1. Who is the Controller of your Data?
2. How do we take care of your Data?
The Customer’s personal data is processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Official Journal of the EU No. L 119/1) (hereinafter also as: the “GDPR”) and other personal data protection regulations that are currently applicable, i.e. throughout the period of processing. Personal data shall mean information concerning an identified or identifiable natural person (hereinafter referred to as: the “Personal Data”). An identifiable natural person is a person who can be directly or indirectly identified, in particular, on the basis of an identifier such as the given name and surname, identification number, data concerning location, Internet ID or one or more specific factors describing the natural person’s physical, physiological, genetic, mental, economic, cultural or social identity. The Controller shall take special care for the purpose of protecting the data subjects’ interests, in particular, ensuring that the data collected by the Controller are:processed lawfully, fairly and in a transparent manner in relation to the data subject;collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;accurate and, where necessary, kept up to date; kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
3. For what purposes are the data concerning you used?
Each purpose and scope of the data processed by the Controller results from the Customer’s consent or provisions of law and is clarified as a result of the actions taken by the Customer in the Online Shop or within other channels of communication with the Customer. For example: (I) the Customer’s Personal Data may be processed for the purpose of awarding, presenting or giving offers and promotions dedicated for the Customer that are customised to the Customer's preferences to the maximum possible extent (which can affect the Customer significantly) only if the Customer has given consent thereto (the option is not available to persons who have not); (II) if the Customer decides not to pursue the purchase in the Online Shop and makes only a Reservation of the selected Goods, such Customer’s Personal Data shall not be transferred to the carrier delivering the shipments commissioned by the Controller.
Possible purposes of the processing of the Customers’ Personal Data by the Controller shall include, in particular:
1) conclusion and performance of the Contract for the Provision of Services (Account) or taking actions requested by the future Customer prior to such conclusion (we process your data in order to keep your Account so that you can enjoy the benefits it offers, such as ordering without the need to fill in the forms every single time, access to your shopping history, management of your consents in the service, etc., and to enable you to use other services available on our website);
2) conclusion and performance of the Contract for the Sale or taking actions requested by the future Customer prior to such conclusion (we need your data to complete your order and perform the concluded contract, in particular, to confirm that the order has been placed and a reservation has been made or that the selected Goods have been shipped, as well as to contact you);
3) receiving and handling complaints;
4) presenting advertisements, offers or promotions (discounts) relating to the goods or services of the Controller or its partners (the updated list of the partners is available in the Online Shop) that are dedicated to all recipients;
5) assessment and analysis of the Customer’s activity and information about the Customer, including within the automated processing of the Personal Data (profiling), for the purpose of presenting general advertisements, offers or promotions (discounts) relating to the goods or services of the Controller or its partners in a manner customised to that Customer’s interests (however, without significantly affecting the Customer’s decisions), as well as market and statistical analyses;
6) exercise and defence of claims, including third party claims - in the case of using most of the Online Shop’s functionality;
7) fulfilment of legal obligations resulting from the provisions of law, e.g. tax and accounting regulations, especially in the case of contracts against payment;
8) keeping correspondence with Customers, including replying to the Customers’ messages.In the case of an adult Customer, upon such Customer’s additional consent, the Personal Data may be also processed for the purpose of presenting, creating, awarding and executing advertisements, offers or promotions (discounts) dedicated to that Customer and relating to the goods or services of the Controller or its partners, that are to the maximum possible extent customised to the Customer’s preferences (profiling), as a result of automated decision-making, which could cause legal consequences for the Customer or significantly affect the Customer, e.g. through a short-term discount dedicated only for the Customer for specific Goods that the Customer has recently viewed in our shop (the option is not available to persons who are not of legal age or who have not given their consent thereto).
4. What data concerning you do we use exactly?
The Controller may process, in particular, the following Personal Data of the Customers using the Online Shop:
- Personal Data provided in the form of registration of an Account or while placing an order in the Online Shop (in particular, given name and surname; e-mail address; contact phone number; address [street name and number, apartment number, postal code, town, country], address of the place of residence/business/registered office [if different than the delivery address], bank account number, and, in the case of Customers who are not consumers, also the business name and tax identification number and other data collected during the use of the Online Shop;
- Personal Data provided in the contact form or provided while making a complaint;
- other data, in particular, data obtained on the basis of the Customer's activity on the Internet or in mobile applications, including the data obtained through the Online Shop or other channels of communication with the Customer, using cookies or similar technologies.
