1. General information
- This policy applies to the Website, operating at url: nbminerals.com
- The Operator of the website and the Administrator of personal data is: GRAFMIND Marcin Łubianka 285 Wyzwolenia Street, 43-344 Bielsko-Biała
- Operator’s contact e-mail address: firstname.lastname@example.org
- The Operator is the Administrator of your personal data with regard to the data provided voluntarily on the Website.
- The Website uses your personal data for the following purposes:
- Running a newsletter
- Handling inquiries via form
- Handling orders of goods – preparation, packaging, shipping
- Fulfillment of ordered services
- Handling of relevant accounting documents
- Debt collection
- Presentation of an offer or information
- Performing the Administrator’s legally incumbent duties in accordance with Article 6(1)(c) of the RODO to the extent provided for by specific legislation (e.g., bookkeeping).
- The service performs functions of obtaining information about users and their behavior in the following ways:
- Through voluntarily entered data in the forms, which are entered into the Operator’s systems.
- By storing cookies (so-called “cookies”) in the end devices.
2. Selected data protection methods used by the Operator
- In order to protect the data, the Operator regularly makes security copies.
- The website is hosted (technically maintained) on the server of the operator: hekko.pl
- Registration details of the hosting company: H88 S.A. with its registered seat in Poznań, Franklin Roosevelt 22, 60-829 Poznań, registered in the National Court Register by the District Court Poznań – Nowe Miasto and Wilda in Poznań, VIII Economic Department of the National Court Register under KRS No. 0000612359, REGON 364261632, NIP 7822622168, share capital 210,000.00 PLN fully paid up.
- Hosting company:
- applies measures to protect against data loss (e.g., disk arrays, regular backups),
- applies adequate measures to protect processing sites in case of fire (e.g., special firefighting systems),
- applies adequate measures to protect processing systems in case of sudden power failure (e.g., dual power paths, generators, UPS voltage backup systems),
- applies measures to physically protect access to data processing sites (e.g., access control, monitoring),
- applies measures to ensure appropriate environmental conditions for servers as elements of the data processing system (e.g. control of environmental conditions, specialized air conditioning systems),
- applies organizational solutions to ensure the highest possible degree of protection and confidentiality (training, internal regulations, password policies, etc.),
- has appointed a Data Protection Inspector.
- The hosting company, in order to ensure technical reliability, keeps logs at the server level. The record may include:
- resources specified by the URL identifier (addresses of the requested resources – pages, files),
- time of arrival of the request,
- time of sending the response,
- the name of the client station – identification carried out by the HTTP protocol,
- information about errors that occurred during the execution of HTTP transactions,
- URL address of the page previously visited by the user (referer link) – in case the passage to the Site occurred through a link,
- information about the user’s browser,
- information about the IP address,
- diagnostic information related to the process of self-ordering of services through registrars on the site,
- information related to the handling of e-mails addressed to the Operator and sent by the Operator.
4. Your rights and additional information about how your data is used
- In certain situations, the Administrator has the right to transfer your personal data to other recipients, if this is necessary to perform the contract concluded with you or to fulfill the obligations incumbent on the Administrator. This applies to such groups of recipients:
- persons authorized by us, employees and co-principals who need to have access to personal data in order to perform their duties,
- companies handling mailings,
- companies handling SMS messages,
- companies with which the Administrator cooperates in its own marketing,
- law firms and debt collectors,
- payment operators,
- public authorities.
- Your personal data processed by the Administrator for no longer than it is necessary to perform related activities specified by separate regulations (e.g. on accounting). With regard to marketing data, data will not be processed for longer than 3 years.
- You have the right to request from the Administrator:
- access to personal data concerning you,
- their rectification,
- limitation of processing,
- and data portability.
- You have the right to object, with respect to the processing indicated in 3.3 c), to the processing of your personal data for the purpose of carrying out the legitimate interests pursued by the Administrator, including profiling, however, the right to object will not be exercised if there are valid legitimate grounds for processing that override your interests, rights and freedoms, in particular the establishment, assertion or defense of claims.
You may complain about the Administrator’s actions to the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.
- Providing personal data is voluntary, but necessary to operate the Service.
- Activities involving automated decision-making, including profiling for the purpose of providing services under a concluded agreement and for the purpose of direct marketing by the Administrator, may be undertaken in relation to you.
- Personal data is not transferred from third countries in terms of data protection regulations. This means that we do not send them outside the European Union.
