User submits an effective objection. The above processing periods may be extended up to the time necessary to establish, pursue or defend against claims. After this period, personal data will be anonymized or deleted.
-
4.2.6 Is it necessary to provide data?
Providing data is voluntary, but without providing data it will not be possible to process the order.
4.3 Newsletter:
4.3.1 Whose data is processed?
Data of people who subscribed to the Newsletter.
4.3.2 What data is processed?
-
-
- e-mail address
-
4.3.3 What is the purpose of data processing?
-
-
- Performing the Newsletter service, informing about discounts, promotions, new offers.
- Matching the content of the ordered Newsletter service to the User's activity on the Website.
-
4.3.4 What is the legal basis for data processing?
-
-
- Performance of the contract for the provision of the Newsletter service - art. 6 sec. 1 letter b GDPR.
- A legitimate interest which is direct marketing (information about the offer, news, content personalization) - art. 6 sec. 1 letter f GDPR.
-
4.3.5 What is the data retention period?
Personal data will be processed until the User withdraws consent to processing, and then for the period necessary to establish, pursue or defend against claims. After this period, personal data will be anonymized or deleted.
4.3.6 Is it necessary to provide data?
Providing data is voluntary, but without providing data it will not be possible to subscribe to the Newsletter.
4.4 Contact form:
4.4.1 Whose data is processed?
Data of people who contact via the contact form.
4.4.2 What data is processed?
-
-
- e-mail address
- name and surname
-
4.4.3 What is the purpose of data processing?
Identification of the contacting User and answering the question.
4.4.4 What is the legal basis for data processing?
Legitimate interest - art. 6 sec. 1 letter f GDPR.
4.4.5 What is the data retention period?
Until the expiry of the limitation period for claims.
4.4.6 Is it necessary to provide data?
Providing data is voluntary, but necessary to verify the User.
§5 Entrusting and sharing personal data
5.1 In connection with the conducted activity, the Administrator may disclose personal data to the following entities, if it is necessary to achieve the purposes of processing:
5.1.1 Companies providing services or providing IT solutions,
5.1.2 Companies providing courier and postal services,
5.1.3 Banks and other financial and payment institutions,
5.1.4 Public authorities receiving data in connection with the implementation of the Administrator's legal obligations,
5.1.5 Companies providing marketing activities,
5.1.6 Employees and associates,
5.1.7 Companies providing bookkeeping and accounting services.
§6 Service user rights
6.1 In connection with the processing of personal data, the User has the following rights:
6.1.1 the right to access the content of their data - the User has the right to obtain information regarding the personal data stored by the Administrator about himself, including a copy of this data.
6.1.2 the right to rectify (correct) their data - the User has the right to request the rectification of their personal data that is incorrect or incomplete.
6.1.3 the right to delete data - the User has the right to request the removal of his personal data stored by the Administrator in the following cases: (a) the User's personal data are no longer necessary for the purposes for which they were collected, (b) the User withdrew his consent to on which the processing is based and there is no other legal basis for processing, (c) the User has objected to the processing and there are no overriding legitimate grounds for processing or the objection concerns the processing of data for direct marketing purposes, (d) the User's personal data has been processed unlawfully, (e) the personal data must be erased in order to comply with a legal obligation in Union or national law.
6.1.4 the right to withdraw consent to the processing of personal data for marketing purposes at any time - the User has the right to withdraw consent to the processing of personal data at any time. Revocation of consent to processing will not affect the lawfulness of the processing that was carried out before its withdrawal.
6.1.5 the right to limit data processing - the User has the right to request that the processing of his personal data be limited in the following cases: (a) the User questions the correctness of the personal data, for a period allowing the Administrator to check the correctness of this data, (b) the processing is unlawful and the User opposes the removal of personal data, requesting the restriction of their use instead, (c) The Administrator no longer needs personal data for the purposes of processing, but they are necessary for the User to establish, pursue or defend claims, (d) The User has raised an objection under article 21 section 1 of the GDPR regarding processing - until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for objection.
6.1.6 the right to object to data processing (objection due to a special situation) - if the User's personal data is processed on the basis of the Administrator's legitimate interest, the User has the right to object to the processing at any time, in accordance with art. 21 GDPR.
6.1.7 the right to transfer data - the User has the right to receive in a structured, commonly used machine-readable format his personal data that he provided to the Administrator, and has the right to send this personal data to another administrator without any obstacles from the Administrator to whom the data was provided personal data, if the processing is based on consent and in an automated manner.
