Search
Your bag contains: 0 items
Free shipping and returns
Total
Shipping
€0,00
Tax included and shipping calculated at checkout
Privacy Policy
JAAF ONLINE STORE PRIVACY POLICY
This Privacy Policy (hereinafter referred to as “the Policy”) contains information concerning processing your personal data in connection with your use of JAAF Store at https://jaaf.com/ (hereinafter referred to as “the Store”).
All capitalized terms not otherwise defined in the Policy have the meaning defined in the Terms and Conditions available at https://jaaf.com/pages/terms-condtions.
Personal Data Controller
The controller of your personal data is JAAF spółka z ograniczoną odpowiedzialnością with its registered office in Olsztyn (address: ul. Leśna 24/17, 10-173 Olsztyn), entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court in Olsztyn, 8th Commercial Division of the National Court Register under KRS number: 0000971591, holding tax identification number (NIP): 7393968190, statistical number (REGON): 522028106, share capital of PLN 50,000.00 (fifty thousand zlotys) (hereinafter referred to as “the Controller”).
Contact with the Controller
In all matters related to the processing of personal data you can contact the Controller via email: customercare@jaaf.com.
Measures for personal data protection
The Controller uses modern organizational and technical safety measures to ensure the best possible protection of your personal data and ensures that they are processed in accordance with the provisions of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “the GDPR”), the Act of 10 May 2018 on the Protection of Personal Data and other personal data protection legislation.
Information on personal data being processed
Using the Store and our Services requires processing of your personal data. In the table below, you will find detailed information about the purposes and legal basis of the processing, the period of the processing as well as information whether the provision of your personal data is obligatory or voluntary.
Data processed for the purpose of the conclusion and performance of the contract for the provision of the Account Service
To the conclusion and performance of the contract for the provision of the Account Service, Controller will process following personal data:
1) name and surname;
2) e-mail address.
Pursuant to art. 6(1)(b) of the GDPR, the processing of the aforementioned data is necessary to perform the Agreement concluded with the data subject or to take steps to conclude this Agreement.
Providing the personal data is a condition for the conclusion and performance of the Account Service (the provision of such data is voluntary, but should you fail to provide your personal data, you will be unable to conclude and performed the above Agreement, including the creation of an Account).
The Controller will process the above personal data until statute of limitation on the claims arising from the above Agreement expires.
Data processed for the purpose of the conclusion and performance of the Sales Agreement
To the conclusion and performance of the Sales Agreement, Controller will process following personal data:
1) name and surname;
2) e-mail address;
3) billing address (street, house number, apartment number, city, postal code, country)
4) telephone number;
5) delivery address (if different from billing address);
6) optionally – company, NIP and business address (if the Buyer is an Entrepreneur or an Entrepreneur with Consumer rights).
Pursuant to art. 6(1)(b) of the GDPR, the processing of the aforementioned data is necessary to perform the Sales Agreement concluded with the data subject or to take steps to conclude this Sales Agreement.
Providing the personal data is a condition for the conclusion and performance of the Sales Agreement (the provision of such data is voluntary, but should you fail to provide your personal data, you will be unable to conclude and performed the above Agreement.
The Controller will process the above personal data until statute of limitation on the claims arising from the above Agreement expires.
Data processed for the purpose of the conducting a complaint procedure
To the conducting a complaint procedure, Controller will process following personal data:
1) name and surname;
2) e-mail address;
3) telephone number;
4) correspondence address (street, house number, apartment number, postal code, city, country).
Pursuant to art. 6(1)© of the GDPR, the processing is necessary for compliance with a legal obligation to which the Controller is subject. In this case, the obligations include:
a) respond to the complaint – Article 7a of the Consumer Rights Act;
b) implementation of the Customer’s rights resulting from the provisions on the Controller’s liability in the event of non-compliance of the physical Goods with the Sales Agreement or the Subject of Digital Services with the Agreement concerning it).
Providing the above personal data is voluntary, but it is necessary for the Controller to properly fulfil their obligations under the provisions on personal data protection, including exercising your rights under the GDPR (if you fail to provide the above data it will be impossible to exercise your rights properly).
