1. This Privacy Policy sets out the rules for the processing of personal data obtained via the website www.tommate.pl (hereinafter: the “Website”).

2. The owner of the Website and the data controller at the same time is Tom Mate with its seat in Warsaw (02-601), ul. Racławicka 42, NIP: 7392934102, REGON: 385847198, hereinafter referred to as TM.

3.Personal data collected by TM via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), also known as GDPR.

4. TM takes special care to respect the privacy of Users visiting the Website.

§ 1 Type of data processed, purposes and legal basis

1. TM collects information on natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, hereinafter jointly referred to as Users.

2. Users’ personal data are collected when using the contact form service on the Website in order to perform the contract provided electronically. Legal basis: necessity to perform the contract for the provision of the contact form service (Article 6 (1) (b) of the GDPR).

3. In the case of using the contact form service, the User provides the following data:

a) e-mail address;

b) name and surname;

c) telephone number.

4. When using the Website, additional information may be downloaded, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.

5. Navigational data may also be collected from Users, including information about links and links in which they decide to click or other activities undertaken on the Website. Legal basis – a legitimate interest (Article 6 (1) (F) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.

6. In order to determine, investigate and enforce claims, some personal data provided by the User may be processed as part of using the functionality on the Website, such as: name, surname, data regarding the use of services, if the claims result from the manner in which the User uses services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in the determination, investigation and enforcement of claims and defense against claims in proceedings before courts and other state authorities.

7. The transfer of personal data to TM is voluntary, in connection with the concluded sales contracts or the provision of services via the Website’s Website, with the reservation, however, that failure to provide the data specified in the forms in the Registration process prevents Registration and setting up a User Account, and in the case of placing an order without registering a User Account will prevent the submission and implementation of the User’s order.

§ 2 Who is the data shared or entrusted to and how long is it stored?

1. The User’s personal data is provided to service providers used by TM to run the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to TM’s instructions as to the purposes and methods of data processing (processors) or independently define the purposes and methods of their processing (administrators).

a) Processors:

TM uses suppliers who process personal data only on TM’s request. They include, among others providers providing hosting services, accounting services, providing marketing systems, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns;

b) Administrators:

TM uses suppliers who do not act solely on the instructions and set the goals and methods of using Users’ personal data themselves. They provide electronic payment and banking services.

2. Location. Service providers are based in Poland and other countries of the European Economic Area (EEA).

3. Users’ personal data are stored:

a) If the basis for the processing of personal data is consent, the User’s personal data are processed by TM until the consent is revoked, and after the consent is revoked for a period of time corresponding to the period of limitation of claims that may be raised by TM and which may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.

b) If the basis for data processing is the performance of a contract, the User’s personal data is processed by TM for as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.

4. The navigation data may be used to provide Users with better service, analyze statistical data and adapt the Website to Users’ preferences, as well as to administer the Website.

5. In the event of a request, TM provides personal data to authorized state authorities, in particular to organizational units of the prosecutor’s office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Cookies mechanism, IP address

1. The website uses small files called cookies. They are saved by TM on the end device of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its “expiry time” and an individual, randomly selected number identifying this file. Information collected using this type of files helps to adjust TM products to the individual preferences and real needs of visitors to the Website. They also enable the development of general statistics of visits to the presented products on the Website.

2. TM uses two types of cookies:

a) Session cookies:

after the end of the browser session or turning off the computer, the saved information is deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from Users’ computers.

b) Permanent cookies:

are stored in the memory of the User’s end device and remain there until they are deleted or expired. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from the Users’ computer.

3. TM uses its own cookies for the purpose of:

a) authentication of the User on the Website and ensuring the User’s session on the Website (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;

b) analysis and research as well as audience audit, and in particular to create anonymous statistics that help to understand how Users use the Website, which allows improving its structure and content.

4. TM uses external cookies for the purpose of:

a) presenting on the Store’s information pages a map showing the location of the TM office, using the maps.google.com website (external cookie administrator: Google Inc. based in the USA);

b) presenting multimedia content on the Store’s websites, which are downloaded from the external website www.vimeo.com (external cookie administrator: Vimeo, LLC. based in the USA);

c) facilitating communication via the Website’s Website using the Tawk.to chat tool (external cookie administrator: tawk.to Inc. based in Great Britain);

d) collecting general and anonymous static data via Google Analytics analytical tools (external cookie administrator: Google Inc., based in the USA);

5. The cookie mechanism is safe for the computers of the Website Users. In particular, it is not possible for viruses or other unwanted software or malware to enter Users’ computers in this way. However, in their browsers, Users have the option to limit or disable the access of cookies to computers. If you use this option, the use of the Website will be possible, except for functions which, by their nature, require cookies.

6. TM may collect Users’ IP addresses. An IP address is a number assigned to the computer of a visitor to the Website by an internet service provider. The IP number allows access to the Internet. In most cases, it is assigned dynamically to the computer, i.e. it changes every time you connect to the Internet. The IP address is used by TM when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we record the most visits), as information useful in administering and improving the Website, as well as for security purposes and possible identification of the server burden, unwanted automatic programs for browsing the content of the Website.

