Privacy Policy
General Provisions
This document constitutes an appendix to the Terms and Conditions. By using our services, you entrust us with your information. This Privacy Policy is intended solely to help you understand what information and data are collected, for what purpose, and how we use them. This data is very important to us, so please read this document carefully, as it sets out the rules and methods for processing and protecting personal data. This document also defines the rules for the use of “Cookies”.
We hereby declare that we comply with the principles of personal data protection and all legal regulations provided for by the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Any person whose personal data is processed has the right to contact us in order to obtain comprehensive information on how we use their personal data. We always strive to clearly inform you what data we collect, how we use it, for what purposes, and to whom it is disclosed, what protection we provide when transferring it to other entities, and which institutions you may contact in case of doubts.
The Seller applies technical measures such as physical safeguards for personal data, hardware safeguards within IT and telecommunications infrastructure, protection measures within software tools and databases, and organizational measures ensuring proper protection of processed personal data, in particular protecting personal data against disclosure to unauthorized third parties, access by unauthorized persons, use for unknown purposes, as well as accidental or intentional alteration, loss, damage, or destruction of such data.
Under the principles set out in the Terms and Conditions and in this document, we have exclusive access to the data. Access to personal data may also be entrusted to other entities through which payments are processed, and which collect, process, and store personal data in accordance with their own terms and conditions, as well as entities responsible for order fulfillment. Access to personal data is granted to the above-mentioned entities only to the extent necessary to provide the services.
Personal data is processed only for the purposes to which you have consented by selecting the relevant boxes in the forms available on the Website or otherwise expressly consenting. The legal basis for the processing of your personal data is your consent to the processing of data or the necessity of performing a service (e.g. ordering a Product) that you have requested from us, pursuant to Article 6(1)(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR).
Privacy Principles
We take privacy seriously. We are guided by respect for privacy and by ensuring the fullest possible convenience in using our services.
We value the trust our Users place in us by entrusting us with their personal data for the purpose of processing orders. We always use personal data fairly and in a way that does not betray that trust, only to the extent necessary for order processing and fulfillment.
The User has the right to obtain clear and complete information about how we use their personal data and for what purposes it is needed. We always clearly inform you what data we collect, how and to whom it is disclosed, and provide information about the entities you may contact in case of doubts, questions, or comments.
If you have any doubts regarding our use of your personal data, we will immediately take steps to clarify and resolve such doubts. We provide full and comprehensive answers to all related questions.
We will take all reasonable steps to protect Users’ data against improper and uncontrolled use and to secure it comprehensively.
The controller of your personal data is Przemysław Dremo, Sonar Records Przemysław Dremo, ul. Waryńskiego 24, 80-433 Gdańsk, NIP: 584 236 30 94, tel. 669 988 388, store@sonarrecords.pl.
The legal basis for processing your personal data is Article 6(1)(b) GDPR. Providing data is not mandatory, but it is necessary to take the appropriate steps prior to entering into a contract and for its performance. We will transfer your personal data to other recipients entrusted with processing personal data on our behalf. Your data will be transferred on the basis of Article 6(1)(f) GDPR, where the legitimate interest is the proper performance of agreements/orders. In addition, we may disclose your personal data to other business partners. The personal data we collect is stored within the European Economic Area (“EEA”), but it may also be transferred to and processed in a country outside that area. Any transfer of personal data is carried out in accordance with applicable law. If data is transferred outside the EEA, we use standard contractual clauses and the Privacy Shield as safeguards in relation to countries for which the European Commission has not determined an adequate level of data protection.
Your personal data related to the conclusion and performance of contracts will be processed for the duration of their performance and for no longer than required by law, including the Civil Code and accounting regulations, i.e. no longer than 10 years from the end of the calendar year in which the last contract was performed.
Your personal data processed for the purpose of concluding and performing future contracts will be processed until you object.
You have the right to: access your personal data and receive a copy of the personal data being processed; rectify inaccurate data; request deletion of data (the right to be forgotten) in the cases provided for in Article 17 GDPR; request restriction of processing in the cases indicated in Article 18 GDPR; object to processing in the cases indicated in Article 21 GDPR; and data portability of data processed by automated means.
If you believe that your personal data is being processed unlawfully, you may lodge a complaint with the supervisory authority (the President of the Personal Data Protection Office, ul. Stawki 2, Warsaw, Poland). If you need additional information related to personal data protection or wish to exercise your rights, please contact us by post at the correspondence address.
We make every effort to protect against unauthorized access, unauthorized modification, disclosure, and destruction of information in our possession. In particular:
-
We control the methods of collecting, storing, and processing information, including physical security measures, to protect against unauthorized access to the system.
