PRIVACY POLICY OF THE ONLINE PLATFORM

www.dictador.com/store

§ 1.

Basic Terms

  1. The privacy policy on the Online Platform www.dictador.com/store has been created and adopted by – Dictador Europe sp. z o.o. with its registered office in Katowice.
  2. Personal data collected via the Platform is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as well as the Personal Data Protection Act of 10 May 2018.
  3. The terms used in the Policy mean:
  4. Administrator – Dictador Europe sp. z o.o. with its registered office in Katowice, ul. Fabryczna 15, 40 – 061 Katowice, NIP: 6423098529.
  5. Personal Data – any information relating to an identified or identifiable living natural person. Individual pieces of information that, combined, may lead to the identification of a person also constitute personal data. Information identifying a natural person by one or more specific factors defining their physical, physiological, genetic, mental, economic, cultural, or social identity, including the device IP, online identifier, and information collected via cookies and other similar technologies.
  6. Data Protection Officer
  7. Policy – this Privacy Policy.
  8. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  9. Platform – the online service operated by the Administrator at www.dictador.com/store.
  10. User – any natural person visiting the Platform or using one or more services or functionalities described in the Policy.

§ 2.

Processing of Personal Data

  1. In connection with the User’s use of the Platform, the Administrator collects Personal Data to the extent necessary to provide the offered services. Below are the detailed rules and purposes of processing Personal Data collected during the User’s use of the Platform.
  2. The information collected by the Administrator includes:
  3. first name,
  4. surname,
  5. email address,
  6. correspondence address,
  7. phone number,
  8. for individuals conducting business activities: NIP number and registration data.
  9. Providing personal data is voluntary, however, the Administrator informs that unless otherwise stated in individual forms (e.g., that providing data is optional), the Platform cannot be used anonymously (except for browsing). Therefore, refusal to provide data may result in the inability to conclude an agreement (order fulfilment).
  10. The Administrator appoints a Data Protection Officer as specified in the Privacy Policy.
  11. To create a customer account on the Platform, it is necessary to provide the following mandatory data:
  12. For individuals not conducting business activities:
  13. first and last name,
  14. residential address,
  15. email address,
  16. phone number.
  17. For entrepreneurs and organisations:
  18. first and last name,
  19. company or organisation name,
  20. business address,
  21. email address,
  22. phone number,
  23. NIP number.
  24. The Administrator ensures that personal data is:
  25. processed lawfully, fairly, and transparently;
  26. collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
  27. adequate, relevant, and limited to what is necessary for the purposes for which it is processed;
  28. accurate and, where necessary, updated;
  29. stored in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the data is processed;
  30. processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

§ 3.

Purposes and Legal Basis for Processing Personal Data

  1. Use of the Platform
  2. Personal data of all persons using the Platform is processed by the Administrator:
  3. for the purpose of providing electronic services related to enabling Users to conclude reservation agreements on the Platform, maintaining customer accounts on the Platform, ensuring contact regarding service performance, and making payments – the legal basis for processing is the necessity of processing for the performance of a contract (Art. 6(1)(b) GDPR);
  4. for the purpose of establishing and pursuing claims or defending against claims – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), which is the protection of its rights.
  5. Contact Form
  6. The Administrator provides the option to contact them via an electronic contact form. Using the form requires providing Personal Data necessary to establish contact with the User and respond to the inquiry. The User may also provide additional data to facilitate contact or inquiry handling. Providing data marked as mandatory is required to receive and handle the inquiry, and failure to do so will result in the inability to process the inquiry. Providing other data is voluntary.
  7. Personal data is processed for the purpose of identifying the sender and handling their inquiry submitted via the provided form – the legal basis for processing is the necessity of processing for the performance of a service agreement (Art. 6(1)(b) GDPR); for optional data provided, the legal basis for processing is consent (Art. 6(1)(a) GDPR).
  8. Marketing
  9. User’s personal data may also be used by the Administrator to send marketing content via email, including newsletters. Such actions are undertaken by the Administrator only if the User has given consent, which may be withdrawn at any time.
  10. Personal data is processed:
  11. for the purpose of sending requested commercial information – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR) in connection with the expressed consent;
  12. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (Art. 6(1)(f) GDPR), which involves analysing User activity on the Platform to improve its functionalities.
  13. Personal data may also be disclosed to public authorities or authorised entities upon request, based on legal regulations (Art. 6(1)(c) GDPR).

