No products
Prices are tax included
Unique testimony describing the life behind the walls of the Warsaw...
State Museum at Majdanek Online Bookstore Privacy Policy
General Provisions
The present Privacy Policy defines the rules of personal data gathering, processing, sharing and protection, conducted within the Online Bookstore, hereinafter Bookstore, available at: www.ksiegarnia.majdanek.eu
Personal data of the Bookstore’s Users is processed in accordance with generally applicable law, particularly with the following acts:
Definitions
Personal Data – information on identified or identifiable natural person, based directly or indirectly on identifiers such as name and surname, ID number, location data, username, and one or more indicators of a natural person’s physical, physiologic, genetic, mental, economic, cultural or social identity.
Personal Data Processing – any action, including gathering, saving, managing, ordering, storing, adapting or modifying, downloading, browsing, using, transferring, revealing in any form, combining or merging, restricting, deleting or erasing, done upon Personal Data.
Personal Data Administrator – an entity which, independently or in cooperation with other entities, defines the methods and purposes of Personal Data Processing
User – any natural person visiting the Bookstore’s website and/or using services or features of the Bookstore
Registered User – a User who registered their own User Account
User Account - a collection of resources and permits pertaining to a specific Registered User within the Bookstore’s database
Personal Data Administrator
The Personal Data of the Bookstore’s Users is administered by the State Museum at Majdanek, Droga Męczenników Majdanka 67, 20-325 Lublin, Poland; no. 30/92 in the register of cultural institutions administered by the Ministry of Culture and National Heritage, no. 14 in the National Museum Register, NIP: 9460001052, REGON: 000276096, hereinafter referred to as “Museum”).
Data Protection Officer
The Museum has appointed a Data Protection Officer, who monitors the data processing and ensures its legitimacy. The Data Protection Officer can be contacted electronically at: iod@majdanek.eu and/or by post at the Museum’s address: Państwowe Muzeum na Majdanku, ul. Droga Męczenników Majdanka 67, 20-325 Lublin, Poland.
Personal Data Categories and the Measures of their Gathering
Personal Data is submitted directly by the Bookstore’s Users, who enter leave behind their Personal Data upon several stages of interaction with the Bookstore. The Data is gathered:
In some cases, Users’ Personal Data can be forwarded by third parties. A situation when Users conduct payments via electronic payment systems (PayPal/Przelewy 24) is such an instance. Upon selecting such methods of payment Users consent to the transfer of their Personal Data from the owner PayPal and/or the owner of Przelewy 24 platform to the Museum. The transfer allows proper registration of payments by the Museum.
The Museum does not collect sensitive personal data such as: medical condition, racial or ethnic background, political views, religious beliefs, world views, trade union membership, genetic information. The Museum gathers and processes only the personal data, which is necessary for the aims of their processing. In all the future features and activities requiring personal data processing, the Museum will evaluate the necessity and range of their collection.
Legal bases and purpose of Personal Data processing
The Museum processes the personal data only with the aim of fulfilling the purpose, for which they are collected. Such aims and the legal basis for the respective processing are the following:
|
Personal Data Processing Purpose |
Legal Basis |
1 |
Bookstore’s User account related services |
The data is processed in order to conclude sales agreements and contracts, within which the person whose data is collected is amongst the parties. Pursuant to: Article 6.1.b of the GDPR. |
2 |
Bookstore order processing |
The data is processed in order to fulfil sales agreements and contracts, within which the person whose data is collected is amongst the parties. Pursuant to: Article 6.1.b of the GDPR. |
3 |
Refund processing |
The data is processed in order to fulfil sales agreements and contracts (in the instances when the buyer executes his rights of warranty), within which the person whose data is collected is amongst the parties, in the instances when the buyer Pursuant to: Article 6.1.b of the GDPR. |
4 |
Processing withdrawal from sales agreements: cancelling transactions, parcel returns, payment returns, delivery cost returns |
The data is processed in order to fulfil the administrator’s legal obligations, as required by taxation regulations (e.g. Consumer Rights Act). Pursuant to: Article 6.1.c of the GDPR. |
5 |
Issuing accounting documents, allocations, keeping and archiving accounting and tax records |
