§ 1. General Provisions
- The Data Controler of personal data collected via the HiHybrid.pl Online Store is Nesperta sp. z o.o. with its registered office in Poznań, 60-149, ul. Jugosłowiańska 43, – hereinafter referred to as the "Controller".
- Personal data in the Online Store are processed by the Controller in accordance with the applicable laws, in particular:
- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as the "GDPR",
- The Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws of 2019, item 1781),
- the Act of 14 December 2018 on the Protection of personal data processed in connection with the preventing and combating criminal activity (Journal of Laws 2019 item 125),
- the Act of 18 July 2002 on the Providing Services by Electronic Means (Journal of Laws of 2020, item 344),
- the Act of 16 July 2004. Telecommunications law (Journal of Laws of 2019 item 2460 as amended),
- the Act of 30 May 2014 on Consumer Rights (Journal of Laws of 2020, item 287),
- 23 April 1964. Civil Code (Journal of Laws of 2020, item 1740).
- The contact person in the field of personal data protection on the part of the Controller is the Data Protection Officer Michał Labocha, to whom correspondence including requests related to the exercise of the data subject's rights can be sent to the e-mail address: firstname.lastname@example.org.
§ 2. PURPOSE, SCOPE, GROUNDS AND DURATION OF PROCESSING OF PERSONAL DATA
- The Controller processes personal data in the following cases:
- to provide marketing services for own products (Article 6 (1) point f) of the GDPR), including: displaying to the Buyer marketing content not adapted to his preferences (contextual advertising), displaying marketing content to the Buyer in accordance with his interests (behavioral advertising), sending e-mail notifications about interesting offers or content containing commercial information, conducting other activities in connection with direct marketing of goods and services, and sending commercial information by e-mail, SMS, MMS, phone and other advertising and telemarketing activities, including the provision of a newsletter service with the consent of the person concerned (Article 6 (1) point a) of the GDPR). For this purpose, the Controller processes the following data: name, e-mail address, telephone number, until an objection is raised or in the case of a newsletter until the consent is withdrawn.
- to create a customer account (Article 6 (1) point a) of the GDPR) and to conclude and perform a contract, including claims handling (Article 6 (1) point a) and b) of the GDPR). The Controller processes the following data for this purpose: name or company, e-mail address, telephone number, address of residence or registered office, delivery address, if different from the address of residence or registered office, TAX ID number, IP address, cookies, order number and bank account number. The data are processed for the period necessary for the perform, expire or terminate of the contract or claim.
- in order to handle messages via the contact form (Article 6 (1) point a) of the GDPR), the Controller processes the following data: name, e-mail address, telephone number for the period necessary to carry out the answers and tasks related to the functioning of the online store or until the consent is withdrawn.
- in order to provide the service Online reservation and perform of the contract (Article 6 (1) point b) of the GDPR), the Controller processes the following data: name, date of birth, e-mail address, telephone number, choice of dietary center, type of visit, date of visit. The data are processed for the period necessary for the perform, expire or terminate of the contract or claim.
- for analytical and statistical purposes for the improve the services and for security, including information technology and the prevention and fight against fraud attempts (Article 6 (1) point f) of the GDPR), the Controller processes the following data: IP address or other identifiers and information collected through cookies or other similar technologies. This data will be processed for the period necessary to carry out tasks related to the functioning of the online store or to clarify incidents.
- in order to comply with the obligations imposed on the entrepreneur by the relevant provisions (Article 6 (1) point a) and c) of the GDPR). The Controller processes the following data: name, company name, e-mail address, telephone number, address of residence or registered office, delivery address, if different from the private address or business address and tax identification number, order number and bank account number. The data will be processed for the period indicated by law.
§ 3. RECIPIENTS OF DATA PROVIDED TO THE CONTROLLER
- Buyer's personal data may be transferred to the following recipients or categories of recipients:
- to carriers, forwarders, couriers, postal operators – in the case of a Buyer who uses the method of delivery of the Product in the Online Store by post or courier. The Controller provides the personal data of the Buyer to the selected carrier, forwarder, intermediary or postal operator, executing shipments on behalf of the Controller to the extent necessary to deliver the Product to the Buyer,
- to entities handling electronic payments or payment card – in the case of the Buyer, who uses the electronic payment method or payment card in the Online Store, the Controller provides the personal data of the Buyer to the selected entity, handling the above payments in the Online Store on behalf of the Controller to the extent necessary to handle the payment made by the Buyer,
§ 4. TRANSFER OF PERSONAL DATA TO OTHER ENTITIES, INCLUDING OUTSIDE THE EUROPEAN ECONOMIC AREA
- The Controller does not transfer the processed personal data to third parties, with the exception of entities processing personal data on behalf of the Controller and where such transfer is necessary due to legal regulations (at the request of authorized state authorities), in which case the scope of the data is limited to the data necessary for the purpose of sharing.
