Privacy Policy and Cookies

epalinuro.com

§1 General Provisions

  1. This document is an annex to the terms of use. When you use our services, you entrust us with your information. This privacy policy is intended to help you understand what information and data we collect and for what purpose we use it. This data is very important to us, please read this document carefully as it sets out the rules and methods for processing and protecting personal data. This document also sets out the rules for using “cookies”.
  2. We hereby declare that we comply with the privacy policy and all legal regulations provided for in the Data Protection Act and in the Regulation of the European Parliament and Council (EU) 2016/679 from 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  3. The person whose personal data is being processed has the right to contact us to obtain comprehensive information about how we use their personal data. We always strive to clearly inform what data we collect, how we use it, for what purpose it serves, and to whom we disclose it, what safeguards we provide when transferring data to other parties, and we provide information about institutions that should be contacted in case of doubts.
  4. The service uses technical means such as physical security measures for personal data, hardware measures of IT and telecommunications infrastructure, protection within software tools and databases, and organizational measures that ensure adequate protection of processed personal data, and in particular protect personal data from disclosure to unauthorized third parties, acquisition by an unauthorized person and use for an unknown purpose, as well as their accidental or intentional modification, loss, damage or destruction.
  5. According to the rules set out in the rules of use and in this document, we have exclusive access to the data. Access to personal data may be transferred to other entities that handle payments; they collect, process and store personal data according to their own terms of use and to entities responsible for order execution. Access to personal data is given to the aforementioned entities to the extent necessary and only to the extent that ensures the provision of services.
  6. Personal data is processed only for purposes for which you have given your consent by checking the appropriate fields in the form on the website or in some other unequivocal way. The legal basis for processing your personal data is consent or the necessity for the provision of the service (e.g. ordering a product or service in accordance with Article 6 paragraph 1 letters a and b of the Regulation of the European Parliament and Council (EU) 2016/679 from 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – GDPR.

§2 Privacy Policies

  1. We take data protection seriously. We are characterized by respect for privacy and the highest possible comfort guaranteed in the use of our services.
  2. We value the trust our users place in us by entrusting us with their personal data for order processing. We always use personal data fairly and in a way that does not disappoint this trust, only to the extent necessary for order processing.
  3. The user has the right to clear and complete information on how we use their personal data and for what purposes it is needed. We always clearly inform about the data we collect, how and to whom we disclose it, and provide information about the institutions one can contact in case of uncertainties, questions, or comments.
  4. In the event of concerns regarding our use of your personal data, we will take immediate action to address such concerns and respond comprehensively and exhaustively to all related questions.
  5. We take all reasonable measures to protect users’ data from unauthorized and uncontrolled use and to secure it comprehensively.
  6. The data of the administrator of your personal data is available in the ‘Contact’ tab on the website.
  7. The legal basis for processing your personal data is Art. 6 para. 1 lit. b) of the GDPR. Providing the data is not mandatory but necessary to take the required actions for contract preparation and execution. We share your personal data with other recipients tasked with data processing on our behalf. Your data is shared based on Art. 6 para. 1 lit. f) of the GDPR, with the legitimate interest being the proper execution of contracts/orders. Additionally, we will share your personal data with other business partners. Collected personal data is stored within the European Economic Area (‘EEA’), but may also be transferred to and processed in a country outside this area. Any data transfer is carried out in accordance with applicable law. When data is transferred outside the EEA, we use standard contractual clauses and the Privacy Shield as safeguards concerning countries for which the European Commission has not determined an adequate level of data protection.
  8. Your personal data related to the conclusion and fulfillment of contracts will be processed for the duration of their fulfillment and for a period not longer than prescribed by legal regulations, including the Civil Code and the Accounting Act, but not longer than 10 years, calculated from the end of the calendar year in which the last contract was fulfilled.
  9. Your personal data processed for the purpose of concluding and performing future contracts will be processed until objection.
  10. You have the right to: access your personal data and receive a copy of processed personal data, correct your inaccurate data; delete the data (right to be forgotten) in circumstances governed by Art. 17 of the GDPR; restrict data processing in cases listed in Art. 18 of the GDPR, object to data processing in cases listed in Art. 21 of the GDPR, transfer the provided, automated data.
  11. If you believe that personal data is processed unlawfully, you can lodge a complaint with the supervisory authority (Data Protection Authority, ul. Stawki 2, Warsaw). If you need additional information on data protection or wish to exercise your rights, please contact us in writing at the provided address.
  12. We make every effort to prevent unauthorized access, unauthorized alteration, disclosure, and destruction of information we hold. In particular:
    1. We monitor the methods of information collection, storage, and processing, including physical security measures to prevent unauthorized access to the system.
    2. We only grant access to personal data to employees, contractors, and agents who need access. Additionally, they are contractually obligated to maintain strict confidentiality, allow us to monitor and review their performance of duties, and may face consequences for failure to meet these obligations.
  1. We will comply with all applicable data protection laws and regulations and cooperate with data protection authorities and appropriate law enforcement. In the absence of specific data protection provisions, we will follow generally accepted data protection principles, societal rules, and established practices.
  2. The exact protection of personal data is outlined in the data protection policy (GDPR: Security Policy, Data Protection Provisions, IT System Management Instruction). For security reasons and due to the procedures described within, it is only accessible to state control authorities.
  3. If you have questions regarding the handling of personal data, we invite you to contact us via the site from which you were redirected to this data protection policy. The inquiry will be promptly forwarded to the appropriate person.
  4. The user has the right at any time to inform us if they:
    1. no longer wish to receive information or communications from us;
    2. wish to receive a copy of their personal data stored with us;
    3. wish to correct, update, or delete their personal data in our records;
    4. wish to report violations, misuse, or unlawful processing of their personal data.
  5. To facilitate our response or opinion, we request the provision of first and last name and relevant details.

