1.1 The administrator of the personal data of the online shop at https://www.katana-machinery.eu/en/ is Katana Machinery, with its registered office in Wrocław, ul. Jana Długosza 31 – 51-162 Wrocław Poland and Old Kilmeaden Road, Unit 3C, Westside Business Park Waterford. Ireland by telephone on +48 727 509 868, e-mail: email@example.com
1.2 The purpose of collecting and processing the personal data of the shop’s customers is to process them in the online shop’s IT system, specifically for the purpose of invoicing, billing or financial reporting.
1.3 The information on the collection and processing of personal data of the customer of the online shop shall be provided immediately after such a person requests it from the data controller, but not longer than 24 hours. Communication with the personal data controller is free of charge.
1.4 The customer of the online shop provides his personal data voluntarily, and their provision is required in order to establish a contract between the owner of the shop and the customer. Providing personal data involves accepting their processing by the controller for the purposes mentioned above.
1.5 Only the personal data of the customer of the online shop, who is a natural person, shall be processed.
1.6 The Administrator processes personal data of the Customer for as long as it is necessary for the proper performance of the contract and offering further services.
2.1 The legal basis for requiring the customer to provide personal data is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, known as the ‘RODO’.
3.1 The term ‘personal data’ means information necessary to identify an individual, in particular his or her name and location. The data are only used for the purposes mentioned in this document.
3.2 A dataset is any structured set of data of a personal nature, accessible according to specific criteria.
3.3 Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.4 A personal data controller is a legal person, a public authority, an individual or another entity, which independently or jointly with others determines the purposes and methods of the processing of personal data.
3.5 Data security in an IT system – means the implementation and operation of appropriate technical and organizational measures to protect data against unauthorized processing.
3.6 A person’s consent to the processing of his/her personal data – this is a declaration of will, the content of which is consistent with the processing of personal data of the person making the declaration. Such consent may not be implicit or implicit in a statement of intent with a different content. Such consent may be revoked at any time.
4.1 The processing of personal data of the Customer of the online shop is necessary for the performance of the contract to which the Customer wishes to be a party or, if it is necessary already before the conclusion of the contract, in accordance with the Ordinance of the RODO, Article 6(1)(2).
4.2 Before entering into a contract, the owner of the online shop shall provide the customer with the conditions for the provision of services and familiarize him with the provisions of the contract and the protection of his personal data. The Client, after getting acquainted with the above mentioned, agrees to the processing of his personal data in the appropriate field of the form.
4.3 Consent given by the customer becomes the basis for the processing of his personal data.
4.4 The consent referred to in point 4.2 may be given in accordance with Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016. (RODO) – Article 7, paragraph 3 – revoke at any time and in any form, and such declaration of will of the customer is binding on the controller.
4.5 The consent given prior to the conclusion of the contract with the online shop also covers the processing of personal data in the future, if the purpose of the processing has not changed and the owner of the online shop is obliged under the contract to update or repair the subject matter of the contract.
5.1 The controller of personal data undertakes to take special care in order to protect the interests of data subjects. In particular, these data are to be processed only for specified and legitimate purposes.
5.2 Any processing of data which is incompatible with the purpose of the contract shall be inadmissible.
5.3 The Administrator undertakes to never request from the Client information related to his/her racial or ethnic origin, political opinions, religious or philosophical beliefs, religious, party or trade union membership, as well as data on his/her health condition, genetic code, addictions or sexual life and data concerning convictions, convictions and fines, or other decisions issued in court or administrative proceedings.
6.1 Every person has the right to control the processing of data concerning him/her contained in data filing systems, in particular the right to obtain information on the purpose, scope and manner of data processing contained in such systems, to demand supplementing, updating, correcting personal data, temporarily or permanently withholding their processing or removing them, if they are incomplete, outdated, false or were collected in breach of the Act or are no longer necessary for the purpose for which they were collected and other information listed in the Ordinance of the Chief Inspector of Environmental Protection.
7.1 If the data subject proves that the personal data are incomplete, outdated, untrue or have been collected in breach of the Act or are unnecessary for the purpose for which they were collected, the controller shall be obliged, without undue delay, to complete, update, correct the data, temporarily or permanently withhold the processing of the questioned data or remove them from the filing system, unless it concerns personal data for which the procedure for supplementing, updating or correcting them is laid down in separate Acts.
7.2 The data subject shall have the right to request the controller to rectify without delay inaccurate personal data relating to him which are inaccurate. Taking into account the purposes of the processing, the data subject shall have the right to request that incomplete personal data be completed, including by way of an additional statement.
7.3 The controller shall inform about the rectification or erasure of personal data or the limitation of the processing, which the controller performed, within a period not exceeding 24 hours.
8.1 The Administrator undertakes to apply security measures ensuring the security of the personal data being processed, appropriate to the threats and categories of data being protected.
8.2 In particular, the controller shall protect the Customer’s data from being made available to unauthorized persons and from being processed in a manner that is inconsistent with the law and the agreement.
9.1 Personal data provided by the customer is not sent to any third country.
10.1 The Customer who provides the personal data has the right to contact the Office of Personal Data Protection if he suspects that his data are being used for purposes that are not in accordance with the contract or the law, or if he feels in any other way that his data are at risk.
11.1 The data subject has the right to request the controller to delete his personal data without delay and the controller is obliged to delete his personal data without undue delay if the customer has terminated the contract with the owner of the online store, has withdrawn his consent to the use of his personal data or it follows from other possibilities set out in Article 17(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. (RODO)
11.2 The Administrator undertakes not to publish personal data made available to him by the Customer.
11.3 The data subject shall have the right to request the controller to restrict the processing of those data.
11.4 The data subject shall have the right to object at any time, on grounds relating to his particular situation, to the processing of personal data relating to him. The controller shall no longer process such personal data unless he demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or for establishing, pursuing or defending a claim.