Privacy policy
PRIVACY POLICY OF THE ONLINE PLATFORM www.dictador.com/store
§ 1. Basic terms
- The privacy policy on the www.dictador.com/store online platform was created and adopted by – Dictador Europe sp. Z o.o. with its registered office in Katowice
- The Seller as the Administrator processes personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, act of 10 May 2018 on the protection of personal data (Official Journal of 2018 item 1000, i.e.
- Terms used in this Policy signify:
- Administrator – Dictador Europe sp. Z o.o. with its registered office in Katowice, ul. Fabryczna 15, 40 – 061 Katowice, NIP: 6423098529.
- Personal data – any information relating to an identified or identifiable natural person. Individual pieces of information that, when combined, can lead to the identification of a person, also constitute personal data. Information on a natural person identified or identifiable by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including your device’s IP, web identifier, and information collected through cookies and other similar technology.
- Personal Data Inspector -
- Policy – this Privacy Policy.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
- Platform – a website run by the Administrator at the address www.dictador.com/store
- User – any natural person visiting the Platform or using one or more of the services or functionalities described in the Policy.
§ 2. PROTECTION OF PERSONAL DATA
- In connection with the use of the Platform by the User, the Administrator collects Personal Data to the extent necessary to provide individual services offered. The detailed rules and purposes of the processing of personal data collected during the use of the Platform by the User are described below.
- The information collected by the Administrator is:
- first name,
- last name,
- e-mail address,
- postal address,
- telephone number,
- In the case of persons conducting business activity, the NIP number and registration data.
- Providing personal data is voluntary; however, the Administrator informs that unless otherwise indicated in the content of individual forms (e.g. that providing data is optional), the Platform cannot be used anonymously (except for browsing). In connection with the above, refusal to provide data may be associated with a refusal to conclude a contract (execution of an order).
- The Administrator appoints the Personal Data Protection Inspector specified in the Privacy Policy.
- To create a customer account on the Platform, it is necessary to provide mandatory data:
- For persons who do not run a business activity:
- name and surname
- address of residence
- e-mail address
- telephone number
- For businesses and organisations:
- name and surname
- name of company or organisation
- address of business
- e-mail address
- telephone number
- Tax ID number
- For persons who do not run a business activity:
- The Controller shall ensure that personal data are:
- processed lawfully, fairly, and transparently;
- collected for specific, explicit, and legitimate purposes and not further processed in a manner inconsistent with those purposes;
- adequate, relevant, and limited to what is necessary for the purposes for which they are processed;
- correct and, where necessary, updated;
- stored in a form enabling identification of the data subject for a period not longer than is necessary for the purposes for which the data are processed;
- processed in a manner ensuring adequate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organisational measures,
§ 3. Purposes and legal basis for the processing of personal data
- RULES OF USE OF THE PLATFORM
- Personal data of all persons using the Platform are processed by the Administrator:
- In order to provide electronic services in the scope of providing Users with the possibility of concluding reservation agreements on the Platform, maintaining a customer account on the Platform, ensuring contact in connection with the provision of services, making payment – then the legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR);
- In order to establish and pursue claims or defend against claims – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.
- Personal data of all persons using the Platform are processed by the Administrator:
- Contact form
- The Administrator provides the possibility of contacting him using an electronic contact form. Using the form requires providing personal data necessary to establish contact with the User and answer the inquiry. The user may also provide other data to facilitate contact or handling of the inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to provide them results in the inability to access the service. Providing other data is voluntary.
- Personal data are processed in order to identify the sender and handle his inquiry sent via the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of services (Article 6(1)(b) of the GDPR); in the scope of data provided optionally, the legal basis for processing is consent (Article 6(1)(a) of the GDPR).
- Marketing
- The User’s personal data may also be used by the Administrator to direct marketing content to him via e-mail, including in the form of a newsletter. Such actions are taken by the Administrator only if the User has given his consent, which he can withdraw at any time.
