Privacy Policy

This document regulates the Privacy Policy and the use of “cookies” for the website available at https://wyposazeniesportowe.com.pl, owned by ANTON Sebastian Chmielewski Spółka Komandytowa, located at:
ul. Ciepłownicza 9, 58-200 Dzierżoniów, Poland

§1 Personal Data Administrator

1.1 The administrator of your personal data is ANTON Sebastian Chmielewski Spółka Komandytowa, ul. Ciepłownicza 9, 58-200 Dzierżoniów, NIP: 8822143132, REGON: 524351432, KRS: 0001016808 (hereinafter referred to as the “Administrator”).

1.2 Administrator’s contact details:

• Correspondence address: ul. Ciepłownicza 9, 58-200 Dzierżoniów
• Email: rodo@wyposazeniesportowe.com.pl
• Phone: +48 665 558 955

1.3 Based on Article 37 of the GDPR, the Personal Data Administrator has not appointed a Data Protection Officer (DPO) and performs data protection duties independently.

§2 Definitions

• Administrator – The Personal Data Administrator, an entity that determines the purposes and means of processing personal data.
• Personal Data – Information about individuals that relate to an identified or identifiable person, directly or indirectly; personal data includes, in particular, an identification number, factors defining physical, physiological, mental, economic, cultural, or social characteristics.
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC.
• Privacy Policy and Cookies Policy – This document, hereinafter referred to as the “Policy.”
• Service – The website operated by the Administrator at https://wyposazeniesportowe.com.pl.
• Service User – Any individual visiting the Service or using at least one service provided by the Administrator or the website’s functionalities.
• Cookies – Small pieces of data in the form of a text string placed or read by the website in the User’s web browser.
• Sole Proprietors (JDG) – Individuals conducting business activities based on an entry in the Central Register and Information on Economic Activity (CEIDG).

§3 General Provisions

3.1 The Administrator collects data from Users of the Service available at https://wyposazeniesportowe.com.pl.

3.2 The type of data collected by the Administrator depends on the service used by the User.

3.3 Personal data is processed by the Administrator in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals concerning the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, hereinafter referred to as the General Data Protection Regulation (GDPR).

3.4 Providing personal data is voluntary and depends on the User’s decision. However, in some cases, providing certain personal data is necessary to meet the User’s expectations regarding the services offered by the Administrator.

3.5 The services offered by the Administrator within the Service are intended for individuals aged 18 and older. Therefore, the Administrator does not knowingly process the personal data of children.

§4 Purpose, Legal Basis, and Data Processing Duration

4.1 Customer Account Registration

4.1.1 Whose data is processed?

The data of individuals who have registered an account on the website https://wyposazeniesportowe.com.pl.

4.1.2 What data is processed?

• First and last name
• Email address
• Phone number
• Delivery address
• Billing address
• Company name and VAT number (for Sole Proprietors – JDG)

4.1.3 What is the purpose of data processing?

The data will be processed to provide services related to managing and operating the account on the website.

4.1.4 What is the legal basis for data processing?

• Preparation and execution of the contract – Article 6(1)(b) of the GDPR.
• Legitimate interest of the Administrator in optimizing the provided services – Article 6(1)(f) of the GDPR.

4.1.5 What is the data retention period?

Data is processed until the contract is fulfilled (e.g., account deletion), and then for a period necessary to establish, pursue, or defend against legal claims.

4.1.6 Is providing data necessary?

Providing data is voluntary, but without it, an account cannot be created.

4.2 Order Processing in the Store

4.2.1 Whose data is processed?

The data of individuals who have placed an order on https://wyposazeniesportowe.com.pl.

4.2.2 What data is processed?

• First and last name
• Email address
• Phone number
• Delivery address
• Billing address
• Company name and VAT number (for Sole Proprietors – JDG)

4.2.3 What is the purpose of data processing?

The data will be processed for order fulfillment, handling complaints, establishing or defending against claims, and fulfilling legal obligations related to tax and accounting regulations.

4.2.4 What is the legal basis for data processing?

• Preparation and execution of the contract – Article 6(1)(b) of the GDPR.
• Legitimate interest in establishing, pursuing, and defending against claims – Article 6(1)(f) of the GDPR.
• Compliance with a legal obligation imposed on the Administrator – Article 6(1)(c) of the GDPR.

4.2.5 What is the data retention period?

Data is processed until the contract is fulfilled. Data obtained to fulfill legal obligations is processed until these obligations are met.
Data processed based on legitimate interest is stored until it is fulfilled or until the User effectively objects. These periods may be extended as necessary to establish, pursue, or defend against claims. After this period, personal data will be anonymized or deleted.

4.2.6 Is providing data necessary?

Providing data is voluntary, but without it, an order cannot be processed.

4.3 Newsletter

4.3.1 Whose data is processed?

The data of individuals who have subscribed to the newsletter.

