General Provisions
1.1
This privacy policy of the Online Store is informative, which means that it is not a source of obligations for the Service Recipients or Customers of the Online Store. The privacy policy primarily contains rules regarding the processing of personal data by the Administrator in the Online Store, including the bases, purposes and scope of processing personal data and the rights of data subjects, as well as information on the use of cookies and analytical tools in the Online Store.
1.2
The administrator of personal data collected through the Online Store is Maksymilian Robiński conducting business under the company Hoom Maksymilian Robiński entered into the Central Register and Information on Economic Activity of the Republic of Poland maintained by the Minister responsible for economic affairs, having: address of place of business and address for delivery: ul. Młyńska 12, 61-730 Poznań, NIP 784245555 868, REGON 362160453, e-mail address: info@hoom.co — hereinafter referred to as the “Administrator” and being at the same time Online Store Service Provider and Seller.
1.3
Personal data in the Online Store are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) — hereinafter referred to as “GDPR” or “GDPR Regulation”. Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4
The use of the Online Store, including making purchases, is voluntary. Similarly, the provision of personal data by the Service Recipient or Customer using the Online Store is voluntary, subject to two exceptions: (1) concluding contracts with the Administrator — failure to provide in the cases and to the extent indicated on the Online Store website and in the Regulations of the Online Store and this privacy policy personal data necessary to conclude and perform the Sales Agreement or an agreement for the provision of an Electronic Service with the Administrator results in The inability to conclude this agreement. Providing personal data is in this case a contractual requirement and if the data subject wishes to conclude a given contract with the Administrator, he is obliged to provide the required data. Each time, the scope of data required to conclude a contract is indicated in advance on the website of the Online Store and in the Regulations of the Online Store; (2) legal obligations of the Administrator - providing personal data is a legal requirement resulting from generally applicable law provisions imposing on the Administrator the obligation to process personal data (e.g. processing data for the purpose of maintaining tax or accounting books) and failure to provide them will prevent the Administrator from performing these duties.
1.5
The Controller takes special care to protect the interests of the persons to whom the personal data processed by him relate, and in particular he is responsible and ensures that the data collected by him are: (1) processed in accordance with the law; (2) collected for marked, lawful purposes and not subjected to further processing incompatible with these purposes; (3) substantively correct and adequate for the purposes for which they are processed; (4) stored in an identifiable form for no longer than is necessary for achieve the purpose of the processing and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organisational means.
1.6
Taking into account the nature, scope, context and purposes of the processing and the risk of infringement of the rights or freedoms of natural persons of varying likelihood and severity of the threat, the Controller shall implement appropriate technical and organisational measures to ensure that processing takes place in accordance with this Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Controller applies technical measures to prevent the acquisition and modification by unauthorized persons of personal data transmitted electronically.
All words, expressions and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Online Store Regulations available on the Online Store pages.
Basics of data processing
2.1
The controller is entitled to process personal data in cases where — and to the extent that — at least one of the following conditions is met: (1) the data subject has consented to the processing of his or her personal data for one or more specified purposes; (2) the processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the person whose data relate, prior to the conclusion of the contract; (3) the processing is necessary to comply with a legal obligation on the Controller; or (4) the processing is necessary for the purposes arising from the legitimate interests pursued by the Controller or by a third party, except in cases where the interests or fundamental rights and freedoms of the data subject require the protection of personal data, in particular when the data subject is a child, are overriding those interests.
2.2
The processing of personal data by the Administrator requires each time the existence of at least one of the grounds indicated in point 2.1 of the privacy policy. The specific grounds for processing personal data of Service Recipients and Customers of the Online Store by the Administrator are indicated in the next point of the privacy policy — in relation to the specific purpose of processing personal data by the Administrator.
Purpose, basis, period and scope of data processing in the online store
2.1
The controller is entitled to process personal data in cases where — and to the extent that — at least one of the following conditions is met: (1) the data subject has consented to the processing of his or her personal data for one or more specified purposes; (2) the processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the person whose data relate, prior to the conclusion of the contract; (3) the processing is necessary to comply with a legal obligation on the Controller; or (4) the processing is necessary for the purposes arising from the legitimate interests pursued by the Controller or by a third party, except in cases where the interests or fundamental rights and freedoms of the data subject require the protection of personal data, in particular when the data subject is a child, are overriding those interests.
