The Operator is an Administrator of your personal data in reference to the information that you give in the service at your will.
Service uses personal data for the following purposes:
Newsletter management
Managing commentary system
Carrying out online chat talks
Handling of inquiries via the form
Preparing, packaging, shipment of goods
Implementation of ordered services
Presenting the offer and/or information
Service obtains information about users and their behaviour in the following ways:
By information given in the forms at user’s will, that get entered into the Operator’s systems.
By saving cookie files in the end devices.
2. Chosen methods of data protection used by the Operator
Places used for logging in and entering personal data are secured in the transmission layer (SSL certificate). As a result personal data and login data entered on the website, get encrypted and can only be read on the target server.
User passwords are stored in a hashed form. The hash function works in one direction – it isn’t possible to reverse its actions, which is currently a modern standard for storing user passwords.
Operator periodically changes their administrative passwords.
In order to secure the data, the Operator regularly makes backup copies.
An important element of the data protection is regular updating of all software used by the Operator to process personal data, which especially means regular updates of programming components.
3. Hosting
Service is hosted (technically maintened) on servers that belong to the operator: hekko.pl
Registration data of the hosting company: H88 S.A. with headquarters in Poznań, Franklin Roosevelt 22, 60-829, entered into the National Court Register by the District Court Poznań- Nowe Miasto and Wilda in Poznań, VIII Commercial Division of the National Court Register at numer KRS 0000612359, REGON 364261632, share capital 210.000,00 PLN fully paid.
At the address https://hekko.pl you can get to know more about the hosting and check hosting company’s privacy policy.
Hosting company:
applies measures of security to protect against data loss (ex. disk arrays, regular security backups),
applies adequate measures to protect the processing places in case of fire (ex. special fire extinguishers),
applies adequate measures to protect the processing places in case of a sudden power failure (ex. dual power paths, aggregates, UPS voltage backup systems),
applies physical measures of protection to secure access to data processing sites (ex. access control, monitoring),
applies measures to ensure appropriate environmental conditions for servers as elements of the data processing system (ex. control of environmental conditions, specialized air conditioning systems),
applies organizational solutions to ensure the highest possible security level and confidentiality (trainings, internal regulations, password policies, etc.),
appointed the Data Protection Inspector.
In order to ensure technical reliability, the hosting company keeps logs at the server level. The following may be saved:
URL-identified resources (addresses of requested resources – pages, files),
the time of recieving a request,
the time of sending a request,the name of the client’s station – identification implemented by HTTP protocol,
information about errors that happened during executing a HTTP transaction,
the URL address of a website previously visited by the user (referral link) – in case if the transition to the Website was made via a link,
information about the user’s explorer,
information about the IP address,
diagnostic information related to the process of self-ordering services by recorders on the website,
information related to the handling of mail addressed to the Operator and sent by the Operator.
4. Your rights and additional information on how the data is used
In order to fulfill the obligations resulting from the regulations on the protection of the personal data and to ensure real protection, the Operator appointed the Data Protection Inspector.
The Data Protection Inspector is: Agnieszka Szematowicz, address: Klonowa 36, Antoniów 42-233 Mykanów, Poland, e-mail address:info@steelstonewood.art
In some cases the Administrator has the right to transfer your personal data to other recipients, if it is necessary to perform the contract concluded with you or to fulfill the obligations incumbent on the Administrator. This applies to these groups of receipents:
hosting company on an entrusted basis
couriers
postal operators
payment operators
commenting system operators
operators of an online chat solutions
authorized employees and associates who use the data to achieve the purpose of the website
companies providing marketing services to the Administrator
Your personal data will be processed by the Administrator for no longer than it is necessary to execute the related activities specified in separate regulations (e.g. about keeping accounting). With regard to the marketing data, the data will not be processed for more than 3 years.
You have the right to demand the following from the Administrator:
an access to personal data concerning you,
correcting it,
deleting,
restricting the processing,
and data portability.
You have the right to object to the processing indicated in point 3.3 c) to the processing of personal data in order to perform the legitimate interests pursued by the Administrator, including profiling, however the right to objectify may not be executed if there are lawful, valid grounds for processing, interests rights and freedoms that override you, in particular for the establishment, investigation or defense of claims.
