For the purpose of the implementation of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as "GDPR", we inform you about the rules of processing your personal data and about your rights related with it.
The following rules apply from May 25, 2018.
The Controller of your personal data
The controller of your personal data is Mudita sp. z o.o., Jana Czeczota Street No. 9, 02-607 Warsaw, Poland, REGON: 146767613, NIP (Tax No.): 5252558282, entered into the entrepreneur register of the National Court Register by the District Court for the Capital City of Warsaw, XII Commercial Division of the National Court Register (KRS) under No.: 0000467620, share capital (fully paid) PLN 20 000 (hereinafter referred to as "We”, "Mudita"). Mudita runs an online store at www.store.mudita.com (hereinafter "Our Store").
Mudita has set one contact point for all personal data issues. If you would like to contact us, please write us an e-mail to: email@example.com or send a letter to: Mudita sp. z o.o., Jana Czeczota Street No. 9, 02-607 Warsaw with the note: "Personal data".
Where do we obtain your personal data from?
Most of the data we receive directly from you. You provide us this data:
by creating an account on the website of Our Store;
by subscribing to the newsletter on www.mudita.com ("Our Website, Website”);
by sending an e-mail or by contacting us through our profile on social networks, e.g. Facebook, Twitter etc.;
during a conversation with the Mudita Staff.
We may also have your data from publicly available sources, as well as from our partners, who collect personal data in the execution of their own plans (for their own purposes) and make them available to us as a part of our commercial cooperation, if you had consented to provide us with this data.
We also receive data about you indirectly, through the analysis of cookie files, the web server logs collected by the hosting operator of Our Website (and Our Store).
What is the scope of data processed?
We process following personal data:
name and surname;
telephone number (if you provided us for contact);
delivery address (street, building / flat number, zip code, city, country).
If required by law, we may ask you to provide other data necessary, e.g. for accounting or tax reasons.
In addition, due to the shape of our relationship, we can process the following personal data:
transaction history (including what and when you have bought, payment methods);
the bank account number from which you made payments;
the credit / debit card number and data relating to it;
information on how you use the Our Website or the website of Our Store (if you agree to the cookies referred to in point 14 below);
IP number and other device data from which you communicate with us;
history of your communication with us;
information about the sources of obtaining your data;
additional information about yourself that you could include in e-mail correspondence or that you could have provided during a telephone conversation with the Mudita Staff, your consents.
What is the purpose and legal basis for processing of your personal data?
We process your personal data in connection with offering you our products or services via Our Store or Our Website ("services").
Due to the above, we process your personal data for various purposes indicated below:
registration in Our Store and conclusion, and then execution of the contract of sale and provision of other services available by electronic means, including through the functionality of Our Website (Article 6 (1) (b) of GDPR);
mandatory provisions of law also requires us to process your personal data for accounting and tax purposes (Article 6 (1) (c) of GDPR);
if you give us (separate) consent, we will process your data for
our marketing purposes with reference to the legitimate interest of the controller (Article 6 (1) (f) of GDPR);
if you subscribe to our newsletter, we process your data in order to carry out the service you ordered (Article 6 (1) (b) of GDPR);
your personal data is also processed to collect debts, conduct court, arbitration and mediation proceedings, archiving and give us possibility to account for the correct fulfilling of the obligations imposed by law, including the processing of your data, which is the legitimate interest of the controller (Article 6 (1) (f) of GDPR);
data from the analysis of cookie files, collected web server logs by the hosting operator of Our Website are processed for the purposes of building anonymous statistics of visits to Our Website or Store, useful - among others - for marketing purposes (including analyzing and profiling data for marketing purposes) and in order to support the functionality of Our Store and Our Website (e.g. login, presentation of content, handling of forms) (Article 6 (1) (f) of GDPR).
How long do we process your personal data?
