Privacy policy

 

 

 

PRIVACY POLICY OF ONLINE SHOP SKLEP.US.EDU.PL

 

TABLE OF CONTENTS:

 

  1. GENERAL PROVISIONS
  2. BASIS FOR DATA PROCESSING
  3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE SHOP
  4. DATA RECIPIENTS IN THE ONLINE SHOP
  5. PROFILING IN THE ONLINE SHOP
  6. RIGHTS OF DATA SUBJECTS
  7. COOKIE FILES IN THE ONLINE SHOP, OPERATIONAL DATA, AND ANALYTICS
  8. FINAL PROVISIONS

 

  1. GENERAL PROVISIONS

 

1.1. The following Online Shop privacy policy is informative in nature, which means that it is not a source of obligations for Service Users or Customers of the Online Shop. This privacy policy lays down in particular the rules governing the processing of personal data by the Controller in the Online Shop, including the basis, purpse and scope of personal data processing and the rights of data subjects, as well as information on the use of cookie files and analytical tools in the Internet Shop.

1.2. The Controller of personal data collected via the Online Shop is SPIN-US SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ having its seat in Katowice (address of the seat and address for service: Bankowa 12, room 147, 40-007 Katowice), entered in the Register of Businesses conducted by the National Court Register under the KRS number 0000528989; corporate records are kept by the District Court for Katowice-Wschód in Katowice, VIII Economic Division of the National Court Register; initial capital: 396.100,00 PLN, NIP (Taxpayer Identification Number) 9542751204, REGON (National Business Registry Number) 360000248, email: sklep@us.edu.pl, telephone number: 511 148 390 – hereinafter referred to as the "Controller" and simultaneously fulfilling the role of the Online Shop Service Provider and Seller.

1.3. The personal data are processed in the Online Shop in accordance with applicable laws, and in particular with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the "GDPR" or the "GDPR Regulation". The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

1.4. Using the Online Shop, including shopping, is voluntary. Similarly voluntary is the submission of personal data by the Service User or Customer subject to two exceptions: (1) conclusion of agreements with the Controller – failure to provide the personal data necessary for the conclusion and performance of the Sales Agreement or an agreement for the provision of an Electronic Service with the Controller in the cases and within the scope indicated on the website of the Online Shop and this Privacy Policy shall result in no possibility to enter into the agreement. Providing personal data is a contractual requirement in such a case and if the data subject intends to enter into an agreement with the Controller, they shall be obligated to provide the required data. The scope of the data required to enter into the contract is each time specified in advance on the Online Shop's website and in the Terms and Conditions of the Online Shop; (2) statutory obligations of the Controller – submitting the personal data is a statutory requirement resulting from the commonly binding legal regulations obligating the Controller to process personal data (e.g. processing data for fiscal books and ledgers) and failure to provide the data will render it impossible for the Controller to perform such obligations.

1.5. The Controller exercises particular care in order to protect the interests of persons being data subjects, in particuar ensures that the data collected are: (1) processed in accordance with the law; (2) collected for specified, lawful purposes and not subjected to further processing inconsistent with those purposes; (3) correct as regards their subject matter and adequate as regards the purpose of the processing; (4) stored in a form which allows the identification of persons they apply to, for no longer than is required to attain the purpose of data processing, and (5) processed in a manner ensuring security of the personal data, including the protection against illicit or illegal processing or accidental loss, damage or destruction, with the use of appropriate technical and organisational measures.

1.6. Taking into account the nature, scope, context, and purpose of processing as well as the risk of breaching the rights or freedoms of natural persons with varied likelihood and degree of threat, the Controller is implementing appropriate technical and organisational measures so that the processing takes place pursuant to the Regulation and it is possible to show it. The measures are reviewed and updated, as necessary. The Controller employs technical measures preventing the acquisition and modification of personal data sent electronically by unauthorised persons.

1.7. Any words, phrases and acronyms used in this privacy policy starting with a capital letter (e.g. Seller, Online Shop, Electronic Service) shall be understood in accordance with the definition contained in the Terms and Conditions of the Online Shop available on the websites of the Online Shop.

 

  1. BASIS FOR DATA PROCESSING

 

2.1. The Controller is authorised to process the personal data in cases, and to the extent, when at least one of the following conditions is met: (1) the data subject consented to the processing of their data to one or more specified ends; (2) processing is necessary for performance of the agreement the data subject is a party to, or to take actions to the request of the data subject, prior to contract conclusion; (3) processing is necessary to fulfill the legal obligation of the Controller; or (4) processing is necessary for needs resulting from legally justified interests of the Controller or third party, except for situations when the interests or basic rights and freedoms of the data subject override such interests and they require personal data protection, especially when the data subject is a child.

