Privacy & Cookies Policy

 

  1. General Provisions

 

  1. This Privacy Policy sets out the rules for processing of your personal data obtained by the operator of the website www.worldbeatbox.camp (hereinafter: the “Website”).
  2. The personal data controller who determines how and for what purposes your personal data is processed is World Beatbox sp. z o.o. with its registered seat in Kraków, address: Grzegórzecka 77/28, 31-559 Kraków, entered into the register of entrepreneurs of the National Court Register held by the District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under the KRS number 0000681433, holding the tax identification number NIP 6751595474 and the statistical number REGON 367466352 (hereinafter: the “Controller”).
  3. The personal data are processed by the Controller in line with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation), hereinafter: the “GDPR”, and other provisions of law regarding personal data protection.
  4. In matters related to the personal data protection, you can contact the Controller at the address:

esh@worldbeatbox.camp

or

World Beatbox sp. z o.o., Grzegórzecka 77/28, 31-559 Kraków.

 

  1. Purpose and scope of personal data processing

 

  1. The purpose and scope of processing of your personal data results from the actions undertaken by you on the Website.
  2. The Controller may process the following personal data: name, date of birth, e-mail address, phone number, shipping and billing address (street, house number, apartment number, zip code, city, country), information on the preferred roommate name, data required to process the payment, the beatboxer’s name (if applicable), parent’s name (if applicable), parent’s ID number (if applicable).
  3. In the case you are not a consumer, the Controller may additionally process your company name and the tax identification number (NIP).
  4. Your personal data are processed for the following purposes:
  1. execution of the sales contract or the contract for the provision of electronic services or taking action at your request before concluding the above contracts - based on the Article 6 item 1 letter b) of the GDPR;
  2. responding to your requests submitted to the Controller’s Customer Service or by contact form when it is not directly related to the conclusion or execution of the contract - based on the Article 6 item 1 letter f) of the GDPR; the legitimate interest of the Controller for such processing is to manage the relationships with its clients and potential clients and to inform you about the details of its activity;
  3. organizing competitions and promotional campaigns in which you have agreed to participate - based on the Article 6 item 1 letter a) of the GDPR;
  4. direct marketing - based on the Article 6 item 1 letter f) of the GDPR; the legitimate interest of the Controller for such processing is to promote its services, keep you informed about its offer and manage the relationships with its clients and potential clients;
  5. bookkeeping and tax settlements based on the Article 6 item 1 letter c) of the GDPR;
  6. establishment, exercise or defence of legal claims that may be raised by the Controller or against the Controller - based on the Article 6 item 1 letter f) of the GDPR; the legitimate interest for such processing is to establish, exercise or defence of legal claims.
  1. In case of the intention to process your personal data for purposes other than those indicated above, the Controller will be required to prove the appropriate legal basis for such processing.
  1. Providing personal data referred to in the point above is voluntary, but it is necessary to conclude and exercise the sales contract or contract for the provision of electronic services or benefitting from other services available on the Controller’s website. Failure to provide some data may make it impossible to benefit from all or part of the services available on the Controller’s Website.
  2. Your personal data may be processed for marketing purposes in an automated manner, however, on the basis of such processing, decisions that could cause any legal effects or have a significant impact on you will not be taken.

 

  1. Retention periods

 

  1. Your personal data may be processed for the following periods:
  1. if the personal data are processed for the purpose of the conclusion or execution of contracts - for the period necessary to execute or terminate the concluded contract;
  2. if the personal data are processed for the purposes of responding to your requests not related to the conclusion or execution of the contract – for the period necessary to manage the request or for the duration of the legitimate interest pursued by the Controller in this respect
  3. if the personal data are processed based on your consent – until you withdraw your consent for further processing of your data for a given purpose, but no longer than it is necessary to achieve the purpose the data are processed for;
  4. if the personal data are processed for the purposes of the direct marketing - for the duration of the legitimate interest pursued by the Controller;
  5. if the personal data are processed for the purposes of bookkeeping and tax settlements – for the period resulting from the provision of law obliging the Controller to keep the tax and accounting books;
  6. if the personal data are processed for the purposes of the establishment, exercise or defence of legal claims – for the period of existence of a legitimate interest pursued by the Controller, but no longer than for the period of limitation of claims that may be raised by the Controller or against the Controller, due to its business activity.
  1. When the Controller no longer has a legitimate need to process your personal data, it will delete or anonymize such data from its database.

 

  1. Transfer of data. Entrusting of data processing

 

  1. Please note that the Controller does not sell any personal data. The Controller may share your personal data with parties who support the Controller in providing services for your benefit and who guarantee adoption of appropriate confidentiality and security measures.
  2. The transfer of your personal data as well as the categories of entities which these data are shared with depend on actions taken by you on the Controller’s Website.
  3. Your personal data may be shared with the following categories of the Controller’s contractors, i.e.:
  1. service providers supplying the Controller with technical, IT and organizational solutions enabling the Controller to run a business (in particular computer software providers, an e-mail and hosting provider, technical support providers);
  2. service operators Shopify.com and Zoho.com;
  3. accounting, legal and consulting services providers;
  4. insurance company, operator of bus transport, hotels and other business partners providing support necessary to execute the contracts concluded by you with the Controller.
  1. The Controller provides your personal data to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this Privacy Policy.
  1. The Controller does not plan to transfer your personal data to third countries. However, the parties processing your personal data on the Controller’s behalf (in particular Shopify.com and Zoho.com) may transfer these data to the countries outside the EEA. Please find the details regarding such data processing in their privacy policies: https://help.shopify.com/assets/pdfs/gdpr-whitepaper.pdf  

and

https://www.zoho.com/lp/gdpr.html .

