PRIVACY POLICY OF BIVROST.PRO STORE

PRIVACY POLICY OF BIVROST.PRO STORE

This Privacy Policy constitutes an integral part of the Terms of Service of BIVROST.pro Store dated 25 May 2018 (Terms of Service). Definitions of the terms used in this Privacy Policy were included in the Terms of Service. The provisions of the Terms of Service shall be applied accordingly.

1. PERSONAL DATA

• Personal data provided by the Client are processed by the Seller (i.e. BIVROST spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (01-445) at 13/310 E.Ciolka Street, registered in the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register (KRS) under number KRS: 0000584360; National Business Registry Number REGON: 362940085, Tax Identification Number NIP: 1182114571, share capital in the amount of PLN 85,850.00), which is the personal data controller. You may contact the controller via e-mail at the following address: contact@bivrost.pro
• The scope of processed personal data is determined by the scope of data provided by the Client and sent to the Seller by means of a relevant form. The processing of Client’s personal data may pertain to their e-mail address, first and last name, billing details (payer’s details), delivery address, phone number, credit/payment card number with the expiry date, as well as computer IP address.
• Personal data of Clients shall be processed for the following purposes: (a) execution of legal provisions, (b) execution of Sales Agreements, provision of services by electronic means, in particular operation of the Account and other actions as specified in the Terms of Service, (c) promotional or commercial actions of the Seller.
• Personal data of Clients shall be processed for the period of 5 years and shall be deleted upon the lapse of the said period, unless their processing is necessary on the basis of another legal basis.
• Providing personal data shall be voluntary, but the lack of consent to process personal data marked as obligatory prevents the Seller from performing services and Sales Agreements.
• The legal basis for processing personal data in the case referred to in clause 1.3(a) is the statutory authorization to process data which are essential to act in accordance with the law, whereas in the case referred to in clauses 1.3(b) and 1.3(c) it is the statutory authorization to process data which are necessary to perform an agreement if a data subject is a party to such agreement, or if it is essential for undertaking certain actions prior to conclusion of the agreement upon request of the data subject, or voluntary consent of the Client.
• Personal Data of Clients may be transferred for processing to (recipients of personal data): Seller’s accounting firm, carriers, hosting provider, Product manufacturers. Personal data collected by the Seller may also be disclosed to: competent state bodies upon their request on the basis of relevant provisions of law, or other persons and entities—in the cases prescribed in the provisions of law.
• Each entity to which the Seller transfers Clients’ personal data for processing on the basis of a personal data transfer agreement (hereinafter referred to as Transfer Agreement) shall guarantee an adequate level of security and confidentiality of the processing of personal data. From 25 May 2018 the Seller shall, within the frames of the Transfer Agreement, transfer Clients’ personal data for processing to entities observing the applicable corporate rules. The entity processing Clients’ personal data on the basis of the Transfer Agreement shall process Clients’ personal data from the effective date of GDPR through another entity only upon prior written consent of the Seller.
• As of 25 May 2018 Krzysztof Bociurko shall be appointed the personal data protection officer. You may contact the data protection officer at the following e-mail: krzysztof.bociurko@bivrost.pro.
• Clients’ personal data shall be processed in an automated manner in the form of profiling which shall consist in creation of dynamic contact forms on the website, dynamic and automated messages and advertising content, after-sales communication, contact segmentation and sending of e-mail messages, reminders on an abandoned cart, automatic selection of communication channels, contact management, and which shall result in generation of personalised marketing actions and preparation of analyses and sales forecasts. The Client may refuse to consent to the performance of the profiling which leads to automated decisions towards them, and may express their objection as to other profiling, which shall result in lack of profiled communications directed to the Client.
• Personal data may be disclosed to unauthorized entities under this Privacy Policy only upon prior consent of the Client to whom such data refer.
• The Clients shall be entitled to control the processing of data which refer to them and which are collected in databases, in particular, they shall be entitled to: access their personal data, complete and correct them through filing a relevant request with the Seller, demand temporary or permanent suspension of their processing, or their deletion if they are incomplete, invalid, inaccurate or if they have been collected in violation of the act or they have become unnecessary for realization of the purpose for which they had been collected, as well as to raise an objection against processing their personal data—in the cases prescribed by the law—and the right to demand their deletion if they have become unnecessary for realization of the purpose for which they had been collected.
• As of the effective date of GDPR, i.e. from 25 May 2018, the Clients shall gain the right to: delete the collected personal data referring to them both from the system belonging to the Seller as well as from bases of entities which have co-operated with the Seller, restrict the processing of data and the moving of the personal data collected by the Seller and referring to the Client, in this to receive them in a structured form, file a complaint to the supervising body if the Client finds that their data are processed in violation of the law, and lodge legal remedies before a court against the supervising body and the entity committing the violations.
• If the Seller is advised that the Client uses the service provided by electronic means in a manner violating the Terms of Service or applicable provisions of law (unauthorized use), then the Seller may process personal data of the Client in the scope required for establishing the liability of the Client.
• The Store may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of Client’s station—identification through http protocol, if possible, date and system time of registration in the Store and receipt of the enquiry, number of bytes sent by the server, the URL address of a site visited by the Client before if the Client has entered the Store through a link, information concerning Client’s browser, language used in the browser, operating system, country from which the Client gained access to the Services, information concerning errors occurring while conducting the http transaction, information on the number and time of incorrect logins to the profile, Logs may be collected as material for proper administration of the Store. Only persons authorized to administer the IT system on the basis of granted authorisations including confidentiality statements in the scope of processing data and relevant safeguards shall have access to the data. Files containing web server logs may be analyzed for the purposes of preparing statistics concerning traffic in the Store and occurring errors. Summary of such details does not identify particular Clients.
• The Seller shall transfer personal data to third countries providing for security of personal data in accordance with the Act, while from 25 May 2018 the transfer of personal data shall proceed in line with the requirements of GDPR.

