PRIVACY POLICY
ONLINE STORE www.4lck.com
Dear Customer / User
We care about your privacy and we want you to feel comfortable and safe when using our services, which is why we have prepared a document from which you will get detailed information regarding the processing of your personal data.
Table of Contents:
1. Introduction
2. General information
3. Recipients of personal data of the online store
4. Acquiring, collecting the purpose, scope and processing of personal data
5. Rights of data subjects
6. Profiling
7. Cookie mechanism, operational data and analytics
8. Final provisions
§ 1
Admission
1. This privacy policy sets out the rules for the processing and protection of personal data of Users and Customers of the online store (including potential customers) using the online store available at the Internet address: www.4lck.com, hereinafter referred to as the store. The document primarily describes the basics, purposes, scope of personal data processing, indicates the entities to which the data is entrusted, and also contains information about cookies and analytical tools used in the online store.
2. Words and phrases that were used in the definitions of the Regulations and beginning with a capital letter, have been used in this document and have the meaning given to them in the regulations of the online store, which is available on the store's website.
3. The administrator of personal data collected via the online store as defined in Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repeal Directive 95/46 / EC (general regulation on data protection) of 27 April 2016 (Journal of Laws of the EU, No. 119, page 1), hereinafter referred to as the GDPR (here you can read the regulation on http: / /eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679), is 4LCK Sp. z o.o. with its registered office in Warsaw (00-550) at plac Konstytucji 6/71, entered into the National Court Register by the District Court for the Capital City of Warsaw Warsaw in Warsaw, XIV Commercial Department of the National Court Register, under the KRS number: 0000572465, Tax ID: 5322053625, REGON: 362353152, share capital: PLN 50,000.00, represented by: Marcin Drazan - President of the Management Board, hereinafter referred to as the Seller.
4. Users' personal data are processed in accordance with the provisions on the protection of personal data and the Act of 18 July 2002 on the provision of electronic services (OJ 2002 No. 144, item 1204, as amended).
5. The administrator of personal data declares that the privacy policy has an informative role, which means that it is not a source of obligations for Users and Customers of an online store. Its purpose is to define the actions taken by the Administrator and a description of the services, tools and functionalities associated with the online store used by online store customers, e.g. for account registration, placing an order, using the contact form, subscribing to the newsletter or other activities undertaken under online store.
§ 2
General information
1. The online store administrator makes every effort to protect the privacy of Users and Customers of the online store and all data and information that has been obtained from them. With due diligence, it selects and applies technical protection measures, both programming and organizational, thus ensuring complete protection against disclosure, disclosure, loss, destruction, unauthorized modification or processing in violation of applicable law.
2. The administrator informs that the online store uses a transmission protocol that ensures the security of data transmission on the Internet, namely it has the SSL (Secure Socket Layer v3) protocol installed. It is a type of security consisting in coding data before they are sent from the Customer's browser and decoding after safely arriving at the store's server. Information sent from the server to the client is also encrypted, and after reaching the target, it is decoded.
3. Data collected by the Administrator are processed in accordance with the law, respecting the principles of fairness and transparency, are collected to the minimum necessary for the specified purposes and processed in accordance with them, not subjected to further processing incompatible with those purposes, adequate and correct content-related to the purpose and stored in a way that allows identification of data subjects. The period of data storage depends on the purpose of the processing and limited to the achievement of the assumed purpose.
4. The administrator of the online store on the terms specified in the regulations and in the privacy policy has access to data, but may entrust the Customer's personal data to third parties , cooperating with the Administrator. Such entrusting is possible only on the basis of relevant personal data entrustment agreements concluded between the Administrator and the processor. The agreements contain a provision specifying the scope and conditions of processing of personal data necessary for the performance of services. The Administrator declares that he cooperates only with entities that guarantee for his safety the processing of personal data by implementing security measures complying with the requirements set out in the GDPR.
5. The administrator has the right, as well as the statutory obligation to provide information about customers of an online store to public authorities, for example in connection with conducting proceedings for possible violations of law or third parties who submit such a request on the basis of applicable Polish law.
6. The use of services and tools made available as part of an online store, as well as providing personal data by the User is voluntary. However, their application may be necessary to conclude and execute a sales contract or contract for the provision of electronic services in an online store, thus their absence will prevent the conclusion of such a contract. The scope of data necessary to conclude the contract is indicated on the website of the online store and in the regulations of the online store.
7. The customer using the services and tools provided as part of the online store confirms that he has read the provisions of this privacy policy and online store regulations, at the same time agreeing (if necessary) to use his personal data in accordance with these provisions by checking the appropriate check boxes posted on the website of the online store (content of checkboxes determine the purpose for which the given personal data will be used).
