1. PERSONAL DATA
- Personal data provided by the Customer are processed by the Seller (i.e. Foundation Coffee Roasters LLC with its registered office in Warsaw, at 35 apt., 3, FRANCISZKAŃSKA street, Warsaw, code 00-233, entered into the Register of Entrepreneurs of the National Court Register under number 0001014694, NIP: 5252940403), which is the administrator of personal data. In accordance with the rules set out in the Regulation of the European Parliament and of the Council, EU 2016/679 of April 27, 2016. (hereinafter "GDPR"). Contact with the Administrator of personal data may take place via e-mail firstname.lastname@example.org or by telephone contact +48 517 393 325.
- The scope of the processed personal data determines the scope of data supplemented by the Customer and then sent to the Seller using the appropriate form. The processing of the Customer's personal data may concern his e-mail address, name and surname, telephone number, address of residence and computer IP address. Customers' personal data will be processed for a period of 5 years, and then they will be deleted, unless further processing results from a different legal basis.
- Customers' personal data will be processed in order to: (a) implement the law, (b) create an Account, perform the Order, provide electronic services, consider complaints and other activities indicated in the Regulations, (c) promotional and commercial activities of the Seller.
- Providing personal data is voluntary, but the lack of consent to the processing of personal data marked as mandatory will prevent the Seller from performing services and implementing Sales Agreements.
- The legal basis for the processing of personal data in the case referred to in par. 3 lit. (a) there is a legal obligation of the Seller related to the performance of the contract to which the data subject is a party, including the obligation to act at the request of the data subject before concluding the contract; In the case referred to in par. 3 lit. (b) the legal basis for the processing of personal data is the consent of the data subject who has consented to the processing of his personal data for one or more specific purposes, and in the case referred to in par. 3 lit. (c) processing is necessary to comply with a legal obligation to which the controller is subject.
- Customers' personal data may be entrusted for processing, only for the purpose of implementing Sales Agreements and contracts for the provision of electronic services by the Seller, to a hosting company, a company providing accounting services for the Seller and a courier company. The entity processing Customers' personal data, based on the Entrustment Agreement, will process Customers' personal data through another entity, only on the basis of the Seller's prior consent, from the entry into force of the GDPR. Personal data collected by the Seller may also be made available to: relevant state authorities at their request on the basis of relevant legal provisions, or other persons and entities - in cases provided for by law.
- Disclosure of personal data to unauthorized entities according to this Policy may take place only with the prior consent of the Customer to whom the data pertains.
- Customers have the right to: delete personal data collected about them both from the Seller's system and from the databases of entities cooperating with the Seller, limit data processing, transfer personal data collected by the Seller regarding Customers and to receive them in a structured form, submit complaints to the supervisory authority in a situation where the customer considers that his data is processed unlawfully and to bring a legal protection measure before the court against the supervisory authority as the entity committing the infringement.
- If the Seller receives information about the Customer's use of the service provided electronically in violation of the Regulations or applicable regulations (unauthorized use), the Seller may process the Customer's personal data to the extent necessary to determine the Customer's liability.
- The website may store HTTP queries, therefore some information may be stored in the server log files, including the IP address of the computer from which the query came, name of the client's station - identification carried out by the HTTP protocol, if possible, date and the system time of registration in the Store and the arrival of the query, the number of bytes sent by the server, the URL address of the page previously visited by the Customer, if the Customer entered via a link, information about the Customer's browser, information about errors that occurred during the HTTP transaction. Logs may be collected as material for the proper administration of the Store. Only persons authorized to administer the IT system have access to the information. Log files can be analyzed in order to compile traffic statistics in the Store and errors. The summary of such information does not identify the Customer.
- The transfer of Customers' personal data to third countries will take place in accordance with the requirements introduced by the GDPR.
2. INFORMATION SECURITY
- The seller uses technical and organizational measures to ensure the protection of personal data being processed, as specified in art. 25.30, 32-34, 35-39 of the GDPR, ensuring increased protection and security of the processing of Customers' personal data, appropriate to the threats and categories of data protected, and in particular, technically and organizationally protects data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of the Act and change, loss, damage or destruction, including SSL certificates are used (Secure Socket layers). The set of collected Customers' personal data is stored on a secured server and the data is also protected by the Seller's internal procedures in the field of personal data processing and information security policy.
- To log in to the Account, it is necessary to provide the login and password. To ensure an appropriate level of security, the Account access password exists in the Store only in encrypted form. In addition, registration and logging into the Account take place in a secure HTTPS connection. Communication between the Customer's device and the servers is encrypted using the SSL protocol.
- At the same time, the Seller indicates that the use of the Internet and services provided electronically may be associated with specific ICT risks, such as: the presence and operation of worms, spyware or malware, including computer viruses, as well as the possibility of being exposed to cracking or phishing (password hunting), and others. In order to obtain detailed and professional information on maintaining security on the Internet, the Seller recommends obtaining them from entities specializing in this type of IT services.
- For the proper operation of the Store, the Seller uses cookie technology, based on the provisions of the Regulation on respect for private life and the protection of personal data in electronic communications (e- Privacy Regulation). Cookies are information packages saved on the Customer's device via the Store, usually containing information in accordance with the purpose of the file, by means of which the Customer uses the Store - these are usually: website address, date of placement, expiry date, unique number and additional information in accordance with purpose of the file.
- The seller uses two types of cookies: session cookies, which are permanently deleted at the end of the customer's browser session, and with the customer's consent, expressed through the browser settings, persistent cookies, which remain after the end of the browser session on the customer's device until they are deleted.
- On the basis of cookies, both session and permanent, it is not possible to determine the identity of the Customer. The Cookies' mechanism does not allow you to download any personal data.
- Store cookies are safe for the Customer's device, in particular, they do not allow viruses or other software to get into the device.
- Files generated directly by the Store cannot be read by other websites. External Cookies (i.e. Cookies placed by the Seller's partners, with the prior consent of the Customer by selecting the appropriate browser settings) can be read by an external server.
- The customer may disable the saving of cookies on his device, in accordance with the browser manufacturer's instructions:
Persistent cookies and External Cookies by the Customer may not cause unavailability of some or all of the Store's functions.
- The Seller uses its own Cookies for the following purposes: authentication of the Customer in the Store and maintaining the Customer's session; configuration of the Store and adjusting the content of the pages to the Customer's preferences, such as: recognizing the Customer's device, remembering the settings selected by the Customer; ensuring the security of data and the use of the Store; analyzes and audience research; providing advertising services.
- The Seller uses External Cookies for the following purposes: creating (anonymous) statistics that allow optimizing the usability of the Store, through analytical tools such as Google Analytics; use of interactive functions via social networking sites: Facebook, Google+ and Instagram.
- The customer may independently change the settings for Cookies at any time, specifying the conditions for their storage, through the settings of the web browser or through the configuration of the service. The customer may also independently delete the cookies stored on his device at any time, in accordance with the instructions of the browser manufacturer.
- By using our website, you (the visitor) agree to allow third parties to process your IP address, in order to determine your location for the purpose of currency conversion. You also agree to have that currency stored in a session cookie in your browser (a temporary cookie which gets automatically removed when you close your browser). We do this in order for the selected currency to remain selected and consistent when browsing our website so that the prices can convert to your (the visitor) local currency.