-
We grant access to personal data only to those employees, contractors, and representatives who must have access to it. Furthermore, under contract, they are obliged to maintain strict confidentiality, to allow us to monitor and verify how they perform their duties, and in the event of failure to comply, they may face consequences.
We will comply with all applicable data protection laws and regulations and cooperate with data protection authorities and authorized law enforcement authorities. In the absence of specific data protection regulations, we will act in accordance with generally accepted principles of data protection, principles of social coexistence, and established customs.
The detailed method of personal data protection is set out in the personal data protection policy (GDPR: security policy, personal data protection regulations, IT system management instructions). For security reasons and due to the procedures described therein, it is available only to state inspection authorities.
If you have questions regarding how personal data is handled, please contact us through the website from which you were redirected to this Privacy Policy. Your request will be forwarded without delay to the appropriate designated person.
The User always has the right to notify us if they:
-
no longer wish to receive information or messages from us in any form;
-
wish to receive a copy of their personal data held by us;
-
wish to correct, update, or delete their personal data in our records;
-
wish to report misuse, improper handling, or processing of their personal data.
To help us respond to or address such requests, please provide your full name and further details.
Scope and Purpose of Collecting Personal Data
The purpose of processing the Buyer’s data provided in connection with purchases in the Store is the fulfillment of orders.
The legal basis for the processing of personal data is:
-
the sales contract or actions taken at the request of the Buyer prior to entering into such contract (Article 6(1)(b) GDPR),
-
the Seller’s legal obligation related to accounting (Article 6(1)(c) GDPR), and
-
the Seller’s legitimate interest consisting in processing data in order to establish, pursue, or defend against possible claims (Article 6(1)(f) GDPR).
We process the personal data necessary for the performance of services and for accounting purposes only, including for the following purposes:
-
placing an order,
-
concluding a contract, handling complaints, and withdrawal from a contract,
-
issuing a VAT invoice or other receipt,
-
monitoring traffic on our websites,
-
collecting anonymous statistics to determine how users use our website,
-
determining the number of anonymous users of our websites,
-
controlling how often selected content is shown to users and which content is shown most frequently,
-
analyzing newsletter sign-ups and contact options,
-
using communication tools for email and, consequently, telephone communication,
-
integration with social media platforms,
-
possible online payments.
We collect, process, and store the following user data:
-
first and last name,
-
residential address,
-
delivery address (if different from residential address),
-
tax identification number (NIP),
-
email address,
-
telephone number (mobile or landline),
-
information about the web browser used,
-
other personal data voluntarily provided to us.
Providing the above data is entirely voluntary, but also necessary for the full performance of the services.
The purpose of collecting, processing, or using your data includes:
-
direct marketing,
-
archiving advertising campaigns,
-
fulfillment of legal obligations by collecting information on undesirable actions.
We may transfer personal data to servers located outside the User’s country of residence or to affiliated entities and third parties located in other countries, including countries within the EEA, in order for such entities to process personal data on our behalf in accordance with this Privacy Policy and applicable laws, practices, and data protection regulations.
We store your personal data no longer than necessary to ensure proper service quality and, depending on the mode and purpose of collection, for the duration of the service and thereafter for purposes of:
-
fulfilling obligations arising from law, tax regulations, and accounting regulations;
-
marketing activities – for the duration of the contract, or until the completion of transaction-related activities, objection to such processing, or withdrawal of consent;
-
operational activity – until the limitation periods under the GDPR and applicable national laws expire, in order to demonstrate diligence in processing personal data.
Please note that in many countries to which personal data may be transferred, the level of legal protection for personal data may not be the same as in the User’s country. Personal data stored in another country may be accessed, in accordance with the law applicable there, by courts, law enforcement authorities, and national security authorities. Subject to lawful requests for disclosure, we require entities processing personal data outside the User’s country to take steps to protect such data appropriately under their national laws.
Cookies Policy
We automatically collect information contained in cookies in order to gather User data. A cookie is a small piece of text sent to the User’s browser, which the browser sends back on subsequent visits to the website. They are mainly used to maintain sessions by generating and sending back a temporary identifier after login. We use “session” cookies stored on the User’s device until they log out, leave the website, or close the browser, and “persistent” cookies stored on the User’s device for the time specified in the cookie parameters or until deleted by the User.
Cookies adapt and optimize the website and its offer to Users’ needs through activities such as creating page view statistics and ensuring security. Cookies are also necessary to maintain the session after leaving the website.