- Entities with which the Controller cooperates with your consent (Article 6 (1) point. a) of the GDPR), including Google or Facebook, are established in countries of the European Economic Area (EEA) or in Switzerland, recognized as a country meeting an adequate level of protection of personal data, so the level of data protection in these countries is the same as in Poland. For other entities established outside the EEA, irrespective of your consent the Controller shall verify before cooperating whether they guarantee an appropriate level of protection of the personal data processed, in accordance with Decision 2010/87/EC of 5 February 2010 adopted by the Commission (EU) on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council (OJ L 2010.39.5, version from: 17 December 2016), and taking into account those adopted by the European Data Protection Board on 10 November 2020 Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data.
§ 5. PROFILING IN THE ONLINE STORE
- The Controller in the Online Store may use profiling, which means that thanks to the automatic processing of data, the Controller assesses selected factors concerning individuals in order to analyze their behavior or create a forecast for the future, including, to undertake marketing activities.
- Decisions taken on the basis of profiling do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using electronic services in the Online Store.
- Profiling consists in automatic analysis or forecast of the Buyer's behavior on the Website of the Online Store using cookies and historical data, stored in the Customer Account in order to assess the preferences and interests of the Buyer (e.g. by adding a specific Product to the shopping cart, browsing the page of a particular Product in the Online Store or by analyzing the previous history of purchases made).
- The data subject has the right not to be subject to a decision which is based solely on profiling or other automated processing and has the possibility to object to the profiling of his data.
§ 6. RIGHTS OF THE DATA SUBJECT
- The data subject shall have the following rights:
- to access,
- to rectification,
- to erasure,
- to restrictions on processing,
- to receive and transmit,
- to withdrawing consent, objecting to their processing, including profiling,
- if you have consented to the processing of your data, you can withdraw it at any time. Such withdrawal affects the admissibility of the processing of your personal data after withdrawal of consent. The withdraw shall not affect the lawfulness of the processing based on consent before its withdrawal.
- if the Controller bases the processing of your personal data on the legitimate interest pursued by the Controller, in particular pursuant to Article 6 (1) point f) of the GDPR, you can object to the processing. This is particularly the case when the processing is not necessary for the performance of the contract concluded with you, as referred to in § 2 as an end. By making such a request, you will be asked to explain the reasons why your personal data should not be processed by the Controller, who will check the situation and stop or adjust the processing of the data or indicate valid, legitimate reasons on the basis of which it will continue processing,
- you can, of course, object at any time to the processing of your personal data for direct marketing purposes; this also applies to profiling, inso far as it is related to such direct mail advertising,
- to lodge a complaint with a supervisory authority if it considers that the processing of its personal data violates the provisions of the GDPR.
- In order to exercise the above rights, you should contact the Controller by sending the relevant message in writing or by e-mail to the Controller's address, indicated in § 1 para 2 or 4 or using the Contact Form, available on the Website of the Online Store.
§ 7. COOKIES, OPERATIONAL DATA AND ANALYTICS
- Cookies are small text information in the form of text files that are sent by the server and saved on the hard drive of the computer or smartphone memory belonging to the website user. They usually contain the name of the website they come from, the storage time on the end device and a unique number, but they may also contain personal data in the form of an IP address and a unique device identifier saved in the file.
- Cookies are designed to:
- enable the use of the various functions of the websites,
- create statistics and analyses that help to understand how users use websites, to improve their structure and content, and as a result to improve the use of websites,
- adapting the content of the websites to individual preferences. In particular, these files allow you to recognize the user's device of the pages and display the website accordingly, adapted to his individual needs.
- The Controller may process the data contained in cookies when using the website of the Online Store by visitors in order to:
- identify Buyers as logged-in users in the Customer Account and show that they are logged in,
- remember products added to shopping cart in order to place an Order,
- remember data from the order forms fill out or Account login details,
- adapting the content of the Online Store page to the individual preferences of the Buyer and optimizing the use of the Websites of the Online Store,
- keep anonymous statistics on how to use the Online Store website,
- research the behavior of visitors to the Online Store by anonymously analyzing their activities in order to create a profile and provide advertisements tailored to their anticipated interests.
- The Online Store uses session cookies, which are deleted after the closing of the web browser window, as well as persistent cookies, stored for a certain period of time in the devices through which the Buyer uses the Online Store.
- The following types of cookies are used in the Online Store:
- "Necessary" – these are basic cookies that enable the proper functioning of our website and the use of the most important functions and services available in the store, e.g. logging in, browsing the page of a particular product and adding the selected product to the shopping cart, comparing the purchase history, etc. Without these cookies, we cannot provide our own services.
