Legal notice

Policy of transparency

§ 1 Definitions

  1. Administrator - ROLV Group Sp. z o.o.
  2. Personal data - information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, contact data, location data, information contained in correspondence, information collected through recording equipment or other similar technology.
  3. Personal data - information about a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural or social identity, including image, voice recording, contact data, location data, information contained in correspondence, information collected through recording equipment or other similar technology.
  4. Policy - this Transparency Policy.
  5. RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  6. Data Subject - this Transparency Policy.
  7. Data subject - an individual to whom the personal data processed by the Controller pertains

§ 2 Data processing by the Administrator

  1. In connection with the Administrator's business activities, the Administrator shall collect and process Personal Data in accordance with applicable laws, including in particular the RODO, and the data processing rules provided therein.
  2. The Administrator shall ensure that Personal Data is processed by the Administrator in accordance with the applicable laws, including in particular the RODO.
  3. The Administrator ensures transparency in the processing of Personal Data, in particular, always informs about the processing of data at the time of collection, including the purpose and legal basis for processing (e.g. when concluding a contract for the sale of goods). The Administrator shall ensure that the data is collected only to the extent necessary for the stated purpose and processed only for the period of time necessary.
  4. When processing Personal Data, the Administrator shall ensure its security and confidentiality, as well as access to information about the processing to data subjects. Should there be a breach of the protection of Personal Data (e.g., data "leakage" or data loss) despite the security measures in place, the Administrator shall inform Data Subjects of such an event in a manner consistent with the regulations.

§ 3 Contacting the Administrator

  1. Contact with the Administrator is possible through the e-mail address sklep@mi-home.pl.

§ 4 Personal data security

  1. The Administrator shall conduct a risk analysis on an ongoing basis to ensure that Personal Data is processed by it in a secure manner - ensuring, above all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks they perform. The Administrator ensures that all operations on Personal Data are recorded and performed only by authorized employees and associates.
  2. The Administrator shall take all necessary measures to ensure that also its subcontractors and other cooperating entities provide a guarantee of the application of appropriate security measures whenever they process Personal Data on behalf of the Administrator.

§ 5 Purposes and legal basis for processing

E-mail AND traditional correspondence

  1. When personal data contained in such correspondence is addressed to the Administrator via e-mail or traditional correspondence that is not related to the services provided to the sender, any other contract entered into with the sender, or otherwise not related to any relationship with the Administrator, the personal data contained in such correspondence shall be processed solely for the purpose of communication and resolution of the matter to which the correspondence relates.
  2. Personal data contained in such correspondence shall be processed solely for the purpose of communication and resolution of the matter to which the correspondence relates.
  3. The legal basis for the processing is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting of correspondence addressed to it in connection with its business activities.
  4. The Administrator processes only Personal Data relevant to the matter to which the correspondence relates. All correspondence is stored in a manner that ensures the security of the Personal Data contained therein (and other information) and is disclosed only to authorized persons.

    Processing of data in connection with the sale of goods, provision of services or performance of other contracts

  5. When an order is fulfilled at a stationary point, the Administrator shall process the personal data of customers for the purposes of order fulfillment.
  6. The legal basis for the processing is necessity for the performance of a contract to which the data subject is a party (Article 6(1)(b) of the RODO). In addition, Customers' Personal Data will be processed in order to fulfill statutory obligations incumbent on the Administrator, resulting in particular from tax and accounting regulations - the legal basis for processing is a legal obligation (Article 6(1)(c) RODO).

    Complaint handling

  7. When a complaint is filed, the Administrator processes the personal data provided in order to handle the complaint.
  8. The legal basis for data processing is the legitimate interest of the Administrator (Article 6(1)(f) of the RODO), consisting in fulfilling the obligations arising from the contract concluded with the customer by handling the complaint.

    Collection of data in connection with the submission of complaints AND requests

  9. When a complaint or request is made, the Administrator shall process the personal data provided in order to handle such request.
  10. The legal basis for data processing is the legitimate interest of the Administrator (Article 6(1)(f) RODO); which is to improve the quality of services provided.

    Video monitoring

  11. Personal data in the form of video surveillance recordings are processed for the purpose of ensuring the safety of persons and property and maintaining order on the premises, and possibly for the purpose of defending against claims made against the Administrator or for the purpose of establishing and asserting claims by the Administrator. The legal basis for the processing of personal data is the legitimate interest of the Administrator (Article 6(1)(f) RODO), which is to ensure the safety of persons and property located on the premises managed by the Administrator and to protect their rights.
  12. The area covered by the Administrator's monitoring is marked with appropriate graphic signs.

    Data collection in connection with the provision of services or performance of other contracts

  13. When collecting data for purposes related to the performance of a specific contract, the Controller shall provide the Data Subject with details of the processing of his/her personal data at the time of entering into the contract, or at the time of obtaining the personal data in case the processing is necessary for the Controller to take action at the Data Subject's request, prior to entering into the contract.

    Processing of personal data of members of staff of contractors or clients cooperating with the Controller

  14. In connection with the conclusion of commercial agreements in the course of business, the Administrator obtains from contractors/customers data of persons involved in the execution of such agreements (e.g. persons authorized to contact, placing orders, executing orders, etc.). The scope of the data provided is in each case limited to the extent necessary for the performance of the contract and does not usually include information other than name and business contact information.
  15. Such personal data is processed for the purpose of realizing the legitimate interests of the Administrator and its contractor (Article 6(1)(f) RODO), consisting of enabling the proper and effective performance of the contract. Such data may be disclosed to third parties involved in the performance of the contract, as well as to entities gaining access added based on public information disclosure regulations and proceedings conducted under the Public Procurement Law, to the extent provided by such regulations.
  16. Data shall be processed for the period necessary for the realization of the above interests and the performance of obligations under the regulations.