§ 3
Recipients of personal data of an online store
1. In order to ensure the proper operation of the online store, including for the implementation of sales contracts concluded, the Administrator uses the services of external entities. The administrator submits data only when it is necessary to perform a given purpose of personal data processing and only to the extent necessary to complete it.
2. Examples of recipients of personal data of customers of an online store may be:
• carriers, brokers - in a situation where the customer purchasing in the online store chooses the delivery method by courier,
• entities servicing electronic payments or by a payment card - the Administrator entrusts the Customer's personal data to the entity servicing a given payment to the extent necessary to perform the service,
• service provider supporting the work of the Administrator of an online store, eg a supplier of computer software for running an online store, electronic mail, a hoster,
• entities providing accounting services.
3. Recipients of data (external entities) process personal data on the basis of relevant entrustment contracts signed with the Administrator of the online store. These entities collect, process and store personal data in accordance with their regulations and privacy policies.
4. Processing personal data of Clients and Customers of the "4LCK" online store. The administrator entrusts the following entities:
a) H88 S.A., st. Franklin Roosevelt 22, 60-829 Poznań, KRS: 0000612359, NIP: 7822622168, REGON: 364261632 - in order to store data on the server where the online store is installed,
b) Dobrzy Księgowi Sp. z o.o., st. Wałbrzyska 11/252, 02-739 Warsaw, KRS: 0000320436, NIP: 1080006470, REGON: 141684880 - for bookkeeping in electronic form and for the purpose of bookkeeping business activities of the owner of an online store,
c) Poczta Polska SA, st. Rodziny Hiszpańskich 8, 00-940 Warsaw, KRS: 0000334972, NIP: 5250007313, REGON: 010684960 - in order to deliver goods to the customer,
d) RUCH S.A., st. Chłodna 52, 00-872 Warsaw, KRS: 0000020446, NIP: 5260250475, REGON: 011063584, Tax ID: 5260250475 - in order to deliver goods to the Customer,
e) PayU S.A., st. Grunwaldzka 182, 60-166 Poznań, KRS: 0000274399, NIP: 7792308495, REGON: 300523444 - in order to enable electronic payments and payment by means of a payment card for ordered goods or for the purpose of making internet payments to the Seller,
f) PayPal Polska sp. o.o., st. Emilii Plater 53, 00-113 Warsaw, NIP: 5252406419, KRS: 0000289372, REGON: 141108225- in order to enable electronic payments and payment by means of a payment card for the ordered goods or to make internet payments to the Seller.
g) National Payments Integrator S.A., st. St. Marcin 73/6, 61-808 Poznań, NIP: 7773061579, REGON: 300878437, KRS: 0000412357.
§ 4
Acquiring, collecting a goal, scope and processing activities
1. The administrator acquires information about Users, including by collecting server logs, IP addresses, software and hardware parameters, pages viewed, mobile device identification number, and other device and system usage data. The collection of the above information will take place in connection with the use of the online store. These data are not used by the Administrator in order to identify the User / Client.
2. Navigational data may also be collected from customers, including information about links and links or other activities undertaken in the online store, in order to facilitate the use of services provided electronically and to improve the functionality of these services.
3. The Administrator reserves the right to filter and block messages sent via the internal system of messages, in particular if they are spam, contain illegal content or otherwise threaten the security of the Users of the online store.
4. As part of the online store, the Administrator processes personal data of clients for the following purposes:
• take action before concluding the contract at the customer's request; ensuring full service of the store user including setting up and managing accounts / accounts, contacting Users in response to inquiries sent via the contact form, with Users via e-mail in response to queries sent,
• provision of services that do not require the creation of an account and purchase of goods, i.e. browsing the websites of an online store, servicing the goods search engine, monitoring the activity of all users and specific Users,
• adjusting the offer and the User's experience,
• performance of a sales agreement or contract for the provision of electronic services,
• keeping statistics on the use of particular functionalities available in the online store, facilitating the use of the online store and ensuring the IT security of the online store,
• establishing, investigating and enforcing claims and defending against claims in court proceedings and other enforcement organs,
• considering complaints, complaints and requests, and answers to questions,
• direct marketing of products and services,
• newsletter sending,
• organization of contests and loyalty programs,
• conducting research and analysis to improve the services available.
5. The Administrator informs that it collects, processes and stores the following Customer data: name and surname, e-mail address (e-mail address), contact telephone number to contact the Courier and deliver the ordered goods, delivery address (street, house number, apartment number, zip code, city, country), address of residence / business activity / registered office (if different from the delivery address). In the case of Clients or Customers who are not Consumers, the Administrator may additionally process such data as: Company name and tax identification number (NIP) of the Customer or Client.
