Privacy policy of the website

This Privacy Policy explains how personal data of Users collected in relation to using www.barbaras.pl online shop, hereinafter called "Website" (including its subpages), is processed and protected. The Website is administered by Firma Odzieżowa Barbaras Marcin Skowron located at Sztombergi 100, 28-200 Staszów, with NIP 8661170743 and REGON 830275421 , that provides its services electronically, stores and accesses information on users' devices and is the Administrator of personal data sent to the company by its Customers (people using barbaras.pl).

This Privacy Policy includes the rules of collecting and using User data on the Website, including when organizing competitions and when Users place orders for products offered in Barbaras online shop. It describes the rules and practices as regards personal data processing by the Company. We understand that processing personal data is a dynamic process, that's why this Privacy Policy shall be constantly updated.

How to contact us to get more information about how we process your personal data?
F.O. Barbaras is located at Sztombergi 100, 28-200 Staszów, in Świętokrzyskie voivodship (Poland). If you have any questions about the rules and practices as regards processing your personal data, please send us an email at kontakt@barbaras.pl.

Where did we get your data from?
You gave it to us during account creation and also later in relation to the purchases made on the website.

How do we collect personal data? – general information:
1. Personal data sent to us by natural persons:
  a) Information sent in relation to purchases in the online shop (name, surname, address, credit/debit card data)
  b) Information sent to us by computers during visits to our website (e.g. IP, location, browser, operating system, visit duration, number of visits, user redirection)
  c) Information sent by Candidates in their CVs (including contact details),
  d) Information sent by natural persons in order to receive information and newsletters (name, surname and contact details),
  e) Information sent by persons interested in the offer of the Company by electronic means, including written information and information sent through the contact form on the      website,
  f) any information that natural persons decide to send us.
2. Personal data received by Barbaras from third parties. The company may sometimes receive personal data from third parties or other personal data administrators. This happens when natural persons are receiving vocational training in Barbaras.

What is the purpose and legal basis for processing your personal data?

1. We process your personal data, because it is necessary for handling the agreement you entered into with us, including:
  1) making it possible to provide services electronically and fully utilizing our website, including making payments;
  2) creation and managing your account or accounts and servicing your account, purchases and solving technical problems;
  3) servicing complaints if any are filed;
  4) servicing reports sent to us (e.g. through the contact form);
  5) contacting you in matters related to providing services.
2. In addition to that, we are required by law to process your personal data for income tax and accounting purposes.
3. We process your data for reasons stated below based on a legitimate interest, meaning:
  1) monitoring your activity and the activity of other users, including, e.g. keywords used for searching, placing offers and managing your activities;
  2) personalizing ads based on previously viewed content;
  3) processing your personal data for advertising purposes, including:
    a) displaying ads that are not personalized (including contextual advertising);
    b) displaying personalized ads (behavioural advertising);
    c) sending emails about interesting offers and content that may sometimes include trade information (newsletter);
    d) other actions related to directly advertising products and services (sending trade information electronically and telemarketing).
4. processing your personal data when you visit our social media profile on Facebook. Your personal data is processed only for the purposes of managing the profile, including informing users about the activity of the Administrator and advertising various events, services or products.
5. managing payments.
6. ensuring the safety of the services provided electronically.
7. monitoring your activity and the activity of other users, including, e.g. keywords used for searching, improving the service and finding information about the main interests and needs of visitors.
8. servicing your requests, especially those sent to the customer service or through the contact form, when they are not directly related to handling the agreement.
9. organising loyalty programs, competitions and promotional actions that you can participate in.
10. debt collection; handling litigation, arbitration and mediation.
11. conducting statistical analyses.
12. storing data for archiving purposes and ensuring accountability (proving the fulfilment of our obligations under the law and other relevant regulations).

With your permission, we process your personal data in order to:
1) save data in cookies, collect data from our website and apps;
2) organise competitions and promotional actions that you can participate in. You can revoke your consent to personal data processing at any time in the same way you gave it. We will continue to process your personal data until your consent is revoked.

Cookies are small text files installed on the devices of Users browsing our online shop. Cookies usually contain the name of the website they come from, the storage duration on the terminal device and a unique number. We use cookies to deliver electronic services to you and to improve the quality of these services. Cookies are used by the Administrator and other entities that provide analytical and statistical services to store or access information on terminal devices (computers, telephones, tablets, etc.). Cookies used for this purpose include. If you want to learn more, take a look at our Cookies policy.

What will happen if I do not give you my personal information?
We require the following personal data so that we can conclude and handle agreements with you (provide you with our services): email, login, password, telephone number, shipping address and invoicing address. If you do not provide us with the above information, we will be unable to conclude an agreement with you, meaning that you will be unable to purchase items on our online shop. If required by law, we may also require you to provide us with additional data necessary for accounting or taxation purposes. Apart from the personal data listed above, providing any other personal data is voluntary.

