Reason for collecting, processing and storing your personal data
Art. 1. The administrator collects and processes your personal data in connection with the use of the online store https://fashionmix.net and concluding contracts with the company on the grounds of Art. 6, para. 1, Regulation (EC) 2016/679 (GDPR), and in particular on the following grounds:
• Your explicit consent as a client;
• Performing the obligations of the Administrator under contract with you;
• Compliance with a statutory duty applicable to the Administrator;
• For the legitimate interests of the Administrator or a third party;
Goals and principles of collecting, processing and storing your personal data
Art. 2. (1) We collect and process the personal data you provide to us regarding the use of the online store https://fashionmix.net and the conclusion of a contract with the company, including for the following purposes:
• creating an account and providing full functionality in using the online store;
• individualisation of a party to the contract;
• accounting purposes;
• statistical objectives;
• protection of information security;
• ensuring the implementation of the service provision contract.
• Sending a newsletter at your request;
(2) We comply with the following principles when processing your personal data:
• legality, good faith and transparency;
• limitation of processing goals;
• relevance to processing goals and minimization of collected data;
• accuracy and timeliness of the data;
• Restriction of storage in order to achieve the objectives;
• integrity and confidentiality of the processing, and ensuring an adequate level of security of personal data.
(3) When processing and storing personal data, the Administrator may process and store personal data in order to protect its legitimate interests:
• fulfilling its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.
What kind of personal data collects, processes and stores our company
Art. 3. The Company performs the following operations with the personal data you provide for the following purposes:
• Registration of a consumer in the e-shop and execution of a distance-purchase contract - the purpose of this operation is to create an account for the use of the e-shop for the purchase of goods and the provision of contact data for the delivery of purchased goods. Registering and creating an online store account is not a mandatory step in providing the service, and it is accessible to a significant extent without creating an account through the "Fast Order" option, as well as by signing in through your Google+ or Facebook account.
Conclusion of the Impact Assessment: Based on the Impact Assessment carried out, the Data Protection Officer considers that the Operation "Registration of an e-shop user and the execution of a distance-purchase contract" is permissible for performance and provides sufficient safeguards to protect the rights and legitimate interests of data subjects in line with GDPR requirements.
• Conclusion and execution of a trade deal with a client or a partner - the purpose of this operation is to conclude and execute a contract with a trading partner or a client and its administration. Given the limited scope of personal data collected and the fact that part of it is collected from publicly available sources, the Data Protection Officer considers that an impact assessment is not required to conduct an impact assessment of the operation.
• Sending a newsletter (newsletter) - the purpose of this operation is to administer the process of sending newsletters to clients who have declared they wish to receive. Given the limited scope of personal data collected, the Data Protection Officer considers that an impact assessment is not required to carry out an impact assessment of the operation.
• Exercise of a right of withdrawal or claim - the purpose of this operation is to administer the process of exercising the right of withdrawal or claim by the client. Given the limited scope of personal data collected, the Data Protection Officer considers that an impact assessment is not required to carry out an impact assessment of the operation.
Art. 4. (1) The administrator shall process the following categories of personal data and information for the following purposes and on the following grounds:
• Registration and newsletter details (names, e-mail)
⎫ Goal for which data is collected: 1) Making a contact with the user and sending information to him, 2) For the purpose of registering a user in the online shop, and 3) Sending a newsletter.
⎫ Reason for processing your personal data - By accepting the terms and conditions and registering in the online shop or ordering without a registration or upon entering into a written agreement between the Administrator and you, a contractual relationship is created on which we process your personal data - Art. 6, para. 1, b. (b) GDPR. Your data for sending a newsletter is processed on the basis of your explicit consent - Art. 6, para. 1, b. (s) GDPR.
• Delivery details (names, phone, e-mail, address)
⎫ Purpose for which the data are collected: Execution of obligations of the controller under a distance and delivery contract of the purchased goods, including the exercise of the right of return and the replacement or refusal of purchased goods.
