PRIVACY POLICY AND USE OF „COOKIES” on the Iskotrade.eu website
(Hereinafter referred to as „Privacy Policy” or „Policy”)
I. GENERAL INFORMATION REGARDING PROCESSING OF PERSONAL DATA This document sets out the principles of the Privacy Policy on the website maintained at: www.iskotrade.eu (hereinafter referred to as the „Website” or „Website”).
The administrator of personal data is Patryk Izowit running a business under the name: Iskotrade, entered in the Central Register and Information on Economic Activity (CEIDG), NIP: #####, REGON: ####, address of the permanent place of business: ul. Graniczna 46 59-700 Bolesławiec (hereinafter referred to as: „Administrator” or „Personal Data Administrator”).
Personal data collected by the Administrator are processed in accordance with the law generally In force, including in accordance with the content of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on The free movement of such data and the repeal of Directive 95/46/EC (General Regulation on the Protection of Data) (Dz. Urz. EU L 119, p. 1), hereinafter referred to as 'GDPR’.
The Administrator makes special efforts to protect the privacy and information provided to him, and regarding Customers and users of the Website. The administrator selects and applies appropriate measures with due diligence Technical, including of a programming and organizational nature, ensuring the protection of processed data, In particular, it protects data from being made available to unauthorized persons, disclosure, loss and Destruction, unauthorized modification, as well as before their processing in violation of the applicable Provisions of law.
The recipients of the services available on the website are not persons under the age of 16.
The administrator of personal data does not provide for the purposeful collection of data concerning persons under the age of 16.
The Website may use so-called plug-ins and other social tools, including, in particular, allowing the website user to share content with other users of social networks or recommend them as part of the account with the provider of a given portal. The providers of these services may also process personal data as independent administrators.
The Administrator informs that the terms used in the content of this Policy are given the meaning indicated in the content Of the Website’s Regulations, unless otherwise indicated in the Policy.
II. CONTACT DETAILS Regarding personal data, the Customer can contact the Personal Data Administrator using:
A. traditional mail at the address: ul. Graniczna 46 59-700 Bolesławiec; B. e-mail (e-mail) at: info@iskotrade.eu; C. phone number: +48 572 977 110
III. PURPOSES, SCOPE AND GROUNDS OF PERSONAL DATA PROCESSING
The personal data administrator processes personal data for the following purposes and scope and on the following Basics:
1. Basis: Personal data processed on the basis of Article 6(1)(b) of the GDPR – i.e. for the purposes of performing the contract, as well as taking action before concluding the contract at the Customer’s request. Purpose and scope: On this basis, the Administrator processes data for the following purpose and scope:
- in order to conclude and perform the Product Sales Agreement (e.g. delivery of Ordered Products) – in For this purpose, the Administrator processes in particular the personal data provided by the Customer in the form Orders or other data provided for the purposes of the execution of the Order, in particular such as: name and Name, e-mail address, telephone number, address details, NIP, payment data; – in order to provide the Services or provide the functionality of the Website – in particular the data provided by Customer in the registration form (Account) on the Website, such as e-mail address, name and Name, date of birth and established password. If you register or log in to your Account via an external authentication service (E.g. Facebook or Google) The Administrator collects, among others, the name and surname of the Customer; – in order to provide Services and functionality available on the Website – The Administrator processes in particular personal data regarding the Customer’s activity on the Website, including the content, Products or Services viewed by the Customer, data on The Customer’s device session, browser, IP address, as well as the data provided by the Customer in the Order or For the purposes of the Order, and the data provided by the Customer in the forms available on the Website (Including, for example, in the electronic contact form); – in order to provide Services and provide functionalities requiring the creation of an Account such as For example, functionalities related to the Account and delivered through it, for example: Keeping the history of Orders, informing about the status of the Order – for this purpose the Administrator In particular, processes the Customer’s data provided in the Account, the Order form or for the purposes of implementation Orders, as well as other data collected as part of the Order, including data on the history of Shopping;
2. Basis: Where the processing of data is necessary for the purposes resulting from the legal Legitimate interests pursued by the Administrator or by a third party – the Administrator Processes personal data on the basis of Article 6(1)(f) of the GDPR. Purpose and scope: On this basis, the Administrator processes data for the following purpose and scope: – in order to keep statistics on the use of individual functionalities available on the Website, facilitate the use of the Website and ensure security IT of the Website – for this purpose, the Administrator processes in particular the data Personal data regarding the Client’s activity on the Website, including the amount of time spent On each of the subpages on the Website, search history, location, IP address, device ID, Data concerning the web browser and the Client’s operating system; – in order to establish, investigate and enforce claims and defend