Privacy Policy
CONTENTS:
- GENERAL PROVISIONS
- DATA PROCESSING BASIS
- PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
- RECIPIENTS OF DATA IN THE ONLINE STORE
- ONLINE STORE PROFILING
- RIGHTS OF THE DATA SUBJECT
- ONLINE STORE COOKIES, USAGE DATA AND ANALYSTS
- FINAL PROVISIONS
GENERAL PROVISION
- This Privacy Policy of the Online Store is for information purposes only, which means that it is not a source of obligations for the Recipients of the service or Customer of the Online Store. The Privacy Policy primarily contains rules concerning the processing of personal data by the Administrator in the Online Store, including the basis, purposes and scope of personal data processing and the rights of the data subjects, as well as information concerning the use of cookies and analytical tools in the Online Store.
- The administrator of personal data collected through the Online Store are the partners conducting joint business activity on the basis of LOU Limited Liability Company 5 Usługowa St., 64-100 Leszno District Court Poznań-New Town and Wilda in Poznań Share capital: PLN 100,000.00 KRS: 0001039749, NIP: 6972311618, REGON: 302689485 - hereinafter referred to as the "Administrator" and being at the same time the Online Store Service Provider and the Seller.
- Personal data in the Online Store are processed by the Administrator in accordance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereafter referred to as the "GDPR" or "GDPR Regulation". The official text of the TRADE Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
- The use of the Online Shop, including making purchases, is voluntary. Similarly, the provision of personal data by the user of the Online Store to the Recipient or the Customer is voluntary, subject to two exceptions: (1) entering into agreements with the Administrator - failure to provide, in the cases and to the extent indicated on the website of the Online Store and in the Terms and Conditions of the Online Store and this Privacy Policy, personal data necessary to conclude and perform a Sales Agreement or an agreement for the provision of the Electronic Service with the Administrator shall result in the impossibility of concluding such an agreement. Providing personal data in such a case is a contractual requirement and if the data subject wishes to conclude a given agreement with the Admin, he/she is obliged to provide the required data. Each time the scope of data required to conclude an agreement is indicated in advance on the website of the Online store and in the Terms and Conditions of the Online Store; (2) Statutory obligations of the Administrator - providing personal data is a statutory requirement resulting from generally applicable legal regulations imposing on the Administrator the obligation to process personal data (e.g. data processing for the purpose of keeping tax or accounting books) and failure to provide such data shall prevent the Administrator from performing these obligations.
- The administrator shall take particular care to protect the interests of the persons whose personal data it processes, and in particular shall be responsible for and ensure that the data it collects are accurate: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes; (3) substantially accurate and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purpose of the processing and (5) processed in a way which ensures adequate security of personal data, including the protection against unlawful or incompatible processing and accidental loss, destruction or damage, by appropriate technical or organisational measures.
- Having regard to the nature, scope, context and purposes of the processing, and the risk of infringement of the rights or freedoms of natural persons with different degrees of likelihood and seriousness, the controller shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to demonstrate this. Those measures shall be reviewed and updated as necessary. The controller shall implement technical measures to prevent the acquisition and modification by unauthorized persons of personal data transmitted electronically.
- All words, expressions and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) shall be understood in accordance with their definition in the Online Store Terms and Conditions available on the Online Store's websites.
DATA PROCESSING BASIS
- The administrator is entitled to process personal data in cases where and to the extent that at least one of the following conditions is met: (1) the data subject has consented to the processing of his/her personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or to take action at the request of the data subject before the conclusion of the contract; (3) processing is necessary for the fulfilment of a legal obligation incumbent on the Administrator; or (4) processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data, in particular where the data subject is a child, take precedence over these interests.
- Processing of personal data by the Administrator requires each time at least one of the grounds indicated in point 1.1. 2.1 of the privacy policy. Specific grounds for the processing of personal data of the Customers and Customers of the On-line store by the Administrator are indicated in the next section of the Privacy Policy - in relation to a given purpose of personal data processing by the Administrator.
PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
- Each time the purpose, basis, period and scope and recipients of personal data processed by the Administrator result from actions taken by a given Service Recipient or Customer in the Online Store. For example, if the Customer decides to make purchases in the Online Store and chooses to collect the purchased Product in person instead of by courier, his/her personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier carrying out shipments on the Administrator's order.