The Administrator processes the data contained in cookies each time the website is visited for the following purposes:
-
optimizing the use of the website,
-
identifying Service Recipients as logged in at a given moment,
-
adapting the layout, graphics, selection options, and all other content of the website to the individual preferences of the Service Recipient,
-
remembering data entered automatically and manually into Order Forms or login details provided by the visitor,
-
collecting and analyzing anonymous statistics showing how the website is used in the administrative panel and Google Analytics,
-
creating remarketing lists based on information about preferences, behavior, methods of use, interests, and collecting demographic data, and then making those lists available in AdWords and Facebook Ads,
-
creating data segments based on demographic information, interests, and preferences in the selection of viewed products/services,
-
using demographic and interest data in Analytics reports.
The User may at any time, through their browser, completely block and delete cookies.
Blocking the collection of cookies on the User’s device may hinder or prevent the use of certain website functionalities. The User is fully entitled to do so, but should be aware of the limitations this may cause.
A User who does not wish cookies to be used for the purposes described above may delete them manually at any time. For detailed instructions, please visit the website of the browser manufacturer currently used by the User.
More information about cookies is available in the help menu of each web browser. Example browsers supporting cookies include:
-
Cookie settings in Internet Explorer
-
Cookie settings in Chrome
-
Cookie settings in Firefox
-
Cookie settings in Opera
-
Cookie settings in Safari
-
Cookies in Android
-
Cookies in Blackberry
-
Cookies in iOS (Safari)
-
Cookies in Windows Phone
Rights and Obligations
We have the right, and in cases specified by law also the statutory obligation, to provide selected or all information regarding personal data to public authorities or third parties who request such information on the basis of applicable Polish law.
The User has the right to access the content of their personal data, to correct or supplement it at any time, and also has the right to request that it be deleted from our databases or that its processing be discontinued, without giving any reason. In order to exercise their rights, the User may at any time send an appropriate message to the email address or in another way that effectively communicates such a request.
The processing of personal data of natural persons who are our customers is based on:
-
the legitimate interest of the data controller (e.g. creating databases, analytical and profiling activities, including analysis of product use, direct marketing of own products, securing documentation for defense against possible claims or for pursuing claims),
-
consent (including, in particular, consent for email marketing or telemarketing),
-
performance of a concluded contract,
-
obligations arising from law (e.g. tax law or accounting regulations).
The processing of personal data of natural persons who are potential customers is based on:
-
consent (including, in particular, consent for email marketing or telemarketing).
A request by the User to delete personal data or stop its processing may result in the complete inability to provide services or a serious limitation thereof.
We undertake to act in accordance with applicable law and principles of social coexistence.
Information on out-of-court consumer dispute resolution: the entity authorized within the meaning of the Act on out-of-court resolution of consumer disputes is the Financial Ombudsman, whose website address is: www.rf.gov.pl.
Basic Security Principles
Each User should take care of the security of their own data and of the devices used to access the Internet. Such a device should absolutely have antivirus software with an up-to-date database of virus definitions, a secure version of the web browser used, and an enabled firewall. The User should verify whether the operating system and installed software have the latest compatible updates, as attacks often exploit detected vulnerabilities in installed software.
Access credentials for online services, such as logins, passwords, PINs, electronic certificates, etc., should be secured in a place inaccessible to others and impossible to breach via the Internet. They should not be disclosed or stored on a device in a form allowing unauthorized access and reading.
Users should be cautious when opening suspicious attachments or clicking links in emails they did not expect, e.g. from unknown senders or from the spam folder.
It is recommended to enable anti-phishing filters in the web browser, i.e. tools that check whether a displayed website is authentic and not used to obtain information fraudulently, for example by impersonating a person or institution.
Files should only be downloaded from trusted sources, services, and websites. We do not recommend installing software from unverified sources, especially from unknown publishers with unproven reputations. This also applies to mobile devices such as smartphones and tablets.
When using a home wireless Wi-Fi network, a secure and hard-to-guess password should be set. It should not be a pattern or a sequence that is easy to guess (e.g. street name, host’s name, date of birth, etc.). It is also recommended to use the highest possible encryption standards available on the equipment, such as WPA2.
Use of Social Media Plug-ins
So-called social media plug-ins from Facebook.com and other platforms may appear on our websites. Related services are provided by Meta Inc.
Facebook is operated by Meta Platforms, Inc. To view Facebook plug-ins, go to:
https://developers.facebook.com/docs/plugins
The plug-in transmits to its provider only the information about which of our websites you accessed and at what time. If, while viewing or using our website, the User is logged into their account, for example on Facebook, the provider may combine your interests, information preferences, and other data obtained, for example by clicking the “Like” button, leaving a comment, or entering a profile name in a search. Such information will also be transmitted directly by the browser to the provider.
More detailed information on the collection and use of data by Meta and on privacy protection can be found on the following websites:
Facebook data protection / privacy guidance:
http://www.facebook.com/policy.php
To avoid Facebook or Twitter recording your visit to our website and associating it with your user account, you must log out of your account before browsing our websites.