Privacy Policy
Zasady przetwarzania danych osobowych w serwisie SpeedPack.com.pl
Effective from: 01.01.2024
PRIVACY POLICY OF THE SPEEDPACK.COM.PL WEBSITE
- GENERAL PROVISIONS
- PODSTAWY PRZETWARZANIA DANYCH
- CEL, PODSTAWA, OKRES I ZAKRES PRZETWARZANIA DANYCH W SERWISIE INTERNETOWYM
- ODBIORCY DANYCH W SERWISIE INTERNETOWYM
- PROFILOWANIE W SERWISIE INTERNETOWYM
- RIGHTS OF THE DATA SUBJECT
- COOKIES W SERWISIE INTERNETOWYM, DANE EKSPLOATACYJNE I ANALITYKA
- FINAL PROVISIONS.
1) GENERAL PROVISIONS
- This Privacy Policy of the Website is for informational purposes, which means it is not a source of obligations for Service Recipients or Clients of the Website. The Privacy Policy contains primarily the rules for the processing of personal data by the Controller on the Website, including the basis, purposes, and scope of personal data processing, as well as the rights of data subjects, and information regarding the use of cookies and analytical tools on the Website.
- The controller of personal data collected via the Website is Krzysztof Kwiatkowski operating a business under the name Speedpack, registered with the Companies Registration Office Ireland under number 429839, with: business address and address for service: DMG House, Deansgrange Business Park, Kill Lane, Deansgrange, Blackrock Co Dublin, Ireland, email: kontakt@speedpack.com.pl - hereinafter referred to as the „Controller” and simultaneously the Service Provider of the Website and Seller.
- Personal data on the Website is processed by the Controller in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as „GDPR” or „GDPR Regulation”. Official text of the GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
- Use of the Website, including entering into contracts, is voluntary. Similarly, the provision of personal data by a Website Service Recipient or Client is voluntary, subject to two exceptions: (1) entering into contracts with the Controller - failure to provide, in the cases and to the extent indicated on the Website and in the Terms of the Website and this personal data privacy policy, of personal data necessary for the conclusion and performance of a transport contract, service contract, or Electronic Service contract with the Controller, results in the inability to conclude such a contract. The provision of personal data is in such a case a contractual requirement, and if the data subject wishes to conclude a given contract with the Controller, they are obliged to provide the required data. The scope of data required to conclude a contract is indicated each time on the Website and in the Terms of the Website; (2) statutory obligations of the Controller - the provision of personal data is a statutory requirement arising from generally applicable legal provisions imposing on the Controller the obligation to process personal data (e.g. processing data for the purpose of maintaining tax or accounting records), and failure to provide such data will prevent the Controller from fulfilling these obligations.
- The Controller takes special care to protect the interests of persons whose personal data it processes, and in particular is responsible for and ensures, that the data collected is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; (3) substantively correct and adequate in relation to the purposes for which it is processed; (4) stored in a form that permits identification of data subjects for no longer than is necessary to achieve the purpose of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Taking into account the nature, scope, context, and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller implements appropriate technical and organisational measures to ensure and be able to demonstrate that processing is performed in accordance with this Regulation. Those measures shall be reviewed and updated where necessary. The Controller applies technical measures preventing unauthorised persons from obtaining and modifying personal data transmitted electronically.
- All words, expressions, and acronyms appearing in this Privacy Policy and beginning with a capital letter (e.g. Service Provider, Website, Electronic Service) should be understood in accordance with their definition in the Website Terms and Conditions available on the Website.
2) PODSTAWY PRZETWARZANIA DANYCH
- The Controller is authorised to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is party, or for taking steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- Processing of personal data by the Controller requires in each case at least one of the legal bases indicated in section 2.1 of the Privacy Policy. The specific legal bases for processing personal data of Service Recipients and Clients of the Website by the Controller are indicated in the next section of the privacy policy - in relation to the given purpose of personal data processing by the Controller.
3) CEL, PODSTAWA, OKRES I ZAKRES PRZETWARZANIA DANYCH W SERWISIE INTERNETOWYM
- In each case, the purpose, legal basis, period, scope, and recipients of personal data processed by the Controller result from the actions taken by the given Service Recipient or Client on the Website.
