Privacy Policy

ONLINE STORE PRIVACY POLICY

www.expom-kwidzyn.pl

 

Dear Customer/User

We care for your privacy and we want you to feel comfortable and safe when using our services, so we have prepared this document to present you detailed information about the processing of your personal data.

 

Contents:

  1. Introduction

  2. General information

  3. Recipients of the Online Store personal data

  4. Acquisition, collection, purpose, scope and activities of personal data processing

  5. Rights of data subjects

  6. Cookies, operational data and analytics

  7. Final provisions

 

Introduction

 

  1. This Privacy Policy sets out the rules for the processing and protection of personal data of the Users and Customers (including potential Customers) using the Online Store available at www.expom-kwidzyn.pl, hereinafter referred to as the Store. The document in particular describes the grounds, objectives, scope of personal data processing, indicates the entities to whom the data are entrusted, and includes information on cookies and analytical tools used for the purposes of the Online Store.

  2. Words and phrases used in the definitions of the Terms and beginning with a capital letter have been used in this document and have the meaning assigned to them in the Terms of the Online Store, available on the Store website.

  3. The Controller of personal data collected through the Online Store, within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (OJ L 119, p. 1), hereinafter referred to as the GDPR (the regulation can be read at http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679), is the Seller, i.e.: Expom Kwidzyn EU Sp. z o.o. with its registered office in Kwidzyn (82-500) at ul. 15 Sierpnia 15, entered into the National Court Register by the District Court Gdańsk-Północ in Gdańsk, 7th Commercial Division of the National Court Register (KRS), under KRS number: 0000734607, NIP: 5213829920, REGON: 380402445, share capital: PLN 100,000, represented by: Paweł Myć, contact phone: 537 841 478, e-mail address: biuro@expom-eu.com, hereinafter referred to as the Seller.

  4. The personal data of Users are processed in accordance with the provisions on personal data protection and the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2002 No. 144, item 1204, as amended).

  5. The Controller of personal data declares that the Privacy Policy has an informative role, which means that it is not a source of obligations for Users and Customers of the Online Store. Its purpose is to define the actions taken by the Controller and to describe the services, tools and features related to the Online Store and used by its Customers, e.g. to register the account, place an order, use the contact form, sign up for the newsletter or other activities taken within the Online Store.

 

General information

 

  1. The Online Store controller makes every effort to protect the privacy of the Users and Customers of the Online Store and any data and information obtained from them. The controller carefully selects and applies technical security measures, both programming and organisational, thus ensuring complete protection against the data reveal, disclosure, loss, destruction, unauthorised modification or processing in violation of applicable laws.

  2. The controller informs that the Online Store uses a transmission protocol to ensure security of data transmission in the Internet, namely the SSL protocol (Secure Socket Layer v3). It is a security measure encoding data prior to sending them from the Customer’s browser and decoding after a safe access to the Store server. The information sent from the server to the Customer is also encoded, then decoded after reaching the destination.

  3. Data collected by the Controller are processed in accordance with the law, while respecting the principles of reliability and transparency, and are gathered to the minimum extent necessary for the purposes specified and processed in accordance with them, not processed further contrary to those purposes, adequate and correct in relation to the purpose and stored in such a way that the data subjects can be identified. The period of data storage depends on the processing purpose and is limited to the moment the intended purpose is achieved.

  4. According to the Terms and the Privacy Policy, the Online Store Controller has access to data, but may transfer personal data of Customers to external entities cooperating with the Controller. Such transfer is possible only under relevant personal data processing agreements between the Controller and the processor. The agreements contain a provision specifying the scope and conditions of personal data processing necessary to provide the services. The Controller represents that it cooperates only with entities which guarantee the security of personal data processing by implementing safeguards equivalent to the requirements specified in the GDPR.

  5. The Controller has the right and a statutory obligation to provide information on the Online Store Customers to public authorities, e.g. in connection with conducting proceedings regarding possible violations of law, or to third parties, who will make such a request pursuant to the applicable Polish laws.

