The Controller of the Personal Data of the Online Shop available at: masurialiving.com, hereinafter referred to as the Online Shop, is Sebastian Pawłowski operating under the business name “Firma Produkcyjna Handlowa “Blender” Sebastian Pawłowski” with a permanent place of business at the following address: ul. Mieczysława Orłowicza nr 23, lok. 37, Olsztyn 10-684, entered into the Central Electronic Register and Information on Economic Activity from 24.12.2001, Taxpayer Identification Number (NIP): 7411545851, National Business Registry Number (REGON): 511432132, hereinafter referred to as the Personal Data Controller. Contact: firstname.lastname@example.org.
All enquiries, requests, complaints regarding the processing of personal data by the Personal Data Controller, hereinafter referred to as Submissions, should be addressed to the following e-mail address: email@example.com or in writing to the following address ul. Olsztyńska 5F, 14-100 Ostróda, Poland. The content of a Submission should clearly indicate:
the data of the person or persons concerned by the Submission,
the event that gives rise to the Submission,
your request and the legal basis for these requests
the way in which the case is expected to be handled.
Our Online Shop collects the following personal data:
full name – it may be processed when, as a user of our Online Shop (including counterparties or potential counterparties), you provide us with such data by e-mail, contact form, registration form or order form accessible in our Online Shop, as well as when you provide us with such data by post or telephone contact, in order to utilise the range of products offered by our Online Shop,
telephone number – it may be processed when you contact us by telephone and also when you submit it to us via e-mail, the contact form, the registration form or the order form accessible in our Online Shop. The telephone number is processed to enable us to contact you concerning the processing of a particular order or to answer any other question you may have,
residence/correspondence address – this data is processed for the purpose of correct dispatch of the ordered Products, its indication is necessary in case of making purchases in our Shop,
e-mail address – it may be processed when you, as a user of our Online Shop (including customers or potential customers), provide it to us when you contact us via e-mail, contact form, registration form or order form available in our Online Shop, as well as via postal mail or when contacting us by telephone. We answer enquiries relating to our range of products and provide information relating to the performance of the concluded agreement via e-mail.
device IP address – information derived from general Internet connection principles, such as IP address (and other information contained in system logs), is used for technical and statistical purposes, including in particular the collection of general demographic information (e.g. region from which the connection is made)
TIN and company name – the data necessary for issuing any invoices and other documents relating to the use of our Online Shop,
possibly other data may be collected in the framework of the handling of specific cases or may be provided by you as a user of our Online Shop via e-mail, the contact form available in the Online Shop, postal mail or telephone contact.
We process your personal data for the following purposes:
to make purchases from our Online Shop by means of the order form accessible on the website of the Online Shop (Article 6(1)(b) of the GDPR) – in this respect, the personal data provided will cease to be processed when the specific transaction is finalised,
to conclude and perform agreements in connection with the services we offer (Article 6(1)(b) of the GDPR) – in this respect, personal data will cease to be processed once the respective agreement has been fulfilled,
to maintain an individual user account (Article 6(1)(b) of the GDPR) – in this respect, personal data will cease to be processed when the user deletes the account,
to fulfil legal obligations incumbent on the Personal Data Controller, in particular record-keeping, issuing invoices, etc. (Article 6(1)(c) of the GDPR) – in this respect, the personal data will be deleted once certain legal obligations have been fulfilled,
ongoing communication related to the operation of the Online Shop (Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Personal Data Controller) – in this regard, your personal data will cease to be processed when a given question or questions are answered,
to establish, assert or defend against claims (Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Personal Data Controller) – in this respect, personal data will be deleted when the claims concerned expire, however, as a general rule after the expiry of the 3-year limitation period for claims.
The source of the Personal Data processed by the Controller is you, i.e. the data subjects.
In case there is the “Like!” button or other social media links to the Controller's social media accounts, there is a joint controllership relationship between the Controller of this Online Shop and the controller of the external website. Joint administration is limited to data only to the extent necessary for operations relating to the functioning of a given button. The Controller is not responsible for the policy on further processing of personal data of other entities and organisations or social network providers. Our Joint Controllers within this Online Shop are:
Meta Platforms Ireland Ltd. (Facebook, Instagram) with its registered office at: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Pinterest Europe Limited (Pinterest) with its registered office at: 2nd Floor Palmerston House, Fenian Street, Dublin 2, Dublin, D02WD37, IRELAND, D02WD37,
Pinterest Europe Limited (Pinterest) with its registered office at: 2nd floor palmerston house, Fenian Street, Dublin 2, D02WD37, D02WD37, Ireland
The Controller utilises such tools as Google Ireland Ltd. (Google Analytics), Meta Platforms Ireland Ltd. (Facebook, Instagram), Pinterest Europe Ltd. (Pinterest) and Linkedin Ireland Unlimited Company (LinkedIn). As a general rule, data processed through the use of these tools is processed on Irish servers. At the same time, the providers of these tools may be obliged to transfer data to third countries if such an obligation is imposed on them by law. Should you have any questions regarding the transfer of personal data outside the European Economic Area, please contact the Personal Data Controller.
We do not share any personal data with third parties without the express consent of the data subject. Data may be disclosed without the consent of the data subject only to entities authorised to process personal data under applicable law (e.g. law enforcement agencies, the Social Insurance Company or the Tax Office). The Controller shares the personal data of its customers in particular with: payment service providers, postal and courier companies and tax authorities.
Personal data may be outsourced for processing to entities that process such data on our behalf as the Personal Data Controller. In such a situation, as the Personal Data Controller, we enter into an outsourcing agreement with the processor for the processing of personal data. The processor processes the outsourced personal data only for the needs, to the extent and for the purposes indicated in the outsourcing agreement referred to in the preceding sentence. Without outsourcing your personal data to us for processing, we would not be able to carry out our activities within the Online Shop or deliver shipments of ordered Products to you. As the Personal Data Controller, we outsource the processing of personal data in particular to the following entities:
providing hosting services for the website on which our Online Shop operates,
supporting CRM and cloud databases
providing accounting services,
providing other services to us which are necessary for the day-to-day operation of the Online Shop.
Personal data is not subject to profiling by us as the Personal Data Controller within the meaning of the GDPR.
In accordance with the provisions of the GDPR, every person whose personal data we process as the Personal Data Controller has the right to:
access personal data, as referred to in Article 15 of the GDPR,
be informed about the processing of personal data, as referred to in Article 12 of the GDPR,
correct, supplement, update, rectify personal data, as referred to in Article 16 of the GDPR,
withdraw consent at any time, as referred to in Article 7(3) of the GDPR,
erasure (be forgotten), as referred to in Article 17 of the GDPR,
restrict processing, as referred to in Article 18 of the GDPR,
data portability, as referred to in Article 20 of the GDPR,
object to processing of personal data, as referred to in Article 21 of the GDPR,
in the case of a legal basis, in the form of consent, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal,
not to be subject to proﬁling, as referred to in Article 22 in conjunction with Article 4(4) of the GDPR,
complain to the supervisory authority (i.e. the President of the Office for the Protection of Personal Data), as referred to in Article 77 of the GDPR.
If you wish to exercise your rights referred to in the preceding section, please send a message by e-mail to the e-mail address or in writing to the postal address referred to in section 2 above.
Each identified incident of security breach will be documented and, in the event of one of the situations set out in the provisions of the GDPR or the Act, the data subjects and, if applicable, the President of the Personal Data Protection Office will be informed of such breach of data protection legislation.