4.3.2 What data is processed?

• Email address
• First and last name
• Phone number

4.3.3 What is the purpose of data processing?

• Providing the newsletter service, including informing subscribers about discounts, promotions, and new offers.
• Tailoring the content of the newsletter service to the User’s activity on the website.

4.3.4 What is the legal basis for data processing?

• Performance of the newsletter service contract – Article 6(1)(b) of the GDPR.
• Legitimate interest in direct marketing (providing information about offers, news, and personalizing content) – Article 6(1)(f) of the GDPR.

4.3.5 What is the data retention period?

Personal data will be processed until the User withdraws consent, and then for a period necessary to establish, pursue, or defend against claims. After this period, the data will be anonymized or deleted.

4.3.6 Is providing data necessary?

Providing data is voluntary, but without it, it will not be possible to subscribe to the newsletter.

4.4 Contact Form

4.4.1 Whose data is processed?

The data of individuals who contact the Administrator via the contact form.

4.4.2 What data is processed?

• First and last name
• Email address
• Phone number

4.4.3 What is the purpose of data processing?

To identify the User contacting the Administrator and to respond to their inquiry.

4.4.4 What is the legal basis for data processing?

• Legitimate interest – Article 6(1)(f) of the GDPR.

4.4.5 What is the data retention period?

Until the expiration of claims.

4.4.6 Is providing data necessary?

Providing data is voluntary but necessary for user verification.

4.5 Product Availability Notification

4.5.1 Whose data is processed?

The data of individuals who wish to receive information about product availability.

4.5.2 What data is processed?

• First and last name
• Email address
• Phone number

4.5.3 What is the purpose of data processing?

To provide information about the availability of a product.

4.5.4 What is the legal basis for data processing?

• Providing product availability information based on User consent – Article 6(1)(a) of the GDPR.

4.5.5 What is the data retention period?

Data is processed for the time necessary to provide information or until the User withdraws consent, whichever occurs first.

4.5.6 Is providing data necessary?

Providing data is voluntary but necessary to provide information.

4.6 Loyalty Program

4.6.1 Whose data is processed?

The data of individuals participating in the loyalty program.

4.6.2 What data is processed?

The data required to join the program.

4.6.3 What is the purpose of data processing?

• Informing participants about promotions, discounts, and new offers.
• Conducting analytical and statistical activities.
• Establishing, pursuing, or defending against claims.

4.6.4 What is the legal basis for data processing?

• Execution of the loyalty program participation agreement – Article 6(1)(b) of the GDPR.
• For analytical and statistical purposes – Article 6(1)(f) of the GDPR.
• Establishing, pursuing, or defending against claims – Article 6(1)(f) of the GDPR.

4.6.5 What is the data retention period?

Data is processed for the duration of the agreement, i.e., until the User ceases participation in the loyalty program, the agreement is terminated, or until an objection or consent withdrawal is submitted.

4.6.6 Is providing data necessary?

Providing data is voluntary but necessary to participate in the loyalty program.

§5 Entrusting and Sharing Personal Data

5.1 In connection with its business operations, the Administrator may disclose personal data to the following entities if necessary to achieve the purposes of data processing:

5.1.1 Companies providing IT services or solutions,

5.1.2 Courier and postal service providers,

5.1.3 Banks and other financial and payment institutions,

5.1.4 Public authorities receiving data in connection with the Administrator’s legal obligations,

5.1.5 Accounting and bookkeeping service providers,

5.1.6 Review system operators,

5.1.7 Employees and associates,

5.1.8 Companies providing marketing services on behalf of the Administrator.

§6 User Rights

6.1 In connection with the processing of personal data, Users have the following rights:

6.1.1 Right of access to data

Users have the right to obtain information about the personal data stored by the Administrator, including a copy of the data.

6.1.2 Right to rectification (correction) of data

Users have the right to request the correction of their personal data if it is incorrect or incomplete.

6.1.3 Right to erasure (“right to be forgotten”)

Users have the right to request the deletion of their personal data stored by the Administrator in the following cases:
(a) The personal data is no longer necessary for the purposes for which it was collected,
(b) The User has withdrawn consent on which the processing is based, and there is no other legal basis for processing,
(c) The User has objected to processing, and there are no overriding legitimate grounds for processing, or the objection concerns direct marketing,
(d) The personal data was processed unlawfully,
(e) The personal data must be erased to comply with a legal obligation under European Union or national law.

6.1.4 Right to withdraw consent for marketing purposes at any time

Users have the right to withdraw their previously given consent for processing personal data at any time. The withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

6.1.5 Right to restriction of processing

Users have the right to request the restriction of their personal data processing in the following cases:
(a) The User contests the accuracy of personal data, for a period allowing the Administrator to verify its accuracy,
(b) The processing is unlawful, and the User opposes the deletion of personal data, requesting instead the restriction of its use,
(c) The Administrator no longer needs the personal data for processing purposes, but the User requires it to establish, pursue, or defend legal claims,
(d) The User has objected under Article 21(1) of the GDPR, pending verification of whether the Administrator’s legitimate grounds override the objection.

