OF VETEXPERT.EU ONLINE SHOP
TABLE OF CONTENTS:
- GENERAL PROVISIONS
- GROUNDS FOR PROCESSING OF DATA
- PURPOSE, GROUNDS, PERIOD AND SCOPE OF PROCESSING OF DATA IN ONLINE SHOP
- DATA RECIPIENTS IN ONLINE SHOP
- PROFILING IN ONLINE SHOP
- RIGHTS OF PERSON CONCERNED BY DATA
- COOKIES IN ONLINE SHOP, OPERATING DATA AND ANALYTICS
- FINAL PROVISIONS
- The Controller of personal data collected through the Online Shop is VET PLANET SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (limited liability company) entered to the register of entrepreneurs of the National Court Register, Registry Court: District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register, with its registered office and address for service: ul. Brukowa 36/2, 05-092 Łomianki, National Court Register (KRS) No. 0000310213, Tax Identification No. (NIP) 5272581427, REGON statistical no. 1415195950, amount of
share capital: PLN 50,000.00, email address: email@example.com, phone number: 228337446 – hereinafter referred to as the “Controller” and being at the same time the Service Provider of the Online Shop and the Seller.
- Contact details of the data protection officer designated by the Controller: Beata Laska, email address: firstname.lastname@example.org
- Personal data in the Online Shop is processed by the Controller in line with the applicable laws, in particular in line with the Regulation of the European Parliament and Council (EC) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of directive 95/46/EC (General Data Protection Regulation) — hereinafter referred to as the “GDPR” or the “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
- The Controller exercises special care to protect interests of persons concerned by personal data processed by it, and in particular is responsible and assures that data collected by it is: (1) processed in compliance with the law; (2) collected for specified, lawful purposes and not subject to further
processing inconsistently with these purposes; (3) correct with regard to the substance and adequate to purposes for which it is processed; (4) stored in the form enabling identification of persons concerned by it, not longer than necessary for reaching the goal of the processing and (5) processed in the manner ensuring proper security of personal data, including protection against prohibited or unlawful processing and accidental loss, destruction or damage, with proper technical or organisational means.
- Taking into account the nature, scope, context and purposes of the processing and the risk of a breach of rights or freedoms of individuals with various probability and severity of a threat, the Controller implements proper technical and organisational means so the processing takes place in line with this regulation and to be able to demonstrate it. These means are reviewed and updated when necessary. The Controller applies technical means preventing unauthorised acquisition and modification of personal data sent by electronic means.
GROUNDS FOR PROCESSING OF DATA
- The Controller is entitled to process personal data in cases when — and within the scope in which — at least one of the below conditions is met: (1) a person concerned by the data expressed consent to the processing of his or her personal data for one or more specified purposes; (2) the processing is necessary for performance of a contract or an agreement to which a person concerned by the data is a party or taking actions at the request of a person concerned by the data, before entering into a contract or an agreement; (3) the processing is necessary for fulfilment of a legal obligation imposed on the Controller; or (4) the processing is necessary for purposes arising out of legally justified interests pursued by the Controller or a third party, with the exception of situations in which overriding nature with respects to these interests is possessed by interests or fundamental rights and freedoms of a person concerned by the data, requiring protection of personal data, in particular if a person concerned by the data is a child.
PURPOSE, GROUNDS, PERIOD AND SCOPE OF PROCESSING OF DATA IN ONLINE SHOP
- In every case the purpose, grounds, period and scope, and recipients of personal data processed by the Controller results from activities performed by a relevant Service Recipient or Customer in the Online Shop. As an example, if a Customer decides to shop in the Online Shop and chooses personal collection of the purchased Product instead of courier service, the Customer’s personal data will be processed to perform the concluded Sale Contract, but will not be made available to a carrier delivering parcels by order of the Controller.
- The Controller may process personal data in the Online Ship for the following purposes, on the following grounds, within the following periods and scope:
|Purpose of processing of data||Legal grounds for processing and period of data storage||Scope of processing of data|
|Performance of a Sale Contract or an Electronic Service agreement or taking actions at the request of a person concerned by data, before entering into the said contracts or agreements|
Article 6(1)(b) of the GDPR Regulation (performance of a contract or an agreement)
Data is stored for the period necessary for performance, termination or expiry in other way of a concluded contract or an agreement.
The maximum scope: first name and surname; email address; contact phone number; delivery address (Street, house number, premises number, postcode, town, country), address of residence/conducting activity/registered office (if different than the delivery address).
In case of Service Recipients or Customers who are not consumers, the Controller may additionally process company name and tax identification number (NIP) of the Service Recipient or Customer.
