PRIVACY POLICY OF THE ONLINE STORE BLACKSMITH-DISPLAYS.COM
1. GENERAL PROVISIONS
1.1. This privacy policy of the online store is informational, meaning it is not a source of obligations for the service users or customers of the online store. The privacy policy primarily includes the principles concerning the processing of personal data by the Administrator in the online store, including the bases, purposes, and duration of personal data processing, as well as the rights of the data subjects, and also information on the use of Cookies and analytical tools in the online store.
1.2. The personal data administrator collected through the online store is BLACKSMITH INTERNATIONAL LIMITED LIABILITY COMPANY, located in Kosakowo (office address and delivery address: Kminkowa 4B/1, 81-198 Kosakowo); registered in the Register of Entrepreneurs of the National Court Register under the number KRS: 0000879825; the registry court where the company's documentation is stored: District Court Gdańsk - North in Gdańsk, VIII Economic Department of the National Court Register; share capital amounting to: PLN 5,000.00; Tax Identification Number (NIP): 5871728782; National Business Registry Number (REGON): 387989577, email address: info@blacksmith-international.com, and contact phone number: +48-739-986-604 - hereinafter referred to as the "Administrator", who is also the Service Provider of the Online Store and the Seller.
1.3. Personal data in the online store is processed by the Administrator in accordance with applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
1.4. The use of the online store, including making purchases, is voluntary. Similarly, providing personal data by the user or customer of the online store is voluntary, with two exceptions: (1) concluding agreements with the Administrator – failure to provide personal data in the cases and scope indicated on the online store's website and in the store’s terms and conditions, as well as in this privacy policy, which is necessary for concluding and executing a Sales Agreement or an agreement for the provision of Electronic Services with the Administrator, will result in the inability to conclude the said agreement. Providing personal data is, in this case, a contractual requirement, and if the person wishes to conclude an agreement with the Administrator, they are required to provide the necessary data. The required data scope is always indicated on the online store's website and in the store’s terms and conditions in advance; (2) statutory obligations of the Administrator – providing personal data is a statutory requirement resulting from generally applicable legal provisions that impose on the Administrator the obligation to process personal data (e.g., data processing for tax or accounting purposes), and failure to provide such data will prevent the Administrator from fulfilling these obligations.
1.5. The Administrator takes special care to protect the interests of individuals whose personal data is processed and, in particular, is responsible for ensuring that the data collected: (1) is processed lawfully; (2) is collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes; (3) is accurate and adequate in relation to the purposes for which it is processed; (4) is stored in a form that allows the identification of the individuals to whom it pertains, no longer than necessary to achieve the purpose of processing; and (5) is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, through the use of appropriate technical or organizational measures.
1.6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of violating the rights or freedoms of natural persons with varying probabilities and severity of threats, the Administrator implements appropriate technical and organizational measures to ensure that data processing complies with this regulation and can demonstrate such compliance. These measures are reviewed and updated as necessary. The Administrator employs technical measures to prevent unauthorized persons from obtaining or modifying personal data transmitted electronically.
1.7. All words, expressions, and acronyms used in this privacy policy that begin with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definitions provided in the Online Store’s Terms and Conditions, available on the store's website.
1.2. The personal data administrator collected through the online store is BLACKSMITH INTERNATIONAL LIMITED LIABILITY COMPANY, located in Kosakowo (office address and delivery address: Kminkowa 4B/1, 81-198 Kosakowo); registered in the Register of Entrepreneurs of the National Court Register under the number KRS: 0000879825; the registry court where the company's documentation is stored: District Court Gdańsk - North in Gdańsk, VIII Economic Department of the National Court Register; share capital amounting to: PLN 5,000.00; Tax Identification Number (NIP): 5871728782; National Business Registry Number (REGON): 387989577, email address: info@blacksmith-international.com, and contact phone number: +48-739-986-604 - hereinafter referred to as the "Administrator", who is also the Service Provider of the Online Store and the Seller.
