Privacy policy

GENERAL

  1. This privacy policy of the Online Store is informative, which means that it is not a source of obligations for customers of the Online Store. The privacy policy contains primarily rules for the processing of personal data by the Administrator in the Online Store, including the basics, purposes and scope of processing personal data and the rights of data subjects.
  2. The administrator of personal data collected via the Online Store is GALAXY Systemy Informatyczne Sp. z o. o. with registered office in Zielona Góra, ul. Fabryczna 13/1 (65-410), entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Zielona Góra, 8th Commercial Division of the National Court Register under number 0000493610, NIP 929-185-78-84, e-mail address galaxy @ galaxy .com.pl contact phone number: 068 45 48 900 – hereinafter referred to as the “Administrator” and being at the same time a Service Provider of the Online Store and the Seller.
  3. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection) – hereinafter referred to as “GDPR” or “GDPR Regulation”.
  4. Using the Online Store, including making purchases is voluntary. Similarly, the provision of personal data by the User using the Online Store is voluntary, subject to two exceptions: (1) entering into agreements with the Administrator – failing in cases and in the scope indicated on the Online Store website and in the Online Store Regulations and this privacy policy personal data necessary to conclude and execute the Sales Agreement with the Administrator results in the inability to conclude this contract. Providing personal data is in this case a contractual requirement and if the data subject wants to conclude a given agreement with the Administrator, he is obliged to provide the required data. Each time, the scope of data required to conclude the contract is indicated previously on the Online Store website and in the Online Store Regulations; (2) statutory duties of the Administrator – providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing on the Administrator the obligation to process personal data (eg data processing for the purpose of keeping tax or accounting books) and failure to provide them will prevent the Administrator from performing these duties.
  5. The Administrator takes special care to protect the interests of persons whose personal data they process concerns, and in particular is responsible and ensures that the data collected by him is: (1) processed in accordance with the law; (2) collected for marked – privacy policy, legitimate purposes and not subject to further processing incompatible with these purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) kept in a form that permits the identification of persons whom they concern, no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
  6. Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different probabilities and seriousness of risk, the Administrator implements appropriate technical and organizational measures for processing in accordance with this Regulation and to be able to prove it. These measures shall be reviewed and updated where necessary. The administrator uses technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.

GROUNDS FOR DATA PROCESSING

  1. The Administrator is authorized to process personal data in cases where – and to the extent to which – at least one of the following conditions is met: (1) the data subject has consented to the processing of his personal data in one or more specific purposes ; (2) processing is necessary for the performance of a contract to which the data subject is party or take action at the request of the data subject prior to the conclusion of the contract; (3) processing is necessary to fulfill the legal obligation of the Administrator; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Administrator or by a third party, except when the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, prevail over those interests , in particular when the data subject is a child.
  2. The processing of personal data by the Administrator requires each time at least one of the grounds indicated in point. 8 privacy policy. The specific grounds for processing the personal data of Service Users and Clients of the Online Store by the Administrator are indicated in the next section of the privacy policy – in relation to the given purpose of personal data processing by the Administrator.

PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE

  1. Each time, the purpose, basis, period and scope and the recipient of personal data processed by the Administrator results from actions taken by a given Customer or Client in the Online Store. For example, if the Customer decides to submit a request for an offer in the Online Shop, the Administrator will process his data in order to send an offer. The provided data may also be processed by the Administrator on the basis of the justified purpose of the data administrator (for example, securing documentation for the purpose of defending against possible claims or for the purpose of pursuing claims).
  2. The Administrator may process personal data in the Online Store for the following purposes, on the following grounds, in periods and in the following areas:
    Implementation of the Sales Agreement and taking action at the request of the data subject, before concluding the above-mentioned contract.
    Maximum range: name and surname; company name, tax identification number, country, street, city, zip code, telephone number, e-mail address.

DATA RECEIVERS IN THE ONLINE STORE

  1. For the proper functioning of the Online Store, including for the implementation of Sales Agreements, it is possible or necessary for the Administrator to use the services of external entities (such as, for example, an entity handling payments, courier services). The administrator uses only the services of such processors who provide sufficient guarantees to implement the appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects and in this respect associate him / her with relevant agreements / agreements.
  2. The transfer of data by the Administrator is not in each case and not to all indicated in the privacy policy of recipients or categories of recipients – the administrator provides data only when it is necessary for the purpose of processing personal data and only to the extent necessary to achieve it.
  3. The personal data of Customers and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
    1. entities handling electronic payments or by a payment card – in the case of a Customer who uses the Online Store with the electronic payment method or payment card. The Administrator provides the Customer’s personal data collected to a selected entity servicing the above payments in the Online Store on behalf of the Administrator to the extent necessary to handle payments made by the Customer,
    2. distributors of specific products / business partners of the Administrator, in order to directly deliver products directly to the Customer,
    3. other subcontractors of the Administrator, providing services in the field of software delivery, software or hardware servicing services used by the Administrator, as well as the supplier of goods with the help of which we use,
    4. auditors and statutory auditors, legal advisors, legal services, tax advisers
    5. law enforcement bodies, regulatory authorities and other public administration bodies (in the latter two cases, we provide data only if and only to the extent that it is really necessary and required by mandatory provisions of law and in a manner consistent with these provisions).

THE RIGHT OF A PERSON WHO THE DATA CONCERNS

  1. Right of access, rectification, restriction, deletion or transfer – the data subject has the right to request the Administrator to access his personal data, rectify them, delete (“the right to be forgotten”) or limit the processing and has the right to object to processing and has the right to transfer your data. Detailed conditions for the exercise of the abovementioned rights are indicated in art. 15-21 of the GDPR Regulation.
  2. The right to withdraw consent at any time – the person whose data is processed by the Administrator based on the expressed consent (pursuant to Article 6 paragraph 1 letter a) or art. 9 par. 2 lit. a) Regulation of the GDPR), has the right to withdraw consent at any time without affecting the legality of the processing, which was made on the basis of consent before its withdrawal.
  3. The right to lodge a complaint to the supervisory body – a person whose data is processed by the Administrator, has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the Regulation of the GDPR and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Office for Personal Data Protection.
  4. The right to object. Individuals have the right to object to the processing of their personal data at any time, due to their special situation, unless processing is required by law. A physical person may object to the processing of their personal data when:
    1. the processing of personal data takes place on the basis of a legitimate interest or for statistical purposes, and the opposition is justified by the specific situation in which it was found,
    2. personal data are processed for direct marketing purposes, including profiling for this purpose. The right of objection can be used from May 25, 2018.
  5. In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending a relevant message in writing or by e-mail to the Administrator’s address indicated at the beginning of the privacy policy or using the contact form available on the Online Store website.
  6. In the event you have any questions, concerns or concerns regarding the content of this Privacy Policy or the way in which we process your personal data, as well as complaints regarding these matters (though we hope there will be no need to file such complaints), please send an email along with detailed information on the complaint to the following address: galaxy@galaxy.com.pl. Any complaints received will be processed and we will respond to them.