We take care of your privacy and we want you to feel comfortable and safe while using our services. That is why we prepared this document where you will find all details on your personal data processing.
Personal data acquisition and collection; purpose and scope of personal data processing
Rights of data subjects
Cookies, performance data and analytics
§ 1 Introduction
Terms and expressions written with capital letters herein are defined and have the meaning set out in the Rules of the Shop, which is available on the Shop’s website.
A data controller for personal data collected via the Shop, within the meaning of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (O.J. EU L No 119, p. 1), hereinafter referred to as the GDPR (which is available here: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679), is Jakub Jakubczyk, trading in under the name of HD AIR STUDIO Jakub Jakubczyk, entered in the Central Registration and Information on Business Activity, with its registered office and delivery address at: ul. Poligonowa 35a, 20-817 Lublin, Vat No (NIP): 7132965956, statistical ID (REGON): 060676890, contact tel.: +48 502 829 521, e-mail: email@example.com, hereinafter referred to as the Seller.
Personal data of the Users are processed in accordance with personal data protection regulations and the Electronic Service Provision Act of 18 July 2002 (Journal of Laws No 2002.144.1204, as amended).
§ 2 General information
The Shop’s Data Controller uses all efforts to protect the privacy of the Users and Customers of the Shop, as well as all data and information obtained from them. The Data controller chooses and uses technical protection measures, including both programming and organisational ones, with due diligence to ensure comprehensive protection against data provision, disclosure, loss, damage, unauthorised modification or processing against applicable legal regulations.
The Data Controller informs you that the Shop uses a transmission protocol guaranteeing the security of data transmission in the Internet, i.e. the SSL (Secure Socket Layer v.3). This a type of security that consists in data coding before data uploading from the Customer’s browser and decoding such data when they safely reach the Shop’s server. The information sent from the server to the Customer is also coded and then decoded when it reaches the destination.
The data collected by the Data Controller are processed in accordance with legal regulations, the rules of reliability and transparency. They are collected and processed to the minimum extent that is necessary for purposes. They are not subject to further processing that would be contrary to such purposes. They are adequate and correct in terms of content in comparison with their purpose and they are stored in the way data subjects can be identified. The data retention period is dependent on the purpose of processing and is limited by the moment such a purpose is achieved.
The Data Controller has the right and statutory obligation to disclose the data of the Customers of the Shop to public authorities, e.g. in connection with proceedings conducted in connection with the violation of law or to third parties which request such data on the basis of applicable regulations of Polish law.
Users use services and tools make available by the Shop and give their personal data voluntarily. However, the data must be given to perform a sales agreement or an electronic service agreement with the Shop. Otherwise, such an agreement cannot be executed. The scope of data that are necessary to enter into the agreement is given on the website and in the Rules of the Shop.
§ 3 Data recipients
To ensure that the Shop operates properly and to perform sales agreements, the Data Controller uses services of third parties. The Data Controller shares the data solely if this is necessary for a given purpose of personal data processing and exclusively to the extent necessary to meet such a purpose.
Recipients of personal data of the Customers of the Shop are for example:
carriers, agents, freight forwarders: if the Customer buying goods at the Shop chooses delivery by courier;
entities operating electronic or card payments: the Data Controller shares the Customer’s personal data with an entity operating a given payment to the extent necessary for the purpose of such a service;
entities operating a polling system, entities providing systems used to analyse traffic at an online Shop or to analyse the effectiveness of marketing campaigns; entities conducing marketing campaigns;
suppliers of services supporting the operation of the Data Controller’s Shop, e.g. suppliers of online Shop operating software, e-mail software, companies operating a mailing system used to send newsletters, hosters;
entities providing book-keeping services.
The data recipients (third parties) process the personal data based on relevant processing agreements entered into with the Data Controller of the Shop. Such entities collect, process and Shop the personal data in accordance with their rules and privacy policies.
