Privacy Policy of EXMOT Online Shop
1. This Privacy Policy specifies the rules for processing the personal data by EXMOT Sulewski Sp. z o. o., collected via EXMOT Online Shop (hereinafter referred to as “Online Shop”).
2. The administrator of personal data collected via Online Shop is EXMOT Sulewski Sp. z o. o., hereinafter referred to as “EXMOT”, registered in KRS under the no. 0001008872, NIP (VAT No.) 848-188-43-69, REGON 524342930.
3. Personal data collected by EXMOT via Online Shop are processed in accordance with Regulation no. 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive no. 95/46/EC (General Data Protection Regulation), also referred to as GDPR.
4. EXMOT take special care to respect the privacy of Customers visiting Online Shop.
§ 1 Type of data processed, purposes and legal basis
1. EXMOT collect information on legal entities and natural persons who perform legal transactions directly related to their activities, hereinafter jointly referred to as “Customers”.
2. Customers' personal data are collected in the below cases:
a) registering an account in Online Shop in order to create an individual account and manage this account;
b) placing an order in Online Shop in order to perform the sales contract.
3. In the case of registering an account in Online Shop, the Customer provides an e-mail address.
4. When registering an account in Online Shop, the Customer independently sets an individual password to access his account. The Customer may change the password at a later date, on the terms described in §5.
5. While placing an order in Online Shop, the Customer provides the following data:
a) e-mail address;
b) address data: street and building / apartment number, postal code and city, country;
c) company name / name and surname;
d) phone number;
e) VAT number (NIP).
6. When using the Shop Website, additional information may be downloaded, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
7. Navigation data may also be collected from the Customers, including information about links and references that they decide to click or other activities undertaken in our Online Shop. Legal basis - legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
8. In order to determine, pursue and enforce claims, some personal data provided by the Customer while using the functionality in Online Shop may be processed, such as: name, surname, company name, data on the use of services, if claims result from the manner in which the Customer uses the services, other data necessary to prove the basis of the claim, including the extent of the damage suffered. Legal basis - legitimate interest (Article 6(1)(f) of the GDPR), consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
9. Transfer of personal data to EXMOT is voluntary, in connection with concluded sales contracts or provision of services via the Shop Website, with the proviso that failure to provide data specified in the data forms during the registration process prevents registration and setting up a Customer Account, and in case of placing an order lack of Customer Account registration will prevent the submission and execution of the Customer's order.
§ 2 Who do EXMOT share with or entrust the data and how long is it stored?
1. The Customer's personal data are shared with service providers working with EXMOT on the Online Shop. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to EXMOT's instructions as to the purposes and methods of processing data (processors), or independently determine the purposes and methods of processing data (administrators).
a) Processing entities. EXMOT collaborates with suppliers who process personal data only at the request of EXMOT. They include e.g. suppliers providing hosting services, accounting services, delivering marketing systems, systems for analysing traffic in Online Shop, systems for analysing the effectiveness of marketing campaigns;
b) Administrators. EXMOT uses suppliers who do not only follow instructions but set the purposes and methods of using Customers' personal data on their own. They provide electronic payment and banking services.
2. Location. Service providers are mainly based in Poland and other countries of the European Economic Area (EEA).
3. Storing Customers' personal data:
a) If consent is the basis for personal data processing, Customer's personal data are processed by EXMOT until this consent is revoked, and once the consent is revoked, for a period of time corresponding to the period of limitation of claims that EXMOT may raise and which may be raised against it. Unless a special provision states otherwise, the limitation period is ten years, and for claims for periodic services and claims related to running a business - three years.
b) If the basis for data processing is performance of contract, Customer's personal data are processed by EXMOT as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision states otherwise, the limitation period is ten years, and for claims for periodic services and claims related to running a business - three years.
4. In case of a purchase in Online Shop, personal data may be shared, depending on the Customer's choice, with the following entities in order to deliver the ordered goods:
a) delivery company;
b) transport company.