6.1.6 Right to object to data processing (objection due to a special situation)

If the User’s personal data is processed based on the Administrator’s legitimate interest, the User has the right to object at any time, under Article 21 of the GDPR.

6.1.7 Right to data portability

Users have the right to receive their personal data in a structured, commonly used, and machine-readable format and have the right to transfer this data to another administrator without interference from the current Administrator, provided that processing is based on consent and is automated.

6.1.8 Right to lodge a complaint with a supervisory authority

Users have the right to submit a complaint to the President of the Personal Data Protection Office (PUODO) if they believe that their personal data is being processed unlawfully.

6.2 To exercise any of the rights mentioned in Section 6.1 of the Policy, Users should contact the Administrator.

§7 Transfer of Personal Data to Third Countries

As a rule, the User’s personal data will not be transferred outside the European Economic Area (EEA).

§8 Cookies Policy

8.1 Purpose of Using Cookies

8.1.1 The Administrator does not collect any information automatically, except for the data contained in cookies.

8.1.2 Cookies are used in multiple ways.

8.1.3 Cookies are utilized for functional purposes, content personalization, statistical analysis, analytics, and marketing.

8.2 Types of Cookies

8.2.1 The Service uses the following types of cookies:

• “Session cookies” – deleted from the hard drive of the browser or device once the session ends or the device is turned off.
• “Persistent cookies” – stored in the memory of a computer or mobile device until manually deleted by the User via browser settings or until they expire.
• “Third-party cookies” – data placed by scripts from other websites.

8.2.2 The following types of cookies are used within the Service:

• “Essential” cookies – enabling the use of services available within the Service.
• “Performance” cookies – allowing for the collection of information on how the Service is used.
• “Functional” cookies – enabling the Service to “remember” selected User settings and personalize the User interface, such as language or region selection.
• “Advertising” cookies – enabling the display of advertising content tailored to the User’s interests.

8.3 Google Analytics

The Service uses Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics utilizes cookies that are stored on your computer and enable an analysis of your use of the website.

The storage of Google Analytics cookies is based on Article 6(1)(f) of the GDPR. The Administrator has a legitimate interest in analyzing User behavior to optimize its online offerings and advertising efforts.

The Google Privacy Policy is available at: https://policies.google.com/privacy?hl=en.

If the User does not want their information to be collected this way, they can modify their browser settings or use this tool: https://tools.google.com/dlpage/gaoptout?hl=en.

The Administrator informs that in this case, the User’s data may be transferred outside the European Economic Area (EEA).

8.4 Meta (Facebook) Pixel

The Service uses Facebook Pixel, a tool for running effective marketing campaigns and product promotions. The service is provided by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA, or, for EU residents, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook Pixel is a short code embedded in the website, allowing for the measurement of advertising effectiveness based on User actions within the Service. This is considered the Administrator’s legitimate interest (Article 6(1)(f) of the GDPR).

The data collected via Facebook Pixel is anonymous and does not allow for the identification of the User. It only provides insight into what actions were taken within the Service.

The Facebook Privacy Policy is available at: https://www.facebook.com/privacy/explanation.

If the User does not want their information to be collected in this way, they can adjust their settings by clicking this link: https://www.facebook.com/ads/preferences.

The Administrator informs that in this case, the User’s data may be transferred outside the European Economic Area (EEA).

8.5 Managing Cookies

8.5.1 By default, web browsers typically allow cookies and other data to be stored on the User’s device. If the User does not consent to this, they must change their browser settings accordingly. It is possible to disable cookies for all connections from a given browser or for a specific website, as well as delete existing cookies. The method of managing cookies depends on the software used. Current rules for managing cookies can be found in the settings of the User’s web browser.

8.5.2 Information on managing cookies on a mobile phone can be found in the User Manual of the respective device.

8.5.3 Consent to the processing of cookies is voluntary. However, please note that restricting their use may make some features of the website difficult or impossible to use.

§9 Data Security

9.1 The User’s personal data is stored and protected with due care, in accordance with the internal procedures implemented by the Administrator. The Administrator processes User information using appropriate technical and organizational measures that comply with applicable legal regulations, particularly data protection laws. These measures primarily aim to protect User data from unauthorized access.

9.2 In particular, access to User personal data is limited to authorized personnel who are required to maintain confidentiality or entities that process data under a separate data processing agreement.

§10 Final Provisions

10.1 The Administrator reserves the right to modify this Privacy Policy and Cookies Policy. In such a case, an updated version will be published in this location.

10.2 In matters not regulated by this Privacy Policy, the applicable data protection laws shall apply.

10.3 This Privacy Policy is effective as of December 27, 2023.