PRIVACY POLICY OF THE ONLINE STORE
[photonroof.eu]
§ 1
GENERAL PROVISIONS
1. The controller of personal data collected via the online store photonroof.eu is PHOTONROOF PSA, Zaczernie 190G, 36-062 Zaczernie, REGON: 526979867,
VAT ID (NIP): 5170441473, KRS: 0001070029, hereinafter referred to as the "Controller" and simultaneously being the "Service Provider".
2. The personal data collected by the Controller via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.
3. All words or expressions written with a capital letter in this Privacy Policy should be understood according to their definition contained in the Terms and Conditions of the online store photonroof.eu.
§ 2
TYPES OF PERSONAL DATA PROCESSED, PURPOSE, AND SCOPE OF DATA COLLECTION
1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes the personal data of Users of the photonroof.eu Store in the case of:
1.1. Registration of an Account in the Store, to create an individual account and manage it, based on Article 6(1)(b) GDPR (performance of a contract for the provision of electronic services in accordance with the Store's Terms and Conditions),
1.2. Placing an order in the Store, to perform the sales contract, based on Article 6(1)(b) GDPR (performance of the sales contract).
1.3. Using the Contact Form, to send a message to the Controller, based on Article 6(1)(f) GDPR (legitimate interest of the enterprise).
2. TYPES OF PERSONAL DATA PROCESSED. The User provides, in the case of:
2.1. Account: name and surname, login, address, email address.
2.2. Order: name and surname, address, VAT ID (NIP), email address, phone number.
2.3. Contact Form: first name, email address.
3. PERIOD OF ARCHIVING PERSONAL DATA. The personal data of Users are stored by the Controller:
3.1. In the case where the basis for data processing is the performance of a contract, as long as it is necessary to perform the contract, and after that time, for a period corresponding to the statute of limitations for claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic performances and claims related to conducting business activities—three years.
3.2. In the case where the basis for data processing is consent, as long as the consent is not withdrawn, and after the withdrawal of consent, for a period corresponding to the statute of limitations for claims that may be raised by the Controller and which may be raised against him. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic performances and claims related to conducting business activities—three years.
4. During the use of the Store, additional information may be collected, in particular: the IP address assigned to the User's computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
5. Upon separate consent, based on Article 6(1)(a) GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes—respectively in connection with Article 10(2) of the Act of 18 July 2002 on the provision of electronic services or Article 172(1) of the Act of 16 July 2004—Telecommunications Law, including those directed as a result of profiling, provided that the User has given appropriate consent.
6. Navigation data may also be collected from Users, including information about links and references they decide to click or other actions taken in the Store. The legal basis for such activities is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of facilitating the use of electronic services and improving the functionality of these services.
7. The provision of personal data by the User is voluntary.
8. The Controller exercises special diligence to protect the interests of persons whose data concern, and in particular ensures that the data collected by him are:
8.1. Processed lawfully,
8.2. Collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes,
8.3. Factually correct and adequate in relation to the purposes for which they are processed, and stored in a form that permits identification of the data subjects, no longer than necessary to achieve the purpose of processing.
§ 3
DISCLOSURE OF PERSONAL DATA
1. Personal data of Users are transferred to service providers used by the Controller in running the Store, in particular to:
1.1. Entities executing the delivery of Products,
1.2. Payment system providers,
1.3. Accounting office,
1.4. Hosting provider,
1.5. Providers of software enabling business operations,
1.6. Entities providing mailing systems,
1.7. Provider of software needed to run the online store.
2. The service providers referred to in point 1 of this paragraph, to whom personal data are transferred, depending on contractual arrangements and circumstances, either act on the instructions of the Controller regarding the purposes and methods of processing these data (processors) or determine the purposes and methods of their processing themselves (controllers).
3. The personal data of Users are stored only within the European Economic Area (EEA), subject to §5 point 5 and §6 of the Privacy Policy.
§ 4
RIGHT TO CONTROL, ACCESS, AND RECTIFY YOUR OWN DATA
1. The person whose data concern has the right to access their personal data and the right to rectify, delete, limit processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the legality of the processing carried out on the basis of consent before its withdrawal.
