GDPR

Personal Data

6.1. Definitions

6.1.1. GDPR – means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”).

6.1.2. Controller – the controller of personal data processed in connection with the implementation of the provisions of this Regulation is the company MY PET STORY Sp. z o.o. with its registered office in Zamość (registered office address and address for service: ul. Jasna 9, 22-400 Zamość); entered into the National Court Register under the KRS number: 0000746613; the court in which the company’s documentation is kept: Lublin-Wschód District Court in Lublin with its registered office in Świdnik, VI Commercial Division of the National Court Register, entry in the register: 2018-08-29; share capital: 5,000.00 PLN; NIP: 9223059029; REGON: 381124557 and email address: contact@mypetstoryapp.com, contact phone number: +48 668811248.

6.2. The controller of personal data, i.e., MY PET STORY Sp. z o.o., processes personal data provided by Clients (first name, last name, company, tax identification number, business address, email, phone number, bank account number) for the purpose of providing services electronically, based on the attached Regulations, in particular, the establishment and management of the Account, installation of the Application, and for Clients to use the services provided within the B2B Platform and the Mobile Application. The legal basis for the processing of personal data is art. 6 par. 1 lit. b GDPR, i.e., processing is necessary for the performance of the contract (Regulations).

6.3. The controller processes the personal data indicated in point 6.1. for direct marketing purposes, including sending information about My Pet Story Sp. z o.o, entities affiliated with My Pet Story Sp. z o.o., and Clients of My Pet Story Sp. z o.o. The legal basis for processing is art. 6 par. 1 lit. f GDPR, i.e., the legitimate interest of the Controller related to the provision of the newsletter service. The Client/User may object at any time.

6.4. The Client voluntarily provides personal data to the Controller and declares that they are authorized to provide personal data, in particular, the Client declares that they are authorized to provide User’s personal data.

6.5. The Client has the right to access the provided personal data. The Client has the right to modify, change, supplement, or delete the provided personal data. In the event of the permanent deletion by the Client of personal data necessary for the provision of services by the Controller resulting from the Regulations, the Client loses the ability to use the products and services offered within the B2B Platform and the Mobile Application.

6.6. The Controller guarantees adequate technical and organizational measures ensuring the security of processed personal data, in particular preventing unauthorized access to them, preventing the loss of personal data, their damage, or destruction.

6.7. The Client has the right to:

• access their data,
• request the correction or deletion of data,
• restrict the processing of their data,
• transfer their data,
• object to the processed data,
• lodge a complaint with the supervisory authority.

6.8. If the Client believes that the processing of their personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office.

6.9. The Client’s personal data will be processed for the period necessary to achieve the processing purposes, depending on the legal basis for processing. In accordance with the purposes specified in 6.1., the data is processed for the duration of the services provided under the Regulations until the withdrawal of the given consent or the submission of an effective objection to the processing of data in cases where the legal basis for processing data is the legitimate interest of the Controller.

6.10. The data processing period may be extended if processing is necessary to establish and assert any claims or to defend against them, and after that time only to the extent and for the period required by law.

6.11. In connection with the provision of services, the personal data provided by Clients may be transferred to external entities, in particular to suppliers responsible for the operation of IT systems, external systems suppliers, suppliers supporting the activities of the Controller and ensuring the operation of technical and organizational solutions, advisory entities (legal, consulting, financial), marketing agencies, as well as entities affiliated with the Controller. The legal basis for the processing of personal data by other entities is a separate data processing agreement.

6.12. The Controller declares that the aforementioned entities will process the Client’s personal data only to the extent necessary to perform their legal obligations arising from contracts or generally applicable law.

6.13. At present, the Controller does not intend to transfer the User’s personal data outside the European Union or the European Economic Area. If the Controller intends to do so, the User will be promptly informed of this fact.