All our employees have been properly trained in the processing of personal data. We never share your data, sell it, or exchange it with other parties for marketing purposes. Data provided to third parties is only used to provide you with our services. You can find detailed data about the external entity categories under the process description below.
The Controller of Customers’ personal data (both consumers and employees, co-workers, members and representatives of legal persons) provided in connection with the use of services offered by the Store [hereinafter referred to as “Personal Data”] is Positive Prints sp. z o.o. with its registered seat in Warsaw, ul. Puławska 145, 02-715 Warsaw, NIP: 9512500986, email address: [email protected]
OUR STORE COLLECTS THE FOLLOWING PERSONAL DATA
- Contact data contained in forms that are necessary for the proper use of the service or performance of the contract (e.g., design of custom graphics), such as name, address, email address and phone number.
- Personal data used to manage online purchases made at https://positiveprints.com/ i.e. contact data such as name, address, email address and phone number, payment data and payment history, bank account number, credit data, order data.
- Personal data used for customer service purposes, i.e., contact data such as name, address, email address and phone number, payment details and payment history, credit data, order data, delivery data, account number, all correspondence on the subject.
- Personal data related to direct marketing, i.e.: contact details such as name, address, e-mail address, telephone number and postal code, what products and offers have been ordered by the Customer, order history, how the Customer navigated the site and what items have been clicked on.
- Personal data related to participation in Competitions organized by the Store, i.e.: contact data, such as name, address, e-mail address and telephone number, data provided in the competition.
- Personal data related to the development and improvement of services and products offered by the Store, i.e.: contact details such as name and surname, e-mail address, additionally in case of shopping: order history, delivery data, payment history. The Store will also process the following personal data associated with cookies: click history, navigation and browsing history.
- Personal data related to the fulfilment of legal obligations, i.e.: order number, name, address, delivery address, transaction amount, transaction date.
- Personal data related to crime prevention and unlawful use: contact data such as name, address, phone number and email address, order history, delivery data, payment history.
- Data related to browsing the Store’s website: data on interaction with individual Store services, including system logs containing: date, time of visit and IP of the computer from which the connection was made, domain name, browser type, operating system type, data on website viewing statistics, traffic to and from individual pages, etc.
PURPOSE OF COLLECTING USERS’ PERSONAL DATA AND BASIS FOR PROCESSING PERSONAL DATA
Online Shopping and Customer Service
- Browsing the Store’s website does not require providing personal data by the Customers. By creating your own artwork and making a purchase from our Store, you will be asked to provide Personal Data for the purpose of processing your order. This data is deleted after the transaction is completed. All that remains are the sales documents stored by us for purposes such as, but not limited to, fiscal purposes or for the purpose of securing or asserting any legal claims to which the Controller or the Customer may be entitled. For more data, see: “Data Retention Period”
- The Controller will use personal data to manage purchases made online at https://positiveprints.com/ in order to process Customer orders and returns and to send notifications about delivery status or in case of any problems with the delivery of products. The Controller will use the Customer’s personal data to manage payments and to process product complaints and warranty claims. The Controller will also process the data in the scope of Customer satisfaction survey from the sales process.
- Controller will use Customer’s personal data to process Customer’s questions, complaints, product warranty requests, and technical questions submitted by email, chat, phone, and social media. The Controller may also contact the Customer if there are any problems with the Customer’s order.
- The Controller will process the Customer’s personal data with regard to online shopping on the basis of Article 6(1)(b) of the GDPR, while with regard to customer service on the basis of Article 6(1)(f) of the GDPR, i.e. the Controller’s legitimate interest.
- The Controller may send to Customers, including to their e-mail addresses, commercial data about products and services provided by the Store, inter alia in the form of webcasts and newsletters, provided that the Customer agrees to this.
- The Controller will process the Customer’s personal data to the above extent on the basis of 6(1)(a) GDPR, i.e. on the basis of the Customer’s consent.
