PRIVACY POLICY OF SPEEDPACK.COM.PL WEBSITE
- GENERAL PROVISIONS
- BASES OF DATA PROCESSING
- PURPOSE, BASIS, PERIOD AND SCOPE OF PROCESSING OF DATA ON THE WEBSITE
- DATA RECIPIENTS ON THE WEBSITE
- PROFILING ON THE WEBSITE
- RIGHTS OF A PERSON WHO THE DATA APPLIES TO
- COOKIES ON THE WEBSITE, EXPLOITATION DATA AND ANALYTICS
- FINAL PROVISIONS.
1) GENERAL PROVISIONS
- The present privacy policy of the Website is for reference purposes, which means that it is not a source of obligations for the Service Users or Customers of the Website. The privacy policy contains, above all, the rules regarding the processing of the personal data by the Controller on the Website, including the bases, purposes and scope of the personal data processing and the right of persons who this data applies to as well as the information with respect to the application of cookies and analytical tools on the Website.
- The controller of the personal data as collected via the Website is Krzysztof Kwiatkowski running economic activity under the business name Speedpack, entered into the Companies Registration Office Ireland under the number 429839, having: place of business and service address: DMG House, Deansgrange Business Park, Kill Lane, Deansgrange, Blackrock Co Dublin, Ireland, electronic mail address: kontakt@speedpack.com.pl – hereinafter referred to as the “Controller” and simultaneously being the Website Service Provider and Seller.
- The data controller shall process the personal data obtained via the Website in accordance with the applicable provisions of the law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation.” The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
- The use of the Website, including conclusion of the agreements, is voluntary. Similarly, the provision of personal data by the Website Service User or Customer related therewith is voluntary, subject to two exceptions: (1) concluding the agreements with the Controller – failure to provide, in cases and within the scope as provided for on the Website and in the Website Terms of Use and the present privacy policy, personal data as necessary to enter into and perform the transport agreement, services agreement or Electronic Service agreement with the Controller shall result in the inability to conclude that agreement. In such case, the provision of personal data is a contractual requirement and if the person who the data applies to wishes to enter into a given agreement with the Controller, they are obliged to provide the data required. Each time, the scope of the data as required to conclude the agreement shall be priorly indicated on the Website and in the Website Terms of Use; (2) the Controller’s statutory obligations – provision of personal data is a statutory obligation arising under the generally applicable provisions of the law imposing the duty of personal data processing upon the Controller (e.g. personal data processing for the purpose of keeping tax books and account books) and the lack of providing the same will make it impossible for the Controller to perform those duties.
- The Controller shall exercise special care for the purpose of protecting the interests of the persons who the personal data as processed thereby applies to, in particular it shall be responsible for and make sure that the data as gathered thereby is: (1) processed in accordance with the law; (2) collected for lawful purposes and is not subjected to further processing incompliant with those purposes; (3) substantially correct and adequate in relation to the purposes, for which it is proceesed; (4) stored in the form enabling identification of the persons who it applies, not longer than it is necessary for accomplishing the purpose of processing and (5) processed in a way that ensures proper personal data security, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage by means of appropriate technical and organisational measures.
- While taking into account the nature, scope, context and purposes of data processing as well as the risk of infringing upon the rights or freedoms of natural persons of different probability and gravity of the threat, the Controller implements appropriate technical and organisational measures so that the processing of the data takes place in accordance with the present regulation and in order to be able to demonstrate the same. Those measures are, if need arises, subjected to reviews and updates. The Controller employs technical measures preventing the personal data sent electronically from being obtained and modified by unauthorised persons.
- Any words, expressions and acronyms as used herein and beginning with the capital letter (e.g. the Service Provider, Website, Electronic Service) shall be understood in accordance with their definitions as described in the Website Terms of Use as available on its pages.
