ONLINE STORE WWW.INPEAK.PL
§ 1. GENERAL INFORMATION
- All expressions and words written with a capital letter (eg. Online Store, Customer, etc.) should be understood in accordance with the Regulations of the Online Store.
§ 2. COORDINATORS OF PERSONAL DATA
- The co-administrators of your personal data are Dawid Markiel, who runs a business under the name of Dawid Markiel, ul. Zabrodzka 40 lok. 2, 52-336 Wrocław, NIP: 8871626847, REGON: 366513121 and Marcin Kawalec, conducting business activity under the name of Marcin Kawalec, ul. Zabrodzka 40 lok. 2, 52-336 Wrocław, NIP: 8951920543, REGON: 366509071, running a business in the form of a civil law partnership Inpeak Dawid Markiel Marcin Kawalec S.C.
NIP: 8992809630 REGON: 366510542, ul. Lotnicza 139, 54-132 Wrocław (hereinafter referred to as: the Administrator).
- In all matters related to the protection of personal data, we encourage you to contact us at the above address or via the e-mail address: email@example.com.
- You can also send a request to the provided address, including e-mail address, to provide information about what personal data we have about you and for what purposes we process it.
- The administrator informs that he stores correspondence for statistical purposes and to improve the help system in the field of GDPR, as well as in the field of complaint settlements. Addresses and data collected in this way will not be used for communication for purposes other than the implementation of the application, in particular they will not be used for marketing purposes and transferred to third parties.
- In the event of contact with the Administrator in order to perform specific activities (e.g. submitting a complaint, making a return), the Administrator may again request the person to provide data, including personal data, e.g. in the form of name, surname, address, e-mail address. -mail to confirm her identity and enable return contact in a given case and perform the requested action. Providing this data is not obligatory, but it may be necessary to perform activities or obtain information that is of interest to a given person.
§ 3. DATA ACQUISITION AND THE PURPOSE OF THEIR PROCESSING
- We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC, ( hereinafter: GDPR) and other currently applicable provisions of the law on the protection of personal data at the time of processing certain data.
- Pursuant to the content of the aforementioned legal acts, personal data is considered information about an identified or identifiable natural person. An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, location data, internet identifier or one or more specific physical, physiological, genetic, mental factors, the economic, cultural or social identity of a natural person.
- We ensure that the data obtained from you is confidential, secure and processed only when it is necessary. We process data in accordance with the law, in a fair and transparent manner for the data subject. We process only such data and only with such content that is necessary due to the legitimate purpose, i.e. the reason for processing, or results from an appropriate legal basis. Personal data is collected with due diligence and properly protected against access by unauthorized persons. We use appropriate and adequate security measures and the state of technical knowledge to protect personal data against accidental loss and unauthorized access, use, alteration or disclosure. We store personal data in a way that makes it possible to identify the data subject for a period not longer than it is necessary for the purposes for which the data is processed.
- The administrator obtains information about personal data in the following way:
- by making a purchase in the Online Store by the Customer;
- by voluntarily subscribing to the newsletter service;
- through information entered voluntarily in an e-mail;
- by sending a complaint, application, inquiry or letter of a different nature;
- through voluntarily entered information in an e-mail sent in connection with the desire to establish cooperation;
- by organizing competitions and promotional campaigns;
- by entering personal data into the contact form;
- through cookies, pixels or similar internet technologies.
- Please be advised that the purpose and scope of data processed by the Administrator results from the consent of the Visitor to the Website or the Customer, legal provisions, the legal interest of the Administrator and, in selected cases, is further specified as a result of actions taken by these persons in the Online Store or other communication channels.
- Providing personal data by the Visitor or the Customer of the Online Store is voluntary, but necessary in order to use certain functionalities of the Online Store (e.g. placing an Order by the Customer and its settlement, subscribing to the newsletter or using contact forms).
