I. Definitions and general information
Service - the term service is understood as the website: https://outoffmymind.co/.
User - the term User is understood as any person visiting the Website, using a computer, tablet, telephone or mobile device and the Internet.
Administrator - The administrator of personal data is Sebastian Wielgus with headquarters: ul. Kieślowskiego 3D / 23, 02-962, Warsaw NIP 951-246- 33-11, REGON: 380412449.
Profiling - means a form of automated processing of personal data which consists in the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or forecast aspects relating to personal preferences and interests.
II. The legal basis for the processing of User's data and their scope
- Personal data collected by the Administrator are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95 / 46 / EC (hereinafter referred to as "GDPR"), and the Act of 18 July 2002 on the provision of electronic services (ie Journal of Laws of 2017, item 1219 as amended).
- The Administrator processes only the personal data provided by the User in connection with the use of the Website. The processing of Users' data takes place in the following areas:
- conclusion and performance of the sales contract, including the issue of an invoice or bill and delivery of goods (data range: name, surname, country, address, telephone number, e-mail address) - pursuant to art. 6 sec. 1 lit. b GDPR, i.e. due to the fact that processing is necessary for the performance of a contract to which the data subject is a party,
- debt recovery (data scope: name, surname, address, delivery address, e-mail, telephone number, other data necessary to prove the existence of a claim or defend rights) - pursuant to art. 6 sec. 1 lit. f GDPR, i.e. due to the fact that processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party,
- fulfilling the legal obligations incumbent on the Administrator in connection with running a business (scope of data: all data obtained from the User) - pursuant to art. 6 sec. 1 lit. c GDPR, i.e. due to the fact that the processing is necessary to fulfill the legal obligation incumbent on the Administrator,
- conducting product or service marketing activities, including newsletter (data scope: name, surname, address, e-mail, telephone number) - based on a separate consent (Article 6 (1) (a) of the GDPR),
- sending commercial information by electronic means in accordance with art. 10 sec. 2 of the Act on the provision of electronic services of July 18, 2002 (scope of data: name, surname, address, delivery address, e-mail, telephone number) - based on a separate consent (Article 6 (1) (a) GDPR).
- As part of the shopping process on the Website, the User receives the information referred to in Art. 13 sec. 1 and 2 of the GDPR and may consent to the collection and processing of personal data by the Administrator in the manner and for the purposes described in the consent expressed and in this document. Providing the above data is voluntary, but necessary for registration and purchase on the Website.
- Viewing the content of the Website does not require providing personal data other than automatically obtained information about connection parameters.
III. Lawfulness of processing and application of appropriate safeguards
- The administrator processes the data in accordance with the law, collects it for specified, lawful purposes and does not subject it to further processing incompatible with these purposes. Data is collected only in an adequate, necessary and necessary scope in relation to the purposes for which they are processed. The administrator does not process special categories of personal data.
- The Administrator makes every effort to protect Users' personal data against unauthorized access by third parties and in this respect applies organizational and technical security measures at a high level. The administrator does not disclose personal data to any unauthorized recipients in accordance with the mandatory provisions of law in this regard. The administrator may entrust another entity, by way of a written agreement, to process personal data on behalf of the Administrator. Data may be made available only to entities authorized to receive them under the mandatory provisions of law.
- The Administrator uses the security of servers, connections and the Website. All connections related to the performance of electronic payments by you, if you choose this option, will be made via a secure encrypted SSL connection. However, the actions we take may turn out to be insufficient if you do not follow the safety rules yourself. In particular, you must keep your login and password to the Website confidential and not disclose them to third parties. Please remember that the Website will not ask you to provide them, except when logging in. In order to prevent the use of your account by unauthorized persons, please log out after using the Website.
IV. Automatic processing of personal data (profiling)
- In order to provide the most advantageous, tailored, personalized offer for its Users and for the purposes necessary to conclude or perform a contract between the data subject and the Administrator, as well as in the case of the express consent of the data subject, the Data Administrator may use Profiling.
- Decisions regarding sending a personalized offer or granting a discount or other benefit are made automatically on the basis of information / statistics collected in cookies. After determining the fulfillment of the criteria, the IT system automatically sends information about the granted benefit, e.g. a discount. You can use the granted benefit on the terms specified in the information on granting it, or you can resign from it.
