Privacy policy

Privacy Policy

1. General Provisions

1.1 This Privacy Policy of the loum.pl Online Store is for informational purposes only, which means that it does not constitute a source of obligations for Service Recipients or Customers of the Online Store. The Privacy Policy primarily contains rules regarding the processing of personal data by the Administrator in the Online Store, including the legal basis, purposes, and duration of personal data processing, as well as the rights of data subjects and information regarding the use of Cookies and analytical tools in the Online Store.

1.2 The administrator of personal data collected via the Online Store is Abnormal Transports Bartosz Kolczyński, with its registered office in Szczawno Zdrój (address: ul. Szczawieńska 2/102A, 58-310 Szczawno Zdrój).

1.3 Personal data in the Online Store is processed by the Administrator in accordance with applicable legal regulations, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as the “GDPR” or the “GDPR Regulation”. Official text of the GDPR Regulation:

http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4 Using the Online Store, including making purchases, is voluntary. Likewise, providing personal data by the Service Recipient or Customer using the Online Store is voluntary, subject to two exceptions:

(1) entering into agreements with the Administrator - failure to provide, in the cases and scope indicated on the Online Store website, in the Online Store Terms and Conditions, and in this Privacy Policy, the personal data necessary to conclude and perform a Sales Agreement or an agreement for the provision of Electronic Services with the Administrator results in the inability to conclude such an agreement. Providing personal data in such a case is a contractual requirement, and if the data subject wishes to conclude a given agreement with the Administrator, they are obliged to provide the required data. The scope of data required to conclude an agreement is each time indicated in advance on the Online Store website and in the Online Store Terms and Conditions;

(2) statutory obligations of the Administrator - providing personal data is a statutory requirement resulting from generally applicable legal regulations imposing on the Administrator the obligation to process personal data (e.g. processing data for the purpose of keeping tax or accounting records), and failure to provide such data will prevent the Administrator from fulfilling these obligations.

1.4.1 Using the Online Store requires the processing of the customer’s personal data to the extent of: first and last name, telephone number, e-mail address, shipping address, and billing address. The data will be processed by Abnormal Transports Bartosz Kolczyński, with its registered office in Szczawno Zdrój (address: ul. Szczawieńska 2/102A, 58-310 Szczawno Zdrój), to the extent necessary to conclude and perform the agreement. Transaction data, including personal data, may be transferred to Krajowy Integrator Płatności S.A., with its registered office in Poznań (Plac Andersa 3, 17th floor, 61-894 Poznań), to the extent necessary to process payment for the order. The customer has the right to access the content of their data and to correct it. Providing data is voluntary, but at the same time necessary to use the Online Store.

1.4.2 Registration and use of the Customer Account by Service Recipients, including linking it with a social media profile or e-mail account, involves the processing of the following personal data: first and last name, company name, contact details (including e-mail address, telephone number and address), VAT number, social media profile name, and other data made available there by you in accordance with the privacy policy of the relevant portal or e-mail account:

(1) for the purpose of providing electronic services in the form of creating and maintaining an account in the Online Store - the legal basis is Article 6(1)(a) of the GDPR Regulation, i.e. the voluntary and informed consent of the Customer; Service Recipient (with regard to optional data provided) and Article 6(1)(b) of the GDPR Regulation, i.e. the necessity of processing personal data (with regard to mandatory data);

(2) for analytical and statistical purposes - the legal basis is Article 6(1)(f) of the GDPR Regulation, i.e. the legitimate interest of the Seller; Service Provider consisting in the analysis of the activity of the Customer; Service Recipient;

(3) for the purpose of establishing, pursuing or defending claims - the legal basis is Article 6(1)(f) of the GDPR Regulation, i.e. the protection of the rights of the Seller; Service Provider;

(4) for the marketing purposes of the Seller; Service Provider and other entities, through the use of behavioural and contextual advertising – the legal basis is Article 6(1)(f) of the GDPR Regulation, i.e. the protection of the rights of the Administrator, and Article 6(1)(a) of the GDPR Regulation, i.e. the voluntary and informed consent of the Customer; Service Recipient.

1.5 Providing personal data by Users of the Service is voluntary. Customers’ personal data will be processed for the purpose of purchasing goods; the processing of data is necessary for the performance of the agreement or on the basis of granted consent for the marketing of our products and services and participation in the Newsletter service. In the case of purchasing goods, personal data will be processed for the proper performance of the purchase and sale agreement for our products, as well as for their shipment. Failure to provide personal data necessary for concluding the purchase and sale agreement results in refusal to conclude such an agreement.

