a) Administrator – VOLANT GRABOWSCY SPÓŁKA KOMANDYTOWO-AKCYJNA with its registered office in 08-110 Siedlce, Żelków Kolonia, Stalowa 16, NIP PL 8212467043, REGON number: 140758 518, entered into the National Court Register , with a share capital of PLN 100,000.00
1. Store – an online store run by the Seller at the Internet address volant.pl
2. Regulations – regulations of the Online Store.
3. Personal data – information about an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular on the basis of an identifier such as name and surname, identification number, location data, online identifier or one or more specific physical, physiological, genetic, mental factors, the economic, cultural or social identity of a natural person.
4. User – a natural person using the Store, including browsing the Store’s website or websites of other organizations on which the Store’s advertisements are located.
5. Processing – means an operation or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, organizing, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, disseminating or otherwise making available, matching or combining, limiting, deleting or destroying
7. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
8. Data subject – a natural person whose personal data is processed by the Administrator.
§2 Processing of personal data
1. In connection with the activity within the volant.pl online store, the Administrator collects and processes personal data in accordance with the applicable law and the principles of data processing provided for therein.
2. The administrator ensures transparency of personal data processing. Information on data processing by the Administrator is publicly available on the Store’s intranet website and in the Regulations. In addition, the Administrator always informs the data subject when collecting personal data and asks for consent to their collection (when placing an order in the Store). The administrator makes sure that personal data is collected only to the extent necessary to achieve the indicated purpose and processed only for the period in which it is necessary.
3. When processing personal data, the Administrator ensures their security and confidentiality as well as access to information about the processing of data subjects. If, despite the security measures in place, there has been a breach of personal data protection (e.g. “leakage” of data or their loss), the Administrator will inform the Data Subjects about such an event in a manner consistent with the regulations.
4. The administrator processes personal data only within the European Economic Area (EEA).
§3 Types of information collected
1. Information collected when placing an order in the Store:
1.1 name and surname (of the Customer and the recipient of the order, if it is a person other than the Customer placing the order),
1.2 address of residence or registered office (street, house number, apartment number, postal code, city, country),
1.3 delivery address (if different from the address of residence/registered office),
1.4 electronic mail address (e-mail),
1.5 telephone number,
2 Information collected while browsing the Store’s website or websites of other organizations on which the Store’s advertisements are located:
2.1 information on the devices used (manufacturer’s details, model, operating system, IP address, browser type),
2.2 information on selected products,
2.3 cookies and information on online behavior and search history when using the Store’s website, user’s location and information about clicking Store’s advertisements displayed on the websites of other organizations, 2.4 details of purchases in the Store
§4 Purposes and legal grounds for data processing
1. Personal data indicated in §3 sec. 1, are processed in order to perform the contract for the sale of products offered in the Store, including their delivery and handling complaints, etc. The legal basis for their processing is art. 6 sec. 1 lit. b) GDPR “processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract”. In addition, the purpose of processing this personal data is to determine or pursue any claims by the Administrator or to protect against claims, the legal basis in this case is art. 6 sec. 1 lit. f) GDPR “processing is necessary for the purposes of the legitimate interests pursued by the administrator or by a third party, except when where those interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. IN
cases provided for by law, the Administrator is obliged to process personal data in order to fulfill a specific legal obligation (e.g. to present them to tax authorities), in this case the legal basis for data processing is art. 6 sec. 1 lit.
c) of the GDPR, “processing is necessary for compliance with a legal obligation to which the controller is subject”.
2. Information indicated in §3 sec. 2, are collected in order to adapt the Store and service offer to the needs of users and for statistical purposes. The legal basis for the processing of this data is Art. 6 sec. 1 lit. f) GDPR.
3. The administrator may ask the user for permission to send marketing and promotional materials. Granting consent is not a prerequisite for concluding and implementing the sales contract. The user may withdraw his consent at any time. The purpose of personal data processing in this case is the possibility for the Administrator to send information about products and services, including special offers and discounts. The legal basis for the processing of personal data in this case is art. 6 sec. 1 lit. a) GDPR “the data subject has consented to the processing of his
personal data for one or more specific purposes”.
4. Providing any personal data when placing orders in the Store is voluntary, but necessary in order to conclude and implement the sales contract.