  6. The use of services and tools made available in the Online Store, as well as the provision of personal data by the User is voluntary. However, providing them may be necessary to conclude and perform a sales agreement or an agreement for electronic services in the Online Store, and therefore their absence will make it impossible to conclude such an agreement. The scope of data necessary to conclude the agreement is specified on the Online Store website and its Terms.

  7. The Customer using the services and tools made available within the Online Store confirms that it has read this Privacy Policy and the Terms of the Online Store, at the same time giving consent (if necessary) for the use of their personal data in accordance with these provisions by checking the relevant checkboxes on the Online Store website (the contents of the checkboxes specify the purpose for which the personal data will be used).

 

Recipients of the Online Store personal data

 

  1. To ensure proper operation of the Online Store, including for the execution of sales agreements, the Controller uses third party services. The Controller transfers the data only if it is necessary for the specific purpose of personal data processing and only to the extent necessary to achieve it.

  2. The recipients of personal data of the Online Store Customers are:

    • carriers, intermediaries, freight forwarders – if the Customer who make a purchase in the Online Store chooses delivery by courier service,

    • entities processing payment by electronic means or payment card – the Controller transfers the Customer’s personal data to the entity processing the given payment to the extent necessary to perform the service,

    • entities operating the system of opinion polling, entities providing systems for analysis of traffic in the Online Store, systems for analysing the effectiveness of marketing campaigns; entities carrying out marketing campaigns,

    • providers of services supporting the work of the Online Store Controller, e.g. a computer software provider for operating the Online Store, e-mail, companies operating the e-mail system for sending newsletters, hosting providers,

    • loan entities enabling the Customers to make payments in instalments,

    • entities providing accounting services.

  3. The data recipients (external entities) process personal data under relevant outsourcing agreements signed with the Controller. These entities collect, process and store personal data in accordance with the applicable regulations and privacy policies.

  1. The Controller outsources the processing of personal data of the www.expom-kwidzyn.pl Online Store Service Recipients and Customers to the following entities: home.pl, ul. Zbożowa 4,70-653 Szczecin, NIP: 852 21 03 252, REGON: 811158242 – to store data on the server on which the Online Store is installed or to store data on the server on which the Online Store is installed and to provide IT and technical support for the Store website,

  2. INDUSTI Sp. z o.o., ul. Narutowicza 77/3 , 20-019 Lublin, NIP: 9462554884, REGON: 060376684, KRS: 0000308642- to provide marketing services.

 

 

 

Acquisition, collection, purpose, scope and processing activities

 

  1. The Controller obtains information about the Users, e.g. by collecting server logs, IP addresses, software and hardware parameters, website browsing, mobile device identification number and other data on the devices and use of the systems. The above information will be collected in connection with the use of the Online Store. These data are not used by the Controller to identify the User/Customer.

  2. Navigational data can also be collected from the Customers, including information on links and references or other activities taken in the Online Store, in order to facilitate the use of services provided by electronic means and to improve the functionality of these services.

  3. The Controller reserves the right to filter and block messages sent via an internal message system, in particular if they are spam, contain unlawful content or otherwise threaten the security of the Online Store Users.

  4. As part of the Online Store, the Controller processes personal data of Customers for the following purposes:

  • taking action before concluding an agreement at the Customer’s request; guaranteeing full service for the Store User, including the establishment and management of account(s), contacting the Users in response to queries sent via the contact form, providing live chat, livecall, contacting with Users via e-mail in response to queries,

  • providing services that do not require the creation of an account and purchase of goods, i.e. browsing the Online Store webpages, operating the search engine, monitoring the activity of all and specific Users,

  • adjusting the User's offer and experience,

  • performing a sales agreement or an agreement for the provision of services by electronic means,

  • keeping statistics on the use of particular features available in the Online Store, facilitating the use of the Online Store and ensuring the IT security of the Online Store,

  • establishment, exercise and enforcement of claims and defence of legal claims in court proceedings and before other enforcement authorities,

  • handling complaints, claims and requests, and answering questions,

  • direct marketing of products and services,

  • sending the Newsletter,

  • organisation of loyalty contests and programmes,

  • carrying out tests and analyses to improve the available services.

