Private Policy

DATA PROTECTION POLICY

Protecting the information of the users of our shop is of utmost importance to us, therefore we make every effort to ensure that every person who entrusts us with their data feels secure. This privacy policy explains how we process personal data of shop users and what rights they have. Ekodeal Sp. z o. o. (Ltd.), as the administrator, ensures the protection of personal data provided through its website: www.store.ekodeal.eu , the personal data provided by users are processed in accordance with the law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (hereinafter: RODO).

 

§1

GENERAL INFORMATION

  1. The administrator of the personal data is Ekodeal Sp. z o. o. with its registered office in Opole, Luboszycka 36, 3/1, 45-215 Opole, with NIP number: 9910498390, REGON: 161597705, hereinafter referred to as the Administrator.
  2. Regarding the protection of personal data, please contact the Administrator:
    ul. Luboszycka 36, room 3/1, PL 45-215 Opole. Contact is also possible via the e-mail address store@ekodeal.eu  by calling +48 77 461 20 25.
  3. This document constitutes information containing the terms and conditions for the collection, processing and use of information about individuals whose data is processed by the Administrator, including clients and users contacting via the contact form.
  4. The protection of privacy is of vital importance to the Administrator. The Administrator makes every effort to protect the privacy of data subjects. To protect the personal data of individuals using the Shop, the Administrator has implemented technical and organisational measures to ensure the protection of the personal data processed in accordance with the RODO.
  5. The Administrator shall ensure the protection of electronic transmission and digital content by taking technical and organisational measures to protect it, in particular personal data, from being accessed by unauthorised persons, in particular through SSL encryption and access passwords. At the same time, the administrator shall point out and raise awareness of the fact that the use of the Internet and electronically provided services is and can be compromised by the intrusion of malware into the ICT system and the user’s device. To minimise such risks, the user should use appropriate technical protection, e.g. antivirus programmes or programmes to protect the user’s identification on the Internet.
  6. The shop has the task of collecting information about the users of the service and their behaviour:
    1. Information voluntarily entered into forms by users,
    2. Storage of cookies (so-called “cookies”) on end devices,
    3. Record logs on servers managed by the administrator,
    4. as well as the possibility to save information about the connection parameters (time stamp, IP address).

§2

PURPOSE OF THE PROCESSING

The Administrator processes the personal data of the users of the Shop for the purpose resulting from the function of a given form, i.e. for the creation of an account, for the proper performance of the contracts concluded through the Shop, as well as for the purpose of information contact and for statistical purposes, which means that the data are required in particular for:

  1. registration in the shop,
  2. Conclusion of the Agreement,
  3. Make settlements,
  4. the delivery of the ordered product,
  5. the implementation of the service,
  6. to comply with the legal obligations incumbent on the controller, including tax obligations
  7. E-mail notifications about messages,
  8. Satisfaction surveys on the implementation of the service,
  9. Information contact and response to enquiries,
  10. Direct marketing for the Administrator’s products and services,
  11. Provide commercial information on new products and promotions offered by the Administrator,
  12. Creation of registers and records related to the RODO, e.g. a register of clients who have objected under the RODO.

 

§3

SCOPE OF THE PROCESSING OF PERSONAL DATA

  1. The provision of personal data is voluntary and depends on the user’s decision. In some cases, however, the provision of certain personal data is necessary to meet the user’s expectations in relation to the use of the shop, the conclusion and fulfilment of a purchase contract.
  2. To create an account, the following data must be entered in the registration form: Company name, first name, telephone number, company email address, tax identification number (NIP) and a password – without this data the administrator will not be able to register an individual account.
  3. In order to place an order for the product, the customer is obliged to provide the data necessary for the fulfilment of the order in the order form, i.e.: Company name, first name, last name, country, delivery address (street, postcode, city), e-mail address, telephone number, NIP number and company registration data, additional information – comments on the order and the method of payment for the order. The provision of the data contained in the order form is necessary for the proper execution of the purchase of the product through the shop and the execution of the contract.
  4. In case of withdrawal from the contract or acceptance of the claim, if the refund is made directly to the customer’s bank account, please indicate the account number for the refund.
  5. If the system is terminated prematurely during the submission of data via a corresponding form (e.g. due to a lack of internet connection, power failure and shutdown of the computer or withdrawal of the user and/or the client from further filling in the form), the partially entered but not correctly stored (validated) data will not be saved and processed by the administrator. In order to fill in the form correctly, the user and/or the client is obliged to go through the registration process again.

