I General Provisions.
1. This Privacy Policy specifies the manner in which personal data necessary for the provision of electronic services through the internet service in the domain www.hasik.design is collected, processed, and stored. www.hasik.design
2. The controller of personal data for users of the online store located at
www.hasik.design is HASIK DESIGN STUDIO GRZEGORZ HASIK TOMASZ KRZYZANOWSKI Civil Partnership with the National Business Registry Number (REGON) 526629720, headquartered at Zawrotna 25, 70-883 Szczecin.
3. Personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as GDPR).
4. The data collected by the Administrator will be:
• processed in accordance with the law;
• processed for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
• substantively correct and adequate in relation to the purposes for which they are processed;
• stored no longer than is necessary to achieve the purpose of processing.
II. Purpose and Legal Basis for Data Processing
1. The Administrator processes personal data necessary for the provision and development of the services offered through the Service and its individual functionalities.
2. Personal data will be processed for the following purposes:
• verification of the User's identity and execution of the agreement for the provision of electronic services in accordance with the Act of July 18, 2002, on the provision of electronic services, especially by enabling the use of the User's account - based on the acceptance of the Terms and Conditions (Article 6(1)(b) GDPR);
• communication with the User to provide necessary information and build positive and reliable relationships, which constitutes the legitimate interest of the Administrator (Article 6(1)(f) GDPR);
• promoting the Administrator's own products and/or services as well as those of their Partners through the electronic transmission of marketing information, provided the User has given consent to receive such notifications via email (Article 6(1)(a) GDPR);
• granting access to information about industry news directly related to the Administrator's activities, provided the User has given consent to receive such notifications via email (Article 6(1)(a) GDPR);
• for analytical and statistical purposes based on the legitimate interest of the Administrator, which involves verifying user activities and preferences to optimize services, products, and functionalities of the Service (Article 6(1)(f) GDPR);
• for potential establishment, investigation of claims, or defense against them based on the legitimate interest of the Administrator, which involves protecting their rights (Article 6(1)(f) GDPR).
3. In each of the cases mentioned above (point 2), providing data is voluntary but necessary for the conclusion of the agreement or for using other functionalities of the Service.
III. Period of Personal Data Processing
1. Personal data will be processed for the period necessary to maintain compliance with legal regulations, pursue or defend against any potential claims, but not longer than 3 years from the termination of the agreement for the provision of electronic services.
2. Data processed based on consent will be processed until the consent is withdrawn, with the proviso that the withdrawal of this consent does not affect the lawfulness of processing carried out before such withdrawal.
IV. Information about Processing
1. Personal data, depending on the purpose of processing, may be disclosed to:
• entities affiliated with the Administrator;
• entities cooperating with the Administrator;
• subcontractors, especially entities providing and managing selected IT systems and solutions;
• entities handling online payments;
• entities providing courier and postal services;
• law firms.
V. Rights of the Data Subjects
1. The Service User has the right to:
• access the content of their personal data;
• correction of data;
• deletion of data;
• restriction of data processing;
• data portability;
• objection to processing based on the legitimate interest of the administrator;
• withdrawal of consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
2. The User has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that the processing infringes upon their rights and freedoms.
3. In the data processing process, there is no automated decision-making, including profiling.
VI. Final Provisions.
1. The Administrator reserves the right to make changes to this Privacy Policy while ensuring that the rights of Users arising from this document will not be limited.
Users will be informed about any changes to the Privacy Policy through a notice available on the Service.