Thank you for your interest in our company. This data protection declaration aims to inform users about the nature, scope and purpose of the personal data collected, used and processed by us. In addition, we inform users about their rights. The terms used in this data protection declaration correspond to those of the General Data Protection Regulation (GDPR).
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is a person whose identity can be established directly or indirectly, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific factors determining the physical, physiological, genetic, mental economic, cultural or social identity of that natural person.
1. Data controller
The data controller within the meaning of the GDPR, other data protection laws in force in the Member States of the European Union, and other provisions of a data protection nature is:
GOBLI Mariusz Tomasiak
Represented by the Owner, Mariusz Paweł Tomasiak
24 Koryznowej Street
20-137 Lublin
Poland
Phone no.: 0048 81 460 34 54
E-mail: info@gobli.pl
2. Purposes of data use, legal basis, and our legitimate interests
In principle, it is possible to use this website without providing personal data. If such data is collected, the following applies:
a. Purposes of collecting general data
Through this website, we collect various general data and information each time it is accessed by the user. We save this data in so-called server log files. The following data may be collected:
- types and versions of browsers used by users, along with information about the type and type of user’s display device
- the operating system used
- website from which users reach our website (so-called referrer),
- subpages that are available through the access system on our website,
- the date and time of the user’s visit to our website,
- user internet protocol address (IP address),
- internet service provider and
- other similar data and information used to prevent and defend against attacks on our IT systems.
Based on these data and information, we do not draw any conclusions about the user. We need this information to display our website correctly, to ensure the functionality of our information technology systems and website, and to provide law enforcement authorities with the information needed by them to prosecute in the event of criminal offenses. This is also a legitimate interest pursuant to Art. 6 sec. 1 f) GDPR, which, if necessary, is the legal basis for the processing of personal data in this context.
The anonymous data of the server log files are stored separately from personal data entered by the user.
In addition, it may happen that the content of our website is partially loaded from external servers (e.g., Google fonts, CDN components). In this case, the above-mentioned data is also transferred to them, so that third parties also have access to it. The use of these components increases the security, speed, and user-friendliness of our website. This is a legitimate interest as defined in Art. 6 sec. 1 f) GDPR, which, if necessary, is the legal basis for any processing of personal data in this context.
b. Collection and purpose of personal data
The user can contact us in various ways on our website. For example, the user can contact us via the e-mail address provided by us or use the contact form or the appropriate function for this purpose. When the user contacts us in this way, we process the personal data provided by him. The data collected depends on the type of communication or the completed fields of the form used.
Such data voluntarily provided by the user will be stored by us for the purpose of processing user inquiries and/or contacting the user. We do not transfer personal data to third parties. When contacting us, the data is collected in accordance with Art. 6 sec. 1 b) GDPR. This data is necessary to take pre-contractual measures. In the event of a contract being concluded, the data is also collected in accordance with Art. 6 sec. 1 b) GDPR.
If the processing of personal data is necessary and there is no legal basis for such processing in accordance with the above-mentioned provisions, we will obtain the user’s consent. In such cases, the legal basis for data processing will be Art. 6 sec. 1 a) GDPR.
c. Registration
The user can register on our website by providing his personal data. In this way, the user provides us with the data resulting from the respective input field required for registration. This data is processed only for internal purposes. They are used to offer content or services that can only be offered to registered users (e.g., simplified ordering process). This constitutes a legitimate interest and is therefore processed in accordance with Art. 6 sec. 1 f) GDPR. In addition, they are used to conclude and fulfill contracts, which allows data processing in accordance with Art. 6 sec. 1 b) GDPR. By registering, the user consents to the use of this data. The processing of this data therefore also takes place in accordance with Art. 6 sec. 1 a) GDPR.
During registration, the user’s IP address as well as the date and time of registration are also stored. The processing of this data serves to prevent misuse of our services and enables criminal investigations where necessary. This is a legitimate interest as defined in Art. 6 sec. 1 f) GDPR, which is the legal basis for data processing in this context.
d. Transmission of data to third parties
Personal data will only be provided by us if it is necessary for the performance of contracts concluded with the user. For example, they may be transferred to delivery and/or payment service providers. Furthermore, we do not transfer any data.
The legal basis in such cases is Art. 6 sec. 1 b) GDPR. Accordingly, data processing is permissible for the fulfillment of a contract or pre-contractual measures.
