Privacy policy of the smseagle.eu/store online store
TABLE OF CONTENTS:
- GENERAL PROVISIONS
- BASIS FOR DATA PROCESSING
- PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
- DATA RECIPIENTS IN THE ONLINE STORE
- RIGHTS OF DATA SUBJECTS
- ONLINE STORE COOKIES, OPERATING DATA AND ANALYTICS
- FINAL PROVISIONS
1. GENERAL PROVISIONS
1.1. This Online Store privacy policy is provided for informational purposes only and does not impose any obligations on the Online Store Service Users or Customers (You). The privacy policy principally contains rules for personal data processing by the Controller in the Online Store, and includes the bases, purposes and scope of personal data processing, as well as the rights of data subjects and information about the Online Store cookies and analytical tools.
1.2. Proximus Sp. z o.o. will act as the Controller of the personal data collected via the Online Store; Proximus Sp. z o.o., owner of SMSEagle brand, entered into the Register of Entrepreneurs kept by the District Court for Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number 0000956902, with the address of business operation and address for service at: ul. Piątkowska 163, 60-650 Poznań, NIP [tax identification number]: 7812032643, REGON [business statistical number]: 521369644, email address: orders@smseagle.eu – hereinafter referred to as the “Controller”, also acting as the Online Store Service Provider and Seller.
1.3. Personal data are processed in the Online Store by the Controller in accordance with the applicable legal provisions, especially in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR”. Official text of GDPR: http://eur-lex.europa.eu/legal-content/PL/EN/?uri=CELEX%3A32016R0679
1.4. You use the Online Store, including making a purchase, on a voluntary basis. Furthermore, the personal data provided by you during such a process is voluntary, subject to two exceptions: (1) entering into contracts with the Controller – failing to provide your personal data necessary to conclude and execute the Sales Contract or the contract for the provision of the Electronic Service with the Controller, in the cases and within the scope specified at the Online Store website, in the Online Store Rules and Regulations and this privacy policy, will prevent you from entering into such contracts. In the above cases, provision of personal data is a contractual requirement and if a data subject intends to enter into a particular contract with the Controller, he or she must provide the required data. The scope of the data required to enter into the contract will be each time indicated at the Online Store website and in the Online Store Rules and Regulations; (2) Statutory Obligations of the Controller – providing personal data is a statutory obligation resulting from the generally applicable laws, under which the Controller is obliged to process personal data (e.g. in order to maintain accounting books and tax ledgers), and failing to provide such data will render it impossible for the Controller to fulfil the above obligation.
1.5. The Controller will exercise special care to protect the interests of data subjects, in particular, the Controller will take responsibility and ensure that the data collected by it will be: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not further processed in a manner that is incompatible with those purposes; (3) correct in substance and in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for not longer than is necessary for the purposes for which the personal data are processed and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
1.6. Taking into account the nature, scope, context and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller will implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. Those measures will be reviewed and updated where necessary. The controller will use technical measures in order to prevent the personal data sent electronically from being obtained or modified by any unauthorised persons.
1.7. Any words, phrases and acronyms found in this privacy policy, beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) will have the meaning given to them in the Online Store Rules and Regulations, available on the website of the Online Store.
2. BASIS FOR DATA PROCESSING
2.1. The Controller will have the right to process personal data only if and to the extent that at least one of the following applies: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2.2. The processing of personal data by the Controller will each time require the occurrence of at least one of the bases referred to in Section 2.1 of the privacy policy. Specific bases for the processing of personal data of the Online Store Service Users and Customers by the Controller are listed in the subsequent section of the privacy policy – with reference to a given purpose of personal data processing by the Controller.
3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
3.1. The purpose, basis, period, scope and recipients of the personal data processed by the Controller will each time result from the activities taken by the Service User of Customer (You) in the Online Store. For example, if you decide to make a purchase in the Online Store and choose local pick up of the Product as a shipping method instead of a courier delivery, then your personal data will be processed in order to perform the Sales Contract, but will not be made available to the carrier handling shipments on behalf of the Controller.