2. Legal basis of the User's request:
2.1. Access to data – Article 15 GDPR.
2.2. Rectification of data – Article 16 GDPR.
2.3. Deletion of data (the "right to be forgotten") – Article 17 GDPR.
2.4. Restriction of processing – Article 18 GDPR.
2.5. Data portability – Article 20 GDPR.
2.6. Objection – Article 21 GDPR.
2.7. Withdrawal of consent – Article 7(3) GDPR.
3. To exercise the rights referred to in point 2, you can send an appropriate email to: info@photonroof.eu.
4. In the event that the User exercises the rights arising from the above, the Controller fulfills the request or refuses to fulfill it immediately, but no later than within one month after receiving it. However, if—due to the complex nature of the request or the number of requests—the Controller is unable to fulfill the request within a month, he will fulfill it within the next two months, informing the User in advance within one month of receiving the request about the intended extension of the deadline and its reasons.
5. In the event that it is found that the processing of personal data violates the provisions of the GDPR, the person whose data concern has the right to file a complaint to the President of the Personal Data Protection Office.
§ 5
"COOKIES" FILES
1. The Controller's website uses "cookies" files.
2. The installation of "cookies" is necessary for the proper provision of services on the Store's website. "Cookies" contain information necessary for the proper functioning of the website and also allow for compiling general visit statistics of the website.
3. Within the website, two types of "cookies" are used: "session" and "persistent".
3.1. "Session" cookies are temporary files that are stored on the User's end device until logging out (leaving the website).
3.2. "Persistent" cookies are stored on the User's end device for the time specified in the parameters of the cookies or until they are deleted by the User.
4. The Controller uses its own cookies to better understand how Users interact with the website content. Cookies collect information about how the User uses the website, the type of website from which the User was redirected, and the number of visits and time of the User's visit to the website. This information does not record specific personal data of the User but is used to compile statistics on the use of the website.
5. The Controller also uses external cookies to collect general and anonymous statistical data via analytical tools Google Analytics (external cookies administrator: Google LLC based in the USA).
6. Cookies may also be used by advertising networks, in particular the Google network, to display ads tailored to the way the User uses the Store. For this purpose, they may retain information about the User's navigation path or time spent on a given page.
7. The User has the right to decide on the access of "cookies" to his computer through:
7.1. Selecting the types of cookies he consents to collect immediately after entering the Store's website and the appearance of a message regarding cookies,
7.2. Changing the settings in his browser window. Detailed information about the possibilities and ways of handling "cookies" are also available in the settings of the software (web browser).
§ 6
ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE STORE
1. The Store uses so-called social plugins ("plugins") of social networks. When displaying the website of photonroof.eu containing such a plugin, the User's browser establishes a direct connection with Facebook servers.
2. The content of the plugin is transmitted by the given service provider directly to the User's browser and integrated with the website. Thanks to this integration, service providers receive information that the User's browser has displayed the photonroof.eu website, even if the User does not have a profile with the given service provider or is not currently logged in there. Such information (along with the User's IP address) is sent by the browser directly to the server of the given service provider (some servers are located in the USA) and stored there.
3. If the User logs in to one of the above social networks, the service provider will be able to directly assign the visit to the photonroof.eu website to the User's profile in the given social network.
4. If the User uses a given plugin, e.g., by clicking the "Like" or "Share" button, the relevant information will also be sent directly to the server of the given service provider and stored there.
5. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and the User's rights in this regard and the possibility of making settings ensuring the protection of the User's privacy, have been described in the privacy policy of the service provider: https://www.facebook.com/policy.php
6. If the User does not want social networks to assign the data collected during visits to the photonroof.eu website directly to their profile in the given service, they must log out of that service before visiting the photonroof.eu website. The User can also completely prevent plugins from loading on the website by using appropriate extensions for the browser, e.g., script blocking using "NoScript".
7. The Controller uses remarketing tools on its website, i.e., Google Ads, which involves the use of Google LLC cookies regarding the Google Ads service. Within the mechanism for managing cookie settings, the User can decide whether the Service Provider will be able to use Google Ads (external cookies administrator: Google Inc. based in the USA) in relation to them.
§ 7
FINAL PROVISIONS
1. The Controller applies technical and organizational measures ensuring the protection of processed personal data appropriate to the threats and categories of data protected, and in particular secures data against unauthorized disclosure, takeover by an unauthorized person, processing in violation of applicable regulations, and alteration, loss, damage, or destruction.
2. The Controller provides appropriate technical means preventing the acquisition and modification by unauthorized persons of personal data sent electronically.
3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.