7. The website contains links and references to other websites. TM is not responsible for the privacy practices applicable to them.

§ 4 Rights of data subjects

1. The right to withdraw consent – legal basis: art. 7 sec. 3 GDPR.

a) The User has the right to withdraw any consent granted by TM.

b) Withdrawal of consent takes effect from the moment of withdrawal of consent.

c) Withdrawal of consent does not affect the processing carried out by TM in accordance with the law before its withdrawal.

d) Withdrawal of consent does not entail any negative consequences for the User, but it may prevent further use of services or functionalities that, according to TM law, may only be provided with consent.

2. The right to object to data processing – legal basis: art. 21 GDPR.

a) The User has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data, including profiling, if TM processes his data based on a legitimate interest, e.g. marketing of TM products and services, statistics on the use of individual functionalities of the Website and facilitating the use of the Website, as well as satisfaction survey

b) Resignation in the form of an e-mail from receiving marketing messages regarding products or services will mean the User’s objection to the processing of his personal data, including profiling for these purposes.

c) If the User’s objection turns out to be justified and TM has no other legal basis to process personal data, the User’s personal data will be deleted, the processing of which has been objected by the User.

3. The right to delete data (“the right to be forgotten”) – legal basis: art. 17 GDPR.

a) The User has the right to request the deletion of all or some personal data.

b) The User has the right to request the deletion of personal data if:

a.personal data are no longer necessary for the purposes for which they were collected or processed;

b. withdrew a specific consent to the extent to which personal data were processed based on his consent;

c. he objected to the use of his data for marketing purposes;

d. personal data are processed unlawfully;

e. personal data must be removed in order to comply with a legal obligation provided for in the law of the Union or the law of the Member State to which TM is subject;

f. personal data has been collected in relation to offering information society services.

c) Despite the request to delete personal data, in connection with the objection or withdrawal of consent, TM may retain certain personal data to the extent that processing is necessary to establish, assert or defend claims, as well as to fulfill a legal obligation requiring processing for under EU law or the law of the Member State to which TM is subject. This applies in particular to personal data including: name, surname, e-mail address, which data are kept for the purpose of handling complaints and claims related to the use of TM services, or additionally the address of residence / correspondence address, order number, which data are are kept for the purpose of considering complaints and claims related to concluded sales contracts or the provision of services.

4. The right to limit data processing – legal basis: art. 18 GDPR.

a) The User has the right to demand that the processing of his personal data be restricted. Submitting a request, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. TM will also not send any messages, including marketing messages.

b) The User has the right to request the restriction of the use of personal data in the following cases:

a.when he questions the correctness of his personal data – then TM limits their use for the time needed to verify the correctness of the data, but no longer than for 7 days;

b.when the processing of data is unlawful, and instead of deleting the data, the User requests that their use be restricted;

c. when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the User in order to establish, assert or defend claims;

d. when he objected to the use of his data – then the limitation takes place for the time needed to consider whether – due to the special situation – the protection of the interests, rights and freedoms of the User outweighs the interests that the Administrator performs when processing the User’s personal data.

5. The right to access data – legal basis: art. 15 GDPR.

a) The User has the right to obtain from the Administrator confirmation whether he processes personal data, and if so, the User has the right to:

a.obtain access to your personal data;

b.obtain information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of these data, the planned period of storage of the User’s data or about the criteria for determining this period (when it is not possible to specify the planned period of data processing), about the rights of the User under GDPR and the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the security measures applied in connection with the transfer of this data outside the European Union;

c. obtain a copy of your personal data.

6. The right to rectify data – legal basis: art. 16 GDPR.

a) The User has the right to request the Administrator to immediately rectify his / her personal data that is incorrect. Taking into account the purposes of processing, the data subject has the right to request supplementing incomplete personal data, including by submitting an additional statement, directing the request to the e-mail address in accordance with §6 of the Privacy Policy.

7. The right to data portability – legal basis: art. 20 GDPR.

a) The User has the right to receive his personal data, which he provided to the Administrator, and then send them to another personal data administrator of his choice. The User also has the right to request that the personal data be sent by the Administrator directly to such an administrator, if technically possible. In this case, the Administrator will send the User’s personal data in the form of a csv file, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data administrator.

8. If the User exercises the right resulting from the above rights, TM fulfills the request or refuses to comply with it immediately, but not later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – TM will not be able to meet the request within a month, it will meet them within the next two months, informing the User within one month of receiving the request – about the intended extension and its reasons.

9. The User may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.

10. The User has the right to request TM to provide copies of standard contractual clauses by directing the inquiry in the manner indicated in §6 of the Privacy Policy.

11. The User has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of his rights to the protection of personal data or other rights granted under the GDPR.

§ 6 Changes to the Privacy Policy

1. The Privacy Policy may change, of which TM will inform the Users 7 days in advance.

2. Please send any questions related to the Privacy Policy to the following address: info@tommate.pl

3. Date of the last modification: 03/24/2021.

Share This