This Privacy Policy has been developed based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 /WE, hereinafter referred to as GDPR.
PERSONAL DATA ADMINISTRATOR
1. Przedsiębiorstwo Handlowo-Usługowe COLO Joanna Sado with its registered office at ul. 47-224 Kędzierzyn-Koźle. Józefa Bema 15, NIP: 7491472024, REGON: 531584990 entered into the Central Register and Information on Economic Activity of the Republic of Poland. Contact with the Administrator is also possible via the e-mail address biuro@colo-sport.com .
REQUIREMENT TO PROVIDE AND CATEGORIES OF PROCESSED PERSONAL DATA
2. The administrator processes the following personal data of buyers:
a. Name and surname, company
b. business address
c. e-mail address
d. telephone number,
e. NIP number
3. Providing personal data specified in point 2 is not a statutory requirement and is voluntary, but is a condition for concluding a sales contract with the Administrator, hereinafter referred to as the "Agreement". If the buyer does not provide this data, the Agreement will not be concluded.
4. During the term of the Agreement, the Administrator may come into possession of other data of the buyer - the IP number of the device used by the buyer and data regarding the buyer's use of a specific IT network, software or devices, as well as the method of using the Administrator's website.
PURPOSES OF PERSONAL DATA PROCESSING
5. The administrator processes buyers' personal data for the following purposes:
a. conclusion and performance of the Agreement between the parties, in particular the delivery of purchased goods and complaint handling,
b. fulfilling the Administrator's legal obligations, in particular issuing and storing invoices and other accounting documents,
c. pursuing and defending against claims,
d. detecting and preventing abuse,
e. direct marketing,
f. creating analyzes and statistics for the Administrator's own needs, in particular reporting, marketing and market research, planning service development, researching buyers' preferences and behavior, for the purpose of improving the quality of services provided by the Administrator,
g. specified in point 5e and f after execution of the Agreement - with the consent of the buyer,
h. transfer to third parties - with the consent of the buyer, to the extent and purpose covered by this consent.
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
6. Legal basis for processing buyers' personal data for the specified purpose:
a. in point 5a - constitutes art. 6 section 1 b GDPR (performance of the Agreement),
b. in point 5b - constitutes Art. 6 section 1 c GDPR (legal obligation),
c. in points 5c-f - constitutes Art. 6 section 1 f GDPR (legitimate interest of the Administrator),
d. in point 5g and h - constitutes Art. 6 section 1 a GDPR (buyer's consent).
PERIOD OF STORAGE OF PERSONAL DATA
7. The administrator will store personal data processed for the specified purpose:
a. in point 5a - for the duration of the Agreement and settlements after its termination,
b. in point 5b - for the period in which the Administrator is required to do so by law,
c. in point 5c and d - until the claims arising from the Agreement expire,
d. in point 5e and f - for the duration of the Agreement,
e. in points 5g and h - until the buyer withdraws consent.
8. If the Administrator provided electronic services to the buyer related to the conclusion and performance of the Agreement, then in accordance with Art. 19 section 2 of the Act on the provision of electronic services, after using the services, the Administrator may only process the personal data of service recipients that are:
a. necessary to settle the service and pursue claims for payment for using the service,
b. necessary for advertising purposes, market research and the behavior and preferences of service recipients, with the purpose of using the results of these studies to improve the quality of services provided by the Administrator - with the consent of the service recipient,
c. necessary to clarify the circumstances of unauthorized use of the service,
d. allowed for processing on the basis of mandatory provisions of law or contract.
RECIPIENTS OF PERSONAL DATA
9. The Administrator does not transfer buyers' personal data to third parties, unless he obtains the buyer's prior express consent or if the right or obligation to transfer this data results from generally applicable legal provisions.
10. The administrator entrusts buyers' personal data to the following processing entities:
a. providing marketing and advertising services on behalf of the Administrator,
b. servicing the Administrator's IT systems,
c. providing the Administrator with postal, courier, payment, auditing, legal and accounting services.
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES AND INTERNATIONAL ORGANIZATIONS
11. Buyers' personal data will not be transferred outside the European Economic Area.
BUYERS' RIGHTS
12. The Buyer has the following rights:
a. the right to request access to your data, i.e. to obtain confirmation whether personal data relating to you are being processed,
b. the right to rectify data, i.e. request the correction of incorrect personal data concerning him,
c. the right to request the deletion of his personal data,
d. the right to request the restriction of his personal data,
e. the right to object to data processing,
f. the right to transfer data.
13. The scope of each of the rights specified in point 12 and the situations in which they can be used are determined by generally applicable provisions of law, in particular the GDPR.
14. The Buyer may exercise the rights specified in point 12 by contacting the Administrator.
RIGHT TO WITHDRAW CONSENT
15. If the processing of the buyer's personal data is based on his consent, the buyer has the right to withdraw it at any time without affecting the lawfulness of the processing that was carried out on its basis before its withdrawal.
PROFILING
16. For the purposes specified in points 5c-f, the Administrator may perform automated analysis of buyers' data and develop predictions about their preferences or future behavior. Profiling may in particular be used to analyze and forecast buyers' personal preferences or interests. Such action by the Administrator will not cause any legal consequences for the buyers or significantly affect their situation in a similar way.
COOKIES
17. For the purposes specified in points 5c-f, the Administrator may use the so-called cookies. These are small text files placed on the buyer's device, based on which information is collected, which allows in particular to identify the buyer's device, its IP number and the browser used by the buyer.
18. The Buyer can set his browser - thanks to the appropriate options available in it - to disable the automatic installation of cookies, prevent their use or completely delete them from his device. The procedure for handling and deleting cookies varies depending on the browser used by the buyer.
19. Cookies are divided into:
a. temporary (session) - files temporarily located in the browser's cache, which remain there until the session ends,
b. permanent - files remaining in the browser's cache as long as the browser settings selected by the buyer allow it,
c. own – files managed by the Administrator,
d. external – files managed by third parties,
e. configuration - files related to the buyer's navigation through the Administrator's website and ensuring correct navigation. In particular, they allow you to track the choices made by the buyer (choice of language, font size used), recognize the device the buyer is using and manage the browsing session,
f. analytical – files used for statistical and analytical purposes,
g. advertising - files used for advertising purposes, e.g. to display personalized advertisements.
COMPLAINT TO THE SUPERVISORY AUTHORITY
20. The Buyer has the right to lodge a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa if he believes that the processing of his personal data violates the law.
SECURITY OF BUYERS' PERSONAL DATA
21. The Administrator applies appropriate technical and organizational measures to protect buyers' personal data against loss, misuse or modification. The access rights to buyers' personal data have been strictly limited so that these data do not fall into the hands of unauthorized persons.