 

  1. Your rights connected with personal data processing

 

  1. In the cases indicated in the GDPR you have the following rights with respect to the personal data the Controller processes:
    1. the right to access (and obtain a copy of, if required) the categories of personal data that the Controller holds about you, including the information's source, purpose and period of processing, and the persons with whom the information is shared;
    2. the right to update the information the Controller holds about you or to rectify any inaccuracies;
    3. the right to request that the Controller deletes your personal data in certain circumstances, such as when it is no longer necessary for the purpose for which it was originally collected (the right to erasure);
    4. the right to request to restrict the use of your data in certain circumstances, such as when you have objected to the use of your data but the Controller need to verify whether it has overriding legitimate grounds to use it (the right to restriction of processing);
    5. the right to transfer your information to a third party in a structured, commonly used and machine-readable format, in circumstances where the information is processed with your consent or by automated means (the right to data portability);
    6. the right to object to the use of your personal data in certain circumstances, such as the use of your personal data for direct marketing.
  2. In order to exercise the rights referred to above, you can contact the Controller by sending a relevant message in writing or by e-mail to the Controller's address indicated in point I.4. of this Privacy Policy.
  3. If your personal data are processed on the basis of your consent, you have the right to withdraw the consent at any time without giving a reason. Withdrawal of consent will not affect the lawfulness of the processing of your personal data by the Controller made on the basis of this consent before its withdrawal.
  4. You have the right to lodge a complaint with the supervisory body (the President of the Office for Personal Data Protection), if the processing of your personal data by the Controller violates the provisions of the GDPR.

 

  1. Information about the cookie files.

 

  1. The Controller does not automatically collect any data, except for the data contained in cookie files on the Controller’s Website and data collected via cookies by the Google Analytics system.
  2. Cookies are small information in the form of text files sent by the server and saved on the side of the person visiting the Website (e.g. on the hard drive of the computer, laptop, on the smartphone's memory card). Cookies are included in the HTTP protocol, which is used to communicate the Internet server with the browser. It consists of: a key specifying the name, value and lifetime of the browser to delete the cookie file. Their functions are mostly standard for the settings provided by the browser. Cookie files are used to customize the content of websites to user preferences and to increase the usability and personalization of the website content.
  3. The cookies used by the Controller may be temporary or permanent. Temporary cookies are deleted when the browser is closed, however, permanent cookies are also stored after you have finished using the Website and are used to store information such as the session identifier, which speeds up and facilitates the use of the Website.
  4. The Controller may process data contained in cookies when you visit the Website for the following purposes:
    1. customizing the content of the Website to the individual preferences of the user;
    2. ensuring the security and reliability of the Website;
    3. analyzing trends, managing the Website and tracing users’ navigations on the Website to understand what you are looking for and to better help you;
    4. keeping anonymous statistics showing how the Controller’s Website is used.
  1. Cookies do not cause any configuration changes on the device or software installed on your device.
  1. If you do not agree to the use of cookies, you should choose the appropriate settings in the used web browser. The process of consenting to the use of cookies varies depending on the used browser.
  2. Please note that you may disable browser cookies before visiting the Website. However, in such case, you may not be able to use certain features of the Website properly.
  3. Detailed information on changing cookies settings and their self-removal in the most popular web browsers are available in the help section of the web browser.
  4. The Google Analytics system is an online analytics system that gives an insight into the data traffic of the website and demographic data of users, used to conduct statistical and marketing activities. If you do not agree to the Google Analytics system you should use a cookie block. More about the data stored by the Google Analytics system in the Google Privacy Policy: https://static.googleusercontent.com/media/www.google.com/pl//intl/pl/policies/privacy/google_privacy_policy_en.pdf .
  5. The Controller also processes anonymised operational data related to the use of the Website (IP address, domain) to generate statistics helpful in administering the Website. These data are aggregate and anonymous, i.e. they do not contain features that identify visitors to the Website. These data are not disclosed to third parties.

 

  1. Other provisions

 

    1. It may happen that the Website of the Controller will contain links to other websites. The Controller recommends that, after switching to other websites, you read the privacy policy established there. This Privacy Policy applies only to the Controller’s Website.
    2. The Controller uses technical and organizational measures to ensure that personal data being processed is protected against unauthorized access, being taken by an unauthorized person, processing in violation of applicable laws and changes, loss, damage or destruction.
    3. The Controller provides in particular the following technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons:
    1. securing the data set against unauthorized access;
    2. access to the account only after providing an individual login and password;
    3. SSL certificate.
    1. The Controller reserves the right to change the Privacy Policy in the future for important reasons, in particular in the case of:
    1. changes in the binding provisions, in particular regarding the protection of personal data, telecommunications law, provisions regarding the services provided electronically and regulating consumer rights, affecting the rights and obligations of the Controller or your rights and obligations;
    2. the development of Internet technology, including the implementation of new technological or technical solutions affecting the scope of the Privacy Policy.
    1. Each time the Controller places information about changes in the Privacy Policy on the Controller’s the Website.