Privacy and cookies policy

This document governs the privacy and "cookie" policy of the bomm.pl online store maintained via online website provided at the URL: www.bomm.pl, hereinafter referred to as the "Store". The Store is managed by

BOMM Sp. z o.o. Sp. k. with its registered office in Lubiczów (05-082) at ul. Warszawska 77 entered into the Register of Entrepreneurs of the National Court Register under KRS No.: 0000600819, NIP (Tax Identification Number): 1182118988 and REGON (National Business Register Number): 363690816, hereinafter referred to as the "Seller". The Seller may be contacted by phone: +48 (22) 722-01-55 or by e-mail: info@bomm.pl.

1. Introduction

In the section describing the privacy policy, we inform about the conditions of collecting, processing, using and protecting personal data of the Store's Customers, hereinafter referred to as "Customers". Personal data mean any information related to an identified or identifiable natural person. An identifiable person means an individual who can be directly or indirectly identified, particularly by reference to an identification number or to one or more factors specific to their identity. The data are not regarded as allowing the identification of a person if they require unreasonable costs, time or effort. Personal data do not include the data of entrepreneurs processed only in the Central Register and Information on Economic Activity maintained by the Minister of Development.

In this document, we also list technologies used in the processing of personal data. They include, for example: browser memory support, geolocation and pixel tags.

With regard to the cookies policy, we inform about conditions of storing information or accessing information already stored in the telecommunications end user's device. An end-user is considered to be a natural person or an entity using a publicly available telecommunications service or requesting the provision of such a service to meet its own needs.

2. Declaration

In the pursuit of the main aim of respecting the privacy of our Customers, we endeavour to exercise all due diligence. In order to meet this assumption, we implement standards and rules resulting from universally binding legal provisions. These include in particular: the Act of 29 August 1997 on the Protection of Personal Data (Dz. U. /Journal of Laws/ of 2016, No. 0, item 922, as amended), the Act of 18 July 2002 on Providing Services by Electronic Means (Dz. U. /Journal of Laws/ of 2016, No. 0, item 1030, as amended) and the Telecommunications Act of 16 July 2004 (Dz. U. /Journal of Laws/ of 2016, No. 0, item 1489, as amended). More particularly, we make reasonable efforts to ensure that personal data of our Customers is:

processed in accordance with the law,
collected for the purposes indicated herein and legal,
not subjected to further processing incompatible with the above purposes,
correct and adequate in relation to the purposes for which they are processed,
adequately protected against unauthorised access, destruction, disclosure and unlawful use,
stored in a form which permits identification of persons concerned, for period no longer than is necessary to achieve the purpose of the processing.

Data processed by the Seller are stored on external, safe and professional servers based on contracts concluded by the Seller. These contracts take into account the appropriate level of data security

3. Personal data controller

The controller of personal data processed by the Store is the Seller.

4. The basis of processing personal data

In the first place, we may process the personal data of Customers using electronic services via Store if it is:

necessary to establish and shape the content, change or terminate the legal relationship between the Customer and the Seller, with regard to personal data: the Customer's surname and names, PESEL (Personal Identification Number) or - if this number has not been assigned - the number of passport, ID card or another document confirming the identity of such a person, - the address of permanent residence, - the correspondence address, if it is different from the address of permanent residence, - data used to verify the electronic signature, - electronic addresses
implemented for the purpose of performing contracts or another type of legal action involving the Customer, if this is necessary due to the nature of the service provided or the manner of its settlement,
justified in order to characterise the manner in which the Customer uses electronic services via Store, with regard to operating data, i.e.: the Customer's identification markings assigned on the basis of the data referred to in the first paragraph, - markings identifying the telecommunications network endpoint or the communication and information system used by the Customer, - information on the start, termination and scope of each use of electronic services, - information on the use of electronic services by the Customer.

We do not process these personal data after the Customer has finished using the electronic service, subject to the possibility of further use of data that are:

necessary for settling an account of the service and claiming payment for the use of the service,
necessary for the purposes of advertising, researching market, customers behaviour and preferences, with the aim of using the results of such research to improve the quality of services provided by the Seller upon the Customer's consent,
necessary to clarify the circumstances of the unauthorised use of the service,
authorised for processing under separate laws or contracts.

We process data obtained in this manner according to Article 18 points 1, 2, 5 and Article 19 points 1 and 2 of the Act of 18 July 2002 on Providing Services by Electronic Means (Dz. U. /Journal of Laws/ of 2016, No. 0, item 1030, as amended).The aforementioned data scopes are not binding for determining the scope of data processed by the Seller. The scope of data processed by the Seller has been published in point 5 of the Privacy and Cookie Policy.

Secondly, we may process personal data that is necessary for the performance of a contract, to which the data subject is one of the parties, or if this is necessary to take steps before the conclusion of a contract at the request of the data subject. We process data obtained in this manner on the basis of Article 23 point 1, sub-point 3 of the Act of 19 August 1997 on the Protection of Personal Data (Dz. U. / Journal of Laws/ of 2016, No. 0, item 922, as amended).