6.1.8 the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection.
6.2 If you wish to use the rights listed in point 6.1 of the Policy, please contact the Administrator.
§7 Transfer of personal data to third countries
As a rule, the User's personal data will not be transferred outside the European Economic Area.
§8 Cookies policy
8.1 Purpose of using cookies
8.1.1 The administrator does not collect any information automatically, except for information contained in cookies.
8.1.2 Cookies are used in many ways.
8.1.3 Cookies are used for functional, content personalization, statistical, analytical and marketing purposes.
8.2 Types of cookies:
8.2.1 The website uses the following types of cookies:
-
-
- "session cookies", which are deleted from its hard drive after the end of the session of a given browser or turning off the computer or mobile device
- "persistent cookies", which are stored in the memory of a computer or mobile device until they are manually deleted by the User via appropriate tools in the web browser or until they expire
- "third party cookies", these are information posted by scripts of other websites.
-
8.2.2 The following types of cookies are used on the Website:
-
-
- "necessary", enabling the use of services available on the Website,
- "performance" cookies, enabling the collection of information on how the Website is used,
- "functional", enabling "remembering" the settings selected by the User and personalizing the User's interface, e.g. in terms of the selected language or region,
- "advertising" cookies, enabling the provision of advertising content to Users more tailored to their interests.
-
8.3 Google Analytics
-
- The website uses Google Analytics, a web analysis service. Its provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called "Cookies", text files that are stored on your computer and allow an analysis of your use of the website.
- Google Analytics cookies are stored on the basis of Art. 6 sec. 1 lit. f) Regulation on the protection of personal data (GDPR). The controller has a legitimate interest in analyzing user behavior both in order to optimize its online offer and its advertising.
- Google's privacy policy can be read by the Website User at: https://policies.google.com/privacy?hl=pl.
- If the Website User does not want information about him to be collected in this way, he can, for example, change his browser settings or use the tool https://tools.google.com/dlpage/gaoptout?hl=pl.
- The Administrator informs that in this case the Website User's data are subject to transfer outside the European Economic Area.
8.4 Meta Pixel (Facebook)
-
- The website uses Pixel Facebook, a service that enables effective marketing campaigns and product promotion. Its provider is Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA or, for users who are EU residents - Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
- The Facebook pixel is a short code placed on the website that allows you to measure the effectiveness of advertisements based on the analysis of actions taken by users on the website, which we understand as our legitimate interest. (Article 6(1)(f) of the GDPR).
- The information collected as part of the Facebook Pixel is anonymous, i.e. it does not allow for identification of the User. We only know what actions have been taken on our website.
- The privacy policy of Facebook at: https://www.facebook.com/privacy/explanation.
- If the Website User does not want information about him to be collected in this way, he can, for example, change the settings by clicking on the link: https://www.facebook.com/ads/preferences.
- The Administrator informs that in this case the Website User's data may be transferred outside the European Economic Area.
8.5 Cookie management:
8.5.1 Most often, browser settings allow cookies and other information to be placed on the end device by default. If the User does not agree to save these files, it is necessary to change the web browser settings accordingly. It is possible to disable saving them for all connections from a given browser or for a specific website, as well as to delete them. How you manage files depends on the software you use. The current file management rules can be found in the settings of the web browser used.
8.5.2 Information on how to manage cookies on a mobile phone can be found in the User's Manual of the respective phone.
8.5.3 Consent to the processing of cookies is voluntary. However, it should be remembered that restrictions on their use may make it difficult or impossible to use some of the functionalities of the website at: https://megapix.com.pl.
§9 Data security
9.1 The User's personal data is stored and protected with due diligence, in accordance with the implemented internal procedures of the Administrator. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on the protection of personal data. These measures are primarily intended to protect Users' personal data against access by unauthorized persons.
9.2 In particular, only authorized persons who are obliged to keep this data secret or entities entrusted with the processing of personal data on the basis of a separate data entrustment agreement have access to the Users' personal data.
§10 Final Provisions
10.1 The Administrator reserves the right to change this Privacy and cookie policy. In such a case, an updated version will be published on this location.
10.2 To the extent not covered by this Privacy Policy, the provisions on the protection of personal data shall apply.
10.3 This Privacy Policy is effective from April 6, 2023.