The Data Controller orders the processing of personal data of its Service Providers and Customers to the following entities:
Zenbox Sp. z o.o., ul. Dąbrowskiego 7, 42-200 Częstochowa, VAT No (NIP): 9492191021, statistical ID (REGON): 242888558, number in the register (KRS): 0000414281 – for the purpose of data storing in the server where the Shop is installed;
W&F OFFICE Sp. z o.o., ul. Obrońców Pokoju 2A/108, 20-030 Lublin, Vat No (NIP): 7123295841, statistical ID (REGON): 361355203, number in the register (KRS): 0000555336 – for the purpose of keeping books of the Shop owner;
R2G Polska Sp. z o.o., ul. F. Klimczaka 1, 02-797 Warsaw, Vat No (NIP): 7010194877, statistical ID (REGON): 141963798, number in the register (KRS): 0000335110 – for the purpose of performing orders of the Shop and delivering Goods to the Customer;
PayPal Polska Sp. z o.o., ul. E. Plater 53, 00-113 Warsaw, Vat No (NIP): 5252406419, statistical ID (REGON): 141108225, number in the register (KRS): 0000289372 – for the purpose of electronic payments;
Dialcom24 Sp. z o.o., ul. Kanclerska 15, 60-327 Poznań, Vat No (NIP): 7811733852, statistical ID (REGON): 634509164, number in the register (KRS): 0000306513 – for the purpose of electronic payments.
§ 4 Personal data acquisition and collection; purpose and scope of personal data processing
The Data Controller obtains information about Users, among others, by collecting server logs, IP addresses, software and hardware parameters, sites visited, IDs of mobile devices, and other data of equipment and by using the system. The above information will be collected in connection with the use of the Shop. Those data are not used by the Data controller to identify the User/Customer.
The Data Controller is also likely to collect navigation data, including information about links and references or other activities made at the Shop by Customers in order to enable them to use electronically supplied services and to improve the functionality of such services.
The Data Controller reserves the right to filter and retain messages sent by the internal messaging system, in particular if such messages are spams, contain forbidden contents or otherwise threaten the security of Shop Users.
Under the Shop, the Data Controller processes the Customers’ personal data for the following purposes:
to take pre-contractual actions at the Customer’s request; guarantee comprehensive services to the User, including account/accounts opening and management, contact Users in response to their inquiries sent via the contact form, operate live chat, live call, contact Users via e-mail in response to their inquiries;
to provide services where an account does not need to be opened and goods do not need to be bought, i.e. website browsing, operating a browser of goods, monitoring the activeness of all and specific Users;
to adjust the Shop’s offer and User experiences;
to perform the sales agreement or another agreement on electronically supplied services;
to keep statistics of the use of particular functions of the Shop, enable the use of the Shop, and ensure the IT security of the Shop;
to identify, claim and enforce claims and defend against claims in court litigation or before other enforcement authorities;
to review complaints and requests and respond to questions;
to conduct direct marketing of products and services;
to send a newsletter;
to arrange competitions and loyalty programmes;
to conduct studies and analyses aimed at improving the available services.
The Data Controller collects, processes and stores the following data of its Customers: first name and surname, e-mail address, contact telephone number to confirm a delivery date, a delivery address (street, house number, premises number, postal code, locality, country), place of residence/business address/registered office (if different than the delivery address).
In the case of Service Providers or Customers not being Consumers, the Data Controller may also process such data like: business name or Vat number (NIP) of the Service Provider or Customer.
The personal data which are collected for purposes set out herein will be retained throughout the duration of services (including electronic and shipment services) provided by the Data Controller and the limitation period and a period stemming from tax regulations, consumer rights or other corresponding rights.
CONTACT WITH THE CUSTOMER
In connection with the customer service, which includes a contact with the Customer to respond to an inquiry sent by the Customer by e-mail, live chat or contact form, the personal data are processed on the basis of Art. 6.1.a of the GDPR, i.e. on the basis of the processing consent. If after such a contact, an agreement is entered into, the data will be processed based on Art. 6.1.b of the GDPR. After the end of the contact, the data will be processed to archive correspondence that might be necessary to present in the future (in accordance with Art. 6.1.f of the GDPR).