against claims in proceedings Judicial and other enforcement authorities – for this purpose, the Administrator may primarily process Personal data provided by the Customer on the Website, including when Ordering Products or Using the Services or functionality (including in the forms on the Website) and other data necessary for Prove the existence of a claim or that result from a legal requirement, court order or other Legal procedure; Legitimate interest of the Administrator: In the case of processing personal data for the above purposes, The legitimate interest pursued by the Administrator consists in: the possibility of establishing, investigating And enforcement of claims and defense against claims in proceedings before courts and other authorities State, improving the level of services provided and the effectiveness and security of the Website, as well as building positive relationships with customers;
3. Basis: where the processing of data is necessary for the purposes arising from the legal Legitimate interests pursued by the Administrator or by a third party, and in the event that The Customer’s consent was also required to process personal data – on the basis of this consent – i.e. Pursuant to Article 6(1)(f) of the GDPR and pursuant to Article 6(1)(a) of the GDPR. However, in the case of When personal data is processed for the purposes of performing the contract as well as taking action before concluding Contracts at the Customer’s request – pursuant to Article 6(1)(b) of the GDPR. Purpose and scope: On this basis, the Administrator processes data for the following purpose and scope: – for the purpose of marketing the Administrator’s Products and Services – for this purpose the Administrator mainly processes data Personal data provided by the Customer when creating an Account and updating it and using it, including Dates of login and registration, subscription to the Newsletter, data on the Customer’s activity on the Website including Orders, data that are recorded and stored via Files Cookies, and in particular the history of Orders, search history, clicks on the Website, The Client’s history and activity related to communication with the Administrator. – in order to use Cookies on the Website by the Administrator. Depending on the type (Cookie category) the basis for the processing of personal data is a different basis, i.e. Cookies Necessary – the basis is Article 6(1)(f) of the GDPR and Article 6(1)(b) of the GDPR. In the case of Cookies In the Analytical/Functional category – the basis is Article 6(1)(a) of the GDPR. However, in the case of Cookies in the Marketing/advertising category – Article 6(1)(a) of the GDPR. Details on this one The subject can be found by the Customer in the Cookies provisions later in this document;
- for the purpose of market research, opinion, measurement and statistics by the Administrator himself Or its partners or suppliers – for this purpose, the Administrator uses in particular data such as: Information about the Order, data provided in the Account or when purchasing Products. Accurate tips Are given in the information about a given questionnaire, form or in the place where the Customer enters his data. Legitimate interest of the Administrator: In the case of processing personal data for the above purposes, Legitimate interest pursued by the Administrator, in cases where it is the basis Processing consists of: the ability to inform users about the Administrator’s offer, including Specifically the Services offered and building an image on the market, direct marketing Products, as well as ensuring the possibility of the most optimal use of the Services and The functionality of the Website and its pages in general and increasing their level, efficiency and Safety.
4. Basis: performance of the Agreement as well as in the event that data processing is necessary for the purposes Resulting from legitimate interests pursued by the Administrator or by the party Third – the legitimate interest of the administrator, i.e. on the basis of and on the basis of Article 6(1)(b) of the GDPR And Article 6(1)(f) of the GDPR. Purpose and scope: On this basis, the Administrator processes data for the following purpose and scope: – in order to consider complaints, complaints and requests and answer customers’ questions – for this purpose The Administrator primarily processes the personal data provided by the Customer in forms on the Website, claims, complaints and requests, and questions addressed in another form. For this purpose The Administrator also processes some personal data provided by the Customer in the Account, data concerning Ordering Products and other Services provided on the Website that are the reason for complaints, Complaints or applications, questions and data contained in documents attached to complaints, complaints, applications And questions; – in order to organize and handle competitions, loyalty programs or similar actions, and in particular Taking actions, among others, such as making notifications about accumulated points, Notifications of winnings, as well as promotions and advertising of the Website’s offer and the actions themselves – including For the purpose of the Administrator, in particular, processes personal data provided by the Customer during registration (Acceeding to such actions) in a competition or loyalty program and personal data placed In the Account. In addition, detailed information about a given competition, loyalty program or Another action will be given each time in the conditions of participation of a given competition, program Loyalty or shares; Legitimate interest of the Administrator: In the case of processing personal data for the above purposes, The legitimate interest pursued by the Administrator consists in the possibility of a lawful Considering complaints, responding to customers’ comments or questions, as well as raising the level of Services provided and building positive relationships with Customers.
