Privacy Policy

  1. This Privacy Policy defines the principles of processing personal data obtained through the website lux-knit.com (hereinafter referred to as the “Website”).

  2. The owner of the website and the Data Administrator is Olga Świdzińska, hereinafter referred to as the Administrator.

  3. Personal data collected by the Administrator through the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as the GDPR.

  4. The Administrator takes special care to respect the privacy of Customers visiting the Website.

1 .Type of data processed, purposes and legal basis

  • The Administrator collects information on natural persons performing legal acts not directly related to their activities, natural persons conducting business or professional activities on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, conducting business or professional activities on their own behalf, hereinafter collectively referred to as Customers.

    2. Personal data of Customers are collected in the case of:

  • using the contact form service on the Website in order to perform a contract provided electronically. Legal basis: necessity to perform a contract for the provision of the contact form service (Article 6, paragraph 1, letter b of the GDPR)

  1. In the event of using the contact form service, the Customer provides the following data:

– e-mail address

– name

– telephone number

  1. Additional information may be collected during the use of the Website, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.

  2. Navigation data may also be collected from Customers, including information about links and references they decide to click on or other actions taken on the Website. Legal basis – legally justified interest (Article 6, paragraph 1, letter f of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services. The transfer of personal data to the Administrator is voluntary.

  2 Who is the data shared or entrusted to and how long is it stored?

1. The Client’s personal data is transferred to service providers used by the Administrator to run the Website. Service providers to whom personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the Administrator’s instructions as to the purposes and methods of processing such data (processors) or independently determine the purposes and methods of their processing (administrators).

1.1.   Processors. The Administrator uses suppliers who process personal data only on the Administrator’s instructions. These include, among others, suppliers providing hosting services, accounting services, marketing systems, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns

1.2.   Administrators. The Administrator uses suppliers who do not act only on instructions and themselves determine the purposes and methods of using the Customers’ personal data. They provide electronic payment and banking services.

  1. Location. Service providers are based mainly in Poland and other countries of the European Economic Area (EEA).

  2. Customers’ personal data are stored:



3.1. If the basis for the processing of personal data is consent, then the Customer’s personal data are processed by the Administrator until the consent is withdrawn, and after the consent is withdrawn for a period of time corresponding to the limitation period for claims that the Administrator may raise and which may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.

3.2.  If the basis for data processing is the performance of a contract, then the Client’s personal data are processed by the Administrator for as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.

  1. In the event of a request, the Administrator shall make personal data available to authorized state authorities, in particular organizational units of the Public Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.

  • 3 Cookie mechanism, IP address

  1. The website uses small files called cookies. They are saved by the Administrator on the end device of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain from which it comes, its “expiration time” and an individual, randomly selected number identifying this file. Information collected using files of this type helps to adapt the products offered by the Administrator to the individual preferences and actual needs of people visiting the Website.

  2. The Administrator uses two types of cookies:

2.1. Session cookies: after the end of a given browser session or when the computer is turned off, the saved information is deleted from the device’s memory. The session cookie mechanism does not allow for the collection of any personal data or any confidential information from Customers’ computers.

2.2.  Persistent cookies: are stored in the memory of the Customer’s end device and remain there until they are deleted or expire. The persistent cookie mechanism does not allow for the collection of any personal data or any confidential information from the Customers’ computer.

  1. The Administrator uses its own cookies for the following purposes:

3.1. analyses, research and audience audits, and in particular to create anonymous statistics that help understand how Customers use the Website, which enables the improvement of its structure and content.

  1. The Administrator uses external cookies for the following purposes:

4.1.presenting a map indicating the location of the Administrator’s office on the information pages of the Website, using the website maps.google.com (external cookie administrator: Google Inc. based in the USA)

  1. The cookie mechanism is safe for the computers of Customers visiting the Website. In particular, it is not possible for viruses or other unwanted software or malware to enter Customers’ computers this way. Nevertheless, Customers have the option of limiting or disabling cookie access to computers in their browsers. If this option is used, the use of the Website will be possible, except for functions that by their nature require cookies.

  2. The Administrator may collect IP addresses of Customers. An IP address is a number assigned to the computer of a person visiting the Website by the Internet service provider. The IP number enables access to the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes with each connection to the Internet and is therefore commonly treated as non-personal identifying information. The IP address is used by the Administrator to diagnose technical problems with the server, create statistical analyses (e.g. to determine from which regions we record the most visits), as information useful in the administration and improvement of the Website, as well as for security purposes and possible identification of server-burdening, unwanted automatic programs for viewing the content of the Website.

 

4 Data Subject Rights

  1. Right to withdraw consent – legal basis: Article 7 paragraph 3 of the GDPR.

1.1. The customer has the right to withdraw any consent he has given

1.2. Withdrawal of consent takes effect from the moment of withdrawal of consent.

1.3. Withdrawal of consent does not affect the processing carried out by the Administrator in accordance with the law before its withdrawal.