The data is processed in order to fulfil the administrator’s obligations imposed by the accounting and tax regulations. Pursuant to: Article 6.1.c of the GDPR. |
6 |
Archiving documents containing Personal Data for evidentiary purposes |
The data is processed in order to fulfil the administrator’s legal obligations, as required by e.g. The July 14,1983 Act On The National Archive Resource And Archives; Museum’s inner office and archival regulations Pursuant to: Article 6.1.c of the GDPR. The data is processed in order to fulfil the administrator’s obligations to secure their interest e.g. in the instance of necessity to use the data as legal evidence . Pursuant to: Article 6.1.f of the GDPR. |
7 |
The assertion of possible claims or defence against assertion claims, judiciary proceedings, debt collection |
The data is processed for the purposes of the legitimate interests pursued by the administrator e.g. the protection and implementation of Museum’s rights |
8 |
Compiling and analysing statistics of interactions with the Bookstore’s website based on the data collected by Cookies. |
The data is processed for the purposes of the legitimate interests pursued by the administrator e.g. - For the improvement of functionality of the Bookstore’s website and its features - For the improvement of safety within the Bookstore - For the improvement of services provided to the Bookstore’s Users Pursuant to: Article 6.1.f of the GDPR. |
Personal Data sharing
The Personal Data of the Bookstore’s Users is shared with authorised Museum personnel. In justified instances, it can also be shared with third parties including:
1) The entities authorised to obtain data under the applicable law if requested under the relevant legal basis
2) Bank Gospodarstwa Krajowego – the financial institution responsible for the Museum’s bank account
3) Poczta Polska S.A. – Polish Post that is responsible for delivering all the products purchased within the Bookstore
4) Other entities processing them at the request of the Museum, e.g. subcontractors and service providers responsible for the Bookstore’s website maintenance, hosting service providers
All third party entities entrusted with the Personal Data gathered by the Museum are bound by contracts for entrusting personal data processing.
Personal Data gathered via Bookstore’s website is never sold, nor shared with other entities for marketing purposes.
Transfer of Personal Data to a third country or an international organisation.
Personal Data collected by the Museum will not be transferred to a third country outside the European Economic Area (all EU countries, Norway, Liechtenstein, Iceland) and/or any international organisation.
Data retention span
Personal Data gathered via Bookstore will be processed only for as long as required by the purpose of their processing.
|
Personal Data Processing Purpose |
Data Retention Span |
1 |
Bookstore’s User account service and management |
From registration until the moment of account’s deletion. |
2 |
Order processing |
Until the order’s fulfilment. |
3 |
Complaint processing |
Until the complaint procedure’s resolution. |
4 |
Client’s withdrawal from the sales agreement concluded remotely |
Until the procedure’s resolution. |
5 |
Issuing accounting documents, allocations, keeping and archiving accounting and tax records |
5 years following the end of the calendar year, during which the tax maturity expires, unless common law demands longer. |
6 |
Archiving documents containing Personal Data for evidentiary purposes |
Span required by the common law and/or until the expiration date for submitting any possible assertion claims. |
7 |
The assertion of possible claims or defence against assertion claims, judiciary proceedings, debt collection |
Span required for the protection of the Museum’s rights or until the expiration date for submitting any possible assertion claims, that is determined by the common law. |
8 |
Compiling and analysing statistics of interactions with the Bookstore’s website based on the data collected by Cookies. |
Until receiving a valid, justifiable objection. |
All the Personal Data reaching the end of its retention span is either deleted or anonymised.
Vested rights of the persons being the Personal Data subject.
In recognition of the GDPR restrictions and standards we inform that you have the right to:
1) Access the content of your data as well as to be informed what data is processed, for what purpose, by whom, on what legal basis, when they will be deleted.
2) Demand rectification of incorrect data and/or supplementation of incomplete data.
3) Demand deletion of Personal Data in justified cases as defined by Article 17 of the GDPR.
4) Demand restriction of Personal Data Processing in the instances defined by Article 18 of the GDPR.
5) Data transfer – the right to receive your Personal Data in a commonly used file format (txt, doc, rtf, xls, odt, pdf, jpeg, xml) and/or to demand sending your Personal Data directly to a different administrator if technically possible.