  1. The Controller informs that it collects, processes and stores the following data of the Customers: first and last name, e-mail address, contact phone number, delivery address (street, house number, apartment number, postal code, town, country), address of residence/business address/registered office (if different from the delivery address).

In the case of Service Recipients or Customers who are not Consumers, the Controller may additionally process such data as: Company name and tax identification number (NIP) of the Service Recipient or the Customer.

  1. Personal data collected for the purposes indicated in the Privacy Policy will be stored for the period of services (including electronic services and shipment of goods) provided by the Controller and for the period resulting from the claims limitation period, provisions of tax law, Consumer rights or other rights in this respect.

 

CONTACT WITH CUSTOMER

 

  1. The basis for the processing of data in connection with the Customer service, which includes contact with the Customer to answer a query sent via e-mail/contact form is Article 6(1)(a) of the GDPR, i.e. consent to processing. If  an agreement is concluded after contact, the data will be processed pursuant to Article 6(1)(b) of the GDPR. The legal basis for processing after a possible termination of contact will be a reasonable purpose of archiving correspondence to demonstrate its course in the future (according to Article 6(1)(f) of the GDPR).

 

 

ACCOUNT SIGN-UP

  1. The data of a User who signs up to the Online Store will be collected under consent for processing (Article 6(1)(a) of the GDPR). When the User decides to conclude the agreement, the data will be processed under Article 6(1)(b) of the GDPR. In addition, according to Article 6(1)(f) of the GDPR, processing is necessary for the purposes of legitimate interests pursued by the controller.

  2. The account is created by filling in the sign-up form and providing basic personal data, i.e. e-mail address, etc., as well as a password consisting of the type and number of characters specified in the instructions. An account is created free of charge and requires consent to provide the data from the User and confirmation of having read the Store's Privacy Policy..

 

ORDER EXECUTION

  1. When placing an order in the Online Store, the Customer provides the personal data to be used to perform the agreement, i.e. in connection with the order execution (Article 6(1)(b) of the GDPR), issue an invoice and carry out other activities related to the tax law (Article 6(1)(c)). For archiving and statistical purposes, the data will be processed pursuant to the Controller’s legitimate interest (Article 6(1)(f) of the GDPR).

  2. The basis for the processing of data for the purpose of establishing, exercising or defending legal claims that may be raised by or against the Controller is Article 6(1)(f) of the GDPR.

 

NEWSLETTER

  1. A newsletter service is available as a feature on the Online Store website. The data provided in connection with signing up for the newsletter are used only for sending the newsletter, on the basis of consent (according to Article 6(1)(a) of the GDPR). The legal basis for processing after a possible termination of contact and for sending the newsletter will be a reasonable purpose of archiving correspondence to demonstrate its course in the future (according to Article 6(1)(f) of the GDPR).

  2. Voluntary consent to sending the newsletter or commercial information may be withdrawn at any time at the Customer’s/User’s request sent via e-mail. Upon receiving such a request, the Controller will immediately, but not later than within 48 hours from receiving the information on withdrawal of consent, remove the Customer’s/User’s data from the contact database used for the transfer of commercial information by electronic means.

  3. As part of the newsletter, you can at any time rectify the data stored in the database, request their erasure, resign from receiving the newsletter and exercise the right to transfer the data referred to in Article 20 of the GDPR.

 

CONTACT FORM

  1. As part of the features of the Online Store, the Controller ensures the ability to be contact him by means of an interactive form. The use of the form requires the provision of personal data necessary to contact the User and answer the questions in the form. The User may also provide other data to facilitate contact or order the service. Providing the data marked as mandatory is required to handle the request and/or accept the order, and their absence may result in inability to handle the order. The provision of other data is voluntary.

  2. The basis for the processing of data in connection with the use of the contact form is Article 6(1)(a) of the GDPR, i.e. consent to processing.

  3. To identify the sender and to handle their enquiries sent via the provided form - the legal basis for processing is the necessity of processing for the performance of the service agreement (Article 6(1)(b) of the GDPR).

  4. The legal basis for processing after a possible termination of contact will be a reasonable purpose of archiving correspondence to demonstrate its course in the future (according to Article 6(1)(f) of the GDPR).