2.2. The processing of personal data by the Controller each time requires having at least one basis indicated in point 2.1 of this privacy policy. Specific bases for processing personal data of the Service Users and the Customers of the Online Shop by the Controller are specified in the following point of the privacy policy – as regards the specific goal of personal data processing by the Controller.

 

  1. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE SHOP

 

3.1. Each time, the purpose, basis, period and scope as well as the recipients of personal data processed by the Controller result from actions undertaken by a given Service User or Customer in the Online Shop. For example, in the case the Customer decides to purchase a product in the Online Shop and decides on personal collection of the purchased Product personally instead of shipment, their personal data will be processed in order to conclude and perform a Sales Agreement, but they will not be further disclosed to the carrier delivering the shipment on behalf of the Controller.

3.2. The Controller may process the personal data in the Online Shop for the purposes, on the bases, within the periods and scope as follows:

Purpose of data processing

Legal basis for processing and the period of data storage

Scope of data processing

Performance of a Sales Agreement or an agreement for the provision of an Electronic Service, or taking actions to the request of the data subject, prior to entering into the above agreements

Article 6, par. 1, point b) of the GDPR Regulation (contract performance)

The data shall be stored for the period necessary for the performance, termination or expiry of an agreement entered into in a different manner.

Maximum scope: name and surname; email address; phone number; delivery address (street, flat number, office number, zip code, town, country), address of residence/running a business/registered office, if different than the delivery address).

In the case of Service Users or Customers who are not consumers, the Controller may also process the company name and NIP (Taxpayer Identification) number of the Service User or Customer.

The above constitutes the maximum scope – in the case of e.g. personal collection of a product, it is not necessary to provide the delivery address.

Direct Marketing

Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the controller)

The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by provisions of the law, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity is three years, and for a Sales Agreement two years).

The Controller may not process the data for direct marketing purposes if the data subject has exlicitly objected to this.

Email address

Marketing

Article 6, par. 1, point a) of the GDPR Regulation (consent)

The data are stored until the data subject withdraws their consent to further process their data to that end.

Name, email address

The Customer expressing opinion on the concluded Sales Agreement

Article 6, par. 1, point a) of the GDPR Regulation

Email address

Keeping tax books

Article 6, par. 1, point c) of the GDPR Regulation in relation with Article 86 §1 of Tax Ordinance Act, consolidated text of 30 January 2018 (Journal of Laws of 2018, item 395)

The data shall be stored for the legally required period, obliging the Controller to store tax books

(5 years from the beginning of the year following the fiscal year the data concern).

Name and surname: address of residence/running a business/registered office (if other than the delivery address), business name and NIP (Taxpayer Identification) number of the Service User or Customer.

Determining, pursuing or defence of claims on the side of the Controller, or ones that may arise as regards the Controller.

Article 6, par. 1, point f) of the GDPR Regulation

The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity amounts is three years, and for a Sales Agreement two years).

Name and surname; phone number; email address; delivery address (street, flat number, office number, zip code, town, country), address of residence/running a business/registered office (if different than the delivery address).

In the case of Service Users or Customers who are not consumers, the Controller may also process the company name and NIP (Taxpayer Identification) number of the Service User or the Customer.

 

  1. DATA RECIPIENTS IN THE ONLINE SHOP

 

4.1. In order to ensure proper functioning of the Online Shop, incluing proper performance of Sales Agreements concluded, it is necessary for the Controller to make use of external companies' services (e.g. software provider, carrier, or payment system provider). The Controller uses solely the services of such processing entities which ensure sufficient guarantee to implement appropriate technical and organisational measures so that the processing meets the requirements set out in the GDPR Regulation and protects the rights of data subjects.

4.2. Data is not transferred by the Controller in every case and not to all recipients or categories of recipients specified in this privary policy – the Controller provides the data only when it is ncessary to attain a given purpose of personal data processing and solely within the necessary scope. For example, when the Customer selects to personally collect an item, their data will not be disclosed to the carrier cooperating with the Controller.

4.3. Personal data of the Internet Shop's Service Users or Customers may be provided to the following recipients or categories of recipients:

4.3.1. carriers/forwarders/couriers – in the case of a Customer who chooses to have a Product delivered by post or courier, the Controller makes the collected personal data of the Customer available to the selected carrier, forwarder or agent carrying out the shipment for the Controller to the extent necessary to deliver the Product to the Customer.