1.3. Personal data in the online store is processed by the Administrator in accordance with applicable legal provisions, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation can be found here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
1.4. The use of the online store, including making purchases, is voluntary. Similarly, providing personal data by the user or customer of the online store is voluntary, with two exceptions: (1) concluding agreements with the Administrator – failure to provide personal data in the cases and scope indicated on the online store's website and in the store’s terms and conditions, as well as in this privacy policy, which is necessary for concluding and executing a Sales Agreement or an agreement for the provision of Electronic Services with the Administrator, will result in the inability to conclude the said agreement. Providing personal data is, in this case, a contractual requirement, and if the person wishes to conclude an agreement with the Administrator, they are required to provide the necessary data. The required data scope is always indicated on the online store's website and in the store’s terms and conditions in advance; (2) statutory obligations of the Administrator – providing personal data is a statutory requirement resulting from generally applicable legal provisions that impose on the Administrator the obligation to process personal data (e.g., data processing for tax or accounting purposes), and failure to provide such data will prevent the Administrator from fulfilling these obligations.
1.5. The Administrator takes special care to protect the interests of individuals whose personal data is processed and, in particular, is responsible for ensuring that the data collected: (1) is processed lawfully; (2) is collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes; (3) is accurate and adequate in relation to the purposes for which it is processed; (4) is stored in a form that allows the identification of the individuals to whom it pertains, no longer than necessary to achieve the purpose of processing; and (5) is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, through the use of appropriate technical or organizational measures.
1.6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of violating the rights or freedoms of natural persons with varying probabilities and severity of threats, the Administrator implements appropriate technical and organizational measures to ensure that data processing complies with this regulation and can demonstrate such compliance. These measures are reviewed and updated as necessary. The Administrator employs technical measures to prevent unauthorized persons from obtaining or modifying personal data transmitted electronically.
1.7. All words, expressions, and acronyms used in this privacy policy that begin with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definitions provided in the Online Store’s Terms and Conditions, available on the store's website.
2. BASIS FOR DATA PROCESSING
2.1. The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent for the processing of their personal data for one or more specific purposes; (2) the processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject prior to entering into a contract; (3) the processing is necessary to fulfill a legal obligation to which the Administrator is subject; or (4) the processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data, particularly when the data subject is a child.
2.2. The processing of personal data by the Administrator always requires the existence of at least one of the legal bases indicated in point 2.1 of the privacy policy. The specific legal grounds for the processing of personal data of service users and customers of the online store by the Administrator are outlined in the following section of the privacy policy, in relation to the particular purpose of personal data processing by the Administrator.
2.2. The processing of personal data by the Administrator always requires the existence of at least one of the legal bases indicated in point 2.1 of the privacy policy. The specific legal grounds for the processing of personal data of service users and customers of the online store by the Administrator are outlined in the following section of the privacy policy, in relation to the particular purpose of personal data processing by the Administrator.
3. PURPOSE, BASIS, AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
3.1. The purpose, basis, duration, and recipients of the personal data processed by the Administrator always result from the actions taken by the service user or customer in the online store or by the Administrator. For example, if a customer chooses to make a purchase in the online store and selects in-store pickup instead of courier delivery, their personal data will be processed for the purpose of fulfilling the sales contract but will not be shared with the courier responsible for deliveries on behalf of the Administrator.
3.2. The Administrator may process personal data within the online store for the purposes, on the legal bases, and for the periods indicated below:
3.2.1 Performance of a Sales Agreement or an agreement for the provision of Electronic Services, or taking actions at the request of the data subject prior to the conclusion of the aforementioned agreements. Article 6(1)(b) of the GDPR (contract performance) – processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. Data is retained for the period necessary to execute, terminate, or otherwise expire the concluded Sales Agreement or agreement for the provision of Electronic Services
3.2.2 Direct marketing. Article 6(1)(f) of the GDPR (legitimate interests of the controller) – Processing is necessary for the purposes of the legitimate interests pursued by the controller, which include maintaining the interests and good image of the controller, their online store, and striving to sell products. Data is retained for the period of the legitimate interests pursued by the Administrator, but no longer than the limitation period for claims against the data subject under the Administrator's business activities. The limitation period is defined by legal regulations, particularly the Civil Code (the basic limitation period for claims related to business activities is three years, and for a Sales Agreement, it is two years).
