I. General information

This document is the "Privacy Policy" adopted by FHUP PEGAZ Halina Niewadzi and concerns the principles of processing personal data collected from users of the website https://ravon-manufactura.com (hereinafter referred to as the Website).

The Privacy Policy is the implementation of the information obligation resulting from art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR) (OJ EU L 119 of 4.05.2016, p. 1). It is also an expression of concern for the rights of persons visiting the Website and using the services offered through it.

The administrator of personal data collected from users of the Service is: FHUP PEGAZ Halina Niewadzi with its registered office in Kraszków 100, 26-300 Opoczno (hereinafter: Administrator). E-mail contact with the Administrator is possible via the e-mail address: sklep@ravonmanufactura.com.

II. The basis, purpose and scope of processing, i.e. what data we collect, why and how we process it

The Administrator declares that it processes the personal data of the Website users for the following purposes:

a) Setting up and maintaining an account on the Website - processing is necessary for the performance of an account management agreement to which the data subject is a party, or to take action at the request of the data subject before concluding an agreement - the legal basis is Article 6 paragraph 1 letter b) of the GDPR - conclusion and performance of an account management agreement.

b) Fulfillment of orders placed in the online store in order to perform the sales contract – processing is necessary for the proper performance of the sales contract for products offered via the Website, to which the data subject is a party – the legal basis is Art. 6 sec. 1 letter b) of the GDPR – conclusion and performance of the contract.

c) Chat bot support - data processing is necessary to answer the question asked by the user - the legal basis is Article 6 paragraph 1 letter f) of the GDPR - the legitimate interest of the administrator.

d) Contact form support - data processing is necessary to answer the question asked by the user - the legal basis is Article 6 paragraph 1 letter f) of the GDPR - the legitimate interest of the administrator.

e) Handling of the returns form - data processing is necessary to handle returns - the legal basis is Article 6 paragraph 1 letter b) of the GDPR - conclusion and performance of the contract.

f) Handling of the complaint form - data processing is necessary for the purpose of handling complaints - the legal basis is Article 6 paragraph 1 letter b) of the GDPR - conclusion and performance of the contract.

g) Sending the newsletter - data processing is necessary for the purpose of sending marketing information via the communication channel indicated by the user - the legal basis is art. 6 sec. 1 letter a) of the GDPR - consent by the owner of personal data and art. 10 sec. 2 of the Act of 18 July 2002 on the provision of services by electronic means - consent to sending the ordered commercial information to the indicated e-mail address.

h) Social media support - data processing is necessary to promote the Administrator's goods and respond to questions asked - the legal basis is Art. 6 sec. 1 letter f) GDPR - legitimate interest of the administrator.

i) Establishing or defending against claims – data processing is necessary to enable the Administrator to establish the scope of possible claims or defend against claims filed by customers of the Service – the legal basis is Article 6 paragraph 1 letter f) of the GDPR – the legitimate interest of the Administrator.

The Administrator's Website collects the following personal data of Website users on a voluntary basis:

a) in order to set up and maintain an account on the Website, we process the following personal data: e-mail address;

b) in order to execute the sales contract concluded via the Website, we process the following personal data: name, surname, delivery address, company name (if applicable), telephone number, e-mail address, Tax Identification Number (if applicable), invoice data (if different from delivery data);

c) in order to enable the use of the Chat bot, we process the following personal data: name, surname, e-mail address, other data indicated in the content of the correspondence;

d) in order to enable the use of the contact form provided on the Website, we process the following personal data: name, e-mail address;

e) in order to process the returns form provided on the Website, we process the following personal data: order number, e-mail address, telephone number;

f) in order to process the complaint form provided on the Website, we process the following personal data: order number, e-mail address, telephone number;

g) in order to send the ordered commercial information (Newsletter), we process the following personal data: name (optional), e-mail address;

h) in order to establish or defend against claims, we will process personal data provided by the Service User as part of using the Service's functionality, such as: first name, last name, data regarding the services used by the User if the claims result from the manner of using these services, and other data necessary to prove the existence of the claim, including the extent of the damage suffered.

When using the Service, additional non-personal data may also be processed, such as: the IP number of the Client's computer or the external IP address of the Internet provider, domain name, type of Internet browser, access time, type of operating system. Providing the personal data indicated above is completely voluntary, with the reservation that in the event of failure to provide them or providing false data, the Administrator will not be able to fulfill the concluded agreement on registration of an account in the Service or sale of products offered via the Service.

III. Who has access to data collected via the Service

The recipients of personal data collected via the Website will be: IT service providers acting as processors, companies providing credit services (if necessary), courier companies delivering goods purchased in the store, entities providing advisory services, entities providing services for sending ordered commercial information, entities handling payments for goods purchased via the Website, and in the event of a complaint, the manufacturer of the goods. The data is transferred on the basis of a personal data processing agreement concluded in accordance with Art. 28 of the GDPR.

Personal data collected via the Website are not made available to third parties, except for the situations described above, or when such disclosure results from applicable legal provisions obliging the Administrator to transfer them to authorized entities.

The Administrator collects the service logs, but does not associate them in any way with personal data. Based on the log files, statistics can be generated to help administer the service. Collective summaries in the form of such statistics do not contain any features that identify persons visiting the Service.

In performing our services, we use technical solutions offered by entities that may process personal data outside the European Economic Area (EEA), such as Google, Facebook, YouTube, Instagram and Pinterest.