5. If the Customer selects a payment via the PayU system, his personal data are transferred to the extent necessary for the payment to be made to PayU S.A. with its registered office in Poznań (60-166), in 182 Grunwaldzka Street, entered into the Register of Entrepreneurs kept by the District Court for Poznań - Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number 0000274399.
6. If requested, EXMOT provides personal data to authorized state authorities, in particular organizational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communication.
§ 3 Cookies policy
1. Online Shop uses small files called cookies. They are saved by EXMOT on the end device of the person visiting Online Shop, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its "expiration time" and an individual, randomly selected number identifying this file. Information collected using this type of files helps to adjust the products offered by EXMOT to individual preferences and real needs of people visiting Online Shop. They also give an opportunity to develop general statistics of visits to the products in Online Shop.
2. EXMOT uses two types of cookies:
a) Session cookies: after a session of a given browser ends or the computer is turned off, saved information is deleted from the device's memory. The session cookies mechanism does not allow for downloading any personal data or any confidential information from the Customers' computers.
b) Permanent cookies: they are stored in the memory of the Customer's device and remain there until they are deleted or expire. The permanent cookies mechanism does not allow for downloading any personal data or any confidential information from the Customers' computers.
3. EXMOT uses its cookies for the below purposes:
a) authentication of the Customer in Online Shop and ensuring the Customer's session in Online Shop (after logging in), thanks to which the Customer does not have to re-enter login and password on each subpage of Online Shop;
b) analysis and research as well as viewership audits, in particular to create anonymous statistics that help to understand how Customers use the Shop Website, which allows to improve its structure and content.
4. The cookies mechanism is safe for computers of the Online Shop Customers. In particular, it is impossible to transmit this way to the Customers' computers any viruses or other unwanted or malicious software. However, in their browsers, Customers have an option to limit or disable access of cookies to their computers. If this option is used, the use of Online Shop will be possible except for the functions that by their nature require cookies.
§ 4 Rights of data subjects
1. Right to withdraw consent - legal basis: art. 7 sec. 3 GDPR.
a) The Customer has the right to withdraw any consent given to EXMOT.
b) Withdrawal of consent has immediate effect.
c) Withdrawal of consent does not affect the processing carried out by EXMOT in accordance with the law before its withdrawal.
d) Withdrawal of consent does not imply any negative consequences for the Customer, however, it may prevent further use of services or functionalities that, according to the law, EXMOT can only provide with consent.
2. Right to object to data processing - legal basis: art. 21 GDPR.
a) The Customer has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data, including profiling, if EXMOT processes his data based on a legitimate interest, e.g. marketing of EXMOT products and services, gathering statistics on the use of individual functionalities of Online Shop and facilitating the use of Online Shop.
b) Resignation in a form of an e-mail from receiving marketing messages regarding products or services will mean the Customer's objection to the processing of his personal data, including profiling for these purposes.
c) If the Customer's objection turns out to be justified and EXMOT have no other legal basis for processing personal data, the Customer's personal data to which the Customer has objected to process will be deleted.
3. Right to delete data ("the right to be forgotten") - legal basis: art. 17 GDPR.
a) The Customer has the right to request the deletion of all or some of his personal data.
b) The Customer has the right to request the deletion of personal data, if:
1. the personal data are no longer necessary for the purposes for which they were collected or processed;
2. withdrew a specific consent to the extent that personal data was processed based on his consent;
3. objected to the use of his data for marketing purposes;
4. personal data are processed unlawfully;
5. personal data must be deleted in order to comply with the EU law or the law of a EU Member State to which EXMOT is subject;
6. personal data have been collected in connection with offering information society services.
c) Despite the request to delete personal data, in connection with objection or withdrawal of consent, EXMOT may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfil a legal obligation requiring data processing under the EU law or the law of a EU Member State to which EXMOT is subject. This applies in particular to personal data including: name, surname, company name and e-mail address, which are kept for the purpose of potential complaints and claims related to the use of EXMOT services, or additionally, address and order number, which are kept for the purpose of potential complaints and claims related to concluded sales or service contracts.