⎫ Reason for processing your personal data - By accepting the terms and conditions and registering in the online shop or ordering without a registration or upon entering into a written agreement between the Administrator and you, a contractual relationship is created on which we process your personal data - Art. 6, para. 1, b. (b) GDPR.
• Data from your social networking accounts (public information from your Google+ accounts, Facebook)
⎫ Purpose for which data is collected: 1) Making a contact with the user and sending information to him and 2) For the purpose of registering a user in the online store.
⎫ Reason for processing your personal data - By accepting the terms and conditions and registering in the e-shop via a social networking account, a contractual relationship is created between the Administrator and you, on which basis we process your personal data - 6, para. 1, b. (b) GDPR.
(2) The administrator does not collect or process any personal data related to the following:
• reveal racial or ethnic origin;
• Disclose political, religious or philosophical beliefs, or membership of trade unions;
• genetic and biometric data, health data, or data on sexual life or sexual orientation.
(3) The personal data are collected by the Administrator from the persons to whom they refer.
(4) The Company does not make automated decision making with data.
Term of storage of your personal data
Art. 5. (1) The Administrator shall store your personal data for a period no longer than the existence of your online store or ordering through the "Fast Order" option. After deleting your account or successfully completing it, the Administrator takes the necessary care to erase and destroy all your data without undue delay or to anonymize them (ie to bring them in a form that does not reveal your personality).
(2) The Administrator shall store your personal data provided in connection with online orders for a period of 5 years for the purpose of protecting the legal interests of the Administrator in judicial or administrative disputes with online shop users, the accounting documents being kept for the relevant statutory term.
(3) The Administrator shall notify you in the event that the period for storing the data is required to be extended in order to comply with a statutory obligation or with respect to the legitimate interests of the Administrator or otherwise.
Art. 6. The administrator keeps the personal data of the legal representatives of its trading partners for the term of performance of the contract, respecting the legitimate interests and legal obligations of the Administrator, which may exceed the term of the concluded contract.
Transmitting your personal processing data
Art. 7. (1) The administrator may, at its own discretion, transmit all or part of your personal data to processor personal data for the fulfillment of the processing purposes with which you have agreed, subject to the requirements of Regulation (EC) 2016/679 (GDPR) .
(2) The Administrator notifies you in case of intent to transfer some or all of your personal data to third countries or international organizations.
Your rights in collecting, processing and storing your personal data
Withdrawal of consent to process your personal data
Art. 8. (1) If you do not wish all or any of your personal data to continue to be processed by the Company for any particular or for any processing purpose, you may at any time withdraw your consent to processing by filling in the form in your account or by request in free text.
(2) The Administrator may ask you to certify your identity and identity with the data subject by asking you to enter an email address and a password to access the site at the office of the Company before our employee.
(3) By withdrawing the consent to process personal data that is required to create and maintain an online store account, your account will become inactive. Of course, you will be able to browse the online store and offer the products and make orders as a guest or make a new registration.
(4) If there is an order you are currently processing, the earliest date at which you can withdraw your consent to processing is the successful completion of the order.
Right of access
Art. 9. (1) You have the right to request and obtain from the Administrator a confirmation that personal data relating to you are being processed, as if you are a registered user, you may at any time see in your profile the personal data you have provided and processed for You.
(2) You have the right to access the data relating to you as well as information relating to the collection, processing and storage of your personal data.
(3) The Administrator shall provide you, upon request, with a copy of the processed personal data relating to you in electronic or other appropriate form.
(4) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repeatability or excessive demand.
Right of correction or completion
Art. 10. You may correct or fill in inaccurate or incomplete personal data relating to you directly through your website account or by requesting the Administrator.
