PRIVACY POLICY OF THE ONLINE STORE MISSPEAR.PL

 

  1. GENERAL PROVISIONS
    1. This Privacy Policy of the Online Store is informative, meaning it is not a source of obligations for Service Recipients or Customers of the Online Store. The privacy policy primarily contains the rules regarding the processing of personal data by the Administrator in the online store, including the basis, purposes, and scope of processing personal data, as well as the rights of individuals whose data is processed, and information on the use of cookies and analytical tools in the online store.
    2. The Administrator of personal data collected through the Online Store is a business operator conducting business under the name PROSPERO Agata Gruszka, entered into the Central Register and Information on Economic Activity kept by the minister responsible for economy and maintaining the Central Register and Information on Economic Activity, NIP 923-16-88-343, REGON 367493099, (registered office: ul. Zacisze 11, 63-004 Gowarzewo), hereinafter referred to as the “Administrator,” also acting as the Service Provider of the Online Store and the Seller.
    3. Personal data in the Online Store are processed by the Administrator in accordance with applicable law, particularly in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – referred to as “GDPR.” Official GDPR text: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
    4. The use of the online store, including making purchases, is voluntary. Similarly, providing personal data by the Service Recipient or Customer using the Online Store is voluntary, with two exceptions: (1) entering into contracts with the Administrator – failure to provide, in cases and to the extent indicated on the Online Store’s website, in the Online Store’s Regulations, and in this privacy policy, the necessary personal data for the conclusion and performance of the Sales Agreement or the agreement on the provision of an Electronic Service with the Administrator will result in the inability to conclude the respective contract. Providing personal data is in such cases a contractual requirement, and if the person whose data it concerns wants to conclude a specific contract with the Administrator, they are obliged to provide the required data. The scope of data required to conclude a contract is always specified in advance on the Online Store’s website and in the Online Store’s Regulations; (2) legal obligations of the Administrator – providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing an obligation on the Administrator to process personal data (e.g., processing data for tax or accounting purposes), and failure to provide them will prevent the Administrator from fulfilling these obligations.
    5. The Administrator takes special care to protect the interests of individuals whose personal data is processed, and, in particular, is responsible for ensuring that the data collected by them are: (1) processed lawfully; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form that allows the identification of the individuals concerned for no longer than necessary for the purpose of processing; and (5) processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing, and accidental loss, destruction, or damage, using appropriate technical or organizational measures.
    6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of violation of the rights or freedoms of natural persons of varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure that processing is in accordance with this Regulation and to be able to demonstrate this. These measures are subject to review and updating as needed. The Administrator uses technical measures to prevent unauthorized access to and modification of personal data transmitted electronically.
    7. Any words, expressions, and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Seller, Online Store, Electronic Service) are to be understood according to their definition in the Regulations of the Online Store available on the Online Store’s pages.
  2. LEGAL BASIS FOR DATA PROCESSING
    1. The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the person whose data it concerns has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, in particular where the data subject is a child.
    2. The processing of personal data by the Administrator requires, in each case, the presence of at least one of the grounds specified in point 2.1 of the privacy policy. The specific grounds for the processing of personal data of Service Recipients and Customers of the Online Store by the Administrator are indicated in the next point of the privacy policy – with regard to the specific purpose of processing personal data by the Administrator.
  3. PURPOSE, BASIS, PERIOD, AND SCOPE OF PROCESSING DATA IN THE ONLINE STORE
    1. Each time, the purpose, basis, period, and scope, as well as the recipients of personal data processed by the Administrator, result from the actions taken by a given Service Recipient or Customer in the Online Store. For example, if a Customer decides to make purchases in the Online Store and chooses personal pickup of the purchased Product instead of courier delivery, their personal data will be processed to fulfill the concluded Sales Agreement but will not be provided to the carrier handling shipments on behalf of the Administrator.
    2. The Administrator may process personal data in the Online Store for the following purposes, on the following legal bases, within the specified periods and scope:
      PURPOSE OF DATA PROCESSING LEGAL BASIS FOR PROCESSING AND DATA RETENTION PERIOD SCOPE OF PROCESSED DATA
      Execution of a Sales Agreement or agreement for the provision of an Electronic Service or taking action at the request of the data subject before the conclusion of the above-mentioned agreements Article 6 (1)(b) of the GDPR (execution of a contract)
      The data is kept for the period necessary for the performance, termination, or expiration in another manner of the contract concluded      		 Maximum scope: full name; email address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country), residential/business address/headquarters (if different from the delivery address).
      In the case of Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Customer.
      The specified scope is maximum – for example, in the case of personal pickup, providing a delivery address is not necessary.