- The Administrator may process personal data in the Online Store for the following purposes, on the following grounds, during periods and to the following extent:
- Purpose of data processing |
- Legal basis for processing and storage period - Article 6(1)(b) of the GDPR Regulation (implementation of the Agreement) - The data is stored for the period necessary to perform, terminate or otherwise terminate the agreement. |
- Scope of data processing |
- Performing a Sales Agreement or an Electronic Service Agreement or taking action at the request of the data subject before concluding the aforementiod agreements |
|
- Maximum range: first and last name; e-mail address; contact telephone number; delivery address (street, house number, property number, postcode, town, country), residence/business address/seat (if different from delivery address). |
Direct maketing |
|
|
MARKETING |
|
Imię, adres poczty elektronicznej |
Bookkeeping |
|
First and last name; address of residence/business/seat (if different from the delivery address), company name and tax identification number (tax number) of the Recipient or Customer |
Determining, investigating or defending claims that may be raised by the Administrator or that may be raised against the Administrator |
|
- First and last name; contact telephone number; e-mail address; delivery address (street, house number, property number, postcode, town, country), address of residence/business/seat (if different from delivery address). -In the case of Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number of the Recipient or Customer. |
RECIPIENTS OF DATA IN THE ONLINE STORE
- For the proper functioning of the Online Store, including the performance of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as a software provider, courier or payment service provider). The Administrator uses only the services of such processing entities, which provide sufficient guarantees of implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.
- Data transfer by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Administrator transfers data only if it is necessary for the realization of a given purpose of personal data processing and only to the extent necessary for its realization. For example, if the Customer uses personal collection, his/her data shall not be transferred to the carrier cooperating with the Administrator.
- Personal data of the Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
- carriers / freight forwarders / courier brokers - in the case of a Customer who uses the Online Store's method of delivery of the Product by mail or courier, the Administrator shall make the collected personal data of the Customer available to a selected carrier, freight forwarder or intermediary carrying out shipments on the Administrator's order to the extent necessary to deliver the Product to the Customer.
- entities handling electronic payments or payment cards - in the case of a Customer who uses the method of electronic payment or payment card in the Online Store, the Administrator makes the collected personal data of the Customer available to a selected entity handling the above payments in the Online Store on the Administrator's order to the extent necessary to handle the payment made by the Customer.
- Lenders / lessors - in the case of a Customer who uses in the Online Store the method of payment in installment or leasing payment system. The Administrator makes available the collected personal data of the Client to a selected lender or lessor handling the above payments in the Online Store on the Administrator's order to the extent necessary to handle the payment made by the Customer.
- service providers supplying the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct business activity, including the Online Store and the Electronic Services provided through it (in particular, computer software providers for running the Online Store, e-mail and hosting providers, as well as software providers for managing the company and providing technical assistance to the Administrator) - the Administrator shall make the collected Customer's personal data available to a selected provider acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
- providers of accounting, legal and advisory services providing the Administrator with accounting, legal or advisory support (in particular, an accounting office, a law firm or a debt collection company) - the Administrator makes the collected Customer's personal data available to a selected provider acting on his behalf only in the case and to the extent necessary to accomplish a given purpose of data processing in accordance with this privacy policy.
ONLINE STORE PROFILING
- The GDPR Regulation imposes an obligation on the controller to inform about automated decision making, including profiling referred to in Article 22 paragraph 1 and 4 of the GDPR Regulation, and - at least in these cases - relevant information about the rules of making such decisions, as well as about the significance and expected consequences of such processing for the data subject. With this in mind, the Administrator provides in this point of the privacy policy information on possible profiling.
- The Administrator may use profiling in the Internet Store for direct marketing purposes, but the decisions taken by the Administrator on its basis shall not concern the conclusion or refusal to conclude a Sales Agreement or the possibility to use Electronic Services in Online Store. The effect of using profiling in the Online Store may be, for example, granting a discount to a given person, sending him/her a discount code, a reminder of unfinished purchases, sending a product proposal that may correspond to the person's interests or preferences or offering better conditions compared to the standard offer of the Online Store. Despite profiling, it is up to the person to decide whether they want to take advantage of the resulting discount or better conditions and make a purchase in the Online Store.
- Profiling in the Online Store consists in automatic analysis or forecast of a person's behavior on the Online Store’s website, e.g. by adding a particular Product to the basket, browsing the website of a particular Product in the Online Store or by analyzing the history of purchases made in the Online Store. The condition for such profiling is that the Administrator has personal data of the person in question in order to be able to send them e.g. a discount code.
- The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects on the person or in a similar way significantly affects him/her.