6. Personal data that is collected for purposes specified in the privacy policy will be stored for the period of services (including electronic services and shipment of goods) provided by the Administrator and for the period resulting from the time limits for claims, tax law, Consumer's rights or other rights in this regard.
CONTACT WITH THE CUSTOMER
7. The basis for data processing in connection with customer service, which includes contact with the customer in order to answer the inquiry via e-mail, the contact form is Article. 6 par. 1 lit. and GDPR or consent for processing. If a contract is concluded after the contact, the data will be processed pursuant to Article 6 paragraph 1 letter b of the GDPR. The legal basis for the processing after the eventual termination of contact will be a justified purpose in the form of archiving correspondence for the purpose of showing its course in the future (pursuant to Article 6 paragraph 1 point f of the GDPR).
REGISTRATION OF ACCOUNT
8. Data of the User who, when creating an account will register in the online store, will be collected on the basis of the consent for processing (Article 6 paragraph 1 point a and GDPR). When the User decides to conclude the contract, the data will be processed on the basis of art. 6 par. 1 lit. b THE GDPR. In addition, according to art. 6 par. 1 lit. f GDPR - processing is necessary for purposes resulting from legitimate interests pursued by the administrator.
9. The account is created by filling out the registration form and providing basic personal data, e-mail address, etc., as well as a password consisting of the type of signs and their quantity consistent with the guidelines. Creating an account is free and requires consent to provide data by the User and confirm read the privacy policy of the store.
EXECUTION OF THE CONTRACT
10. By placing an order in the online store, the Customer provides personal data that is used to perform the contract, that is in connection with the implementation of the contract (art.6 paragraph. 1 letter b GDPR), invoice issuance and other activities related to tax law (Article 6 (1) (c)). For archival and statistical purposes, the data will be processed on the basis of the justified interest of the Administrator (Article 6 (1) letter f of the GDPR).
11. The basis for the processing of data to establish, assert or defend claims that may be raised by the Administrator or which may be raised against the Administrator is Art. 6 par. 1 lit. f GDPR.
12. Data about orders will be processed for the time necessary to perform the contract, and then until the expiry of the period of limitation of claims under the contract. In addition, after this date, the data can still be processed for statistical purposes.
NEWSLETTER
13. As part of the functionality on the website of the online store, the newsletter service is available. The data provided in relation to the subscription to the newsletter is used only for sending the newsletter, based on the expressed consent (pursuant to Article 6 paragraph 1 letter a). The legal basis for the processing after the eventual termination of contact and sending of the newsletter will be justified by the purpose of archiving correspondence for the purpose of showing its course in the future (pursuant to Article 6 paragraph 1 point f of the GDPR).
14. The voluntary consent to send a newsletter or commercial information may be withdrawn at any time at the request of the Customer / User who will be sent via e-mail. The administrator, after receiving such a request immediately, no later than within 48 hours from the moment of receiving information about the withdrawal of consent, deletes the data of the Customer / User from the contact database, used for the transmission of commercial information by electronic means.
15. As part of the newsletter service, you can correct your data stored in the database at any time, request their removal, resign from receiving the newsletter and also use the right to transfer the data referred to in Article. 20 GDPR.
CONTACT FORM
16. As part of the online store functionality, the Administrator provides the option of contacting him using an interactive form. Using the form requires providing personal data necessary to contact the User and answer the questions contained in the form. The user may also provide other data to facilitate the contact or ordering of the service. Providing data marked as mandatory is required in order to service the request and / or accept the order, and failure to do so may result in the inability to service it. Providing other data is voluntary.
17. The basis for data processing in connection with the use of the contact form is art. 6 par. 1 lit. and GDPR, or consent to processing.
18. In order to identify the sender and handle his inquiry sent by the provided form - the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6 (1) (b) of the GDPR).
19. The legal basis for processing after the eventual termination of contact will be a justified purpose in the form of archiving correspondence for the purpose of proving its course in the future (pursuant to art.6 par.1 letter f of the GDPR).
Fanpage
20. The Seller makes available to the Users via Facebook a fanpage whose administrator is himself or a person designated (authorized) to perform this function. Through the fanpage, the User can add comments, posts as a guest, use the "Like" or "Share" functions.
21. Via the fanpage, the User may be redirected to the Seller's store page and make a purchase.
22. The basis for the processing of data within the framework of the fanpage, and necessary to manage it and for statistical purposes, consisting among others in the analysis of data collected automatically when using the website, including cookies, is justified by the administrator's interest pursuant to art. 6 par. 1 lit. f GDPR.