2) BASES OF DATA PROCESSING
- The Controller shall be authorised to process the personal data in cases where – and in such scope as – at least one of the following conditions is met: (1) the person who the data applies to expressed consent to the processing of their data for one or a larger number of specified purposes; (2) the processing is necessary to perform the agreement, to which the person who the data applies to is a party or to take actions at the request of the person who the data applies to, before the agreement conclusion; (3) the processing is necessary to meet the legal obligation upon the Controller; or (4) the processing is necessary for the purposes arising from legally justified intrests as realised by the Controller or a third party, except where the interests or fundamental rights and freedoms of the data subject have an overriding nature in relation to those interests requiring the protection of personal data, in particular where the data subject is a child.
- The processing of the personal data by the Controller shall each time require the occurence of at least one of the bases as indicated in item 2.1 of the privacy policy. The specific bases of the processing of the personal data of the Service Users and Customers of the Website by the Controller are indicated in the subsequent item of the privacy policy – with respect to a given purpose of the processing of the personal data by the Controller.
3) PURPOSE, BASIS, PERIOD AND SCOPE OF PROCESSING OF DATA ON THE WEBSITE
- Each time the purpose, basis, period and scope as well as the recipients of the personal data as processed by the Controller shall arise from the actions taken by a given Service User or Customer on the Website.
- The Controller may process the personal data on the Website for the following purposes, upon the following bases, in periods and within the following scope:
Data processing purpose | Legal basis for processing and data retention period | Legal basis for processing and data retention period |
Performing the sale agreement or taking actions upon the request of the person who the data applies to, before the conclusion of the agreement, | Article 6, section 1, letter b) of the GDPR Regulation (agreement performance)
The data is retained for a period necessary to perform, dissolve or otherwise terminate the agreement concluded. |
Maximum scope: name and surname; electronic mail address; contact telephone number; delivery address (street, house number, flat number, postal code, municipality, country), address of residence/running business/seat (if different from the delivery address).
In the event of the Service Users or Customers not being consumers, the Controller may, in addtion, process the comapny name and the tax identification number (NIP) of the Service User or Customer. |
Direct marketing | Article 6, section 1, letter f) of GDPR Regulation (legally justified interest of the administrator) The data is stored for the period of existence of a legally justified interest realised by the Controller, not longer, however, than for the period of limitation of claims with respect to the person who the data applies to, by reason of the business activity as run by the Controller. The limitation period is determined by the provisions of the law, in particular the Civil Code (the primary limitation period for claims related to running business activity amounts to three years). The Controller cannot process the data for the direct marketing purposes in case of expressing a sufficient objection in this respect by the person who the data applies to. |
Electronic mail address |
Marketing | Article 6, section 1, letter a) of the GDPR Regulation (consent) The data is stored until the person who the data applies to withdraws their consent for further processing of their data for that purpose. |
Name, electronic mail address |
Keeping accounting/tax documentation | Article 6, section 1, letter c) of the GDPR Regulation The data is stored for the period as required under relevant provisions of the law obligating the Controller to keep accounting/tax documentation |
Name and surname; address of residence/running business/seat (if different from the delivery address), the company name and the tax identification number (NIP) of the Service User or Customer |
Establishing, pursuing or defending claims that the Controller may raise or that may be raised towards the Controller, | Article 6, section 1, letter f) of the GDPR Regulation The data is stored for the period of existence of a legally justified interest realised by the Controller, not longer, however, than for the period of limitation of claims with respect to the person who the data applies to, by reason of the business activity as run by the Controller. The limitation period is determined by the provisions of the law, in particular the Civil Code (the primary limitation period for claims related to running business activity amounts to three years). |
Name and surname; contact telephone number; electronic mail addres; delivery address (street, house number, flat number, postal code, municipality, country), address of residence/running business/seat (if different from the delivery address). In the event of the Service Users or Customers not being consumers, the Controller may, in addtion, process the comapny name and the tax identification number (NIP) of the Service User or Customer. |
4) DATA RECIPIENTS ON THE WEBSITE
- For the correct Website functioning, it is necessary for the Controller to use the services of external entities (such as software suppliers, courier, or entity servicing payments). The Controller shall only use the services of such processing entities that ensure sufficient guarantees of implementing appropriate technical and organisational measures that the processing is compliant with the GDPR Regulation and protects the rights of the persons who the data applies to.
