PRIVACY POLICY

OF VETEXPERT.EU ONLINE SHOP

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. GROUNDS FOR PROCESSING OF DATA
  3. PURPOSE, GROUNDS, PERIOD AND SCOPE OF PROCESSING OF DATA IN ONLINE SHOP
  4. DATA RECIPIENTS IN ONLINE SHOP
  5. PROFILING IN ONLINE SHOP
  6. RIGHTS OF PERSON CONCERNED BY DATA
  7. COOKIES IN ONLINE SHOP, OPERATING DATA AND ANALYTICS
  8. FINAL PROVISIONS

GENERAL PROVISIONS

  • This privacy policy of the Online Shop is for reference only which means it is not a source of obligations for Service Recipients or Customers of the Online Shop. The privacy policy contains most of all the principles concerning the processing of personal data by the Controller in the Online Shop, including grounds, purposes and scope of the processing of personal data and the rights of persons concerned by the data, and information on use of Cookies and analytical tools in the Online Shop.
  • The Controller of personal data collected through the Online Shop is VET PLANET SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (limited liability company) entered to the register of entrepreneurs of the National Court Register, Registry Court: District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register, with its registered office and address for service: ul. Brukowa 36/2, 05-092 Łomianki, National Court Register (KRS) No. 0000310213, Tax Identification No. (NIP) 5272581427, REGON statistical no. 1415195950, amount of
    share capital: PLN 50,000.00, email address: consultant@vetexpert.eu, phone number: 228337446 – hereinafter referred to as the “Controller” and being at the same time the Service Provider of the Online Shop and the Seller.
  • Contact details of the data protection officer designated by the Controller: Beata Laska, email address: rodo@vetexpert.pl
  • Personal data in the Online Shop is processed by the Controller in line with the applicable laws, in particular in line with the Regulation of the European Parliament and Council (EC) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of directive 95/46/EC (General Data Protection Regulation) — hereinafter referred to as the “GDPR” or the “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
  • The use of the Online Shop, including shopping, is voluntary. Similarly, the related provision of personal data by a Service Recipient or Customer using the Online Shop is voluntary, save for two exceptions: (1) entering into agreements with the Controller — non-provision in cases and within the scope set out on the website of the Online Shop, and in the Regulations of the Online Shop and this privacy policy of personal data necessary for conclusion and performance of a Sales Contract or an Electronic Service agreement with the Controller results in the lack of the possibility of entering into this contract or agreement. In such a case, provision of personal data is a contractual requirement and if a person concerned by the data wants to enter into a relevant contract or agreement with the Controller, he or she is obliged to provide the required data. In every case the scope of data required for entering into a contract or agreement is indicated beforehand on the website of the Online Shop and in the Regulations of the Online Shop; (2) statutory obligations of the Controller — provision of personal data is a statutory requirement resulting from the commonly applicable laws imposing on the Controller the obligation of the processing of personal data (e.g. the processing of personal data to keep accounting or tax records) and failure to provide it makes it impossible for the Controller to fulfil these obligations.
  • The Controller exercises special care to protect interests of persons concerned by personal data processed by it, and in particular is responsible and assures that data collected by it is: (1) processed in compliance with the law; (2) collected for specified, lawful purposes and not subject to further
    processing inconsistently with these purposes; (3) correct with regard to the substance and adequate to purposes for which it is processed; (4) stored in the form enabling identification of persons concerned by it, not longer than necessary for reaching the goal of the processing and (5) processed in the manner ensuring proper security of personal data, including protection against prohibited or unlawful processing and accidental loss, destruction or damage, with proper technical or organisational means.
  • Taking into account the nature, scope, context and purposes of the processing and the risk of a breach of rights or freedoms of individuals with various probability and severity of a threat, the Controller implements proper technical and organisational means so the processing takes place in line with this regulation and to be able to demonstrate it. These means are reviewed and updated when necessary. The Controller applies technical means preventing unauthorised acquisition and modification of personal data sent by electronic means.
  • Any capitalised words, expressions and acronyms present in this privacy policy (e.g. Seller, Online Shop, Electronic Service) are to be understood in line with their definition contained in the Regulations of the Online Shop available on the websites of the Online Shop.

GROUNDS FOR PROCESSING OF DATA

  • The Controller is entitled to process personal data in cases when — and within the scope in which — at least one of the below conditions is met: (1) a person concerned by the data expressed consent to the processing of his or her personal data for one or more specified purposes; (2) the processing is necessary for performance of a contract or an agreement to which a person concerned by the data is a party or taking actions at the request of a person concerned by the data, before entering into a contract or an agreement; (3) the processing is necessary for fulfilment of a legal obligation imposed on the Controller; or (4) the processing is necessary for purposes arising out of legally justified interests pursued by the Controller or a third party, with the exception of situations in which overriding nature with respects to these interests is possessed by interests or fundamental rights and freedoms of a person concerned by the data, requiring protection of personal data, in particular if a person concerned by the data is a child.
  • The processing of personal data by the Controller requires in every case the emergence of at least one of the grounds indicated in point 2.1 of the privacy policy. Specific grounds for the processing of personal data of Service Recipients and Customers of the Online Shop by the Controller are indicated in the next point of the privacy policy — with respect to a relevant purpose of the processing of personal data by the Controller.