5. Any consents expressed by the user regarding the processing of personal data or sending commercial information may be revoked at any time. All correspondence in this regard should be sent to the Administrator at the following e-mail address: email@example.com
§5 Cookies/Cookies Policy
1 The Administrator, in order to make the operation of the Store more attractive and in order to conduct analyzes and properly select advertisements displayed on this and other websites, as well as to enable the use of certain functions, uses the so-called cookies. cookies.
2 Cookies/cookies are small text files stored on the end device of the data subject. Some of them are deleted after the end of the browsing session – after closing the browser (“session cookies”). Others remain on the device and allow the Administrator to recognize the data subject’s browser on the next visit (“persistent cookies”).
3 Web browsers by default allow the placement of cookies/cookies and if the user does not change the default settings of the web browser he/she uses in terms of cookie/cookie settings, these files will be saved on the user’s end device.
4. The User using the Store, accepting the notification about cookies/cookies, agrees to save private data contained in cookies
/cookies and similar technologies on end devices. By accepting the notification, the user consents to the processing of personal data using such cookies. The legal basis for the processing of personal data is art. 6 sec. 1 lit. a) GDPR.
5 Using cookies/cookies, the following data are primarily processed: IP address, URL address, requests, domain name, device ID, browser type, browsing language, number of clicks, amount of time spent on individual pages, date and time of using the Store, operating system type and version, screen resolution, data collected in server logs, and other similar information. Data obtained using cookies/cookies are processed on the basis of the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR) for the purpose of analytical and
statistical research, website traffic research, content matching in terms of the user and ensuring the security of services .
The user has the option to change the settings of his web browser so as to block the automatic handling of cookies / cookies and decide individually about their acceptance or exclusion in specific cases or generally, or be informed about attempts to send them to the end device used by the user each time. In order to obtain information on how to configure the settings of cookies/cookies, please use the help option in the web browser used by the user.
7 Changing the settings of cookies/cookies in the web browser or changing them only may limit the functionality of the Store’s website, and even partially prevent its use.
8. As part of the volant.pl Online Store, the Administrator uses the following types of cookies/cookies:
8.1 Google Analytics – for statistical, remarketing purposes
8.2 Google Ads – for statistical, marketing and advertising purposes
8.3 Facebook Pixel – for statistical, remarketing purposes
8.4 Cookies of the Volant Website – for the proper operation of the website, multilingualism
8.5 Chat cookie – for quick contact with the customer
§6 Period of storing personal data
1. The administrator stores personal data no longer than it is necessary to achieve the purposes for which the data is processed. The period of personal data processing depends on the scope of the concluded contract and the purpose for which they are processed. The period of personal data processing may also result from legal provisions, e.g. tax or accounting regulations, when they constitute the basis for processing. Data processing in connection with the concluded sales contract lasts until the Administrator’s claims and claims against the Administrator expire, unless the Administrator is obliged to further process this data on the basis of the relevant provisions, after this period.
2. In the case of data processing based on the Administrator’s legitimate interest, the data is processed for a period enabling the implementation of this interest or until an effective objection to data processing is submitted.
4. In the event that personal data is processed on the basis of the consent given by the data subject, the processing lasts for the period of achieving the purpose for which the consent to the processing of such data was granted or until the consent is revoked by the data subject
5. The period of personal data processing may be extended when processing is necessary to establish or pursue claims or defend against claims, and after this period, only in the case and to the extent required by law.
§7 Entrusting the processing of personal data
1 The Administrator, on the basis of written agreements, may entrust the processing of users’ personal data to other entities, i.e.:
1.1 to the carrier providing transport services, to the extent necessary to achieve the goal of delivering the ordered products
, the Administrator provides the collected personal data of the user
to the selected entity servicing the above payments in the Store, to the extent necessary to make payments via the
electronic payment system or
by payment card, financial institution that
finances a loan or leasing for the purposes necessary to submit a loan or financing application.
2. The administrator may share personal data of users with external entities, including the police and other law enforcement authorities, authorized to receive them on the basis of applicable law.
3 The administrator may transfer personal data to his insurers in the event of claims or potential claims against him.
4 The controller may transfer personal data to third parties if he is obliged to disclose or share such data in order to meet any legal requirements (also in connection with a court order) or to enforce or implement any agreements concluded with the data subject or in to protect its rights, property or safety, or the property or safety of its customers, employees or others.