- "Functional" – this cookies are used for a more personalized use of our website. For example, they allow you to "remember" the settings you have chosen and personalize the user interface, e.g. due to the language or region you choose, the appearance of the website. They may also be used to provide certain services, such as watching video content or leaving comments. Our services may not work properly if these cookies are disabled.
- "Marketing" – this cookies allows the delivery of advertising content more tailored to the interests of website users. This content is provided by us and/or advertisers who may combine the information collected on our website with other information collected as a result of your browser's activities on your website's network. If you delete or deactivate these cookies, your ads will continue to run. However, they may not be relevant to you and may not be relevant to you.
- "Analytical" – this cookies collect information used to analyze the traffic on our website and the use of our website by visitors. For example, they can see how long a user stays on a site or which pages they visit. This helps us understand how we can improve our website.
Below are the steps to change cookie settings in the most popular search engines:
- Chrome: "Settings" > "Privacy and Security" > "Cookies and Other Site Data",
- Edge: "Settings" > Privacy, Search and Services",
- Firefox: "Options" > "Privacy and Security",
- Safari > "Preferences" > "Privacy".
- The Controller may use Google Analytics and Universal Analytics services provided by Google Ireland Limited in the online store. These services help the Controller to analyze data traffic in the online store. The collected data is processed anonymously as part of the above- mentioned services (so-called operational data, which do not allow the identification of any person) to generate statistics helpful in managing the online store. This data is aggregated and anonymous, i.e. it does not contain any identifying features (personal data) the person visiting the store's website. Through the above-mentioned services in the online store, the Controller collects data, such as the sources and medium by which visitors to the online store were obtained, as well as their behavior on the store's website, information about devices and browsers through the name of the Website visited, IP address and domain, geographical and demographic data (age, gender) and interests. The legal basis for using Google Analytics or Universal Analytics is your consent in accordance with Article 6 (1) point a) of the GDPR. You can prevent Google from collecting data generated by the Google (Universal) Analytics cookie related to your use of the website (including your IP address) and from processing this data using the browser available at the following link Download and install the plug-in:https://tools.google.com/dlpage/gaoptout?hl=en
You can prevent Google (Universal) Analytics from collecting your data, even while using the website on a mobile device, by clicking on the link below An opt-out cookie will be set to prevent your data from being collected when you visit this website in the future:
Information about a third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Data Protection Policy:https://policies.google.com/?hl=en
Data Protection Statement:https://policies.google.com/privacy?hl=en
- The Controller can use the Pixel service of Facebook Ireland Limited in the online store. This service helps the Controller measure the effectiveness of ads, learn about the activity of people visiting an online store and display ads tailored to them. When you redirect to our website by clicking on the relevant Facebook ad, a so-called pixel cookie is stored in your browser. This records your clicks and activity on our website and transfers the data collected to Facebook so that ads relevant to you may be displayed there in the future. We use the Facebook pixel in the so-called "enhanced data comparison mode." As a result, in addition to clicks and activity, your personal information is also transferred to Facebook. The legal basis for this data processing is your consent in accordance with Article 6 (1) point a) of the GDPR. You can prevent the storage of a pixel cookie by setting your browser settings accordingly; please note, however, that in this case you may not be able to take full advantage of all the features of this website. You can also prevent the Facebook pixel from collecting data when you use our website by clicking on the link below. A opt-out cookie is set that prevents you from recording your data when you visit this website in the future when you click on an ad placed on Facebook:
Deactivate the Facebook pixel:https://www.facebook.com/business/help/186134205381987 Third-party information: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland.
More information on the purpose and scope of data collection and processing by Facebook can be found in the Data Protection statement. You will also find further information about your rights and settings options to protect your privacy:
§ 8. SECURING PERSONAL DATA
- The Controller undertakes to protect the personal data processed in accordance with the applicable regulations, including their non-disclosure to third parties and to their processing only for the purposes specified above. This does not apply if personal data are made available, as previously indicated, to entities authorised to receive it under the relevant legislation.
- The Controller declares that makes every effort to provide the Buyer with a high level of security regarding the use of the Online Store and for this purpose applies:
- technical and organisational measures, in particular as regards the security of the processing of personal data,
- measures to ensure:
- a. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services,
- the ability to quickly restore the availability and access to personal data in the event of a physical
- technical incident,
- regularly testing, measuring and evaluating the effectiveness of technical and organisational measures to ensure the security of processing.
- Any events affecting the security of the processing of information and personal data, including suspected security breaches or disclosure of data to unauthorized persons, should be reported to the Controller at the following e-mail address: email@example.com