Every person being the Personal Data subject has the vested right to object data processing in the following instance:
The Users of majdanek.eu domain have the right to withdraw their consent of Personal Data processing, at any moment, however, that does not affect the legitimacy of the Personal Data processing done before the withdrawal and based on the Users’ thus far consent.
Complaints and requests can be submitted to the appointed Data Protection Officer by e-mail: iod@majdanek.eu and/or by post at the Museum’s address: Państwowe Muzeum na Majdanku, ul. Droga Męczenników Majdanka 67, 20-325 Lublin, Poland. Each complaint or request should contain data which enables the Museum to unequivocally identify each petitioner and to proceed with their case.
Any person being the Personal Data subject, who has reasons to believe that the Personal Data Processing violates their rights, has the right to file a complaint to the Polish Data Protection Commissioner (2 Stawki St.; 00-193 Warsaw).
Voluntariness of Providing Personal Data and Personal Data Processing
Providing your Personal Data is not obligatory, although sometimes necessary to use certain features of the Bookstore. Without providing Personal Data it will be impossible to e.g. sent the Museum a message via contact form, register a User Account, make purchases within the Bookstore. In certain cases, the law requires the provision of your Personal Data to the museum e.g. for accounting and tax purposes.
Automatic Personal Data Processing and Profiling
No Personal Data acquired via the Bookstore is processed in a way resulting in automated decision-making, including profiling. The Museum does not use software that collects Personal Data and makes automatic and independent decisions, which could result in any legal consequences or influence the situation of the persons being subject to Personal Data Processing.
Data Protection
All Personal Data gathered via Bookstore is protected according to the GDPR guidelines. The Museum takes adequate measures, both technological and procedural, in order to secure the Personal Data and prevent it from deliberate or accidental damage and/or erasure, accidental loss, unintentional modification, sharing with unauthorised persons, being transferred and/or stolen by an unauthorised person. These measures include:
1) SSL certified connections with the Bookstore’s website.
2) Personal Data storage on secure servers.
3) Restricted access to the Personal Data, granted only to the authorised Museum personnel, processed only within the range of the stated collection purpose.
4) Strict inner procedure of Personal Data processing.
5) No Personal Data sharing with any third party entities unless they are bound by contracts for entrusting personal data processing singed with the Museum.
6) The Museum demands warranty of the Personal Data safety from all the third party entities entrusted with the data.
Cookies
The Bookstore’s websites use cookie files, which collect and process anonymous User-related data. Cookies are small text files sent by websites to their visiting Users and saved on their hard drives. The collected information can only be received by the website of their origin. Data collected by cookies do not allow anyone to unequivocally identify any person.
The Museum uses cookies to monitor the interactions of Users with the Bookstore’s website, in order to improve its features and functionality, to improve our customer services, as well as to conduct statistics.
Most Internet browsers accept cookies by default. Every user, however, can at any time change the cookie settings within their browser. Deactivating cookies can bear negative impact on the functioning of the Bookstore’s websites and disable some of their features.
The Museum also collects Personal Data concerning the means of User interaction with the Bookstore, with the use of access logs based on the Users’ IP address. Thereby collected Personal Data is not sufficient to determine the Users’ identity, but it allows to improve the functionality and security of the Bookstore, as well as to identify potential security threats and the ways to solve them. Thereby collected Personal Data is also used for statistics concerning the Bookstore, which allows us to adjust our offers to the needs of the market.
Final Provisions
The Museum reserves the right to alter the present Privacy Policy. Modifications may be necessary in the case of e.g. changes within the law, new directives of the Museum’s supervisory bodies, new technologies used to run the Bookstore, new technologies used to process the Personal Data, and/or the purposes of the Personal Data processing. Any alterations will be announced to the Bookstore’s Users.
The storage, processing and transfer of the personal data entrusted to us shall be carried out in accordance with the Act of 29 August 1997 on the protection of personal data (Journal of Laws of 2002, No. 101, item 926, as amended) and Rules of the Online Bookshop of the State Museum at Majdanek.
You have the right to fully access, complement, update and correct your personal data. You also have the right to require to stop processing your personal data or delete them on rules stipulated by the binding legal provisions.
The Privacy Plice have been drawn up in two language versions: Polish and English. In case of any discrepancies between the language versions of the Privacy Police, the Polish version shall prevail