Privacy policy - Totobi

Privacy policy

  1. GENERAL PROVISIONS

    1. The Administrator of the personal data, gathered via the online Store, is the Totobi company (hereinafter referred to as the “Company”) with its registered seat in Kraków, address: 31-273 Kraków, ul. Batalionu Skała AK 4/53, entered into the business register by the Regional Court in Kraków – śródmieście, XI Economic Department of the National Court Register under KRS: 0000725268, NIP: 945-221-86-24, REGON: 369826292, with the share capital of PLN 5 000,00. And the email address totobi@totobi.pet – hereinafter referred to as the „Administrator” at the same time being the service provider of the Online store and the “Seller.”
    2. The personal data of the service recipient and of the Client is processed in accordance with the provisions of law about the processing and securing the data, including the Regulation of the European Parliament and the Council (EU) 2016/679 from 27th of April 2016 about the protection of the natural persons in connection to the processing of the personal data and about the free movement of such data and the repeal of the directive 95/46/WE (hereinafter referred to as GDPR), the Act of 10th of Mat 2018 about the protection of the personal data and the Act about providing the services via electronic means from 18th of July 2002 (Journal of Laws No. 144, item 1204, as amended).
    3. The Administrator shall take the utmost care of protecting the interest of persons whose data is processed, and shall especially ensure that the data gathered by him is processed in accordance with the law; gathered for the marked, lawful purposes and that it is not being further processed for other purposes; factually correct and adequate for the purposes for which they are processed and kept in a form which enables the identification of the persons concerned, not longer than for a period necessary to achieve the purpose of their processing.
  2. SCOPE OF PROCESSING THE PERSONAL DATA IN THE SERVICE

    1. Each time the purpose, scope as well as the recipients of the processed by the Administrator data stem from the actions undertaken by the service recipient or Client in the Service. For example, if the Client during the placing of the order chooses the personal collection instead of the courier delivery, then his personal data shall be processed for the purpose of concluding and realizing the Sales Agreement, but shall not be made available for the carrier, realizing the delivery on behalf of the Administrator.
    2. In connection with the use of the Service by the User, the Administrator shall gather the data in the scope necessary to provide individual services offered, as well as the information about the User’s activity in the Service. The detailed rules and purposes of the processing of the personal data gathered during the use of the service by the User have been described below.
  3. AIM AND THE LEGAL BASIS TO THE PROCESSING OF THE PERSONAL DATA IN THE SERVICE

    1. The possible purposes of collecting the personal data of the service recipients of Clients of the Service by the Administrator:
      1. In order to provide the services via electronic means in the scope of sharing with the User the contents collected in the Service – the legal basis for the processing of the data is the necessity of the processing to realize the agreement ( art. 6, par. 1 letter b of  GDPR);
      2. For analytic and statistical purposes – the legal basis for the processing is a justified interest of the Administrator to conduct the analyzes of Users’ activity, as well as their preferences in order to improve the functionalities and the provided services (art. 6, par. 1 letter f of GDPR);
      3. For the potential establishing and pursuing claims or a defense against them – the legal basis for the processing is a justified interest of the Administrator to protect his rights (art. 6, par. 1 letter f of GDPR);
      4. For answering a question sent via the contact form – the legal basis for the processing is the User’s consent, which can be withdrawn at any time.
      5. For marketing purposes of the Administrator and of other entities which may consist in:
        1. Showing the User marketing content that is not suited for his preferences (contextual advertising) – the legal basis for the processing of his personal data is a justified interest of the Administrator (art. 6, par. 1 letter f of GDPR);
        2. Showing the User the marketing content suited for his interest (behavioral advertising) including the profiling ads – the legal basis for the processing of the personal data is the consent of the User which may be withdrawn at any time;
        3. directing the marketing content to him via e-mail, MMS / SMS or by phone (direct marketing) – the legal basis for the processing of personal data is the consent of the User, which he may withdraw at any time;
        4. directing the notifications via newsletter about interesting offers or contents which in some cases may contain marketing information – the legal basis for sending the newsletter is the necessity to process to realize the agreement (art. 6, par. 1 letter f of RODO), but in the case of directing to the User the marketing content (marketing information) within the newsletter – the legal basis for the processing of the personal data is the User’s consent which may be withdrawn at any time;
      6. in order to run a profile on social media, and to inform the Users about the Administrator’s activity and to promote various events, services or products – the legal basis for the processing of the personal data by the Administrator for those purposes is his justified interest  (art. 6, par. 1 letter f of GDPR).
  4. THE RECIPIENTS OF THE DATA