- Administrator może przetwarzać dane osobowe w Serwisie Internetowym w następujących celach, na następujących podstawach, w okresach oraz w następującym zakresie:
Cel przetwarzania danych Podstawa prawna przetwarzania i okres przechowywania danych Podstawa prawna przetwarzania i okres przechowywania danych Performance of a contract or taking steps at the request of the data subject prior to entering into a contract Artykuł 6 ust. 1 lit. b) Rozporządzenia RODO (wykonanie umowy) Dane są przechowywane przez okres niezbędny do wykonania, rozwiązania lub wygaśnięcia w inny sposób zawartej umowy. Zakres maksymalny: imię i nazwisko; email address; numer telefonu kontaktowego; adres dostawy (ulica, numer domu, numer lokalu, kod pocztowy, miejscowość, kraj), adres zamieszkania/prowadzenia działalności/siedziby (jeżeli jest inny niż adres dostawy). W wypadku Usługobiorców lub Klientów nie będących konsumentami Administrator może przetwarzać dodatkowo nazwę firmy oraz numer identyfikacji podatkowej (NIP) Usługobiorcy lub Klienta. Podany zakres jest maksymalny – w przypadku np. odbioru osobistego nie jest konieczne podanie adresu dostawy. Direct marketing Artykuł 6 ust. 1 lit. f) Rozporządzenia RODO (prawnie uzasadniony interes administratora) Dane są przechowywane przez okres istnienia prawnie uzasadnionego interesu realizowanego przez the Controller, nie dłużej jednak niż przez okres przedawnienia roszczeń w stosunku do osoby, której dane dotyczą, z tytułu prowadzonej przez the Controller działalności gospodarczej. Okres przedawnienia określają przepisy prawa, w szczególności kodeksu cywilnego (podstawowy termin przedawnienia dla roszczeń związanych z prowadzeniem działalności gospodarczej wynosi trzy lata). Administrator nie może przetwarzać danych w celu marketingu bezpośredniego w przypadku wyrażenia skutecznego sprzeciwu w tym zakresie przez osobę, której dane dotyczą. Adres poczty elektronicznej Marketing Artykuł 6 ust. 1 lit. a) Rozporządzenia RODO (zgoda) Dane przechowywane są do momentu wycofania zgody przez osobę, której dane dotyczą na dalsze przetwarzanie jej danych w tym celu. First name, email address Maintaining accounting/tax records Artykuł 6 ust. 1 lit. c) Rozporządzenia RODO Dane są przechowywane przez okres wymagany właściwymi przepisami prawa nakazującymi Administratorowi przechowywanie dokumentacji księgowej/podatkowej Full name; residential/business/registered address (if different from delivery address), company name and tax identification number (NIP) of the Service Recipient or Client Establishment, pursuit, or defence of claims that the Controller may raise or that may be raised against the Controller Artykuł 6 ust. 1 lit. f) Rozporządzenia RODO Dane są przechowywane przez okres istnienia prawnie uzasadnionego interesu realizowanego przez the Controller, nie dłużej jednak niż przez okres przedawnienia roszczeń w stosunku do osoby, której dane dotyczą, z tytułu prowadzonej przez the Controller działalności gospodarczej. Okres przedawnienia określają przepisy prawa, w szczególności kodeksu cywilnego (podstawowy termin przedawnienia dla roszczeń związanych z prowadzeniem działalności gospodarczej wynosi trzy lata). Imię i nazwisko; numer telefonu kontaktowego; email address; adres dostawy (ulica, numer domu, numer lokalu, kod pocztowy, miejscowość, kraj), adres zamieszkania/prowadzenia działalności/siedziby (jeżeli jest inny niż adres dostawy). W wypadku Usługobiorców lub Klientów nie będących konsumentami Administrator może przetwarzać dodatkowo nazwę firmy oraz numer identyfikacji podatkowej (NIP) Usługobiorcy lub Klienta.
4) ODBIORCY DANYCH W SERWISIE INTERNETOWYM
- For the proper functioning of the Website, it is necessary for the Controller to use the services of external entities (such as software providers, couriers, or payment processing entities). The Controller uses only the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organisational measures, so that processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.
- Data transfer by the Controller does not occur in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – the Controller transfers data only when, when it is necessary for the realisation of a given purpose of personal data processing and only to the extent necessary to achieve it.
- Dane osobowe Usługobiorców i Klientów the Website mogą być przekazywane następującym odbiorcom lub kategoriom odbiorców:
- carriers - in the case of a Client who uses the Website's shipment delivery service via an external courier company, the Controller shares the collected personal data of the Client to the selected carrier, freight forwarder, or intermediary fulfilling shipments on behalf of the Controller to the extent necessary to carry out the delivery of the Product to the Client.
- entities handling electronic or card payments - in the case of a Client, who uses electronic or card payment methods on the Website, the Controller shares the collected personal data of the Client with the selected entity handling such payments on the Website on behalf of the Controller to the extent necessary to process the payment made by the Client.
- service providers supplying the Controller with technical, IT, and organisational solutions, enabling the Controller to conduct business activities, including the Website and the Electronic Services provided through it (in particular, providers of computer software for operating the Website, email and hosting providers, and providers of software for business management and technical support to the Controller) - the Controller shares the collected personal data of the Client with the selected provider acting on its behalf only in the event and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
- accounting, legal, and advisory service providers providing the Controller with accounting, legal, or advisory support (in particular accounting firms, law firm, or debt collection company) - the Controller shares the collected personal data of the Client with the selected provider acting on its behalf only in the event and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
5) PROFILOWANIE W SERWISIE INTERNETOWYM
- The GDPR Regulation imposes on the Controller the obligation to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR Regulation, and - at least in those cases - meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. With this in mind, the Controller provides in this section of the privacy policy information regarding possible profiling.