1.4.Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of the services or functionalities which, according to the law, the Administrator may only provide with consent.

  1. The right to object to data processing – legal basis: Article 21 of the GDPR..

2.1. The Customer has the right to object at any time – for reasons related to his/her particular situation – to the processing of his/her personal data, including profiling, if the Administrator processes his/her data based on a legitimate interest, e.g. marketing of the Administrator’s products and services, keeping statistics on the use of individual functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys.

2.2. By opting out of receiving marketing communications regarding products or services via e-mail, the Customer will be deemed to have objected to the processing of his or her personal data, including profiling for these purposes.

2.3. If the Customer’s objection proves to be justified, the Administrator will have no other legal basis for the processing of personal data, the Customer’s personal data will be deleted, to the processing of which the Customer has filed an objection.

  1. The right to delete data (“the right to be forgotten”) – legal basis: Art. 17 GDPR.

3.1. The customer has the right to request the deletion of all or some of their personal data.

3.2. The customer has the right to request the deletion of personal data if:

3.2.1. the personal data are no longer necessary for the purposes for which they were collected or processed

3.2.2. withdrew specific consent to the extent that personal data were processed based on his/her consent

3.2.3. he objected to the use of his data for marketing purposes

3.2.4. personal data are processed unlawfully

3.2.5. personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State to which the Controller is subject

3.2.6. personal data have been collected in connection with the provision of information society services

3.3. Despite the request to delete personal data, in connection with the filing of an objection or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to comply with a legal obligation requiring processing under EU law or the law of the Member State to which the Administrator is subject. This applies in particular to personal data including: first name, last name, e-mail address, which data are retained for the purpose of handling complaints and claims related to the use of the Administrator’s services, or additionally the address of residence/mailing address, order number, which data are retained for the purpose of handling complaints and claims related to concluded sales agreements or the provision of services.

  1. Right to restrict data processing – legal basis: Article 18 of the GDPR.

4.1. The customer has the right to request the restriction of the processing of his/her personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will be associated with the processing of the data covered by the request. The Administrator will also not send any messages, including marketing ones.

4.2. The customer has the right to request the restriction of the use of personal data in the following cases:

4.2.1. when he/she questions the accuracy of his/her personal data – then the Administrator limits their use for the time needed to verify the accuracy of the data, but no longer than for 7 days

4.2.2. when the data processing is unlawful and instead of deleting the data, the Client requests the restriction of its use

4.2.3. when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Client to establish, pursue or defend claims

4.2.4.when he has objected to the use of his data – then the restriction takes place for the time needed to consider whether – due to the special situation – the protection of the Client’s interests, rights and freedoms outweighs the interests pursued by the Controller in processing the Client’s personal data.

  1. Right of access to data – legal basis: Article 15 of the GDPR.

5.1. The Customer has the right to obtain from the Administrator confirmation as to whether he processes personal data, and if so, the Customer has the right to:

5.1.1.access your personal data

5.1.2. obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of this data, the planned period of storing the Customer’s data or the criteria for determining this period (when it is not possible to determine the planned period of data processing), about the Customer’s rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the security measures applied in connection with the transfer of this data outside the European Union

5.1.3. obtain a copy of your personal data..

  1. . The right to rectification of data – legal basis: Art. 16 GDPR.

6.1. The Customer has the right to demand that the Administrator immediately rectify his/her personal data that is incorrect. Taking into account the purposes of processing, the Customer whose data is being processed has the right to request that incomplete personal data be supplemented, including by submitting an additional statement, by sending a request to the e-mail address in accordance with §6 of the Privacy Policy.

  1. Right to data portability – legal basis: Article 20 of the GDPR.

7.1.The Client has the right to receive his/her personal data, which he/she has provided to the Administrator, and then send it to another personal data controller of his/her choice. The Client also has the right to request that the personal data be sent by the Administrator directly to such controller, if technically possible. In such a case, the Administrator will send the Client’s personal data in the form of a file in the csv format, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data controller.

  1. In the event that the Customer exercises the right resulting from the above rights, the Administrator shall comply with the request or refuse to comply with it immediately, but no later than within one month of receiving it. However, if – due to the complex nature of the request or the number of requests – the Administrator is unable to comply with the request within one month, it shall comply with it within the next two months, informing the Customer in advance within one month of receiving the request – of the intended extension of the deadline and the reasons for it.

  2. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the implementation of his rights.

  3. The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding a violation of his or her rights to personal data protection or other rights granted under the GDPR.

  • 5 Changes to Privacy Policy

  1. The Privacy Policy may change, of which the Administrator is not obliged to inform

  2. 2. Please send any questions regarding the Privacy Policy to: oluxkniit@gmail.com

  3. Last modification date: 12/07/2023