Right to delete ("to be forgotten")
Art. 11. (1) You have the right to ask the Administrator to delete part or all of your personal data relating to you and the Administrator has the obligation to delete them without undue delay when any of the following reasons exists:
• personal data is no longer needed for the purposes for which it was collected or otherwise processed;
• You withdraw your consent on which the processing of the data is based and there is no other legal basis for the processing;
• You object to the processing of personal data related to you, including for direct marketing purposes, and there are no legitimate grounds for the processing that will take precedence;
• personal data has been tampered with;
• personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
• personal data have been gathered in connection with the provision of information society services.
(2) The administrator is not obliged to delete the personal data if he / she keeps them and processes them:
• exercising the right to freedom of expression and the right to information;
• to comply with a legal obligation that requires treatment provided for under EU law or the law of the Member State that applies to the Administrator or for the performance of a public interest task or the exercise of official authority;
• for reasons of public interest in the field of public health;
• for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
• for the establishment, exercise or protection of legal claims.
(3) In the event that you exercise your right to be forgotten, the Company will delete all of your data except for the following information:
• the information that is required to verify that your right to be forgotten is met - email, IP address;
• technical information about the operation of the online store, which information can not connect in any way with your personality;
• e-mail with which you registered with the online store.
(4) In order to exercise your right to be forgotten, you must submit a request via your online store account or by sending an email request to the Administrator.
(5) The administrator may ask you to certify your identity and identity with the data subject.
(6) If there is an order you are currently processing, the earliest point at which you can ask to be "forgotten" is when you successfully complete the order.
(3) By deleting your personal information, your account will become inactive. Of course, you will be able to browse the online store and offer the products and make orders as a guest or make a new registration.
(7) The administrator does not delete the data, which he has a legal obligation to store, including for protection against claims against him or proof of his rights.
Right of limitation
Art. 12. You have the right to require the Administrator to restrict the processing of your related data when:
• contest the accuracy of personal data for a period that allows the Administrator to verify the accuracy of the personal data;
• the processing is illegal, but you do not want to delete the personal data, but only to limit its use;
• The administrator no longer requires personal data for the purposes of processing, but you require them to establish, exercise or protect your legal claims;
• You have reproached the processing pending verification that the legal grounds of the Administrator have an advantage over your interests.
Right of portability
Art. 13. (1) You may at any time download or receive in a machine-readable format the data stored and processed for you in connection with the use of the Services of the Administrator, directly through your account through the Export Data option or email request.
(2) You may request the Administrator to directly transfer your personal data to an administrator you provide when it is technically feasible.
Right to receive information
Art. 14. You may request the Administrator to inform you of all recipients to whom the personal data for which the correction, deletion or limitation of the processing has been requested has been disclosed. The administrator may refuse to provide this information if this would not be possible or would require disproportionate effort.
Right of objection
Art. 15. You may at any time object to the processing of personal data by the Administrator that relates to it, including whether it is being processed for profiling or direct marketing purposes.
Your rights to violate the security of your personal information
Art. 16. (1) If the Administrator detects a breach of security of your personal data that may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the violation as well as of the measures taken or to be taken .
(2) The administrator is not obliged to notify you if:
• has taken appropriate technical and organizational measures to protect the data affected by the breach of security;
• has subsequently taken measures to ensure that the violation will not lead to a high risk for your rights;
• Notification would require disproportionate efforts.
Individuals to whom your personal information is provided
Art. 17. For the purpose of processing your personal data and providing the service in its full functionality and in view of your interests, the Administrator may provide the data to the following data processors - see the list of data processors. These processing personal data comply with all legal and security requirements for the processing and storage of your personal data.
Art. 18. The administrator does not transfer your data to third countries.
Art. 19. In case of violation of your rights under the above or applicable data protection laws, you have the right to file a complaint with the Personal Data Protection Commission as follows: Commission for Personal Data Protection
Art. 20. You may exercise all of your rights to protect your personal data through the forms enclosed with this information. Of course, these forms are not mandatory and you can make your claims in any form that contains a statement about it and identifies you as the data holder.
Art. 21. If the consent relates to a transfer, the Administrator shall describe the possible risks for the transfer of data to third countries in the absence of a decision on adequate protection and appropriate remedies.