- According to the Terms and Conditions the administrator of personal data provided by Customers in registration forms and order forms is Diabpol Sp. z o.o., having its registered office in Warsaw at ulica Traktorzystów 28D, entered into the National Court Register by the District Court for the capital city of Warsaw in Warsaw, XII Commercial Division under KRS no.: 0000365882, NIP (tax ID no.) 7010259045, REGON (corporate ID no.) 142611096, with a share capital of PLN 141,200.
- The data provided by the Customer will be processed for the purpose of fulfilment of the Purchase/Sale Agreement concluded by the Customer and the Administrator as a part of the operation of the Store at https://www.diabetyk24.pl.
- For the purpose of proper fulfilment of the agreement the store will contact the Customer, maintain books of account and check if the data provided by the Customer at the time of registration is accurate and true.
- The data will also be processed for marketing and advertising purposes provided that the Customer gave their consent. The Customer may withdraw their consent by sending a notice of withdrawal at the following email address: firstname.lastname@example.org
- The basis for processing of data is the consent provided by the Customer who shall check appropriate boxes in the registration form completed at the time of registration. The data shall be processed in accordance with the provisions of the Act of 29 August 1997 on personal data protection.
- The Data is processed in respect of particular aims of data processing on the basis of the consent of the Customer who checked appropriate boxes in the registration form completed at the time of Registration and in respect of keeping a register of completed Orders it is processed on the basis of a statutory obligation imposed on the Administrator. The data shall be processed in accordance with the provisions of the Act of 29 August 1997 on personal data protection.
- The Customer may choose not to provide their personal data, however, failure to provide the data specified in the terms and conditions prevents full registration, and failure to provide data while placing an order prevents it from completion.
- Failure to consent to processing of data for marketing and advertising purposes is irrelevant to the registration process and completion of placed orders.
- The Customer is entitled to access their data and update or correct it through the Administrator.
- The Administrator may also delete Customer data in case of withdrawal from agreement or expiration or termination thereof, provided that the same is permitted by the law.
- The Administrator may refuse to delete the data if the Customer breached the Terms and Conditions or the law, or if the Customer fails to make payment due to the Administrator and the access to the Data is critical for clarification of the situation and liability of the Customer.
- The data provided by the Customer is secured according to applicable laws, e.g. through backup copies, firewall, SSL protocol for email service.
- Only individuals authorised by the administrator will be entitled to process personal data.
- The administrator shall keep a record of individuals authorised to process data.
- For the purpose of fulfilment of the agreement the online store may provide the following entities with access to customers’ personal data: DPD courier service, InPost, Paczka w Ruchu, Payu payment service provider. In such an event, the amount of disclosed data will be reduced to a minimum.
In addition, the information customers provide may be disclosed to appropriate public bodies if the same is required by law.