3.2. The Controller may process the personal data in the Online Store for the following purposes, on the following basis, and in the following periods and scope:
Purpose of data processing |
Legal basis for and period of data processing |
Scope of data processing |
Perform a Sales Contract or a contract for the provision of the Electronic Service or take steps at the request of the data subject prior to entering into the above mentioned contracts |
Letter b) Article 6(1) of GDPR (contract performance) Data are stored for the period necessary for the performance, termination or expiry of the concluded contract. |
Maximum scope: name and surname; email address; telephone number; address for delivery (street name, building number, premises number, post code, town or city, country), residential/ business/ registered address (if different from the address for delivery). If Service Users or Customers are not Controller’s consumers, the Controller may additionally process their business name and tax identification number (NIP, VAT-EU, etc.). The scope specified above is the maximum scope – in the case of a local pick-up, for example, there is no need to provide your address for delivery. |
Express opinion by the Customer about the concluded Sales Contract |
Letter a) Article 6(1) of GDPR Data are stored until the data subject withdraws his or her consent to further data processing for that particular purpose. |
Name, email address |
Maintain books of account |
Letter c) Article 6 (1) of GDPR in connection with Article 86 (1) of the Polish Tax Ordinance Act of 17 January 2017 (Journal of Laws of 2017 item 201) Data are stored for the period stipulated by the laws, requiring the Controller to maintain books of account (until the expiry of the limitation periods for the tax obligation, unless the tax laws state otherwise). |
Name and surname; residential / business/ registered address (if other than the address for delivery), business name and tax identification number (NIP) of the Service User or Customer |
Establish, seek or defend claims which may be made by the Controller or which may be made against the Controller |
Letter f) Article 6 (1) of GDPR Data are stored for the lifetime of a legitimate interest pursued by the Controller, and not longer than beyond the limitation period for the claim concerning the data subject, made in respect of the economic activity conducted by the Controller. The limitation periods are specified by the provisions of law, in particular the Polish Civil Code (general limitation period for the claims related to business activities is three years, two years for the claims resulting from the sales contract). |
Name and surname; contact telephone number; email address; address for delivery (street name, building number, premises number, postal code, town or city, country), residential / business/ registered address (if other than the address for delivery). If Service Users or Customers are not Controller’s consumers, the Controller may additionally process their business name and tax identification number (NIP, VAT-EU, etc.). |
4. DATA RECIPIENTS IN THE ONLINE STORE
4.1. In order for the Online Store to operate properly, including to perform the Sales Contracts which it has entered into, the Controller must use the services of third parties (such as of software suppliers, couriers or payment processors). The Controller will only use the services of the processors which provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject.
4.2. Data will not be transferred by the Controller each time or to all the categories of recipients referred to in the privacy policy – the Controller will transfer data only when it is necessary to perform a specific purpose of personal data processing and only in the scope necessary for the performance of such a purpose. For example, in the case of a local pick-up, your data will not be transferred to the shipping carrier working with the Controller.
4.3. Your personal data may be transferred to the following recipients or recipient categories:
4.3.1. shipping couriers/ forwarding agents / courier brokers – if the delivery method chosen by you in the Online Store is courier or postal delivery, the Controller will made the personal data collected from you available to the selected shipping courier, forwarding agent or broker, which ship products on behalf of the Controller and in the scope necessary for the performance of the Product delivery to you.
4.3.2. entities processing electronic payments or debit card payments – if you decide to make electronic payments or debit card payments in the Online Store, the Controller will make the personal data collected from you available to a selected entity, handling the above type of payments in the Online Store on behalf of the Controller and in the scope necessary for the processing of the payment made by you.
4.3.3. providers of survey systems – if you agree to express your opinion about the concluded Sales Contract, the Controller will make the personal data collected from you available to a selected entity which is a provider of the system for conducting a survey on the concluded Sales Contracts in the Online Store on behalf of the Controller and in the scope necessary for expressing your opinion through the survey system.
4.3.4. providers of accounting, legal and consultancy services ensuring accounting, legal or consultancy support to the Controller (in particular an accounting office, a law firm or a debt collection agency) – the Controller will make the personal data collected from you available to a selected provider acting on Controller’s behalf only when and in the scope necessary for the performance of the purpose of data processing in accordance with this privacy policy.
5. RIGHTS OF DATA SUBJECTS
5.1. Right of access, rectification, restriction, erasure or portability – the data subject has the right to obtain from the Controller access to, rectification, erasure (“right to be forgotten”) or restriction of processing of his or her personal data, and to object to such processing and to have his or her data transferred. Specific conditions for the exercise of the rights specified above are referred to in Articles 15 – 21 of GDPR.