23. The basis for the processing of personal data in connection with posting comments is consent pursuant to art. 6 par. 1 lit. and GDPR.
24. As part of the fanpage, the Customer / User may stop watching it at any time. Discontinuation of observation means that content from the Administrator related to the fan page will no longer be displayed.
25. The Administrator informs that he processes the following personal data: name, surname, general information, which were posted by the User / Client on his profile on the social networking site Facebook.
26. Personal data will be processed during the period of running a fanpage or until the consent is withdrawn.
27. The administrator informs that personal data collected as part of the fanpage can be transferred to the United States by saving them in a database located on an American server. Facebook, Inc. is an entity established both in a third country - in the United States and in Irland who joined Privacy Shield and thus guarantees an adequate level of protection of personal data required by European regulations.
GOOGLE ADS
28. The administrator informs that using Google Ads, he promotes the online store's website in search results and on third party websites. In an automatic manner, when visiting the shop's website, each Visitor's device is left with the so-called Google's cookie remarketing file, which uses a pseudonymous ID (ID) and lets you display interest-based ads based on the pages viewed by the visitor.
29. The Google Ads service is provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, which has joined Privacy Shield to ensure the appropriate level of protection of personal data as required by European law.
§ 5
Rights of data subjects
GDPR gives clients / users the rights in question, their list is given below. They are provided without any reason, but they are not absolute and will not be entitled to any processing of personal data. In a situation where the Client / User will want to fulfill any of his rights, he may at any time send a declaration of will to the e-mail address of the online store or the address of the Administrator's office.
I. The right of access to data implemented on the basis of art. 15 THE GDPR.
The Customer / User may report to the Administrator at any time to confirm whether his data is being processed, and if so, the Customer has the right:
• to gain access to personal data,
• to receive information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of the data, the planned period of customer / user data storage or criteria for determining this period (when it is not possible to determine the planned data processing period), about the rights The Client / User under the GDPR (when it is not possible to determine the planned data processing period), the rights of the Customer under the GDPR and the right to lodge a complaint to the supervisory authority, the source of such data, automated decision making, including profiling and safeguards applied in connection with the transfer of these data outside the European Union,
• to obtain a copy of your personal data.
II. The right to rectify data implemented on the basis of art. 16 THE GDPR.
The Customer / User has the right to request the Administrator to rectify his personal data immediately, which is incorrect. He also has the right to request supplementing his personal data. To correct or supplement your personal data, please send information to the e-mail address of the online store.
III. The right to delete data ("the right to be forgotten") - implemented on the basis of art. 17 THE GDPR.
a) the Customer / User may request the Administrator to delete all or some of his data,
b) The Customer / User has the right to request the deletion of his personal data if:
• personal data are no longer necessary for the purposes for which they were collected or processed,
• withdrew a specific consent to the extent to which personal data was processed based on the consent of the Client / User,
• objected to the use of their data for marketing purposes,
• personal data was processed unlawfully,
• personal data must be removed in order to comply with the legal obligation provided for by Union law or the law of the Member State to which the Administrator is subject,
• personal data has been collected in connection with offering information society services, c) despite the Customer / User requesting the deletion of personal data in connection with opposition or withdrawal of consent, the Administrator may keep some personal data to the extent that processing is necessary to establish , pursuing or defending claims, as well as to comply with a legal obligation requiring processing under Union law or the law of the Member State to which the Administrator belongs,
d) deletion of personal data or cessation of processing by the Administrator may result in the inability to provide services provided via the online store or limiting the possibility of using the functionality of the online store.
IV. Expressing consent to the processing of personal data and the right to withdraw consent based on art. 7. paragraph 3 GDPR
a) the Customer / User accepting the statements placed by the Administrator in an interactive form available on the online store, consents to the processing of their data for specific purposes,
b) The Customer / User has the option of consenting to the processing of his data for additional purposes by accepting optional statements proposed in the forms available on the online store website,
c) the Customer has the right to withdraw any consent he gave to the Administrator, withdrawal of consent will have effect from the moment of withdrawal of consent,
d) withdrawal of consent will not result in any negative consequences for the client, but may prevent further use of services or functionality that the Administrator may provide according to the law only with consent,
e) withdrawal of consent does not affect the processing of personal data carried out by the Administrator in accordance with the law before its withdrawal.