The Administrator may not process data for direct marketing purposes if the data subject has effectively objected to such processing.
3.2.3 Marketing. Article 6(1)(a) of the GDPR (consent) – the data subject has given their consent to the processing of their personal data for marketing purposes by the Administrator. Data is stored until the data subject withdraws consent for further processing of their data for this purpose.
3.2.4 The expression by a customer of their opinion about a concluded Sales Agreement. Article 6(1)(a) of the GDPR (consent) – the data subject has consented to the processing of their personal data for the purpose of expressing an opinion. Data is stored until the data subject withdraws their consent for further processing of their data for this purpose
3.2.5 Maintaining Accounting Records. Article 6(1)(c) of the GDPR in connection with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395 as amended) – processing is necessary for compliance with a legal obligation to which the Administrator is subject. Data is stored for the period required by legal provisions that mandate the Administrator to keep accounting records (5 years, starting from the beginning of the year following the fiscal year to which the data pertains).
3.2.6 Establishing, investigating, or defending claims that may be raised by the Administrator or that may be raised against the Administrator. Article 6(1)(f) of the GDPR (legitimate interests of the administrator) – Processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator, which involve establishing, investigating, or defending claims that may be raised by the Administrator or against the Administrator. Data is stored for the period of the legitimate interest pursued by the Administrator, but no longer than the period of limitation for claims that may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years).
3.2.7 Using the online store's website and ensuring its proper functioning. Article 6(1)(f) of the GDPR (legitimate interests of the administrator) – Processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator, which involve managing and maintaining the online store's website. Data is stored for the duration of the legitimate interest pursued by the Administrator, but not longer than the period of limitation for claims related to the Administrator's business activities. The limitation periods are specified by legal provisions, particularly the Civil Code (the basic limitation period for claims related to business activities is three years, and for a Sales Agreement, it is two years).
3.2.8 Conducting statistics and analyzing traffic in the Online Store. Article 6(1)(f) of the GDPR (legitimate interests of the administrator) – Processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator, which involve conducting statistics and analyzing traffic in the Online Store to improve its functionality and increase product sales. Data is retained for the period necessary to fulfill the legitimate interests pursued by the Administrator, but no longer than the statute of limitations for claims against the individual concerning the business activities conducted by the Administrator. The statute of limitations is determined by legal regulations, particularly the Civil Code, which states the basic limitation period for claims related to business activities is three years, and for Sales Agreements, it is two years.
3.2. The Administrator may process personal data within the online store for the purposes, on the legal bases, and for the periods indicated below:
3.2.1 Performance of a Sales Agreement or an agreement for the provision of Electronic Services, or taking actions at the request of the data subject prior to the conclusion of the aforementioned agreements. Article 6(1)(b) of the GDPR (contract performance) – processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. Data is retained for the period necessary to execute, terminate, or otherwise expire the concluded Sales Agreement or agreement for the provision of Electronic Services
3.2.2 Direct marketing. Article 6(1)(f) of the GDPR (legitimate interests of the controller) – Processing is necessary for the purposes of the legitimate interests pursued by the controller, which include maintaining the interests and good image of the controller, their online store, and striving to sell products. Data is retained for the period of the legitimate interests pursued by the Administrator, but no longer than the limitation period for claims against the data subject under the Administrator's business activities. The limitation period is defined by legal regulations, particularly the Civil Code (the basic limitation period for claims related to business activities is three years, and for a Sales Agreement, it is two years).
The Administrator may not process data for direct marketing purposes if the data subject has effectively objected to such processing.
3.2.3 Marketing. Article 6(1)(a) of the GDPR (consent) – the data subject has given their consent to the processing of their personal data for marketing purposes by the Administrator. Data is stored until the data subject withdraws consent for further processing of their data for this purpose.