§3 Scope and Purpose of Collecting Personal Data

1. We process personal data that is necessary for the provision of services and for accounting purposes, only for such purposes as:

a) placing an order,
b) concluding a contract, handling complaints, and withdrawing from the contract,
c) issuing a VAT invoice or another document,
d) monitoring data traffic on our websites,
e) collecting anonymous statistics to determine how users use our website,
f) determining the number of anonymous users of our websites,
g) controlling how often certain content is shown to users and which content is most often,
h) controlling how often users select a specific service or from which service they most frequently contact,
i) investigating newsletter sign-ups and contact options,
j) using a personalized recommendation system for e-commerce,
k) using a communication system both by email and possibly by phone,
l) integrating with social networks,
m) for potential online payments.

2. We collect, process, and store the following user data:

a) first and last name,
b) home address,
c) delivery address (if different from the home address),
d) tax identification number (NIP),
e) email address,
f) phone number (mobile, landline),
g) date of birth,
h) PESEL (personal identification number),
i) information about the internet browser used,
j) other personal data voluntarily provided to us.

3. Providing the above data is completely voluntary, but also necessary for the full delivery of services.
4. Purpose of collecting, processing, or using the data by us:

a) direct marketing, archiving purposes of advertising campaigns;
b) fulfillment of legal obligations by collecting information about undesirable activities;

5. We may transfer personal data to servers outside the user’s country of residence or to affiliated companies, third parties located in other countries, including the EEA countries (European Economic Area), for the processing of personal data by such companies on our behalf in accordance with the provisions of this privacy policy and applicable laws, customs, and data protection rules.
6. We do not store your personal data longer than necessary for proper service quality, and depending on the type and purpose of their collection, we store them for the duration of their validity and after their completion for the following purposes:

a) fulfilling obligations arising from legal regulations, tax and accounting regulations;
b) preventing abuse or crimes;
c) for statistical and archiving purposes.
d) marketing activities – for the duration of the contract, separate consent to the processing of these data – until the completion of activities related to the transaction service, raising your objections against such processing, or withdrawing consent.
e) sales promotion and promotional activities – e.g., competitions, promotions – for the duration and implementation of such actions.
f) operational activities – until the expiration of obligations imposed by GDPR and the corresponding national regulations to demonstrate reliability in the processing of personal data.
g) asserting any claims related to the concluded contract;

