I. General Provisions
- The data controller of personal data of Users of the Store, in line with art. 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE (‘GDPR’), shall be Oldtimer Koni Jankowska Wioletta with its registered office in Tschernitz, Cottbuserstrasse 30 (03130), NIP (tax identification number) DE257991844 the owner of the Store, hereinafter referred to as the ‘Controller’.
II. Scope of Collected Data
- The Controller shall collect personal data of Users within the scope that is necessary for fulfilling orders placed via the Store, making a registration in the Store and rendering other services set forth in the Store Regulations.
- The scope of collected data shall include:
a) a full name;
b) an e-mail address;
c) a contact address;
d) a delivery address (street, house number, post code, city, country);
e) a phone number;
f) log-in data, and
g) a date of birth.
III. Purpose of Data Processing
- The Controller shall process personal data of Users exclusively for the following purposes:
a) to render the service in line with the Store Regulations, including the fulfilment of orders placed via the Store, to issue invoices, and to handle complaints;
b) to register an account in the Store;
c) to carry out competitions, promotional campaigns or loyalty programmes organised by the Controller;
d) for statistical and archival purposes;
e) to fulfil obligations that result from rules of law;
f) to enforce the compliance with the Store Regulations by Users and to prevent abuse and fraud;
The Controller shall process personal data of Users only and exclusively for the above-mentioned purposes.
- Transferring personal data shall be voluntary, but necessary for rendering the service via the Store by the Controller.
IV. Transferring Personal Data to Third Parties
- The Controller shall not, as a rule, transfer any personal data of Users to any third parties or entities, except for situations where the duty to provide access to personal data results from rules of law, a requirement of authorised entities or when necessary for rendering the service.
- Access to personal data of Users may be also gained by service providers of the Controller. In such instances, the Controller has made relevant agreements on protecting personal data of Users against access by unauthorised persons.
- Personal data of Users shall not be transferred to any states from outside the European Economic Area.
V. Rights of Users
- Personal data of Users shall be collected and stored at the registered office of the Controller.
- The User shall have the right to:
a) obtain access to one’s data and receive their copies;
b) rectify personal data that concern the User;
c) erase personal data (‘right to be forgotten’);
d) limit the processing of personal data;
e) require the transfer of personal data to another personal data controller, if technically feasible;
f) object in accordance with art. 21 GDPR;
g) revoke consent to data processing at any time.
- The User may exercise rights mentioned in the preceding section by submitting a relevant declaration of intent to the Controller:
a) personally, at the registered office of the Controller: 03130 Tschernitz, Cottbuserstrasse 30; or
b) by post, to the above-mentioned address; or
c) by e-mail to firstname.lastname@example.org; or
d) via an account of the Store User.
- The User shall be also entitled to file a complaint to the Chairman of the Personal Data Protection Agency (PUODO).
VI. Period of Storing Personal Data
- Personal data of Users shall be kept not longer than necessary for the proper performance of a service within the Store according to the purpose indicated in section III.
- After this period, personal data of Users shall be erased or anonymised in the manner that prevents the identification of the User.
- Personal data of Users may be stored longer if this obligation results from rules of law or is necessary to enforce civil-legal claims of the Controller towards a User.
VII. Protection of User Personal Data
- The Controller represents that he shall process personal data of Users in accordance with GDPR regulations and other applicable rules of law concerning personal data protection, including secondary legislation.
- The Controller represents that he applies technical and organizational measures that provide personal data protection adequate to hazards, such as giving access to personal data to unauthorised persons.
- The Controller shall notify the User of a planned change and its effective date via the Store’s website, and in the event of registered Users, via their accounts.
- Any and all questions concerning personal data protection are to be addressed to
Oldtimer Koni Jankowska Wioletta
with a note: ‘personal data protection’
to the e-mail address: email@example.com