3.2.4 The expression by a customer of their opinion about a concluded Sales Agreement. Article 6(1)(a) of the GDPR (consent) – the data subject has consented to the processing of their personal data for the purpose of expressing an opinion. Data is stored until the data subject withdraws their consent for further processing of their data for this purpose
3.2.5 Maintaining Accounting Records. Article 6(1)(c) of the GDPR in connection with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395 as amended) – processing is necessary for compliance with a legal obligation to which the Administrator is subject. Data is stored for the period required by legal provisions that mandate the Administrator to keep accounting records (5 years, starting from the beginning of the year following the fiscal year to which the data pertains).
3.2.6 Establishing, investigating, or defending claims that may be raised by the Administrator or that may be raised against the Administrator. Article 6(1)(f) of the GDPR (legitimate interests of the administrator) – Processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator, which involve establishing, investigating, or defending claims that may be raised by the Administrator or against the Administrator. Data is stored for the period of the legitimate interest pursued by the Administrator, but no longer than the period of limitation for claims that may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years).
3.2.7 Using the online store's website and ensuring its proper functioning. Article 6(1)(f) of the GDPR (legitimate interests of the administrator) – Processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator, which involve managing and maintaining the online store's website. Data is stored for the duration of the legitimate interest pursued by the Administrator, but not longer than the period of limitation for claims related to the Administrator's business activities. The limitation periods are specified by legal provisions, particularly the Civil Code (the basic limitation period for claims related to business activities is three years, and for a Sales Agreement, it is two years).
3.2.8 Conducting statistics and analyzing traffic in the Online Store. Article 6(1)(f) of the GDPR (legitimate interests of the administrator) – Processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator, which involve conducting statistics and analyzing traffic in the Online Store to improve its functionality and increase product sales. Data is retained for the period necessary to fulfill the legitimate interests pursued by the Administrator, but no longer than the statute of limitations for claims against the individual concerning the business activities conducted by the Administrator. The statute of limitations is determined by legal regulations, particularly the Civil Code, which states the basic limitation period for claims related to business activities is three years, and for Sales Agreements, it is two years.
4. DATA RECIPIENTS IN THE ONLINE STORE
4.1. For the proper functioning of the Online Store, including the fulfillment of concluded Sales Agreements, it is necessary for the Administrator to use external service providers (such as software providers, couriers, or payment processors). The Administrator only uses the services of such data processors who provide sufficient guarantees to implement appropriate technical and organizational measures to ensure that the processing complies with the requirements of the GDPR and protects the rights of the data subjects.
4.2. For the proper functioning of the Online Store, including the fulfillment of concluded Sales Agreements, it is necessary for the Administrator to use external service providers (such as software providers, couriers, or payment processors). The Administrator only uses the services of such data processors who provide sufficient guarantees to implement appropriate technical and organizational measures to ensure that the processing complies with the requirements of the GDPR and protects the rights of the data subjects.
4.3. The transfer of data by the Administrator does not occur in every instance and not to all recipients or categories of recipients indicated in this privacy policy. The Administrator transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent necessary for its achievement. For example, if the customer chooses in-store pickup, their data will not be shared with the courier collaborating with the Administrator.
4.4. The personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
4.4.1. Carriers / forwarders / courier brokers / entities handling warehousing and/or the shipping process – in the case of a customer who uses postal or courier delivery for a product ordered from the Online Store, the Administrator provides the customer's personal data to the selected carrier, forwarder, or intermediary responsible for shipments on behalf of the Administrator. If the shipment is processed from an external warehouse, the data is shared with the entity responsible for warehousing and/or the shipping process to the extent necessary for delivering the product to the customer.
4.4.2. Entities handling electronic or card payments – in the case of a customer who uses electronic payments or card payments in the Online Store, the Administrator provides the customer's personal data to the selected entity responsible for processing these payments in the Online Store on behalf of the Administrator, to the extent necessary for handling the payment made by the customer.
4.4.3. Service providers supplying the Administrator with technical, IT, and organizational solutions that enable the Administrator to conduct business activities, including the Online Store and the Electronic Services provided through it (in particular, providers of software for operating the Online Store, email and hosting services, as well as software providers for business management and technical support for the Administrator) – The Administrator provides the customer's personal data to the selected provider acting on its behalf only when and to the extent necessary to fulfill the specific purpose of data processing, in accordance with this privacy policy.