Personal data collected via the Website are stored for the following period:

a) in the case of personal data whose legal basis for processing is the consent of the data subject - such data will be stored until the consent is withdrawn, and in the event of its withdrawal, the data will be stored for a period of time corresponding to the limitation period for any claims that may be raised by the Administrator or that may be raised against him. If the limitation period results from the general provisions of civil law, it is 6 years, and in the case of claims for periodic benefits or claims related to the conducted business activity, it is 3 years.

b) in the case of personal data whose legal basis for processing is the performance of a contract concluded by the Client, personal data will be stored for the period necessary for the proper performance of the contract, and after its execution for a period corresponding to the limitation period for all claims. If the limitation period results from the general provisions of civil law, it is 6 years, and in the case of claims for periodic benefits or claims related to the conducted business activity, it is 3 years.

c) in the case of personal data for which the legal basis for processing is the legitimate interest of the Administrator, personal data will be stored for the duration of the legitimate interest of the Administrator.

IV. Rights of Service Users

In accordance with Articles 15 – 22 of the GDPR, every user has the following rights:

The right of access to data (Article 15 of the GDPR). The data subject is entitled to obtain from the controller confirmation as to whether personal data concerning him/her are being processed and, if so, is entitled to access to them.

The right to rectification (Article 16 of the GDPR). The data subject has the right to demand that the controller immediately rectify any personal data concerning him or her that is incorrect.

Right to erasure (“right to be forgotten”) (Article 17 GDPR). The data subject has the right to demand that the controller deletes his or her personal data without undue delay.

The right to restrict the processing of personal data (Article 18 of the GDPR). The data subject has the right to demand that the controller restrict the processing in the following cases:

a) When the data is incorrect – for the period until it is rectified;

b) the data subject has objected to the processing pursuant to Article 21(1) of the GDPR – pending the determination of whether the legitimate grounds on the part of the controller override the grounds for objection of the data subject;

c) the processing is unlawful and the data subject opposes the deletion of the personal data, requesting instead the restriction of their use;

The right to data portability (Article 20 of the GDPR). The data subject has the right to request that their personal data be sent directly to the designated controller, provided that this is technically possible. In the event that the Controller is unable to send the data directly to the designated controller, the personal data will be made available directly to the data subject in a machine-readable format (csv file), which can be sent to the selected controller.

Right to object (Article 21 of the GDPR). If personal data are processed for the purposes of direct marketing (sending ordered commercial information - Newsletter), the data subject has the right to object at any time to the processing of their personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing. The data subject also has the right to object to the processing based on the legitimate interest of the controller.

The user may exercise his/her rights by sending an appropriate request to rodo@ravonmanufactura.com

a) For correct identification purposes, the request should be sent from the e-mail address from which the request was made via the contact form.

b) The request may also be submitted by post – by sending a registered letter containing such a request to the correspondence address of the Administrator.

In accordance with Article 12, paragraph 3 of the GDPR, the Administrator shall provide the person who submitted the request with a response on the actions taken within one month. However, in the case of a complex request, the Administrator may extend the response time by another two months. If the deadline is extended, the Administrator shall inform the person submitting the request of the reasons for extending the deadline. If the Administrator does not take the actions indicated in the request, it shall inform the person submitting the request of this fact.

You have the right to lodge a complaint with the Supervisory Authority regarding the Administrator's actions.

The User also has the right to withdraw the consent granted to the processing of his/her personal data at any time in order to receive the ordered commercial information (Newsletter) to the specified e-mail address. The withdrawal of consent has a legal effect from the moment of receiving the declaration of its withdrawal and does not affect the lawfulness of the processing of personal data carried out by the Administrator in the period preceding the withdrawal of consent.

V. Cookies

The Service also uses cookies to collect data. These are small text files stored on the user's end device, the purpose of which is to facilitate the use of the Service by users. Detailed information on what cookies are used within the Service and what data is collected in this way is available at: information about cookies.

VI. Protection of the privacy of minors

Only adult natural persons may be customers of the Service, however the Service does not collect or verify information on the age of customers.

The Service Administrator is not responsible for any registration of minors on the Service, nor for any actions taken by them. Legal responsibility for such actions rests solely with their legal guardians.

VII. Security

The Service is equipped with security measures to protect personal data under the Administrator's control against loss, misuse and modification. The Administrator also has appropriate documentation and has implemented appropriate procedures related to the protection of personal data.

The Administrator ensures that all disclosed information is protected in accordance with applicable regulations and security standards, in particular:

a) Only authorized employees or associates of the Administrator and authorized persons involved in the operation of the Website who have been granted appropriate authorizations have direct access to personal data collected by the Administrator in accordance with Article 29 of the GDPR.

b) The Administrator declares that by commissioning other entities to provide services, it requires its partners, in accordance with the provisions of Article 28 of the GDPR, to ensure appropriately high standards of protection of the entrusted personal data, to sign appropriate entrustment agreements in which the partners confirm the application of standards and the right to control the compliance of these entities with these standards.

c) In order to ensure proper protection of the services provided electronically, the Website Administrator applies a high level of security, including cryptographic protection of personal data transmission (SSL protocol).

d) Due to the public nature of the Internet, the use of services provided electronically may involve risks, regardless of the Administrator's due diligence.

VIII. Changes to the Privacy Policy

The Website Administrator reserves the right to change the above privacy policy at any time and place, and undertakes to immediately publish the new privacy policy on the Website and inform all registered Users of this fact.

The Data Administrator reserves the right to introduce changes, withdraw or modify the functions or properties of the Website pages, as well as to discontinue operations, transfer rights to the Website and perform any legal actions permitted by applicable law.

This Privacy Policy is effective from 20/05/2024.