§8 Rights related to the processing of personal data
1 The data subject, in connection with the processing of their personal data by the Administrator, has the following rights:
1.1 Right to information about the processing of personal data – the data subject has the right to obtain from the Administrator information for what purpose his personal data is processed, categories of relevant personal data, entities to which the data is disclosed, the planned period of personal data storage, information about the right to lodge a complaint with the supervisory authority, information about the source of data and the legal grounds for processing this data.
1.2 The right to obtain a copy of the data – on this basis, the Administrator provides the data subject with a copy of the personal data subject to processing. Behind
any further copies requested by the data subject, the Administrator may charge a fee in a reasonable amount resulting from administrative costs.
If the data subject requests a copy electronically, and unless otherwise indicated, the information shall be provided in a commonly used
1.3 The right to rectify data – the data subject has the right to request the Administrator to immediately rectify his personal data
that are incorrect. Taking into account the purposes of processing, the data subject has the right to request completion of incomplete personal data, including by submitting an additional statement.
1.4 The right to delete data (“the right to be forgotten”) – the data subject has the right to request the Administrator to delete data immediately, and the Administrator is obliged to delete
personal data without undue delay and notify the data subject, unless the need to process data results from :
1.4.1 the need to comply with a legal obligation requiring processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller, 1.4.2 investigation, investigation or
1.5 The right to limit processing – in the event of such a request, the Administrator ceases to perform operations on personal data – with the exception of operations to which the data subject has consented – and their storage, in accordance with the adopted data retention principles or until the reasons for limiting data processing cease to exist (e.g. a decision of the supervisory authority will be issued allowing for further data processing).
1.6 The right to transfer data – the data subject has the right to receive in a structured, commonly used machine-readable format personal data concerning him, which he provided to the Administrator, and has the right to send this personal data to another administrator without hindrance from the Administrator to whom the data was provided personal data, if the processing is based on consent or in connection with a concluded contract, or when it is carried out in an automated manner.
1.7 The right to object to the processing of data for marketing purposes – the data subject may object to the processing of
personal data for marketing purposes at any time, without the need to justify such an objection. In this case, the administrator is not allowed to process the data
personal data for marketing purposes.
1.8 The right to object to other purposes of data processing – the data subject may at any time object – for reasons related to his
particular situation – to the processing of personal data, which is carried out on the basis of the Administrator’s legitimate interest, the objection in this respect should contain a justification.
1.9 The right to withdraw consent – if the data is processed on the basis of consent, the data subject has the right to withdraw it at any time by notifying the Administrator to the e-mail address firstname.lastname@example.org, which, however, does not affect the lawfulness of the processing carried out before its
withdrawal ; failure to grant or withdraw consent does not have any adverse consequences for the Data Subject.
1.10 Right to complain – if it is found that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may submit a complaint to the supervisory authority competent for the place of habitual residence of the data subject, his place of work or the place of the alleged alleged violations. In Poland, the supervisory authority is the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, law email@example.com, phone no. 22 531 03 00.
§9 Contact with the Administrator
1. In order to submit requests related to the exercise of the rights of the data subject or any questions regarding data protection, please contact us at the following e-mail address: firstname.lastname@example.org or correspondence address at Żelków Kolonia ul. Stalowa 16, 08-110 Siedlce.
2 If the Administrator is unable to identify a natural person on the basis of the submitted request, he will ask the applicant for additional information. Providing such data is not mandatory, but failure to provide it will result in refusal to fulfill the request.
3 The response to the notification should be provided within one month of its receipt. If it is necessary to extend this period, the Administrator informs the applicant about the reasons for this action.
4 In the case where the request was addressed to the Administrator electronically, the response is provided in the same form, unless the applicant requested a response in a different form. In other cases, answers are given in writing. In the event that the deadline for the execution of the request makes it impossible to respond in writing, and the scope of the applicant’s data processed by the Administrator enables contact by electronic means, the Administrator will respond electronically.
5 Proceedings on submitted applications and inquiries are free of charge. However, fees may be charged if:
5.1 relate to the submission of a request for the second and each subsequent copy of the data (the first copy of the data is free of charge); in this case, the Administrator may request the payment of a reasonable fee; such a fee includes administrative costs related to the execution of the request,
5.2 relate to excessive (e.g. extremely frequent) or clearly unjustified requests made by the same person; in this case, the Administrator may request the payment of a reasonable fee; such a fee includes the costs of communication and the costs related to taking the requested actions.