4.3.2. payment system providers managing electronic or pay card payments – in the case of a Customer who selects electronic payment or pay card payment to pay for a Product, the Controller makes the collected personal data of the Customer available to the selecter provider operating to their order in the Online Shop within a scope necessary to operate the payment made by the Customer.

4.3.3. opinion poll system providers – in the case of a Customer who consented to express their opinion on the Sales Agreement concluded, the Controller makes the collected personal data of the Customer available to the selected entity providing the system of opinion polls on Sales Agreements concluded via the Online Shop to the order of the Controller within a scope necessary for the Customer to present their opinion through an opinion poll system.

4.3.4. service providers providing technical, IT or organisational solutions for the Controller, making it possible for the Controller to conduct business acvitity, including the Online Shop and Electronic Services provided via it (in particular computer software providers for the Online Shop, email providers and hosting providers as well as providers of software for company management and technical assistance for the Controller) – the Controller makes the collected personal data of the Customer available to the selected provider operating to their order only in the case and to the extent necessary to attain a given purpose of data processing in accordance with this privacy policy.

4.3.5. accounting, legal and counselling services providers rendering accounting, legal or counselling services for the Controller (in particular an accounting agency, law firm, or debt collection company) – the Controller makes the collected personal data of the Customer available to the selected provider operating to their order only in the case and to the extent necessary to attain a given purpose of data processing in accordance with this privacy policy.

 

  1. PROFILING IN THE ONLINE SHOP

 

5.1. The GDPR Regulation obligates the Controller to inform about the automated decision-making process, including profiling referred to in Article 22, par. 1 and 4 of the GDPR Regulation, and – at least in those cases –  the vital information concerning the decision-making process as well as the meaning and foreseeable consequences of processing for the person being the data subject. Bearing in mind the above, the Controller specifies in this section of the privacy policy information concerning the possible profiling.

5.2. The Controller may use profiling in the Online Shop for direct marketing purposes, but the decisions made by the Controller on its basis do not concern the conclusion or rejection to conclude a Sales Agreement, or the possibility to make use of Electronic Services in the Online Shop. The result of profiling in the Online Shop may be e.g. a discount for a given person, sending a discount code, reminding about an unfinished purchase process, sending Product offers that may be reflect the interests or preferences of the person, or offering better conditions as compared with the standard offer of the Online Shop. Regardless of profiling, the person makes decisions freely, whether they want to use the discount or better conditions and buy a product in the Online Shop.

5.3. Profiling in the Online Shop consists in automatic analysis or forecast of the conduct of a given person on the Online Shop's website, e.g. by adding a specific Product to the cart, browsing the page of a specific product in the Online Shop, or analysis of the history of purchase in the Online Shop. The condition for such profiling is for the Controller to have the personal data of the person, so that they can later send them e.g. a discount code.

5.4. The data subject shall have the right not to depend on the decision which is only based on automated processing, including profiling, and has some legal effects on the person or similarly affects them.

 

  1. RIGHTS OF DATA SUBJECTS

 

6.1. The right to access, rectify, restrict, erase or transmit – the data subject shall have the right to demand from the Controller to have access to their personal data, rectify, erase (“the right to be forgotten”) or restrict the processing, and shall have the right to object to the processing and transmit their data. Detailed conditions of the above rights are laid down in Articles 15­21 of the GDPR Regulation.

6.2. The right to withdraw consent at any time – the person whose data are being processed by the Controller on the basis of the consent given (pursuant to Article 6, par. 1, point a) or Article 9, par. 2, point a) of the GDPR Regulation) shall have the right to withdraw their consent at any time without any impact on the compatibility with the right to process made based on the consent prior to the withdrawal.

6.3. The right to file a complaint with a supervisory body – the person whose data are being processed by the Controller shall have the right to lodge a complaint with a supervisory body in a manner and mode specified in the provisions of the GDPR Regulation and the Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland shall be the President of the Office for Personal Data Protection.

6.4. The right to object – the data subject shall have the right, at any time, to lodge a complaint – for reasons related to their particular situation – as regards the processing of their personal data based on Article 6, par.  1, point e) (public interest or official authority) or f) (legitimate interest of the controller) in the case of profiling based on the provisions. The Controller in such a case must stop processing the personal data, unless they demonstrate the existence of legally significant and justified bases for the processing, overriding the interests, rights and freedoms of the data subject, or the bases for determining, pursuing or defending the claims.