 

§4

LEGAL BASIS OF THE PROCESSING

  1. Personal data shall be processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC.
  2. The legal basis for the processing of data when registering in the shop is Article 6(1)(a) of the DSGVO, which permits the processing of personal data on the basis of consent given voluntarily.
  3. For the conclusion of a sales contract and the performance of the contract, in particular the delivery of the product ordered by the customer, contacting the customer and exercising the customer’s rights (e.g. complaint), the legal basis for data processing is Article 6(1)(b) of the RODO, which permits the processing of personal data if such processing is necessary for the performance of the contract or for measures to conclude a contract. The legal basis for the processing of data for the performance of settlements is Article 6(1)(c) of the RODO, which permits the processing of personal data where such processing is necessary for the performance of the obligations incumbent on the manager, in particular in relation to accounting, tax law and the issuing of a VAT invoice.
  4. The legal basis for the processing of data is Article 6(1)(f) RODO, which enables the processing of personal data if one of the administrators pursues its legitimate interest in this way; in this case, the administrator’s interest is to inform the customer about the activities related to the provision of services in order to increase the comfort of using the products of Ekodeal Sp. z o.o. and to find out the customer’s opinion about the services provided in order to adapt them to the needs and expectations of the interested parties. In order to assert and secure claims, which constitutes the legitimate interest of the Administrator pursuant to Article 6(1)(f), RODO may.
  5. In order to carry out direct marketing of the Administrator’s products and services, the legal basis for the data processing is Article 6(1)(f) of the GDPR, which permits the processing of personal data where the Administrator thereby pursues its legitimate interest, in this case the interest of the Administrator to provide information about its products and services.
  6. For the establishment of registers and records in relation to the RODO, including for example a register of clients who have objected under the RODO, the legal basis for the processing is Article 6(1)(c) of the RODO, which permits the processing of personal data where such processing is necessary for the administrator to comply with its legal obligations.
  7. In order to provide commercial information about new trainings, products and promotions of the Administrator, the legal basis for data processing is Article 6(1)(a) of the GDPR, which allows the processing of personal data on the basis of freely given consent.
  8. The User and/or the Customer accepts this Privacy Policy by ticking the box/checkbox “If you continue, you accept the Terms and Conditions and Privacy Policy”.
  9. Consent to the processing of personal data is entirely voluntary, but a lack of consent makes registration in the shop impossible.

 

§5

RIGHT TO REVOKE CONSENT

  1. If personal data are processed on the basis of the consent of the data subject, the user may revoke this consent at any time.
  2. If the user wishes to withdraw his/her consent to the processing of personal data, it is sufficient to send an e-mail directly to the Administrator at
    the e-mail address: store@ekodeal.eu or by post to this address:
    ul. Luboszycka 36 lok. 3/1, PL 45-215 Opole.
  3. If the processing of the User’s personal data has been based on consent, the revocation shall not render the previous processing unlawful. Until the consent is revoked, the administrator is entitled to process the user’s personal data and the revocation does not affect the lawfulness of the previous processing.

 

§6

AUTOMATED DECISION MAKING AND PROFILING

Personal data must not be subject to automated decision-making, including profiling in accordance with Article 22(1) and (4) of the RODO.

 

§7

RECIPIENTS OF PERSONAL DATA

  1. We provide personal data (within the meaning of § 2 of this data protection guideline) to companies that provide services for the administrator. In particular, to companies that provide services in the field of correspondence and parcel delivery, IT, hosting the website: www.store.ekodeal.eu – and domains e-mail, marketing, satisfaction surveys, accounting, payment banks, law firms related to the tracking or Securing claims.
  2. Personal data may also be disclosed by the Administrator to entities authorized by law.

