Privacy Policy
1. General provisions
a) This present Privacy Policy determines the rules of protection of confidential data regarding Users, including personal data, by the administrator of this data. The personal data administrator is the Museum of Modern Art in Warsaw, ul. Pańska 3, 00-124 Warszawa [Warsaw, Poland], Tax Identification No. [NIP]: 525-234-18, Business Identification No. [REGON]: 140187435, entered in the Register of Cultural Institutions kept by the Minister of Culture, National Heritage and Sports, under number RIK 58/2005, hereinafter referred to as the ‘Museum’.
b) For the purposes of interpretation of this document, the definitions in the Store Regulations shall apply.
c) In running the Store, the Seller shall make special effort to protect the rights of User––in particular, in terms of protection of privacy and protection of information shared to the Seller and pertaining to Users. In processing the Users’ personal data, the Seller shall see, in particular, to that such data be protected against being made available to any unauthorised person, removed by any unauthorised person, processed with infringement of the laws and regulations in force, as well as against alteration/modification, loss, damage, or destruction.
2. Personal Data
a) Personal Data is data related to the Users being an identified or identifiable natural person being concerned, such person being directly or indirectly identifiable based upon, especially, the features such as first name, surname, identification number, location data, IP of the computer, or, one or more traits determining the identity of such a natural person (incl. physical, physiological, genetic, psychical, economic, cultural, and/or social).
b) The Seller shall process Personal Data of the related individuals in accordance with the law in force, particularly the laws of Poland and the Regulation of the European Parliament and the (EU) Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR’). The collected personal data are stored by us within the European Economic Area (‘EEA’).
c) Processing of Personal Data means operations performed on Personal Data or sets of Personal Data or sets thereof, such as collecting, recording, organising, ordering, storing, adapting or modifying, downloading, and viewing.
d) While using the Store, the User may be requested to give his/her personal data as indispensable for the Seller to render the requested service:
• upon registration at the Store (name and surname or business name, address for delivery, telephone number , email address);
• upon placing the order (name and surname or business name, address for delivery, telephone number , email address).
e) Whilst giving any personal data is voluntary, giving such data in the course of placing the order is necessary for processing the mail order by the Store.
3. Purpose of collected data
a) We collect and process Personal Data in order to:
• enable the registration at the Store;
• submit and process the order;
• in case of complaint, quickly identify the Customer with the commodity purchased by him/her;
• facilitate to the Customer the placement of any possible complementary orders in the future;
• advice the Customer with regard to the product(s) purchased;
• keep the statistics and analyses of sales.
4. Personal Data processing: the legal basis
(a) The Customer to enter into a purchase agreement with the Store.
(b) Consent for processing, granted by the person to whom the Personal Data pertains. Such a consent shall always be given by action of the consent-granting person––such as, for instance, by ticking the appropriate field.
(c) The Store’s legal obligation to fulfil the agreement concluded with the Customer.
(d) Legally justified interests of the Seller––for purposes of direct marketing (related to the consent given) and in order to protect fraud.
5. Personal Data profiling
Personal Data shall be processed in an automated manner, including profiling the same, for which purpose the details on purchases and actions in the Service Provider’s sales channels will be used (cookies files, preferred purchase methods), and this in order to tailor the Store’s offer to the individual preferences (such as by displaying on the Store website products recently viewed by the User, in order to facilitate their finding in the Store’s offer again) as well as for statistical purposes.
6. Cookies files
We use on our websites/pages text files colloquially referred to as ‘cookies’, being indispensable for technical handling of the sites/pages and use of the functionalities on offer. We do not use cookies to trace the user’s navigation. We do not place on our websites/pages the cookies of any other entities whatsoever. The pages in the domain only use cookies to create anonymous statistics of visits in these services. The User may alter, on his/her own and at any time, alter the cookies settings, determining the terms of their storage and of gaining access through cookies to the User’s End Device. The change in the settings referred to in the foregoing sentence can be made by the User using the Web browser settings or the service configuration. Such settings can be altered, in particular, in a way so as to block the automated handling of cookies in the Web browser’s settings or each time inform the website’s user about cookies placed on the User’s End Device. Detailed information on the potential and methods of handling cookies is available in the software’s (Web browser’s) settings. The User may, at any moment, remove the cookies using the functions available in the Web browser s/he uses.
7. Rights and obligations of the Seller
(a) The Seller hereby represents that he has entrusted the processing of Customer’s Personal Data to third-party entities providing to the Seller, or directly to the Customer, services necessary to use the Store, including to process the agreements/contracts, consider complaints submitted, and use the financial services available in the Store, based on the written agreement concluded in line with the regulations in force. Personal Data of customers may be entrusted, in particular, to suppliers of Products, Banks, Insurers, financial and insurance institutions.
(b) The Seller shall have the right to reveal selected Personal Data to competent authorities or third parties that have requested for sharing such information with them, pursuant to the applicable legal framework and in accordance with the laws in force.
8. Rights and obligations of the Personal Data subject
All the individuals whose data we process shall be entitled to have access to the content of their data, receive a copy thereof, and to demand that the data be rectified or corrects and/or, in certain specific cases, removed or restricted in terms of processing. We are committed to make the implementation of your rights related to the data we process be as simple as practicable. However, as the data administrator, we have to be reassured that your data would never be shared to any unauthorised person whatsoever. Therefore, in the event of any doubt on our part as to whether the person that, for example, has requested access to data or demanded that the data be removed, is actually the very same person whose data is processed by us, we can request him or her to give us additional relevant information.
Should you consider that your rights have been infringed, you may file a complaint to the President of the Personal Data Protection Office. Yet, in case you have noticed a problem, do inform us as well. We make all effort to protect your rights in the best way possible. In the event that we have made any error or mistake, we will be willing to rectify it as soon as possible.
In order to contact us for Personal Data, send your email message to our Personal Data Protection Inspector, at iod@artmuseum.pl, or by ‘snail’ mail to our registered office address.
9. Securing Personal Data
The Seller hereby represents that he shall use best efforts to offer high security to the Customers as far as use of the Store is concerned. Any confidential information pertinent to the Users, including Personal Data of the same, shall be secured by the Seller against sharing with any unauthorised person as well as against being otherwise revealed or lost, and against damage or unlawful modification of the data or information concerned, by applying appropriate technical and organisational security measures.
10. Final Provisions
With respect to any matters not regulated herein, the laws and regulations on the processing of Personal Data, GDPR included, shall apply.