Privacy Policy
GENERAL PROVISIONS
1.1. This Privacy Policy of the YAYUMA Website is for informational purposes only, which means that it is not a source of any obligations for Buyers or Customers of the Website. The Privacy Policy sets out primarily the rules regarding the processing of personal data by the Data Controller on the Website, including the grounds, purposes, and scope of personal data processing and the rights of data subjects, and also information on the use of cookies and analytical tools on the Website.
1.2. The Data Controller of the personal information collected via the Website: YAYUMA audio Sp. z o. o., with its registered seat in Katowice, 40-246, ul. Porcelanowa 23, entered into the Polish register of entrepreneurs of the National Court Register maintained by the District Court in Katowice-Wschód in Katowice, VIII Commercial Division of the National Court Register, under the KRS number: 0000546879, NIP (Tax Identification Number): 6322012259, REGON: 360951759, e-mail address: contact@yayuma.co, hereinafter referred to as the “Data Controller” and who is also the Service Provider of the Website and the Seller.
1.3. Personal data on the Website are processed by the Data Controller in accordance with applicable law, in particular pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR” or “GDPR Regulation.” The official text of the GDPR Regulation:
https://eur-lex.europa.eu/eli/reg/2016/679/oj
1.4. Using the Website, including making purchases, is voluntary. Similarly, the provision of personal data by the Buyer or Customer using the Website is voluntary, subject to two exceptions: (1) concluding agreements with the Data Controller: failure to provide—in the cases and to the extent indicated on the Website, in the Terms and Conditions of the Website, and in this Privacy Policy—one’s personal data required for the conclusion and performance of the Sales Agreement or an agreement for the provision of Electronic Services with the Data Controller will render the Buyer or Customer unable to conclude such an Agreement/agreement. In the cases above, providing personal data is a contractual obligation and if the data subject wants to conclude a given agreement with the Data Controller, he is obliged to provide the required data. Each time, the scope of data required to conclude an agreement is indicated on the Website and in the Terms and Conditions of the Website; (2) statutory obligations of the Data Controller: providing personal data is a statutory requirement deriving from the generally applicable legal provisions which oblige the Data Controller to process personal data (e.g. data processing for the purpose of keeping tax or accounting books), and failure to provide such data will prevent the Data Controller from performing these obligations.
1.5. The Data Controller takes special care to protect the interests of his data subjects, and is particularly responsible for ensuring that the data collected by him are: (1) processed lawfully; (2) collected for specified, explicit, and legal purposes and not further processed in a manner that is incompatible with those purposes; (3) correct in substance and aligned with the purposes for which they are processed; (4) stored in a form which permits identification of data subjects for no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
1.6. Taking into account the nature, scope, context, and purposes of data processing and the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller will implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the above-mentioned Regulation. Those measures will be reviewed and updated where necessary. The Data Controller will apply technical measures to prevent the obtaining and modification of personal data sent electronically by unauthorised persons.
1.7. All capitalised words, expressions, and acronyms used in this Privacy Policy (e.g. Seller, Website, Electronic Service) should be interpreted in accordance with their definitions contained in the Terms and Services of the Website available on the Website.
LEGAL GROUNDS FOR DATA PROCESSING
2.1. The Data Controller is entitled to process personal data only if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Data Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. lso entitled to store the IP address of the participant. Only one account can be assigned to each participant. There is no right of participation. The registration cannot be transferred.
2.2. The lawful processing of personal data by the Data Controller requires each time the existence of at least one of the grounds specified in 2.1 of the Privacy Policy. The specific grounds for processing the personal data of the Buyers and Customers of the Website by the Data Controller are indicated in the next section of the Privacy Policy—in relation to a specific purpose of data processing by the Data Controller.
PURPOSE, GROUNDS, PERIOD, AND SCOPE OF DATA PROCESSING ON THE WEBSITE
3.1. The Data Controller is allowed to process personal data on the Website for the following purposes, on the following grounds, in the following periods, and in the following scope:
Performance of the Sales Agreement or an agreement for the provision of Electronic Services, or acting at the request of the data subject before concluding such (an) agreement(s)
Direct marketing
Marketing
The Customer expressing an opinion on the concluded Sales Agreement
Keeping tax or accounting books
Establishment, exercise, or defence of legal claims that may be raised by or against the Data Controller
Article 6 Section 1(b) of the GDPR Regulation (performance of a contract). The data will be stored for the period necessary to perform, terminate, or otherwise withdraw from the concluded contract.
