GDPR information obligation

GDPR Information Obligation

The following information is a concise, clear, and understandable summary of the information included in the Privacy Policy regarding the Data Administrator, the purpose and method of processing personal data, and your rights in relation to such processing, in the form required to fulfill the GDPR information obligation. Details regarding the processing method and the entities involved in this process can be found in the indicated policy.

Who is the data administrator?

The Data Administrator (hereinafter referred to as the Administrator) is the company “Szkółka ‘Clematisy. M.K.J. Wędrowscy”, operating at: ul. Sportowa 1a 83-211 Kolincz, with the assigned tax identification number (NIP): 9570721698, providing services electronically through the Service.

How can you contact the data administrator?

You can contact the Administrator in one of the following ways:

  • Postal address – Szkółka ‘Clematisy. M.K.J. Wędrowscy, ul. Sportowa 1a 83-211 Kolincz

  • Email address – info@fruttii.com

  • Contact form – available at: https://fruttii.com/contact/

Has the Administrator appointed a Data Protection Officer?

According to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

For matters related to data processing, including personal data, you should contact the Administrator directly.

Where do we obtain personal data from, and what are their sources?

Data is obtained from the following sources:

  • from the individuals to whom the data relates

What is the scope of the personal data we process?

The service processes ordinary personal data, voluntarily provided by the individuals to whom it relates.
(e.g. name, surname, login, email address, phone number, IP address, etc.)

A detailed list of the processed data can be found in the Privacy Policy.

What are the purposes for which we process personal data?

Personal data voluntarily provided by users is processed for one of the following purposes:

  • Providing electronic services:
    • Account registration and maintenance services for users within the Service and associated functionalities
    • Newsletter services (including sending advertising content with consent)
    • Commenting/liking posts in the Service without the need for registration
  • Communication between the Administrator and users concerning the Service and data protection
  • Ensuring the Administrator's legitimate interest

What are the legal grounds for data processing?

The Service collects and processes user data based on:

  • Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
    • Article 6(1)(a)
      the data subject has consented to the processing of their personal data for one or more specific purposes
    • Article 6(1)(b)
      processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract
    • Article 6(1)(f)
      processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
  • The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
  • The Telecommunications Law Act of 16 July 2004 (Journal of Laws 2004, No. 171, item 1800)
  • The Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994, No. 24, item 83)

What is the legitimate interest pursued by the Administrator?

  • In order to potentially establish, assert, or defend against claims – the legal basis for processing is our legitimate interest (Article 6(1)(f) GDPR) in protecting our rights, including but not limited to;
  • To assess the risk of potential customers
  • To evaluate planned marketing campaigns
  • For direct marketing purposes

For how long do we process personal data?

As a rule, the indicated personal data is stored only for the duration of the service provided within the Administrator's website. They are deleted or anonymized within 30 days from the moment the service ends (e.g., deletion of the registered user account, unsubscribing from the newsletter, etc.).

In exceptional cases, to protect the Administrator's legitimate interest, this period may be extended. In such cases, the Administrator will retain the data for no longer than 3 years from the time the data subject requests its deletion in the case of a violation or suspicion of violation of the Service's regulations.

Who are the recipients of the data, including personal data?

As a rule, the only recipient of the data is the Administrator.

However, data processing may be entrusted to other entities providing services to the Administrator to maintain the operation of the Service.

Such entities may include, but are not limited to:

  • Hosting companies providing hosting services or related services to the Administrator
  • Companies through which the Newsletter service is provided
  • Companies mediating online payments for goods or services offered within the Service (in the case of purchasing transactions in the Service)
  • Companies responsible for delivering physical products to the User (postal/courier services in the case of purchasing transactions in the Service)

Will your personal data be transferred outside the European Union?

Personal data will not be transferred outside the European Union, unless they have been published as a result of individual actions by the User (e.g., posting a comment or entry), which will make the data accessible to any person visiting the website.

Will personal data be used for automated decision-making?

Personal data will not be used for automated decision-making (profiling).

What rights do you have regarding the processing of personal data?

  • The right to access your personal data, including the right to receive a copy of the data
  • The right to correct (rectify) your personal data
  • The right to delete your personal data ("right to be forgotten")
  • The right to limit the processing of your personal data
  • The right to object to the processing of your personal data
  • The right to data portability
  • The right to withdraw consent at any time (if consent is the basis for data processing)
  • The right to file a complaint with the supervisory authority – the President of the Office for Personal Data Protection (UODO)