- Personal data are processed:
- In order to send the ordered commercial information – the legal basis for processing is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR) in connection with the consent given;
- For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses of users’ activity on the Platform in order to improve the functionalities used.
- Data requested by public authorities or authorised entities on the basis of legal provisions. In exceptional situations, providing personal data at the request of public authorities or entities authorised to do so under the law (Art. 6 (1) (c) GDPR)
§ 4. Cookies
- The Administrator uses cookies as part of the Platform. “Cookies” should be understood as IT data, in particular text files, stored in users’ end devices intended for the use of websites. These files allow to recognise the User’s device and properly display the website tailored to his individual preferences. cookies usually contain the name of the website from which they originate, the time of their storage on the terminal device, and a unique number.
- "Cookies" are used to adjust the content of websites to the User's preferences and to optimise the use of websites. They are also used to create anonymous, aggregated statistics that help to understand how the User uses websites, which allows to improve their structure and content, excluding personal identification of the User.
- The platform uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to enable the website to analyse how Users intract with it. The information generated by the cookies about the User’s use of the website (including his IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate the User's use of the website, to compile reports on website activity for website operators, and to provide other services related to website activity and Internet usage. Google may also transfer this information to third parties if it is required to do so by law or if such third parties process such information on Google’s behalf. Google will not associate the User's IP address with any other data held by Google.
- The User can opt out of cookies by selecting the appropriate settings on the browser; however, it should be remembered that in this case, the use of all the functions of the website may not be possible. By using this website, the User consents to the processing of his data by Google in the manner and for the purposes set out above.
- When the User uses the Platform, data concerning the User is automatically collected. This data includes: IP address, domain name, browser type, operating system type. This data may be collected by cookies (“cookies”), Google Analytics, social networks Facebook, Instagram, YouTube
- Cookies are files sent to the User’s computer or other device when browsing the Platform’s website.
- The data referred to in this section are used to adjust, measure, and improve the Platform services and conduct marketing activities.
- As part of its marketing activities, the Company uses the services of the following entities that use cookies on the Company’s website:
- Google AdWords
- Google Analytics
- YouTube
- More information about cookies of these entities can be found in their privacy policies. The User may change the use of cookies by managing the consents given under the privacy settings on the Company’s website or through the browser, including blocking or deleting those that originate from the Company’s website (and other websites). To do this, change the browser settings. The method of removal varies depending on the web browser used. Information on how to delete cookies should be located in the “Help” tab of the selected web browser. Deleting cookies is not the same as deleting personal data obtained by the Company through cookies. It is also possible to block third-party cookies with simultaneous acceptance of cookies used directly by the Company (option “block cookies of third-party websites”). Limiting the use of cookies on a given device prevents or significantly hinders the proper use of the Company’s Website, for example, it may be associated with the inability to maintain the login session.
§ 5. The period of personal data processing
- The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, the data are processed for the duration of the service, until the consent is withdrawn or effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator.
- The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after this time only in the case and to the extent required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymised.
- In the case of data processed by authorised entities on the basis of legal provisions (public authorities), the data will be processed until the legal obligations incumbent on the Administrator are met.
§ 6. User rights
- The User has the right to access the content of the data and request their:
- corrections,
- removal,
- restrictions on processing,
- right to data portability
- The right to file a complaint to the supervisory body dealing with the protection of personal data, i.e. the President of the Personal Data Protection Office.
- The User also has the right to object to the processing of data, which takes place on the basis of the legitimate interest of the Administrator.
- The User is aware that objecting to the processing of personal data required to use the Platform (including placing orders) will mean the inability to perform the order, for which the Administrator is not responsible.
- In the event of an objection to the processing of personal data on the basis of consent – including for marketing purposes – exercising this right will mean the termination of the processing of such data.
- Providing personal data indicated in § 2 section 2 of the Policy is a condition for concluding the contract, if the data are not provided, the Administrator has the right to refuse to conclude the contract.