7. Considering the fact that many countries, to which these personal data are transferred, do not provide the same level of legal protection for personal data as in the user’s country, access to the personal data of the user stored in another country is subject to the laws in force there, which could be granted, for example, by courts, law enforcement authorities, and authorities responsible for national security, according to the provisions applicable in that country. Subject to lawful requests for data disclosure, we undertake to require companies processing personal data outside the user’s country to take measures to adequately protect the data in accordance with national legal regulations.

§4 Cookie Policy

  1. We automatically collect information contained in cookie files to gather user data. A cookie is a small text piece sent to the user’s browser and returned by the browser during the next visit to the website. They are mainly used to maintain a session, for example, by generating and sending back a temporary ID after logging in. We use ‘session’ cookies, which are stored on the user’s device until they log out, close the website, or the browser, and ‘persistent’ cookies, which are stored on the user’s device for a specified period set in the cookie parameters or until deleted by the user.
  2. Cookies adapt and optimize the website and its offerings to the users’ needs through measures like creating access statistics and ensuring security. They are also necessary to maintain the session after leaving the website.
  3. The administrator processes the data contained in cookies each time visitors view the website for the following purposes:
    1. Optimization of website usage;
    2. Identification of users currently logged in;
    3. Customization of graphics, selection options, and any other website content to the user’s individual preferences;
    4. Remembering automatically and manually filled in entered data from order forms or login data provided by visitors;
    5. Collection and analysis of anonymous statistics on website usage in the administration area and in Google Analytics;
    6. Creation of remarketing lists based on information about preferences, behavior, usage, and interests from the website, and collection of demographic data to make these lists available in AdWords and Facebook Ads.
    7. Creation of data segments based on demographic information, interests, and preferences in choosing viewed products/services.
    8. Use of demographic data and interests in analytics reports.
  4. The user can block and delete the collection of cookies entirely via their internet browser at any time.
  5. Blocking the ability to collect cookies by the user on their device may hinder or make it impossible to use certain website functions, which the user is fully entitled to do, but they should be aware of the functional limitations.
  6. A user who does not wish to use ‘cookies’ for the purposes described above can delete them manually at any time. For detailed instructions, please visit the website of the manufacturer of the internet browser currently used by the user.
  7. Further information about cookies can be found in the help menu of each internet browser. Examples of internet browsers that support the mentioned cookies:
    1. Cookie settings Internet Explorer
    2. Cookie settings Chrome
    3. Cookie settings Firefox
    4. Cookie settings Opera
    5. Cookie settings Safari
    6. Cookies in Android
    7. Cookies in Blackberry
    8. Cookies in iOS (Safari)
    9. Cookies in Windows Phone

§5 Rights and Obligations

  1. We have the right and, in certain legally defined cases, the legal obligation to disclose selected or all information about personal data to government authorities or third parties who present such a request for information in accordance with applicable Polish legal regulations.
  2. The user has the right to access his personal data that he shares. He can correct or supplement this data at any time and also has the right to request its deletion from the databases or to stop processing it without providing a reason. To exercise his rights, the user can send an appropriate message to the email address at any time or submit such a request in another way.
  3. The processing of personal data of natural persons who are our customers is based on:
    1. legitimate interest as the data controller (e.g., within the scope of creating a database, analytical and profiling activities, including analyzing product usage, direct marketing of own products, securing documents to defend against potential claims or to enforce claims),
    2. consent (especially consent to email or phone marketing),
    3. the fulfillment of a concluded contract,
    4. legal obligations (e.g., tax or accounting regulations).
  4. The processing of personal data of potential customers is based on:
    1. the legitimate interest of the data controller (e.g., within the scope of creating a database, direct marketing of own products)
    2. consent (especially consent to email or phone marketing)
  5. A user’s request to delete personal data or stop its processing may lead to the complete inability to offer services or their significant limitation.
  6. We place particular emphasis on profiling issues and point out that:
    1. we generally process data for profiling purposes that have previously been subjected to SSL encryption;
    2. typical data such as email address and IP or cookies are used;
    3. we profile to analyze or predict the personal preferences and interests of persons using our services or products and to adjust content in our services or products to these preferences;
    4. we profile for marketing purposes, i.e., adapting the marketing offer to the mentioned preferences.
  7. We commit to act in accordance with applicable legal regulations and the principles of social coexistence.
  8. Information about the out-of-court settlement of consumer disputes. The entity authorized under the Act on Out-of-Court Settlement of Consumer Disputes is the Financial Ombudsman, whose website address is www.rf.gov.pl.