4.4.4. Providers of accounting, legal, and advisory services that offer the Administrator accounting, legal, or consultancy support (in particular, an accounting office, law firm, or debt collection company) – The Administrator shares the collected personal data of the customer with the selected provider acting on its behalf only when and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.
4.2. For the proper functioning of the Online Store, including the fulfillment of concluded Sales Agreements, it is necessary for the Administrator to use external service providers (such as software providers, couriers, or payment processors). The Administrator only uses the services of such data processors who provide sufficient guarantees to implement appropriate technical and organizational measures to ensure that the processing complies with the requirements of the GDPR and protects the rights of the data subjects.
4.3. The transfer of data by the Administrator does not occur in every instance and not to all recipients or categories of recipients indicated in this privacy policy. The Administrator transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent necessary for its achievement. For example, if the customer chooses in-store pickup, their data will not be shared with the courier collaborating with the Administrator.
4.4. The personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
4.4.1. Carriers / forwarders / courier brokers / entities handling warehousing and/or the shipping process – in the case of a customer who uses postal or courier delivery for a product ordered from the Online Store, the Administrator provides the customer's personal data to the selected carrier, forwarder, or intermediary responsible for shipments on behalf of the Administrator. If the shipment is processed from an external warehouse, the data is shared with the entity responsible for warehousing and/or the shipping process to the extent necessary for delivering the product to the customer.
4.4.2. Entities handling electronic or card payments – in the case of a customer who uses electronic payments or card payments in the Online Store, the Administrator provides the customer's personal data to the selected entity responsible for processing these payments in the Online Store on behalf of the Administrator, to the extent necessary for handling the payment made by the customer.
4.4.3. Service providers supplying the Administrator with technical, IT, and organizational solutions that enable the Administrator to conduct business activities, including the Online Store and the Electronic Services provided through it (in particular, providers of software for operating the Online Store, email and hosting services, as well as software providers for business management and technical support for the Administrator) – The Administrator provides the customer's personal data to the selected provider acting on its behalf only when and to the extent necessary to fulfill the specific purpose of data processing, in accordance with this privacy policy.
4.4.4. Providers of accounting, legal, and advisory services that offer the Administrator accounting, legal, or consultancy support (in particular, an accounting office, law firm, or debt collection company) – The Administrator shares the collected personal data of the customer with the selected provider acting on its behalf only when and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.
5. PROFILING IN THE ONLINE STORE
5.1. The GDPR imposes an obligation on the Administrator to inform about automated decision-making, including profiling, as outlined in Article 22(1) and (4) of the GDPR. In these cases, the Administrator must provide significant information about the decision-making principles, as well as the significance and expected consequences of such processing for the data subject. Bearing this in mind, the Administrator provides information in this section of the privacy policy regarding potential profiling.
5.2. The Administrator may use profiling in the Online Store for direct marketing purposes; however, the decisions made based on this profiling do not concern the conclusion or refusal of a Sales Agreement or the ability to use Electronic Services in the Online Store. The effects of using profiling in the Online Store may include, for example, granting a person a discount, sending them a discount code, reminding them of unfinished purchases, offering a product that may match their interests or preferences, or offering better conditions compared to the standard Online Store offer. Despite the profiling, the individual freely decides whether they wish to take advantage of the received discount or better conditions and make a purchase in the Online Store.
5.3. Profiling in the Online Store involves the automatic analysis or prediction of an individual's behavior on the Online Store's website. For example, this could include adding a specific product to the cart, viewing a particular product page, or analyzing the history of previous purchases in the Online Store. The condition for such profiling is that the Administrator must have the individual's personal data in order to send them, for instance, a discount code.
