This Privacy Policy is a document related to Terms and Conditions of the Online Store edulepki.pl (“Terms and Conditions”). Definitions of terms used in this Privacy Policy are contained in the Terms and Conditions. Provisions of the Terms and Conditions are applied accordingly.

This Policy is informative and constitutes the fulfillment of the obligation to provide information which binds the data administrator in accordance with the Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”).

1. PERSONAL DATA ADMINISTRATOR
   

   1.1 Personal data of Buyers are processed by the Seller, that is by EDULEPKI Sp z o.o. with its office in SOPOT, Chmielewskiego 5/3, registered in the register of entrepreneurs of the National Court Register kept by the District Court for Sopot, … Commercial Division of the National Court Register under number KRS …, Tax Identification Number NIP …, National Business Registry Number REGON …, as the data administrator (hereinafter “Administrator”).

   1.2. Contact with the Administrator and the Personal Data Inspector is possible in particular through email: info@edulepki.pl, or at the following postal address: EDULEPKI Sp. z o.o., ul. Chmielewskiego 5/3, 81-721 Sopot.

2. SCOPE AND TERM OF THE PROCESSING
   
   2.1. The scope of personal data processed by the Seller constitutes the scope of data provided and then sent by the Buyer with the use of an adequate form. The Seller may process the following data: email address, name and surname, telephone number, residence/delivery address, IP address, name and surname of the child of the Buyer.

   2.2. If the Seller obtains information regarding use of the services by the Buyer that is not consistent with Terms and Conditions or applicable regulations (prohibited use), the Seller may process the personal data of the Buyer in order to determine their liability.

   2.3. Personal data of the Buyer will be processed for 5 years from the moment of the last Order, and in the case of Newsletter subscribers, until the Newsletter agreement is terminated, and will be deleted afterwards, unless their processing is required in accordance with another legal basis.

   2.4. The Seller does not transfer personal data to a third country.

   2.5. The personal data of the Buyers is not processed with the use of an automated method.

3. AIM AND BASIS OF THE PROCESSING
   

   3.1. Personal data of the Buyers will be processed for the following purposes:
   (a) compliance with legal regulations,
   (b) realisation of Sales Agreements, concluded services by electronic means, in particular for the purpose of maintaining the User’s Account and other activities listed in the Terms and Conditions;
   (c) performance of the Seller’s promotional and trade operations.

   3.2. The legal basis for personal data processing in the case:
   3.2.1. described in point 3.1(a) is the statutory authorisation to process data as necessary for compliance with law,
   3.2.2. described in point 3.1(b) is the statutory authorisation to process data as necessary for realisation of the agreement, if the subject of data is a party of the agreement or if it is necessary for actions taken before entering an agreement, on demand of the subject of data.
   3.2.3. described in point 3.1(c) – free consent of the Buyer.
   
   3.3. Providing personal data is voluntary, however, lack of consent for processing of personal data marked as mandatory will prevent the Seller from completing Orders and performing services for the Buyer.

4. DATA RECIPIENT
   
   4.1. The Seller may entrust third parties with processing of personal data, in which case the following can become data recipients: company providing hosting services to the Online Store edulepki.pl, company performing technical services for the Online Store edulepki.pl, including company distributing the Newsletter, company performing payment services (i.a. PayLane Sp. z o.o. with its office in Gdańsk, Arkońska 6/A3, postal code: 80-387, National Court Register number KRS: 0000227278. In the scope necessary for handling payments for orders), accounting company, flagship store, carrier.
   
   4.2. Personal data collected by the Seller can also be made available to: adequate state authorities on their demand, on the basis of appropriate legal regulations, or to other persons and entities – in cases described by legal regulations.
   
   4.3. Each entity entrusted with processing of personal data of the Buyer on the basis of an agreement on processing of personal data (hereinafter “Entrustment Agreement”) guarantees the proper level of safety and confidentiality of the personal data processing. The entity which processes personal data of the Buyer on the basis of the Entrustment Agreement can process personal data of the Buyer through another entity, only with Seller’s prior consent.
   
   4.4. Sharing personal data with entities which are not authorised in accordance with this Privacy Policy can be performed only with the prior consent of the Buyer who is the subject of the data.
   
   
5. RIGHTS OF DATA SUBJECT
   
   5. 1. Each Buyer has the right to: (a) delete collected personal data regarding the Buyer from the system of the Seller, as well as from databases of entities which cooperate or cooperated with the Seller, (b) limit processing of their data, (c) transfer personal data collected by the Seller regarding the Buyer, including the right to receive the data in a structured form, (d) demand access to their personal data from the Seller and to correct the data, (e) object against processing, (f) withdraw the consent given to the Seller at any moment, with the lawfulness of processing performed on the basis of this consent before its withdrawal remaining unchanged, (g) file a complaint against the Seller to a controlling authority.
   