The provided scope is maximum — in case of, e.g. personal collection it is not necessary to indicate a
Article 6(1)(f) of the GDPR Regulation (legally justified interest of a controller)
Data is stored for the period of existence of a legally justified interest pursued by the Controller, but not longer than the period of limitation of claims against a person concerned by the data, on account of business activity conducted by the Controller. The period of limitation is set forth in the laws, in particular in the provisions of the Civil Code (the basic period of limitation for claims related to conducting business activity is three years, and for a sale contract it is two years).
The Controller cannot process data for the purpose of direct marketing in case a person concerned by the data effectively objects to this.
Article 6(1)(a) of the GDPR Regulation (permission)
Data is stored until permission for further processing of the data for this purpose is withdrawn by a person concerned by the data.
|First name, email address|
|Expressing an opinion by a Customer on a concluded Sale Contract|
Article 6(1)(a) of the GDPR Regulation
Data is stored until permission for further processing of the data for this purpose is withdrawn by a person concerned by the data.
|Keeping tax or accounting records|
Article 6(1)(c) of the GDPR Regulation in conjunction with Art. 86(1) of the General Tax Code, consolidated text of 17 January 2017 (Journal of Laws of 2017, item 201) or Art. 74(2) of the Accounting Act, consolidated text of 30 January 2018 (Journal of Laws of 2018, item 395)
Data is stored for the period provided for in the laws requiring from the Controller to store tax records (until the expiry of the period of limitation of tax liability, unless tax acts provide otherwise) or accounting records (5 years, starting from the beginning of the year following the financial year concerned by the data).
|First name and surname; address of residence/conducting activity/registered office (if it is different than the delivery address), company name and tax identification number (NIP) of a Service Recipient or a Customer.|
|Determining, pursuing or defending claims lodged by the Controller or lodged against the Controller|
Article 6(1)(f) of the GDPR Regulation
Data is stored for the period of existence of a legally justified interest pursued by the Controller, but not longer than the period of expiry of claims against a person concerned by the data, on account of business activity conducted by the Controller. The period of limitation is set forth in the laws, in particular in the provisions of the Civil Code (the basic period of limitation for claims related to conducting business activity is three years, and for a sale contract it is two years).
First name and surname; contact phone number; email address; delivery address (Street, house
In case of Service Recipients or Customers who are not consumers, the Controller may additionally process company name and tax identification number (NIP) of a Service Recipient or Customer.
DATA RECIPIENTS IN ONLINE SHOP
- For correct functioning of the Online Shop, including for performance of concluded Sale Contracts, it is necessary for the Controller to use services of external entities (such as, e.g. a software provider, courier or an entity handling payments). The Controller uses exclusively services of processing entities which give sufficient guarantees of the implementation of appropriate technical and organisational means so the processing meets the requirements of the GDPR Regulation and protects rights of persons concerned by the data.
- Personal data of Service Recipients and Customers of the Online Shop may be transferred only to the following recipients or categories of recipients:
- carriers / freight forwarders / courier brokers — in case of a Customer who chooses in the Online Shop the method of delivery of a Product by post or courier service, the Controller provides collected personal data of the Customer to a selected carrier, freight forwarder or an agent delivering parcels by order of the Controller within the scope necessary for carrying out a delivery of a Product to the Customer.
- entities handling payment card or electronic payments — in case of a Customer who chooses in the Online Shop the method of payment card or electronic payment, the Controller provides collected personal data of the Customer to a selected carrier handling the above payments in the Online Shop by order of the Controller within the scope necessary for handling payments made by the Customer.
- opinion survey system providers — in case of a Customer who consented to express an opinion on a concluded Sale Contract, the Controller provides collected personal data of the Customer to a selected entity supplying a system surveying opinions on concluded Sale Contracts in the Online Shop by order of the Controller within the scope necessary for expressing an opinion by a Customer through an opinion survey system.
PROFILING IN ONLINE SHOP
- The Controller may use profiling in the Online Shop for the purposes of direct marketing, but decision taken on its basis by the Controller do not concern conclusion or a refusal to conclude a Sale Contract or the possibility of use of Electronic Services in the Online Shop. The result of the use of profiling in the Online Shop may be, e.g. granting a discount to a relevant person, sending a discount code to him or her, reminding about unfinished shopping, sending a proposal of a Product which may be consistent with interests or preferences of a relevant person or proposing better terms compared to a standard offer of the Online Shop. In spite of profiling, it is a relevant person who freely takes a decision on whether to use a discount or better terms received in this way and make a purchase in the Online Shop.
- Profiling in the Online Shop consists in an automatic analysis or a forecast of behaviour of a relevant person on the website of the Online Shop, e.g. by adding a specific Product to the basket, browsing the website of a specific Product in the Online Shop through an analysis of to date history of purchases made in the Online Shop. Such profiling is conditional on possession by the Controller of personal data of a relevant person to be able to send him or her, e.g. a discount code.