2. INFORMATION SECURITY
   • The Seller shall apply technological and organizational means as prescribed in Articles 36–39a of the Personal Data Protection Act in order to secure the processing of personal data corresponding to the threats and category of data to be secured, in particular, through technical and organizational means the Seller shall secure data against publishing to unauthorized persons, taking over by an unauthorized person, processing in violation of the law and change, loss, damage or destruction; among others the SSL (Secure Socket Layer) certificates are applied. The set of Clients’ personal data shall be collected and stored on a secured server; moreover, the data shall be secured by Seller’s internal procedures related to the processing of personal data and information security policy. From 25 May 2018, the Seller shall additionally apply all necessary technical means as specified in Articles 25, 30, 32–34, 35–39 of GDPR, providing for enhanced protection and security of the processing of Clients’ personal data.
   • In order to log in to the Account, it is necessary to provide the relevant username and password. For the purpose of ensuring an appropriate level of security, the password to the Account shall exist in the Store only in a coded form. Furthermore, registration of and logging in to the Account proceeds in a secure https connection. Communication between Client’s device and the servers is encoded using the SSL protocol.
   • At the same time the Seller states that using the Internet and services provided by electronic means, in particular using publicly available Wi-Fi networks, may pose specific teleinformatic threats, such as: presence and operation of worms, spyware or malware software, including computer viruses, as well as possibility of being exposed to cracking or phishing (fishing passwords) and other. In order to obtain detailed and professional information related to security in the Internet, the Seller recommends taking advice from entities specializing in such IT services.

3. COOKIES
   • For the purposes of a correct operation of the Store, the Seller shall use Cookies support technology. Cookies are packages of information stored on the Client’s device through the Store, usually containing information corresponding to the intended use of a particular file, by means of which the Client uses the Store–these are usually: address of the Internet service, date of publishing, lifetime of a Cookie, unique number and additional information corresponding to the intended use of a particular file.
   • The Seller shall use two types of Cookies: (a) session cookies, which are permanently deleted upon the closing of the session of the Client’s browser; (b) permanent cookies, which remain on the Client’s device after closing the session until they are deleted; (c) containing data related to language preferences.
   • It is not possible to identify the Client on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents collecting any personal data.
   • Cookies used in the Store are safe for the Client’s device, in particular they prevent viruses or other software from breaking into to the device.
   • Files generated directly by the Store may not be read by other Internet services. Third-Party Cookies (i.e. Cookies provided by associates of the Seller) may be read by an external server. From 25 May 2018 the use of Third-Party Cookies shall proceed on the basis of the provisions of the Regulation concerning the respect for private life and the protection of personal data in electronic communications (e-Privacy Regulation).
   • The Client may disable storing Cookies on their device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Store. From 25 May 2018, in accordance with the e-Privacy Regulation, the Client may enable the storing of Third-Party Cookies on their device in line with the instructions of the browser producer. Failure to enable the Third-Party Cookies may not cause lack of availability of the Store, in part or in its entirety, for the Client.

• The Seller shall use own Cookies for the following purposes: authentication of the Client in the Store and preserving Client’s session; configuration of the Store and adjustment of content of pages to Client’s preferences; analyses and researches of views; number of clicks and paths of moving on the website for the purpose of improving the appearance and layout of the content on the website, time spent on the website, number and frequency of visitors.
• The Seller shall use third-party Cookies for the following purposes: using interactive functions by means of a social network facebook.com and other social networks, preparing (anonymous) statistics for to optimise functionality of the Store, by means of analytic tools such as Google Analytics for promotional and marketing actions provided by third-party companies in the process of retargeting, from 25 May 2018 upon consent of the Client expressed by selecting the opt-out option in the browser settings.
• The Client may individually change the Cookies settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service. The Client may also individually delete Cookies stored on their device at any time in accordance with the instructions of the browser producer. From 25 May 2018, the Client may consent to use the Third-Party Cookies by individually changing the Cookies settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service.

• Details concerning Cookies support are available in the settings of the browser used by the Client.