Personal data processing policy.
Effective as of May 1, 2020
Personal Data Collection
We may collect several different types of your personal data for e-commerce purposes mentioned below in order to provide and improve our Service to you.
While using our Online Shop, ordering our products and contacting us with questions regarding our products, we may ask you to provide us with certain personal data that can be used to contact or identify you. Such personal data may include:
- contact information (such as name, surname, email address, shipping address, postal code, telephone number)
- user generated content related to product reviews, comments, questions and answers
- payment information, such as name, billing address, account number, and payment card details (including card number, expiration date and security code) for payments processed by us. To the extent any payments are processed by any other third parties, then the privacy policies of those parties shall govern such information
- order history, including information about products purchased or viewed on the Online Shop
- IP address, device, operating system, and browser information that we detect
- information generated by cookies used in our website, if your prior consent is received
Personal data are obtained from you when you enter such data by using our Online Shop, or transmit them to us. You are not required to provide this information but, if you choose not to do so, we may not be able to offer you certain Service and related features.
We will use the data we obtain through the Online Shop as needed to fulfil our contractual obligation to provide you with the products and services you request, to deliver products ordered (including, but not limited to, transportation and customs clearance through related third party service providers).
We may use your email to offer our products and services without your prior consent for direct marketing if you are our current or former client. But if you do not want to receive such emails, please let us know by sending us an email and we will stop doing this immediately. In other cases we will not use your email to offer you our products and services, unless prior consent has been granted by you. We will ensure that you can easily opt-out from receiving such marketing communications. You have the right to reject marketing communications at any time without experiencing any negative effect.
We may also collect information how the Online Shop is accessed and used (further in the text referred to as Usage Data). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Online Shop that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we may use:
- Session Cookies. We may use Session Cookies to operate our Online Shop
- Preference Cookies. We may use Preference Cookies to remember your preferences and various settings
- Security Cookies. We may use Security Cookies for security purposes
A list of the cookies used by our website is provided below:
|Cookie name||Cookie description|
|Part of the Google Analytics statistical system that saves information on the user-visited website parts, the number of and duration of visits, browser information, etc.|
The storage period for personal data is established by applicable law. Personal data are usually retained for 10 years after expiry of the agreement, if you conclude one with us. As for the purpose of direct marketing, the personal data are stored until the consent for direct marketing is revoked. Usage Data and Cookie Data are stored for one year.
Use of Data for a Legitimate Interest
We also use the collected data if we have a legitimate interest to do so, including to support the following functions and activities:
- communicating with you about your transactions and sending you information about features and enhancements
- processing claims in connection with our products and services, and keeping you informed about the status of your order
- managing our rewards and loyalty programs, if available
- posting your product reviews and managing our reviews, if such functionality will be made available in future
- improving and customizing your experience with the Online Shop, including providing recommendations based on your preferences
- identifying and authenticating you so you may use the Service
- responding to your requests and inquiries and providing customer support
- operating, evaluating and improving our business
- protecting against, identifying and preventing fraud and other criminal activity, claims and other liabilities
Principles for Data Processing
We respect privacy rights and interests of each Online Shop user and our customer. We will abide by the following principles when processing personal data:
- Personal data will be processed lawfully, fairly and in a transparent manner in relation to the data subject
- Personal data will be collected for specified, explicit and legitimate purposes and will be processed for in accordance with those purposes
- Personal data collection will be limited to what is necessary to provide requested services
- Personal data will be accurate and, where necessary, kept up to date
- Personal data will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed
- Personal data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Legal Basis of Processing
The legal basis for our processing of personal data is Article 6.1.a-c,f of the GDPR: (a) the data subject has given consent to the processing of his or her personal data for direct marketing or cookies usage, or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or (c) processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. official requests of state institutions in case of administrative or criminal investigations), or (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (e.g. to defend our rights in court).
Disclosure of Data
We do not disclose personal data to anyone except if we believe it is necessary to comply with law, enforce our policies, or protect our or others’ legal rights. This does not include trusted third parties (i.e. data processors) which help us to operate our business and services as long as they agree to keep personal data confidential. We may disclose your personal data in the good faith belief that such action is necessary to:
- To comply with a legal mandatory obligation
- To protect and defend the rights or property of the Company
- To prevent or investigate possible wrongdoing in connection with the Online Shop
- To protect the personal safety of users of the Online Shop or the public
- To protect against legal liability
Security of Data
The security of your data is important to us, but please remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. Both technical and organisational measures are used in the Company for protection of personal data. Data are stored securely, and can be accessed by a limited number of persons.
Cross-border transmission of personal data. Personal data are processed in the territory of the European Union / European Economic Area. It may be necessary in some cases to transmit personal data to the recipients located outside of the territory of the European Union / European Economic Area. The Company takes steps to protect personal data in such cases and can rely on the adequacy decision of the European Commission, which means that, in view of the European Union, the laws and agreements in that country ensure adequate protection of personal data. In the absence of the adequacy decision of the European Commission, the Company (as the data controller) or its data processor may transfer personal data to a third country or international organisation outside of the territory of the European Union / European Economic Area only if the data importer has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
We may employ third party companies and individuals to facilitate our Online Shop (further in the text referred to as Service Providers or data processors), to provide the Service on our behalf, to perform Service related services or to assist us in analysing how our Online Shop is used. These third parties may have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Upon your request we will disclose to you detailed information about our Service Providers.
Your personal data can be transferred to:
- providers of IT, server, mail, archiving, marketing, accounting services
- other affiliate companies of Company’s group
- notaries, bailiffs, attorneys, consultants, auditors and debt recovery companies
- law enforcement authorities, courts and other dispute settlement institutions
- potential or existent successors of our business
Our Service does not address anyone under the age of 18 (further in the text referred to as Children). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
As a data subject, you have the following rights:
- the right to receive information if we process your personal data, and if so, the right to access such personal data
- the right to contact us with a request of rectifying inaccurate personal data
- the right to have the personal data erased, if you believe that there is no need for the Company to keep them, or if you had given consent and then decided to withdraw it. The request may be granted only if it is well-grounded, except in direct marketing or cookie cases where you have full discretion to revoke your consent. Also, this right may not apply where the processing is related to legal obligations, or establishment, exercise or defence of legal claims
- the right to receive the personal data or transfer them to another entity (the so-called right of data portability). This right applies where personal data are processed by automated means, based on your request
- the right to restrict processing of the personal data in certain circumstances. It means that we will continue storage of your personal data, but we will be unable to process them temporarily. (For instance, that may be necessary if inaccurate data are found. It is likely that you would not want data processed until they are rectified)
- the right to object to processing of personal data if the processing is carried out based on legitimate interests of the Company or third parties. You may exercise this right if you believe that the legitimate interests of processing such personal data pursued by the Company are overridden by your personal interests.
- the right to withdraw your consent to processing of personal data for direct marketing purpose.
If you wish to exercise these rights, you may contact the Company in writing, including electronically.
In order to implement the rights of a data subject, your identity needs to be authenticated. If your identity is not authenticated, it is impossible to make sure, if a request is filed by the same person, whose personal data is processed. Therefore, we may be unable to implement your data subject’s rights.
We may refuse to examine your request on the implementation of the rights or we may charge a fee for this service, if your request is clearly unjustified or filed in excess, also in other cases provided in the legal law.
If you believe that the manner of processing of personal data at the Company is inconsistent with the effective legislation, you have the right to contact the local data protection authority.