ONLINE STORE WWW.PLATABAG.COM
The Controller of personal data collected via the Online Store is Polska Grupa Słoń Torbalski Sp. z o. o. NIP: 679-274-25-64, Regon: 356586808, KRS: 148628 – hereinafter referred to as the “Controller” and being at the same time the Online Store Service Provider and the Seller.
Personal data in the Online Store are processed by the Controller in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation“. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the Service Recipient or Customer using the Online Store is voluntary, subject to two exceptions:
(2) statutory obligations of the Controller – providing personal data is a statutory requirement resulting from generally applicable laws imposing on the Controller the obligation to process personal data (e.g. data processing for the purpose of keeping tax or accounting books) and failure to provide them will prevent the Controller from fulfilling these obligations.
The Controller takes special care to protect the interests of persons to whom the personal data processed by him relates, and in particular is responsible and ensures that the data collected by him are:
(1) processed in accordance with the law;
(2) collected for specified, lawful purposes and not subjected to further processing inconsistent with these purposes;
(3) factually correct and adequate in relation to the purposes for which they are processed;
(4) stored in a form that allows the identification of data subjects for no longer than it is necessary to achieve the purpose of processing, and
(5) processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with varying likelihood and severity, the Controller implements appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Controller uses technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
GROUNDS FOR DATA PROCESSING
The Controller is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met:
(1) the data subject has consented to the processing of his personal data in one or more number of specific goals;
(2) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
(3) processing is necessary to fulfill the legal obligation imposed on the Controller; or
(4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data , in particular when the data subject is a child.
PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
Each time, the purpose, basis and period as well as the recipient of personal data processed by the Controller result from the actions taken by a given Service Recipient or Customer in the Online Store or by the Controller. For example, if the Customer decides to make purchases in the Online Store and selects personal collection of the purchased Product instead of courier delivery, his personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier performing the shipment at the request of the Controller.
DATA RECIPIENTS IN THE ONLINE STORE
For the proper functioning of the Online Store, including the implementation of concluded Sales Agreements, it is necessary for the Controller to use the services of external entities (such as e.g. software provider, courier or payment service provider). The Controller uses only the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
- carriers / forwarders / courier brokers / entities servicing the warehouse and/or shipping process – in the case of a Customer who uses the Online Store with the method of delivery of the Product by post or courier, the Controller provides the Customer’s collected personal data to the selected carrier, forwarder or intermediary performing shipments at the request of the Controller, and if the shipment is from an external warehouse – to the entity servicing the warehouse and / or shipping process – to the extent necessary to complete the delivery of the Product to the Customer.
- entities servicing electronic payments or by payment card – in the case of a Customer who uses the Online Store with the method of electronic payments or by payment card, the Controller provides the Customer’s collected personal data to the selected entity servicing the above payments in the Online Store at the request of the Controller to the extent necessary to handle payments made by the Customer .
- providers of social plugins, scripts and other similar tools placed on the Online Store website that enable the browser of the person visiting the Online Store website to download content from the providers of the aforementioned plugins (e.g. logging in using social network login details) and transferring personal data of the visitor to these providers for this purpose , including:
- Facebook Ireland Ltd. – The Controller uses Facebook social plugins on the Online Store website (e.g. the Like button, Share or login using Facebook login details) and therefore collects and provides personal data of the Service Recipient using the Online Store website to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy rules available here: https://www.facebook.com/about/privacy/ (data these include information about activities on the Store’s website Internet – including information about the device, visited websites, purchases, displayed ads and how to use services – regardless of whether the Service Recipient has a Facebook account and is logged in to Facebook).
PROFILING IN THE ONLINE STORE
The Controller may use profiling for direct marketing purposes in the Online Store, but decisions made on its basis by the Controller do not concern the conclusion or refusal to conclude a Sales Agreement, or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, granting a given person a discount, sending them a discount code, reminding them about unfinished purchases, sending a Product proposal that may match the interests or preferences of a given person, or offering better conditions compared to the standard offer of the Online Store . Despite profiling, it is the person who freely decides whether he or she will want to take advantage of the discount received in this way, or better conditions and make a purchase in the Online Store.
Profiling in the Online Store consists in the automatic analysis or forecasting of a given person’s behavior on the Online Store website, e.g. by adding a specific Product to the basket, browsing the page of a specific Product in the Online Store, or by analyzing the previous history of purchases made in the Online Store. The condition for such profiling is that the Controller has the personal data of a given person in order to be able to send him, for example, a discount code.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
YOUR RIGHTS UNDER GDPR
- The right to access, rectify, limit, delete or transfer – the data subject has the right to request the Controller to access his personal data, rectify it, delete it (“the right to be forgotten”) or limit processing and has the right to object to the processing, and has the right to transfer his data. Detailed conditions for the exercise of the above-mentioned rights are indicated in art. 15-21 of the GDPR Regulation.
- The right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of consent (pursuant to art. 6 par. 1 letter a) or art. 9 sec. 2 lit. a) of the GDPR Regulation), it has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
- The right to lodge a complaint to the supervisory body – the person whose data is processed by the Controller has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Office for Personal Data Protection.
- Right to object – the data subject has the right to object at any time – for reasons related to his particular situation – to the processing of personal data concerning him based on art. 6 sec. 1 lit. e) (public interest or tasks) or f) (legitimate interest of the Controller), including profiling based on these provisions. In this case, the Controller is no longer allowed to process this personal data, unless he demonstrates the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.
- The right to object to direct marketing –if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing purposes, including profiling, to the extent that to which the processing is related to such direct marketing.
COOKIES IN THE ONLINE STORE AND ANALYTICS
Cookie files (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store website (e.g. on the hard drive of a computer, laptop or smartphone memory card – depending on what device the visitor to our Online Store uses). Detailed information on cookies, as well as the history of their creation, can be found, among others, at here: https://pl.wikipedia.org/wiki/HTTP_cookie.
By default, most web browsers available on the market accept cookies by default. Everyone has the option of specifying the terms of using cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving Cookies – in the latter case, however, it may affect some of the functionalities of the Online Store (for example, it may not be possible to complete the Order path through the Order Form due to for not remembering the Products in the basket during the next steps of placing the Order).
Controller may use Google Analytics and Universal Analytics services in the Online Store provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller keep statistics and analyze traffic in the Online Store. The collected data is processed as part of the above services to generate statistics helpful in administering the Online Store and analyzing traffic in the Online Store. These data are aggregated. The Controller, using the above services in the Online Store, collects data such as sources and medium of acquiring visitors to the Online Store and the manner of their behavior on the Online Store website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age gender) and interests.
It is possible for a given person to easily block sharing information with Google Analytics about their activity on the Online Store website – for this purpose, you can, for example, install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google. com/dlpage/gaoptout?hl=en.
The Controller may use the Facebook Pixel service in the Online Store provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller measure the effectiveness of advertisements and find out what actions visitors to the Online Store take, as well as display tailored advertisements to these people. Detailed information on the operation of the Facebook Pixel can be found at the following internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
Managing the operation of the Facebook Pixel is possible by setting ads in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.