VAT invoice with deferred payment for educational institutions.

Privacy Policy

COMBO WALL PRIVACY POLICY

1.
This Privacy Policy sets out the rules for processing personal data obtained via the online store combowall.pl (hereinafter referred to as the “Online Store”).
2.
The owner of the Online Store and at the same time the data controller is Remi s.c. with its registered office in Warsaw (04-445 Warsaw), ul. Szafarzy 71, entered into the Central Register and Information on Business Activity; Tax ID (NIP): 113-278-33-47, REGON: 142097943, hereinafter referred to as Remi s.c.
3.
Personal data collected by Remi s.c. via the Online Store is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as the GDPR.
4.
Remi s.c. makes special efforts to respect the privacy of Customers visiting the Online Store.

§ 1. Type of processed data, purposes and legal basis

1.
Remi collects information concerning natural persons performing a legal act not directly related to their business activity, natural persons conducting business or professional activity in their own name, as well as natural persons representing legal persons or organisational units that are not legal persons but are granted legal capacity by law, conducting business or professional activity in their own name, hereinafter collectively referred to as Customers.
2.
Customers’ personal data is collected in the case of:
a) account registration in the Online Store – in order to create an individual account and manage that account.
Legal basis: necessity for performance of the agreement for the provision of the Account service (Article 6(1)(b) GDPR);
b) placing an order in the Online Store – in order to perform the sales agreement.
Legal basis: necessity for performance of the sales agreement (Article 6(1)(b) GDPR).
3.
In the case of account registration in the Online Store, the Customer provides:
a) an e-mail address.
4.
During account registration in the Online Store, the Customer sets an individual password for access to their account. The Customer may change the password at a later time in accordance with the rules described in §5.
5.
When placing an order in the Online Store, the Customer provides the following data:
a) e-mail address;
b) address details:
postal code and city,
country (state),
street including house/apartment number;
c) first name and last name;
d) telephone number.
6.
In the case of Entrepreneurs, the above scope of data is additionally extended to include:
a) the Entrepreneur’s business name;
b) Tax ID (NIP) number.
7.
In the case of using the Newsletter service, the Customer provides the following data:
a) e-mail address;
b) telephone number.
8.
While using the Store Website, additional information may be collected, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.
9.
Navigation data may also be collected from Customers, including information about links and references they choose to click, or other actions taken in our Online Store.
Legal basis: legitimate interest (Article 6(1)(f) GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of those services.
10.
For the purpose of establishing, pursuing and enforcing claims, certain personal data provided by the Customer while using the Online Store functionalities may be processed, such as: first name, last name, data concerning the use of services (if claims arise from the manner of use), other data necessary to prove the existence of a claim, including the amount of damage incurred.
Legal basis: legitimate interest (Article 6(1)(f) GDPR), consisting in establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and state authorities.
11.
Personal data provided to Remi s.c. is provided voluntarily in connection with sales agreements or service agreements concluded via the Store Website; however, failure to provide the data specified in the forms during the Registration process makes Registration and creation of a Customer Account impossible, and in the case of placing an order without registering a Customer Account, it makes placing and fulfilling the Customer’s order impossible.

§ 2. To whom is data disclosed or entrusted and for how long is it stored?

1.
The Customer’s personal data is transferred to service providers used by Remi s.c. in operating the Online Store.
Depending on contractual arrangements and circumstances, the service providers to whom personal data is transferred either:
act on Remi s.c.’s instructions as to the purposes and methods of processing such data (processors),
or determine the purposes and methods of processing independently (controllers).
a) Processors.
Remi s.c. uses providers that process personal data solely on the instructions of Remi s.c.
These include, among others, providers of hosting services, accounting services, providers of marketing systems, traffic analysis in the Online Store and analysis of the effectiveness of marketing campaigns.
b) Controllers.
Remi s.c. also uses providers that do not act solely on instructions, but determine the purposes and methods of using Customers’ personal data themselves.
They provide, among others, electronic payment and banking services.
2.
Location.
Service providers are based mainly in Poland and in other countries of the European Economic Area (EEA).
3.
Retention period of Customers’ personal data:
a) If the legal basis for processing personal data is consent, the data is processed by Remi s.c. until the consent is withdrawn, and after withdrawal – for a period corresponding to the limitation period for claims that may be raised by Remi s.c. or against it.
Unless a specific provision states otherwise, the limitation period is 10 years, and for periodic performance claims and claims related to conducting business activity – 3 years.
b) If the legal basis for processing is the performance of an agreement, the Customer’s personal data is processed by Remi s.c. for the time necessary to perform the agreement and afterwards – for a period corresponding to the limitation period for claims.
Unless a specific provision states otherwise, the limitation period is 10 years, and for periodic performance claims and claims related to conducting business activity – 3 years.
4.
In the case of a purchase in the Online Store, personal data may be transferred – depending on the Customer’s choice – to the following entities for the purpose of delivering the ordered goods:
a) a courier company,
b) Poczta Polska (Polish Post).
5.
In the case of choosing payment via the PayU system, the Customer’s personal data is transferred, to the extent necessary to complete the payment, to:
PayU S.A. with its registered office in Poznań, 60-166 Poznań, ul. Grunwaldzka 182,
entered into the register of payment services under number IP1/2012,
registered in the District Court in Poznań – Nowe Miasto and Wilda,
8th Commercial Division of the National Court Register (KRS) under number 0000274399,
share capital of 4,944,000 PLN, fully paid up,
Tax ID (NIP): 779-23-08-495, REGON: 300523444.
6.
Navigation data may be used to provide Customers with better service, analyse statistical data, adapt the Online Store to Customer preferences, and administer the Online Store.
7.
Remi s.c., upon receiving a request, discloses personal data to authorised state authorities, in particular: organisational units of the Public Prosecutor’s Office, Police, President of the Personal Data Protection Office, President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§ 3. Cookies mechanism, IP address