 

§8

TRANSFER OF PERSONAL DATA TO THE THIRD COUNTRIES

The controller shall not transfer the personal data processed outside the European Economic Area.

 

§9

DURATION OF THE STORAGE OF PERSONAL DATA

  1. The controller shall process personal data only for as long as necessary to achieve the purposes of the processing. After this period, the personal data shall be irrevocably deleted or destroyed.
  2. Where personal data are processed on the basis of the data subject’s consent, the data shall be processed until such time as the consent to processing is revoked; revocation of consent shall result in the immediate deletion of the data from the database.
  3. Personal data of users and/or customers are stored in the shop until the account is deleted. The deletion of the account can take place at the request of the user and/or the customer, but also in the event of revocation of consent to data processing by the user and/or the customer, objection to the processing of personal data or the user’s request for deletion.
  4. In the case of the purchase of a product, the data cannot be deleted before the execution of the order and after its completion in order to fulfil the legal obligation incumbent on the Administrator for a period of time in accordance with the applicable law, including the investigation or securing of claims.
  5. Only such information about the transactions concluded by the customer is archived in the information systems, the storage of which is e.g. in connection with claims of the customer, e.g. on the basis of warranty and also in connection with legal regulations that are binding for us.
  6. In the event of the assertion and protection of claims, the data shall be stored until the expiry of the limitation period, but no longer than 6 years, unless otherwise stipulated in a special regulation.

 

 

§10

INFORMATION ABOUT COOKIES – FILE

  1. The shop uses cookies – file.
  2. Cookie files (so-called “cookies”) represent IT data. These data are in particular text files that are stored on the end device of the shop user and are intended for use by the shop. Cookies usually contain the name of the website from which they originate, the time they are stored on the end device and a unique number.
  3. The entity that places and accesses the cookie files on the shop user’s terminal is a hosting operator working with the administrator.
  4. Cookies are used for the following purposes:
  5. Generating statistics that show how the shop’s users use the websites, which enables the improvement of their structure and content,
  6. Maintaining the shop user’s session (after logging in) so that the user does not have to re-enter the username and password on each sub-page of the shop,
  7. Identifying your profile in order to show you tailored material on advertising networks, in particular the Google network.
  8. There are two main types of cookies used in the shop: “session” (session cookies) and “permanent” cookies (persistent cookies). Session” cookies are temporary files that are stored on the end user’s device until they log out, leave the website or switch off the software (web browser). “Permanent” cookies are stored on the end user’s device for the duration specified in the cookie parameters or until they are deleted by the user.

§11

COOKIES FILE MANAGEMENT

  1. If the user does not wish to receive cookies, they can change their browser settings. Please note that disabling cookies, which are necessary for authentication, security and the retention of user preferences, may hinder the use of the websites or, in extreme cases, make it impossible.
  2. To manage your cookie settings, please follow the instructions of the browser you are using.
  3. Web browsing software (internet browser) usually allows cookies to be stored on the user’s terminal device by default. Shop users can change their settings in this regard: Settings section, Privacy section. The internet browser offers the option of deleting cookies. It is also possible to block cookies automatically. Detailed information on this topic can be found in the help or documentation of the Internet browser.
  4. Restricting the use of cookies may affect some of the features available on the Shop’s websites.
  5. Cookies placed on the shop user’s end device may also be used by advertisers, partners and external software’s installed in the form of so-called plug-ins, e.g. social plug-ins for the facebook.com platform or others.
  6. We recommend that you read the privacy policies of these companies to understand their use of cookies in statistics: Google Analytics Privacy Policy.
  7. Cookies can be used by advertising networks, in particular the Google network, to display advertising that is adapted to the way the user uses the shop. For this purpose, they may store information about the user’s navigation path or the time spent on a particular page.
  8. Regarding the information collected by the Google advertising network on user preferences, the user can view and edit the information resulting from the cookies with the tool https://www.google.com/ads/preferences/.