The Controller will process the above personal data until the expiry of the limitation periods of any claims for the infringement of personal data protection provisions.
Data processed for the purpose of the conclusion and performance of the Newsletter Service Agreement
To the conclusion and performance of the Newsletter Service Agreement, Controller will process e-mail address.
Pursuant to art. 6(1)(b) of the GDPR processing of this data is necessary to implement the legitimate interest of the Controller, in this case informing Customers about the activities taken related to the provision of Services. Additionally, pursuant to art. 6(1)(f) of the GDPR processing of the e-mail address is also essential to implement the legitimate interest of the Controller, in this case informing about new products and promotions available in the Store.
Providing the above-mentioned personal data is voluntary, but necessary in order to receive the Newsletter (the consequence of not providing them will be the inability to receive the Newsletter).
The Controller will process the above-mentioned personal data, the time of effective objection or achievement of the purpose of processing or until the claims arising from the Newsletter Service are time-barred (whichever occurs first).
Data processed for the purpose of the Sending email notifications
To the Sending email notifications, Controller will process following personal data:
1) name and surname;
2) e-mail address.
Pursuant to art. 6(1)(f) of the GDPR, the processing is to implement the legitimate interest of the Controller, in this case informing Customers about the activities taken related to the provision of Services.
Providing the above-mentioned personal data voluntary, but necessary in order to receive information about activities related to the provision of Services (the consequence of not providing them will be the inability to receive the above-mentioned information).
The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved.
Data processed for the purpose of the performing the contact from Service
To the performing a contact form Service, Controller will process following personal data:
1) name and surname;
2) e-mail address;
3) telephone number;
4) optionally – other data contained in the message to the Seller.
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary to implement the legitimate interest of the Controller, in this case to respond to the received inquiry.
Providing the above-mentioned personal data is voluntary, but necessary in order to receive an answer to the inquiry (the consequence of not providing them will be the inability to receive an answer).
The Controller will process the above-mentioned personal data until the objection is effectively raised or the purpose of processing is achieved (whichever occurs first).
Data processed to ensure the compliance with personal data protection obligations
To ensure the compliance with personal data protection obligations, Controller will process following personal data:
1) name;
2) surname;
3) the contact details you have provided (e-mail address; correspondence address; telephone number).
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary to fulfill the legal obligation incumbent on the Controller, in this case the obligations arising from the provisions on the protection of personal data.
Providing the above personal data is voluntary, but it is necessary for the Controller to properly fulfil their obligations under the provisions on personal data protection, including exercising your rights under the GDPR (if you fail to provide the above data it will be impossible to exercise your rights properly).
The Controller will process the above personal data until the expiry of the limitation periods of any claims for the infringement of personal data protection provisions.
Data processed for the purpose of the establishing, pursuing, or defending against claims
To the establishing, pursuing, or defending against claims, Controller will process following personal data:
1) first name,
2) second name,
3) company,
4) email address,
5) address of residence/seat,
6) PESEL (Polish Resident Identification Number) / KRS (National Court Register Number),
7) NIP (Tax Identification Number).
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary in order to pursue the Controller’s legitimate interest, which, in this case, consists in establishing, pursuing or defending against claims that might arise in connection with the performance of the Agreements concluded with the Controller.
Providing the above data is voluntary, but it is necessary to establish, pursue or defend against claims that might arise in connection with the performance of the Agreements concluded with the Controller (if you fail to provide the above data the Controller will not be able to undertake the aforementioned actions).
The Controller will process the above personal data until the expiry of the limitation periods of any claims that might arise in connection with the performance of the Agreements concluded with the Controller.
Data processed for the purpose of the analysis of your activity in the Store
To the analysis of your activity in the Store, Controller will process following personal data:
1) date and time of visit;
2) the IP number of the device;
3) the type of operating system of the device;
4) approximate location;
5) type of web browser;
6) time spent in the Store;
7) the Goods viewed;
8) visited subpages and other activities undertaken as part of the Store.
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary to implement the legitimate interest of the Controller, in this case obtaining information about your activity in the Store
Providing the above-mentioned personal data is voluntary, but necessary in order for the Controller to obtain information about your activity in the Store (the consequence of not providing them will be the Controller's inability to obtain the above-mentioned information).