- In the case of data processing for the purposes of direct marketing, including Profiling, processing based on the Controller's legitimate interest, for the purposes of scientific, historical and statistical research, data subjects have the right to object, due to the special situation of the data subject. The administrator does not make a decision that is based solely on automated processing, including Profiling, and has a significant impact on the data subject. The administrator implements appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, and at least the right to obtain human intervention from the Administrator, to express his own position and to challenge the decision resulting from automated data processing.
V. Time of personal data processing
- Personal data will be processed for the period of:
- necessary for the implementation of contracts concluded via the Website, including after their execution due to the possibility of the parties to exercise their rights under the contract, and due to possible recovery of receivables - until the expiry of the limitation period for claims;
- until the consent is withdrawn or an objection to the processing of data is submitted - in cases of processing the User's personal data on the basis of a separate consent.
- The Administrator stores Users' personal data also when it is necessary to fulfill legal obligations, resolve disputes, enforce User's obligations, maintain security, prevent fraud and abuse.
VI. User permissions
- The Administrator provides Users with the implementation of the rights referred to in point 2 below. In order to exercise the rights, an appropriate request (appropriate request) should be sent by e-mail to the following address: firstname.lastname@example.org
- The User has the right to:
- access to the content of the data - in accordance with art. 15 GDPR,
- rectify / update data - in accordance with art. 16 GDPR,
- deletion of data - in accordance with art. 17 GDPR,
- restrictions on data processing - in accordance with art. 18 GDPR,
- data transfer - in accordance with art. 20 GDPR,
- object to data processing - in accordance with art. 21 GDPR,
- withdraw consent at any time, but the withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal - in accordance with art. 7 sec. 3 GDPR,
- lodging a complaint to the supervisory authority, i.e. the President of the Personal Data Protection Office - pursuant to Art. 77 GDPR.
- The administrator examines the submitted requests immediately, but no later than within one month from their receipt. However, if - due to the complexity of the request or the number of requests - the Administrator will not be able to consider the User's request within the indicated period, he will inform the User about the intended extension of the deadline and indicate the deadline for considering the request, but not longer than 2 months.
- The administrator informs about the rectification or deletion of personal data or limitation of processing, which he made in accordance with the User's request, each recipient to whom personal data was disclosed, unless it proves impossible or will require a disproportionate effort.
VII. Provision of information
- In order to perform the contract, the Administrator may disclose the data collected from you to entities including: courier companies, operators of online payment systems, the accounting office keeping the Administrator's accounts.
- In such cases, the amount of data transferred is limited to the required minimum. In addition, the information provided by you may be made available to competent public authorities if required by applicable law.
- The processed personal data are not made available to recipients not indicated above in a form that would allow any identification of Users, unless the User has consented to it.
- Users' personal data will not be transferred to countries outside the European Economic Area.
VIII. Cookies and their use
- When using the Website, small files are saved on the User's end device, in particular text files, which contain information that allows you to remember login details, recently selected products, products in the User's basket (hereinafter: "cookies"). Cookies also enable the collection of statistical data referred to in point 2 below.
- Cookies do not contain data identifying the User, which means that on their basis it is not possible to determine his identity. The files used by the Website are in no way harmful to the User or the device and do not interfere with its software or settings.
- The cookie system does not interfere with the operation of the User's computer and can be turned off.
- Cookies enable:
- maintaining the User's session (after logging in), thanks to which the User does not have to re-enter the Login and Password on each subpage of the Website;
- creating website subpages viewing statistics.
- We remind you that browsers generally have the option to save cookies selected in their default settings.
- If the User does not agree to saving these files on the end device, the User should change the settings of the web browser he uses.
- Preventing cookies from being saved may consist in:
- not saving cookies on the end device;
- each time the user informs the user about saving a given cookie file on the device; deleting files after using the Website.
- In order to use the appropriate option for the User, please read the information on managing cookies, which can be found most often in the "Settings" of the browser or in the "Help" tab.
- The administrator informs that in the event that files are necessary for the operation of the Website, limiting their use may hinder the use of the Website.
- Browser settings of your device that allow you to save cookies and consent by clicking "ok" in the window that appears after entering the Website
- The Administrator has the right to change this document, about which the User will be notified in a way that allows to become familiar with the changes before they come into force, e.g. by posting relevant information on the main pages of the Website, and in the case of significant changes also by sending a notification to the address provided by the User. e-mail.
- If the User has objections to the changes made, he may request the removal of the Account on the Website. Your continued use of the Website after the publication or notification of changes to this document is considered consent to the collection, use and sharing of your personal data in accordance with the updated document.
- This document does not limit any rights of the User in accordance with generally applicable laws.