- The transfer of the data by the Controller does not take place in every case and not to all the recipients or categories of recipients as indicated in the privacy policy – the Controller shall transfer the data only when it is necessary to achieve a given purpose of the personal data processing and only within the scope as necessary for its achievement.
- The personal data of the Service Users and Customers of the Website may be transferred to the following recipients or categories of recipients:
- carriers – in case of the Customer who uses the service of package delivery via an external courier company on the Website, the Controller shall make the personal data of the Customer available to the carrier, forwarder or broker realising the package at the Controller’s request within the scope as necessary to perform the Product delivery to the Customer.
- entities handling electronic payments or payments by card – in case of the Customer who uses electronic payments or payment by card on the Website, the Controller shall make the personal data of the Customer available to the entity handling the above payments on the Website at the Controller’s request within the scope as necessary to handle the payment effected by the Customer.
- the services suppliers providing the Controller with technical, ICT and organisational solutions, enabling the Controller running its business activity, including the Website and the Electronic Services rendered by means of it (in particular the suppliers of computer software for running the Website, electronic mail and hosting suppliers and suppliers of software for managing the company and providing technical assistance to the Controller) – the Controller shall make the Customer’s personal data gathered to a selected supplier acting at its request only in the event and within the scope as necessary to achieve a given data processing purpose compatible with the present privacy policy.
- suppliers of accounting, legal and consulting services, providing the Controller with accounting, legal or consulting support (in particular an accounting office, law office or debt collection agency) – the Controller shall make the Customer’s personal data gathered to a selected supplier acting at its request only in the event and within the scope as necessary to achieve a given data processing purpose compatible with the present privacy policy.
5) PROFILING ON THE WEBSITE
- The GDPT Regulation imposes on the Controller the duty to inform about automated decision-making, including about profiling which is referred to in art. 22, section 1 and 4 of the GDPR Regulation and – at least in those cases – essential information about the principles of their making as well as the significance and predicted consequences of such processing for the person who the data applies to. Having that in mind, the Controller provides the information concerning potential profiling in this item of the privacy policy.
- The Controller may use profiling on the Website for direct marketing purposes, however, the decisions made by the Controller on its basis do not apply to the conclusion of or refusal to conclude the agreement, or the possibility of using the Electronic Services on the Website.
- The profiling on the Website consists in an automatic analysis or forecast concerning the behaviour of a given person on the Website or in analysing the current history of actions taken on the Website. The condition for such profiling shall be the Controller’s possession of the personal data of a given person so as to be subsequently able to send them, e.g. a rebate code.
- The person who the data applies to shall have the right not to be subject to a decision that is based solely on automated processing, including profiling, and creates legal effects with respect to that person or significantly influences that person in a similar fashion.
6) RIGHTS OF A PERSON WHO THE DATA APPLIES TO
- The right to access, correct, limit, delete or transfer– the person who the data applies to shall have the right to demand from the Controller access to their personal data, its correction, deletion (“the right to be forgotten”) or limitation of the processing and the right to raise an objection to the processing as well as the right to transfer their data. The detailed terms and conditions of the above-mentioned rights are indicated in art. 15-21 of the GDPR Regulation.
- The right to withdraw consent at any given time – the person whose data is processed by the Controller based on the consent expressed (pursuant to art. 6, section 1, letter a) or art. 9, section 2, letter a) of the GDPR Regulation) shall have the right to withdraw the consent at any given time without impact on the legal compliance of the processing that was performed based on the consent prior to its withdrawal.