5. Are you obliged to provide us with your data and what are the consequences if you don’t?
The provision of Personal Data by the Customer in the Online Shop is voluntary, however, it is necessary for the use of particular functionality of our shop, for example, to place an Order and account for it (conclusion and performance of a Contract for the Sale) or register an Account (conclusion and performance of a Contract for the Provision of Services) or use our forms.
Each time, the scope of data required for the conclusion of a given contract shall be specified in the Online Shop (we indicate the data the provision of which is necessary in order to conclude the contract/ use a particular functionality) through other channels of communication with the Customer or in the Terms and Conditions. Non-provision of Personal Data may result in the impossibility to complete the above-mentioned actions.
6. On what legal basis do we use the information about you?
The basis of the processing of the Customer’s Personal Data is, most of all, the fact that it is necessary for the performance of the contract to which the customer is party or in order to take steps at the request of the customer prior to entering into the contract (Art. 6 (1) (b) of the GDPR). It concerns, above all, the Personal Data provided in the Account registration form, at the moment of placing the Orders and conclusion of a Contract for the Sale in the Online Shop. Also in the case of Personal Data provided to us in connection with a Customer’s complaint, the legal basis for the processing thereof is the need to complete / handle the contract for the sale of the goods being complained about.
In the case of processing of data for the above-mentioned marketing purposes, the basis for such processing is the fulfilment of purposes resulting from legitimate interests pursued by the Controller or its partners (Art. 6 (1) (f) of the GDPR), whereas in such case the partners do not participate in the processing of the Customer’s data). On the other hand, in the scope in which the Controller’s partners may have direct access to such information, the legal basis of such processing is the voluntary consent given by the Customer (Art. 6 (1) (a) of the GPDR). The legal basis of presenting, creating, awarding and executing advertisements, offers or promotions (discounts) dedicated to a given Customer that are based only on automated processing, including profiling, to the maximum possible extent customized to the Customer’s preferences, that could significantly affect the consumer decisions of the Customer, is the voluntary consent given by the Customer (Art. 6 (1) (a), Art. 22 (2) (c) of the GPDR). However, it concerns only adult Customers.
If for other purposes, the Customer’s Personal Data may be processed on the basis of:
1) voluntary consent - e.g. on the occasion of giving consent to other forms of marketing than specified above (Art. 6 (1) (a) of the GDPR);
2) applicable provisions of law - if the processing is necessary for fulfilment of a legal obligation to which the Controller is subject, e.g. where the Controller accounts for the concluded contracts for sale (Art. 6 (1) (c) of the GDPR);
3) the need for other purposes than those of the legitimate interests pursued by the Controller or a third party, in particular for the purpose of establishment, exercise or defence of legal claims, keeping of correspondence with Customers, also through contact forms (including replying to the Customers’ messages), market and statistical analyses (Art. 6 (1) (f) of the GDPR);
7. Is your data subject to profiling and what does it mean for you?
For the purposes of presenting general advertisements, offers or promotions (discounts) dedicated to all Customers in a manner customised to the preferences of a given Customer, the Controller may obtain information about such preferences, e.g. by analysing how frequently the Customer visits the Online Shop. It allows for a better understanding of the Customer’s expectations and customising to the Customer’s needs, however, without affecting the Customer’s decisions to a significant extent. Thanks to the Controller’s use of advanced technologies, the above actions will be frequently performed by the system in an automated manner, allowing for the contents to be more recent and for the Customer to see it sooner.
In the event of adult Customers, the above-mentioned analysis of interests or preferences will also serve the purpose of creating, awarding, executing of dedicated and to the maximum possible extent customised advertisements, offers or promotions (discounts) in an automated manner, which could cause legal consequences for the Customer or significantly affect the Customer, potentially limiting the access thereto by other Customers (the option shall not be available to Customers who are not of age and have not given their consent to such actions taken by the Controller). Our actions are different from the regular “profiling” (e.g. customising our messages and banners to your interests) in the way that the result thereof can significantly affect your choices as a consumer, e.g. the result thereof could be a very beneficial time-limited offer dedicated only to you on the basis of your shopping history and activity on our website, whereas other Customers of ours will not have access to such offer. The more frequently the given Customer uses the services of the Controller and purchases Goods from the Controller, the better the special offers and surprises could be prepared for the Customer.
8. To whom may we transfer your data?
Each and every list of recipients of the Personal Data processed by the Controller from time to time arises out of the scope of services used by the Customer.
The list of recipients of data results also from the consents given by the Customer or from the law, and shall be clarified as a result of actions taken by the Customer in the Online Shop.