5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
5.2. The Administrator may use profiling in the Online Store for direct marketing purposes; however, the decisions made based on this profiling do not concern the conclusion or refusal of a Sales Agreement or the ability to use Electronic Services in the Online Store. The effects of using profiling in the Online Store may include, for example, granting a person a discount, sending them a discount code, reminding them of unfinished purchases, offering a product that may match their interests or preferences, or offering better conditions compared to the standard Online Store offer. Despite the profiling, the individual freely decides whether they wish to take advantage of the received discount or better conditions and make a purchase in the Online Store.
5.3. Profiling in the Online Store involves the automatic analysis or prediction of an individual's behavior on the Online Store's website. For example, this could include adding a specific product to the cart, viewing a particular product page, or analyzing the history of previous purchases in the Online Store. The condition for such profiling is that the Administrator must have the individual's personal data in order to send them, for instance, a discount code.
5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
6. RIGHTS OF THE DATA SUBJECT
6.1. Right of access, rectification, restriction, deletion, or transfer – The data subject has the right to request from the Administrator access to their personal data, its rectification, deletion ("right to be forgotten"), or restriction of processing. They also have the right to object to the processing and the right to data portability. The detailed conditions for exercising the above rights are set out in Articles 15-21 of the GDPR.
6.2. Right to withdraw consent at any time – If the data subject’s personal data is processed by the Administrator based on consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), they have the right to withdraw their consent at any time without affecting the lawfulness of the processing that was carried out based on the consent before its withdrawal.
6.3. Right to file a complaint with a supervisory authority – A data subject whose data is processed by the Administrator has the right to file a complaint with a supervisory authority in the manner and procedure specified by the provisions of the GDPR and Polish law, particularly the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office (PUODO).
6.4. Right to object – The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or Article 6(1)(f) (legitimate interest of the Administrator), including profiling based on these provisions. In such a case, the Administrator shall no longer process the personal data unless the Administrator demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
6.5. Right to object to direct marketing – If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
6.6. To exercise the rights mentioned in this section of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or via email to the address provided at the beginning of the privacy policy, or by using the contact form available on the Online Store's website.
6.2. Right to withdraw consent at any time – If the data subject’s personal data is processed by the Administrator based on consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), they have the right to withdraw their consent at any time without affecting the lawfulness of the processing that was carried out based on the consent before its withdrawal.
6.3. Right to file a complaint with a supervisory authority – A data subject whose data is processed by the Administrator has the right to file a complaint with a supervisory authority in the manner and procedure specified by the provisions of the GDPR and Polish law, particularly the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office (PUODO).
6.4. Right to object – The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or Article 6(1)(f) (legitimate interest of the Administrator), including profiling based on these provisions. In such a case, the Administrator shall no longer process the personal data unless the Administrator demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
6.5. Right to object to direct marketing – If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
6.6. To exercise the rights mentioned in this section of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or via email to the address provided at the beginning of the privacy policy, or by using the contact form available on the Online Store's website.
7. COOKIES IN THE ONLINE STORE AND ANALYTICS
7.1. Cookies are small text information in the form of text files, sent by the server and stored on the visitor's side when they visit the online store (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone—depending on the device used to visit our online store). Detailed information about cookies, as well as their history, can be found, among other places, here: HTTP cookie - Wikipedia.
7.2. Cookies that may be sent by the online store can be divided into different types based on the following criteria:
7.2.1 Due to their provider: First-party (created by the online store administrator) and Third-party (belonging to entities other than the administrator)
7.2.2 Based on their storage duration on the visitor's device: Session cookies (stored until the user logs out of the online store or closes the web browser) and Persistent cookies (stored for a specific period defined by the parameters of each file or until manually deleted) .
