Notification obligation under Article 13 of the General Data Protection Regulation

Legal basis for data processing

The document was created in accordance with art. 13 par. 1 and par. 2 of the General Data Protection Regulation, dated 27 April 2016 (Dz.U.UE.L.2016.119.1).

1. Who is the administrator of personal data?

The administrator is RAFKO Rafał Koc, ul. Hetmańska 33B, 15-727 Białystok, entered into the Central Register of Economic Activities, NIP 9661539226, REGON 052253404, e-mail address: rafko@rafko.com.

2. How to contact us for more information on the processing of personal data?

Please send an e-mail to: biuro@rafko.com

or contact us at the following telephone numbers: 607 266 301, 607 266 304, 85 747 97 50.

postal address: RAFKO Rafał Koc, ul. Hetmańska 33B, 15-727 Białystok

3. What is the source of personal data and how long do we keep it?

It is worth remembering:

- marketing data are absolutely erased when the customer exercises this right;

- transaction data may be deleted upon request when data stored for evidentiary purposes become invalid, as required by law, e.g. consumer, civil code, tax law.

4. What is the purpose and legal basis for processing of personal data by the administrator?

We process personal data because it is necessary for:

- maintenance of customer account

- execution of orders

- the implementation of after-sales obligations arising from the legal obligations towards consumers, e.g. complaints, warranty, guarantee

- conclusion of a loan agreement between the Customer and the bank handling the installment system

- tax and accounting purposes

- handling inquiries and applications

- debt collection; conducting court, arbitration and mediation proceedings.

In addition, the administrator processes customer data in the form of an IP number of the computer from which the customer connects to the website. As part of the connection, all data of the customer's device are processed to ensure a technically correct service and to collect statistical information.

5. Furthermore, based on separate consent, we also process personal data and other data for marketing and sales purposes, such as:

- sending a commercial newsletter with offers

- sending the newsletter with news, updates

- displaying tailored ads (including remarketing) by third parties,

- telephone contact for sales purposes

- telephone contact for advertising purposes

- support for credit services

- invitations to industry events

- providing payment services

- ensuring the safety of services and buyers

- carry out research and analysis in terms of the functionality of the website, improvement of operation of services or estimate the main interests and needs of visitors;

- organization of loyalty programs, contests and promotional campaigns,

- statistical analysis,

- saving data in cookie files, collecting data from websites and mobile applications

6. Do we require personal data to be provided?

Yes. Only to the extent necessary for the purposes of point 4, as required by point 3.

7. What are your rights towards the administrator regarding the data being processed?

We guarantee the fulfillment of all rights under the General Data Protection Regulation, i.e. the right to access, rectify and delete your data, limiting it’s processing, the right to transfer them, not be subject to automated decision making, including profiling, and the right to object to processing of personal data and in all other situations provided by the currently applicable law.

At the same time, deletion of data may take place when other legal obligations of the administrator expire, e.g. resulting from tax or consumer law.

The above entitlements are implemented by accepting the application via the e-mail address: marketing@rms.pl or using the appropriate tab in the client's account. Reports may concern data processed by the administrator. For data processed by third parties, please report to the appropriate representative of the third party.

You have the right to make a complaint regarding the processing of your personal data to the supervisory authority, ie the General Inspector for Personal Data Protection (address: Generalny Inspektor Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa).

8. Who do we share personal information with?

To entities that provide services:

- hosting and other technical and teleinformation related to software maintenance,

- payment,

- credit,

- insurance,

- supporting the promotion of offers,

- serving the newsletter,

- statistical, analytical,

- remarketing,

- accounting,

- collecting opinions about products and shops,

- visual, text and video ads,

- cooperating as part of marketing campaigns.

In accordance with applicable law, we may transfer personal data to public authorities fighting against fraud and abuse.

Due to the need to prevent online robots to perform certain functions, we use the Google reCAPTCH mechanism to occasionally investigate whether the behavior of users of our trading platform does not have the characteristics of robots. In this situation, we can disclose IP address to the Google LLC.

The Administrator declares that he entrusts the processing of personal data of the Customer or other data referred to in this document, based on a written agreement or acceptance of the service regulations of entities providing services to the administrator.

9. Do we transfer data to countries outside the European Economic Area?

Personal data may be transferred outside the European Economic Area to:

- Google LLC

- Facebook Inc.

- PayPal Holdings Inc

based on applicable legal safeguards, which are standard contractual clauses for the protection of personal data, approved by the European Commission.

The User may access, change and delete data from the above third party representatives through the tools provided by them:

Google - My Account - Personal data and privacy

Facebook - tab: Privacy and your information on Facebook

PayPal - tab: My Account and Actions

The Administrator declares that he entrusts the processing of personal data of the Customer or other data referred to in this document, based on a written agreement or acceptance of the service regulations of entities providing services to the administrator.

10. Do we process personal data automatically (including through profiling)?

Data stored in cookies is processed by third parties in an automated manner (including in the form of profiling), however, it will not cause any legal or decision consequences. The only purpose of profiling is to present marketing materials. Profiling allows for a better personal forecast of preferences and interests, e.g. product recommendations.

In addition, the user can be profiled using data collected by web browsers. Modification of settings is possible on it’s own using the appropriate tab, most often called "privacy and security".

11. Final remarks

The administrator informs that in the register of access to personal data, information is stored about when, at whose request and what type of data were deleted. Requests to delete data can only be made from e-mail accounts that the user has registered in the store database.