in connection with the use of the online store located at https://mentol.click
and cookies, please contact us at: [email protected]
The administrator of personal data is Mentol.Click Sp. z o. o (hereinafter referred to as the Administrator) at ul. Szafarnia 11 / F8, 80-755 Gdańsk, NIP number: 5833406438, REGON number: 387077787.
By using our website, you can provide us with your personal data using the forms available on our website in order to access the services we offer, subscribe to the newsletter and contact us. Providing data is always voluntary, but necessary to take the action for which the form is intended.
As a personal data administrator, we guarantee the confidentiality of all personal data provided to us. We collect your personal data with due diligence and are properly protected by us against access by unauthorized persons. We also ensure that all security and personal data protection measures required by the provisions on the protection of personal data are taken.
Any personal data provided by you will not be sold to third parties or entities.
Purposes, legal bases and period of personal data processing
performance of the contract and provision of services
The administrator processes your personal data in order to perform the contract / services, including for the purpose of providing technical support - technical assistance, and adapting the website to the preferences and expectations of the user.
The legal basis for the processing of personal data is:
Art. 6 sec. 1 lit. b) GDPR - processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract;
The following data are processed in particular: email, possibly telephone number, username / first and last name, time and ip of each login and search history.
By subscribing to the newsletter, the user also agrees to the Administrator's use of the user's telecommunications end devices (e.g. phone, tablet, computer) for direct marketing of the Administrator's products and services and to provide the user with commercial information in accordance with art. 172 (1) of the Telecommunications Law (Journal of Laws of 2014, item 243 as amended)
The newsletter is sent for an indefinite period, from the moment of activation until the consent is withdrawn. After the consent is withdrawn, the user's data may be stored in the newsletter database for a period of up to 2 years, in order to demonstrate the user's consent to communication via the newsletter, the user's actions (e-mails open) and the moment of its withdrawal, as well as possible including claims, which is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR).
The sending of the newsletter may be discontinued if the user does not show activity for a minimum of 1 year from the commencement of the newsletter service or the last e-mail message (sent newsletter) was read. In this case, the Administrator will delete the user's data from the system for sending the newsletter (provider). The User will not be entitled to receive any message from the Administrator, unless he decides to re-subscribe to the Newsletter subscription form or contacts the Administrator in a different way selected for this purpose.
The mailing system used to send the newsletter records all activity and actions taken by the user related to the e-mails sent to him (date and time of opening the message, clicking on links, time of unsubscribing, etc.).
Data listed in li. a) above, together with other "technical" data obtained while using the website, may be used to profile user preferences, in accordance with the idea of the functionality of this type of website (for example, preferences for movies). This data may also be used for marketing purposes pursuant to Art. 6 sec. 1 lit. f) GDPR.
Time of data processing
Your personal data will usually be processed for the duration of the contract - for the purpose performance of the contract (Article 6 (1) (b) of the GDPR), as well as for purposes arising from legitimate interests pursued by the Administrator or by a third party (Article 6 (1) (f) of the GDPR).
After the performance / termination of the contract, the data will be processed further - however, for archiving purposes, pursuant to art. 74 of the Accounting Act of September 29, 1994 (Article 6 (1) (c) of the GDPR).
Transferring personal data to other entities
Your personal data may be transferred to other entities in order to perform the contract / service (Article 6 (1) (b) of the GDPR), as well as for the purposes specified in art. Art. 6 sec. 1 lit. f) GDPR. The administrator declares that he does not transfer data to a third country or an international organization (i.e. outside the European Economic Area ("EEA"). The administrator also declares that he does not use subcontractors who transfer data outside the EEA. in the event of the necessity to use subcontractors or partners from outside the EEA, the Administrator declares that, with the help of appropriate agreements, he will ensure that such third parties adequately meet the requirements of the GDPR.
Categories of data recipients
The administrator may disclose personal data only to entities authorized to obtain them on the basis of legal provisions and / or relevant contracts, including contracts for entrusting the processing of personal data.
In particular, your personal data may be transferred to entities processing personal data at the request of the Administrator, including IT service providers, hosting services, billing agents (e.g. electronic payments), etc.
In addition, the Administrator may transfer your data to processing entities trusted marketing partners / marketing agencies, where such entities process data on the basis of an agreement with the Administrator, and the transfer of this data is subject to security measures and control by the Administrator as the personal data administrator.
The processing of personal data for marketing purposes takes place either on the basis of an appropriate consent (Article 6 (1) (a) of the GDPR), or in connection with the existence of legal grounds other than consent - e.g. Article 6 (1) (a) of the GDPR). XNUMX lit. f) GDPR.
You can get information on whether we process your personal data.
If so - you can access them, e.g. ask for a copy. You can also get detailed information, incl. about what your data is processed and for what purpose, to whom it is transferred. If you have not provided the data to this company / institution yourself - you can also ask for information about where it came from in this particular company.
You can also request the deletion or restriction of the processing of your data. Of course not always. When we have a contract with you, we can process it in accordance with the law and your request will not be effective. However, if they are processed unlawfully or there are no grounds for their processing - your data should be deleted
If you believe that your rights are violated - you can lodge a complaint with the supervisory authority - the President of the Office for Personal Data Protection.
In addition, if the Administrator processes your personal data:
You have the right to access your personal data and the right to request rectification, deletion or limitation of their processing;
To the extent that the basis for the processing of your personal data is the premise of the legitimate interest of the Administrator, you have the right to object to the processing of your personal data;
In particular, you have the right to object to the processing of data for the purposes of direct marketing and profiling;
To the extent that the basis for the processing of your personal data is consent, you have the right to withdraw consent. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
To the extent that your data is processed in order to conclude and perform the contract or processed on the basis of consent, you have the right to transfer data, i.e. to receive your personal data from the administrator in a structured, commonly used machine-readable format.
You also have the right to be forgotten if further processing is not provided for by the currently applicable law.
In order to exercise the above rights, please contact the Data Administrator using the above-mentioned contact details or the appropriate form on the website www.mentol.click
Security and recipients of data
In terms of the security of your personal data, we undertake to:
securing personal data against unauthorized persons,
data processing only by persons and entities with appropriate authorization,
controlling the correct course of data processing,
keeping a register of persons and entities authorized to process personal data and ensuring that the data will be kept secret,
compliance with the law on the processing of personal data.
What are cookies and how do we use them?
Cookies are key text information sent to the browser from a website and may be stored by the browser for the better functioning of the browser.
Most web browsers accept cookies. You can block cookies or set your browser to receive a warning message before cookies are stored on your computer. If you prefer not to install any cookies on your hard drive, we recommend that you consult your browser's documentation or the help window for more information. However, cookies may be necessary to run certain applications on our pages, and blocking them may prevent you from accessing certain applications.
What are Internet Protocol (IP) addresses and how do we use them?
An IP address is a number assigned to a server or computer by an Internet Service Provider ("ISP"). An administrator may require these IP addresses for account authentication, system administration, or jointly sending information. The administrator may also use IP addresses to limit the use of his servers by any other system in order to avoid misuse of the servers.