Privacy policy

PRIVACY POLICY OF THE ONLINE STORE

 

WWW.M-POLEDANCE.PL

 

§ 1

GENERAL PROVISIONS

  1. The controller of personal data collected via the Online Store www.m-poledance.pl is

    EXO SP. z o.o.,
    RZESZÓW 35-213, ul. DĘBICKA 265,
    NIP 8133901249, entered into the National Court Register under number 0001048391

    in the Register of Entrepreneurs kept by the 12th Commercial Division of the National Court Register in Rzeszów, REGON 525895186, e-mail address: sklep@m-poledance.pl, phone number: +48 791 870 977, hereinafter referred to as the “Controller” and at the same time the “Service Provider”

  2. Personal data collected by the Controller via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR
  3. All words or expressions written with a capital letter in this Privacy Policy shall be understood in accordance with their definition contained in the Terms and Conditions of the Online Store www.m-poledance.pl

 

§ 2

TYPES OF PROCESSED PERSONAL DATA, PURPOSE AND SCOPE OF DATA COLLECTION

  1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes the personal data of Service Recipients of the Store www.m-poledance.pl in the case of:
    1. registration of an Account in the Store for the purpose of creating an individual account and managing this Account pursuant to Article 6(1)(b) GDPR (performance of a contract for the provision of electronic services in accordance with the Store Terms and Conditions)
    2. placing an Order in the Store for the purpose of performing a Sales Agreement pursuant to Article 6(1)(b) GDPR (performance of a sales contract)
    3. subscribing to the Newsletter for the purpose of sending commercial information by electronic means. Personal data are processed after separate consent pursuant to Article 6(1)(a) GDPR
    4. using the Opinion System to enable the Client to express their opinion about a Product purchased in the Store and the concluded Sales Agreement pursuant to Article 6(1)(f) GDPR (legitimate interest of the entrepreneur)
    5. using the Chat in order to send a message to the Controller pursuant to Article 6(1)(f) GDPR (legitimate interest of the entrepreneur)
  2. TYPES OF PROCESSED PERSONAL DATA. The Service Recipient provides, in the case of:
    1. Account: e-mail address
    2. Order: first and last name, address, NIP, e-mail address, phone number
    3. Newsletter: first and last name, e-mail address
    4. Opinion System: first and last name, e-mail address
    5. Chat: first and last name
  3. PERIOD OF PERSONAL DATA STORAGE. Personal data of Service Recipients are stored by the Controller:
    1. when the basis for data processing is the performance of a contract, for as long as it is necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity – three years
    2. when the basis for data processing is consent, until the consent is withdrawn, and after withdrawal for a time corresponding to the limitation period for claims that may be raised by the Controller and against the Controller. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity – three years
  4. During the use of the Store, additional information may be collected, in particular: IP address assigned to the Service Recipient’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system
  5. After providing separate consent pursuant to Article 6(1)(a) GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing – in connection with Article 10(2) of the Act of 18 July 2002 on the provision of electronic services or Article 172(1) of the Telecommunications Law of 16 July 2004, including profiling, if the Service Recipient has given appropriate consent
  6. Navigation data may also be collected from Service Recipients, including information about links and references clicked or other activities undertaken in the Store. The legal basis for such activities is the Controller’s legitimate interest (Article 6(1)(f) GDPR) consisting in facilitating the use of electronic services and improving their functionality
  7. Providing personal data by the Service Recipient is voluntary
  8. The Controller exercises particular care to protect the interests of persons whose data are processed, and in particular ensures that the data collected are:
    1. processed lawfully
    2. collected for specific, lawful purposes and not further processed in a manner incompatible with those purposes
    3. factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows identification of the persons concerned for no longer than necessary to achieve the purpose of processing

§ 3

SHARING OF PERSONAL DATA

  1. The personal data of Service Recipients are transferred to service providers used by the Controller in operating the Store, in particular to:
    1. entities delivering Products
    2. payment system providers
    3. opinion survey system providers
    4. accounting office
    5. hosting provider
    6. software providers supporting business operations
    7. mailing system providers
    8. software providers necessary for operating the online store
  2. Service providers (referred to in point 1 of this paragraph) to whom personal data are transferred – depending on contractual arrangements and circumstances – either act on the Controller’s instructions regarding purposes and methods of data processing (processors) or independently determine purposes and methods of data processing (controllers)
  3. Personal data of Service Recipients are stored exclusively within the European Economic Area (EEA), subject to § 5 point 5 and § 6 of the Privacy Policy