- A person concerned by data has the right to not be subject to a decision based exclusively on automatic processing, including profiling, and has legal consequences for this person or otherwise significantly affects the person.
RIGHTS OF PERSON CONCERNED BY DATA
- The right to access, correct, limit, delete or transfer — person concerned by data has the right to request from the Controller access to his or her personal data, its correction, deletion (“the right to be forgotten”) or limitation of processing and has the right to raise an objection against the processing, and the right to transfer his or her data. The detailed terms and conditions of the exercising of the aforementioned rights are set forth in Art. 15-21 of the GDPR Regulation.
- The right to withdraw permission at any time — a person concerned by data processed by the Controller on the basis of expressed permission (under Art. 6(1)(a) or Art. 9(2)(a) of the GDPR Regulation) has the right to withdraw permission at any time without prejudice to the lawfulness of the processing made on the basis of the permission before it was withdrawn.
- The right to submit a complaint to a supervising body — a person whose data is processed by the Controller has the right to submit a complaint to a supervising body in the way and mode laid down in the provisions of the GDPR Regulation and the Polish law, in particular the Personal Data Protection Act. In Poland the supervising body is President of the Data Protection Authority.
- The right to objection — a person concerned by the data has the right at any time to raise an objection — for reasons related to his or her special situation — in view of the processing of personal data concerning this person based on Art. 6(1)(e) (interest or public tasks) or (f) (legally justified interest of the Controller), including profiling on the basis of these laws. In such a case the Controller is not allowed anymore to process this personal data, unless it demonstrates the existence of important legally justified grounds for the processing, superior with respect to interests, rights and freedoms of the person concerned by data or the grounds for establishing, pursuing or defence of claims.
- The right to objection concerning direct marketing — if personal data is processed for the purposes of direct marketing, a person concerned by the data has the right to raise at any time an objection against processing of his or her personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
COOKIES IN ONLINE SHOP, OPERATING DATA AND ANALYTICS
- Cookies are small text information in the form of text files, send by a server and saved at the side of a person visiting the website of the Online Shop (e.g. on a hard drive of a computer, laptop or on a memory card of a smartphone — depending on a device used by a visitor to our Online Shop). Detailed information concerning Cookies and their history is available among others here: http://pl.wikipedia.org/wiki/Ciasteczko.
- The Controller may process data contained in Cookies when visitors use the website of the Online Shop for the following purposes:
- identification of Service Recipients as logged on in the Online Shop and showing that they are logged on,
- saving Products added to the basket to place an Order,
- saving data from filled in Order Forms, surveys or data of logging on to the Online Shop,
- tailoring the content of the website of the Online Shop to the individual preferences of a Service Recipient (e.g. concerning colours, font size, website layout) and optimisation of use of the websites of the Online Shop,
- compiling anonymous statistics showing the method of use of the website of the Online Shop,
- remarketing, that is studying features of behaviour of visitors to the Online Shop by an anonymous analysis of their actions (e.g. repeated visits to specific websites, keywords, etc.) to create their profile and provide them with advertisements tailored to their expected interests, and when they are visiting other websites in the advertising network of Google Inc. and Facebook Ireland Ltd.
turn off the possibility of saving Cookies — however, in the last case it may affect certain functionalities of the Online Shop (as an example, it may prove impossible to go through the Order path by an Order Form as Products are not saved in the basket during subsequent steps of Order placement).
- Detailed information on changing settings for Cookies and deleting them on one’s own in the most popular web browsers is available in the web browser’s help section and on the below websites (just click a relevant link):
- in Chrome web browser
- in Firefox web browser
- in Internet Explorer web browser
- in Opera web browser
- in Safari web browser
- in Microsoft Edge web browser
- In the Online Shop the Controller may use services of Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Controller analyse traffic in the Online Shop. Collected data is processed as part of the above services in an anonymised manner (it is the so-called operating data which does not allow to identify a person) to generate statistics helpful in administration of the Online Shop. This data is collective and anonymous, i.e. it does not contain identifying characteristics (personal data) of visitors to the website of the Online Shop. By using the above services in the Online Shop, the Controller collects such data as sources and medium of acquiring visitors to the Online Shop and their behaviour on the website of the Online Shop, information on devices and web browsers with which they visit the website, IP and domain, geographic data and demographic data (age, sex) and interests.
- A person may easily block provision to Google Analytics of the information about his or her activity on the website of the Online Shop — for this purpose you may install an add-on to a web browser made available by Google Inc. at https://tools.google.com/dlpage/gaoptout?hl=pl.
- In the Online Shop the Controller may use Pixel Facebook service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller measure effectiveness of advertisements and find out what actions are taken by visitors to the online shop, and display tailored advertisements to these persons. Detailed information on the functioning of Pixel Facebook is available at the following Internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
- The activity of Pixel Facebook may be managed through advertising settings in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.