    1. In connection to the realization of the services the personal data shall be reviled to the outside entities, including especially the suppliers responsible for the operation of IT systems made to provide for the bodies such as banks and payment operators, entities providing accounting services, couriers (in connection with the implementation of the contract) and entities associated with the Administrator.
    2. In the case of a Customer who uses the Online Store with the method of delivery by post or courier, the Administrator shares the collected personal data of the Customer with a chosen carrier or a intermediary who realizes the delivery on behalf of the Administrator.
    3. In the case of a Customer who uses the Online Store with the method of payment via electronic means or with a credit card the Administrator shares the collected personal data of the Customer with a chosen entity that operates those payments in the Online Store.
    4. The Administrator may process the following personal data of the service recipients or Customers that use the Online Store: name and surname; email address; phone number, the delivery address (street, house number, apartment number, post code, town, country), home address/ business address/seat address (if it is different than the delivery address). In the case of the service recipients or Customers who are not consumers, the Administrator may additionally process the name of the company as well as the service recipients or Customer’s NIP.
    5. Sharing the personal data mentioned in the article above may be necessary to realize the sales agreement or the agreement about providing the electronic service within the online store. Each time the scope of the data required for the conclusion of the agreement is pointed beforehand on the online Store’s website as well as in the Online Store’s regulations.
    6. If the User consents, his data may be also shared with other entities for their own purposes, including the marketing purposes.
    7. The Administrator reserves the right to reveal chosen information about the User to the appropriate organs or third parties who will make a request to provide such information, on a proper legal basis and in accordance with the provisions of the law.
  5. COOKIES AND PERFORMANCE DATA

    1. Cookie files are the IT data, and especially text files that are stored in the online site user’s terminal device and whose purpose is to use it. Cookies usually contain the name of the website which they come from, the time of storing them in the terminal device and a unique number.
    2. The Administrator uses two types of cookies:
      1. SESSION COOKIES: they are stored in the User’s Device and remain there until the end of the session of a given browser. The saved information are then permanently deleted from the Device’s memory. The session cookies mechanism does not allow the gathering of any personal data nor of any confidential information from the User’s device.
      2. PERNAMENT COOKIES: are stored in the User’s Device and remain there until they are deleted. The end of a given browser’s session or turning off of the device does not cause their deletion from the User’s Device. The permanent cookie’s mechanism does not allow the download of any personal data nor any confidential information from the User’s Device.
    3. The Administrator may process the data from the Cookie files when users use the Online Store for the following purposes:
      1. Remembering the Products added to cart in order to place the Order;
      2. Remembering the data from the Order Forms or the polls;
      3. Conducting anonymous statistics showing the way the Online Store’s website is used.
    4. By default, most Internet browsers available on the market accept saving the cookie files. Each person has the possibility to determine the conditions of using the cookie files in the settings of the browser. It means that, for example, one may partially limit (e.g. temporarily) or turn off completely the possibility to save the cookie files – however, in the latter case it may have an influence on some of the Online Store’s functionalities (for example it may be impossible to place the order via the order form as the products are not saved in the cart during other steps of placing the order).
    5. The settings of the Internet browser within the cookie files are important from the point of view of consent to use the cookie files by our online store – in accordance with the provisions such consent may be also made via the browser’s settings. In the case of not consenting the browser’s settings are ought to be changed accordingly.
    6. The Administrator is also processing the anonymized performance data connected with the use of the online store (IP address, domain) in order to generate statistics which are helpful in the administration of the Online Store. This data is cumulative and anonymous – it does not contain features that identify persons visiting the Online Store’s website. This data is not shared with third parties.
  6. THE PERIOD OF PROCESSING OF PERSONAL DATA