V. The right to object to data processing carried out pursuant to art. 21 THE GDPR
a) the Customer / User has the right to object at any time for reasons related to his special situation in relation to the processing of his personal data, including profiling, if the Administrator processes personal data based on a legitimate interest,
b) sent by the Customer / User in the form of an e-mail message, resignation from receiving marketing information about products and services means the Customer / User's objection to the processing of his data, including profiling these purposes,
c) if the Administrator has no other legal basis allowing for the processing of the Customer / User's data, and the objection will prove justified, the personal data against which the objection was raised will be removed.
VI. The right to submit a request to limit the processing of personal data carried out on the basis of art. 18 GDPR.
The Customer / User has the right to request the restriction of his personal data when:
a) questions the correctness of your personal data - the personal data administrator will limit the processing of personal data for a period of time to check the correctness of such data,
b) the processing of personal data of the Client / User is unlawful, and instead of deleting personal data, the Customer / User requests the restriction of the processing of his personal data,
c) the personal data of the Customer / User ceased to be needed for processing purposes, but they are needed to establish, assert or defend the claims of the Customer / User,
d) when the Client / User has objected to the processing of his personal data - then the processing limit is limited until it is determined whether the legitimate interests of the Administrator of personal data override the grounds indicated in the objection of the Client / User.
VII. The right to request the transfer of personal data (Article 20 of the GDPR)
The Customer / User has the right to receive from the Administrator his personal data in a structured, commonly used machine-readable format and to transfer them to another Administrator of personal data.
The Customer / User also has the right to request that the Administrator of personal data directly send the personal data of the Client / User to another Administrator (if it is technically possible).
VIII. The Customer also has the right to lodge a complaint to the President of the Office for Personal Data Protection in the scope of violation of his rights to the protection of personal data or other rights granted under the GDPR.
§ 6
Profiling
1. The Administrator, as part of running an online store, may use profiling for purposes related to direct marketing, i.e. sending a rebate code or granting a discount to a person, displaying a specific advertisement based on his previous activity on the store website, sending a product proposal that may correspond to person's preferences or interests.
2. Despite using the profiling by the Administrator, however, the final, free decision regarding, for example, taking advantage of the proposed discount and making a purchase in a given online store is taken by the given Person.
3. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling and causes legal effects or similar affects with that Person.
§ 7
Cookies policy, operational data and analytics
1. The online store uses small files called cookies (cookies), they are saved and stored on the computer or other end device of the Shop Users and Customers, if the web browser allows it. Cookies usually contain the name of the domain from which they originate, their storage time on the Device and the assigned value.
2. Cookies are used to optimize the process of using the store's website in order to collect statistical data that allow to identify the use of Users from the online store website, which allows improving the structure of the online store. They are also necessary to maintain the client's session after leaving the online store.
3. The administrator uses two types of cookies:
a) session cookies (temporary): they are stored on the final device client and stay there until the browser session ends. The saved information is then permanently deleted from the device's memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the Customer's device,
b) permanent cookies: they are stored on the Customer's device and remain there until they are deleted. Ending the session of a given browser or turning off the device does not delete them from the client's device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the Customer's device.
4. The service administrator uses external cookies in order to:
a) collecting general and anonymous static data via analytical tools: Google Analytics (the cookie administrator is Google Inc., based in the United States).
5. The administrator uses the Google Analitycs tracking code to analyze the statistics of the online store website and to manage Ads ads. Detailed information about Google Analytics can be found at https://support.google.com/analytics/answer/6004245.
6. The Customer may change the cookie settings at any time using the web browser he uses, including the possibility of blocking the collection of cookies. Such action may make it difficult or impossible to use the services and tools of the online store, including making it impossible to place an order.
7. If the Customer decides that he does not agree to the use of cookie peaks for the purposes described above, he may delete them manually at any time. Detailed instructions on how to proceed and information about cookies are included in the browser's help menu, which is currently used by the client. Examples of Internet browsers that support these cookies are: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
8. Some third party entities operating as part of an online store allow Users to withdraw their consent to collect and use data for advertising purposes based on customer activity. More information on this topic and the option of making a choice can be found, for example, on the website: www.youronlinechoices.com. Sharing Google Analytics with activity information on the online store's website can be blocked by means of the share provided by Google Inc. the browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en.
§ 8
Final Provisions
1. This privacy policy contains links to other websites, it is recommended to familiarize with the privacy policies and regulations of these websites.
2. The above privacy policy applies only to the Administrator's online store.
3. It is possible to extend the offer of an online store, which creates the possibility to change the content of the privacy policy, as you will be informed by an appropriate message on the store's website.
4. If you have additional questions regarding the privacy policy of the online store, please send an email to the email address 4lck@4lck.com provided by the Administrator.