- To the extent that the User’s data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Administrator via online@dictador.com
- The Administrator meets or refuses to comply with the request immediately – within a maximum of one month from its receipt.
§ 7. Recipients of personal data
- In connection with the provision of services, personal data will be disclosed to external entities, including in particular:
- IT service providers (hosting, e-mail) allowing proper use of the Platform;
- Entities providing to the Administrator accounting and legal services (accounting offices, law firms)
- Entities handling orders on the platform (logistics companies)
- mobile payment providers and banks
- In addition, on behalf of the Administrator, authorised employees and associates who use the data in order to achieve the purpose of the website will process the data
- If consent is obtained from the User, his data may also be made available to other entities for their own purposes, including marketing purposes.
- The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.
- As part of the Platform’s use of tools supporting the current activity provided, for example, by Google, User’s personal data may be transferred to a country outside the European Economic Area, in particular to the United States of America (USA) or another country in which the entity cooperating with it maintains tools for the processing of personal data in cooperation with the Platform. Appropriate safeguards for the transferred personal data have been provided by the Administrator through the use of standard data protection clauses adopted under data entrustment agreements, meeting the requirements of the GDPR. In the case of data transfer from Europe to the USA, some entities located there may additionally ensure an adequate level of data protection under the so-called Privacy Shield (more information on this subject is available at: https://www.privacyshield.gov/).
- Due to the fact that the cookie technology used by the Platform (or with a functionality similar to cookies) collects information about each person visiting the Website, the following provisions of the Privacy Policy apply to people who use the Platform, regardless of whether they are customers of the Platform (i.e. regardless of whether they place orders or have an account on the platform).
- The information contained in the system logs may contain various data, such as an IP address. The administrator uses them only for technical purposes. Some areas of the system operating the registration page may use cookies, i.e. text files saved on the User’s computer, identifying him and enabling, among others, automatic filling of form fields based on the data entered earlier. The condition for the operation of cookies is their acceptance by the browser and not deleting them from the drive.
- The User’s personal data may be profiled. Profiling should be understood as actions of the Administrator [taken due to the need to present general advertisements, offers or promotions (discounts), intended for all customers, in a manner tailored to the interests of a given User], which may consist in familiarising with the User preferences, e.g. by analysing how often he visits the Platform, and what products he buys or reserves. This allows for a better understanding of the Customer’s expectations and adaptation to his needs, but does not significantly affect his decisions. Thanks to the use of advanced technologies by the Company, the above activities will often be performed by the system in an automated manner, thanks to which the sent content will be the most up-to-date and the User will be able to quickly familiarise themselves with it.
§ 9. Data security
- The Administrator carries out a risk analysis on an ongoing basis to ensure that Personal Data is processed by the Administrator in a secure manner – ensuring, first of all, that only authorised persons have access to the data and only to the extent that it is necessary for the purposes of the tasks performed by them. The Administrator ensures that all operations on personal data are recorded and carried out only by authorised employees and associates.
- The Administrator takes all necessary actions so that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process Personal Data on behalf of the Administrator.
- The Administrator undertakes all necessary and required technical actions to ensure the security and integrity of the processed personal data – by using appropriate security protocols, password updates, multi-factor authentication, backup, and the use of software to protect against unauthorised interference.
- The Administrator shall ensure:
- protection against unauthorised access,
- protection against data loss,
- protection against accidental or unauthorised modification of data
- uses organisational solutions to ensure the highest possible level of protection and confidentiality (training, internal regulations, policies, password policies, etc.)
§ 10. FINAL PROVISIONS
- Contact with the Administrator is possible by e-mail to the following address: online@dictador.com
- The Administrator reserves the right to make changes to the Privacy Policy, if required by law, as well as to improve the operation of the Platform.
- The Policy is constantly reviewed and updated if necessary.
- The current version of the Policy has been adopted and has been in force since 01.05.2024