Our top priority is to protect information and respect your privacy as you use our Website so we take care of appropriate security measures and your convenience of using our websites. This Policy lays down the rules and scope of our processing of your data and your related rights and responsibilities.
1. Data controller and definitions
The data controller of Customers/Users of the Online Shop, also known as the Seller, is Herse 1868 Sp. z o.o., with its registered seat in Cracow, 31-069, ul. Sukiennicza 8/U3, Poland, VAT number: PL6762579349.
The data controller can be contacted at:
– at its seat in Cracow, 31-069, ul. Sukiennicza 8/U3, Poland
– by phone: +48 786 450 139
– by e-mail to: firstname.lastname@example.org
User – a natural person entering the website/websites of the Online Shop or using the services or functionalities described in this Policy.
Customer – a natural person having full legal capacity, a natural person who is a Consumer, a legal person or an organizational unit without legal personality, to which the Act grants legal capacity, which concludes a Distance Selling Agreement with the Seller.
Online Shop – an Internet service run by the Seller, available at www.herse.com through which the Customer/User may obtain information about the products and its availability and buy the products or order the service.
Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of electronic services (Dz. U. z 2020 r. poz. 344) from the Seller, sent to the Customer/User by electronic means; its receipt is voluntary and requires the consent of the Customer/User.
Account – a set of data stored in the Online Shop and in the Seller’s IT system concerning the Customer/User and orders placed by the Customer/User and the agreements concluded by the Customer/User, which enables the Customer/User to place orders and conclude agreements.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
2. The purposes, legal basis and period of the processing
In order to perform the selling agreement, the Seller processes:
– information concerning the User’s device in purpose to ensure the correct functioning of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data concerning activity on the website, including on individual subpages;
– geolocation data, if the User has consented to the service provider’s access to geolocation. The geolocation data is used to provide more tailored offers of Goods and services;
– users personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, Tax Identification Number (NIP), bank account number or other personal data required by the Administrator in the purchasing process.
This information does not contain identity data of the Users, but in combination with other information may constitute personal information. Therefore, the data controller extends full GDPR protection to them.
These data are processed in accordance with Article 6 section 1 letter b of the GDPR, for the purpose of providing a service, i.e. an agreement for the provision of services by electronic means in accordance with the Regulation, in accordance with Article 6 section 1 letter a of the GDPR, in accordance with consenting to the use of certain cookies or other similar technologies, as expressed by the appropriate settings of the Internet browser, in accordance with the Telecommunications Law or in accordance with consenting to geolocation. The data are processed until the end of the User’s use of the Online Shop.
The Administrator undertakes to take all measures required under Article 32 of the RODO, i.e., taking into account the state of the art, the cost of implementation and the nature, scope and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator implements appropriate technical and organizational measures to ensure a level of security appropriate to that risk.
3. Marketing activities of the data controller
The data controller may place marketing information about his/her Goods or services on the Online Shop’s website. Such content shall be displayed by the data controller in accordance with Article 6 section 1 letter f of the GDPR, in accordance with the legitimate interest pursued by the data controller, in publishing the content related to the services provided and the promotional content of the actions in which the data controller is involved. At the same time, the action does not infringe the rights and freedoms of the Customers/Users, the Customers/Users expect to receive similar content, or even expect it or it is their direct purpose to visit the website(s) of the Online Shop.
4. Recipients of User’s data
The data controller discloses the Users’ personal data only to the processors under the concluded contracts of entrustment of personal data processing, for the purpose of providing services to the Administrator, e.g. hosting and maintenance of the website, IT services, marketing and PR services.
5. User’s rights
Rights of the data processing subjects include:
-of access (Article 15 of the GDPR) – to obtain confirmation from the data controller, whether his or her personal data are being processed. If the data about a person is processed, he or she is entitled to access it and to obtain the following information: about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, about the period of data storage or about the criteria used to determine that period, about the right to request rectification, erasure or restriction of processing of personal data and to object to such processing;
– to obtain a copy of the data (Article 15 section 3 GDPR);
– to rectification (Article 16 of the GDPR) – to request the rectification of inaccurate or to supplement incomplete data concerning him or her;
– to erase the data (Article 17 of the GDPR) – to request the erasure of his/her personal data if the data controller has not a legal basis for their processing or the data are not necessary for the purposes of processing anymore;
– to restriction of processing (Article 18 of the GDPR)
– to data portability (Article 20 GDPR);
– to object (Article 21 of the GDPR) – to object to the processing of his/her personal data for the legitimate purposes of the controller, on grounds related to his/her specific situation, including profiling. In such case, the data controller shall assess the existence of important legitimate grounds for processing overriding the interests, rights and freedoms of data subjects or grounds for establishing, pursuing or defending claims. If according to the assessment the interests of the data subject will take precedence over the interests of the controller, the data controller shall be obliged to stop processing the data for these purposes;
– to withdraw consent at any time and without giving any reason, but the processing of personal data carried out before withdrawal of consent will still remain lawful. Withdrawal of consent shall result in the data controller ceasing to process personal data for the purpose for which the consent was given.
In order to exercise the aforementioned rights, the data subject should contact the data controller, using the contact details provided and inform the data controller, which right and to what extent he/she wants to exercise it.
6. Policy on cookies
Cookies are essential for the provision of electronic services via the website. Cookies, especially those requiring the User’s additional authorisation, contain information that is necessary for the proper functioning of the website.
The website uses three main types of cookies: “session” cookies, “persistent” cookies and “analytical” cookies.
– “Session” cookies are temporary files which are stored on the User’s end-device until they log out (leave the website).
– “Persistent” cookies remain stored on the User’s device until deleted manually or automatically after a set period of time.
– “Analytical” cookies provide information on how individual Users interact with www.herse.com and are used to improve the performance of the website. “Analytical” cookies collect information about how Users use the website, what type of website referred the User to www.herse.com, the frequency of visits and the time of each visit. All User data is collected anonymously and used solely for statistical analysis of website use.
User can adjust cookie permissions via options in their browser settings. More detailed information about cookie management with specific web browsers can be found in the browsers’ respective settings.
The Data Controller shall implement all necessary technical and organisational security measures to safeguard the data during processing ensuring a level of security appropriate to the nature of the data to be protected and, in particular, protect the data against unauthorised access, takeover, processing in violation of the Act, alteration, loss, damage or destruction.
The Service Provider shall take appropriate technical measures to safeguard the electronic personal data against unauthorised interception or modification.