- Each time, the scope of the required data to conclude an appropriate contract is indicated previously in the Online Store (we mark the data the provision of which is necessary to conclude the contract / use a specific functionality), as part of other communication channels with the Visitor or the Customer or in the Regulations. The consequence of not providing personal data may be the inability to effectively use the functionality of the Website, e.g. the inability to place an order.
- Your personal data is collected by the Administrator for the following purpose:
|Purpose of processing||Legal basis||A legitimate purpose, if any|
|Keeping statistics||art. 6 sec. 1 lit. f GDPR||Having information about the statistics of our activities, which allows us to improve our business activities.|
|Conducting marketing activities of own products and services without the use of electronic communication means||art. 6 sec. 1 lit. f GDPR||Conducting marketing activities promoting the conducted activity.|
|Conducting marketing activities of own products and services with the use of electronic communication means, including profiling.||art. 6 sec. 1 lit. f GDPR, but these activities, due to other applicable regulations, in particular the Telecommunications Law and the Act on the provision of electronic services, are carried out only on the basis of the consents (Article 6 (1) (a) of the GDPR).||Conducting marketing activities promoting the conducted activity with the use of e-mail addresses. Presenting advertisements, adjusting discounts and promotions.|
|Handling of notifications sent using the contact form, e-mail messages, complaints and other requests.||art. 6 sec. 1 lit. a GDPR, art. 6 sec. 1 lit. c GDPR||Providing answers to requests and inquiries sent using the contact form or in another form, including storing sensitive requests and answers provided to maintain the principle of accountability. Handling applications, answering consumer complaints. Pursuing claims, including from third parties, defense by them.|
|Posting a comment by a Website user or opinion||art. 6 sec. 1 lit. a GDPR||Establishing a dialogue with the user, consumer opinion research.|
|Customer Account Service||art. 6 sec. 1 lit. a GDPR,||conclusion and implementation of the Agreement for the Provision of Services (Account) or taking action at the request of the future Customer before its conclusion.|
|Conclusion and implementation of the Sales Agreement||art. 6 sec. 1 lit. b GDPR,||conclusion and implementation of the Sales Agreement or taking action at the request of the future Customer before its conclusion.|
|Archiving of sales documents.||Art. 6 sec. 1 lit. c GDPR||Fulfilling legal obligations resulting from regulations, e.g. tax and accounting, especially in the case of paid contracts.|
- In the case of an adult Customer or an adult Visitor of the Website, with his additional consent, Personal Data may also be processed for the purpose of presenting, creating, granting and implementing advertisements, offers or promotions (discounts) dedicated to a given Customer regarding the Administrator’s products or services and his partners, as much as possible adapted to his preferences (profiling), as a result of automated decision-making, which may have legal effects on him or in a similar way significantly affect him, e.g. through a short-term discount dedicated exclusively to such a person on a specific product, which recently browsed in the Online Store (option not available to people who are underage or are of legal age, but have not consented to such action).
- Newsletter. If you want to subscribe to our newsletter, you must provide us with your e-mail address via the newsletter subscription form. Providing data is voluntary, but necessary to use the newsletter service. The data provided to us when subscribing to the newsletter is used to send you a newsletter in which we inform you about the company’s activities, the current collection, promotions and discounts, and indirectly identifying the customer. The legal basis for their processing is your voluntary consent when subscribing to the newsletter. In this case, your data is processed for the purpose of cyclical sending of the newsletter, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from your willingness to receive the service. The data will be processed for the duration of the newsletter, unless you unsubscribe earlier, which will permanently delete your data from the database. In addition, you can correct your data stored in the newsletter database at any time, as well as request their removal by resigning from receiving the newsletter. You also have the right to transfer the data contained in art. 20 GDPR. The newsletter database is properly secured by the Administrator. The newsletter as a database is handled by an external entity, Freshmail. In e-mail messages sent via Freshmail there are links to hidden images (so-called tracking pixel). In addition to its basic function, which is counting email openings, it is optionally also used to identify the customer and conduct marketing activities.