- Sometimes it might happen that you will not be able to finish shopping in our store because of various reasons. We will get in touch to remind you about it. In such cases, we will process the data provided by you in the order form, i.e. name and e-mail address. If a technical error will be the cause of your unfinished purchase, the basis for data processing will be article 6, paragraph 1(b) GDPR, i.e. when the data processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject (you) prior to entering into a contract. In other cases, the basis for data processing will be article 6, paragraph 1(f) GDPR, i.e. the legitimate interests pursued by the controller. In this case, it will be our response to the contact you have initiated.
- The Controller will process the personal data when the Customer participates in the contest organized by the Controller. The personal data will be used to allow the Controller to contact participants regarding contest matters, before and after the event, to identify participants and verify their age, to contact winners, and to deliver the prize and arrange delivery.
- The Controller will process the Customer’s personal data to the above extent on the basis of 6(1)(a) GDPR, i.e. on the basis of the Customer’s consent.
Development, Improvements and Content Related to Browsing the Store’s Website
- The Controller may process personal data in order to improve the services, as well as to tailor displayed advertisements, materials or recommendations to Customers’ preferences and interests. For this purpose, the Controller may combine personal data provided by Customers in connection with the use of a given service with other personal data concerning that Customer processed by the Controller. The Controller will not analyse Customer data on an individual level – all data used for these purposes will be anonymised. The Controller will conduct analyses to change the services to make them more user-friendly by modifying the user interface to simplify the flow of data; highlighting the services that are most frequently used by customers in digital communication channels; and improving IT systems to enhance the security of users and other website visitors. Analytics are also used to develop and continually improve commodity supply logistics by creating purchasing, inventory, and delivery forecasts, and forecasting resources from a sustainability perspective – by streamlining purchasing and delivery planning, and improving assortment.
- The Store may obtain other data resulting from general rules of Internet connection, such as IP address, number and source of visits to the Store’s website, time of visit. The content viewed, number and type of pages accessed, referrals used, abandoned projects, analysis of graphic design stages, or your computer’s IP number, which may be used by the Store for technical and statistical purposes. The Controller does not connect the above data with customers’ personal data and does not use it to identify customers, unless it is necessary for the proper provision of services by the Store. The Controller uses the data referred to above solely for the purposes of market research and Internet traffic within the Store website, for statistical purposes, in particular to improve the quality of services provided by the Store.
- The Controller will process the Customer’s personal data to the above extent on the basis of 6(1)(f) GDPR, i.e. the Controller’s legitimate interest.
Fulfilment of Legal Obligations
- The Controller will use Customer’s personal data to comply with the provisions of the law or the courts and to comply with other governmental orders. In addition, it will use Customer’s personal data to collect and confirm financial data in order to comply with its accounting policies.
- The Controller will process the Customer’s personal data in the above scope on the basis of Article 6(1)(b) and (c) of the GDPR, i.e. for the purpose of performing the contract and fulfilling the Controller’s legal obligations.
Crime Prevention and Unlawful Use of Data
- The Controller will use the Customer’s personal data to prevent losses, to detect and prevent the use of online services in a manner inconsistent with the rules and regulations, to be able to check such cases and to prevent losses and scams by analysing the behaviour of customers of the Online Store.
- The controller will process personal data on the basis of Article 6(1)(f) of the GDPR, i.e. to prevent you from using our services inappropriately and on the basis of legitimate interest.
Personal Data Processed on the Basis of Consent Expressed by the User in the Cases Referred to Above.
The User gives his consent to the processing of personal data by ticking the appropriate box in the form during the registration procedure or another procedure aimed at enabling the use of Store services. Each Customer has the ability to choose whether and to what extent they want to use our services and share data about themselves. Please note that failure to provide certain data in certain cases may prevent you from using the services we offer. The User may revoke his/her consent to the collection and processing of the personal data provided at any time.
