In the interests of the security of data entrusted to us, we have developed internal procedures and recommendations to prevent disclosure of data to unauthorized persons. We control their performance and constantly check their compliance with relevant legal acts – the Act on the protection of personal data, the Act on the provision of electronic services, as well as all kinds of executive acts and Community law, primarily Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (general regulation on data protection – hereinafter the GDPR).
General provisions
- The administrator of clients’ personal data is Maltyoox Tomasz Czyba with registered office in Poland ul. Mysłowicka 37/4, 40-474 Katowice and Website administrator hereinafter referred to as the Administrator.
- Personal data will be processed in order to:
- arising from legitimate interests pursued by the Administrator. Data for these purposes will be processed on the basis of art. 6 clause 1 lit. f) GDPR. This processing basis includes, among others, the need to ensure the security of the Gracias Cacao service, making statistical measurements, improving our services and adapting them to the needs and convenience of users (e.g. personalizing content in the service) as well as marketing and promoting the Administrator’s own products and services,
- conclusion or performance of a contract to which you are a party pursuant to art. 6 clause 1 lit. b) GDPR. In our case, the contract is the terms of the Harevis Music service.
- after expressing separate consent, pursuant to art. 6 clause 1 lit. a) GDPR, data may also be processed for the purpose of sending textual information by electronic means for direct marketing, including the promotion of our content – in connection with art. 10 paragraph 2 of the Act of July 18, 2002 on the provision of electronic services.
- Providing personal data is voluntary, but failure to provide data marked as necessary to provide services to you will prevent their provision.
- The Administrator reserves the right to make changes to the Privacy Policy. We will inform you about any changes in a visible and understandable way.
- The administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are:
- processed in accordance with the law,
- collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes,
- factually correct and adequate in relation to the purposes for which they are processed and stored in a form enabling identification of the persons to whom they relate, no longer than is necessary to achieve the purpose of processing.
Personal data
- The Administrator processes users’ personal data for the proper performance of contracts covering the Administrator’s Products and Services and for the purposes of direct marketing of the Administrator’s Products and Services as well as the Administrator’s products and services of the Administrator, provided that the Customer agrees to this type of marketing.
- The administrator requires only the data that is necessary for the proper operation of the website and the provision of services. No Providing the required data makes it impossible to perform the activity to which the data pertained.
- The scope of processed data includes: name, surname, e-mail address, mobile phone number, address, IP address.
- The personal data provided are controlled by the Administrator. It also protects your data under the relevant laws on the protection of personal data.
Rights related to the processing of personal data
You have the following rights in connection with the processing of your personal data by the Administrator:
- the right to access your data, including obtaining a copy of the data,
- the right to request correction of data
- the right to delete data (in certain situations),
- the right to lodge a complaint with a supervisory body dealing with the protection of personal data,
- the right to limit data processing.
If your data is processed on the basis of consent, you can additionally exercise the following rights:
- the right to withdraw consent to the extent they are processed on this basis. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
If your data is processed on the basis of consent or as part of the service provided (data is necessary to provide the service), you can additionally exercise the following rights:
- the right to transfer personal data, i.e. to receive your personal data from the administrator in a structured, commonly used machine-readable format. You can send this data to another data administrator.
In order to exercise the above rights, please contact the Administrator.
Transfer of data to third parties
- The administrator will not sell clients’ personal data to other entities. In the course of and to perform services for clients, clients’ personal data may be transferred to other entities with which the Administrator binds relevant agreements. This will not affect the security of your personal data.
- Customer data may be disclosed to entities authorized to receive them under applicable law, including judicial authorities.
- We store collected personal data within the European Economic Area (“EEA”), but they can also be sent to a country outside this area and processed there. Each operation of sending personal data is carried out in accordance with applicable law.
Final Provisions
- The administrator uses technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects the data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable laws and change, loss, damage or destruction.
- In matters not covered by this Privacy Policy, the provisions of the Store Regulations www.harevis.com, provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on free the flow of such data and repealing Directive 95/46 / EC (GDPR) and other relevant provisions of Polish law.
- The provisions of this Privacy Policy shall enter into force on September 26th 2022.