The Shop offers a live chat service which enables a fast contact between the Customer/User and the Data Controller. For the purpose of the live chat, the following data must be given: first name and surname, e-mail address.
Such personal data are provided voluntarily, however they are necessary to enable the Data Controller to contact the Customer/User of the Shop.
Data of a User that opens and registers an account with the Shop are collected on the basis of the User’s processing consent (Art. 6.1.a of the GDPR). If the User decides to enter into an agreement, the data will be processed on the basis of Art. 6.1.b of the GDPR. In addition, pursuant to Art. 6.1.f of the GDPR, the processing is necessary to meet the goals arising from legitimate interests of the Data Controller.
PERFORMANCE OF ORDERS
1.When making an order at the Shop, the Customer gives personal data which are used to perform an agreement or an order (Art. 6.1.b of the GDPR), issue an invoice or carry out other activities connected with tax law (Art. 6.1.c). The data will be processed for archiving and statistical purposes on the basis of the Data Controller’s legitimate interest (Art. 6.1.f of the GDPR).
2.The data processing for the purpose of identifying, pursuing or defending claims which the Data Controller may file or which may be filed against the Data controller will be based on Art. 6.1.f of the GDPR.
One of functionalities of the Shop is a newsletter service. Data provided for newsletter subscription purposes are used solely to send newsletters on the basis of the User’s consent (in accordance with Art. 6.1.a of the GDPR). After the end of the contact and if newsletter is no longer sent, the data will be processed to archive correspondence that might be necessary to present in the future (in accordance with Art. 6.1.f of the GDPR).
The voluntary consent to receive a newsletter or commercial information may be withdrawn at any time at the Customer’s/User’s request to be sent by e-mail. Having received such a request, the Data Controller will immediately, however at the latest within 48 hours from the receipt of the notice of consent withdrawal, will delete the Customer’s/User’s data from its database used to provide commercial information by e-mail.
All data stored in the database for newsletter purposes may be rectified at any time. The data subject may also have such data erased, may waive receiving the newsletter and exercise the right to data portability, as referred to in Art. 20 of the GDPR.
As one of its Shop functionalities, the Data Controller provides an interactive form for contact purposes. To use the form, the User must give personal data necessary to contact the User and respond to questions given in the form. The User may also give other data to enable contact or order a service. The data marked as obligatory must be given to handle an inquiry and/or accept an order. Otherwise, the service will not be provided. Other data are given voluntarily.
The data provided in the contact form are processed based on Art. 6.1.a of the GDPR, i.e. based on the processing consent.
To identify a sender or to handle the sender’s inquiry submitted by the use of the form, the legal basis for the processing is the necessity of processing of a service agreement (Art. 6.1.b of the GDPR).
After the end of the contact, the data will be processed to archive correspondence that might be necessary to present in the future (in accordance with Art. 6.1.f of the GDPR).
On the website of the Shop: www.hdairstudio.com, there are plugs and other social tools made available by social media, like Facebook, Instagram, Viemo, Youtube, Lindedin. When the Shop’s website where a given plug is installed is displayed, the User’s browser will directly connect with servers of Facebook, Instagram, Youtube, Lindedin or Vimeo. The content of the plug is transmitted by a given Service Provider directly to the User’s browser and is integrated with the site. Thanks to such an integration, the Service Provider can receive information that the User’s browser has displayed the website of the Shop, i.e. www.hdairstudio.com, even if the User neither has a profile nor is logged in with a given Service Provider. If the User is logged in one of social networks, the Service Provider of the site will be able to assign the User’s visit on the Website to a given profile in the social network.
