This document constitutes an annex to the Regulations. By using our services, you entrust us with your information. This Privacy Policy is intended only to help you understand what information and data is collected and for what purposes and what we use it for. This data is very important to us, so please read this document carefully as it sets out the principles and methods of processing and protecting personal data. This document also defines the rules for using cookies.
We hereby declare that we comply with the principles of personal data protection and all legal regulations provided for by the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing personal data and on the free movement of such data and repealing Directive 95/46/EC.
The person whose personal data is processed has the right to contact us to obtain comprehensive information on how we use his or her personal data. We always try to provide clear information about the data we collect, how we use it, what purposes it is to be served and to whom we transfer it, what protection we provide to this data when transferring it to other entities, and we provide information about institutions to contact in case of doubts. .
The website uses technical measures such as: physical protection measures for personal data, hardware measures for the IT and telecommunications infrastructure, protection measures within software tools and databases, and organizational measures to ensure proper protection of personal data being processed, and in particular to protect personal data against disclosure to unauthorized third parties. , obtaining them by an unauthorized person and using them for an unknown purpose, as well as accidental or intentional change, loss, damage or destruction of such data.
Under the terms set out in the Regulations and in this document, we have exclusive access to the data. Access to personal data may also be entrusted to other entities through which payments are made, which collect, process and store personal data in accordance with their Regulations, and entities that are responsible for fulfilling the order. Access to personal data is granted to the above-mentioned entities to the extent necessary and only to those that will ensure the provision of services.
Personal data is processed only for the purposes to which you have consented by clicking on the appropriate fields of the form available on the Website or in another express manner. The legal basis for the processing of your personal data is consent to the processing of data or the requirement to provide a service (e.g. ordering a Product) that you ordered from us (pursuant to Article 6(1)(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.
§2 Privacy Policy
We take privacy seriously. We are characterized by respect for privacy and the fullest possible and guaranteed convenience of using our services.
We value the trust that Users have in us by entrusting us with their personal data in order to complete the order. We always use personal data honestly and so as not to disappoint this trust, only to the extent necessary to complete the order, including its processing.
You have the right to obtain clear and complete information about how we use your personal data and for what purposes it is needed. We always provide clear information about the data we collect, how and to whom we transfer it, and provide information about entities to contact in case of doubts, questions or comments.
If there are any doubts regarding our use of the User's personal data, we will immediately take action to clarify and dispel such doubts, and we will fully and comprehensively answer all related questions.
We will take all reasonable steps to protect Users' data against improper and uncontrolled use and secure it in a comprehensive manner.
The administrator of personal data is Magdalena Świerlikowska, running a business under the name CARPETS & MORE Magdalena Świerlikowska with its registered office in Warsaw (02-952), ul. Wiertnicza 169, entered into the Central Register and Information on Economic Activity kept by the Minister of Development, NIP: 5321384366, REGON: 016161587, hereinafter referred to as CARPETS & MORE.
The legal basis for the processing of your personal data is Art. 6 section 1 letter b) GDPR. Providing data is not obligatory, but necessary to take appropriate actions preceding the conclusion of the contract and its implementation. We will transfer your personal data to other recipients entrusted with the processing of personal data on our behalf and for our benefit. Your data will be transferred pursuant to Art. 6 section 1 letter f) GDPR, where the legitimate interest is the proper performance of contracts/orders. In addition, we will share your personal data with other business partners. We store the collected personal data within the European Economic Area ("EEA"), but they may also be transferred to a country outside this area and processed there. Each operation of transferring personal data is performed in accordance with applicable law. Where data is transferred outside the EEA, we use standard contractual clauses and the Privacy Shield as safeguards for countries where the European Commission has not determined an adequate level of data protection.
The Administrator informs that third parties have access to user data collected by the website or application. These are:
Google Ireland Limited a company incorporated and existing under the laws of Ireland (Registration number: 368047 / VAT number: IE6388047V) Gordon House, Barrow Street Dublin 4 Ireland
X Corp. (data in §7)
Meta Platforms Inc. (data in §7)
Hotjar Ltd. (data in §7)
Your personal data related to the conclusion and implementation of the contract for the implementation of contracts will be processed for the period of their implementation, and for a period no longer than provided for by law, including the provisions of the Civil Code and the Accounting Act, i.e. no longer than 10 years, counting from the end of the calendar year in which the last contract was performed.
Your personal data processed for the purpose of concluding and performing future contracts will be processed until you raise an objection.
You have the right to: access your personal data and receive a copy of the personal data being processed, rectify your incorrect data; request deletion of data (right to be forgotten) in the event of the circumstances provided for in Art. 17 GDPR; request restriction of data processing in the cases indicated in Art. 18 GDPR, to object to data processing in the cases indicated in Art. 21 GDPR, transfer of the provided data processed in an automated manner.
If you believe that your personal data is being processed unlawfully, you may lodge a complaint with the supervisory authority (Office for Personal Data Protection, ul. Stawki 2, Warsaw). If you need additional information related to the protection of personal data or want to exercise your rights, please contact us by mail to the correspondence address.