§ 4

RIGHT TO CONTROL, ACCESS AND RECTIFY PERSONAL DATA

  1. The data subject has the right to access their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
  2. Legal grounds for the Service Recipient’s requests:
    1. access to data – Article 15 GDPR
    2. rectification of data – Article 16 GDPR
    3. erasure of data (right to be forgotten) – Article 17 GDPR
    4. restriction of processing – Article 18 GDPR
    5. data portability – Article 20 GDPR
    6. objection – Article 21 GDPR
    7. withdrawal of consent – Article 7(3) GDPR
  3. To exercise the rights referred to in point 2, an appropriate e-mail may be sent to: sklep@m-poledance.pl
  4. If the Service Recipient exercises any of the above rights, the Controller shall comply with the request or refuse to comply without undue delay, but no later than within one month of receipt. If, due to the complexity of the request or the number of requests, the Controller is unable to comply within one month, the Controller shall comply within the next two months, informing the Service Recipient within one month of receiving the request about the intention to extend the deadline and the reasons for doing so
  5. If the data subject finds that the processing of personal data violates GDPR, they have the right to lodge a complaint with the President of the Personal Data Protection Office

§ 5

"COOKIES" FILES

  1. The Administrator’s website uses “cookies
  2. The installation of “cookies” is necessary for the proper provision of services on the Store website. Cookies contain information necessary for the proper functioning of the website and allow the compilation of general website visit statistics
  3. The website uses two types of “cookies”: “session” and “persistent”
    1. “session cookies” are temporary files stored in the Service Recipient’s device until logging out (leaving the website)
    2. “persistent cookies” are stored in the Service Recipient’s device for the time specified in cookie parameters or until deleted by the Service Recipient
  4. The Controller uses own cookies to better understand how Service Recipients interact with website content. The files collect information on how the Service Recipient uses the website, the type of page from which they were redirected, the number of visits and the duration of visits. This information does not record specific personal data of the Service Recipient but is used to compile website usage statistics
  5. The Controller also uses third-party cookies to collect general and anonymous statistical data via Google Analytics (external cookie administrator: Google LLC, USA)
  6. Cookies may also be used by advertising networks (particularly Google) to display ads matched to the way the Service Recipient uses the Store. For this purpose, they may store navigation path information or the time spent on a given page
  7. The Service Recipient has the right to decide regarding cookie access to their computer through:
    1. selecting the types of cookies they consent to after entering the Store website and seeing the cookie notice
    2. changing settings in their browser. Detailed information on cookie management is also available in browser settings

§ 6

ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE STORE

  1. The Store uses social media plugins (“plugins”) of social networking services. By viewing the website www.m-poledance.pl containing such a plugin, the Service Recipient’s browser establishes a direct connection with the servers of Facebook, Instagram, Google and YouTube
  2. The content of the plugin is transmitted by the provider directly to the Service Recipient’s browser and integrated with the website. Thanks to this integration, providers receive information that the Service Recipient’s browser displayed www.m-poledance.pl, even if the Service Recipient does not have an account or is not logged in. Such information (including the IP address) is sent by the browser directly to the server of the provider (some servers are in the USA) and stored there
  3. If the Service Recipient is logged into any of the above social networks, the provider will be able to directly assign the visit on www.m-poledance.pl to the Service Recipient’s profile in that social network
  4. If the Service Recipient uses a plugin, e.g. by clicking the “Like” or “Share” button, the relevant information will also be transmitted directly to the provider’s server and stored there
  5. The purpose and scope of data collection and further processing by providers, as well as the Service Recipient’s rights and options for privacy settings, are described in the privacy policies of the providers:
    1. https://www.facebook.com/policy.php
    2. https://help.instagram.com/519522125107875?helpref=page_content
    3. https://policies.google.com/privacy?hl=pl&gl=ZZ
  6. If the Service Recipient does not want social networks to assign data collected during visits to www.m-poledance.pl directly to their profile, they must log out of these services before visiting the website. The Service Recipient may also prevent plugins from loading by using browser extensions such as “NoScript”
  7. The Controller uses remarketing tools such as Google Ads. Their use involves Google LLC cookies related to the Google Ads service. In the cookie settings management mechanism, the Service Recipient may decide whether the Service Provider may use Google Ads (external cookie administrator: Google LLC, USA) in relation to them

§ 7

FINAL PROVISIONS

  1. The Controller applies technical and organizational measures ensuring the protection of personal data appropriate to the risks and the category of data protected, in particular protecting the data against unauthorized access, taking by an unauthorized person, processing in violation of applicable regulations, alteration, loss, damage or destruction
  2. The Controller provides appropriate technical measures preventing unauthorized persons from acquiring and modifying personal data transmitted electronically
  3. In matters not regulated by this Privacy Policy, the provisions of GDPR and other applicable provisions of Polish law shall apply