 

§12

SERVER LOGINS

  1. Information about certain user’s behaviour is logged at the server level. This data is only used for the administration of the shop and to ensure the best possible service of the hosting services offered.
  2. The resources displayed are identified by URL addresses. In addition, data records can be saved:
  1. Time of receipt of the request,
  2. Time of transmission of the response,
  3. Name of the client station – identification via http or https protocol
  4. Information about errors that occurred during the execution of http or https transactions
  5. the URL address of the page that the user previously visited (referrer link) – in the event that the shop is reached via a link,
  6. Information about your browser,
  7. IP address information.
  1. This data is not linked to specific visitors.
  2. The above data is only used for the purpose of server administration.

§13

RIGHTS OF THE DATA SUBJECTS

  1. Every shop user has the right to:
    1. access to their personal data;
    2. Correction of personal data;
    3. Deletion of personal data;
    4. restrict the processing of personal data;
    5. object to the processing of personal data;
    6. Portability of personal data.
  2. The Administrator declares that the rights referred to in clause 1 are not absolute. In certain situations, the Administrator may refuse to fulfil them in relation to the User and/or Client on the basis of the applicable legal provisions. However, if the Administrator refuses to fulfil any of the rights, it shall be obliged to carry out a thorough examination in this regard and only issue a decision to refuse the request if this is necessary.
  3. The User and/or Client shall at all times have the right to access their personal data and to obtain confirmation as to whether the Administrator is processing their personal data and which personal data the Administrator is processing – including the right to obtain a copy of the data.
  4. The user and/or customer has the right to request the correction of incorrect or incomplete personal data at any time.
  5. In the context of the processing of personal data, every data subject has the right to request the erasure of personal data (the so-called right to be forgotten) if the processing of personal data is no longer necessary for the purposes for which it was collected or otherwise processed, the data subject has withdrawn his or her consent to the processing of personal data, which forms the basis for the processing of personal data, and there is no other legal basis for the processing of personal data, the data subject has objected to the processing,
    the personal data are being processed unlawfully, the personal data must be erased in order to comply with a legal obligation, as well as to request the restriction of data processing – if: the data subject contests the accuracy of the personal data – during a period which allows the controller to verify the accuracy of the data, the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of its use; the controller no longer needs the personal data for the purposes of the processing, but the data are needed by the data subject for the establishment, exercise or defence of claims, the data subject has objected to the processing – until it is determined whether the legitimate grounds of the controller override the grounds of the data subject’s objection.
  6. The user and/or client has the right to object at any time. The right to object concerns the objection to the processing of personal data on the basis of a legitimate interest of the Administrator in relation to the particular situation of the User and/or Client. In accordance with the legislation, the Administrator may refuse to consider the objection if it proves that:

(a) there are legitimate grounds for processing which override your interests, rights and freedoms; or

(b) grounds exist for establishing, asserting or defending claims.

  1. In addition, you may object to the processing of your personal data for marketing purposes at any time. In this case, the administrator will stop processing for this purpose after receiving the objection.
  2. The user and/or customer also has the right to data portability if the following conditions are met (cumulatively):

(a) processing is based on the consent of the data subject or on a contract concluded with the data subject,

(b) the processing is carried out with the aid of automated procedures.

  1. Any user may exercise his/her rights by sending an e-mail directly to the contact point via the e-mail address: store@ekodeal.eu or by post to the address:
    Biuro Ekodeal Sp. z o. o., ul. Luboszycka 36 lok. 3/1, PL 45-215 Opole.

§14

RIGHT TO LODGE A COMPLAINT

If the data subject considers that his or her personal data are being processed contrary to the applicable law, he or she may lodge a complaint with the President of the Office for the Protection of Personal Data.

§15

CONCLUSIONS

  1. The Shop may contain links to other websites that are not owned or managed by the Administrator. In this case, the Administrator is not responsible for their content and access to them. The Administrator recommends the User to read the privacy policy of other sites after navigating to them.
  2. Questions or doubts regarding the privacy policy and the security of personal data in the shop can be sent by e-mail to store@ekodeal.eu
    or in writing to the address of:
    Biuro Ekodeal Sp. z o. o., Luboszycka 36 lok. 3/1, PL 45-215 Opole.
    Insofar as they are not covered by this privacy policy, the regulations on the protection of personal data apply.
  3. You will be notified by email of any changes to this privacy policy.
  4. This privacy policy applies from 1.01.2020.