Irrespective of the above, we may also process personal data if it is necessary for the fulfilment of legitimate purposes pursued by our company or by the data recipients, and the processing does not violate the rights and freedom of the data subject. Legitimate purposes are in particular considered to include direct marketing of our products or services, as well as the assertion of claims in connection with our business activities. We process data obtained in this manner on the basis of Article 23 point 1 sub-point 5 and Article 23 point 1 sub-point 4 of the Act of 29 August 1997 on the Protection of Personal Data (Dz. U. /Journal of Laws/ of 2016, No. 0, item 922, as amended).

In other cases, we ask for voluntary consent to the processing of your personal data. This consent is given in particular by checking the box ("checkbox") located next to the declaration of consent for the processing of personal data. We process data obtained in this manner on the basis of Article 23 point 1 sub-point 1 of the Act of 29 August 1997 on the Protection of Personal Data (Dz. U. /Journal of Laws/ of 2016, No. 0, item 922, as amended) or Article 18 point 4 of the Act of 18 July 2002 on Providing Services by Electronic Means (Dz. U. /Journal of Laws/ of 2016, No. 0, item 1030, as amended).

5.Sets, their scopes and purposes of personal data processing

We process personal data of our Customers in structured sets, which we define by the purpose of their processing. Such data are processed to the extent that is necessary to fulfil the set's purpose. The following list includes sets, scopes and purposes of data processing.

Name of the set	Scope of processed data	Purpose of processing
The set of personal data of Store's Customers who have created a customer account	name and surname e-mail address telephone number NIP (Tax Identification Number) IP number	Enabling the possibility of using functions of the Store's customer account.
The set of personal data of the customers who have concluded a sales contract via Store.	name and surname name of the company address e-mail address bank account number order number telephone number NIP (Tax Identification Number) REGON(Business Register Number) IP number	Conclusion and execution of the sales contract with the Customers.
Set of personal data of Store's Customers who have filed a complaint or issued a declaration of withdrawal from the contract	name and surname name of the company address e-mail address bank account number order number complaint number telephone number NIP (Tax Identification Number) REGON (Business Register Number)	Execution of proceedings relating to complaints or withdrawals from the contracts.
The set of data of persons who have subscribed to the Newsletter	name and surname e-mail address IP number	Sending Newsletter.

Customers' personal data sets are subject to registration with the Inspector General for the Protection of Personal Data. Exclusions, if any, applicable in this respect result especially from Article 43 of the Act of 29 August 1997 on the Protection of Personal Data (Dz. U. / Journal of Laws/ of 2016, No. 0, item 922, as amended).

6.Entrustment and sharing of personal data

We have the right to entrust your personal data to other entities. They may include, for example, a web host, accounting or legal service provider, payment operator, or other entity with whom we work to properly provide services. Personal data is always entrusted based on a written data entrustment agreement. An up-to-date list of entities to which we entrust data processing is constantly available to all Customers. To access it, simply request it with us. This can be done, for example, by sending an email. The legal basis for entrusting personal data is Art. 31 of the Polish act of 29th August 1997, on personal data protection (Dz. U. of 2016, No. 0, pos. 922 as amended).

We may transfer processed data outside the European Economic Area. The personal data processing laws that apply in those countries may provide less protection than the laws in effect in the Republic of Poland. Therefore, if we transmit such data, we take special care to comply with the conditions for processing laid down in this document. One form of manifesting this care is the use of standard contractual clauses approved by the European Commission, including those compliant with the EU-US Privacy Shield.

We do not share collected data with third parties, except as required by generally applicable law, i.e. on the basis of a request of a body or court authorised to do so.

7. Customer's rights

In connection with the personal data processing, Customers have the related to it rights:

the right to access the content of their data,
the right to rectify their data,
.The right to request their personal data to be supplemented, updated, rectified, temporarily or permanently suspended or erased if they are incomplete, outdated, untrue or have been collected in violation of the law, or are no longer necessary for the purpose for which they were collected,

We may provide system functionality to enable you to exercise these rights. If you wish to exercise said rights, please contact us as instructed in Section 20 of the Privacy and Cookies Policy.

8. Server Logs

These are the internal event logs of the Store server, automatically recording page requests that are sent when Customers use the Store. System logs include the page request sent by the Customer, the IP address, browser type, browser language, the date and time of the request, and at least one "cookie" file that can uniquely identify the Customer's browser.

The data collected in system logs is used by us indefinitely, solely for the purpose of administering the Store. They are not transferred to third parties, except in the circumstances described herein.

In connection with the using the Store by Customers, we may automatically collect and record in server logs technical details of how the services are used, requests sent by the Customer related to the provision of electronic services, IP address and technical data about the operation of the Store related to the actions performed by the Customer. This includes, in particular, information about the starting, ending and the scope of each instance of the use of the electronically supplied services. We may also collect information to store it locally on your device using a browser memory mechanism.

9. Cache memory

While providing services to Customers, we may automatically use the cache of the Customer's browser, application or device. This use includes storing data in the memory of the browser installed on the Customer's device. Cache can store data intersessionally, i.e. between the Customer's sessions. The purpose of using the cache is to speed up the functionality of the Store by eliminating the situation in which the same data would be repeatedly downloaded from the Store, thereby overloading the Customer's Internet connection.

