Privacy Policy

PRIVACY POLICY
OF GO4PAINTS.COM ONLINE STORE

 

CONTENTS:

  1. GENERAL PROVISIONS
  2. GROUNDS FOR DATA PROCESSING
  3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
  4. DATA RECIPIENTS IN THE ONLINE STORE
  5. PROFILING IN THE ONLINE STORE
  6. RIGHTS OF DATA SUBJECT
  7. COOKIES IN THE ONLINE STORE, PERFORMANCE DATA AND ANALYTICS
  8. FINAL PROVISIONS

 

  1. GENERAL PROVISIONS

1.1. This privacy policy of the Online Store is for information purposes only, which means that it is not the source of obligations for Service Users or Customers of the Online Store. The privacy policy includes, in particular, the principles related to processing of personal data by Data Controller in the Online Store, including grounds, purposes and scope of personal data processing and also rights of data subjects as well as information concerning cookies and analytical tools used in the Online Store.

1.2. The Controller of personal data collected by means of the Online Store is PRZEDSIĘBIORSTWO PRODUKCYJNO - HANDLOWE UNICELL POLAND SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Wasilków (the registered office address and address for deliveries: ul. Supraślska 25, Wasilków 16-010); entered into the Register of Entrepreneurs of the National Court Register under KRS no.: 0000018265; registry court where company printout is kept: District Court in Białystok, XII Commercial Division of the National Court Register; share capital: PLN 2,650,000.00; NIP no. (Tax Id. No.): 5422503648; REGON (National Business Registry Number) no.: 050623653 and e-mail address: shop@go4paints.com - hereinafter referred to as “Data Controller” and being at the same time the Online Store Service Provider and Seller.

1.3. Contact details of the inspector of personal data protection appointed by the Data Controller:
e-mail address: iod@unicell.com.pl.

1.4. Personal data in the Online Store are processed by the Data Controller in accordance with the applicable provisions, especially in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.5. Using the Online Store, including making purchases, is voluntary. Likewise, providing the personal data by the Service User or Customer using the Online Store is voluntary but subject to two exceptions: (1) concluding agreements with the Data Controller - failure to provide personal data necessary to conclude and perform the Sale Agreement with the Data Controller or agreement for the provision of Electronic Service, in the cases and within the scope indicated on the Online Store website as well as in the Online Store Terms and Conditions and this privacy policy, results in inability to conclude this agreement. In such case provision of personal data constitutes a contractual requirement, and where a data subject wishes to conclude a particular agreement with the Data Controller, it is obliged to provide the required data. The scope of data required to conclude an agreement is indicated on the Online Store website and in the Online Store Terms and Conditions. (2) the Data Controller’s statutory obligations - provision of personal data constitutes a statutory requirement arising from generally applicable provisions of law which impose obligation on the Data Controller to process the personal data (e.g. processing of personal data in order to maintain tax books or books of account), and failure to provide them results in inability to fulfil these obligations by the Data Controller.

1.6. The Data Controller takes the utmost care to protect the data subjects’ interests and, in particular, is responsible and ensures that the collected data are: (1) lawfully processed; (2) collected for designated and lawful purposes and not undergoing further processing in a manner incompatible with these purposes; (3) essentially correct and adequate to the purposes for which they are processed; (4) stored in a form which permits identification of data subjects for no longer than it is necessary for the purposes for which they are processed; and (5) processed in a manner ensuring appropriate security of personal data, including protection against accidental or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.

1.7. Taking into account the nature, scope, context and purposes of processing and the risk of violation of the rights or freedoms of individuals with different probability of occurrence and severity of risk, the Data Controller implements the appropriate technical and organisational measures to ensure compliance with this regulation and to be able to prove it. The measures, if necessary, shall be reviewed and updated. The Data Controller uses technical measures preventing capture and modification of personal data, which is sent via e-mail, by unauthorised persons.

1.8. Any words, expressions and acronyms referred to in this privacy policy and starting with capital letter (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definitions included in the Online Store Terms and Conditions available on the website of the Online Store.

  1. GROUNDS FOR DATA PROCESSING

2.1. The Data Controller is authorized to process personal data in cases where - and to such extent that - at least one of the following conditions is fulfilled: (1) a data subject has given its consent to the processing of its personal data for one or more specific purposes; (2) processing is necessary for performance of the agreement, to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into the agreement; (3) processing is necessary to comply with the legal obligation of the Data Controller; or (4) processing is necessary for the purposes resulting from the Data Controller's or a third party’s legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2. Processing of personal data by the Data Controller requires at least one of the bases indicated in point 2.1 of the privacy policy. Specific grounds for processing of personal data of the Online Store Service Users and Customers by the Data Controller are indicated in the following point of the privacy policy - in relation to a particular purpose of processing of personal data by the Data Controller.

  1. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE

3.1. The purpose, basis, period and scope as well as recipients of personal data processed by the Data Controller result from the activities undertaken by a particular Service User or Customer in the Online Store. For example, if a Customer decides to make a purchase in the Online Store and chooses to collect the purchased Item in person, instead of courier consignment, its personal data will be processed in order to execute the concluded Sales Agreement, but they will not be accessible to the carrier delivering the Item by order of the Data Controller.

3.2. The Data Controller may process personal data in the Online Store for the following purposes, on the following grounds, within the following periods and scope:

 

Purpose of data processing

Legal basis and period for data processing

Scope of data processing

Performance of Sales Agreement or agreement for the provision of Electronic Service or taking steps at the request of the data subject prior to entering into the abovementioned agreements

Art. 6, sec. 1, letter b) of the GDPR Regulation (performing an agreement)

The data are stored for the period necessary for the performance, termination or expiration of the concluded agreement.

Maximum scope: name and surname; e-mail address; telephone number; delivery address (street name, street address, suite number, post code, town/city, country), address of residence / business address / registered office address (if it is different than delivery address).

When concerning Service Users or Customers who are not consumers, the Data Controller may additionally process the company name and tax identification number (NIP no.) of the Service User or Customer.

This scope is maximum - in the case of e.g. collection in person providing the delivery address is not necessary.

Direct marketing

Art. 6, sec. 1, letter f) of the GDPR Regulation (data controller’s legitimate interests)

The data are stored for a period of the Data Controller’s legitimate interests but not longer than for a period of limitation for claims, against a data subject, arising out of business conducted by the Data Controller. The period of limitation is defined by the provisions of law, especially provisions of the Civil Code (the basic period of limitation for claims concerning conducting business activity is three years, and in the case of sales agreements it is two years).

The Controller cannot process the data for the purposes of direct marketing in the case where the data subject raises an objection in this respect.

E-mail address

Marketing

Art. 6, sec. 1, letter a) of the GDPR Regulation (consent)

The data are stored until the data subject withdraws its consent to process its data.

Name, e-mail address

Expressing an opinion by the Customer on the concluded Sales Agreement

Art. 6, sec. 1, letter a) of the GDPR Regulation

The data are stored until the data subject withdraws its consent to process its data.

E-mail address

Maintaining tax books or books of account

Art. 6, sec. 1, letter c) of the GDPR Regulation in conjunction with art. 86 § 1 of the Tax Ordinance Act of 17 January 2017 (Dz. U. [Journal of Laws] 2017, item 201) or art. 74, sec. 2 of the Accounting Act i.e. of 30 January 2018 (Dz. U. [Journal of Laws] 2018, item 395)

The data are stored for a period required by the provisions of law which dictate that the Data Controller has to store tax books (until the period of limitation of tax liability expires, unless the tax laws state otherwise) or books of account (for 5 years from the beginning of the year following the fiscal year to which the data relate).

Name and surname; address of residence / business address / registered office address (if it is different than delivery address), company’s name and tax identification number (NIP no.) of the Service User or Customer

Establishment, investigation or defence of claims of the Data Controller or against the Data Controller.

Art. 6, sec. 1, letter f) of the GDPR Regulation

The data are stored for a period of the Data Controller’s legitimate interests but not longer than for a period of limitation for claims, against a data subject, arising out of business conducted by the Data Controller. The period of limitation is defined by the provisions of law, especially provisions of the Civil Code (the basic period of limitation for claims concerning conducting business activity is three years, and in the case of sales agreements it is two years).

Name and surname; telephone number; e-mail address; delivery address (street name, street address, suite number, post code, town/city, country), address of residence / business address / registered office address (if it is different than delivery address).

When concerning Service Users or Customers who are not consumers, the Data Controller may additionally process the company name and tax identification number (NIP no.) of the Service User or Customer.