6.5. The right to object as regards direct marketing – where the personal data are processed for the needs of direct marketing, the data subject shall have the right, at any time, to lodge a complaint as regards the processing of their personal data for the needs of such marketing, including profiling, to the extent to which the processing is related to direct marketing.

6.6. To perform the rights mentioned in this point of the privacy policy, one may contact the Controller by sending them an appropriate message in writing or via e-mail to the address of the Controller presented at the beginning of the privacy policy or using the contact form available on the Online Shop’s website.

 

  1. COOKIE FILES IN THE ONLINE SHOP, OPERATIONAL DATA, AND ANALYTICS

 

7.1. Cookie files (Cookies) are small pieces of text information in the form of text files, sent by a server and recorded by the User visiting the Online Shop’s website (e.g the computer’s, or laptop’s hard drive, or a smartphone memory card – depending on which device is used when visiting the Online Shop). Detailed information on Cookies, as well as the history of their creation can be found, among other places, here: https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. The Controller can process the data contained in Cookie files during the visitors’ use of the Online Shop’s website for the following purposes:

7.2.1. identification of Service Users as logged in to the Online Shop and showing that they are logged in

7.2.2. saving Products added to the cart to place an order;

7.2.3. saving data from the Order Forms, polls or logging data to the Online Shop;

7.2.4. adjusting the Online Shop’s contents to the Service User’s individual preferences (e.g. regarding colours, fonts, website layout), and optimizing the use of the Online Shop;

7.2.5. preparing anonymous statistics presenting the way the Online Shop is used;

7.2.6. remarketing, namely evaluating the conduct of visitors of the Online Shop through anonymous analyses of their activities (e.g. repeated visits on particular pages, key words etc.) to create their profile and provide them with adverts matching their interests, also when they visit other websites in the advertising network of Google Inc. and Facebook Ireland Ltd.;

7.3. As a standard, most Internet browsers by default accept the saving of Cookie files. Every user has the possibility to specify the conditions of Cookie file use via the Internet browser’s settings. This means that it is possible to partially (e.g. temporarily) restrict or completely disable the saving of Cookie files on the User’s computer – in the latter case, however, it may influence specific functionalities of the Online Shop (for example, it may become impossible to complete the Order via the Order Form due to the fact that Products are not saved in the cart during subsequent steps of placing the Order).

7.4. The Internet browser setting in terms of Cookie files are significant from the point of view of consent to use Cookie files by our Online Shop – in accordance with the regulations, such consent may also be expressed through adjusting the Internet browser settings. If a User does not express such consent, they are asked to change the Cookie settings in their Internet browser.

7.5. Detailed information regarding changing Cookie file settings and individual removal of them in the most popular Internet browsers are available in the Internet browser’s help section and at the following websites (please click the appropriate link):

Chrome broswer

Firefox browser

Internet Explorer browser

Opera browser

Safari browser

Microsoft Edge browser

7.6. The Controller may use Google Analytics and Universal Analytics services in the Website, which are provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). The services help the Adinistrator to analyse the frequency of visits in the Online Shop. The data collected are processed under the above services in an anonymous manner (the so-called operational data, which make it impossible to identify a person) to generate statistics helpful while administering the Online Shop. The data are of collective and anonymous nature, i.e. they do not contain any identifying features (personal data) of the visitors of the Online Shop. Using the above services in the Online Shop, the Controller collects such data as the sources and medium of acquiring visitors of the Online Shop and the manner of their conduct on the website of the Online Shop, information concerning their devices and browsers used to visit the website, IP and domain, geographical data and demographic data (age, sex) and interests.

7.7. It is possible to easily block sharing information with Google Analytics as regards the activity on the website of the Onlie Shop – install to that end an opt-out add-on made available by Google Inc. available at: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.8. The Controller may use Pixel Facebook services which are provided by Facebook Ireland (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The services help the Controller to measure the effectiveness of advertisements and learn what steps visitors to the online shop are taking, and  display suitable adversitements to these persons. Detailed infrmation on how Pixel Facebook works is available at: 

https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.9. The operation of Pixel Facebook can be managed through ad settings on each individuals's Facebook account at:

 https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

 

  1. FINAL PROVISIONS

 

The Online Shop may contain links to other websites. The Controller encourages that at the time of being transferred to other websites, the User become familiar with their respective privacy policy. This privacy policy shall apply only to the Controller's Online Shop.

 

up
Shop is in view mode
View full version of the site
Sklep internetowy Shoper.pl