The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved.
Data processed for the purpose of the Store administration
To the Store administration, Controller will process following personal data:
1) address IP;
2) server date and time;
3) information about the web browser;
4) operating system information.
The above data is saved automatically in the server logs, each time you use the Store (administering it without using server logs and automatic saving would not be possible).
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary to implement the legitimate interest of the Controller, in this case to ensure the proper operation of the Store.
The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved.
Profiling
In order to create your profile for marketing purposes and direct marketing tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling them – however, this will not cause any legal effects for you or similarly significantly affect your situation.
The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity in the Store and the data you save on the Account.
The legal basis for the processing of personal data for the above purpose is art. 6(1)(f) GDPR, according to which the Controller may process personal data in order to implement his legitimate interest, in this case to conduct marketing activities tailored to the preferences of recipients. Providing the above-mentioned personal data is voluntary, but necessary to achieve the above-mentioned purpose (the consequence of not providing them will be the inability of the Controller to conduct marketing activities tailored to the preferences of recipients).
The Controller will process personal data for the purpose of profiling until an objection is effectively raised or the purpose of processing is achieved.
Personal data recipients
The recipients of personal data are the following external entities cooperating with the Controller, e.g.:
a) a hosting company,
b) providers of online payment systems,
c) a newsletter service provider,
d) companies providing tools to analyse activity in the Website (e.g. Google Analytics),
e) an accounting services company.
Moreover, the data may be transferred to public or private entities if such an obligation arises from generally applicable law, a final and binding sentence or final and biding administrative decision.
Transfer of personal data to a third country
In connection with the Controller's use of services provided by Google LLC, your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia.
The basis for the transfer of data to the above-mentioned third countries are:
a) in the case of the United Kingdom, Canada, Israel and Japan - decisions of the European Commission stating an adequate level of protection of personal data in each of the above-mentioned third countries;
b) for the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia and Australia, contractual clauses ensuring an adequate level of protection, in accordance with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to a Regulation of the European Parliament and of the Council (EU) 2016/679.
You can obtain from the Controller a copy of the data transferred to a third country.
Rights
You have certain rights in connection with the processing of personal data:
1) you have the right to be informed about what personal data concerning you are processed by the Controller and to receive a copy of such data (the right of access). The first copy of the data is free of charge; the Controller may charge a fee for the subsequent copies,
2) if the data processed become outdated or incomplete (or otherwise incorrect), you have the right to request a rectification,
3) in certain situations, you may ask the Controller to delete your personal data, e.g., when:
a) the Controller does not longer need your personal data for the purposes you were informed about,
b) you have effectively withdrawn your consent to the processing of your personal data (unless the Controller has the right to process the data on another legal basis),
c) the processing is unlawful,
d) the Controller must remove the data under the Controller’s legal obligation,
4) in case the Controller processes your personal data based on a given consent to the processing or in order to perform an Agreement concluded with the Controller, you have the right to transfer your data to another controller,
5) when personal data are processed by the Controller on the basis of your consent to the processing, you have the right to withdraw that consent at any time (withdrawal of consent does not affect the lawfulness of processing carried in accordance with the consent before its withdrawal),
6) if you believe that the personal data processed are incorrect, the processing is unlawful or that the Controller no longer needs specific data, you may request that the Controller only store the data and cease to carry out any operations on the data, for a specified, required period (e.g., necessary to verify the correctness of the data or pursuing claims),
7) you have the right to object to the processing of your personal data based on the Controller’s legitimate interests. If your objection is successfully raised, the Controller will cease to process the personal data for the above purpose,
8) you have the right to lodge a complaint with the Head of the Office for Personal Data Protection if you believe that the personal data processing violates the provisions of the GDPR.
Cookies
1. The Controller informs that the Website uses “cookies” installed on your end device. They are small text files which can be read by the Controller’s system and the systems belonging to other entities whose services are used by the Controller (e.g. Google).