7.2.3 Based on their purpose of use: Necessary (enabling the proper functioning of the online store), Functional/preferential (allowing the customization of the online store to the preferences of the visitor), Analytical and performance (collecting information about how the online store is used), Marketing, advertising, and social (collecting information about the visitor to display advertisements, personalize them, measure effectiveness, and conduct other marketing activities, including on websites separate from the online store, such as social media platforms or other sites belonging to the same advertising networks as the online store)
7.3. The administrator may process data contained in cookies during visitors' use of the online store for the following specific purposes: Identification of users as logged in to the online store and indicating that they are logged in (necessary cookies), Remembering products added to the cart for placing an order (necessary cookies), Remembering data from filled-out order forms, surveys, or login information for the online store (necessary and/or functional/preferential cookies), Customizing the content of the online store to the individual preferences of the user (e.g., regarding colors, font size, page layout) and optimizing the use of the online store's pages (functional/preferential cookies) Conducting anonymous statistics that show how the online store is used (analytical and performance cookies) Displaying and rendering advertisements, limiting the number of ad views, and ignoring ads that the user does not want to see, measuring ad effectiveness, and personalizing ads by analyzing the behavior of visitors to the online store through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) to create profiles and deliver ads tailored to their anticipated interests, including when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook, i.e., Meta Platforms Ireland Ltd. (marketing, advertising, and social cookies).
7.4. Checking in the most popular web browsers which cookies (including their duration and provider) are currently being sent by the online store can be done in the following way:
In the Chrome browser: (1) Click the lock icon on the left side of the address bar, (2) go to the "Cookies" tab7.5. In the Firefox browser: (1) Click the shield icon on the left side of the address bar, (2) go to the "Allowed" or "Blocked" tab, (3) click on "Third-party cookies," "Social media tracking elements," or "Content with tracking elements.”. In the Internet Explorer browser: (1) Click the "Tools" menu, (2) go to the "Internet Options" tab, (3) navigate to the "General" tab, (4) go to the "Settings" tab, (5) click the "View files" button. In the Opera browser: (1) Click the lock icon on the left side of the address bar, (2) go to the "Cookies" tab. In the Safari browser: (1) Click the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on "Manage website data. Regardless of the browser, using tools available, for example, on the website: https://www.cookiemetrix.com/ or https://www.cookie-checker.com/ .
7.5 By default, most web browsers available on the market accept the storage of cookies. Everyone has the option to specify the conditions for using cookies through their browser settings. This means that one can partially restrict (e.g., temporarily) or completely disable the ability to save cookies. However, in the latter case, it may affect some functionalities of the online store (for example, it may become impossible to complete the order process through the order form due to the failure to remember products in the cart during subsequent steps of placing an order).
7.6. Browser settings regarding cookies are important from the perspective of consent to the use of cookies by our online store—according to regulations, such consent can also be expressed through browser settings. Detailed information about changing cookie settings and manually deleting them in the most popular web browsers is available in the browser's help section and on the following pages (just click on the respective link): • In the Chrome browser • In the Firefox browser • In the Internet Explorer browser • In the Opera browser • In the Safari browser • In the Microsoft Edge browser
7.7. The administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the online store. These services help the administrator generate statistics and analyze traffic in the online store. The collected data is processed within these services to generate statistics useful for managing the online store and analyzing traffic. This data is aggregated. While using these services in the online store, the administrator collects data such as the sources and mediums through which visitors reach the online store, their behavior on the site, information about the devices and browsers used to access the site, IP addresses and domains, geographic data, as well as demographic data (age, gender) and interests.
7.8. It is easy for an individual to block the sharing of information about their activity on the online store with Google Analytics. To do this, one can install the browser extension provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=en.
7.9. In connection with the possibility of the administrator using advertising and analytical services provided by Google Ireland Ltd. in the online store, the administrator indicates that complete information about the processing of data from visitors to the online store (including information stored in cookies) by Google Ireland Ltd. is available in the privacy policy of Google services at the following link: https://policies.google.com/technologies/partner-sites.
7.2. Cookies that may be sent by the online store can be divided into different types based on the following criteria:
7.2.1 Due to their provider: First-party (created by the online store administrator) and Third-party (belonging to entities other than the administrator)
7.2.2 Based on their storage duration on the visitor's device: Session cookies (stored until the user logs out of the online store or closes the web browser) and Persistent cookies (stored for a specific period defined by the parameters of each file or until manually deleted) .
