INFORMATION ON THE PROCESSING OF PERSONAL DATA
In connection with implementation of the Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard
to the processing of personal data and on the free movement of such data, and repealing
Directive 95/46/EC (General Data Protection Regulation “GDPR”), I would like to inform you
of the rules regulating the processing of your personal data and on your rights connected with it.
The rules presented below will be applicable starting from first November 2018 year.
I. Identification of the controller
Your personal data will be administered by Stupidthings.net limited liability company limited
partnership based in Jagatowo, ul. Dolina Krzemowa 6A, 83-010 Jagatowo, entered into the
Register of Entrepreneurs kept by the District Court Gdańsk-Północ in Gdańsk, VII
Commercial Division of the National Court Register, under KRS number: 0000876797, NIP:
6040221578.
II. The purposes and the legal basis of the processing of your personal
data:
Administrator processes your personal data for the following purposes:
1. to initiate, upon your request, actions to conclude an agreement with Administrator or when it
is necessary for the performance of an agreement with the Administrator (Article 6.1(b)
of GDPR)
2. in certain situations it may prove necessary to process your data due to exercise
of Administrator legitimate interest (Article 6.1(f) of GDPR
III. The obligation to provide your personal data
You must provide your personal data to conclude and perform an agreement with the
Adminitrator. If you fail to provide all required personal data, this will prevent Administrator
from concluding the agreement with you and providing services to you.
IV. Information on the recipients of your personal data
In connection with the processing of your personal data for the purposes indicated in point II,
your personal data may be disclosed to the following recipients or recipient categories:
1) mailing companies,
2) couriers,
3) accounting office,
4) third parties provides services,
5) payment services,
6) law enforcement agencies, supervisory authorities and others.
V. Personal data processing periods
Your personal data will be processed for a period necessary for achievement of the objectives
indicated in point II, i.e. in the scope of performance of the agreement concluded between you
and Administrator, for a period until the end of its performance, and after that period for a
period and in a scope required under the legal provisions or for implementation by
Administrator of a legitimate interest of the data controller in the scope as prescribed in point II
above, and if you give your consent to the data processing after termination or expiry of the
agreement, until you withdraw your consent.
VI. Rights of the data subject
Administrator would like to ensure you that all persons whose personal data are processed by the
Administrator enjoy the respective rights resulting from GDPR. In view of the foregoing, you
have the following rights:
1. the right to access personal data, including the right to obtain copies of such data;
2. the right to demand correction of personal data – if the data are incorrect or incomplete;
3. the right to demand removal of personal data (the so-called right to be forgotten) – if:
i) the data are no longer necessary for the purposes for which they have been collected or
processed,
ii) the data subject raises an objection against data processing,
iii) the data subject withdraws the consent on which the processing is based and there is no other
legal basis for the processing,
iv) the data are processed in violation of the law,
v) the data have to be removed for purpose of fulfillment of an obligation resulting from the legal
provisions;
4. the right to demand limitation of the processing of personal data—
if: i) the data subject questions the correctness of personal data,
ii) the processing of data is in violation of the law and the data subject opposes removal of the
data, demanding their limitation instead,
iii) the controller no longer needs the data for own purposes, but the data subject needs them for
determination, defense or pursuit of claims,
iv) the data subject raises an objection against data processing, until it is determined if legally
justified reasons on the part of the controller are superior to the basis of the opposition;
5. the right of data portability – if:
i) the processing takes place on the basis of an agreement with the data subject or on the basis of
consent expressed by such person, and
ii) the processing takes place in an automated manner;
6. the right to oppose the processing of personal data, including profiling – if:
i) certain reasons arise which are connected with your specific situation, and
ii) the processing of data relies on the necessity for purposes resulting from Administrator’s
legitimate interest referred to in point II above;
VII. The right to revoke the consent to process personal data
In the scope in which you have given your consent to the processing of personal data, you may
revoke it. Revoking the consent does not affect the legality of the data processing carried out on
the basis of the consent before it is revoked.
VIII. The right to file a complaint with a supervisory authority
If you find that the processing by the Administrator of your personal data violates the provisions
of GDPR, you may file a complaint with the relevant supervisory authority.
IX. Transfer of personal data to entities from beyond the European Economic Area
(EEA) or international organizations
In cases justified and necessary due to circumstances, the Administrator may disclose your
personal data to entities having their registered office outside the EEA (USA, Singapore, India,
China, Hong Kong, Canada and international organizations (e.g. SWIFT), as well as other entities
having their registered office outside the EEA or international organizations to which the
transfer is necessary for the purpose of performing the agreement (e.g. execution of your orders
connected with the agreement). As a principle, data will be transferred outside the EEA on the
basis of standard contractual clauses concluded with the recipient, the content of which has been
determined by the European Commission and ensures the highest standards of personal data
protection applied in the market. You have the right to obtain copies of such data through the
Administrator.
X. Personal data protection
The data is stored on properly secured servers, and their level of security is monitored on an
ongoing basis. We require the suppliers we work with to ensure the security of your data and
process it in accordance with the law.
XI. Contact
For further information or to exercise your rights, please contact us by email at: [email protected]
XII. Changes to the Privacy Policy
We reserve the right to make changes and updates to the privacy policy.