PRIVACY POLICY
PRIVACY POLICY
I. In accordance with Article 13, paragraphs 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the European Union L of 2016, No. 119, p. 1, as amended), hereinafter referred to as GDPR, we inform you that the administrator of your (users') personal data is the company: BOUNTY FISH SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Rzeszów, at pl. Jana Kilińskiego 2, 35-005, Rzeszów, entered into the register of entrepreneurs kept by the District Court in Rzeszów, XII Commercial Division of the National Court Register under KRS number: 0000983720, possessing NIP (Tax Identification Number): 5170427065, REGON (National Official Register of Economic Units): 522648560.
II. Providing personal data, as well as consent to their processing, are entirely voluntary. All personal data provided to us are processed solely to the extent and for the purpose for which the Client has given consent. If the Client does not provide the data necessary to fulfill an order and does not consent to their processing, it may be impossible to fulfill the order.
III. Personal data provided during registration or order placement are processed: a. for the purpose of providing the service of setting up and maintaining an account in the Online Store – the legal basis for processing is the necessity of processing for the performance of a contract – Article 6(1)(b) of the GDPR, b. for conducting direct marketing activities (including newsletters), which constitutes a legitimate interest of the Administrator (legal basis for data processing Article 6(1)(f) of the GDPR). Direct marketing via correspondence to the provided email address is carried out based on a separate consent for the use of the appropriate communication channel pursuant to the Electronic Communications Law, for the purpose of marketing our own products or services, c. for the purpose of fulfilling a placed order.
IV. The Administrator ensures the security of the provided data and the exercise of Users' rights resulting from the GDPR regulation.
V. The Client has the right to access the content of their personal data and to request their rectification or complete erasure or restriction of the right to process their personal data. a. if the basis for processing was the consent of the person – consent may be withdrawn at any time, b. if the legal basis is the necessity of data processing for the performance of a contract – data deletion may be impossible if processing is required by applicable regulations (e.g., financial and accounting), c. if the legal basis is the legitimate interest of the Administrator, the Client has the right to object to the processing of their data. To fulfill the above requests, you can use the account data update function in the service program or send a request (e.g., to the email address: info@pl.bounty.fish) specifying the request for changes or deletion of data from records. The Client has the right to withdraw given consent at any time.
VI. The Administrator may refuse to delete User data only in cases provided for by applicable law, in particular when further data processing is necessary: 1) to comply with a legal obligation incumbent on the Administrator (e.g., regarding data retention for accounting or tax purposes, in accordance with Article 17(3)(b) of the GDPR). 2) for the establishment, exercise, or defense of legal claims (e.g., in case of User's arrears towards the Administrator, in accordance with Article 17(3)(e) of the GDPR).
VII. Users' personal data are processed for the purpose of establishing, shaping, concluding, amending, or terminating the Agreement between the Service Provider and the Client and for fulfilling the Sales Agreement or the Electronic Service Agreement described in the Regulations.
VIII. The Seller may provide the entity responsible for IT services in the scope of issuing, maintaining, and ensuring access to e-receipts/invoices, the Client's phone number or email address, which may be processed for the purposes of: a. verifying whether a given phone number or email address has been registered in the servicing entity's own products, and in case of positive verification, providing the Client with a view of e-receipts/invoices and additional information derived from their issuance process within these products, b. sending SMS messages and other notifications to Clients confirming the issuance of an e-receipt/invoice to the IT system of the entity providing IT services for e-receipts.
IX. The User may receive marketing and commercial information (in the form of a "newsletter") if they express consent. The User may unsubscribe from receiving commercial information at any time.
X. Users' personal data may be transferred to third parties only to the extent necessary to fulfill the contract on the terms described in the Regulations. In particular, for the purpose of fulfilling the contract and delivering ordered products and sending correspondence to the client, data may be transferred to: Polish Post or a selected courier company, as well as to providers of: payment/banking services, marketing services, IT services.
XI. Personal data may be transferred to other entities if this results from other provisions or legal obligations of the Administrator.
XII. To fulfill the contract and deliver products, it is necessary to provide the following personal data of the Client: a. surname and first name; b. shipping address for goods; c. email address; d. contact phone number; e. in the case of a company, additionally the NIP (Tax Identification Number).
XIII. Personal data are processed only for the period necessary to fulfill the contract or to achieve the purpose for which consent was given.
a. for maintaining an account in the website database – the basis for processing this data is the agreement (Regulations) accepted by the User. We will process this data as long as the User does not terminate the concluded agreement or until the statute of limitations for any claims expires;
b. data in sales documents – for the period required by accounting regulations;
c. email address used for sending the newsletter – for the period of validity of the user's consent. Consent can be withdrawn at any time;
d. address data used for sending marketing information regarding the Administrator's own services – (the basis for processing is the Administrator's legitimate legal interest – Article 6(1)(f) of the GDPR). We will process this data as long as the User does not object to the processing of data for this purpose
XIV. The Client has the right to lodge a complaint with the supervisory authority – the Office for Personal Data Protection (UODO) if they have objections to the processing of their personal data by the Administrator.