Privacy Policy
- This Privacy Policy sets out the rules for the processing of personal data obtained via the website loftdirect.net , hereinafter referred to as the ” Website “).
- The owner of the website and the Data Administrator is LOFT DIRECT LIMITED COMPANY, hereinafter referred to as the Administrator .
- Personal data collected by the Administrator via the Website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR .
- The Administrator takes special care to respect the privacy of Customers visiting the Website.
- 1 Type of data processed, purposes and legal basis
- The Administrator collects information regarding natural persons performing legal transactions not directly related to their activities, natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organizational units that are not legal persons, to which the Act grants legal capacity, conducting business activities on their own behalf. business or professional activity, hereinafter collectively referred to as Customers.
- Customers’ personal data are collected in the event of:
using the contact form service on the Website in order to perform a contract provided electronically. Legal basis : necessity to perform the contract for the provision of contact form services (Article 6(1)(b) of the GDPR)
- If you use the contact form service, the Customer provides the following data:
– e-mail adress
– name
– Phone number
- When using the Website, additional information may be downloaded, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
- Navigational data may also be collected from Customers, including information about links and references they decide to click or other activities undertaken on the Website. Legal basis – legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
- The transfer of personal data to the Administrator is voluntary.
- 2 Who is the data shared or entrusted with and how long is it stored?
- The Customer’s personal data is transferred to service providers used by the Administrator to run the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are either subject to the Administrator’s instructions regarding the purposes and methods of processing this data (processors) or independently determine the purposes and methods of their processing (controllers).
1.1. Processors . The Administrator uses suppliers who process personal data only at the Administrator’s request . These include, among others: suppliers providing hosting services, accounting services, providing marketing systems, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns
1.2. Administrators . The Administrator uses suppliers who do not act solely on instructions and who determine the purposes and methods of using Customers’ personal data themselves. They provide electronic payment and banking services.
- Location . Service providers are based mainly in Poland and other countries of the European Economic Area (EEA).
- Customers’ personal data are stored:
3.1. If the basis for the processing of personal data is consent, then the Customer’s personal data are processed by the Administrator until the consent is revoked, and after the consent is withdrawn, for a period of time corresponding to the limitation period for claims that may be raised by the Administrator and that may be raised against him. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
3.2. If the basis for data processing is the performance of a contract, then the Customer’s personal data are processed by the Administrator for as long as it is necessary to perform the contract, and after that for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
- If a request is made, the Administrator provides personal data to authorized state authorities, in particular organizational units of the Prosecutor’s Office, the Police, the President of the Office of Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
- 3 Cookie mechanism, IP address
- The website uses small files called cookies. They are saved by the Administrator and on the end device of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain from which it comes, its “expiration time” and an individual, randomly selected number identifying this file. Information collected using this type of files helps adapt the products offered by the Administrator to the individual preferences and actual needs of people visiting the Website. ..
- The administrator uses two types of cookies:
2.1. Session cookies : after ending the browser session or turning off the computer, the saved information is deleted from the device’s memory. The session cookies mechanism does not allow downloading any personal data or any confidential information from Customers’ computers.
2.2. Persistent cookies : are stored in the memory of the Customer’s end device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow downloading any personal data or any confidential information from the Customer’s computer.
- The administrator uses its own cookies to:
3.1. analysis and research as well as audience audit, and in particular to create anonymous statistics that help understand how Customers use the Website, which allows improving its structure and content.
- The administrator uses external cookies to:
4.1. presenting a map indicating the location of the Administrator’s office on the information pages of the Website , via the website maps.google.com (external cookie administrator: Google Inc. based in the USA)
- The cookie mechanism is safe for the computers of customers visiting the Website. In particular, this way it is not possible for viruses or other unwanted software or malware to reach the Customer’s computers. However, in their browsers, customers have the option of limiting or disabling access to cookies on their computers. If you use this option, you will be able to use the Website, except for functions that by their nature require cookies.
- The Administrator may collect Customers’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Website by the Internet service provider. The IP number allows you to access the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes each time it is connected to the Internet, and is therefore generally treated as non-personal identifying information. The IP address is used by the Administrator to diagnose technical problems with the server, create statistical analyzes (e.g. determining from which regions we receive the most visits), as information useful in administering and improving the Website, as well as for security purposes and possible identification of problems that burden the server. , unwanted automatic programs for viewing the content of the Website.
- 4 Rights of data subjects
- The right to withdraw consent – legal basis: art. 7 section 3 GDPR.
1.1. The customer has the right to withdraw any consent he has given
1.2. Withdrawal of consent takes effect from the moment of withdrawal.
1.3. Withdrawal of consent does not affect the processing carried out by the Administrator and in accordance with the law before its withdrawal.