Article 6 Section 1(f) of the GDPR Regulation (legitimate interests pursued by the controller). The data will be stored for the duration of the legitimate interest pursued by the Data Controller, but no longer than for the period of prescription of the claims against the data subject due to the business activity conducted by the Data Controller. The period of prescription is defined by law, in particular the Polish Civil Code (the basic period of prescription for claims related to conducting business activities is three years, and for sales contracts—two years). The Data Controller may not process data for the purpose of direct marketing in the event of the data subject’s effective objection in this regard.
Article 6 Section 1(a) of the GDPR Regulation (consent) The data is stored until the data subject withdraws his/her consent for further processing of his/her data for this purpose.
Article 6 Section 1(a) of the GDPR Regulation (consent) The data is stored until the data subject withdraws his/her consent for further processing of his/her data for this purpose.
Article 6 Section 1 (c) of the GDPR Regulation in connection with Article 86 Section 1 of the Polish Tax Ordinance of January 17, 2017 (Dz.U. [Journal of Laws] of 2017, item 201) or Article 74 Section 2 of the Polish Accounting Act of January 30, 2018 (Dz.U. of 2018, item 395). The data will be stored for the period required by the legal provisions obliging the Data Controller to store tax books (until the expiry of the tax liability limitation period unless the tax law provides otherwise) or accounting books (5 years, counting from the beginning of the year following the financial year to which the data relate).
Article 6 Section 1 (f) of the GDPR Regulation The data will be stored for the duration of the legitimate interest pursued by the Data Controller, but no longer than for the period of prescription of the claims against the data subject due to the business activity conducted by the Data Controller. The period of prescription is defined by law, in particular the Polish Civil Code (the basic period of prescription for claims related to conducting business activities is three years, and for sales contracts—two years).
Maximum scope: first name and surname; e-mail address; contact telephone number; delivery address (street, house number, flat number, postal code, city, country); address of residence / principal place of business / registered seat (if different from the delivery address).
E-mail address
First name and surname; e-mail address; telephone number
First name and surname; e-mail address; telephone number
First name and surname; address of residence / principal place of business / registered seat; company name; tax identification number (NIP) of the Buyer or Customer
First name and surname; contact telephone number; e-mail address; delivery address (street, house number, flat number, postal code, city, country); address of residence / principal place of business / registered seat
DATA RECIPIENTS ON THE WEBSITE
4.1. In order for the Website to work seamlessly and in order for the Sales Agreements to be performed, it is necessary for the Data Controller to use the services of third parties (such as, for example, software providers or payment processors). The Data Controller will use only the services of such processors who can sufficiently guarantee to be implementing appropriate technical and organisational measures so that the data are processed in line with the provisions of the GDPR Regulation and so that the rights of data subjects are protected.
4.2. The Data Controller will not transfer the data in every case and to all the recipients or categories of recipients indicated in the Privacy Policy. The Data Controller will transfer the personal data only when necessary in order to achieve the specified purpose of personal data processing and only to the extent necessary to achieve this purpose. Personal data of the Buyers and Customers of the Website may be transferred to the following recipients or categories of recipients:
1. Third parties which process electronic payments or card payments; if the Customer chooses an electronic payment method or pays with a payment card on the Website, the Data Controller will transfer the Customer’s personal data—to the extent necessary to process the Customer’s payment—to the selected third party employed by the Data Controller to process such payments on the Website.
2. Providers of opinion poll systems; if the Customer has agreed to express an opinion about the concluded Sales Agreement, the Data Controller will transfer the Customer’s personal data—to the extent necessary for the Customer to express his/her opinion via the opinion poll system—to the selected third party employed by the Data Controller to provide the opinion poll on the concluded Sales Agreements on the Website.
3. Service providers providing the Data Controller with technical, IT, and organisational solutions which enable the Data Controller to conduct business activities, including to provide the Website and the associated Electronic Services (in particular, providers of computer software required for running the Website, e-mail and hosting providers, providers of business management software, and providers of technical support); the Data Controller will transfer the Customer’s personal data to a selected provider acting on his behalf only in the case and to the extent necessary to achieve a given data processing purpose specified in this Privacy Policy.
