Privacy and Cookies Policy

DEFINITIONS

Administrator – the entity listed in the Terms and Conditions;

Personal Data – all information about an identified or identifiable natural person through one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural, or social identity, including the device’s IP, location data, internet identifier, and information collected through cookies and other similar technologies;

Policy – this Privacy Policy;

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

User – an adult natural person using the Service with full legal capacity, as well as a minor or a person without full legal capacity to act, with the consent of a legal representative;

PURPOSES OF DATA PROCESSING

Data, including Users’ personal data, are collected and processed for the purpose of:

  • Using the Service;
  • Placing and fulfilling Orders;
  • Conducting marketing activities, including contextual advertising and behavioral advertising;
  • Direct marketing, if the User has consented to it.

Personal data of all persons using the Service (including IP address and information collected through cookies or other similar technologies) are processed by the Administrator:

  • for providing electronic services on behalf of the User through the Service (Art. 6(1)(b) GDPR);
  • for handling orders placed in the Service, including transferring data to the Seller (Art. 6(1)(b) GDPR);
  • for handling complaints by the Seller (Art. 6(1)(b) GDPR);
  • for analytical and statistical purposes (Art. 6(1)(f) GDPR);
  • for contextual marketing purposes (Art. 6(1)(f) GDPR);
  • for technical purposes (Art. 6(1)(f) GDPR).

Placing an order by the User of the Service involves processing their personal data. Providing data marked as mandatory is required to accept and handle the order. Placing an order by the User means that the User’s personal data necessary for fulfilling the order will be shared with the Seller to execute the agreement. Personal data are processed:

  • for fulfilling the placed order (Art. 6(1)(b) GDPR);
  • for fulfilling statutory obligations incumbent on the Administrator and the Seller (Art. 6(1)(c) GDPR);
  • for analytical and statistical purposes (Art. 6(1)(f) GDPR);
  • for claim enforcement purposes (Art. 6(1)(f) GDPR);
  • for satisfaction surveys (Art. 6(1)(f) GDPR).

The Administrator processes Users’ personal data to perform marketing activities, which may include:

  • displaying marketing content to the User that is not tailored to their preferences (Art. 6(1)(f) GDPR);
  • sending email or SMS notifications about offers or content that in some cases contain commercial information, within the scope of granted consent (Art. 6(1)(f) GDPR).

COOKIES

Cookies are small text files installed on the User’s device when accessing the Service. Cookies collect information that facilitates the use of the website – for example, by remembering the User’s visits to the Service and the actions they perform.

The Administrator uses so-called service cookies primarily to provide the User with electronic services and to improve the quality of these services. Consequently, the Administrator and other entities providing analytical and statistical services on its behalf use cookies, storing information or accessing information already stored on the User’s telecommunications device (computer, phone, tablet, etc.). The cookies used for this purpose include:

  • cookies with data entered by the User (session identifier) for the duration of the session (user input cookies);
  • authentication cookies used for services requiring authentication for the duration of the session;
  • cookies used to ensure security, e.g., used to detect authentication abuses (user-centric security cookies);
  • session cookies from multimedia players (e.g., Flash player cookies) for the duration of the session (multimedia player session cookies);
  • cookies used to monitor traffic on the website.

The Administrator also uses cookies for marketing purposes. For this purpose, the Administrator stores information or accesses information already stored on the User’s telecommunications device (computer, phone, tablet, etc.). The use of cookies and the personal data collected through them for marketing purposes, particularly for promoting third-party services and goods, requires obtaining the User’s consent. This consent can be given through appropriate browser configuration and can be withdrawn at any time, especially by clearing the cookie history and disabling cookie support in the browser settings.

DATA PROCESSING PERIOD

Data are processed for the duration of providing the service or fulfilling the order, until the consent given is withdrawn or an effective objection to data processing is submitted in cases where the legal basis for data processing is the Administrator’s legitimate interest.

The data processing period may be extended if processing is necessary to establish and pursue possible claims or defend against them, and after that period only to the extent required by law. After the data processing period expires, data are irreversibly deleted or anonymized.

USER RIGHTS

  • Right to information about data processing – based on this, the person submitting such a request is provided by the Administrator with information about data processing, including primarily the purposes and legal bases for processing, the scope of data held, the entities to whom personal data are disclosed, and the planned data deletion period.
  • Right to obtain a copy of data – based on this, the Administrator provides a copy of the processed data concerning the person submitting the request.
  • Right to rectification – based on this, the Administrator corrects any discrepancies or errors in the processed personal data and supplements or updates them if they are incomplete or have changed.
  • Right to erasure of data – based on this, you can request the deletion of data that is no longer necessary for any of the purposes for which they were collected.
  • Right to restrict processing – based on this, the Administrator ceases operations on personal data, except for operations to which the person concerned has consented or for storage according to retention policies, or until the reasons for restricting data processing (e.g., a supervisory authority’s decision allowing further data processing) expire.
  • Right to data portability – based on this, to the extent that data are processed in connection with a concluded agreement or consent, the Administrator issues the data provided by the person concerned in a format allowing them to be read by a computer. It is also possible to request the transfer of this data to another entity, provided that technical possibilities exist on both the Administrator’s and the other entity’s sides.
  • Right to object to data processing for marketing purposes – the person concerned can object at any time to the processing of personal data for marketing purposes.
  • Right to object to data processing for satisfaction surveys – the person concerned can object at any time to the processing of personal data for satisfaction surveys.
  • Right to object to data processing for other purposes – the person concerned can object at any time to the processing of personal data based on the Administrator’s legitimate interest (e.g., for analytical or statistical purposes or for property protection reasons). Such an objection should include a justification and is subject to the Administrator’s assessment.
  • Right to withdraw consent – if data are processed based on consent, the person concerned has the right to withdraw it at any time, which does not affect the lawfulness of processing carried out before the withdrawal.

The request for the exercise of rights should be submitted to the Administrator’s address indicated in the Terms and Conditions.

DATA TRANSFER AND SECURITY

For the purposes described above, personal data may be disclosed to external entities, including in particular providers such as banks and payment operators, entities providing accounting, legal, transportation, marketing services, and entities affiliated with the Administrator. In the case of placing an order, the User’s data will be disclosed to the Seller to conclude and execute the sales agreement.

Users’ personal data are not transferred outside the EEA.

The Administrator continuously conducts a risk analysis to ensure that personal data are processed securely – primarily ensuring that only authorized persons have access to the data and only to the extent necessary for their tasks. The Administrator ensures that all operations on personal data are recorded and carried out only by authorized employees and collaborators.

The Administrator takes all necessary actions to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.

FINAL PROVISIONS

The Administrator reserves the right to change this Policy.

Subject to universally applicable legal provisions, the governing law for this Policy is the law of the Administrator’s registered office.