5. Basis: when the processing of data is necessary to comply with a legal obligation imposed on Administrator, i.e. pursuant to Article 6(1)(c) of the GDPR – in particular consisting in the implementation by Administrator of legal obligations imposed by tax law/regulations concerning Accounting in connection with the settlements of Orders, competitions, or loyalty programs and Similar actions. Purpose and scope: For this purpose, the Administrator primarily processes personal data provided by the Customer In order to place and settle the Order, as well as the data provided by the Customer when joining Loyalty program, competition or similar action – in accordance with its rules.
6. Basis: performance of the Agreement as well as in the event that data processing is necessary for the purposes Resulting from legitimate interests pursued by the Administrator or by the party Third – legitimate interest of the administrator, i.e. on the basis of Article 6(1)(f) of the GDPR and on the basis of Article 6(1)(b) of the GDPR (for the purposes of performing the contract as well as taking action before concluding the contract At the request of the Customer). Purpose and scope: For this purpose, the Administrator processes personal data (in particular: identifiers, content Comments, opinions) about people (users) visiting profiles maintained by Administrator as part of social media or other services (e.g. Facebook, Instagram, Google, YouTube). Personal data is processed in order to maintain such profiles and Informing about the activities carried out by the Administrator, sharing expressed opinions on Administrator. The Administrator’s legitimate interest: building the Administrator’s image, promoting the conducted Activity, as well as the possibility of pursuing or defending against possible claims, with The reservation that this Policy does not constitute a regulation related to the processing of personal data By the administrators of the above-mentioned websites or social media.
IV. TIME OF DATA PROCESSING 1. Personal data will be processed by the Administrator as a rule for the period necessary to execute Orders, provide Services and provide functionality, marketing activities and other services performed for the Customer. Personal data will be deleted by the Administrator in the following Cases:
A. when the data subject requests their deletion or withdraws the consent given; B. when the data subject does not take action for more than 3 years (inactive contact); C. after obtaining information that the stored data is out of date or inaccurate; D. when the data subject has raised an effective objection to the processing of his/her data
Personal data by the Administrator, when the basis for the processing of personal data is legally Legitimate interest of the Administrator.
2. Some data in the field of, for example: e-mail address, name and surname, address, telephone number may be Additionally stored during which it may be necessary to pursue any claims or Taking up the defense against the claims of persons, for evidentiary purposes in the scope of claims related to both With the sale of Products and Services provided in the Online Store, as well as for the purposes of Consideration of claims, complaints, or other applications – until the limitation of claims. These data will not be Used by the Administrator for marketing purposes.
3. Data on orders for Products and any paid Services, competitions and programs Loyalty to the extent that the data necessary to keep accounting books and Settlements, will be kept for the necessary period – resulting from the regulations generally Applicable law, including in particular accounting and bookkeeping.
4. Data collected as part of Cookies and similar mechanisms is stored by the Administrator for a while Corresponding to the life cycle of cookies stored on devices or until they are deleted in Customer’s device by the Customer. Details about the duration of a given cookie can be found in Provisions regarding Cookies later in this document.
V. RECIPIENTS OF PERSONAL DATA 1. According to art. 4 GDPR means the recipient to be a natural or legal person, public authority, body or other entity to whom the personal data are disclosed, whether or not he is a third party. 2. Due to the need to conclude and implement Sales Agreements and the implementation of Services provided electronically, Customers’ personal data may be transferred to the following categories of recipients: A. state authorities, e.g. the prosecutor’s office, the police, the President of the Office for Personal Data Protection (PUODO), if they ask the Administrator to do so, indicating the legal basis for their claims; B. service providers with whom we cooperate, including in particular in the delivery of Orders or payment processing, as well as enabling the use of the Website, including In suppliers responsible for the proper operation of ICT systems, entities Providing accounting services to the Administrator, Google Inc. based in the USA or Google Ireland Ltd. based in Ireland, as well as other external entities cooperating with Administrator in the scope of the conducted activity. Depending on the contractual arrangements and Circumstances, these entities act on behalf of or independently determine the goals and methods of their Processing. ;
C. personal data may also be transferred to other entities – providers of tools whose Files Cookies are used. Information about these entities and the purposes of using Cookies You will find in the section on Cookies, in the following part of the Policy.