The period for which we process your personal data depends on the purpose of processing. Consequently:
In connection with the functioning of Our Store and Website:
registration in Our Store - for the period you are registered, until you unregister from Our Store,
concluding and then implementing the sales contract through Our Store - for the period of its implementation, and after its completion until the expiration of our mutual claims related to this contract,
providing other services to you electronically, including through the functionality of Our Store and Website - for the period in which you use these services while maintaining an active account, and after this period we will process your data for purposes related to the accountability for our actions and until the expiration of our mutual claims related to those services;
regarding accounting purposes - we will process your data for a period of 5 years, counting from the beginning of the year following the accounting year covered by the accounting documents (Article 74 paragraph 2 and 3 of the Accounting Act). As far as tax purposes are concerned, data will be processed for a period of 5 years, counting from the end of the calendar year in which the payment deadline for a given tax has expired (Article 70 § 1 of the Tax Ordinance);
sending you marketing messages other than a newsletter - to this end we process your data until you file an objection to such processing, but no longer than 10 years from the date of obtaining your data for this purpose;
newsletter sending - to this end, we process your data until you are a subscriber to this service, or until you file an objection to such processing, depending on which of these events occurs earlier;
debt collection, conducting court, arbitration and mediation proceedings, archiving purposes and the possibility of us to account for the correct fulfilling of the obligations imposed by law, including processing your data - your personal data will be processed until the end of the limitation period (this period will depend on the type of claim in accordance with the Civil Code or other legal acts regulating the principle of non-civil liability) or the period in which we may be exposed to a different type of liability related to the relationship we have established with you;
building (anonymous) statistics of visits to Our Website or Store, including for marketing purposes (in particular to adapt messages and offer to your preferences) - for this purpose we process data throughout the period in which you use our Our Website or Strore or our services provided electronically (such as the newsletter) and later for a period of 5 years from the time when you stopped using them.
Who is the recipient of your personal data?
We can pass your personal data on to our Contractors:
to companies that provide us with the services necessary for our proper functioning, e.g.
companies providing for us the services of delivery and maintenance of database software, suppliers of business management systems, through which we can run Our Store and Website, send newsletter, etc .;
companies providing for us the services of delivery and maintenance of database software, suppliers of business management systems, through which we can run Our Store and Website, send newsletter, etc .;
entities providing hosting services;
marketing agencies that help us understand what our clients are interested in, which help us creating interesting offers, promotions and help us in ongoing communication with you;
accounting, advisory and law firms supporting us in our daily activities;
to companies providing delivery services / courier companies - in order to deliver ordered goods to the address you indicated in the order;
to services companies responsible for the repair of purchased items, in the event you make a complaint under warranty or guarantee;
to intermediaries in payment processing, in case of payment transactions in connection with your purchases, including those that support payment systems;
to our partners / contractors with whom we share data as a part of our commercial cooperation, if we had requested your consent for this purpose and you agreed for us to do so.
For each of these purposes, we only provide data that is necessary to achieve it.
Do we process your personal data automatically (including through profiling) in a way that affects your rights?
Your personal data may be processed in an automated way (including profiling), however it will not have any legal impact on you or your situation.
As part of our marketing, we want to be able to present you information (offers, promotions) tailored to your interests. Therefore, profiling of personal data by Mudita is solely based on the processing of your data (also in an automated way) by using them to assess certain information about you, in particular to analyze or forecast your personal preferences and interests.
How do we process your personal data?
We process personal data in accordance with applicable law, in particular in accordance with GDPR. We have the following rules in mind when we process your personal information:
Adequacy rule. We process only data that is necessary to achieve a given processing goal. We have carried out an analysis of the fulfilment of this rule for each business process;
Transparency rule. You should have full knowledge of what is happening with your data. This document, in which we try to provide you with complete information about the rules of processing your personal data by us, is its manifestation;
Accuracy rule. We strive to keep your personal data in our systems up-to-date and truthful. If you find that in some area your personal data have not been updated or are incorrect, please contact us at the email address firstname.lastname@example.org;
Integrity and confidentiality rule. We apply the necessary measures to safeguard the confidentiality and integrity of your personal data. We are constantly improving them, along with the changing environment and technological progress. Security includes physical and technological measures restricting access to your data, as well as appropriate measures to prevent loss of your data;
Accountability rule. We want to be able to account for each of our actions regarding personal data, so that in the event of your inquiry we can give you full and reliable information about what actions we have been carried out on your data.
What rights do you have regarding the processing of your personal data?
The provisions of law give you a number of rights that you can use at any time. Unless you abuse these rights (e.g. unreasonable daily requests for information), exercising them will be free of charge and should be easy to implement.
