PRIVACY POLICY
OF THE WEBSITE
(WWW.REJSYSZCZECIN.PL)
- For the owner of this website, the protection of users’ personal data is of utmost importance. Every effort is made to ensure that users feel safe when entrusting their personal data while using the website.
- A User is an individual, legal entity, or an organizational unit without legal personality, which the law grants legal capacity to, using electronic services available on the website.
- This privacy policy explains the principles and scope of processing the User’s personal data, their rights, as well as the obligations of the data administrator, and also informs about the use of cookies.
- The administrator employs state-of-the-art technical and organizational measures to ensure a high level of protection of processed personal data and to safeguard against unauthorized access.
-
I. PERSONAL DATA ADMINISTRATOR
-
The data administrator is kjt sp. z o.o. with its registered office at/in: Wichrowe Wzgórza 76/4, 72-001 Siadło Dolne, registered in the entrepreneurs’ register kept by the District Court in: Szczecin, Economic Department, under the KRS number: 0000955962, NIP: 8513270890 (hereinafter referred to as the “Owner“).
II. PURPOSE OF PROCESSING PERSONAL DATA
- The Administrator processes the User’s personal data for the purpose of:
- To correctly execute sales agreements for tickets concluded within the online store.
- This means that this data is necessary in particular for:a. concluding a contract;b. settling transactions;c. delivering the goods ordered by the User or providing services;
- The User may also consent to receiving information about news and promotions, which will result in the Administrator also processing personal data for the purpose of sending commercial information to the User, including information about new products or services, promotions, or sales.
- Personal data is also processed to fulfill legal obligations incumbent on the data administrator and to perform tasks in the public interest, including tasks related to security and defense or storing tax documentation.
- Personal data may also be processed for direct marketing purposes of products, securing and pursuing claims or protecting against claims of the User or third parties, as well as marketing services and products of third parties or own marketing, not being direct marketing.
III. TYPE OF DATA
- The Administrator processes the following personal data, the provision of which is necessary for:
a. making purchases through the website:
- first name and last name;
- gender;
- delivery address;
- phone number;
- email address;
b. Optionally provided by the User:
- date of birth;
- PESEL number (in case of requesting an invoice);
- NIP number (in case of requesting an invoice for a business entity).
IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA
- Personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJEU L 119, 4.5.2016, pp. 1–88, hereinafter referred to as “GDPR Regulation.”
- The Administrator processes personal data only after obtaining prior consent from the User at the moment of confirming the transaction made on the website.
- Expressing consent to the processing of personal data is entirely voluntary; however, failure to provide it makes it impossible to make purchases through the website.
V. USER’S RIGHTS
- The User can demand information from the Administrator at any time regarding the scope of processing their personal data.
- The User can request the correction or rectification of their personal data at any time.
- The User can withdraw their consent to the processing of their personal data at any time, without giving any reason. The request for non-processing of data may concern a specific purpose indicated by the User, e.g., withdrawing consent to receive commercial information, or it may concern all data processing purposes. Withdrawing consent for all processing purposes will result in the User’s account being deleted from the website, along with all personal data previously processed by the Administrator. Withdrawing consent will not affect actions already taken.
- The User can request, without giving any reason, that the Administrator delete their data at any time. The data deletion request will not affect actions already taken. Deleting the data means simultaneously deleting the User’s account, along with all personal data stored and processed by the Administrator.
- The User can object to the processing of their personal data at any time, both in terms of all data processed by the Administrator and only to a limited extent, e.g., regarding data processing for a specific purpose. The objection will not affect actions already taken. Raising an objection will result in the deletion of the User’s account, along with all personal data stored and processed by the Administrator.
- The User can request a restriction on the processing of their personal data, either for a specified period or without a time limit but within a specified scope, which the Administrator will be obliged to comply with. This request will not affect actions already taken.
- The User can request that the Administrator transfer their processed personal data to another entity. To do this, the User should write a request to the Administrator, indicating to which entity (name, address) the User’s personal data should be transferred and which specific data the User wishes the Administrator to transfer. After confirming the User’s request, the Administrator will transfer the User’s personal data to the specified entity in electronic form. Confirmation of the User’s request is necessary due to the security of the User’s personal data and to ensure that the request comes from an authorized person.
- The Administrator will inform the User about the actions taken within one month of receiving any of the requests mentioned in the preceding points.
VI. RETENTION PERIOD OF PERSONAL DATA
- Personal data is generally stored only for as long as necessary to fulfill contractual or legal obligations for which it was collected. This data will be deleted immediately when its storage is no longer necessary, for evidentiary purposes under civil law or in connection with a statutory obligation to retain data.
- Information regarding the agreement is kept for evidentiary purposes for a period of three years, starting from the end of the year in which the commercial relationship with the User was terminated. Data deletion will occur after the statutory limitation period for contractual claims has expired.
- Additionally, the Administrator may retain archival information concerning concluded transactions, as their storage is related to the User’s entitlements, e.g., under warranty.
- If no agreement has been concluded between the User and the Owner, the User’s personal data will be stored until the User’s account is deleted from the website. Account deletion can occur due to a request from the User, withdrawal of consent to the processing of personal data, or objection to the processing of such data.
VII. DATA PROCESSING BY OTHER ENTITIES
- The Administrator may entrust the processing of personal data to entities cooperating with the Administrator, to the extent necessary for the execution of transactions, e.g., for preparing the ordered goods and delivering shipments or sending commercial information from the Administrator (the latter applies to Users who have consented to receive commercial information).
- Except for the purposes indicated in this Privacy Policy, Users’ personal data will not be disclosed to third parties or transferred to other entities for the purpose of sending marketing materials from these third parties.
- Users’ personal data on the website is not transferred outside the European Union.
- This Privacy Policy complies with the provisions of Art. 13(1) and (2) of the GDPR Regulation.