2. The Controller uses cookies for the following purposes:
a) ensuring proper functioning of the Website – cookies allow the Website to operate smoothly and make it possible for its users to use its functions and navigate comfortably through individual subpages,
b) increasing the comfort of browsing the Website – cookies make it is possible to detect errors on some subpages and constantly improve the subpages,
c) creation of statistics – cookies are used to analyse the way users use the Website. It allows us to improve the Website and adjusts its functioning to the users’ preferences,
d) marketing activities – cookies allow the Controller to present the users with ads adjusted to their preferences.
3. The Controller may place both permanent and temporary (session) cookies on your device. Session cookies as usually removed once you close the browser. However, closing the browser does not remove permanent cookies.
4. The information about the cookies used by the Controller is displayed in the panel at the bottom of the Website. You can decide whether you want to enable or disable cookies of different categories (except for necessary cookies) and change these settings at any time.
5. Data collected by cookies do not allow the Controller to identify you.
6. The Controller uses the following cookies or tools that use cookies:
a) Necessary cookies (supplied by the Controller) - these files need to be enabled for the Store to function properly, therefore you cannot disable them. The files (which collect, among others, your device’s IP number) allow us to inform you about the cookies used on the Store. Most of the necessary cookies are session cookies, but some remain on your end device for [...] months or until they are deleted.
b) Google Analytics (supplied by Google) – this tool makes it possible to collect statistical data on how the Store is used by Customers, including the number of visits, the duration of the visit, the search engine used, and the location. The collected data help us improve the Store and make it more customer-friendly. These cookies remain on your end device up to 2 years or until their removal (whichever occurs first).
c) Facebook Pixel (supplied by Meta Platforms) - this tool also allows you to determine that you have visited the Store, to direct ads displayed on Facebook and Instagram social networks to you and measure their effectiveness. These cookies remain on your end device up to 3 months or until they are removed (whichever occurs first).
7. By using most of the commonly used browsers, you can check whether cookies have been installed on your device. You can also delete the installed cookies and block their installation by a website or different websites in the future. However, disabling or restricting the use of cookies may cause serious difficulties in using the Store, e.g., the necessity to log in to each subpage, longer time needed for the Website to load, limitations in the use of certain functionalities.
Final Provisions
To all matters not settled herein generally applicable provisions on the protection of personal data shall apply.
This Policy is effective from 21.02.2023.
This Privacy Policy (hereinafter referred to as “the Policy”) contains information concerning processing your personal data in connection with your use of JAAF Store at https://jaaf.com/ (hereinafter referred to as “the Store”).
All capitalized terms not otherwise defined in the Policy have the meaning defined in the Terms and Conditions available at https://jaaf.com/pages/terms-condtions.
Personal Data Controller
The controller of your personal data is JAAF spółka z ograniczoną odpowiedzialnością with its registered office in Olsztyn (address: ul. Leśna 24/17, 10-173 Olsztyn), entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court in Olsztyn, 8th Commercial Division of the National Court Register under KRS number: 0000971591, holding tax identification number (NIP): 7393968190, statistical number (REGON): 522028106, share capital of PLN 50,000.00 (fifty thousand zlotys) (hereinafter referred to as “the Controller”).
Contact with the Controller
In all matters related to the processing of personal data you can contact the Controller via email: customercare@jaaf.com.
Measures for personal data protection
The Controller uses modern organizational and technical safety measures to ensure the best possible protection of your personal data and ensures that they are processed in accordance with the provisions of Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “the GDPR”), the Act of 10 May 2018 on the Protection of Personal Data and other personal data protection legislation.
Information on personal data being processed
Using the Store and our Services requires processing of your personal data. In the table below, you will find detailed information about the purposes and legal basis of the processing, the period of the processing as well as information whether the provision of your personal data is obligatory or voluntary.
Data processed for the purpose of the conclusion and performance of the contract for the provision of the Account Service
To the conclusion and performance of the contract for the provision of the Account Service, Controller will process following personal data:
1) name and surname;
2) e-mail address.
Pursuant to art. 6(1)(b) of the GDPR, the processing of the aforementioned data is necessary to perform the Agreement concluded with the data subject or to take steps to conclude this Agreement.
Providing the personal data is a condition for the conclusion and performance of the Account Service (the provision of such data is voluntary, but should you fail to provide your personal data, you will be unable to conclude and performed the above Agreement, including the creation of an Account).