We make every effort to protect against unauthorized access, unauthorized modification, disclosure and destruction of information in our possession. Especially:
We control how we collect, store and process information, including physical security measures, to help protect against unauthorized system access.
We grant access to personal data only to those employees, contractors and representatives who need to have access to it. Moreover, under the contract, they are obliged to maintain strict confidentiality, to allow us to control and check how they fulfill their obligations, and in the event of failure to fulfill these obligations, they may face consequences.
We will comply with all applicable data protection laws and regulations and will cooperate with data protection authorities and authorized law enforcement authorities. In the absence of data protection regulations, we will act in accordance with generally accepted data protection principles, principles of social coexistence and established customs.
The exact method of personal data protection is included in the personal data protection policy (ODO: security policy, personal data protection regulations, IT system management instructions). For security reasons, due to the procedures described therein, it is available only to state control authorities.
If you have any questions about how we handle personal data, please contact us via the website from which you were redirected to this Privacy Policy. The request for contact will be immediately forwarded to the appropriate person.
You always have the right to notify us if:
no longer wishes to receive information or messages from us in any form;
would like to receive a copy of your personal data that we hold;
correct, update or delete your personal data in our records;
wishes to report violations, improper use or processing of your personal data.
To make it easier for us to respond or respond to the information provided, please provide your name and surname and further details.
§3 Scope and purpose of collecting personal data
We process the necessary personal data in order to provide services and for accounting purposes only:
to place an order,
in order to conclude a contract, make a complaint and withdraw from the contract,
issuing a VAT invoice or other receipt.
monitoring traffic on our websites;
collecting anonymous statistics to determine how users use our website;
determining the number of anonymous users of our websites
controlling how often selected content is shown to users and what content is shown most often;
controlling how often users choose a given service or from which service contact occurs most often;
examining newsletter subscriptions and contact options;
using a personalized recommendation system for e-commerce;
using the tool for communication both by e-mail and then by telephone;
integration with the community portal;
possible online payments.
We collect, process and store the following user data:
first name and last name,
address,
delivery address (if different from the residential address),
tax identification number (NIP),
e-mail address (e-mail),
telephone number (mobile, landline),
date of birth,
Social Security,
information about the web browser used,
other personal data voluntarily provided to us.
Providing the above data is completely voluntary, but also necessary for the full provision of services.
Purpose of our data collection, processing or use:
direct marketing, archival purposes of advertising campaigns;
fulfilling obligations imposed by law by collecting information about undesirable activities;
We may transfer personal data to servers located outside the user's country of residence or to related entities, third parties based in other countries, including countries from the EEA (European Economic Area, EEA - free trade area and Common Market). , covering the countries of the European Union and the European Free Trade Association EFTA) in order to process personal data by such entities on our behalf in accordance with the provisions of this Privacy Policy and applicable laws, customs and regulations regarding data protection.
We store your personal data no longer than they are needed for the proper quality of service and, depending on the mode and purpose of obtaining them, we store them for the duration of the contract and after its completion for the purposes of:
fulfillment of obligations arising from legal provisions, tax and accounting regulations;
preventing abuse or crime;
statistical and archiving.
Marketing activities - for the duration of the contract, granting separate consent to the processing of such data - until the completion of activities related to the transaction, you object to such processing or withdraw your consent.
Sales-related and promotional activities - e.g. competitions, promotional campaigns - for the duration and settlement of such campaigns.
Operational activities - until the limitation of obligations imposed by the GDPR Regulation and relevant national regulations expire, in order to demonstrate reliability in the processing of personal data
pursuing any claims related to the completed contract;
Bearing in mind that many countries to which this personal data is transferred do not have the same level of legal protection for personal data as in your country. Your personal data stored in another country may be accessed in accordance with the laws applicable there, for example: courts, law enforcement and national security authorities, in accordance with the laws applicable in that country. Subject to lawful requests for disclosure, we undertake to require entities processing personal data outside your country to take measures to protect your data in a manner adequate to the provisions of their domestic law.
§4 Cookie Policy
We automatically collect information contained in cookies in order to collect User data. A cookie is a small piece of text that is sent to the User's browser and which the browser sends back the next time the website is visited. They are mainly used to maintain a session by generating and sending back a temporary ID after login. We use "session" cookies stored on the User's end device until logging out, turning off the website or turning off the web browser, and "persistent" cookies stored on the User's end device for the time specified in the cookie parameters or until they are deleted by the User.
Cookies adapt and optimize the website and its offer for the needs of Users through activities such as creating statistics of views and ensuring security. Cookies are also necessary to maintain the session after leaving the website.
The Administrator processes the data contained in Cookies every time the website is visited by visitors for the following purposes:
optimizing the use of the website;
identification of Service Users as currently logged in;
adaptation, graphics, selection options and any other content of the website to the individual preferences of the Service User;
remembering automatically and manually completed data from Order Forms or login details provided by the visitor;
collecting and analyzing anonymous statistics showing how the website is used in the administration panel and Google Analytics
creating remarketing lists based on information about preferences, behavior, how to use the Website, interests and collecting demographic data, and then sharing these lists in AdWords and Facebook Ads.
creating data segments based on demographic information, interests, preferences in the selection of viewed products/services.
using demographic and interest data in Analytics reports.
