PRIVACY POLICY
ONLINE STORE
www.protectedbyjames.com

1. INFORMATION ON THE CONTROLLER
1. The controller of the personal data collected through the Online Store available at: www.protectedbyjames.com is MC PROJECTS SP. Z O.O. with its registered seat in Warsaw, at ul. Ostródzka 245B/7B, 03-289 Warsaw, the share capital of PLN 5,000.00, entered into the Register of Entrepreneurs of the National Court Register [KRS] by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under KRS no. 0000660903, holder of NIP no. [Tax ID no.]: 5242820488, REGON [National Business Registry no.]: 366445945.
2. The Controller may be also contacted in writing via traditional mail and via electronic mail as well as by phone at the following address and number: james@protectedbyjames, : +48 607 420 420.
3. In accordance with applicable provisions regarding personal data protection, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council, referred to as GDPR, in order to ensure data subjects with proper protection of personal data, below the Controller provides information regarding personal data processing.
4. The Controller endeavours to ensure all measures of physical, technical and organisational protection of personal data against their accidental or deliberate destruction, accidental loss, modification, unauthorised disclosure, use or access, in accordance with all applicable provisions.

2. OBJECTIVE, LEGAL BASIS FOR THE PROCESSING AND TIME OF PERSONAL DATA PROCESSING
Personal data collected during the filling out the form and placing an order are used:
1. In order to conclude and perform an agreement consisting in the provision of Electronic Services by the Online Store, to perform Product Sales Agreement and to make a delivery to Clients and to ensure proper quality of the Service – for the term of the agreement and settlements following its termination as well as for duration of the statute of limitation period – Article 6 (1) (b) of the GDPR;
2. In order to perform the imposed legal obligations, e.g.: issuing and storing invoices and accounting documents, responding to complaints within a given deadline and in the form provided for in provisions of law – for the time of performance of the obligations and for the duration of document storage required by provisions of the law – Article 6 (1) (c) of the GDPR;
3. In order to establish, defend and pursue claims – for the time of the statute of limitation period for claims resulting under the agreement – Article 9 (2) (f) of the GDPR;
4. For analytical and statistical purposes (own marketing) – for the time required for the Controller’s business needs or until an objection is made – on the basis of the Controller’s legitimate interest, i.e. advertisement of own products – Article 6 (1) (f) of the GDPR;
5. For purposes of the Controller’s legitimate interest, i.e.: monitoring the activity, placing advertisements in accordance with content previously viewed by the User, adjusting category of the offers or particular offers in service settings of external entities on the basis of the User’s activity on the Online Store’s website, conducting marketing activities, including conducting direct marketing of own services and products – for the time required for the Controller’s business needs or until an objection is risen – Article 6 (1) (f) of the GDPR;
6. For the purpose of sending a newsletter – for the time required for the Controller’s business needs – on the basis of the consent expressed for obtaining marketing information in order to provide information about the store, offer and products – Article 6 (1) (a) of the GDPR. In case the consent for processing personal data is given, the content of such consent will specifically determine the objective of personal data processing;
7. In order to save data in cookie files, collect data from websites and mobile applications – on the basis of a given consent – Article 6 (1) (a) of the GDPR. In case the consent for processing personal data is given, the content of such a consent will specifically determine the objective of personal data processing.

3. SCOPE OF PROCESSED PERSONAL DATA
1. In order to perform the agreement, the Controller requires the following personal data: identification data (name, surname, NIP number, license number), contact details (email address, street, place of residence, postal code). If these data are not provided, the order cannot be performed. The scope of the required data is also indicated each time in the Terms and Conditions of the Online Store and before commencing the provision of a given Electronic Service or before concluding the Sales Agreement on the Online Store’s website.
2. In addition, the Controller may also ask for optional data (e.g. contact number). Such data do not affect the conclusion of the agreement, however, they facilitate contact with a Client and thereby impact efficient performance of the order.
3. The Controller may also asked to provide email address if it has your consent to process email address for the purpose of sending a newsletter.
4. Data are processed in accordance with requirements of applicable provisions of law and terms established in the agreement.