4. Providers of accounting, legal, and consultancy services providing the Data Controller with accounting, legal, or consultancy support (in particular, accounting offices, law firms, and debt collectors); the Data Controller will transfer the Customer’s personal data to a selected provider acting on his behalf only in the case and to the extent necessary to achieve a given data processing purpose specified in this Privacy Policy.
RIGHTS OF DATA SUBJECTS
5.1. The right of access and the right to rectification, erasure, restriction, and portability— the data subject has the right to request from the Data Controller access to and rectification or erasure (“right to be forgotten”) of his/her personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability. Detailed conditions of how the above rights are exercised are set out in Articles 15-21 of the GDPR Regulation.
5.2. The right to withdraw consent at any time—the data subject whose data are processed by the Data Controller based on his/her expressed consent (pursuant to Article 6 Section 1(a) or Article 9 Section 2(a) of the GDPR Regulation) has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
5.3. The right to lodge a complaint with a supervisory authority—the data subject whose data are processed by the Data Controller shall have the right to lodge a complaint with a supervisory authority in the manner specified in the provisions of the GDPR Regulation and Polish law, in particular the Polish Personal Data Protection Act. The President of the Personal Data Protection Office (UODO) is the competent supervisory authority in Poland.
5.4. Right to object—the data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6 Section 1 item e) (performance of a task carried out in the public interest) or item f) (legitimate interests pursued by the controller), including profiling based on those provisions. The Data Controller shall no longer process the personal data unless the Data Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
5.5. Right to object to direct marketing—where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
5.6. In order to exercise the rights referred to in this section of the Privacy Policy, please contact the Data Controller by sending a relevant request by post or by e-mail to the Data Controller’s address indicated at the beginning of the Privacy Policy or using the contact form available on the Website.
COOKIES POLICY, PERFORMANCE DATA AND ANALYTICS
6.1. Cookies are small text files containing information, sent by the server and saved on the side of the person visiting the Website (e.g. on his/her computer hard drive, laptop, or on his/her smartphone’s memory card, depending on the device used by the Website user). Detailed information on cookies, as well as the history of cookies, can be found here:
https://en.wikipedia.org/wiki/HTTP_cookie.
6.2. While visitors are using the Website, the Data Controller may process the data contained in cookies for the following purposes:
saving the data from the Reservation Forms and Website surveys;
adapting the content of the Website to the individual preferences of the Buyer (e.g. regarding colours, font size, page layout, etc.). pages) and optimising the use of the Website pages;
keeping anonymous statistics on how the Website is used.
6.3. Most web browsers available on the market accept cookies by default. However, each user has the option to define the terms of using cookies by adjusting the settings of their own web browser. This means that you can, for instance, partially (e.g. temporarily) limit or completely disable the option of saving cookies; in the latter case, however, it may affect some of the Website’s functionalities.
6.4. The web browser settings for cookies are crucial from the point of view of consent to the use of cookies by our Website—in accordance with applicable law, such consent may also be expressed through the web browser settings. In the absence of such consent, the cookie settings of the browser should be changed accordingly.
6.5. Detailed information on how to change cookie settings and clear cookies in the most popular web browsers is available in the help section of your web browser and on the following pages:
Chrome
Firefox
Internet Explorer
Opera
Safari
Microsoft Edge
6.6. On the Website, the Data Controller may use Google Analytics and Universal Analytics services, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and the Facebook Pixel service, provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). These services help the Data Controller analyse traffic on the Website. The collected data processed as part of the above services are anonymised (these are called performance data and they prevent the identification of a person) and used to generate statistics helpful in the Website administration. These data are aggregate and anonymous, i.e. they do not contain any personally identifiable information (personal data) of Website visitors. When using the above services on the Website, the Data Controller collects such data as the sources and channels of obtaining visitors to the Website, visitor behaviour on the Website, information on devices and browsers visitors use to enter the Website, IP address and domain, geographic data, demographic data (age, gender), and interests.
6.7. Each user can easily block sharing the information about their activity on the Website with Google Analytics—you can simply install the Google Analytics Opt-out Browser Add-on, available here:
https://tools.google.com/dlpage/gaoptout?hl=en-GBFINAL PROVISIONS
7.1. This Website may contain links to other websites. After opening other websites, it is recommended to read their privacy policies. This Privacy Policy applies only to the Data Controller’s Website.