      Direct marketing Article 6 (1)(f) of the GDPR (legitimate interests of the controller)
      The data is stored for the period necessary to pursue the legitimate interests of the Controller, but no longer than the limitation period for claims against the data subject arising from the Controller’s business activities. The limitation period is determined by the law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for sales contracts, two years).
      The Controller cannot process data for direct marketing purposes if the data subject effectively objects to such processing.      		 Email address
      Marketing Article 6 (1)(a) of the GDPR (consent)
      The data is stored until the data subject withdraws consent for further processing of their data for this purpose.      		 First name, email address
      Bookkeeping Article 6 (1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act, i.e. of January 30, 2018 (Journal of Laws of 2018, item 395)
      The data shall be retained for the period required by law obliging the Administrator to keep accounting records (5 years, starting from the beginning of the year following the financial year to which the data pertains).      		 Full name; residential/business address/headquarters (if different from the delivery address), company name, and tax identification number (NIP) of the Service Recipient or Customer
      Establishing, investigating, or defending claims that the Administrator may raise or that may be raised against the Administrator Article 6 (1)(f) of the GDPR states
      The data is stored for the period necessary to pursue the legitimate interests of the Controller, but no longer than the limitation period for claims against the data subject arising from the Controller’s business activities. The limitation period is determined by the law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for sales contracts, two years).      		 First and last name; telephone number; email address; delivery address (street, house number, apartment number, postal code, city, country), residential/business address (if different from the delivery address).
      In the case of Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Customer.
  4. Recipients of Data in the Online Store:
    1. For the proper functioning of the Online Store and the fulfillment of Sales Agreements, the Administrator needs to use the services of external entities (such as software providers, couriers, or payment service providers). The Administrator only utilizes the services of such processing entities that ensure sufficient guarantees for the implementation of appropriate technical and organizational measures to meet the requirements of the GDPR and protect the rights of the individuals whose data is processed.
    2. The transfer of data by the Administrator does not occur in every case or to all recipients or categories of recipients mentioned in the privacy policy – the Administrator only transfers data when necessary to achieve the specific purpose of processing personal data and only to the extent necessary for its implementation. For example, if a Customer opts for personal pickup, their data will not be transferred to the carrier cooperating with the Administrator.
    3. Personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
      1. Carriers / freight forwarders / courier brokers – in the case of Customers who opt for delivery of the Product by mail or courier, the Administrator provides the collected personal data of the Customer to the selected carrier, freight forwarder, or intermediary handling shipments on behalf of the Administrator to the extent necessary to fulfill the delivery of the Customer’s Product.
      2. Providers of electronic payment services or credit card payments – in the case of Customers who opt for electronic payments or credit card payments in the Online Store, the Administrator provides the collected personal data of the Customer to the selected entity providing the above-mentioned payments in the Online Store at the request of the Administrator to the extent necessary to handle payments made by the Customer.
      3. Credit providers / lessors – in the case of Customers who opt for payment in installments or leasing in the Online Store, the Administrator provides the collected personal data of the Customer to the selected credit provider or lessor handling the above-mentioned payments in the Online Store at the request of the Administrator to the extent necessary to handle payments made by the Customer.
      4. Providers of services supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business activities, including the Online Store and Electronic Services provided through it (in particular, providers of computer software for running the Online Store, email and hosting providers, and software providers for managing the company and providing technical support to the Administrator) – the Administrator provides the collected personal data of the Customer to the selected provider acting on its behalf only when necessary and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.
      5. Providers of accounting, legal, and advisory services providing accounting, legal, or advisory support to the Administrator (in particular, accounting firms, law firms, or debt collection companies) – the Administrator provides the collected personal data of the Customer to the selected provider acting on its behalf only when necessary and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.
  5. PROFILING IN THE ONLINE STORE
    1. The GDPR imposes on the Administrator the obligation to inform about automated decision-making, including profiling, as mentioned in Article 22 (1) and (4) of the GDPR, and – at least in these cases – provide significant information about the principles of decision-making, as well as the meaning and anticipated consequences of such processing for the individual whose data is concerned. With this in mind, the Administrator provides information in this section of the privacy policy regarding potential profiling.
    2. The Administrator may use profiling in the Online Store for the purposes of direct marketing, but the decisions made on its basis by the Administrator do not affect the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Online Store. The result of profiling in the Online Store may include, for example, granting a discount, sending a discount code, reminding about unfinished purchases, sending product proposals that may correspond to the interests or preferences of the individual, or proposing better conditions compared to the standard offer of the Online Store. Despite profiling, the individual freely decides whether to use the received discount or better conditions and make a purchase in the Online Store.
    3. Profiling in the Online Store involves the automatic analysis or forecast of the behavior of an individual on the Online Store’s website, such as adding a specific product to the cart, browsing a specific product page, or analyzing the history of previous purchases made in the Online Store. A prerequisite for such profiling is for the Administrator to have personal data of the individual in order to subsequently send, for example, a discount code.