5. What data we process and why?
5.1 User account registration
When registering, we ask you to provide the data necessary to create an account in the nbminerals.com store, so you don’t have to waste time filling out the entire order form again with each subsequent purchase. By registering you save time and gain the ability to track your order history. A registered customer, after logging in, also has the ability to verify the status of the order placed and the history of purchases made. A registered and logged-in customer can at any time independently correct, complete or completely remove data from the nbminerals.com store.
The registration of a user account constitutes the conclusion of a contract for the provision of a free service consisting in providing the user with continuous and unlimited time access to the user’s account and the data stored in it via the Internet.
During the registration process, we may request:
- name – necessary for us to later issue a sales document and address the shipment;
- address (street, house number and/or house and premises number, postal code and city) – necessary for us later to address the shipment;
- e-mail – necessary for logging into the nbminerals.com store and communication related to the use of the nbminerals.com site
- phone number – necessary if you choose certain delivery methods (required by carriers)
5.2 Placing an order at the nbminerals.com store
When placing an order, we ask you to provide us with the data necessary to process the order, which, in the case of registered and logged-in customers, is partly taken automatically from the data provided at registration.
When placing an order, we ask for the following data:
- name or company/institution name – necessary for issuing the sales document and addressing the shipment;
- address (street, house number and/or house and premises number, postal code and city) – necessary for addressing the shipment;
- e-mail – necessary for communication related to the execution of the order;
- telephone number – necessary if certain delivery methods are selected (required by carriers).
If, when placing an order, the customer chooses delivery to an address other than the one specified when registering or placing the order, please additionally specify:
- name or company/institution name – necessary for us to address the shipment;
- address (street, house number and/or house and premises number, postal code and city) – necessary for us to address the shipment;
- telephone number of the consignee of the shipment – necessary if you choose certain delivery methods (required by carriers).
If, when placing an order, the customer chooses to issue a sales document for other data than that indicated when registering or placing an order, please additionally provide:
- Name or name of the company/institution – necessary for issuance of proof of sale;
- address (street, house number and/or house and premises number, postal code and city) – necessary for issuance of proof of sale.
- Tax ID number – necessary for issuance of proof of sale.
5.3 Data collected automatically
- The computer system used by nbminerals.com, like most Web sites, stores HTTP requests directed to our server. This data is automatically stored in the server logs.
- The server logs contain information about:
- The type of device from which the request was sent to the server,
- Its operating system,
- The type of web browser,
- screen resolution,
- color depth,
- the public IP address,
- the first line of the http request,
- http response code,
- request arrival time
- This data is not combined with data on specific individuals.
- We store server logs for an indefinite period of time as auxiliary material for the administration of the service. Based on the log files, statistics may be generated to assist in the administration of the site. Aggregate summaries in the form of such statistics do not contain any identifying characteristics of visitors to the Administrator’s website.
6. The online store processes your personal data for the following purposes:
Transfer of your personal data to ING Bank Śląski S.A. (“Bank”) in connection with:
- provision by the Bank to the Online Store of the service of providing infrastructure for handling payments over the Internet (legal basis:
Article 6(1)(f) of the Regulation).
- Handling and settlement by the Bank of payments made by customers of the Online Store over the Internet using payment instruments.
(legal basis: Article 6(1)(f) of the Regulation).
- in order for the Bank to verify the proper execution of contracts concluded with the Online Store, in particular to ensure the protection of the interests of payers in connection with complaints filed by them (legal basis:
Article 6(1)(f) of the Regulation).
- Transfer of your personal data to Twisto Polska Sp. z o.o. in connection with the possibility of Twisto Polska Sp. z o.o. offering to make payment for the purchased goods or services within the framework of an order agreement including the “Buy with Twisto” shopping formula and making this shopping formula available by the Internet Shop, as well as for the purpose of Twisto Polska Sp. z o.o. verifying the proper execution of such order agreements (legal basis: art. 6 section 1 letter f) of the Regulation).
6.1In addition to the purposes indicated in paragraph 3 (primary purpose), the Online Store may process your personal data for other legally permissible purposes (secondary purpose) when the primary and secondary purposes are closely related. As part of such processing, the Online Store, acting pursuant to Article 6(1)(f) of the Regulation, provides for the processing of personal data also for the following secondary purposes:
In connection with the processing of personal data for the purposes specified in paragraphs 6 and 6.1, your personal data may be made available by the Online Store to other recipients or categories of recipients of personal data, which may be:
ING Bank Śląski S.A.
