1.For the Owner of this website (www.sara-portraits.com), the protection of Users’ personal data is of the utmost importance. It makes a lot of effort to ensure that Users feel safe when entrusting their personal data when using the website.

2. The User is a natural person, a legal person or an organizational unit without legal personality, which is granted legal capacity by law, using electronic services available on the website.

3. This privacy policy explains the principles and scope of the processing of the User’s personal data, their rights and obligations of the data controller, and informs about the use of cookies.

4. The Administrator uses the most modern technical measures and organizational solutions, ensuring a high level of protection of the processed personal data and protection against unauthorized access.

PERSONAL DATA ADMINISTRATOR

The administrator of personal data is the Entrepreneur Julien Chaine, conducting business activity under the name: B&J Julien Chaine with its registered office at: Wilcza 54A/11, 00-679, Warsaw, NIP: 5272673365, REGON: 362371581 (hereinafter referred to as: “Owner”).

PURPOSE OF PERSONAL DATA PROCESSING

1. The Administrator processes the User’s personal data for the purpose of:

• registration and maintenance of the user account – Article 6(1)(b) of the GDPR,

• handling the order – Article 6(1)(b) of the GDPR,

• handling complaints or withdrawal from the contract – Article 6(1)(f) of the GDPR,

• sending the newsletter – Article 6(1)(a) of the GDPR,

• handling comments or opinions about the product – Article 6(1)(a) of the GDPR,

• handling correspondence – Article 6(1)(f) of the GDPR,

• fulfilment of tax and accounting obligations – Article 6(1)(c) of the GDPR,

• creation of an archive for the purposes of possible need to defend, establish or pursue claims, as well as for the purpose of identifying a returning customer – Article 6(1)(f) of the GDPR,own marketing – Article 6(1)(f) of the GDPR,analysis, statistics and optimization – Article 6(1)(f) of the GDPR.

2. This means that this data is needed in particular 

a. to register on the website;

b. to conclude a contract;
c. making settlements;

d. delivering the goods ordered by the User or performing services;

e. exercising any consumer rights by the User (e.g. withdrawal from the contract, warranty).

3. The User may also agree to receive information about new products and promotions, which will result in the administrator also processing personal data in order to send the User commercial information regarding, m.in, new products or services, promotions or sales.

4. Personal data is also processed as part of the fulfilment of legal obligations incumbent on the data controller and the performance of tasks in the public interest, m.in. to perform tasks related to security and defence or to store tax documentation.

5. Personal data may also be processed for the purposes of direct marketing of products, securing and pursuing claims or protection against claims of the User or a third party, as well as marketing of services and products of third parties or own marketing, which is not direct marketing.

TYPE OF DATA

The Administrator processes the following personal data, the provision of which is necessary to: a. register on the website:

• name and surname;
• e-mail address;
• delivery address;
• telephone number;
• Data provided by the User optionally:
• Date of birth;
• PESEL number (in the case of a request for an invoice);
• NIP number (in the case of a request to issue an invoice for the entrepreneur)

In the event of withdrawal from the agreement or acceptance of the complaint, when the refund is made directly to the User’s bank account, in order to refund the amount due, we also process information regarding the bank account number.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

1. Personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88, hereinafter referred to as: “GDPR”.

2. The Administrator processes personal data only after obtaining the User’s consent, expressed at the time of registration on the website or at the time of confirmation of the transaction made on the website.

3. Consent to the processing of personal data is completely voluntary, however, the lack of consent makes it impossible to register on the website and make purchases through the website.