Your rights include:
The right to access your personal data. This right means that you can ask us to export from our databases the information we have about you and send it to you in one of the commonly used formats (eg XLSX, DOCX, etc.);
The right to correct personal data. If you find out that your personal data we process is incorrect, you may ask us to correct it and we will be obliged to do so. In this case, we have the right to ask you for a document or proof of the change;
The right to seek restriction of personal data processing. If, despite the fact that we adhere to the adequacy principle, that is we process only data that is necessary to achieve a given processing goal, you consider that for a specific purpose we process too wide catalogue of your personal data, you have the right to request that we restrict (limit) the scope of processing. If the request does not oppose the requirements imposed on us by applicable law, or it is not necessary for the performance of the contract, we will accept your request;
The right to request erasure of personal data. This right, also known as the right to be forgotten, means that you can demand that we remove any information that contains your personal information from our systems and any other records. Remember however, that we will not be able to do so if we are obliged to process your data under provisions of law (for example transaction documents for tax purposes, obligation to ensure the accountability of our activities). In each case, however, we will remove your personal data to the fullest extent possible, and where it is not possible we will ensure their pseudonymisation (which means that the data subjected cannot be identified without a corresponding key). Allowing this, your data we need to keep in line with applicable law, will be available only to a very limited group of people in our organization;
The right to personal data portability. In accordance with the GDPR, you can ask us to port the data you provided to us in the course of all our contacts and all cooperation to a separate file, for the purpose of further transfer to another data controller;
The right to withdraw consent. If we process your personal data on the basis of your consent, you can revoke this consent at any time. Withdrawal of your consent will not affect the lawfulness of the processing previously performed on the basis of the consent (prior to its withdrawal). However, we would like to inform you that your personal data in the scope of the purpose covered by the revoked consent will cease to be processed for this purpose only. Your personal data subject to consent will be further processed in order to fulfill our obligations under the law, including, in particular, the obligation to account for the correctness of personal data processing, or for the purposes based on our legitimate interest.
You can perform the above mentioned rights by contacting us at the e-mail address email@example.com or by post on Mudita sp. z o.o., Jana Czeczota Street No. 9, 02-607 Warsaw, with the note "Personal data".
In all matters related to personal data, you can always write to us, especially when any action or situation you encounter raise your concerns about its legality or if you feel that your rights or freedoms may be violated. In this case, we will answer your questions and concerns and immediately address the issue.
If you believe that in any way we have violated the rules for the processing of your personal data, you have the right to submit a complaint directly to the supervisory authority (from 25 May 2018, it is the President of the Office for Personal Data Protection in Poland). As part of exercising this right, you should provide a full description of the situation and indicate what action you consider as violating your rights or freedoms. The complaint should be submitted directly to the supervisory authority.
What is the right to object?
We would like to inform you separately that you also have the right to object to the processing of your personal data.
You submit the right to object when you do not want us to process your personal data for a specific purpose (for example for marketing purposes).
You have the right to object also when the processing of your personal data is based on a legitimate interest of the controller or for statistical purposes, and the opposition is justified by the particular situation in which you have found yourself. In this case, we will continue to process your data for other processes (for other purposes), but not for the purpose for which you objected.
You can exercise the right to objection by sending a message to the e-mail address firstname.lastname@example.org or by post to the address Mudita sp. z o.o., Jana Czeczota Street No. 9, 02-607 Warszawa with a note with the note "Personal data".
Is it your obligation to provide your data?
You do not have a legal obligation to provide us with your personal data. Without obtaining them, however, we will not be able to provide our services to you.
Do we transfer your data outside EU?
Yes, Mudita can transfer your data to a third country or to international organizations. Such a possibility occurs primarily in the situation when we use platforms to conduct e-marketing activities located on servers in the United States of America.
If we pass your data to a third country or international organizations, we always make sure that their recipients guarantee a high level of personal data protection. For US entities, these guarantees result from participation in the Privacy Shield, established by Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of protection provided by the EU Privacy Shield. -USA.
What are cookies?
For more general information on cookies you can always explore the Wikipedia article on “HTTP Cookies”.
You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Therefore it is recommended that you do not disable cookies.
The cookies we set
Email newsletters related cookies
Our website offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
Surveys related cookies
Forms related cookies
When you submit data through a form such as those found on contact pages or comment forms, cookies may be set to remember your user details for future correspondence.
Site preferences cookies
In order to provide you with a great experience on our website we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.
Third party cookies
Our website uses Google Analytics, which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit, so we can continue to produce engaging content.
For more information on Google Analytics cookies, see the official Google Analytics page.
From time to time we test new features and make subtle changes to the way that our website is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
As we sell services it's important for us to understand statistics about how many of the visitors to our website actually contact us and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
We also use social media buttons and/or plugins on our website that allow you to connect with your social network in various ways. For these to work the following social media sites including: Facebook, Instagram, Twitter will set cookies through our website which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.
Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our website.
However, if you are still looking for more information, you can contact us by sending a message to the e-mail address email@example.com or by post to the address Mudita sp. z o.o., Jana Czeczota Street No.9, 02-607 Warszawa with a note "Personal data".