PURPOSE, GROUNDS, PERIOD AND SCOPE OF PROCESSING OF DATA IN ONLINE SHOP

  • In every case the purpose, grounds, period and scope, and recipients of personal data processed by the Controller results from activities performed by a relevant Service Recipient or Customer in the Online Shop. As an example, if a Customer decides to shop in the Online Shop and chooses personal collection of the purchased Product instead of courier service, the Customer’s personal data will be processed to perform the concluded Sale Contract, but will not be made available to a carrier delivering parcels by order of the Controller.
  • The Controller may process personal data in the Online Ship for the following purposes, on the following grounds, within the following periods and scope:
Purpose of processing of dataLegal grounds for processing and period of data storageScope of processing of data
Performance of a Sale Contract or an Electronic Service agreement or taking actions at the request of a person concerned by data, before entering into the said contracts or agreements

Article 6(1)(b) of the GDPR Regulation (performance of a contract or an agreement)

Data is stored for the period necessary for performance, termination or expiry in other way of a concluded contract or an agreement.

The maximum scope: first name and surname; email address; contact phone number; delivery address (Street, house number, premises number, postcode, town, country), address of residence/conducting activity/registered office (if different than the delivery address).

In case of Service Recipients or Customers who are not consumers, the Controller may additionally process company name and tax identification number (NIP) of the Service Recipient or Customer.

The provided scope is maximum — in case of, e.g. personal collection it is not necessary to indicate a
delivery address.

Direct marketing

Article 6(1)(f) of the GDPR Regulation (legally justified interest of a controller)

Data is stored for the period of existence of a legally justified interest pursued by the Controller, but not longer than the period of limitation of claims against a person concerned by the data, on account of business activity conducted by the Controller. The period of limitation is set forth in the laws, in particular in the provisions of the Civil Code (the basic period of limitation for claims related to conducting business activity is three years, and for a sale contract it is two years).

The Controller cannot process data for the purpose of direct marketing in case a person concerned by the data effectively objects to this.

Email address
Marketing

Article 6(1)(a) of the GDPR Regulation (permission)

Data is stored until permission for further processing of the data for this purpose is withdrawn by a person concerned by the data.

First name, email address
Expressing an opinion by a Customer on a concluded Sale Contract

Article 6(1)(a) of the GDPR Regulation

Data is stored until permission for further processing of the data for this purpose is withdrawn by a person concerned by the data.

Email address
Keeping tax or accounting records

Article 6(1)(c) of the GDPR Regulation in conjunction with Art. 86(1) of the General Tax Code, consolidated text of 17 January 2017 (Journal of Laws of 2017, item 201) or Art. 74(2) of the Accounting Act, consolidated text of 30 January 2018 (Journal of Laws of 2018, item 395)

Data is stored for the period provided for in the laws requiring from the Controller to store tax records (until the expiry of the period of limitation of tax liability, unless tax acts provide otherwise) or accounting records (5 years, starting from the beginning of the year following the financial year concerned by the data).

First name and surname; address of residence/conducting activity/registered office (if it is different than the delivery address), company name and tax identification number (NIP) of a Service Recipient or a Customer.
Determining, pursuing or defending claims lodged by the Controller or lodged against the Controller

Article 6(1)(f) of the GDPR Regulation

Data is stored for the period of existence of a legally justified interest pursued by the Controller, but not longer than the period of expiry of claims against a person concerned by the data, on account of business activity conducted by the Controller. The period of limitation is set forth in the laws, in particular in the provisions of the Civil Code (the basic period of limitation for claims related to conducting business activity is three years, and for a sale contract it is two years).

First name and surname; contact phone number; email address; delivery address (Street, house
number, premises number, postcode, town, country), address of residence/conducting
activity/registered office (if different than the delivery address).

In case of Service Recipients or Customers who are not consumers, the Controller may additionally process company name and tax identification number (NIP) of a Service Recipient or Customer.