DATA RETENTION PERIOD
- Personal data processed for the purpose of concluding or performing a contract and fulfilling a legal obligation of the Controller, i.e. on the basis of Article 6(1)(b) and (c) GDPR, will be stored for the duration of the contract, and after its expiration for the period necessary to:
Thus, the data will be stored for a period of 3 years or 6 years + 1 year – for personal data processed for the purpose of establishing, asserting and defending claims (the length of the period depends on whether both parties are entrepreneurs or not), and for a period of 5 years – for personal data processed for the purpose of complying with tax obligations.
- provide after-sales customer service (e.g., complaint handling),
- secure or assert any legal claims to which the Controller or the Customer is entitled (for a maximum period of 6 years from the date of completion of the contract),
- fulfil the Controller’s legal obligations (e.g. under tax or accounting regulations)
- statistical and archiving purposes.
- Personal data processed on the basis of a legitimate legal interest, i.e. on the basis of Article 6(1)(f) GDPR, will be processed until the data subject objects, unless the Controller is able to find a lawful justification for this process that overrules the Customer’s interest or rights, or because of legal claims.
- Personal data processed on the basis of a separate consent will be stored until revoked.
- For the purpose of accountability, i.e. proving compliance with the regulations concerning the processing of personal data, the Controller will keep the data for a period in which the Controller is obliged to retain the data or documents containing them in order to document compliance with legal requirements and enable the inspection of their fulfilment by public authorities.
THE USERS’ RIGHTS RELATED TO THE COLLECTION AND PROCESSING OF PERSONAL DATA.
- The Right of Access to Data. The Customer has the right to request data about which personal data are processed by the Controller, i.e. the right to obtain confirmation whether the Controller processes the data and data regarding such processing.
- The Right to Data Portability. The Customer has the right to receive a copy of its data in a structured, commonly used and readable format. This copy may be sent to the Customer or to another entity. This applies only to personal data that you have provided to the Controller.
- The Right to Rectify Data. The Customer has the right to request the correction of his/her personal data if it is incorrect, as well as to complete incomplete data.
- The Right to Erase Data. The Customer has the right to request at any time the deletion of data processed by the Controller except in the following situations:
- unfinished business with customer service or an order that has not yet shipped or has only partially shipped,
- non-payment for an order, regardless of payment method,
- in the event of any purchases by the Customer, personal data will be retained for accounting and bookkeeping purposes,
- in order to secure or assert any legal claims to which the Controller or the Customer is entitled (for a maximum period of 6 years from the date of completion of the contract).
- The Right Not to Consent to Direct Marketing. The Customer has the right to opt out of receiving direct marketing materials, including the Customer Profile Analysis that is prepared for the purpose of producing such materials. The Customer may opt out of receiving direct marketing materials as follows:
- by following the instructions included in each email for newsletters,
- by contacting the Controller at the business address or by email at: [email protected]
- The Right to Object to Data Processing Based on the Legitimate Interest of the Controller: The Customer has the right to object to the processing of his/her data on the basis of the legitimate interest of the Controller. The Controller will cease processing the Customer’s personal data unless it can find a lawful justification for doing so that overrides the Customer’s interest or rights, or because of legal claims. The method of filing an objection is described in item 5 b above.
- The Right to Limit the Processing. The Customer has the right to request that the Controller restrict the processing of his personal data under the following conditions:
- in the event that the Customer objects to the processing of data on the basis of the Controller’s legitimate interest, then the Controller will restrict any processing of such data after verifying whether such legitimate interest exists,
- If the Customer reports incorrect personal data, then the Controller will limit any data processing until the correctness of the data is verified,
- where the processing is unlawful, you may object to the erasure of your personal data and instead request that we restrict the use of your personal data,
- where the Controller does not need the Customer’s personal data, but it is required to report or dismiss the claim.
- Right to File a Complaint. The Customer shall have the right to lodge a complaint with the Polish supervisory authority or with the supervisory authority of another Member State of the European Union competent for the place of habitual residence or work of the data subject or for the place of the alleged breach of the GDPR. The Polish supervisory authority is the President of the Office for Personal Data Protection (address: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw).