5.2. Right to withdraw consent at any time – the data subject whose data are processed by the Controller on the basis of his or her consent (based on point a) of Article 6(1) or point a) of Article 9(2) of GDPR) has the right to withdraw consent at any time, without affecting the lawfulness of processing based on the consent before its withdrawal.
5.3. Right to lodge a complaint with a supervisory authority – the data subject whose data are processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and under the terms referred to in the provisions of GDPR and the Polish law, in particular the Act on Personal Data Protection. In Poland, President of the Office of Competition and Consumer Protection serves as the supervisory body.
5.4. Right to object – the data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point e) (public interest or task) or f) (legitimate interest pursued by the Controller) of Article 6(1), including profiling based on those provisions. The controller may no longer process the said personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
5.5. Right to object in the case of direct marketing – where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
5.6. In order to exercise the rights referred to in this Section of the privacy policy, you can contact the Controller by sending an appropriate message either in writing or via electronic mail, to the Controller’s address indicated at the beginning of the privacy policy or using a contact form available at the site of the Online Store.
6. ONLINE STORE COOKIES, OPERATING DATA AND ANALYTICS
6.1. A cookie is a small text information file, sent by the server and saved at the Online Store visitor’s end (e.g. on their computer, laptop hard drive or smartphone memory card – depending on what kind of device is used by our Online Store visitor). For more information about cookies and how they were created, please visit: https://en.wikipedia.org/wiki/Cookie.
6.2. The Controller may process the data contained in cookies at the time when visitors use the Online Store website for the following purposes:
6.2.1. identifying that visitors are logged in the Online Store and informing them that they are logged;
6.2.2. remembering the Products dropped in the cart to place an Order;
6.2.3. remembering data from the completed Order Forms, surveys or the Online Store login data;
6.2.4. customizing contents of the Online Store to visitors’ individual preferences (e.g. with regard to the colour, font size, page layout) and optimizing the use of the Online Store websites.
6.2.5. maintaining anonymous statistics showing how visitors use the Online Store website;
6.2.6. carry out remarketing, i.e. learn how visitors use the Online Store by anonymously analysing their activities (e.g. revisiting particular sites, key words, etc.) in order to create their profile and send them advertisements which match their anticipated interests, also when they browse other sites within Google Inc. and Facebook Ireland Ltd. advertising networks;
6.3. Generally, most web browsers available on the market accept saving cookies by default. You can define how cookies should be used by modifying the settings in your own web browser. This means you can e.g. partly (e.g. temporarily) restrict or entirely disable the possibility of saving cookies, though in the latter case, you might no longer be able to use certain features of the Online Store (e.g. it might not be possible to complete the Order path through the Order Form, as your Products will not be remembered by the cart during the further steps of the order).
6.4. Cookie settings in your browser are important in relation to your consent to the use of cookies by our Online Store – in accordance with the law, such a consent may also be expressed by your web browser settings. If you do not give such a consent, you should change the cookie settings in your web browser accordingly.
6.5. Details about how cookie settings are changed and cookies removed by users themselves in the most popular web browsers can be found in your web browser’s help section and at the following sites (just click on the link):
6.6. In the Online Store, the Controller may use the services of Google Analytics, Universal Analytics, delivered by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Controller analyse traffic in the Online Store. Under the above services, the data are collected in an anonymous way (i.e. they are the so called operating data which prevent identification of persons) in order to generate the statistics which help administer the Online Store. Such data are aggregate and anonymous, i.e. they do not contain the identifying characteristics (personal data) of the Online Store visitors. By using the above services in the Online Store, the Controller will collect such data as the sources and medium of attracting Online Store visitors and making them stay at the Online Store website, information about which device and web browser visitors use, their IP and domain, geographical data and demographics (age, gender), and interests.
6.7. You can easily block the feature of sharing the information about your activity in the Online Store with Google Analytics – to do that you can install a browser plug-in available here: https://tools.google.com/dlpage/gaoptout?hl=en.
6.8. In the Online Store, the Controller may use Facebook Pixel provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The service helps the Controller measure the effectiveness of advertisements and learn what actions Online Store visitors take, as well as send them targeted advertisements. Detailed information about how Facebook Pixel works can be found at this address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
6.9. You can manage Facebook Pixel functioning in the advertising settings of your account at Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
7. FINAL PROVISIONS
7.1. The Online Store may include links to other websites. After entering such other websites, the Controller encourages you to read their privacy policy. This privacy policy applies only to the Controller’s Online Store.