   
6. OTHER DATA
   
   6.1. Online Store edulepki.pl can store http requests, therefore some information can be saved in the server log files, including IP address of the computer from which the request originated, Buyer’s workstation name – identification realised by the http protocol, if possible, date and system time of registration on the site of the Online Store edulepki.pl and receipt of the request, amount of bytes sent by the server, URL address of the site visited by the Buyer previously, if the Buyer used a link, information regarding the web browser used by the Buyer, information regarding errors arising during realisation of the http transaction. Logs can be collected as material used for proper administration of the Online Store edulepki.pl. Only persons authorised to manage the IT system have access to the information. Log files can be analysed for the purpose of statistics regarding visitors of the Online Store edulepki.pl, and arising errors. Summary of such information does not identify the Buyer.
   
   
7. INFORMATION SECURITY
   
   7.1. The Seller takes technical and organisational measures ensuring protection of the processed personal data adequate to the risk and category of the protected data, in particular, the Seller protects technical and organisational data against access of unauthorised persons, transfer by unauthorised persons, processing that violates the law, loss, impairment, destruction; among others, SSL certificates (Secure Socket Layer) are used. The Seller has also implemented appropriate technical and organisational measures, such as pseudonymisation, created for the effective realisation of data protection principles, such as data minimisation, and in order to secure the processing in accordance with the GDPR requirements, and to protect the rights of data subjects.
   
   7.2. The Seller implements all adequate technical measures listed in the Articles 25, 30, 23-34, 35-39 of the GDPR which ensure extended protection and security of processing of the personal data of the Buyer.
   
   7.3. In order to log into the Account, username and password are necessary. Password that authorises access to an Account is kept by the Online Store edulepki.pl only in a coded form, to ensure adequate level of security. What is more, registration and login into an Account happen through a secure https connection. Communication between the Buyer’s device and servers is coded with the use of the SSL protocol.
   
   7.4. The Seller informs that using the Internet and services performed by electronic means, in particular using public WIFI connection, may entail specific risk related to Information and Communication Technologies, such as: existence and activity of net worms, spyware, malware, including computer viruses, as well as the risk of cracking and phishing, and others. For detailed and professional information regarding Internet security, the Seller advises to seek advice from entities specialising in this type of IT services.
   
   
8. COOKIES
   
   8.1. To ensure proper functioning of the Online Store edulepki.pl, the Seller uses the Cookie technology. Cookies constitute sets of information saved on the Buyer’s device through the Online Store edulepki.pl, usually containing information related to the purpose of the file, used by the User – these are usually: site address, date of placing, date of expiration, unique number and additional information related to the purpose of the file.
   
   8.2. The Seller uses two types of Cookies: session files, which are deleted permanently when session of the User’s web browser is over, and persistent files, which remain on the Buyer’s device after the web browser session is over, until they are removed.
   
   8.3. Identity of the Buyer cannot be determined on the basis of Cookies, neither session, nor persistent. Cookies technology does not allow collection of any personal data. Cookies of the Online Store edulepki.pl are safe for the Buyer’s device, in particular they do not facilitate introduction of viruses or other software onto the device.
   
   8.4. Files generated directly by the Online Store edulepki.pl cannot be read by other sites. External Cookies (that is, Cookies used by partners of the Seller) can be read by an external site.
   
   8.5. The Buyer can deactivate storing of the external Cookies on their device, as in the instruction of the web browser provider, however, this can cause parts or functions of the Online Store edulepki.pl to be unavailable.
   
   8.6. The Seller uses own Cookies for the following purposes: authentication of the Buyer in the Online Store edulepki.pl and maintaining the Buyer’s session; configuration of the Online Store edulepki.pl and adjusting the content of the site to Buyer’s preferences, such as: determining Buyer’s device, saving settings chosen by the Buyer; ensuring security of data and using of the Online Store edulepki.pl; viewing analysis and assessment; providing advertising services.
   
   8.7. The Seller uses external Cookies for the following purposes: creating (anonymous) statistics allowing optimisation of the usefulness of the Online Store edulepki.pl, with the use of analytical tools such as Google Analytics; using interactive functions of social media sites such as facebook.com, instagram.com, pintrest.com and youtube.com.
   
   8.8. The Buyer can independently change Cookie settings at any time, defining conditions of storing of the files, through web browser settings or through service configuration. The Buyer can independently delete Cookies saved on their device at any time, as in the instruction of the web browser provider.
   
   8.9. Detailed information regarding handling of Cookies is available in the web browser settings.
   
   
9. FINAL PROVISIONS
   
   9.1. This Privacy Policy becomes effective on 25 May 2018.