The Controller will process the above personal data until statute of limitation on the claims arising from the above Agreement expires.
Data processed for the purpose of the conclusion and performance of the Sales Agreement
To the conclusion and performance of the Sales Agreement, Controller will process following personal data:
1) name and surname;
2) e-mail address;
3) billing address (street, house number, apartment number, city, postal code, country)
4) telephone number;
5) delivery address (if different from billing address);
6) optionally – company, NIP and business address (if the Buyer is an Entrepreneur or an Entrepreneur with Consumer rights).
Pursuant to art. 6(1)(b) of the GDPR, the processing of the aforementioned data is necessary to perform the Sales Agreement concluded with the data subject or to take steps to conclude this Sales Agreement.
Providing the personal data is a condition for the conclusion and performance of the Sales Agreement (the provision of such data is voluntary, but should you fail to provide your personal data, you will be unable to conclude and performed the above Agreement.
The Controller will process the above personal data until statute of limitation on the claims arising from the above Agreement expires.
Data processed for the purpose of the conducting a complaint procedure
To the conducting a complaint procedure, Controller will process following personal data:
1) name and surname;
2) e-mail address;
3) telephone number;
4) correspondence address (street, house number, apartment number, postal code, city, country).
Pursuant to art. 6(1)© of the GDPR, the processing is necessary for compliance with a legal obligation to which the Controller is subject. In this case, the obligations include:
a) respond to the complaint – Article 7a of the Consumer Rights Act;
b) implementation of the Customer’s rights resulting from the provisions on the Controller’s liability in the event of non-compliance of the physical Goods with the Sales Agreement or the Subject of Digital Services with the Agreement concerning it).
Providing the above personal data is voluntary, but it is necessary for the Controller to properly fulfil their obligations under the provisions on personal data protection, including exercising your rights under the GDPR (if you fail to provide the above data it will be impossible to exercise your rights properly).
The Controller will process the above personal data until the expiry of the limitation periods of any claims for the infringement of personal data protection provisions.
Data processed for the purpose of the conclusion and performance of the Newsletter Service Agreement
To the conclusion and performance of the Newsletter Service Agreement, Controller will process e-mail address.
Pursuant to art. 6(1)(b) of the GDPR processing of this data is necessary to implement the legitimate interest of the Controller, in this case informing Customers about the activities taken related to the provision of Services. Additionally, pursuant to art. 6(1)(f) of the GDPR processing of the e-mail address is also essential to implement the legitimate interest of the Controller, in this case informing about new products and promotions available in the Store.
Providing the above-mentioned personal data is voluntary, but necessary in order to receive the Newsletter (the consequence of not providing them will be the inability to receive the Newsletter).
The Controller will process the above-mentioned personal data, the time of effective objection or achievement of the purpose of processing or until the claims arising from the Newsletter Service are time-barred (whichever occurs first).
Data processed for the purpose of the Sending email notifications
To the Sending email notifications, Controller will process following personal data:
1) name and surname;
2) e-mail address.
Pursuant to art. 6(1)(f) of the GDPR, the processing is to implement the legitimate interest of the Controller, in this case informing Customers about the activities taken related to the provision of Services.
Providing the above-mentioned personal data voluntary, but necessary in order to receive information about activities related to the provision of Services (the consequence of not providing them will be the inability to receive the above-mentioned information).
The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved.
Data processed for the purpose of the performing the contact from Service
To the performing a contact form Service, Controller will process following personal data:
1) name and surname;
2) e-mail address;
3) telephone number;
4) optionally – other data contained in the message to the Seller.
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary to implement the legitimate interest of the Controller, in this case to respond to the received inquiry.
Providing the above-mentioned personal data is voluntary, but necessary in order to receive an answer to the inquiry (the consequence of not providing them will be the inability to receive an answer).
The Controller will process the above-mentioned personal data until the objection is effectively raised or the purpose of processing is achieved (whichever occurs first).
Data processed to ensure the compliance with personal data protection obligations
To ensure the compliance with personal data protection obligations, Controller will process following personal data:
1) name;
2) surname;
3) the contact details you have provided (e-mail address; correspondence address; telephone number).