- The right to withdraw consent at any time, except that withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- The right to obtain human intervention from the Controller, to express your own position and to challenge a decision based on automated processing. The Customer has the right to express his/her point of view, challenge the decision and report it to the Controller.
- The rights mentioned above except for the right described in item 8 may be exercised by contacting the Controller in writing at the Controller’s business address or by e-mail at: [email protected]
TRANSFER AND SHARING OF PERSONAL DATA
TECHNICAL MEASURES AND CUSTOMERS’ OBLIGATIONS IN THIS RESPECT
The Store makes every possible effort to secure Customers’ personal data and to protect them against actions of third parties. We use all necessary server, connection and website security measures to protect customer data, in particular SSL encryption. All connections related to the execution of electronic payments by the Customers, if such option is selected, will be made via a secure encrypted connection. Our employees also use VPN services for secure data transfer.
Please be advised that the measures taken by the Store may, however, prove insufficient if the Customers themselves do not observe the safety rules. In particular, each Customer should keep the login and password to his/her account at the Store’s website confidential and not make them available to third parties. Please be informed that the Store will not ask the Customers to provide them, except for providing them during account login. In order to prevent unauthorized use of Customer’s account, please log out after using the website.
The Controller stores collected personal data in the European Economic Area (“EEA”), but it may also be transferred to and processed in a country outside the EEA. Any transfer of personal data is carried out in accordance with applicable law. If data is transferred outside the EEA, the Controller shall apply standard contractual clauses approved by the European Commission and other recognized safeguards for countries for which the European Commission has not found an adequate level of data protection.
POLICY ON COOKIES AND OTHER SIMILAR TECHNOLOGIES
In this document, the data regarding cookies also applies to other similar technologies used in the operation of the Store.
The Controller uses two types of Cookies:
- Session cookies: these are stored on the Customer’s device and remain there until the session of the respective browser ends. The stored data is then permanently deleted from the device memory. The mechanism of session Cookies does not allow collecting any personal data or any confidential data from the Customer device.
- Persistent Cookies: are stored on the Customer’s device and remain there until deleted. Ending the session of a given browser or switching off the given device does not remove them from the by the Customer’s device. The mechanism of persistent Cookies does not allow collecting any personal data or any confidential data from the Customer device.
Every Customer has the ability to restrict or disable access to Cookies on his/her device. If you use this option, you will be able to use the website except for functions that by their nature require Cookies.
PURPOSES FOR WHICH COOKIES ARE USED
- Adapting the content of the Store’s website to customers’ preferences and rights and optimizing the use of the site, recognizing each Customer’s device and its location and appropriately displaying the website, tailored to its individual needs, storing the settings selected by customers and personalizing each customer’s interface, e.g. as regards the chosen language or the region the customer comes from, storing the history of visited Store subpages in order to recommend content, font size, website layout, etc.
- Customer authentication in connection with the use of Store services and ensuring a Customer session on the Store website, including: maintaining a Customer session (after logging in), thanks to which a Customer does not have to re-enter his/her username and password on each Store page.
- Correct configuration of selected Store website functions, enabling in particular to verify the authenticity of a browser session, to optimise and increase the efficiency of the services provided by the Store, to carry out the processes necessary for the full functionality of the Store’s website, including: adapting the content of the Store’s website to customer preferences and optimising the use of the Store’s website. In particular, these files allow us to recognize the basic parameters of customers’ devices and appropriately display the website, tailored to individual needs of a given Customer.
- Cookies can be placed on the Store’s Customers’ terminal equipment and then used by advertisers, research companies and providers of multimedia applications cooperating with the Controller.
Customers’ Rights Regarding Storage and Access by Cookies.
The Customer of the Store may at any time contact the Data Controller in order to obtain data on whether and how the Data Controller uses or intends to use his Personal Data and data obtained by means of Cookies. Communication should be made by e-mail to: [email protected]