The Controller’s partners may participate in the processing to a limited extent, in particular, those who provide technical help with the effective operation of the Online Shop, including the help with the sending of e-mails, and in the case of marketing actions -also in marketing campaigns), providers of hosting services or IT services, carriers or agents shipping the Orders, entities providing the service of electronic payments or payments by payment cards in the Online Shop, companies providing maintenance of the software, supporting the Controller in the marketing campaigns, as well as providers of legal and consultancy services.
9. Is your data transferred also to third countries (outside the European Economic Area)?
For the purposes of the Controller’s use of support tools for the current activity provided e.g. by Google, the Personal Data may be transferred to countries outside the European Economic Area, in particular to the United States of America (USA), Israel or another country where the cooperating entity receives the tools for the processing of personal Data with the cooperation of the Controller.
Proper protection of the Personal Data transferred has been ensured by the Controller by means of applying the standard data protection clauses adopted by the European Commission decision and contracts of entrusting the data to be processed in compliance with the GDPR requirements. In the event of transferring the data from Europe to the USA, some entities located there may additionally ensure a proper level of data protection under the so-called Privacy Shield (more information on this matter is available at https://www.privacyshield.gov/).
The Customer has the right to obtain a copy of the security measures applied by the Controller in relation to the transfer of Personal Data to third countries by contacting us.
10. What rights do you have?
At all times, each Customer has the following rights:
- the right to lodge a complaint with the President of the Office of Personal Data Protection;
- the right to transfer the Personal Data which the Customer provided to the Controller and which is processed by automated means, and the processing takes place on the basis of a consent or contract, e.g. to another controller;
the right to access the Personal Data (including, e.g. obtaining the information what Personal Data are processed), including, obtaining a copy of the Personal Data;
- the right to demand that the processing of Personal Data be rectified or restricted (e.g. if the Personal Data are inaccurate) or that the Personal Data be deleted (e.g. if they were processed unlawfully);
the right to withdraw the consent given to the Controller at any time, whereas such withdrawal does not affect the lawfulness of processing carried out by the Controller based on consent before its withdrawal.
- the right to oppose the processing of Personal Data concerning the Customer for the purposes of legitimate interests of the Controller or a third party, including, in particular, the processing for marketing purposes, including profiling (if there are no other important legitimate reasons for the processing above the interests of the Customer).
11. For how long will we keep your data?
The Personal Data may be stored for the duration of the use of the Online Shop (whereas they may be deleted after three years following the last activity of the Customer in the Online Shop), in the event of marketing activities - until the Customer opposes, and if related to cookies and similar technologies - depending on the technical issues - until the deletion of the files using the browser / device settings (whereas deletion of the files does not always mean deletion of the Personal Data obtained through the files, hence the possibility to oppose).
If the processing of Personal Data depends on the consent given by the Customer, such Personal Data may be processed until the consent has been withdrawn.
In each case:
1) the Personal Data will be kept also if the provisions of law (e.g. accounting or tax regulations) require the Controller to process such data;
2) we will keep the Personal Data for longer in case the Customer brings any claims against the Controller, for the purpose of exercise of claims by the Controller, or exercise or defence of third party claims, throughout the limitation period of such claims specified by the provisions of law, in particular, the Civil Code.
Depending on the scope of Personal Data and purposes of the processing, the Personal Data may be kept for various periods of time.
In each case, the longer period of storing the Personal Data shall prevail.
12. Will you be sent commercial information (e.g. to your e-mail address)?
The Controller has the technical possibility to communicate with the Customer remotely (e.g. by e-mail).
Commercial information concerning the commercial activity carried on by the Controller or entities working with the Controller may be sent only on the basis of a consent given by the Customer.
Cookies are information packets sent by web servers to web browsers, and stored by the web browsers.The information is then sent back to the server each time the browser requests a page from the server. This enables a web server to identify and track web browsers.There are two main kinds of cookies: session cookies and persistent cookies. Session cookies are deleted from your computer when you close your browser, whereas persistent cookies remain stored on your computer until deleted, or until they reach their expiry date.
Cookies on our website
Shoplo Sp. z o.o. - with registered address: Inflancka 4C, 00-189 Warsaw, Poland, uses the following cookies on this website, for the following purposes:
- session information persistence between user visits on service pages - the user is required to provide authorization only once when visiting pages
- user experience optimization by providing enhanced content to user visiting page
Most browsers allow you to refuse to accept cookies.In Internet Explorer, you can refuse all cookies by clicking "Tools", "Internet Options", "Privacy", and selecting “Block all cookies” using the sliding selector.In Firefox, you can adjust your cookies settings by clicking "Tools", "Options" and "Privacy". Blocking cookies will have a negative impact upon the usability of some websites.