PRIVACY POLICY OF SKLEP.ZLP.COM.PL

Table of Contents:

1. General Provisions
2. Personal Data Controller
3. Contact Details
4. Principles of Personal Data Processing
5. Purposes and Legal Bases for Personal Data Processing
6. Personal Data Retention Period
7. Categories of Personal Data
8. Cookies
9. Data Sharing
10. Customer Rights

§ 1 General Provisions

This Privacy Policy sets out the principles for processing and protecting the personal data of Customers using the online store available at https://zlp.com.pl (hereinafter referred to as the “Online Store”). This Privacy Policy fulfils the information obligation of the Controller in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”).

§ 2 Personal Data Controller

The Personal Data Controller of the Online Store’s Customers is Janusz Baran, conducting business activity under the name Zakład Laminatów Poliestrowych Janusz Baran, Stare Sioło 46, 37-630 Oleszyce, NIP: 7931004245, REGON: 650168740, e-mail: sklep@zlp.com.pl (hereinafter “Controller”).

§ 3 Contact Details

The Controller can be contacted via e-mail at sklep@zlp.com.pl or in writing at: Zakład Laminatów Poliestrowych Janusz Baran, Stare Sioło 46, 37-630 Oleszyce.

§ 4 Principles of Personal Data Processing

The Controller processes Customers’ personal data in accordance with GDPR provisions. The Controller applies technical and organisational measures required by EU law to ensure the protection of processed personal data and safeguard it from being disclosed to unauthorised persons, accessed by unauthorised persons, processed in violation of the law, as well as altered, lost, or destroyed. The Controller declares that providing data marked in the Online Store as required is voluntary, but necessary to use the Store’s functionalities, including setting up and maintaining a Customer Account and placing and fulfilling an order. The Customer may consent to receive commercial information from the Controller, including via electronic communication means, and to the use of telecommunications terminal devices for marketing purposes. Granting these consents is voluntary and is not a condition for order fulfilment or maintaining a Customer Account in the Online Store.

§ 5 Purposes and Legal Bases for Personal Data Processing

Customers’ personal data will be processed for the following purposes:

• maintaining the Customer Account in the Online Store (Article 6(1)(b) GDPR),
• fulfilling orders in the Online Store (Article 6(1)(b) GDPR),
• providing the newsletter service (Article 6(1)(a) GDPR),
• direct marketing of own services and products, excluding the newsletter service, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR),
• responding to messages sent via the contact form or Messenger widget (Article 6(1)(a) GDPR – consent given by initiating contact),
• handling complaints or withdrawals from the contract (Article 6(1)(b) GDPR),
• analytical research, in particular examining and analysing traffic on the website to compile statistics, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR),
• archival (evidential) purposes in case of the legal necessity to prove facts, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR),
• establishing, pursuing, or defending against claims, which constitutes the Controller’s legitimate interest (Article 6(1)(f) GDPR).

§ 6 Personal Data Retention Period

Customer data will be stored for the following periods:

• data related to maintaining a Customer Account – for the period it is active in the Online Store and no longer than until the Customer requests its deletion,
• data related to order fulfilment – for 5 years from the end of the year in which the sale was made, unless further storage is justified by the statute of limitations for claims,
• newsletter service data – until the subscription is cancelled,
• marketing data – until an objection is raised,
• data related to responding to inquiries – until the correspondence ends or consent is withdrawn, unless further storage is justified by an overriding interest of the Controller, e.g., defence against possible claims,
• data related to handling complaints or withdrawals – for 5 years from the end of the year in which the complaint was processed or the contract withdrawn from,
• statistical purposes – until an objection is raised, but no longer than 50 months from the Customer’s last activity on the website,
• archival purposes – for the period necessary to fulfil this purpose,
• establishing, pursuing, or defending against claims – for the period necessary to fulfil this purpose.

§ 7 Categories of Personal Data

The Controller collects, processes, and stores the following Customer data:

• when setting up a Customer Account: e-mail address, name and surname, address, phone number, and for entrepreneurs also NIP (Tax ID) and company name;
• when placing an order: e-mail address, name and surname, address, phone number, and for entrepreneurs also NIP and company name;
• when sending a message via the contact form: e-mail address, name and surname, and phone number;
• when using the newsletter service: name and e-mail address.

When using the Online Store, the Controller automatically collects and stores information such as: IP address, request URL, device identifier, time spent on individual pages, browser type, browser language, date and time of use, screen resolution, operating system type and version, as well as other similar information.

§ 8 Cookies

The Online Store uses small files called cookies, which are stored on the visitor’s end device if the web browser allows it. Cookies are IT data, in particular text files, stored on the Customer’s end device and intended for use with the Online Store. Cookies usually contain the name of the website they come from, the time they are stored on the end device, and a unique number.

Cookies are used for the following purposes:

• recognising the device used by the Customer to properly display website content,
• creating statistics to understand how Customers use the websites, enabling improvement of their structure and content,
• maintaining the Customer’s session in the Online Store so that the Customer does not have to log in and enter the password again on each subpage,
• adapting the content and functionality of the Online Store by matching an anonymous, randomly generated tracking identifier, which allows, among other things, checking where the Customer came from, which search engine they used, which link they clicked, what keywords they entered, and at what point they stopped using the Online Store,
• collecting general and anonymous data for advertising campaigns via remarketing lists, allowing display of ads tailored to the Customer’s preferences.

Web browsers usually allow cookies to be stored on the Customer’s end device by default. Customers may change these settings. A web browser allows the deletion of stored cookies and automatic blocking of cookies. Detailed information on this is contained in the browser’s help or documentation.

The Online Store uses marketing and analytical tools from other providers who use cookies in the Online Store. These providers are primarily Google LLC (Google Analytics) and Facebook Inc. (Facebook Pixel, Messenger). More information on these providers’ cookies can be found in their privacy policies. Some of these providers may store Customer data outside the European Economic Area. In such cases, Customer data will be transferred only to countries that ensure an adequate level of protection (based on the European Commission’s Implementing Decision of 12.07.2016 introducing the Privacy Shield) or, in the case of countries without adequate protection, only if appropriate safeguards are provided, including standard contractual clauses adopted by the European Commission.

§ 9 Data Sharing

Customers’ personal data may be transferred to entities entrusted with processing personal data on the basis of agreements and to entities authorised to obtain personal data under the law. For the purpose of performing a contract concluded via the Online Store and ensuring its proper functioning, the Controller shares Customers’ personal data in particular with entities providing:

• postal services,
• electronic payment services,
• accounting services,
• hosting services,
• IT and software delivery services,
• newsletter services,
• marketing services related to online store operations.

§ 10 Customer Rights

The Customer has the right to access their data and the right to request its rectification, deletion, or restriction of processing. Where the legal basis for processing personal data is the Controller’s legitimate interest, the Customer has the right to object to the processing of their personal data. Where the legal basis for processing the Customer’s personal data is consent, the Customer has the right to withdraw consent. Withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal. Where the Customer’s data is processed for the purpose of concluding and performing a contract or processed based on consent – the Customer also has the right to data portability, i.e., to receive from the Controller their personal data in a structured, commonly used, machine-readable format. The Customer may transmit this data to another data controller. The Customer also has the right to lodge a complaint with the supervisory authority responsible for personal data protection.