 

GOOGLE ADS

  1. The Controller informs that by using Google Ads services, he promotes the Online Store website in search results and on the websites of third parties. When visiting the Store website the so-called Remarketing cookie file from Google is left on the device of each visitor, which enables the display of interest-based advertising by means of a pseudonymous identifier (ID) and based on pages viewed by the Visitor.

The Google Ads service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which has joined the Privacy Shield program to ensure appropriate protection of personal data required by European regulations.

 

I. Rights of data subjects

 

  1. GDPR gives the Customers/Users the rights listed below. They are granted without giving a reason, but they are not absolute and are not applicable to all activities regarding personal data processing. If the Customer/User wishes to exercise any of their rights, they may at any time send a declaration of will to the Online Store’s e-mail address or the address of the Controller's registered office.

    The right of access to data provided pursuant to Article 15 of the GDPR..

The Customer/User may at any time request the Controller to confirm whether their data are processed and, if this is the case, the Customer has the right to:

  • access their personal data,

  • receive information on the purposes of processing, the categories of personal data concerned, recipients or categories of recipients of such data, the envisaged period for which the personal data will be stored, or the criteria used to determine that period (when it is impossible to determine the envisaged processing period), the rights of the Customer/User under the GDPR (when it is impossible to determine the envisaged processing period), the rights granted to the Customer under the GDPR and the right to lodge a complaint with the supervisory authority, the source of such data, the automated decision-making, including profiling and safeguards applied in connection with the transfer of such data outside the European Union,

  • obtain a copy of their personal data.

    The right to rectify data exercised pursuant to Article 16 of the GDPR.

The Customer/User has the right to request the Controller to immediately rectify their inaccurate personal data. The Customer/User also has the right to request completion of their personal data. To rectify or complete your personal data, please send information to the e-mail address of the Online Store.

III. III. The right to erasure ("right to be forgotten") – exercised under Article 17 of the GDPR.

a) the Customer/ User may request the Controller to delete all or some of their data,

b) the Customer/User has the right to request the erasure of their personal data when:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,

  • the Customer/User withdraws consent on which the processing is based according to the Customer’s/User’s consent,

  • the Customer/User objects to the use of their data for marketing purposes,

  • the personal data have been unlawfully processed,

  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject,

  • the personal data have been collected in relation to the offer of information society services,

 

c) despite a request by the Customer/User to erase the personal data in connection with the filing of an objection or withdrawal of consent, the Controller may retain certain personal data insofar as processing is necessary for establishing, exercising or defending legal claims, as well as for fulfilling the legal obligation requiring processing under the law of the EU or the law of the Member State to which the Controller is subject,

d) the erasure of personal data or the cessation of their processing by the Controller may result in the inability to perform the services provided through the Online Store or limit the possibility of using the Online Store’s features.

IV. Consent to the processing of personal data and the right to withdraw consent pursuant to Article 7 (3) of the GDPR

a) by accepting declarations placed by the Controller in interactive forms available on the Online Store website, the Customer/User consents to the processing of their data for specific purposes,

b) the Customer/ the User can consent to the processing of their data for additional purposes by accepting optional declarations proposed in the forms available on the Online Store website,

c) the Customer has the right to withdraw any consent granted to the Controller, the withdrawal of consent is effective from the moment the consent is withdrawn,

d) withdrawal of consent does not result in any negative consequences for the Customer, but may prevent further use of the services or features which the Controller may only provide with consent, in accordance with the law,

e) withdrawal of consent does not affect the lawfulness of processing by the Controller based on consent before its withdrawal.

V. The right to object to the processing of data pursuant to Article 21 of the GDPR

a) The Customer/ the User has the right to object to the processing of their personal data, including profiling, at any time, if the Controller processes personal data based on a legitimate interest,

b) resignation from receiving marketing information concerning products and services sent by the Customer/User via e-mail means the Customer/User's objection to the processing of their data, including profiling for these purposes,

c) if the Controller has no other legal basis for the processing of Customer’s/User’s data and the objection filed proves to be justified, the personal data for which the opposition was filed will be deleted.