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary to fulfill the legal obligation incumbent on the Controller, in this case the obligations arising from the provisions on the protection of personal data.
Providing the above personal data is voluntary, but it is necessary for the Controller to properly fulfil their obligations under the provisions on personal data protection, including exercising your rights under the GDPR (if you fail to provide the above data it will be impossible to exercise your rights properly).
The Controller will process the above personal data until the expiry of the limitation periods of any claims for the infringement of personal data protection provisions.
Data processed for the purpose of the establishing, pursuing, or defending against claims
To the establishing, pursuing, or defending against claims, Controller will process following personal data:
1) first name,
2) second name,
3) company,
4) email address,
5) address of residence/seat,
6) PESEL (Polish Resident Identification Number) / KRS (National Court Register Number),
7) NIP (Tax Identification Number).
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary in order to pursue the Controller’s legitimate interest, which, in this case, consists in establishing, pursuing or defending against claims that might arise in connection with the performance of the Agreements concluded with the Controller.
Providing the above data is voluntary, but it is necessary to establish, pursue or defend against claims that might arise in connection with the performance of the Agreements concluded with the Controller (if you fail to provide the above data the Controller will not be able to undertake the aforementioned actions).
The Controller will process the above personal data until the expiry of the limitation periods of any claims that might arise in connection with the performance of the Agreements concluded with the Controller.
Data processed for the purpose of the analysis of your activity in the Store
To the analysis of your activity in the Store, Controller will process following personal data:
1) date and time of visit;
2) the IP number of the device;
3) the type of operating system of the device;
4) approximate location;
5) type of web browser;
6) time spent in the Store;
7) the Goods viewed;
8) visited subpages and other activities undertaken as part of the Store.
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary to implement the legitimate interest of the Controller, in this case obtaining information about your activity in the Store
Providing the above-mentioned personal data is voluntary, but necessary in order for the Controller to obtain information about your activity in the Store (the consequence of not providing them will be the Controller's inability to obtain the above-mentioned information).
The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved.
Data processed for the purpose of the Store administration
To the Store administration, Controller will process following personal data:
1) address IP;
2) server date and time;
3) information about the web browser;
4) operating system information.
The above data is saved automatically in the server logs, each time you use the Store (administering it without using server logs and automatic saving would not be possible).
Pursuant to art. 6(1)(f) of the GDPR, the processing is necessary to implement the legitimate interest of the Controller, in this case to ensure the proper operation of the Store.
The Controller will process the above-mentioned personal data until the effective objection is raised or the purpose of processing is achieved.
Profiling
In order to create your profile for marketing purposes and direct marketing tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling them – however, this will not cause any legal effects for you or similarly significantly affect your situation.
The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity in the Store and the data you save on the Account.
The legal basis for the processing of personal data for the above purpose is art. 6(1)(f) GDPR, according to which the Controller may process personal data in order to implement his legitimate interest, in this case to conduct marketing activities tailored to the preferences of recipients. Providing the above-mentioned personal data is voluntary, but necessary to achieve the above-mentioned purpose (the consequence of not providing them will be the inability of the Controller to conduct marketing activities tailored to the preferences of recipients).
The Controller will process personal data for the purpose of profiling until an objection is effectively raised or the purpose of processing is achieved.
Personal data recipients
The recipients of personal data are the following external entities cooperating with the Controller, e.g.:
a) a hosting company,
b) providers of online payment systems,
c) a newsletter service provider,
d) companies providing tools to analyse activity in the Website (e.g. Google Analytics),
e) an accounting services company.
Moreover, the data may be transferred to public or private entities if such an obligation arises from generally applicable law, a final and binding sentence or final and biding administrative decision.
Transfer of personal data to a third country
In connection with the Controller's use of services provided by Google LLC, your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia.
The basis for the transfer of data to the above-mentioned third countries are:
a) in the case of the United Kingdom, Canada, Israel and Japan - decisions of the European Commission stating an adequate level of protection of personal data in each of the above-mentioned third countries;
b) for the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia and Australia, contractual clauses ensuring an adequate level of protection, in accordance with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to a Regulation of the European Parliament and of the Council (EU) 2016/679.
You can obtain from the Controller a copy of the data transferred to a third country.
