Privacy policy

PRIVACY POLICY OF THE OCCULT ONLINE STORE

§ 1 GENERAL PROVISIONS
1.1. This Privacy Policy sets out the rules for the processing of personal data in connection with the use of the OCCULT online store, available at the address occult.com.pl.
1.2. The personal data controller is Izabela Gaś De Filippo, based in Cieszyn 43-400, Wiosenna 13, NIP 5481011355, REGON 070568105, hereinafter referred to as the "Controller."
1.3. The Controller can be contacted electronically at the email address: occult.kom@gmail.com or by phone at: 660314075.
1.4. The Controller processes personal data in accordance with applicable law, particularly the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (GDPR).

§ 2 PERSONAL DATA AND PURPOSES OF PROCESSING
2.1. The Controller processes personal data for the following purposes:
a) Fulfilling sales agreements – processing data necessary for the conclusion and performance of the contract (Article 6(1)(b) GDPR),
b) Conducting correspondence, handling customer inquiries – processing data based on consent (Article 6(1)(a) GDPR),
c) Fulfilling obligations arising from legal regulations, such as tax and accounting (Article 6(1)(c) GDPR),
d) Direct marketing – based on the legitimate interest of the Controller (Article 6(1)(f) GDPR),
e) Responding to complaints and handling the right of withdrawal from the contract.

2.2. Types of data processed:
a) First and last name,
b) Address of residence or delivery,
c) Email address,
d) Phone number,
e) Payment data (e.g., bank account number).

§ 3 LEGAL BASES FOR DATA PROCESSING
3.1. The Controller processes personal data only to the extent necessary to fulfill the above purposes based on:
a) Consent given by the data subject (Article 6(1)(a) GDPR),
b) Necessity to perform a contract (Article 6(1)(b) GDPR),
c) Legal regulations (Article 6(1)(c) GDPR),
d) The legitimate interest of the Controller (Article 6(1)(f) GDPR), e.g., for marketing activities.

§ 4 USER RIGHTS
4.1. Every person whose data is processed by the Controller has the right to:
a) Access their personal data (Article 15 GDPR),
b) Rectify data (Article 16 GDPR),
c) Delete data ("right to be forgotten") (Article 17 GDPR),
d) Restrict data processing (Article 18 GDPR),
e) Data portability (Article 20 GDPR),
f) Object to data processing (Article 21 GDPR),
g) Withdraw consent at any time (Article 7(3) GDPR). Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

4.2. To exercise their rights, the user may contact the Controller via the contact details provided in this Privacy Policy.
4.3. The data subject has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe the processing of their data violates GDPR regulations.

§ 5 DATA RETENTION PERIOD
5.1. Personal data processed for the purpose of fulfilling the sales contract will be stored for the period necessary to perform the contract and for the period required by legal regulations, particularly those related to taxes and accounting.
5.2. Data processed based on consent will be stored until the user withdraws their consent.
5.3. Data processed for marketing purposes will be stored until the user objects to the processing.

§ 6 RECIPIENTS OF PERSONAL DATA
6.1. Personal data may be transferred to third parties if necessary for the performance of the contract, such as courier companies or payment operators.
6.2. The Controller may also transfer personal data to other entities based on legal regulations or with the consent of the data subject.
6.3. The Controller does not transfer personal data outside the European Economic Area (EEA) unless necessary and in compliance with GDPR regulations.

§ 7 SECURITY OF PERSONAL DATA
7.1. The Controller uses appropriate technical and organizational measures to ensure the protection of personal data against unauthorized access, loss, damage, or destruction.
7.2. Only authorized employees and associates of the Controller, who are bound by confidentiality, have access to personal data.

§ 8 COOKIES
8.1. The online store uses cookies to ensure the proper functioning of the website and to analyze website traffic.
8.2. Cookies may also be used for marketing and statistical purposes.
8.3. The user can manage cookie settings in their web browser. Blocking cookies may affect some features of the store.

§ 9 FINAL PROVISIONS
9.1. The Controller reserves the right to change the Privacy Policy, particularly in the case of changes to legal regulations or the technology used on the website.
9.2. The current version of the Privacy Policy is available on the website of the store and becomes effective on the date of its publication.