What rights do you have with respect to the Administrator as concerning the processing of data?
We guarantee respecting all your rights arising from Regulation (EU) No 2016/679 of the European Parliament and of the Council of April 27, 2016 concerning the protection of individuals as regards the processing of personal data, the free movement of such data and the repealing of Directive No 95/46/EC (general regulations of personal data protection, known as GDPR). As far as your personal data is concerned, you have the right to access it, amend it, erase it, restrict its processing, move it, object to its processing and complain to the President of the Office for the Protection of Personal Data. If we process data with your consent, you can revoke it at any time by contacting us.

Below is a general description of your rights arising from GDPR:
1. the right to receive information on whether the Administrator processes your personal data and if this is the case, the right to access the data and to being informed on how it is processed (e.g. for what purpose and in what capacity it is processed, who it is shared with, its storage duration - if possible to determine). You also have the right to obtain a copy of your personal data,
2. the right to immediate correction of your personal data if it is incorrect or to complement the data if it is incomplete,
3. the right to request an immediate erasure of your personal data by the Administrator, e.g. when it is no longer needed for the purposes for which it was collected or when the processing of the data was based on consent which was then revoked and the Administrator has no other legal basis for processing the data or when your personal data is processed illegally.
4. If the Administrator publicizes your personal data, e.g. on the Internet, they will be obligated to remove any links to or copies of the data and also to inform other personal data administrators who had access to the data that the data needs to be deleted. This is the so-called "right to be forgotten",
5. the right to request a restriction on the processing of the data, e.g. when the natural person whose data is processed calls into question the correctness of the data. In such cases the Administrator should restrict the processing of such data until their correctness is checked,
6. the right to move your data, according to which you are entitled to receive from the Administrator your previously provided personal data in a structured and commonly used format and to send it to another Administrator. The original Administrator cannot object to this. In addition to that, if technically possible, you may request one Administrator to send your personal data directly to another Administrator.

In what situations can you object to the processing of your personal data?
1. You have the right to object at any moment to the processing of your personal data for the purposes of direct marketing, including profiling, if the processing is done in relation to a legitimate interest of the Administrator.
2. You have the right to object at any moment to the processing of your personal data for reasons related to your particular situation when the legal basis for the processing is the legitimate interest of the Administrator (e.g. for analytical and statistical purposes, including profiling).

How long will we be storing your data for?
We will be storing your personal data for the duration of the agreement with you and also after the agreement is terminated for the purposes of:

1) enforcing claims related to the agreement,
2) fulfilling the obligations arising from the law, especially as regards taxation and accounting,
3) preventing abuses and frauds,
4) statistics and archiving,
5) for a maximum of 10 years after the agreement is terminated.

We will be storing your personal data for marketing purposes for the duration of the agreement or until you object to such processing, whichever comes sooner.
In the case of loyalty programs, competitions and promotional action that you participate in, we will be processing your data for their duration and for the period of prize awarding.
For accountability purposes, meaning proving that we comply with the laws concerning the processing of personal data, we will be storing your data for as long as we are required to keep data and documents that contain them for the purposes of documenting the fulfilment of legal requirements and submitting them for inspection to public authorities.

Do we send your data to countries outside of the European Economic Area?
Your personal data will be sent outside of EEA to Google LLC based on adequate legal safeguards in the form of standard contractual clauses regarding personal data protection approved by the European Commission. In any other case, your data will not be sent to third countries.

Do we process your personal data automatically (including profiling) in a way that may have legal implications for you?
Your personal data will be processed automatically (including profiling) but it will not have any legal implications for you and will not significantly affect your situation. Profiling of personal data means processing your data (also in an automatic way) by using it to evaluate some information about you, especially for analysing and predicting personal preferences and interests.

Personal data safety.
In order to protect personal data, we use physical and technical safeguards and appropriate organisational means. We perform risk assessment on an ongoing basis to make sure that personal data is processed in a safe way, especially to ensure that only authorised persons have access to it and only to the extend that is necessary for performing their assigned tasks. We make sure that all operations on personal data are registered and performed only by authorized employees or associates. We train our employees in personal data protection on a regular basis. We update and monitor systems that ensure data safety. We take every necessary action to make our subcontractors and other co-operators guarantee an appropriate measure of data safety whenever they process personal data for us. If a data leak happens, we will do everything to prevent it from happening again and to assess the risk related to the leak. If it is found that the leak may lead to damages (e.g. discrimination, identity theft, fraud, financial loss), we will contact you immediately. Every step taken in the case of a data leak will be coordinated with the Personal Data Protection Office.