Rights
You have certain rights in connection with the processing of personal data:
1) you have the right to be informed about what personal data concerning you are processed by the Controller and to receive a copy of such data (the right of access). The first copy of the data is free of charge; the Controller may charge a fee for the subsequent copies,
2) if the data processed become outdated or incomplete (or otherwise incorrect), you have the right to request a rectification,
3) in certain situations, you may ask the Controller to delete your personal data, e.g., when:
a) the Controller does not longer need your personal data for the purposes you were informed about,
b) you have effectively withdrawn your consent to the processing of your personal data (unless the Controller has the right to process the data on another legal basis),
c) the processing is unlawful,
d) the Controller must remove the data under the Controller’s legal obligation,
4) in case the Controller processes your personal data based on a given consent to the processing or in order to perform an Agreement concluded with the Controller, you have the right to transfer your data to another controller,
5) when personal data are processed by the Controller on the basis of your consent to the processing, you have the right to withdraw that consent at any time (withdrawal of consent does not affect the lawfulness of processing carried in accordance with the consent before its withdrawal),
6) if you believe that the personal data processed are incorrect, the processing is unlawful or that the Controller no longer needs specific data, you may request that the Controller only store the data and cease to carry out any operations on the data, for a specified, required period (e.g., necessary to verify the correctness of the data or pursuing claims),
7) you have the right to object to the processing of your personal data based on the Controller’s legitimate interests. If your objection is successfully raised, the Controller will cease to process the personal data for the above purpose,
8) you have the right to lodge a complaint with the Head of the Office for Personal Data Protection if you believe that the personal data processing violates the provisions of the GDPR.
Cookies
1. The Controller informs that the Website uses “cookies” installed on your end device. They are small text files which can be read by the Controller’s system and the systems belonging to other entities whose services are used by the Controller (e.g. Google).
2. The Controller uses cookies for the following purposes:
a) ensuring proper functioning of the Website – cookies allow the Website to operate smoothly and make it possible for its users to use its functions and navigate comfortably through individual subpages,
b) increasing the comfort of browsing the Website – cookies make it is possible to detect errors on some subpages and constantly improve the subpages,
c) creation of statistics – cookies are used to analyse the way users use the Website. It allows us to improve the Website and adjusts its functioning to the users’ preferences,
d) marketing activities – cookies allow the Controller to present the users with ads adjusted to their preferences.
3. The Controller may place both permanent and temporary (session) cookies on your device. Session cookies as usually removed once you close the browser. However, closing the browser does not remove permanent cookies.
4. The information about the cookies used by the Controller is displayed in the panel at the bottom of the Website. You can decide whether you want to enable or disable cookies of different categories (except for necessary cookies) and change these settings at any time.
5. Data collected by cookies do not allow the Controller to identify you.
6. The Controller uses the following cookies or tools that use cookies:
a) Necessary cookies (supplied by the Controller) - these files need to be enabled for the Store to function properly, therefore you cannot disable them. The files (which collect, among others, your device’s IP number) allow us to inform you about the cookies used on the Store. Most of the necessary cookies are session cookies, but some remain on your end device for [...] months or until they are deleted.
b) Google Analytics (supplied by Google) – this tool makes it possible to collect statistical data on how the Store is used by Customers, including the number of visits, the duration of the visit, the search engine used, and the location. The collected data help us improve the Store and make it more customer-friendly. These cookies remain on your end device up to 2 years or until their removal (whichever occurs first).
c) Facebook Pixel (supplied by Meta Platforms) - this tool also allows you to determine that you have visited the Store, to direct ads displayed on Facebook and Instagram social networks to you and measure their effectiveness. These cookies remain on your end device up to 3 months or until they are removed (whichever occurs first).
7. By using most of the commonly used browsers, you can check whether cookies have been installed on your device. You can also delete the installed cookies and block their installation by a website or different websites in the future. However, disabling or restricting the use of cookies may cause serious difficulties in using the Store, e.g., the necessity to log in to each subpage, longer time needed for the Website to load, limitations in the use of certain functionalities.
Final Provisions
To all matters not settled herein generally applicable provisions on the protection of personal data shall apply.
This Policy is effective from 21.02.2023.