  1. DATA RECIPIENTS IN THE ONLINE STORE

4.1. For the proper functioning of the Online Store, including implementation of the concluded Sales Agreements, it is necessary for the Data Controller to use the services of third parties (such as, for example, software vendor, courier or entity processing payments). The Data Controller uses only services of such processing entities that provide sufficient guarantees of implementation of appropriate technical and organisational measures, to ensure that the processing complies with the GDPR requirements and protects the rights of data subjects.

4.2. Transfer of the data by the Data Controller does not occur in all cases and not to each recipient or recipient category designated in the privacy policy - the Data Controller transfers the data only when it is necessary for implementation of a particular objective of personal data processing and only to the extent necessary for its implementation. For example, if the Customer chooses collection in person, his/her data will not be transferred to the carrier cooperating with the Data Controller.

4.3. Personal data of the Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

  • carriers / forwarding agents / courier brokers - in the case when the Customer uses the post mail or courier delivery method in the Online Store, the Data Controller provides collected personal data of the Customer to the selected carrier, forwarding agent or broker delivering items at the Data Controller’s order to the extent necessary to deliver the Product to the Customer.
  • entities processing electronic or card payments - in the case when the Customer uses the electronic payment or credit card in the Online Store, the Data Controller provides collected personal data of the Customer to the selected entity processing these payments in the Online Store at the Data Controller’s order to the extent necessary to process the Customer’s payment.
  • service providers delivering technical, IT and organizational solutions to the Data Controller, which allow the Data Controller to conduct business activities, including the Online Store and Electronic Services provided through the Online Store (especially suppliers of software for managing the Online Store, e-mail service or web hosting providers as well as suppliers of software for managing the company and providing technical support to the Data Controller) - the Data Controller provides collected personal data of the Customer to the selected carrier acting at its request, only for the purpose and to the extent necessary to fulfil a particular purpose of the personal data processing, which is compliant with this privacy policy.
  1. PROFILING IN THE ONLINE STORE

5.1. The GDPR Regulation imposes on the Data Controller an obligation to inform about any automated decision-making, including profiling, mentioned in art. 22, sec. 1 and 4 of the GDPR Regulation, and – at least where such was the case – useful information on the underlying logic and the impact and pursued effects of this processing on the data subject. With this in mind, in this point of the privacy policy the Data Controller provides the information concerning possible profiling.

5.2. The Data Controller may use profiling in the Online Store for direct marketing purposes, but the decisions made by the Data Controller on its basis do not concern concluding or refusal to conclude the Sale Agreement, or a possibility to use the Electronic Services in the Online Store. The result of profiling in the Online Store may be, for example, granting a discount to a particular person, sending a discount code to a particular person, reminding about unfinished purchase, sending a proposal of Product which may meet the interests or preferences of a particular person or offering better conditions in comparison to the standard price in the Online Store. Notwithstanding the profiling, it is the particular person who decides whether it uses the discount or better conditions and makes the purchase in the Online Store.

5.3. Profiling in the Online Store consists in automated analysis or forecasting activities of a given person on the Online Store website, e.g. by adding a given Product to the basket, browsing the website of a specific Product in the Online Store or by analysing the history of purchases in the Online Store. The profiling is conditioned by acquiring by the Data Controller data of a given person in order to send, for example, a discount code.

5.4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and has legal effects or substantially affects the person.

  1. RIGHTS OF DATA SUBJECT

6.1. The right of access, the right to rectification, the right to restrict processing, the right to erasure, the right to data portability - the data subject has the right to request from the Data Controller access to its personal data, rectify, erase them (“the right to be forgotten”) or restrict their processing as well as it has the right to object to the personal data processing and also the right to data portability. The detailed conditions of exercising the abovementioned rights are specified in art. 15-21 of the GDPR Regulation.

6.2. The right to withdraw consent to the processing at any time - a person, whose data are processed by the Data Controller on the basis of a given consent (on the basis of art. 6 sec. 1 letter a) or art. 9, sec. 2 letter a) of the GDPR Regulation), is entitled to withdraw consent to the processing of its personal data at any time, without affecting the legality of the processing which was made on the basis of consent before its withdrawal.

6.3. The right to file a complaint with a supervisory body - a person, whose data are processed by the Data Controller, has the right to file a complaint with a supervisory body in a manner and in accordance with the procedure described in the GDPR Regulation and Polish law, especially the personal data protection act. In Poland, the supervisory body is the President of the Personal Data Protection Office.