By using Google Ads, the Data Controller promotes the website of the Shop in searching results and on third party sites. When the website of the Shop is visited, a remarketing cookie of Google is left in the device of each visitor. By the use of a pseudonymised ID and based on sites viewed by the Visitor, advertisements adjusted to interests can be displayed.
Google Ads is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which joined the Privacy Shield to ensure a relevant protection of personal data in accordance with European regulations.
§ 5 Rights of data subjects
Under the GDPR, the Customers/Users have specific rights, as listed below. Such rights are based on any reason. However, they are not absolute. They will not apply to all personal data processing activities. If the Customer/User wants to exercise any of these rights, they may send a statement by e-mail to the Shop’s e-mail address or to the Data Controller’s registered office address at any time.
Right of access to data under Art. 15 of the GDPR
The Customer/User may contact the Data Controller at any time to confirm whether the Customer’s/User’s data are processed and, if yes, the Customer has the right to:
obtain an access to their personal data;
obtain information about: processing purposes, categories of personal data processed, data recipients or categories of data recipients, a planned period for which the Customer’s/User’s data will be stored, or criteria for fixing such a period (if it is not possible to fix the planned data storage period), rights attributable to the Customer/User on the basis of the GDPR, and the right to lodge a complaint with the supervisory authority, source of data, automated decision-making, including profiling, and about security measures applied in connection with the data being transferred outside the European Union;
obtain copies of their personal data.
Right to data rectification under Art. 16 of the GDPR
The Customer/User has the right to request the Data Controller to immediately rectify the personal data concerning them if they are incorrect. The Customer/User also has the right to request that their personal data are supplemented. To rectify or supplement your personal data, please sent a relevant notice by e-mail to the Shop.
Right to erasure (“right to be forgotten”) under Art. 17 of the GDPR
The Customer/User may request the Data Controller to erase all or some of their data.
The Customer/User has the right to have their personal data erased if:
the personal data are no longer necessary for purposes for which they have been collected or otherwise processed;
the Customer/User has withdrawn their consent to the extent to which the personal data have been processed based on the Customer’s/User’s consent;
the Customer/User has objected to the use of their data for marketing purposes;
the personal data have been processed illegally;
the personal data have to be erased to fulfil a legal obligation set out in Union or Member State law to which the Data Controller is subject;
the personal data have been collected in connection with the provision of information society services;
although the Customer/User requests that their personal data are erased as a result of an objection or consent withdrawal, the Data Controller may retain certain personal data to the extent to which such processing is necessary to identify, pursue or defend claims, as well as to fulfil a legal obligation supporting the processing on the basis of Union or Member State law the Data Controller is subject to;
as a result of the erasure of personal data or suspension of data processing by the Data Controller, the Shop will not not be able to provide its services or the functionalities of the Shop will be limited.
Consent to data processing and the right to withdraw the consent under Art. 7.3 of the GDPR
By accepting statements published by the Data Controller in interactive forms on the website, the Customer/User accepts that their personal data will be processed for defined purposes.
The Customer/User has the right to give consent to their personal data processing for additional purposes by accepting non-obligatory statements suggested in the forms on the website of the Shop.
The Customer has the right to withdraw the consent given to the Data Controller. The withdrawal of the consent comes into force as of the withdrawal.
The withdrawal of the consent has not adverse impact on the Customer but may make further use of the services or functionalities impossible if they are only and lawfully provided with the Customer’s consent.
The withdrawal of the consent does not affect the lawfulness of processing by the Data Controller based on consent before its withdrawal.
Right to object to data processing under Art. 21 of the GDPR
The Customer/User has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them, including profiling, if the Data Controller processes personal data on the basis of its legitimate interest.
The opt-out notice concerning marketing information about products and services sent by the Customer/User by e-mail means that the Customer/User objects to their data processing, including profiling, for such purposes.
If the Data Controller is not able to process the Customer’s/User’s data on any other legal basis and the objection is legitimate, the personal data subject to such an objection will be erased.