1.6 The legal basis for the processing of personal data in the scope of marketing products and services and participation in the Newsletter service is the granted consent, whereas in the case of purchasing goods, the processing of data is necessary for the performance of the agreement.

1.7 The Administrator exercises particular care in order to protect the interests of persons whose personal data is processed by him and, in particular, is responsible for and ensures that the data collected by him is:

(1) processed lawfully;

(2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;

(3) accurate and adequate in relation to the purposes for which it is processed;

(4) stored in a form permitting identification of data subjects for no longer than is necessary for the purposes for which the data is processed; and

(5) processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures.

1.8 Taking into account the nature, scope, context and purposes of processing, as well as the risk of violation of the rights or freedoms of natural persons with varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with this Regulation and to be able to demonstrate compliance. These measures are reviewed and updated where necessary.

The Administrator applies technical measures preventing unauthorized persons from obtaining and modifying personal data transmitted electronically.

1.9 Any words, expressions and acronyms used in this Privacy Policy and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) shall be understood in accordance with their definitions contained in the Online Store Terms and Conditions available on the Online Store website.

2. Legal Basis for the Processing of Personal Data

2.1 The Administrator is entitled to process personal data in cases where - and to the extent that - at least one of the following conditions is met:

(1) the data subject has given consent to the processing of their personal data for one or more specific purposes;

(2) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;

(3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or

(4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2 The processing of personal data by the Administrator requires, in each case, the existence of at least one of the legal bases indicated in section 2.1 of the Privacy Policy. The specific legal bases for the processing of personal data of Service Recipients and Customers of the Online Store by the Administrator are indicated in the following section of the Privacy Policy - with regard to the given purpose of processing personal data by the Administrator.

3. Purpose, Legal Basis and Period of Personal Data Processing in the Online Store

3.1 In each case, the purpose, legal basis, period and recipients of the personal data processed by the Administrator result from the actions undertaken by a given Service Recipient or Customer in the Online Store or by the Administrator.

3.2 The Administrator may process personal data within the Online Store for the purposes, on the legal bases and for the periods indicated in the table below:

Purpose of Data Processing

Legal Basis for Data Processing

Data Retention Period

 

Performance of the Sales Agreement or an agreement for the provision of Electronic Services or taking actions at the request of the data subject prior to entering into the above-mentioned agreements

Article 6(1)(b) of the GDPR Regulation (performance of a contract) - processing is necessary for the performance of a contract to which the data subject is a party or in order to take actions at the request of the data subject prior to entering into a contract.

Article 6(1)(a) of the GDPR Regulation – with regard to optional data provided.

Data is stored for the period necessary for the performance, termination or other expiry of the concluded Sales Agreement or agreement for the provision of Electronic Services.

Direct marketing

Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator) - processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator, consisting in protecting the interests and good reputation of the Administrator, the Online Store, and striving to sell Products.

Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims of the Administrator against the person to whom the data relates, arising from the business activity conducted by the Administrator. The limitation period is specified by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activity is three years, and for the Sales Agreement two years). The Administrator may not process data for direct marketing purposes in the event of an effective objection raised by the data subject in this respect.

 

Marketing

Article 6(1)(a) of the GDPR Regulation (consent) - the data subject has given consent to the processing of their personal data for marketing purposes by the Administrator.

Data is stored until the consent of the data subject to the further processing of their data for this purpose is withdrawn.

Maintaining accounting records

Article 6(1)(c) of the GDPR Regulation in conjunction with Article 74(2) of the Accounting Act (Journal of Laws of 2018, item 395) - processing is necessary for compliance with a legal obligation to which the Administrator is subject.

Data is stored for the period required by legal provisions obliging the Administrator to maintain accounting records (5 years, calculated from the beginning of the year following the financial year to which the data relates).

Establishing, pursuing or defending claims which may be raised by the Administrator or which may be raised against the Administrator

Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator) - processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator - consisting in establishing, pursuing or defending claims which may be raised by the Administrator or which may be raised against the Administrator.

Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims which may be raised against the Administrator (the basic limitation period for claims against the Administrator is six years).

 

Use of the Online Store and ensuring its proper functioning

Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator) - processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator – consisting in operating and maintaining the Online Store.

Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims of the Administrator against the person to whom the data relates, arising from the business activity conducted by the Administrator. The limitation period is specified by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activity is three years, and for the Sales Agreement two years).

 

Conducting statistics and traffic analysis in the Online Store

Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Administrator) - processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator – consisting in conducting statistics and traffic analysis in the Online Store for the purpose of improving the functioning of the Online Store and increasing Product sales.

Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims of the Administrator against the person to whom the data relates, arising from the business activity conducted by the Administrator. The limitation period is specified by legal provisions, in particular the Civil Code (the basic limitation period for claims related to business activity is three years, and for the Sales Agreement two years).

4. Recipients of Data in the Online Store

4.1 For the proper functioning of the Online Store, including the performance of concluded Sales Agreements, it is necessary for the Administrator to use the services of third parties (such as, for example, a software provider, courier or payment service provider). The Administrator uses only the services of such processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.

4.2 The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy - the Administrator transfers data only where it is necessary for the fulfilment of a given purpose of personal data processing and only to the extent necessary to fulfil that purpose.

4.3 Personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

4.3.1 Carriers / freight forwarders / courier brokers / entities handling warehousing and/or shipping processes. The Administrator makes the collected personal data of the Customer available to the selected carrier, freight forwarder or intermediary carrying out shipments on behalf of the Administrator, and if the shipment is carried out from an external warehouse - to the entity handling the warehouse and/or shipping process - to the extent necessary to deliver the Product to the Customer.

4.3.2 Entities handling electronic payments or payment card transactions - in the case of a Customer who uses electronic payment methods or payment card transactions in the Online Store, the Administrator makes the collected personal data of the Customer available to the selected entity handling the above payments in the Online Store on behalf of the Administrator to the extent necessary to process the payment made by the Customer.

4.3.3 Service providers supplying the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct business activity, including the Online Store and the Electronic Services provided through it (in particular, providers of computer software for operating the Online Store, e-mail and hosting providers, and providers of software for company management and for providing technical support to the Administrator) - the Administrator makes the collected personal data of the Customer available to the selected provider acting on behalf of the Administrator only where and to the extent necessary to fulfil a given purpose of data processing consistent with this Privacy Policy.

4.3.4 Providers of social media plugins, scripts and other similar tools placed on the Online Store website, enabling the browser of a person visiting the Online Store website to download content from the providers of the aforementioned plugins and to transmit the personal data of the visitor to those providers for this purpose.

5. Profiling in the Online Store

5.1 The GDPR Regulation imposes on the Administrator the obligation to inform about automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR Regulation, and – at least in such cases - to provide relevant information about the principles of such decision-making, as well as the significance and envisaged consequences of such processing for the data subject. Taking this into account, the Administrator provides information regarding possible profiling in this section of the Privacy Policy.

5.2 The Administrator may use profiling in the Online Store for direct marketing purposes, however, decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement, nor the possibility of using Electronic Services in the Online Store. The effect of the use of profiling in the Online Store may be, for example: granting a given person a discount, sending them a discount code, reminding them about incomplete purchases, sending a Product proposal which may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer of the Online Store. Despite profiling, the person concerned freely decides whether they wish to use the discount received in this manner or the better conditions offered and make a purchase in the Online Store.

5.3 Profiling in the Online Store consists of the automatic analysis or prediction of the behaviour of a given person on the Online Store website, e.g. by adding a specific Product to the basket, browsing the page of a specific Product in the Online Store, or by analysing the previous purchase history in the Online Store. The condition for such profiling is that the Administrator possesses the personal data of a given person in order to be able to subsequently send them, for example, a discount code.

5.4 The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

6. Rights of the Data Subject

The data subject has the right to request from the Administrator access to their personal data, rectification, erasure (“right to be forgotten”) or restriction of processing and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the above rights are specified in Articles 15–21 of the GDPR Regulation.

6.2 Right to withdraw consent at any time A person whose data is processed by the Administrator on the basis of granted consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal.

6.3 Right to lodge a complaint with a supervisory authority A person whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act.

The supervisory authority in Poland is the President of the Personal Data Protection Office.

6.4 Right to object The data subject has the right to object at any time - on grounds relating to their particular situation - to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interest of the Administrator), including profiling based on those provisions. In such a case, the Administrator shall no longer process such personal data unless the Administrator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.

6.5 Right to object to direct marketing If personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.

6.6 In order to exercise the rights referred to in this section of the Privacy Policy, the Administrator may be contacted by sending an appropriate written notice or by using the contact form available on the Online Store website.