    4. The individual whose data is concerned has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
  6. RIGHTS OF THE DATA SUBJECT
    1. **Right of Access, Rectification, Restriction, Erasure, and Portability**: The data subject has the right to request from the Administrator access to their personal data, rectification of inaccurate data, erasure (“right to be forgotten”), restriction of processing, and the right to data portability. Detailed conditions for exercising these rights are specified in Articles 15-21 of the GDPR.
    2. **Right to Withdraw Consent at Any Time**: If the data subject’s data is processed based on consent (pursuant to Article 6(1)(a) or Article 9 (2)(a) of the GDPR), they have the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
    3. **Right to Lodge a Complaint with a Supervisory Authority**: The data subject has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular, the Act on the Protection of Personal Data. The supervisory authority in Poland is the President of the Personal Data Protection Office.
    4. **Right to Object**: The data subject has the right to object, at any time, to processing of their personal data based on Article 6 (1) (e) (public interest or exercise of official authority) or (f) (legitimate interests pursued by the controller), including profiling based on these provisions. In such a case, the Administrator may no longer process the data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.
    5. **Right to Object to Direct Marketing** – If personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of their personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
    6. To exercise the rights mentioned above, the data subject can contact the Administrator by sending an appropriate message in writing or by email to the Administrator’s address provided at the beginning of the privacy policy or by using the contact form available on the Online Store’s website.
  7. COOKIES IN THE ONLINE STORE, USAGE DATA, AND ANALYTICS
    1. Cookies are small text information stored on the visitor’s device (such as a computer’s hard drive, laptop, or smartphone memory card) and sent by the server while visiting the Online Store website. Detailed information about cookies and their history can be found, for example, here: http://pl.wikipedia.org/wiki/Ciasteczko.
    2. The Administrator may process data contained in cookies when visitors use the Online Store website for the following purposes:
      1. Identifying users as logged in to the Online Store and displaying that they are logged in;
      2. Remembering products added to the cart to place an order;
      3. Remembering data from completed order forms, surveys, or login data to the Online Store;
      4. Customizing the content of the Online Store website to individual user preferences (e.g., colors, font size, page layout) and optimizing the use of the Online Store website;
      5. Conducting anonymous statistics showing how visitors use the Online Store website;
      6. Remarketing, i.e., analyzing the behavior characteristics of visitors to the Online Store through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) to create their profile and deliver them advertisements tailored to their predicted interests, even when they visit other websites on the Google Inc. and Facebook Ireland Ltd. ad network
    3. Most internet browsers available on the market accept saving cookies by default. Everyone has the option to determine the conditions for using cookies through the settings of their internet browser. This means that it is possible to partially limit (e.g., temporarily) or completely disable the ability to save cookies—however, in the latter case, it may affect some functionalities of the Online Store (for example, it may be impossible to proceed through the order path via the order form due to not remembering products in the cart during subsequent order steps).
    4. The internet browser settings regarding cookies are essential regarding consent to the use of cookies by our Online Store. According to the regulations, such consent can also be expressed through internet browser settings. In the absence of such consent, you should appropriately change the internet browser settings regarding cookies.
    5. Detailed information on changing settings regarding cookies and their self-deletion in the most popular internet browsers is available in the help section of the internet browser and on the following pages (simply click on the link):
    6. The Administrator may use Google Analytics and Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) These services help the Administrator analyze traffic in the Online Store. The collected data is processed in an anonymized manner (these are so-called usage data that do not allow identification of individuals) as part of the above services to generate statistics helpful in administering the Online Store. This data is aggregate and anonymous, i.e. it does not contain identifying characteristics (personal data) of individuals visiting the Online Store website. By using the above services in the Online Store, the Administrator collects data such as sources and mediums of acquiring visitors to the Online Store, their behavior on the Online Store website, information about the devices and browsers they use to visit the website, IP and domain information, geographic data, as well as demographic data (age, gender), and interests.
    7. It is possible for individuals to easily block the sharing of their activity information on the Online Store website through Google Analytics. To do this, you can install a browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
    8. The Administrator may also use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) in the Online Store. This service helps the Administrator measure the effectiveness of advertisements, learn about the actions taken by visitors to the online store, and display tailored advertisements to them. Detailed information about the operation of the Facebook Pixel can be found at the following internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content
    9. Management of the Facebook Pixel’s operation is possible through the advertising settings in your account on the Facebook.com portal: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
  8. FINAL PROVISIONS
    1. The Online Store may contain links to other websites. The Administrator encourages individuals to familiarize themselves with the privacy policy established there after visiting other websites. This privacy policy applies only to the Administrator’s Online Store.