We are committed to safeguarding the privacy of our website visitors and customers; this policy sets out how we will treat your personal information. It was last updated on 24th May 2018.
Data controller and data processor
The data controller is the merchant Tomasz Donocik. We can be contacted at email@example.com. The data processor for the merchant is Shopify, the platform hosting Tomasz Donocik online store. tomaszdonocik.com will not pass on your personal, credit or debit card details to any third party. Credit or debit card information will always be encrypted on transfer.
We will never ask for personal details via email.
If you receive an unsolicited email asking you for your log in details or credit or debit card details, please contact our Customer Service team immediately at firstname.lastname@example.org.
What information do we collect?
We may collect, store and use the following kinds of personal data:
(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views);
(b) information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services including name, email address and address details so that we can deliver ordered goods.
(c) information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters.
(d) any other information that you choose to send to us
A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We may use both "session" cookies and "persistent" cookies on the website. We will use the session cookies to: keep track of you whilst you navigate the website. We will use the persistent cookies to: enable our website to recognise you when you visit.
Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
Our advertisers or payment services providers including PayPal may also send you cookies.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking "Tools", "Internet Options", "Privacy", and selecting "Block all cookies"" using the sliding selector. Blocking all cookies will, however, have a negative impact upon the usability of many websites.
Using your personal data
We never have nor ever will sell on your data to third parties.
We may use your personal information to:
(a) administer the website
(b) improve your browsing experience by personalising the website
(c) enable your use of the services available on the website
(d) send to you goods purchased via the website, and supply to you services purchased via the website
(e) send statements and invoices to you, and collect payments from you
(f) send you general (non-marketing) commercial communications
(g) send you email notifications which you have specifically requested
(h) send to you our newsletter and other marketing communications relating to our business by email or similar technology (you can inform us at any time if you no longer require marketing communications)
(i) provide third parties with statistical information about our users - but this information will not be used to identify any individual user
(j) deal with enquiries and complaints made by or about you relating to the website
(k) other uses such as publication on the website of information you have agreed to be shared on our website, such as testimonials.
Lawful basis for collecting personal data
(a) In the case of browser analytics, we process this data for the legitimate interests of the merchant Tomasz Donocik.
(b) In the case of personal data collected for processing orders and payments, we process this data in order to fulfil a contract with you to supply the purchased products or service.
(c) In the case of subscribing to our mailing list, we rely on your consent as the lawful basis for processing.
(d) In the case of any other information that you choose to send to us, the lawful basis will likely depend on the context of the information at the time - but is likely to be related to processing orders and providing a service, and therefore falls under the fulfilment of a contract with you.
In addition, we may disclose information about you:
(a) to the extent that we are required to do so by law
(b) in connection with any legal proceedings or prospective legal proceedings
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
(d) to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.
Retention of data
We will keep data for at least 7 years in order to provide records for HMRC.
International data transfers
Personal information that you submit specifically for publication on the website - for example for testimonials - may be published on the internet and may be available, via the internet, around the world.
Security of your personal data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You have the right to request access to the personal data that we hold about you - this is known as a Subject Access Request (SAR). If you wish to make an SAR about the personal data we hold about you, please email email@example.com. We will respond within 30 days to provide you with the data we hold about you in a commonly-used electronic format. There is no charge for this service, however if requests become manifestly unfounded, excessive or repetitive, we may charge a fee appropriate to the administrative work required.
You have the right to request a rectification of your personal data. To do so, please email firstname.lastname@example.org. We will respond within 30 days, although can be extended by two months if the request for rectification is complex. If we decide not take action in response to a request for rectification, we will explain to you our reasons.
You have the right to the deletion or removal of your personal data where there is no compelling reason for its continued processing. To request deletion of your personal data, please email email@example.com. We may refuse to comply with a request for erasure in some circumstances, for example in the case of requiring the information as part of a legal obligation, such as our statutory accounts and records.
You have the right to suppress or restrict the processing of your personal data. To request this, please email firstname.lastname@example.org. You have the right to data portability, which allows you to obtain and reuse your personal data for your own purposes across different services. To request this, please email email@example.com. We will respond within 30 days to provide you with the data we hold about you in a commonly-used electronic format. This time can be extended by two months if the request is complex.
You have the right to object to:
- direct marketing
- processing based on legitimate interests
To make an objection to processing, please email firstname.lastname@example.org. You have the right to withdraw your consent for processing, where consent is the legal basis - for example our marketing mailing list. You may withdraw your consent by using the unsubscribe link at the bottom of our emails.
You have the right to lodge a complaint with the UK’s supervisory authority, the ICO: https://ico.org.uk/
Please let us know if the personal information which we hold about you needs to be corrected or updated.
Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.