    Data collection in other cases

  17. In connection with its business activities, the Administrator also collects Personal Data in other cases - e.g. by building and using lasting mutual business contacts (networking) during business meetings, at industry events, or by exchanging business cards for the purposes of initiating and maintaining business contacts. The legal basis for processing in this case is the legitimate interest of the Administrator (Article 6(1)(f) RODO), consisting of networking in connection with its business activities.

§ 6 Recipients of data

  1. In connection with the performance of services, Personal Data will be disclosed to external entities, including, in particular, suppliers responsible for the operation of IT systems, entities such as banks and payment operators, entities providing accounting services, couriers (in connection with the performance of an order), and entities related to the Administrator, including companies in its capital group.
  2. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who make a request for such information, relying on the relevant legal basis and in accordance with the provisions of applicable law.

§ 7 Period of processing of Personal Data

  1. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. The period of data processing may also result from regulations when they provide the basis for processing. If processing is done on the basis of the legitimate interest of the Administrator (e.g., for security reasons), the data are processed for a period of time that enables the fulfillment of this interest or until an effective objection to the processing is made. When processing is based on consent, data are processed until the consent is withdrawn. When the basis for processing is the necessity to conclude and perform a contract, data are processed until the contract is terminated.
  2. The period of data processing may be extended if the processing is necessary for the establishment or assertion of claims or defense against claims, and after this period - only if and to the extent required by law.

§ 8 Rights related to the processing of personal data

Rights of data subjects

    1. Data subjects shall have the following rights:
      1. the right to obtain a copy of the data - on this basis the Administrator shall provide a copy of the processed data concerning the individual making the request;
      2. right to rectification - the Administrator is obliged to remove any inconsistencies or errors in the processed Personal Data and to complete it if it is incomplete;
      3. right to erasure - on this basis, you can request the erasure of Data, the processing of which is no longer necessary to carry out any of the purposes for which they were collected;
      4. the right to restrict processing - if such a request is made, the Administrator shall cease performing operations on Personal Data - with the exception of operations consented to by the data subject - and storing them, in accordance with the adopted retention rules, or until the reasons for restricting data processing cease to exist (e.g., a decision is issued by a supervisory authority authorizing further data processing);
      5. Right to data portability - on this basis - to the extent that the data are processed by automated means in connection with a contract concluded or consent given - the Administrator shall issue the data provided by the data subject in a computer-readable format. It is also possible to request that the data be sent to another entity, provided, however, that there are technical capabilities in this regard on the part of both the Administrator and the designated entity;
      6. right to object to processing for marketing purposes - the Data Subject may object to the processing of Personal Data for marketing purposes at any time, without having to justify such objection;
      7. Right to object to other purposes of processing - the Data Subject may at any time object, for reasons related to his/her particular situation, to the processing of Personal Data that is carried out on the basis of a legitimate interest of the Controller (e.g., for analytical or statistical purposes or for reasons related to the protection of property); an objection in this regard should contain a justification;
      8. the right to withdraw consent - if the data is processed on the basis of the consent given, the Data Subject has the right to withdraw it at any time, which, however, does not affect the lawfulness of the processing performed before the withdrawal;
      9. right to complain - if the processing of Personal Data is deemed to be in violation of the provisions of the RODO or other regulations on the protection of Personal Data, the Data Subject may file a complaint with the supervisory authority for the processing of Personal Data having jurisdiction over the Data Subject's habitual residence, place of work or place where the alleged violation was committed. In Poland, the supervisory authority is the President of the Office for Personal Data Protection.

        Submission of requests related to the exercise of rights

    2. Requests for the exercise of rights of Data Subjects may be submitted:
      1. in writing to the address provided on the website;
        1. electronically to the e-mail address: sklep@mi-home.pl.
      2. If the Administrator is unable to identify an individual on the basis of the submitted request, it will ask the applicant for additional information. It is not mandatory to provide such data, but failure to do so will result in denial of the request.
      3. The request may be made in person or through a proxy (such as a family member). For data security reasons, the Administrator encourages the use of a power of attorney in a form certified by a notary public or authorized legal counsel or attorney, which will significantly speed up the verification of the authenticity of the request.
      4. Response to a request should be made within one month of its receipt. If it is necessary to extend this period, the Administrator shall inform the applicant of the reasons for this action.
      5. When the request is addressed to the Company electronically, the response shall be provided in the same form, unless the applicant has requested a response in another form. In other cases, the response shall be given in writing. In the event that the timing of the request makes it impossible to respond in writing, and the scope of the applicant's data processed by the Administrator allows contact by electronic means, the response shall be provided electronically.
      6. The company shall store information regarding the request made and the person who made the request in order to ensure that compliance can be demonstrated and for the purpose of establishing, defending or asserting possible claims by data subjects. The record of requests shall be stored in a manner that ensures the integrity and confidentiality of the data contained therein.

 

Changes to Transparency Policy

The policy shall be reviewed on an ongoing basis and updated as necessary.