4. TRANSFERING THE DATA TO OTHER ENTITIES (DATA RECIPIENTS)
1. Entities processing data on the Controller’s behalf, participating in performance of the order within the scope of delivery, i.e. entities providing courier services, i.e. DHL Express (Poland) Sp. z o.o. with its seat in Warsaw (seat’s address: ul. Osmańska 2, 02-823 Warsaw), number in the Register of Entrepreneurs KRS: 0000047237;
2. The Controller transfers the collected personal data of the Client to the electronic payment service provider only within the scope necessary for the Client to make a payment (only if the electronic payment option has been selected). The Service provider available at the Online Store is: ING Bank Śląski S.A. with its seat in Katowice (address: ul. Sokalska 34, Katowice 40-086), number in the Register of Entrepreneurs KRS: 0000005459 – owner of the “imoje” service.
3. Entities handling our IT systems and providing us with IT tools;
4. Entities providing the Controller with accounting and tax services;
5. Entities providing the Controller with advisory services / legal aid, audit services.
6. The Online store processes your personal data for the following purposes:
a) in order to transfer your personal data to ING Bank Śląski S.A. (“Bank”) in connection with:
a. the Bank providing the Online store with infrastructure for making online payments (legal basis: Article 6 (1)(f) of the GPDR).
b. the Bank handling and settling online payments made by customers of the Online Store with the use of payment instruments
(legal basis: Article 6 (1) (f) of the GPDR).
c. the Bank verifying the proper performance of agreements concluded with the Online Store, in particular to ensure the protection of the payers’ interests in relation to the complaints submitted by payers (legal basis: 
Article 6 (1)(f) of the GPDR.
b) in order to transfer your personal data to Twisto Polska sp. z o.o. in connection with the option of making a payment for the selected goods or services by Twisto Polska sp. z o.o. under a contract of mandate covering the “Buy with Twisto” (“Kup z Twisto”) payment option and making this payment option available at the Online Store, as well as verification of due performance of such contracts of mandate by Twisto Polska Sp. z o.o. (legal basis: Article 6 (1) (f) of the GPDR).
7. In connection with the processing of personal data for the purposes set out in section 6, your personal data may be made available by the Online Store to other recipients or categories of recipients of personal data, which may include:
a) ING Bank Śląski S.A.
b) Twisto Polska sp. z o.o.
8. If you provide your personal data in order to conclude an agreement with the Online Store, providing your personal data is a condition which makes it possible to conclude this Agreement. Providing personal data in this situation is voluntary, however if you decide againt it, it wil ne impossible to conclude an agreement with the Online Store.
If your personal data are provided in order to be transferred to Twisto Polska sp. z o.o. before concluding an agreement on the sale of goods (or services) purchased at the Online Store, the transfer of these data is a necessary condition for the conclusion of a sales agreement in connection with the business model adopted by the Online Store.
In the case your personal data is transferred to the Bank in connection with the handling and settlement of your payments due to the Online Store via the payment instruments, the data must be provided for the payment and the sending of a confirmation of its execution by the Bank for the benefit of the Online Store.
In the case your personal data are transferred to the Bank for the purpose of the Bank’s verification of the proper performance of agreements concluded with the Online Shop, in particular to ensure the protection of the interests of payers in relation to their complaints, the data must be provided in order to enable the performance of the agreement concluded between the Online Store and the Bank.
In the case of a transfer of your personal data to Twisto Polska sp. z o.o. in connection with the option of making a payment for the selected goods or services by Twisto Polska sp. z o.o. under a contract of mandate covering the “Buy with Twisto” (“Kup z Twisto”) payment option and making this payment option available at the Online Store, is a necessary condition for the conclusion of a sales agreement in connection with the business model adopted by the Online