- E-mail contact. By contacting us via e-mail, including sending an inquiry via the contact form, you provide us with your e-mail address as the sender’s address. In addition, you can also include other personal data in the text of the message. Providing data is voluntary, but necessary to contact us. In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. a GDPR, i.e. your consent resulting from the willingness to contact. The legal basis for processing after the end of contact is the justified purpose of archiving correspondence for internal purposes (Article 6 (1) (c) of the GDPR). The content of the correspondence may be archived and we are not able to clearly determine when it will be deleted. You have the right to request a history of correspondence with us (if it was subject to archiving), as well as request its removal, unless its archiving is justified due to our overriding interests.
§ 4 CATEGORIES OF PERSONAL DATA
- The personal data administrator may process the following categories of personal data:
- personal data provided for the purpose of using the newsletter, sent via e-mail; whether provided when submitting complaints, complaints or requests, in particular: name and surname; e-mail adress; contact telephone number; address [street, house number, apartment number, zip code, city, country], bank account number;
- personal data for the purpose of making a purchase on the website inpeak.pl, in particular: name and surname, shipping address, e-mail address, contact number NIP, to
- other data, in particular obtained based on the Customer’s activity on the Internet, including those obtained via the Online Store or other communication channels with the Customer, using cookies and similar technologies.
§ 5 PERSONAL DATA RECIPIENTS
- Your personal data may be processed by our partners and subcontractors, i.e. entities whose services we use to process data and provide services to you. To our knowledge, all entities entrusted with the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.
- Your personal data may be transferred by the Administrator:
- state authorities or other entities authorized under the provisions of law, in order to fulfill our obligations (Tax Office, Social Insurance Institution, PUODO, Police, prosecutor’s office, President of the Office of Competition and Consumer Protection – if they ask the Administrator for it);
- in addition, the Administrator’s partners may participate in the processing of personal data to a limited extent, in particular who technically help to efficiently run the Online Store (e.g. they support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns), hosting service providers or ICT services, carriers or intermediaries carrying out shipments of Orders, entities handling electronic payments or payments with a payment card in the Online Store, companies that service the software, support the Administrator in marketing campaigns, as well as providers of legal and advisory services and external accounting;
- in addition, we may share fully anonymised data (such that cannot identify you) with entities with whom we cooperate.
- Our suppliers are based mainly in Poland or in other countries of the European Economic Area (EEA), and, for example, in the case of Google Analytics, they are based outside the EEA. Due to the judgment of the CJEU Schrems II (C-311/18), we have enabled the anonymization of your IP numbers – we do not transfer this data to the USA. The other data sent to Google does not have the characteristics of personal data, i.e. it is not possible to identify a specific natural person on its basis.
§ 6 ARCHIVING OF PERSONAL DATA
- We store the data for the periods indicated below:
|Data related to the sales procedure||5 years|
|Data for marketing purposes||In the case of data processing on the basis of consent – until its withdrawal. In the case of data processing on the basis of a legitimate purpose – until an objection is raised.|
|Data provided using the contact form, e-mail.||For a period of 3 years in order to maintain the principle of accountability.|
|Personal data related to cookies and similar functions||Until these files are deleted using the website / browser / device settings (while deleting files is not always the same as deleting Personal Data obtained through these files – then personal data will be deleted until an objection is raised)|
|Data provided during the complaint procedure and other procedures related to the Customer’s claims||5 years|
- In each case, personal data will also be stored when the law (e.g. accounting or tax regulations) obliges the Administrator to process them; we will store personal data longer in case the Customer has any claims against the Administrator, in order to pursue claims by the Administrator, or to assert or defend against claims of third parties, for the limitation period specified by law, in particular the Civil Code.
- Depending on the scope of personal data and the purposes of their processing, they may therefore be stored for a different period. In each case, the longer period of storage of personal data is decisive.