The user can completely block and delete the collection of cookies at any time using his web browser.
Blocking the ability to collect Cookies on your device by the User may make it difficult or impossible to use some functionalities of the website, to which the User is fully entitled, but in such a situation the User must be aware of the functional limitations.
A user who does not want cookies to be used for the purpose described above can delete them manually at any time. To read detailed instructions, please visit the website of the manufacturer of the web browser currently used by the User.
More information about Cookies is available in the help menu of each web browser. Examples of web browsers that support the above-mentioned "Cookies" files:
We have the right, and in cases specified by law, also a statutory obligation, to provide selected or all information regarding personal data to public authorities or third parties who submit such a request for information under applicable Polish law.
The User has the right to access the content of his/her personal data that he/she provides, the User may correct and supplement this data at any time, and also has the right to request that it be deleted from his/her databases or that its processing be discontinued, without giving any reason. In order to exercise their rights, the User may at any time send an appropriate message to the e-mail address or in another way that will deliver/forward such a request.
The processing of personal data of natural persons who are our clients is based on:
justified interest as a data controller (e.g. in the field of creating a database, analytical and profiling activities, including activities related to the analysis of product use, direct marketing of own products, securing documentation for the purpose of defending against possible claims or for the purpose of pursuing claims)
consent (including in particular consent to e-mail marketing or telemarketing)
performance of the concluded contract
obligations arising from law (e.g. tax law or accounting regulations).
The processing of personal data of natural persons who are potential customers is based on:
justified interest of the data controller (e.g. in the field of creating a database, direct marketing of own products)
consent (including in particular consent to e-mail marketing or telemarketing)
The User's request to delete personal data or to stop processing them may result in the complete inability to provide services or their serious limitation.
We attach particular importance to the issue of profiling and point out that:
for profiling purposes, we usually process data that was previously subject to SSL encryption;
we use typical data for this: e-mail address and IP address or cookies
we profile in order to analyze or forecast the personal preferences and interests of people using our Websites or products or services and to match the content on our Websites or products to these preferences
we profile for marketing purposes, i.e. matching the marketing offer to the above-mentioned preferences.
We undertake to act in accordance with applicable laws and principles of social coexistence.
Information on out-of-court settlement of consumer disputes. The authorized entity within the meaning of the Act on out-of-court settlement of consumer disputes is the Financial Ombudsman, whose website address is as follows: www.rf.gov.pl.
§6 Basic safety rules
Each user should take care of their own data security and the security of their devices that access the Internet. Such a device should absolutely have an antivirus program with an up-to-date, regularly updated database of virus definitions, types and types, a safe version of the web browser it uses and a firewall enabled. The user should check whether the operating system and programs installed on it have the latest and compatible updates, because attacks take advantage of errors detected in the installed software.
Access data to services offered on the Internet - e.g. logins, passwords, PIN, electronic certificates, etc. - should be secured in a place inaccessible to others and impossible to hack from the Internet level. They should not be disclosed or stored on the device in a form that allows unauthorized access and reading by unauthorized persons.
Be careful when opening strange attachments or clicking links in e-mails that you did not expect, e.g. from unknown senders or from the spam folder.
It is recommended to run anti-phishing filters in the web browser, i.e. tools that check whether the displayed website is authentic and does not serve to phish information, e.g. by impersonating a person or institution.
Files should be downloaded only from trusted places, services and websites. We do not recommend installing software from unverified sources, especially from unknown publishers with unverified reviews. This also applies to portable devices, e.g. smartphones, tablets.
When using a home Wi-Fi wireless network, you should set a password that is safe and difficult to crack; it should not be any pattern or sequence of characters that is easy to guess (e.g. street name, host's name, date of birth, etc.). It is also recommended to use the highest possible encryption standards for Wi-Fi wireless networks that can be run on your equipment, e.g. WPA2.
§7 Using Social Media plugins
Plugins from the social networking sites facebook.com and Twitter and others may be located on our websites. The related services are provided by Meta Platforms and X Corp, respectively.
Twitter is operated by X Corp., X Corp. 1355 Market Street, Suite 900 San Francisco, CA 94103, United States To view Twitter plugins go to: https://dev.twitter.com/web/tweet-button
The plug-in only tells its provider which of our websites you have accessed and at what time. If, while viewing or staying on our website, the user is logged in to his or her account, e.g. on Facebook or Twitter, the provider is able to combine your interests, information preferences, and other data obtained, e.g. by clicking the Like button or leaving comment, or enter the profile name in the search. This information will also be transmitted by the browser directly to the provider.
For more detailed information about the collection and use of data by Facebook, Twitter or Hotjar and about protecting your privacy, please visit the following websites:
To avoid your selected user account being recorded via Facebook or Twitter on our website, you must log out of your account before browsing our websites.