of May 25th 2018
1. General information
- The Personal Data Controller, as defined by Regulation (EU) No 2016/679 of the European Parliament and the Council of April 27th 2016 regarding the protection of natural persons with regard to the processing of personal data and regarding the free movement of such data, as well as the repeal of Directive 95/46/EC (“GDPR”) L 119/40 Official Journal of the European Union May 4th 2016 is A to Z Bespoke Kitchen, 2 Avebury Court, Mark Rd Hemel, Hempstead HP2 7TA, firstname.lastname@example.org.
- Contact regarding personal data processing handled by A to Z Bespoke Kitchen: email@example.com
- The acquisition of data about the Website’s Users and its storage is handled in the following manner:
(a) through data willingly entered by the Users in electronic forms placed on the website (i.e.. sidebars, contact forms and free quotation forms) or the internet live chat app forms,
(b) through saving cookies in terminal equipment,
(c) through amassing www server logs via a hosting operator.
2. The aims of data processing performed by the Controller
- The User entrusts the processing of their personal data to the Controller for the purposes of their enquiry and / or order made through a contact form, including sending the User the ordered, personalised commercial information.
- Should the User provide a telephone number, it is equivalent to consent to telephone contact for the purposes detailed in point 1.
- Should the user provide an e-mail address, it is equivalent to consent to email contact for the purposes detailed in point 1.
- Consenting through providing contact data is voluntary. However, in some cases, it can hinder handling the enquiry / order made through the contact form.
- The User’s personal data may be made available to the following recipients: partners of the Controller with whom the Controller collaborates, combining products or services. In the case of collaboration, the access to the data may be given to subcontractors (processors), such as: accounting companies, consultancy companies, IT system operators.
- The Controller reserves the right to submit an enquiry to the User when handling the enquiry / order, via phone and / or email, regarding further permission to process personal data for direct marketing purposes and utilising telecommunications terminal equipment. Without consent from the User, their data will not be processed for this purpose.
3. Scope of the Controller’s data processing
- User data:
- mobile phone number,
- company name,
- e-mail address,
- IP addresses,
- the www address of the domain that the User wishes to promote with the help of the Controller’s services.
- User data:
- The scope of the processing of the data mentioned above also encompasses the production of backups.
- Automatically collected data
As the User uses the website, data on the User is being collected automatically. This data includes: IP address, domain name, browser type, OS type, as well as the User’s interests, age, and sex. This data can be collected through cookies, the Google Analytics system, as well as the HotJar system.
- The aforementioned cookies are files sent to the User’s device as they browse the Shop’s website.
- Cookies store the User’s preferences, which allows them to:
- a) improve the quality of the Service,
- b) correct the search results as well as the accuracy of the viewed Goods,
- c) create view stats,
- d) track the User’s preferences,
- e) maintain a logged-in User’s session.
- Cookies do not make any configuration to the device or software installed on the device used by the User.
- Should the user want to delete the cookies that have accumulated up to that point, they should choose the proper settings in their preferred web browsers or delete all cookies manually. The process of removing cookie files differs depending on the User’s preferred web browser.
- The service provider notes that blocking or deleting cookie files may hinder the use of the website and, in some cases, make certain options impossible to access.
- HotJar is a file used to monitor User activity on a website.
- If a user doesn’t consent to the use of the HotJar file, they should implement cookie blocking software. With a cookie blocker, the User will be considered an anonymous user, i.e. one that cannot be attributed any preferences, traits, etc.
- Google Analytics is an Internet analytics system that gives insight to the traffic of online shop data, as well as the demographic data on Users. It is used for marketing purposes. 3.1. If a user doesn’t consent to the use of Google Analytics, they should implement cookie blocking software.
- Our website utilises remarketing codes provided by Google Adwords and/or Google Analytics of display advertisers. They are used to create remarketing lists for the purpose of matching personalised ads within the Google ad network and Google search engine. Based on cookies and remarketing tags, Google AdWords can display ads to users who have visited our website while using select tools by Google. Each user visiting our website may choose not to be tracked by Google AdWords/Google Analytics for display advertisers, as well as non-standard ads in the Google ad network.
4. Rights of the User whose data is being processed
- The User has the right to:
– access their personal data,
– amend their personal data,
– limit the processing of their personal data,
– moving their personal data,
– objecting to the processing of their personal data.In order to exercise their rights, the User should contact us via e-mail at: firstname.lastname@example.org
- The Controller will carry out the User’s request right away, though it’s important to keep in mind that the limitation, deletion, move, or objection toward data processing may influence the scope of the proper management of the enquiry / order, including the delivery of personalised commercial information.
5. Time of personal data processing by the Controller
Collected User data will be stored so long as is considered acceptable by legal standards and regulations (including accountancy-related regulations), as well as necessary in order to accomplish the goals set.
6. Duties of the Personal Data Controller
The Personal Data Controller must take all measures to ensures the safe processing of personal data within the scope defined by the Directive. In particular, the Controller is obliged to:
- secure the data from being made available to unauthorised persons, taken by an unauthorised person, changed, damaged, or destroyed,
- allow for the processing of personal data to be performed by persons with proper authorisation issued by the Controller,
- ensure control over the proper processing of personal data,
- perform a record of persons authorised to process personal data; taking all measures to ensure that persons authorised to processing such data keep them secret, even after the Controller’s task has been completed, including informing them of the legal consequences of breaching the privacy of the data and receiving declarations regarding maintaining the secrecy of such data,
- manage the required documentation describing the means of processing the provided personal data, as well as the technical and organisational means of ensuring the protection of the processing of such data, in particular the Information Controller’s Office, the Personal Information Security Policy, and the Manual for Information System managing the Processing of Personal Data.