The Administrator’s actions may be appealed against to the President of the Personal Data Protection Office, St. Ustawki 2, 00-193 Warsaw, Poland.
Providing personal data is voluntary, however necessary to operate the Website.
Actions may be taken in relation to You, consisting in automated decision making, including profiling in order to provide services under the concluded contract and for the purpose of conducting direct marketing by the Administrator.
Personal data is transferred from third countries within the meaning of the regulations on the protection of personal data. This means that we send them outside the European Union.
5. Information in the forms
The Website collects information provided at user’s will, including personal data, if given.
The Website may save information about the connection parameters (time stamp, IP address).
In some cases the Website may save information faciliating the linking of data in the form with the e-mail address of the user filling in the form. In that case user’s e-mail address appears inside the URL address of the page containing the form.
The data provided in the form are processed for the purpose resulting from the function of a specific form, e.g. in order to process the service request or commercial contact, registration of services, etc. Each time the context and description of the form clearly indicate what it is used for.
6. Administrator logs
Information on the user behavior on the website may be logged. These data are used in order to administer the website.
7. Important Marketing Techniques
The operator uses statistical analysis of website traffic through Google Analysis (Google Inc. based in the USA). The Operator does not provide personal data to the operator of this service, but only anonymised information. The service is based on the use of cookies on the user’s end device. In terms of information about user preferences collected through Google advertising network, the user can view and edit information derived from cookies with the use of the tool: https://www.google.com/ads/preferences/
The operator uses remarketing techniques that allow for adjusting advertising messages to the user’s behavior on the Website, which can give a false impression that the user’s personal data is being used to track him, but in reality no personal data is transferred from the Operator to advertising operators. A technological condition for such activities is that cookies are enabled.
The Operator uses the Facebook pixel. This technology means that Facebook (Facebook Inc. based in the USA) knows, that a specific person registered in it uses the Website. In this case, it is based on data for which the Operator is the administrator himself, the Operator does not provide any additional personal data to Facebook. The service is based on the use of cookies on the user’s end device.
The Operator uses a solution that examines user behavior by creating heat maps and by logging behavior on the Website. This information is anonymized before it is sent to the service operator, so that the operator doesn’t know which person specifically it concerns. In particular entered passwords and other personal data aren’t logged.
The Operator uses a solution that automates the operating of the Website in relation to the users, e.g. a solution that can send an e-mail to the user after visiting a specific subpage, provided that he had consented to recieve commercial correspondence from the Operator.
8. Information on the cookie files
The service uses cookie files.
Cookie files are IT data, in particular text files that are stored on the Website User’s end device are intended for use from websites of the Service. Usually cookies contain the name of the website that they come, the time of storing them on the end device and a unique number.
The entity putting the cookie files on the Service User’s end device and accessing them is the Service Operator.
Cookie files are used for the following reasons:
keeping up the Service User’s session (after logging in), thank to which the user doesn’t have to re-enter the login and password on each subpage of the Service.
completing the goals set out above in the „Important marketing techniques” section;
The Service uses two basic types of cookies: „session cookies” and „persistent cookies”. „Session” cookies are temporary files stored on the User’s end device until the time of logging out, leaving the website or turning off the software (web browser). „Persistent” cookies are stored on the User’s end device for the time specified in the cookie file parameters or until they get deleted by the User.
Software used for browsing websites (web browser) usually by default allows storing the cookies on the User’s end device. The Service users can make changes in this regard. Web browser allows you to delete the cookie files. It is also possible to automatically block cookies. Help or web browser’s documentation contains detailed information on this subject.
Restrictions on the use of cookies may affect some of the functionalities available on the Service websites.
Cookie files stored on the Service User’s end device can also be used by entities cooperating with the Service’s Operator, especially it concerns the following companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).
9. Managing cookie files – how to give and take back the conscent?
If the user doesn’t want to recieve the cookie files, they can change the browser’s settings. We reserve that disabling cookies necessary for authentication processes, security, maintaining user preferences may make it difficult, and in extreme cases may prevent the use of websites.
In order to manage cookie settings, select the web browser you use from the list below and follow the instructions:
