Dear Customer / User
We care about your privacy and we want you to feel comfortable and safe when using our services, which is why we have prepared a document from which you will get detailed information regarding the processing of your personal data.
Table of Contents:
- General information
- Recipients of personal data of an online store
- Acquiring, collecting the purpose, scope and processing of personal data
- Rights of data subjects
- The mechanism of cookies, operational data and analytics
- Final Provisions
- Words and phrases that were used in the definitions of the regulations and beginning with a capital letter, have been used in this document and have the meaning given to them in the regulations of the online store, which is available on the store’s website.
- Administrator of personal data collected via the online store as defined in Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repeal of Directive 95 / 46 / EC (general regulation on data protection) of 27 April 2016 (Journal of Laws of the EU, No. 119, p. 1), hereinafter referred to as the GDP (here you can read the regulation http: // eur -lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679), is Bartosz Sławiński, running a business under the name of CCS Bartosz Sławiński, entered in the Central Register and Information on Economic Activity with a seat in Kozienice ( 26-900), at ulica Brzozowa 35, with a NIP number: 8121895945, REGON: 365321365; place of business Garbatka Letnisko (26-930), ul. Kochanowskiego 133, telephone number: +48 600 899 598, e-mail address: firstname.lastname@example.org, hereinafter referred to as the Administrator and being at the same time the Online Store Service Provider and the Seller.
- Users’ personal data are processed in accordance with the provisions on the protection of personal data and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws No. 144, item 1204, as amended).
- The administrator of the online store makes every effort to protect the privacy of Users and Customers of the online store and all data and information that has been obtained from them. With due diligence, it selects and applies technical protection measures, both programming and organizational, thus ensuring complete protection against disclosure, disclosure, loss, destruction, unauthorized modification or processing in violation of applicable law.
- The administrator informs that the online store uses the transmission protocol, ensuring the security of data transmission on the Internet, namely it has the SSL (Secure Socket Layer v3) protocol installed. It is a type of security consisting in coding data before they are sent from the Customer’s browser and decoding after safely arriving at the store’s server. Information sent from the server to the client is also encrypted, and after reaching the target, it is decoded.
- Data collected by the Administrator are processed in accordance with the law, respecting the principles of fairness and transparency, are collected to the minimum necessary for the specified purposes and processed in accordance with them, not subjected to further processing incompatible with these purposes, adequate and correct content-related to the intended use and stored in a way that identifies the data subjects. The period of data storage depends on the purpose of the processing and limited to the achievement of the assumed purpose.
- The administrator has the right, as well as the statutory obligation to provide information about customers of an online store to public authorities, for example in connection with conducting proceedings for possible violations of law or third parties who submit such a request under applicable Polish law.
- Using the services and tools provided as part of an online store, as well as providing personal data by the User is voluntary. However, their application may be necessary to conclude and execute a sales contract or contract for the provision of electronic services in an online store, thus their absence will prevent the conclusion of such a contract. The scope of data necessary to conclude the contract is indicated on the website of the online store and in the regulations of the online store.
Recipients of personal data of the Online Store
- In order to ensure proper operation of the online store, including for the implementation of Sales Agreements concluded, the Administrator uses the services of external entities. The administrator submits data only when it is necessary to perform a given purpose of personal data processing and only to the extent necessary to complete it.
- Examples of recipients of personal data of online store customers are:
- carriers, brokers, forwarders – in a situation where the customer making the purchase in the online store chooses the delivery method by courier,
- entities handling electronic payments or by means of a payment card – the Administrator entrusts the Customer’s personal data to the entity servicing a given payment to the extent necessary to perform the service,
- providers of services supporting the work of the Administrator of an online store, eg a supplier of computer software for running an online store, a hoster,
- entities providing accounting services.
- Recipients of data (external entities) process personal data on the basis of relevant entrustment contracts signed with the Administrator of the online store. These entities collect, process and store personal data in accordance with their regulations and privacy policies.
- Processing personal data of Customers and Customers of the online store www.durarace.com. The administrator entrusts the following entities:
- Smarthost Sp. z oo, ul. Partyzantów 1, 42-217 Częstochowa, KRS: 0000656356, NIP: 5732874847, REGON: 366194822- in order to store data on the server where the online store is installed or to store data on the server where the online store is installed and in order to providing IT and technical care over the store’s website,
- Maciejczyk Mirosław “CLICK MEDIA”, ul. Mostowa 13E, 26-600 Radom, NIP: 9481645814, REGON: 140596464- in order to operate the IT store website,
- Agnieszka Lewandowska Biuro Rachunkowe, Aleja Rzeczpospolitej 27A, 02-972 Warsaw, NIP: 8121834990, REGON: 147115947- in order to settle payments and issue invoices / invoices for the ordered goods / services, in order to conduct business accounting for the owner of an online store,
- DHL Parcel Sp. z oo, ul. Osmańska 2, 02-823 Warsaw, KRS: 0000631916, NIP: 9512417713, REGON: 365170883- in order to fulfill orders of an online store and delivery of goods to the Customer,
- InPost Sp. z oo, ul. Malborska 130, 30-624 Kraków, KRS: 0000442032, NIP: 6793087624, REGON: 122726260- in order to execute orders for an online store and delivery of the Goods to the Customer,
- DHL EXPRESS (POLAND) Sp. z oo, ul. Wirażowa 37, 02-158 Warsaw, KRS: 0000047237, Tax Identification Number: 5270022391, REGON: 0120054070- in order to fulfill orders for an online store and delivery of goods to the Customer,
- DPD POLSKA Sp. z oo, ul. Mineralna 15, 02-274 Warsaw, KRS: 0000028368, NIP: 5260204110, REGON: 012026421- in order to fulfill orders of an online store and delivery of goods to the Customer,
- FEDEX EXPRESS POLSKA Sp. z oo, ul. Krucza 16/22, 00-526 Warsaw, KRS: 0000037973, NIP: 5261005306, REGON: 010612250- in order to fulfill orders for an online store and delivery of goods to the customer,
- PayU SA, ul. Grunwaldzka 182, 60-166 Poznań, KRS: 300523444, 0000274399, NIP: 7792308495 – in order to enable electronic payments and payment by means of a payment card for the ordered goods or for the purpose of making internet payments to the Seller,
- “MEDIA SPACES” Michał Wąsikowski, ul. Filtrowa 1, 26-600 Radom, NIP: 7962787900, REGON: 366698497- to provide marketing services.
Acquiring, collecting a goal, scope and processing activities
- The administrator acquires information about Users, including by collecting server logs, IP addresses, software and hardware parameters, browsed pages, mobile device identification number and other data regarding devices and systems usage. The collection of the above information will take place in connection with the use of the online store. These data are not used by the Administrator in order to identify the User / Client.
- Clients may also collect navigation data, including information about links and links or other activities undertaken in the online store in order to facilitate the use of services provided electronically and to improve the functionality of these services.
- The Administrator reserves the right to filter and block messages sent via the internal system of messages, in particular if they are spam, contain illegal content or otherwise threaten the security of the Users of the online store.
- As part of the online store, the Administrator processes personal data of clients for the following purposes:
- take action before concluding the contract at the customer’s request; ensuring full service of the Store’s user including setting up and managing the account / accounts, contacting Users in response to inquiries sent via the contact form, contacting Users via e-mail in response to queries sent,
- provision of services that do not require the creation of an account and purchase of goods, i.e. browsing websites of an online store, servicing the goods search engine, monitoring the activity of all users and specific Users,
- adjusting the offer and the User’s experience,
- performance of a Sales Agreement or Agreement for the provision of Services by electronic means,
- keeping statistics on the use of particular functionalities available in the online store, facilitating the use of the online store and ensuring the IT security of the online store,
- establishing, investigating and enforcing claims and defending against claims in court proceedings and other enforcement organs,
- consideration of complaints, complaints and requests, as well as answers to questions,
- direct marketing of products and services,
- organization of contests and loyalty programs,
- implementation of orders, services and products created or co-created by the Administrator,
- conducting research and analysis to improve the services available.
- The administrator informs that he collects, processes and stores the following Customer data: name and surname, e-mail address (e-mail address), contact telephone number to enable the courier to contact the customer, delivery address (street, house number, apartment number, postal code, city, country), address of residence / business activity / registered office (if different from the delivery address).
- In the case of Clients or Customers who are not Consumers, the Administrator may additionally process such data as: company name and tax identification number (NIP) of the Customer or the Customer.
CONTACT WITH THE CUSTOMER
- The basis for data processing in connection with customer service, which includes contact with the customer in order to answer the inquiry via e-mail, online chat, contact form is art. 6 par. 1 lit. and RODO or consent for processing. If a contract is concluded after the contact, the data will be processed pursuant to Article 6 paragraph 1 letter b of the RODO. The legal basis for the processing after the eventual termination of contact will be a justified purpose in the form of archiving correspondence for the purpose of showing its course in the future (pursuant to Article 6 paragraph 1 point f of the RODO).
- The administrator also makes available through the plug-in “Messenger Customer Chat” the possibility of using the chat via Messenger as part of the social networking site Facebook. This plug-in enables connection to the Service Provider’s server and access to the User’s personal data made public as part of a social network service.
REGISTRATION OF ACCOUNT
- Data of the User who, when creating an account will register in the online store, will be collected on the basis of the consent for processing (Article 6 paragraph 1 letter a and RODO). When the User decides to conclude the contract, the data will be processed on the basis of art. 6 par. 1 lit. b THE RHODE.
EXECUTION OF THE CONTRACT
- By placing an order online store, the Customer provides personal data that is used to perform the contract, i.e. in connection with the execution of the Order (Article 6 paragraph 1 letter b of the GDPR), invoice and other activities related to tax law (Article 6 paragraph 1 (c). For archival and statistical purposes, the data will be processed on the basis of the justified interest of the Administrator (Article 6 (1) letter f of the RODO).
- The basis for the processing of data to establish, assert or defend claims that may be raised by the Administrator or which may be raised against the Administrator is Art. 6 par. 1 lit. f RODO.
- Data on orders will be processed for the time necessary to perform the contract, and then until the expiry of the period of limitation of claims under the contract. In addition, after this date, the data can still be processed for statistical purposes.
- As part of the online store functionality, the Administrator provides the option of contacting him using an interactive form. Using the form requires providing personal data necessary to contact the User and answer the questions contained in the form. The user may also provide other data to facilitate contact or service order. Providing data marked as mandatory is required in order to service the request and / or accept the order, and failure to do so may result in the inability to service it. Providing other data is voluntary.
- In order to identify the sender and handle his inquiry sent by the provided form – the legal basis for processing is the necessity of processing to perform the contract for the provision of the service (Article 6 (1) (b) of the GDPR).
- For analytical and statistical purposes – the legal basis of the processing is the legitimate interest of the Administrator (Article 6 (1) (f) of the GDPR), consisting in keeping statistics on queries submitted by Users via the online store website to improve its functionality.
- On the www.durarace.com online store website, plugins and other social tools are installed, made available through social networks such as Facebook, Instagram, YouTube. When viewing the website of the store where the plug-in has been placed, the User’s browser will establish a direct connection to the Facebook, Instagram or YouTube servers. The content of the plugin is provided by the given Service Provider directly to the User’s browser and integrated with the website. This integration enables the Service Provider to receive information that the User’s browser has viewed the www.durarace.com online store website even if the User does not have a profile with the Service Provider or is not currently logged in to him. If the User is logged in to one of the social networking sites, then the Service Provider will be able to directly assign a visit to the Website to a given profile in a given social network.
Rights of data subjects
- The RODO gives the Clients / Users the rights in question, their list is given below. They are provided without any reason, but they are not absolute and will not be entitled to any processing of personal data. In a situation where the Client / User will want to fulfill any of his rights, he may at any time send a declaration of will to the e-mail address of the online store or the address of the Administrator’s office.
- The right of access to data implemented on the basis of art. 15 THE RHODE.
The Client / User may report to the Administrator at any time to confirm whether his data is being processed, and if this is the case, the Customer has the right to:
- to obtain access to personal data,
- to receive information about the purposes of processing, categories of personal data being processed, recipients or categories of recipients of this data, the planned period of customer / user data storage or criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the Customer / User under the RODO (when it is not possible to determine the planned data processing period), about the rights of the Customer under the REDO and the right to lodge a complaint to the supervisory authority, about the source of such data, about automated decision-making, including profiling and security used in connection with the transfer of these data outside the European Union,
- to obtain a copy of your personal data.
- The right to rectify data implemented on the basis of art. 16 THE RHODE.
The Customer / User has the right to request the Administrator to rectify his personal data immediately, which is incorrect. He also has the right to request supplementing his personal data. To correct or supplement your personal data, please send information to the e-mail address of the online store.
- The right to delete data (“the right to be forgotten”) – implemented on the basis of art. 17 THE RHODE.
- The Client / User may request the Administrator to delete all or some of his data,
- The Customer / User has the right to request the deletion of his personal data if:
- personal data are no longer necessary for the purposes for which they were collected or processed,
- withdrew a specific consent to the extent to which personal data were processed based on the consent of the Customer / User,
- he objected to the use of his data for marketing purposes,
- personal data were processed unlawfully,
- personal data must be removed in order to comply with a legal obligation under Union law or the law of the Member State to which the Administrator falls;
- personal data were collected in connection with offering information society services,
- despite the Customer / User requesting the deletion of personal data in connection with opposition or withdrawal of consent, the Administrator may retain certain personal data to the extent that processing is necessary to establish, investigate or defend claims, as well as to fulfill a legal obligation requiring processing under Union law or the law of the Member State to which the Administrator is subject,
- deletion of personal data or cessation of processing by the Administrator may result in the inability to provide services provided via the online store or restriction of the use of the online store functionality.
- Expressing consent to the processing of personal data and the right to withdraw consent based on art. 7. paragraph 3 RHODE
- The Customer / User accepting the statements placed by the Administrator in an interactive form available on the online store, consents to the processing of their data for specific purposes,
- The customer / user has the possibility to consent to the processing of his data for additional purposes by accepting optional statements proposed in the forms available on the online store website,
- The customer has the right to withdraw any consent he gave to the Administrator, withdrawal of consent will have effect from the moment of withdrawal of consent,
- withdrawal of consent will not result in any negative consequences for the client, but it may prevent further use of services or functionalities which, according to the law, the Administrator may provide only with consent,
- withdrawal of consent does not affect the processing of personal data carried out by the Administrator in accordance with the law before its withdrawal.
- The right to object to data processing carried out pursuant to art. 21 THE RHODE
- The Client / User has the right to object at any time for reasons related to his special situation in relation to the processing of his personal data, including profiling, if the Administrator processes personal data based on a legitimate interest,
- sent by the Customer / User in the form of an e-mail message, resignation from receiving marketing information about products and services means the Customer / User’s objection to the processing of his data, including profiling these purposes,
- if the Administrator has no other legal basis allowing for the processing of the Customer / User’s data and the objection raised, the legitimate personal data to which the objection was raised will be removed.
- The right to submit a request to limit the processing of personal data carried out on the basis of art. 18 RHODE
The Customer / User has the right to request the restriction of his personal data when:
- questions the accuracy of your personal data – the personal data administrator will limit the processing of your personal data for a period of time to check the correctness of this data,
- the processing of personal data of the Client / User is unlawful, and instead of deleting personal data, the Customer / User requests the restriction of the processing of their personal data,
- customer’s / User’s personal data is no longer needed for processing purposes, but they are needed to establish, investigate or defend claims of the Customer / User,
- if the Client / User has objected to the processing of his personal data – then the processing limit shall be limited until it is determined whether the legitimate interests of the Administrator of personal data override the grounds indicated in the objection of the Customer / User.
- The right to request the transfer of personal data (Article 20 of the RODO)
The Customer / User has the right to receive from the Administrator his personal data in a structured, commonly used machine-readable format and to transfer them to another Administrator of personal data.
You can also request that the Administrator of personal data directly send the personal data of the Client / User to another Administrator (if it is technically possible).
- The Customer also has the right to lodge a complaint to the President of the Office for Personal Data Protection in the scope of violation of his rights to the protection of personal data or other rights granted under the RODO.
- The right of access to data implemented on the basis of art. 15 THE RHODE.
- As part of running an online store, an Administrator may use profiling for purposes related to direct marketing, eg sending a rebate code or rebate to a given person, reminding about unfinished purchases, displaying a specific advertisement based on his previous activity on the store website, submitting a Product proposal, which may correspond to the preferences or interests of a given person.
- Despite the Administrator’s use of profiling, however, the final, free decision regarding, for example, taking advantage of the proposed rebate and making a purchase in a given online store is taken by a given Person.
- The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling and causes legal effects or similar influence on that person.
Cookies Policy, operational data and analytics
- The online store uses small files called cookies (cookies), they are saved and stored on the computer or other end device of the Users and Customers of the store, if the web browser allows it. Cookies usually contain the name of the domain from which they originate, their storage time on the Device and the assigned value.
- Cookies are used to optimize the process of using the store’s website, in order to collect statistical data that allow to identify the use of Users from the online store, which allows you to improve the structure of the online store. They are also necessary to maintain the client’s session after leaving the online store.
- The administrator uses two types of cookies:
- Session cookies (temporary): they are stored on the client’s end device and remain there until the end of the session of the given browser. The saved information is then permanently deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from the Customer’s device.
- permanent cookies: they are stored on the Customer’s device and remain there until they are deleted. Ending the session of a given browser or turning off the device does not delete them from the client’s device. The mechanism of persistent cookies does not allow the collection of any personal data or any confidential information from the Customer’s Device.
- The service administrator uses external cookies in order to:
- collecting general and anonymous static data via analytical tools: Google Analytics (the cookie administrator is Google Inc., based in the United States),
- popularizing the online store using the social network www.facebook.com (administrator of external cookies: Facebook Inc with its registered office in the USA or Facebook Ireland based in Ireland.
- The administrator uses the Google Analytics tracking code to analyze the statistics of the online store’s website; Detailed information about Google Analytics can be found at https://support.google.com/analytics/answer/6004245.
- The customer at any time, using the web browser he uses, may change the settings for cookies, including the blocking of the ability to collect cookies. Such action may make it difficult or impossible to use the services and tools of the online store, including making it impossible to place an order.
- If the customer decides that he does not agree to the use of cookie peaks for the purposes described above, he may delete them manually at any time. Detailed instructions on how to proceed and information about cookies are included in the browser’s help menu, which is currently used by the client. Examples of Internet browsers that support these cookies are: Internet Explorer, Mozilla Firefox, Google Chrome, Opera, Safari, Microsoft Edge.
- Some third party entities operating as part of an online store allow Users to withdraw their consent to collect and use data for advertising based on customer activity. More information on this subject and the option of making a choice can be found, for example, on the website: www.yuoronlinechoices.com. Sharing Google Analytics with activity information on the online store’s website can be blocked by means of the share provided by Google Inc. the browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en.