    1. The data shared by the Customer shall be processed within a period necessary to realize the sales agreement, complaint claims, as well as to confirm the Administrator’s performance and pursuing claims or defending against claims which can be targeted towards the Administrator – but for no longer than 10 years from the day of sharing the data to the Administrator by the Customer.
    2. After the processing period has expired, the data shall be irreversibly deleted or anonymized.
  7. THE USER’S RIGHTS

    1. The User has the right to: access the data as well as to request their correction, deletion, restriction of the processing, the right to transfer the data and the right to file an objection to process the data, as well as the right to file a complaint to the supervisory body that deals with the protection of the personal data.
    2. Within the scope in which the User’s data is processed on the basis of a consent, it can be withdrawn at any time by contacting the Administrator.
    3. The User has the right to object the processing of the data for the marketing purposes, if the processing is conducted in connection with a justified interest of the Administrator as well as if it is connected to his specific situation in other cases, when the legal basis to process the data is the Administrator’s justified interest (e.g. to realize the analytic and statistic purposes).
  8. SHARING THE DATA OUTSIDE THE EUROPEAN ECONOMIC AREA

    1. The Administrator shares the personal data outside the EEA only if it is necessary, and with the provision of a proper level of protection, especially through:
      1. the cooperation with entities that process the personal data in countries for which an appropriate decision of the European Commission has been issued;
      2. the application of standard contractual clauses issued by the European Commission;
      3. the use of binding rules of conduct approved by the competent supervisory authority;
    2. The administrator always informs about the intention to transfer personal data outside the EEA at the stage of their collection.
  9. THE SECURITY OF THE PERSONAL DATA

    1. On the regular basis the Administrator shall conduct the risk analysis and monitor the adequacy of the used data protection to the identified dangers. When needed, the Administrator shall employ additional measures to increase the data security.
    2. In order to ensure the integrity and confidentiality of the data, the Administrator has implemented procedures allowing access to personal data only to authorized persons and only to the extent necessary due to the tasks performed by them. The administrator applies organizational and technical solutions to ensure that all operations on personal data are registered and conducted only by authorized persons.
    3. Moreover, the administrator undertakes all the necessary actions, so that its subcontractors and other cooperating entities would guarantee that appropriate security measures will be applied whenever they process personal data at the request of the Administrator.
  10. CONTACT DETAILS

    1. The contact with the Administrator is possible:
      1. By post to this address: Totobi Sp. z o.o., ul. Batalionu Skała AK 4/53, 31-273
      2. Via email to this address: totobi@totobi.pet.
  11. FINAL PROVISIONS

    1. The Online Store may contain links to other websites. The administrator suggests to, after switching to other websites, read the privacy policy established there. This privacy policy applies only to this Online Store.
    2. The administrator employs technical and organizational measures to ensure that the processed personal data is protected which are applicable for the dangers and the categories of the data being protected, and especially he protects the data against unauthorized access, unauthorized removal, processing with violation of applicable laws as well as from changes, loss, damage or destruction.
    3. The Administrator appropriately provides the following technical measures to prevent the collection and modification of personal data sent via electronic means by unauthorized persons:
      1. securing the data set from an unauthorized access;
      2. access to the Account only after providing an individual login and password;
      3. SSL certificate;
      4. the policy is verified on a regular basis and updated if necessary.

     

    The current version of the Policy has been accepted and is effective from January 2st, 2019.

Find a product

perfect for you