DATA RECIPIENTS IN ONLINE SHOP

  • For correct functioning of the Online Shop, including for performance of concluded Sale Contracts, it is necessary for the Controller to use services of external entities (such as, e.g. a software provider, courier or an entity handling payments). The Controller uses exclusively services of processing entities which give sufficient guarantees of the implementation of appropriate technical and organisational means so the processing meets the requirements of the GDPR Regulation and protects rights of persons concerned by the data.
  • The transfer of data by the Controller is not made in every case and is not made to all recipients or categories of recipients indicated in the privacy policy — the Controller transfers data only when it is necessary for fulfilment of a relevant purpose of the processing of personal data and only within the scope necessary for its fulfilment. As an example, if a Customer chooses personal collection, his or her data will not be transferred to a carrier cooperating with the Controller.
  • Personal data of Service Recipients and Customers of the Online Shop may be transferred only to the following recipients or categories of recipients:
        1. carriers / freight forwarders / courier brokers — in case of a Customer who chooses in the Online Shop the method of delivery of a Product by post or courier service, the Controller provides collected personal data of the Customer to a selected carrier, freight forwarder or an agent delivering parcels by order of the Controller within the scope necessary for carrying out a delivery of a Product to the Customer.
        2. entities handling payment card or electronic payments — in case of a Customer who chooses in the Online Shop the method of payment card or electronic payment, the Controller provides collected personal data of the Customer to a selected carrier handling the above payments in the Online Shop by order of the Controller within the scope necessary for handling payments made by the Customer.
        3. opinion survey system providers — in case of a Customer who consented to express an opinion on a concluded Sale Contract, the Controller provides collected personal data of the Customer to a selected entity supplying a system surveying opinions on concluded Sale Contracts in the Online Shop by order of the Controller within the scope necessary for expressing an opinion by a Customer through an opinion survey system.
        4. service providers supplying to the Controller technical, IT and organisational solutions allowing the Controller to conduct business activity, including the Online Shop and Electronic Services rendered through it (in particular providers of computer software for the management of the Online Shop, email and hosting providers and providers of software for the company management and provision of technical support to the Controller) — the Controller provides collected personal data of a Customer to a selected provider acting by its order only in case and within the scope necessary for fulfilment of a relevant purpose of the processing of data consistent with this privacy policy.
        5. providers of accounting, legal and consulting services ensuring accounting, legal or consulting support for the Controller (in particular an accounting office, law firm or a debt collection company) — the Controller provides collected personal data of a Customer to a selected provider acting by its order only in case and within the scope necessary for fulfilment of a relevant purpose of the processing of data consistent with this privacy policy.

PROFILING IN ONLINE SHOP

  • The GDPR Regulation imposes on the Controller the obligation of informing about automatic decision-making, including about the profiling laid down in Art. 22(1) and (4) of the GDPR Regulation, and — at least in these cases — significant information on the principles of taking them, and on the significance and expected consequences of such processing for a person concerned by data. In consideration of this, the Controller states in this point of the privacy policy information concerning the possible profiling.
  • The Controller may use profiling in the Online Shop for the purposes of direct marketing, but decision taken on its basis by the Controller do not concern conclusion or a refusal to conclude a Sale Contract or the possibility of use of Electronic Services in the Online Shop. The result of the use of profiling in the Online Shop may be, e.g. granting a discount to a relevant person, sending a discount code to him or her, reminding about unfinished shopping, sending a proposal of a Product which may be consistent with interests or preferences of a relevant person or proposing better terms compared to a standard offer of the Online Shop. In spite of profiling, it is a relevant person who freely takes a decision on whether to use a discount or better terms received in this way and make a purchase in the Online Shop.
  • Profiling in the Online Shop consists in an automatic analysis or a forecast of behaviour of a relevant person on the website of the Online Shop, e.g. by adding a specific Product to the basket, browsing the website of a specific Product in the Online Shop through an analysis of to date history of purchases made in the Online Shop. Such profiling is conditional on possession by the Controller of personal data of a relevant person to be able to send him or her, e.g. a discount code.
  • A person concerned by data has the right to not be subject to a decision based exclusively on automatic processing, including profiling, and has legal consequences for this person or otherwise significantly affects the person.

