1. PERSONAL DATA
1.1. Personal data provided by the Customer shall be processed by the Seller (i.e. JAVA COFFEE COMPANY Sp. z o.o. with its registered office in Warszawa at ul. Palisadowa 20/22, entered in the register of entrepreneurs under number KRS 0000069052, NIP: 5213214532; REGON 017395488, which is the personal data controller.
1.2. Personal data provided by Users within the frames of the Website are process by sklep.javacoffee.pl, the Personal Data Controller, in accordance with the terms prescribed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereinafter referred to as “GDPR”). Contact with the Data Controller is available via e-mail at [email protected] or via phone at (22) 299 62 42
1.3. Personal data of Users will be processed for the period of 5 years from the time of deletion of the Account and will be deleted upon the lapse of the said period, unless the processing of their data results from another legal basis.
1.4. The scope of the processed personal data shall be determined by the scope of data completed by the Customer and sent to the Seller means of a relevant form. Processing Customer’s personal data may pertain to his/her e-mail address, first and last name, company name, phone number and computer IP address.
1.5. Personal data of Customers shall be processed for the following purposes: (a) realization of legal provisions, (b) creation of the Account, execution of the Order, provision of services by electronic means, examination of filed complaints and other actions as specified in these Terms of Service, (c) promotional and commercial actions of the Seller.
1.6. Providing the personal data shall be voluntary, but the lack of consent to process personal data marked as obligatory shall prevent performance of services by the Seller.
1.7. The legal basis for processing personal data in the case referred to in clause 1.3(a) shall be the statutory authorization to process data which are essential to act in accordance with the law, whereas in the case referred to in clauses 1.3(b) and 1.3(c) it shall be the statutory authorization to process data which are necessary to perform an agreement if a person to whom the data refer is a party to such agreement, or if it is essential for undertaking certain actions prior to conclusion of the agreement upon request of the person to whom the data refer, or a voluntary consent of the Customer.
1.8. Personal data of Customers may be transferred only for the purpose of performance of Sales Agreements and agreements for provision of services by electronic means by the Seller to a hosting company, a company providing accounting services to the Seller and a courier mail company. Personal data collected by the Seller may also be disclosed to: competent state bodies upon their request on the basis of relevant provisions of law, or other persons and entities–in the cases prescribed in the provisions of law.
1.9. The entity processing Users’ personal data on the basis of the Transfer Agreement will process Clients’ personal data from the effective date of GDPR through another entity only upon prior consent of Personel Data Controler
1.11. The Customer to whom such data pertain have a right to restrict the processing of data and the right to portability of the personal data collected by Personal Data Controler and referring to the Customers rights and to receive them in a structured form, to file a complaint to the supervisory authority if the Customer finds that his/her data are processed in violation of the law, and to seek legal remedies before a court against the supervisory authority as the entity committing the violation.
1.12. If the Seller was advised that the Customer uses the service provided by electronic means in a way violating the Terms of Service or applicable provisions of law (unauthorized use), then the Seller may process Customer’s personal data in the scope required for establishing the Customer’s liability.
1.13. The website may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of Customer’s station–identification through http protocol, if possible, date and system time of registration in the Store and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the Customer before if the Customer has entered the Store through a link, information concerning Customer’s browser, information concerning errors occurred by realization of the http transaction. Web server logs may be collected for the purposes of proper administration of the Store. Only persons authorized to administer the IT system shall have the access to data. Files containing web server logs may be analyzed for the purposes of preparing statistics concerning traffic in the Store and occurring errors. Summary of such details shall not identify particular Customers.
1.14. Transfer of personal data to third countries will proceed in accordance with GDPR.
1.15. The use of the Website proceeds in secure https connection. The communication between a User’s device and the servers is encoded by means of the SSL protocol. In the case of logging through external platforms facebook.com or google.com, Instagram.com, the level of security is prescribed by https://www.facebook.com/legal/FB_Work_Privacy, https://privacy.google.com/intl/en, https://www.help.instagram.com/155833707900388
2. INFORMATION SECURITY
2.1. The Seller shall apply technological and organizational means in order to secure processing the personal data corresponding to the threats and category of data to be secured, in particular, through technical and organizational means the Seller shall secure data against publishing to unauthorized persons, taking over by an unauthorized person, processing in violation of the law and change, loss, damage or destruction; among others the SSL (Secure Socket Layer) certificates shall be applied. Customers’ personal data shall be collected and stored on a secured server; moreover, the data shall be secured by Seller’s internal procedures related to processing personal data and information security policy.
2.2. In order to log in to the Account, it shall be necessary to provide a relevant username and password. For the purpose of ensuring an appropriate level of security, the password for the Account shall exist in the Store only in a coded form. Furthermore, registration of and logging in to the Account shall proceed in a secure https connection. Communication between the Customer’s device and the servers shall be encoded using the SSL protocol.
2.3. At the same time the Seller states that using the Internet and services provided by electronic means may pose specific teleinformatic threats, such as: presence and operation of worms, spyware or malware software, including computer viruses, as well as possibility of being exposed to cracking or phishing (fishing passwords) and other. In order to obtain detailed and professional information related to the security in the Internet, the Seller recommends taking advice from entities specializing in such IT services.
2.4. The Seller additionally applies within the Website all necessary technical measures as specified in Articles 25, 30, 32–34, 35–39 of GDPR, providing for enhanced protection and security of the processing of customers personal data.
3.2. The Seller shall use two types of cookies: session cookies, which are permanently deleted upon closing the session of the Customer’s browser and permanent Cookies, which remain on the Customer’s device after closing the session until they are deleted.
3.3. It is not possible to identify the Customer on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents collecting any personal data.
3.4. Cookies used in the Store are safe for the Customer’s device, in particular, they prevent viruses or other software from breaking into tothe device.
3.5. In many cases software designed to browse sites (a browser) allows for storing cookies on the User’s device, insofar as the Customer selects such option in the browser settings. The Website Users may at any time change the settings related to cookies. Such settings may be changed in particular so as to block the automatic cookie support in the browser settings or to notify on each case of placing them on the Website User’s device. Detailed information on possibilities and methods of cookie support is available in the software (browser) settings.
3.6. Cookies placed on the Website User’s device may also be used by advertisers and partners co-operating with the Website operator upon prior User’s consent given in the browser settings. In accordance with the e-Privacy Regulation, the User may disable the storing of third-party cookies on his/her device in line with the instructions of the browser producer. Failure to enable third-party cookies and cookies other than session cookies may not cause lack of availability of the Website, in part or in its entirety, for the Customer.
3.7. The Seller shall use own Cookies for the following purposes: authenticating the Customer in the Store and preserving Customer’s session; configuration of the Store and adjusting the content of pages to Customer’s preferences, such as: recognizing Customer’s device, remembering settings set up by the Customer; Cookies ensuring security of data and use of the Store; analyses and researches of views; advertisement services.
3.8. The Seller shall use Third-Party Cookies, as a prior consent of Customer for the following purposes: authenticating the Customer in the Store and preserving Customer’s session; configuration of the Store and adjusting the content of pages to Customer’s preferences, such as: recognizing Customer’s device, remembering settings set up by the Customer; Cookies ensuring security of data and use of the Store; analyses and researches of views; advertisement services.
3.9. The Customer may individually change Cookies settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service. The Customer may also individually delete Cookies stored on his/her device at any time in accordance with the instructions of the browser producer.
3.10. Details concerning Cookies support are available in the settings of the browser used by the Customer.