4. Right to limit data processing - legal basis: art. 18 GDPR.
a) The Customer has the right to request the restriction of processing his personal data. Submitting a request, until it is reviewed, prevents the use of specific functionalities or services, the use of which involves the processing of data covered by the request. Additionally, EXMOT will not send any messages, including marketing ones.
b) The Customer has the right to request the restriction of the use of personal data in the following cases:
1. when he questions the correctness of his personal data - then EXMOT will limit their use for the time needed to verify the correctness of the data, but not longer than for 7 days;
2. when the processing of data is unlawful, and instead of deleting the data, the Customer requests the restriction of their use;
3.when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Customer to establish, pursue or defend claims;
4. when he objected to the use of his data, then the restriction takes place for the time needed to consider whether - due to the specific situation - the protection of interests, rights and freedoms of the Customer outweighs the interests pursued by the Administrator by processing the Customer's personal data.
5. Right to access data - legal basis: art. 15 GDPR.
The Customer has the right to obtain confirmation from the Administrator whether he processes personal data, and if this is the case, the customer has the right to:
a) access his personal data;
b) obtain information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of this data, planned period of storing the Customer's data or criteria for determining this period (when determining the planned period of data processing is not possible), rights of the Customer under the GDPR and right to lodge a complaint with the supervisory authority, source of this data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
c) obtain a copy of his personal data.
6. Right to rectify data - legal basis: art. 16 GDPR.
The Customer has the right to request the Administrator to immediately rectify his personal data that are incorrect. Taking into account the purposes of processing, the data subject has the right to request completion of incomplete personal data, including by submitting an additional statement, sending a request to the e-mail address provided in §6 of the Privacy Policy.
7. Right to transfer data - legal basis: art. 20 GDPR.
The Customer has the right to receive his personal data, which he provided to the Administrator, and then send them to another personal data administrator of his choice. Additionally, the Customer has the right to request the personal data to be sent by the Administrator directly to such an administrator, if it is technically possible. In this case, the Administrator will send the Customer's personal data in the form of a file in the csv format, which is a commonly used, machine-readable format and allows the received data to be sent to another personal data administrator.
8. In the event the Customer uses one of the above rights, EXMOT will comply with the request or refuse to comply with it immediately, but not later than within a month after receiving it. However, if due to the complexity of the request or the number of requests, EXMOT will not be able to meet the request within a month, it will meet it within the next two months, informing the Customer in advance within one month of receiving the request about the intended extension of the deadline and its reasons.
9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.
10. The Customer has the right to request EXMOT to provide copies of standard contractual clauses by directing the inquiry in the manner indicated in §6 of the Privacy Policy.
11. The Customer has the right to lodge a complaint to the President of the Office for Personal Data Protection in case of violation of his rights to the protection of personal data or other rights granted under the GDPR.
§ 5 Security management - password
1. EXMOT provide Customers with a secure and encrypted connection when transferring personal data and when logging in to the Customer Account on the Website.
2. In the event that the Customer with an account in Online Shop has lost the access password in any way, Online Shop allows him to generate a new password. EXMOT do not send a password reminder. The password is stored in an encrypted form, in a way that makes it impossible to read it. In order to generate a new password, the Customer must provide his e-mail address in the form available under the "Forgot your password" link provided in the login form for his account in the Online Shop. The Customer will receive an e-mail to the e-mail address provided during registration or saved in the last change of the account profile, containing a redirection to a dedicated form available on the Store Website, where the Customer will be able to set a new password.
3. EXMOT never send any correspondence, including electronic correspondence, asking for login details, in particular the password to access the Customer's account.
§ 6 Changes to the Privacy Policy
1. The Privacy Policy may change and in such case EXMOT will inform Customers 7 days in advance.
2. Questions related to the Privacy Policy shall be directed to the following e-mail address: [email protected]
3. Latest version date: 01.02.2023 r.