5. COOKIE FILES AND OPERATIONAL DATA – COOKIE FILES POLICY
1. This cookie files policy determines the terms for use of small files, called “cookies”, used by the website available at www.protectedbyjames.com, (hereinafter: the “Website”).
2. The owner of the Website is MC PROJECTS SP. Z O.O. with its seat in Warsaw, address: ul. Ostródzka 245 B lok. 7B (03-289 Warsaw), entered into the Register of Entrepreneurs maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division of the National Court Register, under the KRS no.: 0000660903, NIP no.: 5242820488, REGON (National Business Registry Number): 366445945 (hereinafter: “MC PROJECTS”).
3. Cookie files are IT data, in particular text files, which are stored in the hardware of users visiting the Online Store (e.g. on a computer, phone or other user’s equipment used for connection with the Online Store) and are designed to use the Online Store if the web browser allows it.
Usually a cookie file contains the name of the domain of its origin, time of the storage on the user’s hardware and an individual, randomly selected identification number of the file. The main objective of the cookie files is to facilitate the use of the Website for the user and making it more user-friendly without causing any damage to the computer or other users’ hardware. Information collected with this type of files is stored in order to keep the User’s session on the Website. Such files may improve the Website by making calculations regarding statistics of the use of the Website, they also help in adjusting products offered by MC PROJECTS to the Users’ individual preferences and actual needs, accelerating browsing process, etc. In the event MC PROJECTS obtained the User’s informed consent in advance, it may use cookie files, tags and other similar functionalities to obtain information which allow to place advertisements from the Website as well as from the third parties’ websites or in any other way on the basis of the analysis of the user’s visiting habits.
The stored information or access to that information will not cause changes in the configuration of the User’s IT hardware or in software installed on such equipment.
4. MC PROJECTS uses four types of cookie files on the Website:
a. Session cookies: these files collect information about the User’s activities and they exist only for the time of a given session which starts at the moment of opening the Website and ends with leaving the Website. After a given browser’s session is ended or a computer is shut down, the saved information is deleted from the memory of the User’s hardware. The session cookies mechanism does not allow for downloading any personal data nor any other confidential data from the User’s computer.
b. Persistent cookies: these files are stored in the memory of the User’s terminal equipment and remain there until they are deleted by the user or they expire. The persistent cookies mechanism does not allow for downloading any personal data nor any other confidential data from the User’s computer.
c. Own cookies: placed by MC PROJECTS.
d. External cookies: placed by third parties, approved by MC PROJECTS, including Google Analytics cookies, used for analysis of activities of the Website’s Users for statistical purposes.
5. MC PROJECTS uses own cookie files in order to:
a. authenticate the User on the Website and ensure User’s session on this Website (after logging in), this way the users do not have to insert their login and password on each page;
b. analyse and study as well as audit views and in particular to create anonymous statistics which help understand the way Users use the Website and that allows to improve its structure and content.
6. MC PROJECTS uses external cookie files in order to:
a. popularise the Website through facebook.com, a social media service (controller of external cookies: Facebook Inc with its seat in USA or Facebook Ireland with its seat in Ireland);
b. collect general and anonymous statistical data through Google Analytics tools (controller of the external cookie file: Google Inc. with its seat in USA);
c. enable the assessment of correctness and efficiency of the conducted advertisement activities with the particular use of AdWords and DoubleClick nets (controller of the external cookie file of Google AdWords and Double Click: Google Inc. with its seat in USA), for services such as: remarketing, interest categories, similar recipients, other types of advertisements based on the interests, demographic orientation and location orientation.
7. Cookie files are safe for the computer of the Website’s User and in particular it is impossible for the viruses or other unwanted software or malware to infect Users’ computers through the Website.
8. Cookie files are used on the Website with User’s consent. The consent may be expressed by the User through appropriate software settings, in particular settings of the web browser installed in the equipment used by the User for viewing the Website’s content.
9. Users may at any time withdraw or change the scope of the consent they expressed earlier to use cookie files on the Website and delete all the cookie files from their web browser. Although settings are different for each web browser, cookie files are usually configured in the “Preference” or “Tools” menu. Detailed information on possibilities and ways to handle cookie files are available in software (web browser) settings. In the event this option is enabled, it will be possible to use the Website, apart from functions for which cookie files are indispensable. Limiting the use of cookie files may affect some of the functionalities available on the Website and hinder correct operation of the Website.
10. No information consisting in personal data of the Website’s Users is stored in cookie files. Cookie files are not used to identify the User or to collect or store sensitive personal data.
11. The Online Store may contain links to other websites. MC PROJECTS is not liable for terms of privacy protection applicable on those websites.
12. The cookie files policy may change. MC PROJECTS will inform Users about such changes at least one day in advance.
13. In case of any questions regarding the cookie files policy, please contact us at james@protectedbyjames.com.