10. Geolocation

We, or third parties through the cookies they administer, may use geolocation functionality to collect and process information about the Customer's whereabouts. For this purpose, the following data may be processed: an IP number, from a GPS sensor, from a Wi-Fi point or from mobile network base stations.

11. Pixel Tag

We, or third parties through cookies they administer, may use pixel tag functionality. These are elements published in digital content and make it possible to record information, for example, about Customer activity on the website.

12. Cookies - introduction

In the course of providing services to customers, we use professional technologies to collect and save information, such as cookies. These are commonly used small files containing a string of characters, which are sent to and stored on an end device (e.g. computer, laptop, tablet, smartphone) used by the Customer while visiting the Store. This information is sent to the browser cache, and the browser sends it back on subsequent visits to the website. Cookies contain information necessary for the proper use of the Store. They typically contain the name of the website they come from, the storage time on the end device and a unique number. Third-party entities listed in Section 16 of the Privacy and Cookies Policy may also have access to cookie data.

13. Basis for processing cookies

We ask Customers who use electronically supplied services through the Store to voluntarily consent to the processing of cookies by storing information or accessing information already stored in their telecommunications end devices.

Consent to the processing of cookies is granted, in particular, with the use of the button containing a statement of consent to the processing of cookies or confirmation of reading its terms and conditions. This consent may be withdrawn at any time, free of charge and as described in the section on cookie management.

We process cookies on the basis of Art. 173 of the Act of 16 July 2004, Telecommunications Law (Dz. U. of 2016, No. 0, pos. 1489, as amended).

14. What cookies are used by us?"

We can categorize cookies in three methods of division.

In terms of the purposes of using cookies, we distinguish their three categories:

essential files - these files enable the proper operation of the Store and the functionality that the Customer wants to use, such as authentication cookies. Without saving them on the Customer's device, it is not possible to use the Store.
functional files - files that allow saving the settings selected by the Customer and adjusting them to the Customer's needs and preferences, e.g. regarding the selected language, font size, website layout. They allow the Seller to improve the functionality and performance of the website. Without saving them on the Customer's device, some of the Store's functionalities may be limited,
business files - this category includes, for example, advertising cookies. They allow the user to customize the ads displayed in or outside the Store according to the Customer's preferences. Without saving them on the Customer's device, certain Store functionalities may be limited.

When it comes to their expiration date, there two categories of cookies:

session files - they exist until the end of a given session of the Customer,
persistent files - they exist after the end of a session by the Customer.

When it comes to the entities that administer cookies, there are:

third-party cookies.

15. Seller cookies

16. Third-party cookies

Google Maps - this service allows for storing information about the Customer, which enables the use of the map functionality available as part of the Google Maps service. Google Inc. may track the Customer's location,
YouTube - this service allows for storing information about the Customer, which enables the functionality of the YouTube service. Google Inc. may track the videos watched by the Customer.

The Seller may use cookies used by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, the United States. These cookies may be used to link the user account in the external Facebook social media service with the Store account if the Seller enables this functionality. These cookies may also be used to process Customer's actions on Facebook, performed via the "Share" or "Like" buttons. The processing of these activities may be of a public nature.

The use of third-party cookies is subject to the privacy and cookie policies of those entities. For current third-party policies in this regard, please click here: https://www.e-regulaminy.pl/biuletyn/polityki-prywatnosci-i-plikow-cookies/.

17. Managing cookies and other information

Typiclly browser settings allow cookies and other information to be placed on your end device by default. If the Customer does not agree to the storage of cookies, it is necessary to change the settings of the Internet browser accordingly. It is possible to disable their saving for all connections from a given browser or for a particular website and to delete them. The way in which cookies are managed depends on the software. Current rules for managing cookies can be found in the settings of the browser used, as well as here: https://www.e-regulaminy.pl/biuletyn/polityka-cookies-obsluga/.

Consent for the processing of cookies is voluntary. However, please note that restrictions on the use of cookies may make it difficult or impossible to use some of the Store's functions.

18. Links to other websites or software

The Store's website may contain links to other websites or software. We are not responsible for the privacy and cookie processing policies of such websites or software. We recommend reviewing the privacy and cookie policies of the linked websites or software after accessing or before installing them.

19. Changes to Privacy and Cookies Policy

We reserve the right to change this Privacy and Cookies Policy. In such a case, we will publish an updated version of the Policy on the website.

20. Contact and applications

We constantly do our best to process your personal data and cookies while maintaining the highest standards. Therefore, we have set up a system that responds immediately to situations in which these standards may be compromised. In the event of identification of a threat or breach thereof, please contact us immediately using details provided below:

by e-mail: info@bomm.pl,
by phone: +48 (22) 722-01-55,
by traditional mail at BOMM, ul. Warszawska 77, 05-082 Lubiczów, Poland.

We would be happy to hear your feedback. Therefore, if you have any questions, requests or concerns regarding personal data processing or cookies, please feel free to contact us.

Menu

Privacy and cookies policy of bomm.pl