§ 4.

Cookies

  1. The Administrator uses cookies on the Platform. Cookies are understood as IT data, particularly text files, stored in Users’ terminal devices, designed to use websites. These files allow the User’s device to be recognised and properly display the website, customised to their individual preferences. Cookies usually contain the name of the website from which they originate, their storage duration on the terminal device, and a unique number.
  2. Cookies are used to customise website content to User preferences and optimise website usage. They are also used to create anonymous, aggregated statistics that help understand how Users use websites, enabling improvements to their structure and content, excluding personal identification of the User.
  3. The Platform uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which are text files placed on the User’s computer to enable the website to analyse how Users use the website. Information generated by cookies regarding the User’s use of the website (including their IP address) will be transmitted to Google and stored on servers in the United States. Google will use this information to evaluate the User’s use of the website, create reports on website traffic for website operators, and provide other services related to website traffic and Internet usage. Google may also transfer this information to third parties if required to do so by law or if such third parties process the information on Google’s behalf. Google will not associate the User’s IP address with any other data held by Google.
  1. The User may opt out of cookies by selecting the appropriate settings in their browser; however, it should be noted that in such cases, using all website functions may not be possible. By using this website, the User consents to Google processing their data in the manner and for the purposes outlined above.
  2. While using the Platform, data about the User is automatically collected. This data includes, among others: IP address, domain name, browser type, and operating system type. This data may be collected through cookies, the Google Analytics service, and social networking services such as Facebook, Instagram.
  3. Cookies are files sent to the User’s computer or another device while browsing the Platform’s website.
  4. The data referred to in this section is used to tailor, measure, and improve the Platform’s services and to conduct marketing activities.
  5. As part of its marketing activities, the Company uses the services of the following entities, which use cookies on the Company’s Website:
    a. Google AdWords
    b. Google Analytics
    c. Facebook
    d. Instagram

  6. More information about the cookies used by the mentioned entities can be found in their privacy policies. The User can change the way cookies are used by managing their consent settings in the privacy settings on the Company’s Website or through their browser, including blocking or deleting cookies from the Company’s Website (and other websites). To do this, the User must change their browser settings. The method of deletion varies depending on the web browser used. Information on how to delete cookies should be available in the “Help” section of the selected web browser. Deleting cookies is not the same as deleting personal data obtained by the Company through cookies. It is also possible to block third-party cookies while accepting cookies used directly by the Company (the option to “block third-party site cookies”). Restricting the use of cookies on a particular device may prevent or significantly hinder proper use of the Company’s Website, for example, by preventing session login maintenance.

§ 5.

Period of Processing of Personal Data

  1. As a rule, data is processed for the duration of the service, until the consent given is withdrawn, or until a valid objection is raised against processing, where the legal basis for processing is the legitimate interest of the Administrator.
  2. The processing period may be extended if processing is necessary for the establishment and pursuit of potential claims or defence against claims, and after this period, only if and to the extent required by law. After the processing period has expired, data is irreversibly deleted or anonymised.
  3. In the case of data processed by authorised entities based on legal regulations (public authorities), the data will be processed until the Administrator fulfils the legal obligations imposed on it.

§ 6.

User Rights

  1. The User has the right to access their data and to request:
  2. rectification,
  3. deletion,
  4. restriction of processing,
  5. the right to data portability,
  6. the right to lodge a complaint with the supervisory authority responsible for personal data protection, i.e., the President of the Personal Data Protection Office.
  7. The User also has the right to object to the processing of their data, which is carried out based on the legitimate interest of the Administrator.
  8. The User acknowledges that objecting to the processing of personal data required for the use of the Platform (including order placement) will result in the inability to complete the order, for which the Administrator is not responsible.
  9. In the event of an objection to the processing of personal data based on consent – including for marketing purposes – exercising this right will result in the termination of data processing for those purposes.
  10. Providing personal data specified in § 2(2) of the Policy is a condition for entering into an agreement. If the data is not provided, the Administrator has the right to refuse to conclude the agreement.
  11. To the extent that the User’s data is processed based on consent, this consent may be withdrawn at any time by contacting the Administrator at office@dictador.com
  12. The Administrator shall comply with or refuse the request immediately – within a maximum of one month from the date of receipt.

§ 7.

Recipients of Personal Data

  1. In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular:
  2. IT service providers (hosting, email services) enabling proper use of the Platform;
  3. entities providing accounting, bookkeeping, and legal services to the Administrator (accounting offices, law firms);
  4. entities handling order fulfillment on the Platform (logistics companies);
  5. mobile payment operators and banks.
  6. Additionally, personal data will be processed on behalf of the Administrator by authorised employees and associates who use the data to fulfill the Platform’s purpose.
  7. If the User consents, their data may also be shared with other entities for their own purposes, including marketing purposes.
  8. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who submit a request for such information based on an appropriate legal basis and in accordance with applicable law.
  9. As part of the Platform’s use of tools supporting its operations, such as those provided by Google, the User’s personal data may be transferred outside the European Economic Area (EEA), particularly to the United States of America (USA) or other countries where entities cooperating with Google maintain data processing tools in collaboration with the Platform. The Administrator ensures appropriate safeguards for the transferred personal data by implementing standard data protection clauses adopted in data processing agreements, meeting GDPR requirements. If data is transferred from Europe to the USA, some entities located there may additionally guarantee an appropriate level of data protection under the Privacy Shield program (more information available at: https://www.privacyshield.gov/).
  10. Since the Platform uses cookies and similar tracking technologies, this Privacy Policy applies to all individuals visiting the Platform, regardless of whether they are customers of the Platform (i.e., whether they place orders or hold an account on the Platform).
  11. System log data may include various information, such as the IP address. The Administrator uses such data solely for technical purposes. Some areas of the Platform’s registration system may use cookies, which are text files stored on the User’s computer, identifying them and enabling automatic completion of form fields based on previously entered data. Cookies will function properly only if they are accepted by the browser and are not deleted from the device.
  12. The User’s personal data may be profiled. Profiling means Administrator’s actions [undertaken due to the need to display general adverts, offers, or promotions (discounts) applying to all Customers, in a way adapted to the interests of a given User], which may include analysing the User’s activity on the Platform, such as how often they visit, which products they purchase or reserve, and how they interact with content. This allows for a better understanding of the User’s needs and preferences, ensuring that the Platform can tailor its offerings accordingly, without significantly affecting the User’s decisions. Thanks to the application of advanced technologies by the Company, the aforementioned actions are often automated, ensuring that the content sent to the User is relevant and up-to-date, and the User can quickly familiarise themselves with it.

§ 8.

Data Security

  1. The Administrator continuously conducts risk assessments to ensure that Personal Data is processed securely. This includes ensuring that only authorised persons have access to the data and only to the extent necessary to perform their duties. The Administrator ensures that all operations on Personal Data are logged and performed only by authorised personnel and associates.
  2. The Administrator takes all necessary measures to ensure that subcontractors and cooperating entities provide guarantees of applying appropriate security measures whenever they process Personal Data on behalf of the Administrator.
  3. The Administrator undertakes all necessary and required technical measures to ensure the security and integrity of processed personal data – by implementing appropriate security protocols, password updates, multi-factor authentication, backup creation, and the use of software protecting against unauthorized interference.
  4. The Administrator ensures:
  5. protection against unauthorised access,
  6. protection against data loss,
  7. protection against accidental or unauthorised data modification,
  8. organisational solutions to maintain a high level of data confidentiality and security, including training, internal policies, password management guidelines, etc.

§ 9.

Final Provisions

  1. Contact with the Administrator is possible via email at online@dictador.com
  2. The Administrator reserves the right to introduce changes to the Privacy Policy if required by law or to improve the functioning of the Platform.
  3. The Policy is continuously reviewed and updated as necessary.
  4. The current version of the Policy was adopted and is effective as of 01.05.2024.