VI. The right to request restriction of personal data processing pursuant to Article 18 of the GDPR

The Customer/User has the right to request the restriction of the processing of their personal data when:

  1. the accuracy of the personal data is contested by the Customer/User, the Controller will restrict the processing for a period enabling the controller to verify the accuracy of the personal data,

  2. the processing of the Customer’s/User’s personal data is unlawful and the Customer/User opposes the erasure of the personal data and requests the restriction of their use instead,

  3. the Controller no longer needs the personal data for the purposes of the processing, but they are required by the Customer/User for the establishment, exercise or defence of legal claims,

  4. if the Customer/User objected to the processing of their personal data, the restriction of processing takes place until it is determined whether the legitimate interests on the part of the Controller prevail over the grounds indicated in the Customer’s/User’s objection.

VII. The right to request the transfer of personal data (Article 20 of the GDPR)

The Customer/ User has the right to receive their personal data from the Controller in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.

The Customer/User can also request that the Controller send the personal data of the Customer/User directly to another controller (where technically feasible).

VIII. The Customer shall also have the right to lodge a complaint with the President of the Office for the Protection of Personal Data regarding the violation of their rights to the protection of personal data or other rights granted under the GDPR.

 

Cookies policy, operational data and analytics

 

  1. The Online Store uses small files called cookies, which are saved and stored on a computer or other terminal device of Store Users and Customers if the web browser allows it. Cookies usually contain the name of the domain from which they originate, their retention time and the assigned value.

  2. Cookies are used to optimise the use of the Store website, to collect statistical data, which enable identification of how the Users use the Online Store to improve the Online Store structure. They are also necessary to maintain the Customer’s session when they leave the Online Store.

  3. The Controller uses two types of cookies:

a) session (temporary) cookies: stored on the Customer’s terminal device and remain there until the end of the browser session. The information recorded is then permanently deleted from the device’s memory. The session cookies mechanism does not allow for downloading any personal data or any confidential information from the Customer's device,

b) persistent cookies: stored on the Customer's device and retained there until erased. Ending the session of a given browser or switching off the device does not cause them to be erased from the Customer's device. The persistent cookies mechanism does not allow for downloading any personal data or any confidential information from the Customer's device.

  1. The service controller uses external cookies to:

  1. collect general and anonymous statistical data through analytical tools: Google Analytics (the controller of cookies is Google Inc based in the US),

  2. analyse the behaviour on the website, i.e. time spent on individual pages, buttons clicked, links used, etc. using the Hotjar tool (Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta.

  1. The Controller uses the Google Analytics tracking code to analyse the Online Store website’s statistics and manage Ads; detailed information about Google Analytics can be found at https://support.google.com/analytics/answer/6004245.

  2. At any time, the Customer can use their web browser to change the settings of cookies, including blocking the ability to collect cookies. Such action may hinder or prevent the use of the services and tools of the Online Store, including making it impossible to place an order.

  3. If the Customer decides not to agree to the use of cookies for the purposes described above, they can delete them manually at any time. A detailed procedure and information concerning cookies are included in the help menu of the web browser currently used by the Customer. Examples of web browsers supporting the said cookies: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.

  4. Some external entities operating within the Online Store allow the Users to withdraw their consent to collect and use data for advertising based on the Customer's activity. For more information on this subject and the ability to make a choice, visit www.youronlinechoices.com, for example. Sharing information about the activity on the Online Store website with Google Analytics can be blocked using Google Inc. browser add-on available at: https://tools.google.com/dlpage/gaoptout?hl=pl.

 

Final provisions

 

1. This Privacy Policy includes links to other websites; it is recommended to read the privacy policies and terms of these websites.

2. The above Privacy Policy applies only to the Controller’s Online Store.

3. It is possible to expand the Online Store’s offer, which means changing the content of the Privacy Policy, which will be communicated to you by a relevant message on the Store website.

4. If you have additional questions regarding the Online Store’s Privacy Policy, please send a message to the e-mail address provided by the Controller: biuro@expom-eu.com.

 

 

up
Shop is in view mode
View full version of the site
Sklep internetowy Shoper.pl