5. A detailed list of suppliers may be made available by the Administrator at the Customer’s request. 6. The above suppliers are based mainly in the countries of the European Economic Area (EEA). The personal data administrator may commission certain actions to recognized subcontractors operating outside the territory EEA. Personal data transferred outside the EEA will be secured with appropriate safeguards Legal so that the suppliers receiving them give a guarantee of a high level of protection of personal data. These guarantees result in particular from the obligation to apply standard contractual clauses Adopted by the Commission (EU) or binding corporate rules duly approved by the authority Supervisory within the meaning of the GDPR. The method of securing data is in accordance with the rules set out in Chapter V of the GDPR. The Store Customer may ask the Administrator for additional information On the safeguards applied in this regard, obtain a copy of these safeguards and information about Place of their disclosure. In addition, the Administrator of the intention to transfer personal data outside the EEA Will inform the data subjects at the stage of collecting personal data.
VI. CATEGORIES OF RELEVANT PERSONAL DATA
The personal data administrator processes the following categories of relevant personal data: 1. contact details, including those indicated in the electronic contact form and in other forms available on the Website; 2. data on activity on the Site; 3. data on Orders on the Website; 4. data concerning the Services, including the Newsletter Service;
5. settlement data – payments; 6. data on complaints, complaints and requests; 7. data on marketing services; 8. data on the activity of users on social networks where the Administrator of personal data has profiles/accounts.
VII. VOLUNTARY PROVISION OF PERSONAL DATA 1. Providing the required personal data by the Customer is voluntary, subject to point. 2. 2. Providing some data is a condition for using individual Services and functionalities of the Website or completing the Order. 3. The system used by the Administrator automatically indicates mandatory data. The consequence of not providing this data is the inability of the Administrator to provide certain Services and functionalities of the Website, as well as the inability to complete the Order. In addition to data marked as mandatory, providing other personal data is voluntary.
VIII. AUTOMATED DECISION-MAKING The administrator does not make automated decisions, including profiling.
IX. RIGHTS OF THE PERSON WHOSE PERSONAL DATA IS PROCESSED On the basis of the GDPR, the data subject has the right to:
1) access to personal data (art. 15 GDPR). She can obtain information from the Administrator whether her data is processed and if they are processed, she has the right To: ● access to data; ● obtain information about the purposes of processing, categories of processed personal data, recipients
Or categories of recipients of this data, the planned period of data storage or the criteria Determining this period, her rights under the GDPR and the right to lodge a complaint with Supervisory authority, the source of this data, automated decision-making, including Profiling and the safeguards applied in connection with the transfer of this data outside the Union European;
● obtain a copy of your personal data.
2) rectification of personal data (art. 16 GDPR). If this person’s personal data is incorrect, he or she may request the Administrator to correct them immediately. He may also request the Administrator to complete this data. If such a person has an Account on the Website, You can also correct and complete your personal data yourself after logging in to the Account.
3) deletion of personal data, the so-called „right to be forgotten” (art. 17 GDPR) The data subject may request this if:
● personal data are no longer necessary for the purposes for which they were collected or otherwise Processed;
● withdrew a specific consent, to the extent that personal data were processed based on its consent; ● personal data were processed unlawfully; ● objected to the processing of her personal data for the purposes of direct marketing, in
Including profiling, to the extent that the processing of personal data is related to marketing Direct;
● objected to the processing of her personal data in connection with the processing necessary for Performing a task carried out in the public interest or processing necessary for the purposes of Resulting from legitimate interests pursued by the Administrator or a third party.
Despite requesting the deletion of personal data, the Administrator may further process the data in order to Establishing, pursuing or defending claims of which the data subject will be informed.
4) requesting the restriction of the processing of personal data (art. 18 GDPR). The data subject may request this if:
● questions the correctness of their personal data – the personal data administrator will limit Processing of personal data for a period of time to verify the correctness of this data;
● when the processing of her data is unlawful, and instead of deleting personal data, it requests Restrict the processing of her personal data;
● her personal data are no longer needed for the purposes of processing, but they are needed to establish, Investigation or defense against claims;
- when she objected to the processing of her personal data – until it is determined whether legally Legitimate interests on the part of the Personal Data Administrator override the grounds Indicated in the objection of the person who reported it.
5) objection to the processing of personal data (art. 21 GDPR). The data subject may object to the processing of his data at any time Personal, including profiling, in connection with:
● processing necessary to perform a task carried out in the public interest or processing Necessary for the purposes resulting from the legitimate interests pursued by the Administrator Or a third party;
● processing for direct marketing purposes.
6) request the transfer of personal data (art. 20 GDPR).
The data subject has the right to receive from the Administrator his personal data in a structured, Commonly used machine-readable format and send them to another administrator Personal data or request that the Administrator send her personal data directly to another Administrator (if technically possible).
7) withdrawal of consent to the processing of personal data.
The data subject can do so at any time. This does not affect the legality Processing carried out on the basis of its consent before its withdrawal.
8) complaints to the supervisory authority.
