§1
GENERAL REGULATIONS
1. The privacy policy contains rules regarding the processing of personal data on the website, including the grounds, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools.
2 The administrator of personal data collected via the HobaYoga website is Sp. z o. o. Nordnex, NIP 9522215738
Tel. +48 512 577 048
E-mail: hi@hobayoga.com - hereinafter referred to as "Administrator".
3. Personal data on the Website are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (General Data Protection Regulation) - hereinafter "GDPR".
4. Using the Website, including registration, is voluntary. Similarly, providing personal data by the Service Recipient using the Website is voluntary, except for:
- conclusion of contracts for the conclusion and implementation of a Trade Agreement or a contract for the provision of services with the Administrator. Providing personal data in this case is a contractual requirement and if the data subject wants to conclude this contract with the Administrator, he must provide the required data. Each time, the amount of data required to conclude the contract is predetermined on the website.
- Statutory obligations - providing personal data is a statutory requirement resulting from applicable law imposing on the Administrator the obligation to process personal data (e.g. data processing for tax or accounting purposes), and the lack of indication will prevent the Administrator from fulfilling these obligations.
5. The administrator takes special care to protect the interests of persons whose personal data he processes, in particular he is responsible and ensures that the data collected by him:
- processed in accordance with the law;
- collected for specific, lawful purposes and are not subject to further processing incompatible with these purposes;
- are factually correct and adequate in relation to the purposes for which they are processed;
- processed in a manner that ensures the necessary security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
6. Taking into account the nature, scope, context and purpose of processing, as well as the risk of violating the rights and freedoms of natural persons with different probability and threat weight, the Administrator implements appropriate technical and organizational measures to ensure that the processing is carried out in accordance with the regulation and to be able to demonstrate it. The administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
§2
BASIS OF DATA PROCESSING
1. The administrator has the right to process personal data in cases where - and to the extent that - at least one of the following conditions is met:
- the data subject has consented to the processing of his personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the data subject is a party, or if it is necessary to take action at the request of the data subject prior to entering into a contract
- processing is necessary to comply with a legal obligation incumbent on the Data Administrator;
- processing is necessary for the purposes of the legitimate interests pursued by the Administrator or third parties, unless these interests are outweighed by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, in particular when the data subject there is a child.
2 The processing of personal data by the Data Administrator requires at least one of the above-mentioned attributes each time. The specific grounds for processing the Customer's personal data are.
§3
PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING
1. Each time, the purpose, basis, period and scope, as well as the recipients of personal data processed by the Administrator, result from the activities undertaken by this Customer as part of the website. For example, if the Customer decides to register, his personal data will be processed in order to implement the concluded Agreement for the provision of electronic services.
2. The administrator may process personal data for the following purposes on the following grounds, periods and in the following scope:
Purpose of data processing
Legal basis for data processing
/ period of data storage
Scope of processed data
Sending e-mails as part of the newsletter service
Article 6 par. 1 b. a) GDPR Regulation (consent)
The data is stored until the data subject withdraws consent to further processing of his data for this purpose. Email address, IP address, ID-ID
§4
PROFILING
1. The administrator may use profiling for marketing purposes, while decisions made on the basis of profiling do not concern the conclusion or refusal to conclude a commercial contract or the possibility of using services on the website. The effect of profiling may be, for example, giving a person a discount, sending a discount code, reminding about pending purchases, sending a product offer that may match the interests or preferences of a given person, or offering better conditions compared to
with the standard service offer. Despite profiling, a given person freely decides whether he wants to take advantage of the discount received in this way or more favorable conditions and make a purchase.
2. Profiling consists in automatic analysis or predicting the behavior of a person on the Portal's website or by analyzing the previous history of activities performed on the Portal. The condition for such profiling is that the Administrator has the personal data of a given person in order to be able to send him, for example, a discount code.
3 The data subject has the right not to submit to a decision based solely on automated processing, including profiling, and which produces legal effects concerning him or her or similarly significantly affects him/her.
§6
RIGHTS OF THE DATA SUBJECT
1. The right to access, rectify, limit, eliminate or transfer - the data subject has the right to request from the Administrator access to his personal data, rectification, elimination ("right to be forgotten") or limitation of processing and has the right to object against processing, as well as the right to transfer your data. Detailed terms of use of the above-mentioned rights are defined in art. 15-21 of the GDPR.
2. The right to withdraw consent at any time - the person whose data is processed by the Data Administrator on the basis of consent has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
3. The right to lodge a complaint to the supervisory body - the person whose data is processed by the Administrator has the right to lodge a complaint to the supervisory body in the form and procedure specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
4. Right to object - the data subject has the right to object at any time - for reasons related to his particular situation - to the processing of personal data concerning him, pursuant to art. 6 sec. 1 lit. b) e) (public interest or social purposes) or f) (legitimate interest of the administrator), including profiling based on these regulations. In this case, the administrator no longer has the right to process this personal data, unless he proves the existence of valid legally justified grounds for processing that override the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
5. In order to exercise the rights referred to in this paragraph, you can contact the Administrator by sending an appropriate message in writing or via e-mail to the Administrator's address referred to in paragraph 1.
§7
COOKIES, OPERATIONAL DATA AND ANALYTICS
1. Cookies are small text files sent by the server and saved on the side of the person visiting the Portal (e.g. on the hard drive of a computer, laptop or smartphone memory card - depending on what device the person visiting our website uses). Details on cookies and the history of their creation can be found in particular here: http://pl.wikipedia.org/wiki/Ciasteczko.
2. The administrator may process the data contained in cookies when
visits from the website for the following purposes:
- identifying Customers as users and indicating that they are authorized;
- keeping in mind the latest activities on the Portal's websites;
- in order to remember data from completed Order Forms, surveys or login details;
- adjusting the content of the website to the Customer's personal preferences (e.g. in terms of colors, font size, page layout) and optimizing the use of the website;
- keeping anonymous statistics showing how the Website is used by the Parties;
3. By default, most web browsers available on the market accept consent to store cookies by default. Everyone has the ability to determine the rules for the use of cookies through the settings of their browser. This means that it is possible, for example, to partially limit (e.g. temporarily) or completely disable the storage of cookies - in the latter case, however, it may affect some of the Portal's functionalities.
4. Web browser settings regarding cookies are important from the point of view of consent to the use of cookies by our Portal - according to the law, such consent may also be expressed through browser settings. In the absence of such consent, the settings of the web browser in the field of cookies should be changed accordingly.
5. Details on changing cookie settings and self-removal of cookies in the most popular web browsers can be found in the help section of the web browser.
6. The administrator may use Google Analytics, Universal Analytics provided by Google Inc (1600 Amphitheater Parkway, Mountain View, CA 94043, USA), Piksel Facebook service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and the Heatmaps service provided by HeatMap, Inc. These services help the Administrator in analyzing traffic on the website. Data collected under the above-mentioned services are processed anonymously (these are the so-called transactional data that make it impossible to identify a person) in order to generate statistics helpful in managing the website.
These data are aggregate and anonymous, i.e. they do not contain any identifying features (personal data) of the person visiting the Portal's website. Using the above The Administrator collects data such as the source and channel of visits, as well as their behavior on the website, information about devices and browsers from which a given website is visited, IP data, as well as domain, geographic and demographic data (age, gender), interests .
7. This person can easily block Google Analytics' general access to information about their activity on the website - for this purpose, you can install the Google Inc. browser application. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.