§ 7 RIGHTS, ACCESS AND UPDATING OF PERSONAL DATA, COMPLAINTS
Pursuant to Art. 15 GDPR, you have the right to obtain information from the Personal Data Administrator as to whether your personal data is being processed.
If the Administrator processes your personal data, then you have the right to:
- access to personal data;
- obtain information about the purposes of processing, categories of personal data processed, about the recipients or categories of recipients of this data, the planned period of storage of your data or the criteria for determining this period, about your rights under the GDPR and the right to lodge a complaint with the supervisory authority, about the source of these data data, about automated decision making, including profiling, and about the security measures used in connection with the transfer of such data outside the European Union;
- obtain a copy of your personal data.
In addition, you can ask for the correction of personal data (Article 16 of the GDPR), the deletion of personal data (Article 17 of the GDPR), object to the processing of personal data (Article 21 of the GDPR) and, if technically feasible, ask for personal data provided to another organization (Article 20 of the GDPR).
In connection with the right to be forgotten, the Administrator will update or delete your data, unless it has a legal obligation to keep it for the purposes of conducting business or complying with the law. In some cases, you have the right to request the restriction of the processing of personal data (Article 18 of the GDPR). You can also contact the Administrator if you have any reservations about the method of collecting, storing or using your personal data.
The administrator tries to immediately consider all requests regarding the above-mentioned operations on your personal data, but no later than within 30 days from the receipt of the request. Due to the complex nature of the request, the Administrator has the right to consider your requests within more than 30 days, of which he will inform the User in advance.
The controller is committed to a final review of your complaints, but if you are still dissatisfied with the response you receive, you can lodge a complaint with the data protection supervisory authority of your local data protection authority. In Poland, the supervisory body within the meaning of the GDPR is the President of the Personal Data Protection Office, who replaced GIODO on May 25, 2018.
§ 8 PROCESSING OF PERSONAL DATA IN AN AUTOMATED MANNER,
- The selected cookies process your personal data. The processing of personal data from cookies or similar technologies on our Website is carried out for the purposes of ensuring the functioning of the Website, adapting the Website to the preferences of the Visitor and the Customer, or for analytical purposes. Processing is based on our legitimate interest. The legal basis for the processing of personal data for advertising purposes and connecting with social media will be your additional consent, expressed by making a selection and checking the checkbox during the process of consenting to cookies.
- When a Visitor uses the Online Store, cookies are used to identify their browser or device – cookies collect various types of information, which, as a rule, does not constitute personal data. Some information, depending on their content and method of use, may, however, be associated with a specific person – assigning certain behaviors to a specific Visitor or Customer, e.g. by linking them to the data provided when registering an Account in the Online Store, or a specific e-mail address – and thus be considered personal data.
- The website uses profiling. Thanks to the cookies used in the Online Store, it is possible for the Administrator to familiarize himself with the preferences of the Visitor – e.g. by analyzing how often he visits the Online Store and whether and what products he buys. The analysis of Internet behavior helps to better understand the habits and expectations of customers and visitors and to adapt to their needs and interests. Thanks to this technology, it is possible to present Visitors with advertisements tailored to their needs and interests (for example, an advertisement resulting from recently browsing only dresses in the “red” category) and to prepare better promotions and surprises for adult Visitors who agreed to it.
- The Administrator declares that he has the right to amend this document for important reasons, including:
- changes in applicable regulations, in particular in the field of GDPR, telecommunications law, services provided electronically and regulating consumer rights, affecting the rights and obligations of the Administrator or the rights and obligations of the data subject;
- In the case of users using the newsletter function, if the Administrator makes fundamental changes to the content of the Security Policy, then he will inform Users about them via e-mail. In the event of any objections to the change of the Policy, the User has the right to stop using the newsletter by sending a request to unsubscribe from the newsletter and a request to delete his personal data.