If the data subject believes that the processing of his or her personal data violates the GDPR, he has the right to submit A complaint to a supervisory authority, in particular in the Member State of its habitual residence, its place of residence Work or the place where the alleged violation was committed.
In Poland, the supervisory authority competent for the protection of personal data is the President of the Office for Data Protection Personal (PUODO).
Method of exercise of rights:
The data subject can exercise all his rights by contacting the Administrator at the addresses Contact details indicated in this Policy.
The administrator will provide information without undue delay – and in any case within one month of receiving the request About the actions taken in connection with the request submitted by such a person. If necessary, a monthly term May be extended for another two months due to the complex nature of the request or the number of requests. In In each case, the Administrator will inform the person who submitted the request for such an extension within a month From the receipt of the request with the reasons for the delay.
RULES FOR USING „COOKIES” IN THE ONLINE STORE
I. GENERAL INFORMATION 1. The website uses „cookies” (hereinafter referred to as: „Cookies” or „Cookies”).
Cookies are small text files that are used by websites in specific Purposes, mainly to improve the quality of the functionality provided within them.
2. Cookies are stored on the Customer’s end device in connection with the use of the Website. Cookies allow you to identify the software used by the Customer and Adapt the Website individually to his needs.
3. Cookies usually contain the name of the domain from which they come, the time they are stored on the device And the assigned value.
4. Various types of Cookies are used on the Website, including third-party files. 5. Unless otherwise indicated, the following information applies to both the use of Cookies by the Administrator and other technologies of a similar nature. 6. Cookies used by the Administrator are safe for the Customer’s devices. In particular, it is not possible to get into such devices through Cookies of viruses or other unwanted software or malware.
II. FILE TYPES
As part of the Website, the Administrator uses two types of Cookies:
1. Session cookies: they are stored on the Client’s device and remain there until the end of the session Of a given browser. The saved information is then permanently deleted from the memory of the Customer’s device after End of the session or close the browser. The mechanism of session cookies does not allow downloading Any personal data or any confidential information from the Customer’s device.
2. Persistent cookies: they are stored on the Customer’s device and remain there until they are deleted (with The level of the settings of a given web browser). Ending a browser session or shutting down Device does not remove them from the Customer’s device. The mechanism of persistent cookies does not allow Downloading any personal data or any confidential information from the Customer’s device.
III. PURPOSES OF USING COOKIES
1. The Administrator may also use third-party cookies. Used by The Administrator’s Cookies have been divided into the main categories for the purposes of this document – According to the criterion of the main purpose in which they are used, i.e.: 1. Basic (necessary), 2. Analytical/Functional, 3. Marketing/advertising.
2. Basic (necessary) cookies are those files without which the use of the full functionality of the Website would not be possible, in particular allowing for user authentication and General improvement of website security.
3. Analytical/Functional Cookies – these are files used primarily for the purpose of making Administrator of analyses and statistics on the use of the Website by Customers, Where their main purpose is to adapt these websites to the current needs of customers and improve services.
4. Marketing/advertising cookies – these are files that allow the Administrator to display to Customers Advertising pages in a way that better suits their expectations or needs.
5. The following is indicated in detail for what purpose Cookies are used and by which entities. Each of these entities also independently determines the rules of its privacy – links to these rules Individual suppliers can also be found directly from these suppliers.
The Administrator uses the following Cookies:
File Name Cookie | Time of existence (Date ważności) | Target | Own /Subjects Thirds | Supplier | Category |
Cookie_eu | 1 year | Determining whether the user of the Online Store has given consent in the scope of Use of files Cookies | Own | Admin | Basic |
PrestaShop-d41bde22f03be266b832e74c569fbb9 | 20 days | Maintaining the correct Store’s activities Internet during the user’s session on the website | Own | Admin | Basic |
PHPSESSID | 19610 days | Storage Session ID User on the website Store for the purpose of maintaining Proper operation Pages. | Own | Admin | Basic |
Detailed information about the possibilities and methods of handling Cookies is available in the settings of the User’s software (web browser).
IV. EDITING, ENABLING, BLOCKING COOKIES
Customer to view and edit information about their preferences collected by the Google advertising network, Can use the tool posted at the link https://www.google.com/ads/preferences/ and Https://policies.google.com/technologies/partner-sites.
Using the settings of the web browser used by the Customer, or by configuring the service, may Independently and at any time change the settings for Cookies, specifying the conditions for their storage and Accessing his device via Cookies. The Customer can change these settings to block Automatic handling of Cookies in the settings of the web browser or inform about them each time Placement on the Customer’s device.