RIGHTS OF THE PERSON CONCERNED
- Right of access, rectification, restriction, deletion or transfer - the data subject has the right to demand from the Administrator access, rectification, deletion ("right to be forgotten") or restriction of the processing and has the right to object to the processing and to transfer his data. Detailed conditions for exercising the aforementioned rights are set out in Articles 15-21 of the GDPR Regulation.
- The right to withdraw consent at any time - a person whose data are processed by the controller on the basis of his/her consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation), is entitled to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
- The right to object - the data subject has the right to object at any time - for reasons related to his/her particular situation - to the processing of personal data concerning him/her based on art. 6 paragraph 1 point e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. The administrator shall in such a case no longer process the personal data unless it demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims.
- The right to lodge a complaint to the supervisory authority - a person whose data are processed by the controller has the right to lodge a complaint to the supervisory authority in the manner and manner specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on Personal Data Protection. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
- Right to object - the data subject has the right to object at any time, on grounds relating to his particular situation, to the processing of personal data concerning him based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under those provisions. The administrator shall in such a case no longer process the personal data unless it demonstrates that there are compelling legitimate grounds for processing overriding the interests, rights and freedoms of the data subject or grounds for establishing, pursuing or defending claims.
- Right to object to the processing of personal data concerning him/her for the purposes of direct marketing - where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him/her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing
- In order to exercise the rights referred to in this section of the Privacy Policy, the Administrator may be contacted by sending an appropriate message in writing or by e-mail to the Administrator's address indicated at the beginning of the Privacy Policy or by using the contact form available on the Online Store's website.
ONLINE STORE COOKIES, USAGE DATA AND ANALYSTS
- Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website of the Internet Shop (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on which device the visitor to our Online Store uses). Detailed information about Cookies, as well as the history of their creation can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.
- The Administrator may process the data contained in the Cookies files when visitors use the website of the Internet Store for the following purposes:
- Identification of Recipients as logged in to the Online Store and showing that they are logged in;
- remembering the Products added to the basket in order to place an Order;
- remembering data from completed Order Forms, questionnaires or login data to the Online Store;
- adjusting the content of the Online Store's website to the Customer's individual preferences (e.g. concerning colors, font size, page layout) and optimizing the use of the Online Store's pages;
- keeping anonymous statistics showing how the Online Store's website is used;
- Remarketing, i.e. researching the behavioral characteristics of the visitors to the Online Store through an anonymous analysis of their actions (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit other websites in the advertising network of Google Inc. and Facebook Ireland Ltd;
- As a standard, most web browsers on the market accept cookies by default. Everyone has the ability to determine the Terms and Conditions of use of cookies using their own web browser settings. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility of saving cookies - in the latter case, however, it may affect some of the functionality of the Online Store (for example, it may not be possible to cross the Order path through the Order Form due to the fact that the Products are not saved in the shopping cart during the subsequent steps of placing an Order).
- The settings of your web browser regarding cookies are important from the point of view of your consent to the use of cookies by our Online Store - according to the regulations such consent may also be given by the settings of your web browser. In the absence of such consent, the settings of your web browser should be changed accordingly.
- Detailed information on changing the settings for cookies and their independent deletion in the most popular web browsers are available in the help section of your web browser and on the following pages (just click on the link):
- in the Chrome browser
- in a Firefox browser
- in Internet Explorer
- in the Opera browser
- in the Safari browser
- in the Microsoft Edge browser
- The Administrator may use Google Analytics, Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These services help the Administrator to analyze traffic in the Online Store. The collected data are processed within the framework of the above services in an anonymized manner (so-called exploitative data, which makes it impossible to identify a person) to generate statistics helpful in administering the Online Store. These data are of an aggregate and anonymous nature, i.e. they do not contain identification features (personal data) of the persons visiting the website of the Online Store. The Administrator using the above services in the Online Store collects such data as sources and means of obtaining visitors to the Online Store and the manner of their behavior on the website of the Online Store, information on the devices and browsers from which they visit the site, IP and domain, geographical data and demographic data (age, gender) and interests.
- It is possible for an individual to easily block the provision of Google Analytics information about his or her activity on the Online Store's website - for this purpose you can install the browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
- The Administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator to measure the effectiveness of ads and to find out what actions are taken by visitors to the Online Store, as well as to display matching ads to these people. Detailed information about the operation of Facebook Pixel can be found at the following web address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
- Management of the Facebook Pixel's operation is possible by setting ads in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
- We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
FINAL PROVISIONS
- The Online Store may contain links to other websites. The Administrator encourages you to read the privacy policy set out there when you go to other sites. This privacy policy applies only to the Administrator's Online Store.