Right to restriction to personal data processing under Art. 18 of the GDPR
The Customer/User has the right to obtain from the Data Controller the restriction of processing where:
the accuracy of the Customer’s/User’s personal data is contested: the Data Controller will restrict the processing, for a period enabling it to verify the accuracy of such data;
the processing of the Customer’s/User’s personal data is unlawful and the Customer/User opposes the erasure of the personal data and requests the restriction of their use instead;
the Data Controller no longer needs the Customer’s/User’s personal data for the purposes of the processing, but they are required for the establishment, exercise or defence of the Customer’s/User’s legal claims;
the Customer/User has objected to processing: then the restriction to processing applies from the moment it is determined whether the Data Controller’s legitimate interests prevail over reasons specified in the Customer’s/User’s objection.
Right to data portability (Art. 20 of the GDPR)
The Customer/User has the right to receive, from the Data Controller, the personal data concerning them in a structured, commonly used and machine-readable format and has the right to transmit those data to another data controller.
The Customer/User has the right to order the Data Controller to have their personal data transmitted directly to another data controller (where technically feasible).
The Customer has also the right to lodge a complaint with the President of the Personal Data Protection Office to the extent of the violation of the Customer’s rights to personal data protection or other rights set out in the GDPR.
§ 6 Cookies, performance data and analytics
The Shop uses small files called cookies. They are recorded and Stored in a computer or another end device of the User or Customer of the Shop if the Internet browser permits. Cookies usually contain the name of a domain from which they come from, the duration of their storage in the device, and their value.
Cookies are used to optimise the use of the Shop’s website, collect statistical data which enable the identification of the way Users use the Shop’s website in order to improve the Shop structure. They are also necessary to maintain the Customer’s session after the Customer leaves the Shop.
The Data Controller uses two types of cookies:
session cookies (temporary): they are Stored in the Customer’s end device till the end of a session of a given browser. Then, information recorded is permanently deleted from the device’s memory. The mechanism of session cookies does not allow for collecting any personal data or other confidential information from the Customer’s device;
persistent cookies: they are Stored in the Customer’s equipment unless they are deleted. Persistent cookies are not deleted from the Customer’s device when a session of a given browser ends or the device is switched off. The mechanism of persistent cookies does not allow for collecting any personal data or other confidential information from the Customer’s device.
The Data Controller uses external cookies for the following purposes:
a) to collect general and anonymous statistical data by the use of analytical tools: Google Analytics (the controller of cookies is Google Inc. with its registered office in the USA),
b) to popularise the Shop via www.facebook.com (the controller of external cookies: Facebook Inc. with its registered office in the USA or Facebook Ireland with its registered office in Ireland);
b) to popularise the Shop via Instagram.com by Instagram LLC with its registered office in the USA
d) analyse the activeness of Customers – adjust contents displayed to customer profile in order to improve the management of advertising campaigns by the use of DoubleClick analytical tools – by Google Inc. with its registered office in the USA;
e) to popularise the Shop via LinkedIn.com by LinekdIn Ireland Ltd with its registered office in Ireland.
f) to build a profile of your interests on our website (e.g. sections of the website visited) in order to know which pages are the most and least popular and see how visitors move around the site.
The Customer may change cookies settings and disable cookies collection at any time in their Internet browser. This may, however, make it difficult for the Customer to use services and tools of the Shop or make ordering impossible.
Some third parties acting under the Shop enable the Users to withdraw the consent for data collection and use for advertising purposes based on the Customer’s activeness. More information concerning such a choice can be obtained, for example, on: www.youronlinechoices.com. The disclosure of information about Shop traffic to Google Analytics can be disabled by the use a browser addition made available by Google Inc. on: https://tools.google.com/dlpage/gaoptout?hl=pl.
§ 7 Miscellaneous
HD Air Studio creates the best aerial gimbals and gyro heads for industrial and cinematography use. Not a single return in 10 years!