1.4. Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities that, according to the law, the Administrator can only provide with consent.
- The right to object to data processing – legal basis: art. 21 GDPR.
2.1. The Customer has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data, including profiling, if the Administrator processes his data based on a legitimate interest, e.g. marketing of the Administrator’s products and services , keeping statistics of use individual functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys.
2.2. Resignation by e-mail from receiving marketing messages regarding products or services will mean the Customer’s objection to the processing of his personal data, including profiling for these purposes.
2.3. If the Customer’s objection turns out to be justified, the Administrator will have no other legal basis for processing personal data, the Customer’s personal data will be deleted, to the processing of which the Customer has objected.
- The right to delete data (“right to be forgotten”) – legal basis: art. 17 GDPR.
3.1. The customer has the right to request the deletion of all or some personal data.
3.2. The customer has the right to request the deletion of personal data if:
3.2.1. the personal data are no longer necessary in relation to the purposes for which they were collected or processed
3.2.2. withdrew specific consent, to the extent that personal data were processed based on his consent
3.2.3. he objected to the use of his data for marketing purposes
3.2.4. personal data are processed unlawfully
3.2.5. personal data must be deleted in order to comply with a legal obligation provided for by Union law or the law of the Member State to which the Controller is subject
3.2.6. the personal data were collected in connection with the offering of information society services
3.3. Despite the request to delete personal data in connection with raising an objection or withdrawing consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfill a legal obligation requiring processing under the law. Union or the law of the Member State to which the Administrator is subject . This applies in particular to personal data including: name, surname, e-mail address, which data are kept for the purposes of considering complaints and claims related to the use of the Administrator’s services , or additionally the address of residence/correspondence address, order number, which data are retained for the purpose of considering complaints and claims related to concluded sales contracts or the provision of services.
- The right to limit data processing – legal basis: art. 18 GDPR.
4.1. The customer has the right to request restriction of the processing of his personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request. The administrator will not send any messages, including marketing ones.
4.2. The customer has the right to request restriction of the use of personal data in the following cases:
4.2.1. when you question the correctness of your personal data – then the Administrator limits their use for the time needed to check the correctness of the data, but no longer than 7 days
4.2.2. when the data processing is unlawful and instead of deleting the data, the Customer requests the restriction of their use
4.2.3. when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Customer to establish, pursue or defend claims
4.2.4. when he has objected to the use of his data – then the limitation is for the time needed to consider whether – due to the special situation – the protection of the interests, rights and freedoms of the Customer outweighs the interests pursued by the Administrator by processing the Customer’s personal data.
- Right to access data – legal basis: art. 15 GDPR.
5.1. The Customer has the right to obtain from the Administrator confirmation whether personal data is processed, and if this is the case, the Customer has the right to:
5.1.1. gain access to your personal data
5.1.2. obtain information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of the Customer’s data or about the criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the Customer under the GDPR, and on the right to lodge a complaint with the supervisory authority, on the source of this data, on automated decision-making, including profiling, and on the safeguards applied in connection with the transfer of this data outside the European Union
5.1.3. obtain a copy of your personal data.
- The right to rectify data – legal basis: art. 16 GDPR.
6.1. The Customer has the right to request the Administrator to immediately correct any incorrect personal data concerning him/her. Taking into account the purposes of processing, the data subject has the right to request that incomplete personal data be completed, including by submitting an additional statement, sending the request to the e-mail address in accordance with §6 of the Privacy Policy.
- The right to transfer data – legal basis: art. 20 GDPR.
7.1. The Customer has the right to receive his personal data that he provided to the Administrator and then send them to another personal data administrator of his choice. The Customer also has the right to request that personal data be sent by the Administrator directly to such an administrator, if technically possible. In such a case, the Administrator will send the Customer’s personal data in the form of a file in the CSV format, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data administrator.
- If the Customer exercises the right resulting from the above rights, the Administrator complies with the request or refuses to comply with it immediately, but no later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – the Administrator will not be able to meet the request within a month, he will meet it within the next two months by informing the Customer within one month of receiving the request – about the intended extension of the deadline and its reasons.
- The Customer may submit to the Administrator complaints, inquiries and requests regarding the processing of his personal data and the exercise of his rights.
- The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding a violation of his rights to the protection of personal data or other rights granted under the GDPR.
- 5 Changes to the Privacy Policy
- The Privacy Policy may change, of which the Administrator is not obliged to inform.
- Please send questions related to the Privacy Policy to: joanna.a.krajewska@gmail.com
- Date of last modification: June 21, 2024