YOUR RIGHTS

1. The User may at any time request information from the controller about the scope of the processing of personal data.
2. You may request the correction or correction of your personal data at any time. You can also do this yourself by logging into your account.
3. You may withdraw your consent to the processing of your personal data at any time, without giving any reason. The request not to process data may relate to a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receive commercial information, or apply to all purposes of data processing. Withdrawal of consent as to all purposes of processing will result in the User’s account being deleted from the website, along with all personal data of the User previously processed by the administrator. Withdrawing consent will not affect the activities already carried out.
4. The User may at any time, without giving a reason, request that the administrator delete their data. The request to delete data will not affect the actions carried out so far. Deletion of data means simultaneous deletion of the User’s account, including all personal data stored and processed so far by the administrator.
5. The User may object to the processing of personal data at any time, both with regard to all personal data processed by the User’s administrator, as well as only to a limited extent, e.g. with regard to the processing of data for a specific purpose. The objection will not affect the actions carried out so far. Objection will result in the deletion of the User’s account, including all personal data stored and processed so far by the administrator.
6. The User may request the restriction of the processing of personal data, whether for a specified period of time or without a time limit, but to a certain extent, which the controller will be obliged to fulfil. This request will not affect the activities carried out so far.
7. The User may request that the controller transfer the User’s personal data processed to another entity. For this purpose, the User should write a request to the administrator, indicating to which entity (name, address) the User’s personal data should be transferred and what specific data the User wishes the administrator to provide. After the User confirms their wish, the administrator will provide the User’s personal data in electronic form to the indicated entity. Confirmation of the request by the User is necessary for the security of the User’s personal data and to ensure that the request comes from an authorized person.
8. The Administrator informs the User about the actions taken, within a month from the receipt of one of the requests listed in the previous points.

PERIOD OF STORAGE OF PERSONAL DATA

1. In principle, personal data is only stored for as long as it is necessary to fulfil the contractual or statutory obligations for which it was collected. These data will be deleted as soon as it is no longer necessary for storage, for evictionary purposes, in accordance with civil law or in connection with statutory retention obligations.
2. Contract information is kept for evidential purposes, for a period of three years, starting from the end of the year in which the business relationship with the User ended. The data will be deleted after the expiry of the statutory limitation period for pursuing contractual claims.
3. In addition, the administrator may retain archival information regarding the concluded transactions, as their storage is related to the User’s claims, e.g. under warranty.
4. If no contract has been concluded between the User and the Owner, the User’s personal data is stored until the User’s account on the website is deleted. Deletion of the account may take place as a result of a request by the User, withdrawal of consent to the processing of personal data, or objection to the processing of this data.

ENTRUSTING DATA PROCESSING TO OTHER ENTITIES

1. The Administrator may entrust the processing of personal data to entities cooperating with the Administrator, to the extent necessary for the execution of the transaction, e.g. in order to prepare the ordered goods and deliver shipments or provide commercial information from the Administrator (the latter applies to Users who have agreed to receive commercial information).
2. Apart from the purposes indicated in this Privacy Policy, Users’ personal data will not be made available to third parties in any way or transferred to other entities for the purpose of sending marketing materials of these third parties.
3. The personal data of the Website Users are not transferred outside the European Union.
4. This Privacy Policy complies with the provisions of Article 13(1) and (2) of the GDPR.

PLIKI COOKIES

1. The website uses cookies or similar technology (hereinafter collectively referred to as “cookies”) to collect information about the User’s access to the website (e.g. via a computer or smartphone) and their preferences. They are used, m.in others, for advertising and statistical purposes and to adapt the website to the individual needs of the User.
2. Cookies are pieces of information that contain a unique reference code that a website sends to your device to store and sometimes track information about the device you are using. They usually do not identify the User. Their main task is to better match the website to the User.
3. Some of the cookies on the website are only available for the duration of the web session and expire when you close your browser. Other cookies are used to remember the User who is recognized on the website when he returns to it. They are then preserved for a longer period of time.
4. Cookies used on this website are: Session cookies – deleted when you close your browser and persistent cookies, which are stored on your end device.
5. All cookies on the website are set by the administrator.
6. All cookies used by this website comply with the applicable European Union law.
7. Most Users and some mobile browsers automatically accept cookies. If the User does not change the settings, cookies will be stored in the device’s memory.
8. You can change your cookie acceptance preferences or change your browser to be notified each time cookies are set. To change the cookie acceptance settings, you need to adjust the settings in your browser.
9. Please note that blocking or deleting cookies may prevent you from using the website to its full potential.
10. Cookies will be used for necessary session management, including: 

a. Creating a special login session for the Website User, so that the website remembers that the User is logged in and his/her requests are delivered in an effective, secure and consistent manner;

b. Recognising the User who has already visited the Website, which allows us to identify the number of unique users who have used the Website and allows us to make sure that the website has sufficient capacity for the number of new Users;

c. To recognize whether a website visitor is registered on the website;

d. Recording information from your device, including: cookies, IP address, and information about the browser used, in order to diagnose problems, administer, and track Site Usage;

e. Adjusting the layout elements of the graphic design or the content of the website;

f. Collect statistical information on how the User uses the website in order to be able to improve the website and determine which areas of the website are most popular for Users.