- The Controller may use profiling on the Website for direct marketing purposes, but decisions made na jego podstawie przez the Controller do not concern the conclusion or refusal to conclude a contract, or the ability to use the Electronic Services on the Website.
- Profiling on the Website involves automatic analysis or prediction of a given person's behaviour on the Website, or through analysis of the history of actions taken on the Website. The condition for such profiling is that the Controller holds the personal data of the given person, in order to then be able to send them, for example, a discount code.
- The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, and which produces legal effects concerning that person or similarly significantly affects them.
6) RIGHTS OF THE DATA SUBJECT
- Right of access, rectification, restriction, erasure, or portability - the data subject has the right to request from the Controller access to their personal data, their rectification, erasure ("right to be forgotten"), or restriction of processing, and has the right to object to processing, as well as the right to data portability. The detailed conditions for exercising the above-mentioned rights are set out in Articles 15-21 of the GDPR Regulation.
- Right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of consent given (pursuant to Art. 6(1)(a) or Art. 9(2)(a) of the GDPR Regulation), they have the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.
- Prawo wniesienia skargi do organu nadzorczego – a person whose data is processed by the Controller, ma prawo wniesienia skargi do organu nadzorczego in the manner and procedure specified in the provisions of the GDPR Regulation and Polish law, in particular the Act on Personal Data Protection. The supervisory authority in Poland is the President of the Personal Data Protection Office.
- Right to object - the data subject has the right to object at any time – for reasons related to their particular situation – against the processing of their personal data based on Art. 6(1)(e) (public interest or tasks) or (f) (legitimate interests of the controller), including profiling based on those provisions. In such a case, the Controller may no longer process that personal data, unless the Controller demonstrates compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims.
- Right to object to direct marketing - if personal data is processed for the purposes of direct marketing, the data subject has the right at any time to object to the processing of their personal data for the purposes of such marketing, including profiling, insofar as the processing is related to such direct marketing.
- To exercise the rights referred to in this section of the Privacy Policy, you may contact the Controller by sending an appropriate message in writing or by email to the address of the Controller indicated at the beginning of the privacy policy, or by using the contact form available on the Website.
7) COOKIES W SERWISIE INTERNETOWYM, DANE EKSPLOATACYJNE I ANALITYKA
- Cookies are small text information in the form of text files, sent by the server and stored on the device of the person visiting the Website (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on the device used by the visitor to our Website). Detailed information about Cookies, as well as the history of their creation, can be found here: http://en.wikipedia.org/wiki/HTTP_cookie.
- Administrator może przetwarzać dane zawarte w plikach Cookies podczas korzystania przez odwiedzających ze strony the Website w następujących celach:
- identifying Service Recipients as logged in on the Website and showing that they are logged in;
- remembering Products added to the basket for Order placement;
- remembering data from completed Order Forms, danych logowania do the Website;
- maintaining anonymous statistics showing how the Website is used;
- By default, most web browsers available on the market accept the storage of cookies. Everyone has the ability to define the conditions for the use of Cookies through their web browser settings. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the ability to store Cookies - in the latter case, however, this may affect some functionalities of the Website.
- Browser settings regarding cookies are important from the perspective of consent for the use of Cookies by our Website - in accordance with regulations, such consent may also be expressed through web browser settings. In the absence of such consent, the web browser settings regarding Cookies should be changed accordingly.
- Szczegółowe informacje na temat zmiany ustawień dotyczących plików Cookies oraz ich samodzielnego usuwania w najpopularniejszych przeglądarkach internetowych dostępne są w dziale pomocy browser internetowej oraz na poniższych stronach (wystarczy kliknąć w dany link):
- The Controller may use Google Analytics services on the Website, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services help the Controller analyse traffic on the Website. The collected data is processed within these services in an anonymised manner (these are so-called operational data that do not allow identification of a person) to generate statistics helpful in administering the Website. This data is aggregate and anonymous, i.e. it does not contain identifying features (personal data) of persons visiting the Website. By using these services on the Website, the Controller collects data such as the sources and medium of acquisition of Website visitors and their behaviour on the Website, information about the devices and browsers used to visit the site, IP addresses and domains, geographical data and demographic data (age, gender) and interests.
- It is possible for a person to easily block Google Analytics from sharing information about their activity on the Website - to do so, you can install the browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=en.
8) FINAL PROVISIONS
- The Website may contain links to other websites. The Controller encourages you to review the privacy policy established there when visiting other websites. This privacy policy applies only to the Website of the Controller.