7. Cookies in the Online Store and Analytics

7.1 Cookies are small pieces of text information in the form of text files, sent by a server and stored on the device of the person visiting the Online Store website (e.g. on the hard drive of a computer, laptop or on the memory card of a smartphone - depending on the device used by the visitor to our Online Store). Detailed information regarding Cookies, as well as the history of their creation, can be found, among others, here:

https://pl.wikipedia.org/wiki/HTTP_cookie

First-party cookies (created by the Online Store website operated by the Administrator) and third-party cookies (originating from entities/persons other than the Administrator)

Session cookies (stored until logging out of the Online Store or closing the web browser) and persistent cookies (stored for a specified period defined by the parameters of each cookie or until manually deleted)

Necessary cookies (enabling the proper functioning of the Online Store website), functional/preference cookies (enabling the Online Store website to be adjusted to the preferences of the person visiting the website), analytical and performance cookies (collecting information on the manner in which the Online Store website is used), marketing, advertising and social media cookies (collecting information about the person visiting the Online Store website in order to display personalized advertisements to that person and conduct other marketing activities, including on websites separate from the Online Store website, such as social media platforms)

7.3 The Administrator may process the data contained in Cookies while visitors use the Online Store website for the following specific purposes:

Purposes of using Cookies in the Administrator’s Online Store

  • identifying Service Recipients as logged into the Online Store and indicating that they are logged in (necessary Cookies)
  • remembering Products added to the basket for the purpose of placing an Order (necessary Cookies)
  • remembering data entered into Order Forms, surveys or login details for the Online Store (necessary and/or functional/preference Cookies)
  • keeping anonymous statistics concerning the manner in which the Online Store website is used (statistical Cookies)
  • remarketing, i.e. examining the behavioural characteristics of visitors to the Online Store through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create profiles of such visitors and provide them with advertisements tailored to their anticipated interests, including when they visit other websites within the advertising networks of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social media Cookies)

7.4 It is possible to check in the most popular web browsers which Cookies files (including the duration of operation of Cookies files and their provider) are currently being sent by the Online Store website in the following manner:

In the Chrome browser:

 (1) in the address bar, click the padlock icon on the left-hand side, (2) go to the “Cookies” section.

In the Firefox browser:

 (1) in the address bar, click the shield icon on the left-hand side, (2) go to the “Enhanced Tracking Protection” or “Blocked” section, (3) click the “Cross-Site Tracking Cookies”, “Social Media Trackers” or “Tracking Content” field.

In the Internet Explorer browser:

 (1) click the “Tools” menu, (2) go to “Internet Options”, (3) go to the “General” tab, (4) go to the “Settings” section, (5) click the “View Files” field.

In the Opera browser:

 (1) in the address bar, click the padlock icon on the left-hand side, (2) go to the “Cookies” section.

In the Safari browser:

 (1) click the “Preferences” menu, (2) go to the “Privacy” tab, (3) click the “Manage Website Data” field.

Regardless of the browser, using tools available for example at: https://www.cookiemetrix.com/ lub: https://www.cookie-checker.com/

7.5 By default, most web browsers available on the market accept the storage of Cookies. Everyone may determine the conditions for the use of Cookies by means of the settings of their own web browser. This means that it is possible, for example, to partially restrict (e.g. temporarily) or completely disable the storage of Cookies - however, in the latter case this may affect certain functionalities of the Online Store (for example, it may not be possible to complete the Order path through the Order Form due to Products not being remembered in the basket during the subsequent steps of placing the Order).

7.8 It is possible for a given person to easily block the sharing with Google Analytics of information regarding their activity on the Online Store website - for this purpose it is possible, for example, to install a browser add-on provided by Google Ireland Ltd., available at:

https://tools.google.com/dlpage/gaoptout?hl=pl

7.9 The Administrator may use the Facebook Pixel service in the Online Store provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Administrator measure the effectiveness of advertisements and determine what actions are taken by visitors to the Online Store, as well as display tailored advertisements to such persons. Detailed information regarding the operation of the Facebook Pixel may be found at the following address:

www.facebook.com/business/help/742478679120153?helpref=page_content

7.10 Managing the operation of the Facebook Pixel is possible through advertisement settings in a Facebook.com account at:

www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

7.11 The Administrator processes your personal data for the purpose of carrying out marketing activities, which may consist in sending marketing content corresponding to your interests (newsletter), provided that you give your consent. For this purpose, the data (e-mail address) will be transferred to our partner - MailerLite, which will handle the sending of messages.

8. Final Provisions

8.1 The Online Store may contain links to other websites. The Administrator recommends that after visiting other websites, you familiarize yourself with the privacy policies established there. This Privacy Policy applies solely to the Administrator’s Online Store loum.pl.

8.2 This Privacy Policy constitutes an appendix to the Terms and Conditions of the Online Store available on the loum.pl Online Store website. Acceptance of the Terms and Conditions of the Store is equivalent to acceptance of this Privacy Policy.