privacy policy
Providing personal data and consent to their processing are completely voluntary. Any personal data provided to us is processed only to the extent and for the purpose to which you have consented.
However, if you decide not to provide us with your data and do not consent to their processing, unfortunately we will not be able to guarantee you access and purchase of products.
Please remember that you have the right to update or completely delete your personal data at any time. You can do it yourself or with our help, which we will be happy to provide.
We assure you that our company follows a strict personal data security policy. Your personal data is safe with us and we make every effort to ensure that this level is higher and higher every year. We believe that reading our privacy policy will make you feel safe and enjoy using the Raskal's Store
General provisions
This document constitutes the Privacy Policy, which specifies the principles of operation of the Online Store and the principles regarding the processing of personal data.
In order to ensure data integrity and confidentiality, the Administrator has implemented procedures enabling access to data only to authorized persons and only to the extent
to the extent necessary for the tasks they perform. The Administrator uses organizational and technical solutions to ensure that all operations on personal data are recorded and performed only by authorized persons.
Personal data collected via this website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.
The administrator of personal data is Raskal's Store.
The administrator of personal data at Raskal's Store (hereinafter referred to as the "Administrator"), i.e. responsible for ensuring the security of your personal data, is Monika Grzesiak, running a business under the name Monika Grzesiak, entered into the Central Register and Information.
on Business Activity conducted by the Minister responsible for economy, address of the place of business (address for delivery): ul. Nad Kiczej 26, 89-500 Tuchola, NIP: 6661872817, REGON: 341281029
You can contact the data administrator at the following e-mail address:grzesiakomonika@gmail.com or in writing to the following address: Monika Grzesiak ul. Nad Kicza 26, 89-500 Tuchola.
3 Purposes and legal basis for the processing of personal data
Registration of an account in the online store
Due to the registration of the Account in the Online Store, the Customer provides personal data enabling the registration of the Account, in particular the name, surname, e-mail address, and in the case of Customers who are not consumers, the name of the Entrepreneur (company name), and the tax identification number NIP. This data may be processed
for the following purposes:
maintaining an Account in the Online Store, which allows you to place orders without having to fill out the order form available each time when placing orders, viewing your purchase history, and using other functionalities available
in online shop. The legal basis for the processing of personal data in this case is Art. 6 section 1 letter b GDPR, i.e. the necessity to perform the contract in connection with the registration of the Account
in online shop,
pursuing claims or defending against claims, which constitutes the legitimate interest of the Administrator, the legal basis is Art. 6 section 1 letter f GDPR.
Providing personal data is voluntary, but necessary to register an Account
in online shop.
Conclusion and execution of a sales contract
During the ordering process, the Customer provides personal data enabling the conclusion of the contract
and execution of the sales contract, in particular the name, surname, e-mail address, correspondence address, telephone number, bank account number and, in the case of Customers who are not consumers, the name of the Entrepreneur (company name) and the Tax Identification Number (NIP). This data may be processed for the following purposes:
performance of the concluded sales contract. The legal basis for the processing of personal data in this case is Art. 6 section 1 letter b GDPR, i.e. necessity to perform the sales contract,
issuing and storing invoices and accounting documents. The legal basis is art. 6 section 1 letter c GDPR, i.e. the necessity to fulfill the legal obligation imposed on the Data Administrator,
pursuing claims or defending against claims, which constitutes the legitimate interest of the Administrator, the legal basis is
art. 6 section 1 letter f GDPR.
Providing personal data is voluntary, but necessary to place an order in the Online Store.
Using the online store website
and ensuring its proper operation
The data administrator ensures the proper operation of the Online Store. The legal basis for the processing of personal data is:
art. 6 section 1 letter f GDPR, i.e. the legitimate interest pursued by the Data Administrator consisting in running and maintaining the Online Store website. Providing data when using the Online Store website is voluntary, however, if the Customer does not provide the data, it will be impossible to use the services available on the Store's website.
Personal data storage period
Personal data is stored for the time necessary to achieve the purpose for which it was collected, in particular:
personal data processed due to the need to perform the contract or take action upon request - for the period of negotiations preceding the conclusion of the contract or provision of the service in relation to the data provided in the request for quotation or for the period of contract implementation, as well as for the period of limitation of claims in accordance with
with legal provisions,
personal data processed on the basis of the legitimate interest of the Administrator - until an effective objection is lodged pursuant to Art. 21 GDPR,
personal data processed in connection with the performance of the Administrator's legal obligations - for the period required by law, including tax and accounting law,
personal data processed in connection with the determination, investigation or defense against claims - until the limitation period expires.
Data recipients
The Administrator does not share Customers' personal data with other entities, except for:
companies carrying out shipments on behalf of the Administrator,
banks if it is necessary to conduct settlements,
entities handling electronic or payment card payments,
authorized state authorities, in particular the Police, the Prosecutor's Office, the President of the Office for Personal Data Protection, the President of the Office of Competition Protection
and Consumers.
In addition, Customers' personal data may be disclosed to entities processing on behalf of and on behalf of the Administrator, on the basis of a concluded agreement entrusting the processing of personal data, in order to provide services to the Administrator specified in the agreement, such as IT services and hosting services.
Rights of data subjects
Every data subject has the right:
access - which means that she has the right to obtain from the Administrator confirmation whether her personal data is being processed (Article 15 of the GDPR),
to receive a copy of the data - obtain a copy of the data subject to processing (Article 15(3) of the GDPR),
to rectify - request the rectification of incorrect personal data concerning him or her or the completion of incomplete data (Article 16 of the GDPR),
to delete data - request the deletion of personal data if the administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR),
to limit processing - request to limit the processing of personal data (Article 18 of the GDPR), when:
the data subject disputes the accuracy of the personal data - for a period enabling the controller to check the accuracy of the data,
the processing is unlawful and the data subject objects to their deletion and requests restriction of their use,
the controller no longer needs this data, but it is needed by the data subject to establish, pursue or defend claims,
the data subject has objected to the processing - until it is determined whether the legitimate grounds of the controller override the grounds for the data subject's objection.
to transfer data - to receive personal data concerning him or her in a structured, commonly used, machine-readable format, which he or she has provided to the controller, and to request that these data be sent to another controller if the data is processed on the basis of the data subject's consent or a contract with him or her contained and if the data are processed in an automated manner. In such a case, the Administrator will send the Customer's personal data
in the form of a file in the csv format, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data administrator (Article 20 of the GDPR),
to raise an objection - to object to the processing of her personal data for the legitimate purposes of the administrator,
for reasons related to her particular situation, including profiling (Article 21 of the GDPR),
to withdraw consent at any time and without giving a reason
if the person concerned has consented to the processing of personal data. Withdrawal of consent will not affect compliance
with the right to processing based on consent expressed before its withdrawal.
In order to exercise the above-mentioned rights, the data subject should contact the Administrator