RIGHTS OF PERSON CONCERNED BY DATA

  • The right to access, correct, limit, delete or transfer — person concerned by data has the right to request from the Controller access to his or her personal data, its correction, deletion (“the right to be forgotten”) or limitation of processing and has the right to raise an objection against the processing, and the right to transfer his or her data. The detailed terms and conditions of the exercising of the aforementioned rights are set forth in Art. 15-21 of the GDPR Regulation.
  • The right to withdraw permission at any time — a person concerned by data processed by the Controller on the basis of expressed permission (under Art. 6(1)(a) or Art. 9(2)(a) of the GDPR Regulation) has the right to withdraw permission at any time without prejudice to the lawfulness of the processing made on the basis of the permission before it was withdrawn.
  • The right to submit a complaint to a supervising body — a person whose data is processed by the Controller has the right to submit a complaint to a supervising body in the way and mode laid down in the provisions of the GDPR Regulation and the Polish law, in particular the Personal Data Protection Act. In Poland the supervising body is President of the Data Protection Authority.
  • The right to objection — a person concerned by the data has the right at any time to raise an objection — for reasons related to his or her special situation — in view of the processing of personal data concerning this person based on Art. 6(1)(e) (interest or public tasks) or (f) (legally justified interest of the Controller), including profiling on the basis of these laws. In such a case the Controller is not allowed anymore to process this personal data, unless it demonstrates the existence of important legally justified grounds for the processing, superior with respect to interests, rights and freedoms of the person concerned by data or the grounds for establishing, pursuing or defence of claims.
  • The right to objection concerning direct marketing — if personal data is processed for the purposes of direct marketing, a person concerned by the data has the right to raise at any time an objection against processing of his or her personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
  • To exercise the rights laid out in this point of the privacy policy you may contact the Controller by sending a relevant message in writing or by email to the address of the Controller indicated in the beginning of the privacy policy or by using the contact form available on the website of the Online Shop.

COOKIES IN ONLINE SHOP, OPERATING DATA AND ANALYTICS

  • Cookies are small text information in the form of text files, send by a server and saved at the side of a person visiting the website of the Online Shop (e.g. on a hard drive of a computer, laptop or on a memory card of a smartphone — depending on a device used by a visitor to our Online Shop). Detailed information concerning Cookies and their history is available among others here: http://pl.wikipedia.org/wiki/Ciasteczko.
  • The Controller may process data contained in Cookies when visitors use the website of the Online Shop for the following purposes:
        1. identification of Service Recipients as logged on in the Online Shop and showing that they are logged on,
        2. saving Products added to the basket to place an Order,
        3. saving data from filled in Order Forms, surveys or data of logging on to the Online Shop,
        4. tailoring the content of the website of the Online Shop to the individual preferences of a Service Recipient (e.g. concerning colours, font size, website layout) and optimisation of use of the websites of the Online Shop,
        5. compiling anonymous statistics showing the method of use of the website of the Online Shop,
        6. remarketing, that is studying features of behaviour of visitors to the Online Shop by an anonymous analysis of their actions (e.g. repeated visits to specific websites, keywords, etc.) to create their profile and provide them with advertisements tailored to their expected interests, and when they are visiting other websites in the advertising network of Google Inc. and Facebook Ireland Ltd.
  • As a standard, the majority of web browsers available in the market by default accepts saving Cookies. Everyone has the possibility of specifying conditions of use of Cookies with own web browser settings. It means that it is possible, e.g. to partially limit (e.g. temporarily) or completely
    turn off the possibility of saving Cookies — however, in the last case it may affect certain functionalities of the Online Shop (as an example, it may prove impossible to go through the Order path by an Order Form as Products are not saved in the basket during subsequent steps of Order placement).
  • Web browser settings concerning Cookies are significant from the point of view of permission to use of Cookies by our Online Shop — pursuant to the laws such permission may be also expressed by web browser settings. In case of the lack of permission, web browser settings for Cookies must be changed accordingly.
  • Detailed information on changing settings for Cookies and deleting them on one’s own in the most popular web browsers is available in the web browser’s help section and on the below websites (just click a relevant link):
  1. in Chrome web browser
  2. in Firefox web browser
  3. in Internet Explorer web browser
  4. in Opera web browser
  5. in Safari web browser
  6. in Microsoft Edge web browser
  • In the Online Shop the Controller may use services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Controller analyse traffic in the Online Shop. Collected data is processed as part of the above services in an anonymised manner (it is the so-called operating data which does not allow to identify a person) to generate statistics helpful in administration of the Online Shop. This data is collective and anonymous, i.e. it does not contain identifying characteristics (personal data) of visitors to the website of the Online Shop. By using the above services in the Online Shop, the Controller collects such data as sources and medium of acquiring visitors to the Online Shop and their behaviour on the website of the Online Shop, information on devices and web browsers with which they visit the website, IP and domain, geographic data and demographic data (age, sex) and interests.
  • A person may easily block provision to Google Analytics of the information about his or her activity on the website of the Online Shop — for this purpose you may install an add-on to a web browser made available by Google Inc. at https://tools.google.com/dlpage/gaoptout?hl=pl.
  • In the Online Shop the Controller may use Pixel Facebook service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller measure effectiveness of advertisements and find out what actions are taken by visitors to the online shop, and display tailored advertisements to these persons. Detailed information on the functioning of Pixel Facebook is available at the following Internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

FINAL PROVISIONS

  • The Online Shop may contain links to other websites. The Controller encourages you to familiarise with the privacy policy adopted on other websites after following a link to them. This privacy policy concerns only the Online Shop of the Controller.