6.4. The right to object - a data subject has the right to object - for reasons relating to its special situation - against processing of its personal data based on art. 6, sec. 1, letter e) (public interest or tasks) or f) (data controller’s legitimate interests), including profiling on the basis of these provisions. In this case, the Data Controller has the right to process the personal data unless it demonstrates the existence of important legally valid grounds for processing that override the interests, rights and freedoms of the data subject or the grounds for establishing, investigating or defending claims.

6.5. The right to object to direct marketing - if the personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time against processing of its personal data for the purposes of such direct marketing, including profiling, to the extent that processing is associated with such direct marketing.

6.6. In order to exercise the rights mentioned in this point of privacy policy, you may contact the Data Controller by sending an appropriate message in the written form or via e-mail to the Data Controller’s address specified in the introduction to this privacy policy or using the contact form available on the Online Store website.

  1. COOKIES IN THE ONLINE STORE, PERFOMRANCE DATA AND ANALYTICS

7.1. Cookies are small pieces of text information sent by a web server and stored on the device of the Online Store user (e.g. on a hard disc of a computer, laptop or memory card in a smartphone - depending on which device is used to visit our Online Store). The detailed information concerning Cookies and their history may be found here: https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. The Data Controller may process the data included in Cookies, when the Online Store Website is used by visitors, for the following purposes:

  • identification of the Service Users as logged in the Online Store and showing that they are logged in;
  • remembering the Products added to the basket in order to place an order;
  • storing the data from completed Order Forms, questionnaires or login data to the Online Store;
  • customisation of the Online Store content to the individual preferences of the Service User (e.g. concerning colours, font size, page layout) and optimisation of the use of the Online Store;
  • compiling anonymous statistics showing the manner of using the Online Store;
  • remarketing, that is exploring the characteristics of activities of guests visiting the Online Store by means of anonymous analysis of their operations (e.g. repeated visits on particular websites, key words etc.) in order to create their profile and deliver to them advertisements adjusted to their forecasted interests, also when they visit other websites in the Google Inc. and Facebook Ireland Ltd. ad networks.

7.3. Most web browsers available on the market accept Cookies by default. Each person has the possibility to specify the conditions of using Cookies by means of web browser settings. That means that the possibility of saving Cookies may be partially limited (e.g. temporarily) or disabled - in the latter case it may however impact some functionalities of the Online Store (for example, going of the Order path through Order Form may not be possible because of the failure to remember the Products in basket during the subsequent steps of placing an Order).

7.4. Settings of a web browser in relation to Cookies are crucial in terms of consent to using Cookies by our Online Store - according to the provisions, such consent may be also expressed in web browser settings. In the case of lack of such consent, the Cookies settings should be changed.

7.5. The detailed information on the change of settings concerning Cookies and their deletion in the most popular web browsers are available in the help section of the web browser and at the following websites (click on links):

in Chrome

in Firefox

in Internet Explorer

in Opera

in Safari

in Microsoft Edge

7.6. In the Online Store the Data Controller may use Google Analytics, Universal Analytics provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.) Those services aid the Data Controller in analysing traffic in the Online Store. The collected data are processed within the scope of the abovementioned services in an anonymised manner (the so called performance data which do not allow for identification of a person) in order to generate the statistics facilitating management of the Online Store. Those data are consolidated and anonymous, i.e. they do not contain any characteristics (personal data) of a person visiting the Online Store. The Data Controller, using the abovementioned services in the Online Store, collects such data as sources and measures of attracting visitors of the Online Store, manner of their behaviour on the Online Store website, information on devices and web browsers which they use, IP and domain, geographic data as well as demographic data (age, sex) and interests.

7.7. A given person can easily block the sharing of information, concerning its activity on the Online Store website, with Google Analytics - for this purpose you may install an add-on to the web browser, which is shared by Google Inc. and available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.8. In the Online Store the Data Controller may use the services of Facebook Pixel provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 and Ireland). This service supports the Data Controller in measuring the effectiveness of advertisements and investigating which activities are undertaken by the online store visitors, as well as displaying customised advertisements. For detailed information on Facebook Pixel please visit: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.9. The Facebook Pixel can be managed in the settings section on your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

  1. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Data Controller recommends reading privacy policy of other websites when visiting them. This privacy policy concerns only the Data Controller’s Online Store.