- The right to make a complaint to a supervisory body – the person whose personal data is processed by the Controller shall have the right to make a complaint to a supervisory body in the manner and mode as stipulated in the GDPR Regulation provisions and the Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland is the President of the Personal Data Protection Office.
- The right to object – the person who the data applies to shall have the right to raise an objection at any given time – due to reasons related to their special situation – to the processing of the personal data concerning them as based on art. 6, section 1, letter e) (public interest or tasks) or f) (legally justified interest of the controller), including profiling based on those provisions. In such case the Controller shall not be allowed to process that personal data any more unless it proves the existence of important, legally justified bases for processing, superior towards the interests, rights and freedoms of the person who the data applies to, or bases for establishing, pursuing or defending claims.
- The right to object with respect to direct marketing – if the personal data is processed for direct marketing purposes, the person who the data applies to shall have, at any given time, the right to raise an objection to the processing of the personal data concerning them for such marketing purposes, including profiling, within the scope, in which such processing is related to such direct marketing.
- For the purpose of exercising the rights which are referred to in the present item of the privacy policy, you may contact the Controller by sending an appropriate message in writing or via electronic mail to the Controller’s address as indicated in the introduction to the privacy policy or by using the contact form as available on the Website.
7) COOKIES ON THE WEBSITE, EXPLOITATION DATA AND ANALYTICS
- Cookies are small pieces of text information in the form of text files sent by the server and saved on the side of the person visiting the Website (e.g. on the computer or laptop hard disk, or on the smartphone memory card – depending which device the visitor to our Website uses). The detailed information regarding Cookies as well as the history of their creation can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.
- The Controller may process the data contained in Cookies during the visitors’ use of the Website for the following purposes:
- identifying the Service Users as logged into the Website and showing that they are logged in;
- remembering the Products added to the cart for the purpose of Order placement;
- remembering the data from the Order Forms completed, data of logging into the Website;
- running anonymous statistics presenting the manner of using the Website;
- Normally, the majority of the web browsers available on the market accepts Cookies saving by default. Each person shall have the possibility of determining the conditions for Cookies use by means of own web browser settings. This means that you can partly limit (e.g. time-wise) or completely disable the possibility of Cookies saving – in the latter case, however, this may impact certain Website functionalities.
- With respect to Cookies, the web browser settings are important from the point of view of the consent to the use of Cookies by our Website – in accordance with the provisions such consent may also be expressed through the web browser settings. In the event of lack of expressing such consent, you must change the web browser settings properly with respect to Cookies.
- The detailed information on the subject of changing the Cookies settings and their independent removal in the most popular web browsers is available in the help section of the browser and on the below websites (it suffices to click on a given link):
- in Chrome web browser
- in Firefox web browser
- in Internet Explorer web browser
- Opera web browser
- Safari web browser
- Microsoft Edge web browser
- On the Website, the Controller may use the services of Google Analytics, Universal Analytics as supplied by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The services enable the Controller to analyse the traffic on the Website. The data gathered is processed as part of the above services in an anonymised manner (this is the so-called “exploitation data” which disable identification of the person) to generate statistics that are of assistance in the Website administration. That data is of collective and anonymous nature, that is it does not have identification features (personal data) of the person visiting the Website. When using the above services on the Website, the Controller gathers such data as the sources and medium of acquiring the Website visitors and the way they behave on the Website, the information on the devices and web browsers, from which they visit the site, IP as well as the domain, geographical data and demographic data (age, sex) and interests.
- It is possible for a given person to easily block Google Analytics access to the information on their activity on the Website – for this purpose you can install an addon for the web browser as made available by Google Inc. here: https://tools.google.com/dlpage/gaoptout?hl=pl.
8) FINAL PROVISIONS
- The Website may contain links to other websites. Upon transferring to other websites, the Controller encourages you to familiarise yourself with the privacy policy as determined therein. The present privacy policy shall apply to the Controller’s Website only.