1.
The Online Store uses small files called cookies.
They are saved by Remi s.c. on the end device of the person visiting the Online Store if the web browser allows it.
A cookie file usually contains the name of the domain from which it originates, its “expiry time”, and an individual, randomly selected number identifying that file.
Information collected with cookies helps adjust the products offered by Remi to the individual preferences and actual needs of visitors to the Online Store, and also enables the preparation of general statistics of visits to the presented products.
2.
Remi s.c. uses two types of cookies:
a) Session cookies – after the end of a given browser session or after turning off the computer, the stored information is deleted from the device’s memory.
The session cookie mechanism does not allow any personal data or confidential information to be collected from Customers’ computers.
b) Persistent cookies – stored in the memory of the Customer’s end device and remain there until deleted or expired.
The persistent cookie mechanism does not allow any personal data or confidential information to be collected from Customers’ computers.
3.
Remi s.c. uses own cookies for the purpose of:
a) authenticating the Customer in the Online Store and ensuring the Customer session (after logging in), thanks to which the Customer does not have to re-enter login and password on each subpage;
b) analyses, research and audience measurement audit – in particular for creating anonymous statistics that help understand how Customers use the Store Website, which enables improving its structure and content.
4.
Remi s.c. uses third-party cookies for the purpose of:
a) promoting the Online Store via the social networking service facebook.com (controller: Facebook Inc., USA);
b) collecting general and anonymous statistical data via Gemius Traffic analytical tools (controller: Gemius S.A., Warsaw);
c) collecting general and anonymous statistical data via Google Analytics tools (controller: Google Inc., USA);
d) displaying advertisements tailored to Customer preferences using Google AdSense (controller: Google Inc., USA).
5.
The cookie mechanism is safe for Customers’ computers.
In this way, it is not possible for viruses, malicious software or other undesirable code to get into Customers’ computers.
Customers have the option to limit or completely disable cookie support in their browsers.
If this option is used, the Online Store may still be used; however, some functions requiring cookies may not work properly.
6.
Below are ways to change cookie settings in popular web browsers:
a) Internet Explorer
b) Microsoft Edge
c) Mozilla Firefox
d) Google Chrome
e) Safari
f) Opera
7.
Remi s.c. may collect Customers’ IP addresses.
An IP address is a number assigned to the computer of a person visiting the Online Store by the Internet service provider.
In most cases, it is assigned dynamically, i.e. it changes each time a connection to the Internet is made, therefore it is treated as non-personal information.
The IP address is used by Remi, among others, to diagnose technical problems with the server, create statistical analyses (e.g. determining regions with the highest number of visits), administer and improve the Online Store, and for security purposes and identification of undesirable automated actions (e.g. bots).
8.
The Online Store contains links and references to other websites.
Remi s.c. is not responsible for the privacy protection rules applicable on such websites.

§ 4. Rights of data subjects

1. Right to withdraw consent
Legal basis: Article 7(3) GDPR
a) The Customer has the right to withdraw any consent they have granted to Remi s.c.
b) Withdrawal of consent is effective from the moment it is withdrawn.
c) Withdrawal of consent does not affect processing carried out by Remi s.c. lawfully before the consent was withdrawn.
d) Withdrawal of consent does not entail any negative consequences, but it may make it impossible to further use services or functionalities which, under the law, may be provided only with consent.