If the user makes a purchase on our website, personal data may be transferred, depending on the Customer's choice, to the following entities in order to process the order:
1. transport company shipping the order: DPD POLSKA SP Z O O ul.Mineralna 15 02-274 Warszawa, RABEN LOGISTICS POLSKA SP Z O O Zbożowa 1 62-023 Robakowo
2. external payment systems: przelewy24.pl, operated by PayPro SA., 15 Kanclerska Street, 60-327 Poznań
3. systems responsible for order processing and sales management: BaseLinker Sp. z o.o.. Plac Solny 15, 50-062 Wrocław,
4. telecommunications services systems: App World sp. z o.o. with headquarters in Ślęza (55-040), at 8 Pszenna Street.
5. automated decision making: Automated decision making or profiling does not take place.
3. Storage period
We only store the user’s personal data for as long as we are obliged to do so on the basis of the relevant statutory provisions (e.g., tax law). After the appropriate retention period has expired, we routinely delete the corresponding data, if it is no longer required for the fulfillment or initiation of a contract. If the purpose of data storage ceases to apply before the expiry of the statutory retention period, the corresponding data will be deleted immediately. If we need to delete user data because the user has exercised his right to intervene, this will also be done immediately.
4. User rights
a. Right of confirmation (Art. 15 GDPR).
The user has the right to request confirmation from us as to whether we process his personal data. Relevant inquiries must be directed to us. If the user submits a relevant request electronically, the information will be provided by us in a commonly used electronic format, unless the user specifies a different form of communication.
b. Right of access (Art. 15 GDPR)
If we process the user’s personal data, he will the right to obtain from us at any time, free of charge, information about his personal data stored by us and a copy of this data. The user can also request information from us on the following topics:
- purposes of data processing;
- categories of personal data processed;
- recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this period;
- the existence of the right to rectify or delete the user’s personal data or to limit their processing by us or the right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- if the personal data has not been obtained from the user, any available information on the origin of the data;
- the existence of automated decision-making, including profiling, in accordance with art. 22 sec. 1 and 4 GDPR and - at least in these cases - relevant information about the logic used and the scope and intended effects of such processing on the user.
The user also has the right to access information on whether we transfer personal data to a third country or an international organization. If we do so, the user has the right to be informed of the appropriate safeguards with regard to data transmission.
The user can contact us at any time in order to exercise the above rights. If the user submits a relevant request electronically, the information will be provided by us in a commonly used electronic format, unless the user specifies a different form of communication.
c. Right to rectification (Art.16 GDPR)
The user has the right to request the immediate rectification of incorrect personal data concerning himself and, taking into account the purposes of the processing, the completion of incomplete personal data - also in the form of a supplementary statement. Relevant inquiries must be sent to us.
d. Right to erasure (“right to be forgotten”) (Art. 17 GDPR).
The user can request us to delete his personal data without delay if one of the following reasons applies:
- personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- the user withdraws the consent on which the data processing was based pursuant to Art. 6 sec. 1 a) GDPR or Art. 9 sec. 2 a) GDPR and there is no other legal basis for data processing;
- the user objects to the processing of data pursuant to Art. 21 sec. 1 GDPR and there are no overriding legitimate grounds for the processing of the data, or the user objects to the processing of data pursuant to Art. 21 sec. 2 GDPR:
- personal data has been unlawfully processed:
- deletion of personal data is necessary to fulfill a legal obligation resulting from Union law or the law of the Member State to which we are subject; or
- the personal data has been collected in relation to information society services offered in accordance with Art. 8 sec. 1 GDPR.
If one of the above reasons applies and the user would like us to delete his personal data, he can contact us at any time.
e. Right to restriction of processing (Article 18 GDPR)
The user has the right to demand that we restrict the processing of his data if one of the following conditions is met:
- the accuracy of the personal data is contested by the user for a period of time that will allow us to verify the accuracy of the personal data;
- the processing is unlawful, the user opposes the deletion of the personal data and requests the restriction of their use instead;
- we no longer need the personal data for the purposes of processing, but they are needed for the assertion, exercise or defense of legal claims; or
- the user has objected to the processing of data in accordance with Art. 21 sec. 1 GDPR and it is not yet clear whether our legitimate reasons outweigh those of the user.
If one of the above-mentioned reasons exists and therefore the user would like to request the restriction of the processing of his data, he can contact us at any time.
If processing has been restricted by us, we may process this personal data - apart from its storage - only with the user’s consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or Member State.
f. Right to data portability (Article 20 GDPR)
The user has the right to receive the personal data relating to himself that he has provided to us in a structured, commonly used and machine-readable format. The user also has the right to transfer this data to third parties without obstruction on our part, provided that the processing is based on consent in accordance with Art. 6 sec. 1 a) GDPR or Art. 9 sec. 2 a) GDPR or on a contract pursuant to Art. 6 sec. 1 b) GDPR, and the processing is carried out using automated procedures. In addition, the user has the right to request that personal data be transferred directly by us to third parties, insofar as it is technically possible and insofar as it does not infringe the rights and freedoms of others.