7.2.3 Based on their purpose of use: Necessary (enabling the proper functioning of the online store), Functional/preferential (allowing the customization of the online store to the preferences of the visitor), Analytical and performance (collecting information about how the online store is used), Marketing, advertising, and social (collecting information about the visitor to display advertisements, personalize them, measure effectiveness, and conduct other marketing activities, including on websites separate from the online store, such as social media platforms or other sites belonging to the same advertising networks as the online store)
7.3. The administrator may process data contained in cookies during visitors' use of the online store for the following specific purposes: Identification of users as logged in to the online store and indicating that they are logged in (necessary cookies), Remembering products added to the cart for placing an order (necessary cookies), Remembering data from filled-out order forms, surveys, or login information for the online store (necessary and/or functional/preferential cookies), Customizing the content of the online store to the individual preferences of the user (e.g., regarding colors, font size, page layout) and optimizing the use of the online store's pages (functional/preferential cookies) Conducting anonymous statistics that show how the online store is used (analytical and performance cookies) Displaying and rendering advertisements, limiting the number of ad views, and ignoring ads that the user does not want to see, measuring ad effectiveness, and personalizing ads by analyzing the behavior of visitors to the online store through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) to create profiles and deliver ads tailored to their anticipated interests, including when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook, i.e., Meta Platforms Ireland Ltd. (marketing, advertising, and social cookies).
7.4. Checking in the most popular web browsers which cookies (including their duration and provider) are currently being sent by the online store can be done in the following way:
In the Chrome browser: (1) Click the lock icon on the left side of the address bar, (2) go to the "Cookies" tab7.5. In the Firefox browser: (1) Click the shield icon on the left side of the address bar, (2) go to the "Allowed" or "Blocked" tab, (3) click on "Third-party cookies," "Social media tracking elements," or "Content with tracking elements.”. In the Internet Explorer browser: (1) Click the "Tools" menu, (2) go to the "Internet Options" tab, (3) navigate to the "General" tab, (4) go to the "Settings" tab, (5) click the "View files" button. In the Opera browser: (1) Click the lock icon on the left side of the address bar, (2) go to the "Cookies" tab. In the Safari browser: (1) Click the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on "Manage website data. Regardless of the browser, using tools available, for example, on the website: https://www.cookiemetrix.com/ or https://www.cookie-checker.com/ .
7.5 By default, most web browsers available on the market accept the storage of cookies. Everyone has the option to specify the conditions for using cookies through their browser settings. This means that one can partially restrict (e.g., temporarily) or completely disable the ability to save cookies. However, in the latter case, it may affect some functionalities of the online store (for example, it may become impossible to complete the order process through the order form due to the failure to remember products in the cart during subsequent steps of placing an order).
7.6. Browser settings regarding cookies are important from the perspective of consent to the use of cookies by our online store—according to regulations, such consent can also be expressed through browser settings. Detailed information about changing cookie settings and manually deleting them in the most popular web browsers is available in the browser's help section and on the following pages (just click on the respective link): • In the Chrome browser • In the Firefox browser • In the Internet Explorer browser • In the Opera browser • In the Safari browser • In the Microsoft Edge browser
7.7. The administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the online store. These services help the administrator generate statistics and analyze traffic in the online store. The collected data is processed within these services to generate statistics useful for managing the online store and analyzing traffic. This data is aggregated. While using these services in the online store, the administrator collects data such as the sources and mediums through which visitors reach the online store, their behavior on the site, information about the devices and browsers used to access the site, IP addresses and domains, geographic data, as well as demographic data (age, gender) and interests.
7.8. It is easy for an individual to block the sharing of information about their activity on the online store with Google Analytics. To do this, one can install the browser extension provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=en.
7.9. In connection with the possibility of the administrator using advertising and analytical services provided by Google Ireland Ltd. in the online store, the administrator indicates that complete information about the processing of data from visitors to the online store (including information stored in cookies) by Google Ireland Ltd. is available in the privacy policy of Google services at the following link: https://policies.google.com/technologies/partner-sites.
8. FINAL PROVISIONS
8.1. The online store may contain links to other websites. The administrator encourages users to familiarize themselves with the privacy policy established on those sites after navigating away. This privacy policy applies only to the administrator's online store.