6. RIGHTS OF THE DATA SUBJECT
1. The data Controller ensures the following rights within which a data subject may submit a request for:
a. Rectifying (correcting) data which are not correct, in particular because they were collected with mistakes or because they were changed after having been collected. The above-mentioned right includes also completing missing data;
b. Deleting data processed groundlessly or placed on our websites. The above-mentioned right may be exercised only if:
• your data are not necessary for the purposes for which they were collected, in particular if the period for which the Controller planned or was obliged to process personal data lapsed;
• You withdrew your consent which was the legal grounds for the processing of personal data, unless the Controller has other legal grounds for their processing;
• You have objected against the processing and there are no superior, legitimate grounds for processing.
The Controller may refuse a request for deletion of personal data in cases provided in the provisions of law, in particular if continued processing is necessary to perform a legal obligation which requires processing of such data under UE or national provisions of law in order to establish, pursue or defend claims.
c. Limiting the processing (suspend operation on data – in accordance with the submitted request) if:
• You question correctness of the personal data – for the period which allows the Controller to check the correctness of such data;
• The processing is illegal and you object to deleting personal data, demanding instead a limitation of processing of the data (their use);
• the Controller does not need data but you need data to establish, pursue, defend claims.
d. Access to data (information about the data we process and a copy of such data), including obtaining a copy of the personal data subject to processing. The first copy is provided free of charge. For any further copies for which you asked the Controller, a fee in a reasonable amount resulting from the administrative costs (postal charges, photocopies, etc.) can be charged;
e. Transferring data to other data controllers. Therefore, you have the right to obtain your personal data in a structured, commonly used and machine-readable form and you have the right to transfer such data to a different controller;
f. The right to object against data processing if it is carried out on the grounds of the Controller’s legitimate interest. The Controller cannot continue to process data, unless it shows legitimate grounds for processing which are superior to the data subject’s interests, rights and freedoms.
g. The right to withdraw the consent for data processing at any time (if the processing was based on the consent you expressed). However, the withdrawal of the consent does not affect compliance with provisions of law of the processing which was carried out before the withdrawal of the consent.
2. The rights indicated in subs. 1 may be exercised by submitting a request at the Controller’s seat or by calling a number provided in (1) (Information on the Controller). The Controller may ask for additional information which allow for authenticating a person exercising the rights in question. To make sure that you are authorised to submit a request, we may ask you to provide additional information in order to identify you.
3. If it is not necessary for the Controller to use the collected data in order to perform the agreement or comply with a legal obligation or it does not constitute the Controller’s legitimate interest, the Controller may ask for your consent to a specific way of data processing. The consent may be withdrawn at any time (it will not affect the compliance with provisions of law of the processing which was carried out before the withdrawal of the consent).
4. Data subjects have the right to submit a complaint to the President of the Office of Personal Data Protection if they consider that processing of their personal data infringes applicable provisions of law.

7. FINAL PROVISIONS
1. The Online Store may contain links to other websites. The Controller encourages you to read the privacy policy of those websites when visiting them. This privacy policy applies only to this Online Store.
2. The service provider makes the following technical measures available in order to prevent unauthorised people from obtaining and modifying personal data transferred in electronic way:
a. Securing data filing system against an unauthorised access;
b. SLL certificate;
c. Giving access to the account only after providing individual login and password.