These rights do not apply if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority delegated to us.
To exercise the right to data portability, the user can contact us at any time.
g. Right to object (Art. 21 GDPR)
The user has the right, at any time, for reasons related to his particular situation, to object to the processing of his personal data, which takes place on the basis of art. 6 sec. 1 e) or f) GDPR.
In the event of an objection, we will no longer process the user’s personal data, unless we are able to demonstrate valid legitimate grounds for processing that override his interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
If personal data is processed for the purpose of direct advertising, the user can object at any time. Then we will no longer process his data for this purpose.
In addition, the user has the right to object, for reasons related to his particular situation, to the processing of his personal data that is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 sec. 1 GDPR, unless such processing is necessary to perform a task carried out in the public interest.
To exercise the user’s right to object, he can contact us at any time. The user may also exercise the right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
h. The right to withdraw consent in accordance with data protection law (Article 7 (1) (1) of the GDPR)
The user has the right to withdraw his consent to the processing of personal data at any time. The user may send us appropriate notifications for this purpose. The revocation does not affect the lawfulness of the data processing carried out until its receipt.
i. Right to lodge a complaint (Art.77 GDPR).
The user has the right to lodge a complaint with a competent supervisory authority at any time. To do so, he must contact him.
5. Further information
Please note that the provision of personal data is sometimes required by law (e.g., tax regulations) and/or may result from contractual obligations (e.g., data of the contractual partner). It is also necessary for the conclusion of the contract.
The user only needs to provide us with personal data when he wants to contact us or enter into a contract with us. If he does not provide us with his data in such cases, we will not be able to contact him or conclude any contract.
6. Cookies
Our site uses cookies. Cookies are text files that are stored on a computer system via an internet browser. Many websites and servers use cookies. The use of cookies on our website opens possibilities for us to make the use of our website more user-friendly. We wouldn’t have those possibilities without cookies.
Many cookies contain a so-called cookie ID. This is a unique cookie identifier that consists of a string. As a result, websites and servers can be assigned to the Internet browser in which the cookie was stored. These associated websites and servers can then recognize and identify a specific web browser thanks to the unique cookie ID and thus distinguish it from other browsers. In such case, the user of the website does not have to re-enter his access data each time the website is called up. This happens automatically via the appropriate website function and the cookie stored in the browser.
The following link provides detailed information on the cookies set by this website and the user can withdraw any consent he have already provided there.
Cookie settings
In addition, the user can prevent the installation of cookies on our website at any time by setting his internet browser accordingly. The user thereby permanently objects to the setting of cookies. The user can delete already set cookies at any time using the appropriate functions of his internet browser or other suitable programs. If the user applies this option, the functionality of our website may be limited.
Data transmitted by cookies, insofar as they are required for the display of our website or for the functions that the user uses, are stored in accordance with Art. 6 sec. 1 f) GDPR, which is the legal basis for data processing in this context. It is in our legitimate interest to store cookies to ensure the error-free and technically optimized provision of our website. In all other cases, the legal basis is Art. 6 sec. 1 a) GDPR (user’s consent).
7. Contact form
If the user uses our contact form to contact us, we will store his data from the form to enable us to process and respond to the user’s inquiry, as well as any questions he may have. By using the contact form, the user consents to this. The user can revoke this consent at any time informally (e.g., via e-mail). Data processing in this context is based on the user’s consent pursuant to Art. 6 sec. 1 a) GDPR. We will not pass this data on to third parties without the user’s consent.
8. Newsletter
We offer a newsletter on our website. If the user wishes to receive it, we require an e-mail address and further information from him so that we can verify that he is the owner of the e-mail address provided. This data must be entered using the appropriate form. If the user does this and subscribes to the newsletter, he consents to the processing of this data. We process this data solely for the purpose of sending the newsletter and do not transfer it to third parties.
When registering for the newsletter, we also save the IP address of the system used by the user at the time of registration, as well as the date and time of registration, which are assigned by the user’s Internet Service Provider (ISP). We need this data in order to be able to investigate any misuse at a later date. This is for our security and lies in our legitimate interest. The data is therefore processed in accordance with Art. 6 (1) f) GDPR.
The legal basis for the processing of the data provided by the user is the consent provided by him when ordering the newsletter in accordance with art. 6 sec. 1 a) GDPR. This consent can be revoked informally at any time, e.g., by using the unsubscribe link in each e-mail with the newsletter. The user can also unsubscribe from the newsletter. Data processed until revocation is considered lawful also after revocation.
We store the data that the user provides when subscribing to the newsletter until he unsubscribes from the newsletter. After unsubscribing from the newsletter, we delete it. Data that has been saved for other purposes remain unaffected.