2.2
The processing of personal data by the Administrator requires each time the existence of at least one of the grounds indicated in point 2.1 of the privacy policy. The specific grounds for processing personal data of Service Recipients and Customers of the Online Store by the Administrator are indicated in the next point of the privacy policy — in relation to the specific purpose of processing personal data by the Administrator.
Purpose of data processing
Legal basis for processing and storage period
Scope of processed data
Execution of a Sales Agreement or an agreement for the provision of an Electronic Service or taking action at the request of the data subject prior to the conclusion of the aforementioned contracts
Article 6 (1) (b) of the GDPR Regulation (performance of the contract)
The data is stored for the period necessary for the performance, termination or termination of a contract concluded in another way.
Article 6 (1) (b) of the GDPR Regulation (performance of the contract)
The data is stored for the period necessary for the performance, termination or termination of a contract concluded in another way.
Maximum range: name and surname; e-mail address; contact telephone number; delivery address (street, house number, apartment number, postal code, city, country), residence/business/registered address (if different from the delivery address).
Direct Marketing
Article 6 (1) (f) of the GDPR Regulation (legitimate interest of the controller)
The data are stored for the duration of the existence of a legitimate interest pursued by the Administrator, but no longer than for the period of limitation of claims against the data subject due to the economic activity carried out by the Administrator. The limitation period is determined by the provisions of the law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business is three years, and for a sales contract two years) .The Administrator may not process data for direct marketing in the event of an effective objection in this regard by the data subject.
Email Address
Marketing
Article 6 (1) (a) of the GDPR Regulation (consent)
The data are stored until the data subject withdraws his consent for further processing of his or her data for this purpose.
Name, email address
Expression by the Customer of an opinion on the concluded Sales Agreement
Article 6 (1) (a) of the GDPR
The data are stored until the data subject withdraws his consent for further processing of his or her data for this purpose.
Email Address
Marketing
Article 6 (1) (a) of the GDPR Regulation (consent)
The data are stored until the data subject withdraws his consent for further processing of his or her data for this purpose.
Name, email address
Expression by the Customer of an opinion on the concluded Sales Agreement
Article 6 (1) (a) of the GDPR
The data are stored until the data subject withdraws his consent for further processing of his or her data for this purpose.
Email Address
Recipient of data in the online store
4.1
For the proper functioning of the Online Store, including for the execution of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as, for example, a software provider, a courier or an entity handling payments). The Controller uses only the services of such processors who provide sufficient guarantees of the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
4.2
Data transfer by the Administrator does not take place in any case and not to all recipients or categories of recipients indicated in the privacy policy — the Administrator transfers data only if it is necessary to achieve a given purpose of processing personal data and only to the extent necessary for its realization. For example, if the Customer uses personal pickup, his data will not be transferred to the carrier cooperating with the Administrator.
4.3
Personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
- service providers providing the Controller with technical, IT and organizational solutions, enabling the Administrator to conduct business activities, including the Online Store and Electronic Services provided through it (in particular, the provider of computer software for running the Online Store, the provider of e-mail and hosting and the provider of software for managing the company and providing technical assistance to the Administrator) — the Administrator makes the collected personal data of the Customer available to the selected provider acting on its behalf only in the case and to the extent necessary to achieve the respective purpose of data processing in accordance with this privacy policy.
- providers of accounting, legal and advisory services providing the Administrator with accounting, legal or advisory support (in particular, an accounting office, a law firm or a debt collection company) — the Administrator provides the collected personal data of the Client to the selected provider acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
- carriers/forwarders/courier brokers — in the case of a Customer who uses the method of delivery of the Product in the Online Store by post or courier, the Administrator provides the collected personal data of the Customer to the selected carrier, freight forwarder or intermediary carrying out shipments on behalf of the Administrator to the extent necessary to carry out the delivery of the Product to the Customer.
- entities supporting electronic payments or payment card — in the case of a Customer who uses an electronic payment method or a payment card in the Online Store, the Administrator makes the collected personal data of the Customer available to the selected entity supporting the above payments in the Online Store on the order of the Administrator to the extent necessary to handle the payment made by the Customer.