2. Right to object to the processing of data
Legal basis: Article 21 GDPR
a) The Customer has the right at any time to object – on grounds relating to their particular situation – to the processing of their personal data, including profiling, if Remi s.c. processes the data based on a legitimate interest (e.g. marketing of Remi s.c. products and services, statistics of use of the Online Store, satisfaction analysis).
b) Opting out of receiving marketing messages in the form of e-mails constitutes an objection to the processing of personal data for this purpose.
c) If the objection is justified and Remi s.c. has no other legal basis for processing, the Customer’s personal data will be deleted to the extent covered by the objection.

3. Right to erasure of data (“right to be forgotten”)
Legal basis: Article 17 GDPR
a) The Customer has the right to request deletion of all or some personal data.
b) A request may be submitted in particular when:
personal data is no longer necessary for the purposes for which it was collected,
the Customer has withdrawn consent for processing,
the Customer has objected to processing for marketing purposes,
data is processed unlawfully,
deletion of data is required by EU law or national law,
data was collected in connection with offering information society services.
c) Despite the request for deletion of data, Remi s.c. may retain certain information to the extent necessary to establish, pursue or defend claims and to fulfil legal obligations.
This includes, among others, data such as: first name, last name, e-mail address, residential or correspondence address, order number – necessary for handling complaints and claims.

4. Right to restriction of processing
Legal basis: Article 18 GDPR
a) The Customer has the right to request restriction of processing of their personal data. Until the request is examined, Remi s.c. suspends processing of the data and sending communications, including marketing communications.
b) This right applies in cases where:
the Customer questions the accuracy of the data – Remi s.c. restricts processing for the time necessary to verify it, no longer than 7 days,
processing is unlawful and the Customer requests restriction instead of deletion,
data is no longer necessary for processing purposes but is needed by the Customer to pursue claims,
the Customer has objected – restriction applies until it is determined whether the Customer’s interests override the Controller’s interests.

5. Right of access to data
Legal basis: Article 15 GDPR
a) The Customer has the right to obtain confirmation whether the Controller processes their personal data, and if so, may:
obtain access to their data,
receive information about purposes, scope, recipients, retention period, data source, rights under GDPR, possible profiling and safeguards used when transferring data outside the EU,
obtain a copy of their personal data.

6. Right to rectification of data
Legal basis: Article 16 GDPR
a) The Customer has the right to request immediate rectification of inaccurate personal data and completion thereof – by contacting Remi s.c. at the e-mail address specified in §6 of the Privacy Policy.

7. Right to data portability
Legal basis: Article 20 GDPR
a) The Customer has the right to receive personal data they provided to the Controller in a machine-readable CSV format and to transmit it to another data controller.
b) The Customer may also request that Remi s.c. transmit the data directly to the new controller – provided it is technically feasible.

8. Time limits for fulfilling requests
Remi s.c. fulfils the request or refuses to fulfil it without undue delay, no later than within 1 month of receiving the application.
In complicated cases or in the case of numerous requests, this time limit may be extended by a further 2 months, of which the Customer will be informed within the first month together with justification.

9. Method of contact
The Customer may submit complaints, questions and applications regarding the processing of their personal data and exercising their rights to the Controller in the manner specified in §6 of the Privacy Policy.

10. Right to obtain a copy of standard contractual clauses
The Customer has the right to request that Remi s.c. provide a copy of the standard contractual clauses – by sending an enquiry to the contact address specified in §6.

11. Right to lodge a complaint
The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office if they consider that the processing of their data violates the provisions of the GDPR or other personal data protection regulations.

§ 5. Security management – password

1.
Remi s.c. provides Customers with a secure and encrypted connection when transmitting personal data and logging in to the Customer Account in the Online Store.
The Store uses an SSL certificate issued by one of the leading companies specialising in securing and encrypting data transmitted via the Internet.

2.
In the event of losing the account access password, the Online Store allows generation of a new password.
Remi s.c. does not send password reminders because passwords are stored in the database in encrypted form, preventing them from being read.
To obtain a new password, the Customer should provide their e-mail address in the form available under the “Forgot password” link next to the login form in the Online Store.
The new password will be automatically sent to the e-mail address provided during registration or saved during the last update of the account profile.

3.
Remi s.c. never sends any correspondence – including e-mails – requesting login details, and in particular the Customer Account password.
All such requests should be treated as phishing attempts and immediately reported to Remi s.c.

§ 6. Amendments to the Privacy Policy

1.
The Privacy Policy may be amended, and Remi s.c. will inform Customers at least 7 days in advance. Information about amendments will be published on the Store Website.

2.
Any questions regarding the content or application of the Privacy Policy should be addressed to the e-mail address:
📧 info@remi.home.pl

3.
Date of last modification: 25/05/2018