§6 Basic Security Guidelines

  1. Each user should be responsible for the security of their data and devices used for internet access. Such a device should be equipped with antivirus software with regularly updated virus definitions, a secure version of the web browser the user employs, and an active firewall. The user should ensure that the operating system and the programs installed on it contain the latest and compatible updates, as attacks often exploit weaknesses in installed software.
  2. Access data to online services, such as logins, passwords, PINs, electronic certificates, etc., should be kept in a secure, inaccessible place for others and protected from internet access. They should not be disclosed or stored in a way that allows unauthorized access and reading by unauthorized persons.
  3. Caution should be exercised when opening strange attachments or links in emails that are unexpectedly sent from unknown senders or from the spam folder.
  4. It is recommended to activate anti-phishing filters in the web browser. These tools check whether the displayed website is genuine and not used for phishing, for example, by pretending to be someone or an institution.
  5. Files should only be downloaded from trusted locations, services, and websites. We discourage installing software from unverified sources, especially from unknown publishers with an unverified reputation. This also applies to mobile devices like smartphones and tablets.
  6. When using the home wireless Wi-Fi network, a secure and hard-to-crack password should be set, which does not use easily guessed patterns or strings (e.g., street name, householder’s name, birth date, etc.). It is recommended to use the highest available encryption standards for Wi-Fi networks that can be activated on one’s hardware, such as WPA2.

§7 Use of Social Media Plugins

  1. So-called plugins from social networks such as facebook.com and Twitter and others may be present on our pages. The associated services are provided by the companies Meta Platforms Inc. and X Corp.
  2. Facebook is operated by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA. To see the Facebook plugins, go to: https://developers.facebook.com/docs/plugins
  3. Twitter is operated by X Corp., X Corp., 1355 Market Street, Suite 900 San Francisco, CA 94103, United States. To see the Twitter plugins, go to: https://dev.twitter.com/web/tweet-button
  4. The plugin only transmits to its provider the information about which of our webpages you have accessed and at what time. If the user is logged into Facebook or Twitter during the visit to our site, the provider can connect your interests, information preferences, and other data collected, for example, when clicking the “Like” button or writing a comment or entering a profile name in the search. Such information is also transmitted directly from the browser to the provider.
  5. Further details on data collection and usage by Facebook or Twitter, as well as privacy policies, can be found on the following pages:
    1. Facebook’s privacy/advice: http://www.facebook.com/policy.php
    2. Twitter’s privacy/advice: https://twitter.com/privacy
  6. To prevent a visit from being recorded on your Facebook or Twitter account on our website, you need to log out of your account before visiting our pages.
Note on the copyright of the terms of use

The owner of all material copyrights to this template document is the LEGATO law firm, which has granted a non-exclusive and non-transferable right to use this document for purposes related to its own business activities on the internet and extends the legal protection for the above-mentioned document for the duration of the contract. Copying and distributing this template document without the consent of the LEGATO law firm is prohibited and may be prosecuted both criminally and civilly. Online sellers can learn more about using the privacy and cookie policy template on the page http://www.kancelaria-legato.pl.