Twisto Polska sp. z o.o.
If you provide your personal data in order to conclude a contract with the Online Store, providing your personal data is a condition for concluding this Contract. Providing personal data in this situation is voluntary, but the consequence of not providing such data will be the inability to conclude a contract with the Online Store.
If you provide your personal data in order to transfer your personal data to Twisto Polska sp. z o.o. before concluding a contract of sale of goods (or services) purchased in the Online Store, the transfer of these data is a condition for concluding a sales agreement in connection with the business model of conducting business adopted by the Online Store.
In the case of transfer of your personal data to the Bank in connection with the processing and settlement of payments made by you to the Online Store via the Internet using payment instruments, the provision of data is required in order to process the payment and provide confirmation of its execution by the Bank to the Online Store.
In the case of transfer of your personal data to the Bank in order for the Bank to verify the proper performance of the agreements concluded with the Online Store, in particular to ensure the protection of the interests of the payers in connection with their complaints, the provision of such data is required to enable the execution of the agreement concluded between the Online Store and the Bank.
In case of transferring your personal data to Twisto Polska sp. z o.o. in connection with the possibility of offering you to pay the price for the goods or services purchased by you by Twisto Polska sp. z o.o. within the framework of an order contract including a purchase formula “Buy with Twisto” and making that formula available by the Internet Shop, providing those data and processing them for that purpose is required in connection with the business model of running the business adopted by the Internet Shop and in order to execute the contract concluded between the Internet Shop and Twisto Polska Sp. z o.o.
7. Information in forms
- The Service collects information voluntarily provided by the user, including personal information, if provided.
- The Service may record information about connection parameters (timestamp, IP address).
- The Service, in some cases, may record information to facilitate linking the data in the form to the e-mail address of the user filling out the form. In this case, the e-mail address of the user appears inside the url of the page containing the form.
- The data provided in the form is processed for the purpose resulting from the function of the specific form, e.g. to perform the process of service request or business contact, service registration, etc. Each time the context and description of the form clearly informs what it is used for.
8. Logi Administrator
- Information of users’ behavior on the site may be subject to logging. This data is used to administer the site.
9. Relevant marketing techniques
10.Information about cookies
- Cookies (so-called “cookies”) are IT data, in particular text files, which are stored in the Service User’s terminal equipment and are intended for use on the
- Service’s websites. Cookies usually contain the name of the website they come from, the time they are stored on the terminal equipment and a unique number.
- The entity placing cookies on the Service User’s terminal equipment and accessing them is the Service operator.
Cookies are used for the following purposes:
- maintaining a session of the Service user (after logging in), thanks to which the user does not have to re-enter his/her login and password on each sub-page of the Service;
- to carry out the purposes specified above under “Important marketing techniques”;
- The Service uses two main types of cookies: “session” (session cookies) and “permanent” (persistent cookies). “Session” cookies are temporary files that are stored on the User’s terminal equipment until the User logs out, leaves the website or shuts down the software (web browser). “Permanent” cookies are stored on the User’s end device for the time specified in the parameters of the cookies or until they are deleted by the User.
- Web browsing software (Internet browser) usually allows the storage of cookies on the User’s terminal device by default. Users of the Website may change their settings in this regard. The web browser makes it possible to delete cookies. It is also possible to automatically block cookies Detailed information on this subject is contained in the help or documentation of the Internet browser.
- Cookies placed on the Website User’s terminal equipment may also be used by entities cooperating with the Website Operator, in particular this concerns companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
11. Managing cookies – how to give and revoke consent in practice?
- If you do not wish to receive cookies, you can change your browser settings. We stipulate that disabling cookies necessary for authentication processes, security, maintenance of user preferences may hinder, and in extreme cases may prevent the use of websites
- To manage your cookie settings, select the web browser you are using from the list below and follow the instructions:
12. User/customer rights in connection with data processing
According to the current legislation, the data owner has the following rights:
- If consent for data processing is granted, the owner of the data may withdraw or limit it at any time. It is enough, to inform the Administrator about it.
- The data owner has the right to access, rectify and erase his or her data, limit its processing, the right to data portability, not to be subject to automated decision-making, including profiling, and the right to object to the processing of your personal data.
- The Data Owner has the right to lodge a complaint regarding the Administrator’s processing of his/her personal data to the supervisory authority, which is the President of the Office for Personal Data Protection (President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw).