PRIVACY POLICY

Effective from 01.11.2023
The previous version of the Privacy Policy is available here.

WHAT IS THE PRIVACY POLICY?

We would like to acquaint you with the details of how we process your personal data to provide you with full knowledge and comfort in using our website.

As we operate in the online industry, we understand the importance of safeguarding your personal data. Therefore, we take special care to protect your privacy and the information you provide to us.

We carefully select and implement appropriate technical measures, particularly those of a programming and organizational nature, to ensure the protection of processed personal data. Our website uses encrypted data transmission (SSL), providing protection for the data that identifies you.

In our Privacy Policy, you will find all the most important information regarding how we process your personal data. We ask you to read it, and we promise it will take you no more than a few minutes.

Who is the administrator of the website www.duchbdsm.com?

The administrator of the website is Jakub Choroszkiewicz, conducting business under the name DUCH BDSM - JAKUB CHOROSZKIEWICZ, registered in the Central Register and Information on Economic Activity conducted by the minister responsible for the economy, with the address at ul. Michała Ossowskiego 10 lok. 8, 42-200 Częstochowa, Tax Identification Number (NIP) 5732929005, National Business Registry Number (REGON) 389939690 (hereinafter: we).

PERSONAL DATA

Which legal act regulates the processing of your personal data?

Your personal data is collected and processed by us in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), commonly referred to as GDPR. In matters not covered by GDPR, the processing of personal data is regulated by the Act of 10 May 2018 on personal data protection.

Who is the administrator of your personal data?

The administrator of your personal data is Jakub Choroszkiewicz, conducting business under the name DUCH BDSM - JAKUB CHOROSZKIEWICZ, registered in the Central Register and Information on Economic Activity conducted by the minister responsible for the economy, with the address at ul. Michała Ossowskiego 10 lok. 8, 42-200 Częstochowa, Tax Identification Number (NIP) 5732929005, National Business Registry Number (REGON) 389939690, phone: +48 536 798 166, email: duchbdsm@gmail.com.

Regarding your personal data, you can contact us through:

email: duchbdsm@gmail.com,
traditional mail: ul. Michała Ossowskiego 10 lok. 8, 42-200 Częstochowa,
phone: +48 536 798 166.

HOW DO WE PROCESS THE PERSONAL DATA YOU PROVIDE TO US?

What personal data do we process and for what purposes do we process it?

On our website, we offer you various services for which we process different personal data, based on different legal grounds.

Privacy Policy Table 1 illustrates clear principles of personal data protection, emphasizing transparency and the security of information processing.

Voluntary provision of personal data

Providing the required personal data by you is voluntary but constitutes a condition for us to provide services to you (e.g., sending newsletters or creating an account).

Recipients of personal data

The current list of entities to whom we disclose your personal data can be found here.

Automated decision-making (including profiling)

We use tools to send personalized advertisements to you. Based on your actions in the Store, particularly your choice of viewed content and the time spent on Store subpages, we adjust and display marketing content tailored to you. Through this profiling, we can direct marketing messages that are more desirable to you, benefiting both us and you, as we limit marketing messages about goods and services that are not within your areas of interest.

Will we transfer your personal data outside of the EEA or to an international organization?

To use Google tools, your personal data may be transferred to the United States, where Google LLC servers are located.

Google LLC is listed in the Data Privacy Framework program (link: https://www.dataprivacyframework.gov/s/participant-search), which means that the protection of personal data is adequate in relation to the regulations applicable in the European Union, in accordance with Commission Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of protection of personal data in the EU-USA Data Privacy Framework (link: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework.pdf).

To use Facebook, Instagram, and WhatsApp tools, your personal data may be transferred to the United States, where Meta Platforms Inc. servers are located.

Meta Platforms Inc. is listed in the Data Privacy Framework program (link: https://www.dataprivacyframework.gov/s/participant-search), which means that the protection of personal data is adequate in relation to the regulations applicable in the European Union, in accordance with Commission Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of protection of personal data in the EU-USA Data Privacy Framework (link: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework.pdf).

To use the statistical tool Visitor Analytics, your personal data may be transferred to the United States. According to the privacy policy of the specified tool, Twipla takes appropriate measures to ensure that your personal data remains protected and requires external service providers and partners to also have appropriate safeguards. More information in the Hotjar Privacy Policy at the following link: https://www.twipla.com/en/support/legal-data-privacy-certificates/standard-integration/data-processing-agreement-cookie-information.

To use Wix tools, your personal data may be transferred to Israel, the United States, Taiwan, South Korea, where Wix.com Ltd. servers are located.

Wix.com Ltd. is listed in the Privacy Shield program (link: https://www.privacyshield.gov/participant?id=a2zt0000000GnbGAAS), which means that the protection of personal data is adequate in relation to the regulations applicable in the European Union, in accordance with Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 on the adequacy of protection provided by the EU-US Privacy Shield (link: https://eur-lex.europa.eu/legal-content/PL/TXT/HTML/?uri=CELEX:32016D1250&from=EN).

*Please note that Privacy Shield is no longer a legally binding framework in the European Union but a certification program that sets certain standards for the protection of personal data for entities with servers in the United States. Currently, it serves as a form of certification for entities listed in Privacy Shield, indicating that they meet certain standards of personal data protection.

HOW DO WE PROCESS YOUR PERSONAL DATA RECEIVED FROM OTHER DATA CONTROLLERS (E.G., FACEBOOK)

Our store enables:

logging into your store account using your Facebook profile,
logging into your store account using your Instagram profile,
logging into your store account using your Google account,
sharing content from the online store on your Facebook profile,
sharing content from the store on your Instagram profile,
sharing content from the store via WhatsApp.

In such cases, we receive your personal data not directly from you, but from the services providing these functionalities, i.e.: Facebook, Instagram, WhatsApp, Google. To give you full control over your data, we provide information below about how we process your personal data.

Categories of relevant personal data:

We process the following categories of relevant personal data:

identification data (i.e., personal data that you have published in your profile on Facebook, Instagram, Google, primarily first name, last name, nickname, email address, and image).

Source of origin of personal data:

Your personal data comes from the service:

Facebook, administered by Meta Platforms Ireland Limited;
Instagram, administered by Meta Platforms Ireland Limited;
WhatsApp, administered by Meta Platforms Ireland Limited;
Google, administered by Google Ireland Ltd.

Purposes and legal bases for processing personal data:

Your personal data, which we have obtained, will be processed for the following purposes:

Privacy Policy Table 2 provides detailed information about the collection, processing, and storage of personal data, emphasizing a commitment to user privacy.

YOUR RIGHTS IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA BY US:

Under the General Data Protection Regulation (GDPR), you have the right to:

Request access to your personal data.
Request correction of your personal data.
Request erasure of your personal data.
Object to the processing of your personal data.
Request restriction of processing your personal data.
Request the transfer of your personal data.

If you submit any of the above requests, we will provide you with information about the actions taken in response to your request without undue delay, and in any case within one month of receiving the request. In case of need, we may extend the one-month period by another two months due to the complex nature of the request or the number of requests. In any case, we will inform you of the extension and provide you with the reasons for the delay within one month of receiving the request.

Right of access to personal data (Article 15 GDPR):

You have the right to obtain information about whether we process your personal data. If we process your personal data, you have the right to:

access your personal data,
obtain information about the purposes of processing, the categories of personal data processed, recipients or categories of recipients of this data, the planned period of storage of your data or the criteria for determining this period, your rights under the GDPR, and the right to lodge a complaint with the President of the Office for Personal Data Protection, the source of this data, automated decision-making, including profiling, and the safeguards used in connection with the transfer of this data outside the European Union,
obtain a copy of your personal data.

If you want to request access to your personal data, please send your request to: duchbdsm@gmail.com.

Right to rectification of personal data (Article 16 GDPR):

If your personal data is incorrect, you have the right to request immediate rectification of your personal data. You also have the right to request us to complete your personal data. If you want to request rectification or completion of your personal data, please send your request to: duchbdsm@gmail.com.

Right to erasure of personal data, known as the "right to be forgotten" (Article 17 GDPR):

You have the right to request the erasure of your personal data when:

your personal data is no longer necessary for the purposes for which it was collected or otherwise processed,
you have withdrawn your specific consent, to the extent that personal data was processed based on your consent,
your personal data has been processed unlawfully,
you have objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing,
you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us or by a third party.

Despite the submission of a request for erasure of personal data, we may continue to process your data for the purpose of establishing, pursuing, or defending claims, about which you will be informed. If you want to request erasure of your personal data, please send your request to: duchbdsm@gmail.com.

Right to request restriction of processing of personal data (Article 18 GDPR):

You have the right to request restriction of processing of your personal data when:

you contest the accuracy of your personal data – in such a case, we will restrict the processing of your personal data for a period allowing us to verify the accuracy of this data,
the processing of your data is unlawful, and instead of erasing the personal data, you request restriction of its use,
your personal data is no longer needed for processing purposes, but is necessary for the establishment, exercise, or defense of legal claims,
you have objected to the processing of your personal data – until it is verified whether our legitimate interests override the grounds indicated in your objection.

If you want to request restriction of processing of your personal data, please send your request to: duchbdsm@gmail.com.

Right to object to the processing of personal data (Article 21 GDPR):

You have the right to object at any time to the processing of your personal data, including profiling, in connection with:

processing necessary for the performance of a task carried out in the public interest or for the exercise of official authority vested in the data controller or a third party,
processing for direct marketing purposes.

If you wish to object to the processing of your personal data, please send your request to: duchbdsm@gmail.com.

Right to Data Portability (Article 20 GDPR):

You have the right to receive your personal data from us in a structured, commonly used, machine-readable format and to transmit those data to another controller. We will provide your personal data in the CSV format as standard. If you prefer a different format, please indicate your preferred format in your request. We will do our best to provide your data in the format you prefer, to the extent possible. You may also request us to transmit your personal data directly to another controller, provided this is technically feasible. If you wish to request the transfer of your personal data, please submit your request to: duchbdsm@gmail.com.

Can you withdraw the consent given for processing personal data?

You can withdraw the consent given for processing your personal data at any time. Withdrawing consent for processing personal data does not affect the lawfulness of processing based on consent before its withdrawal. If you want to withdraw your consent for processing your personal data, please submit your request to: duchbdsm@gmail.com.

Complaint to the Supervisory Authority

If you believe that the processing of your personal data violates the provisions of data protection laws, you have the right to lodge a complaint with the supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. In Poland, the supervisory authority under the GDPR is the President of the Office for Personal Data Protection, who, as of May 25, 2018, replaced the GIODO. You can find more information here.