PRIVACY POLICY – VERSION EFFECTIVE FROM 1.01.2024.

What is a privacy policy?

We would like to inform you about the details of how we process your personal data, providing you with complete knowledge and comfort when using our website. Since we operate in the online industry ourselves, we understand how important it is to protect your personal data. Therefore, we take special care to protect your privacy and the information you provide to us. We carefully select and apply appropriate technical measures, particularly those of a programming and organizational nature, to ensure the protection of the personal data processed. Our website uses encrypted data transmission (SSL), which protects your identifying data. In our Privacy Policy, you will find all the essential information regarding how we process your personal data. We ask you to read it, and we promise it won’t take more than a few minutes.

Who is the administrator of the website www.sklep.cezos.com?

Who is the administrator of the website www.sklep.cezos.com?
The administrator of the website is "CEZOS" Limited Liability Company Limited Partnership, headquartered in Gdynia at 88B Olgierda Street, 81-534 Gdynia, registered by the District Court Gdańsk-North in Gdańsk, 8th Commercial Division of the National Court Register, KRS 0000585942, NIP 5860018456, REGON 190273058, BDO 000016804, represented by "CEZOS" Limited Liability Company, headquartered in Gdynia at 88B Olgierda Street, 81-534 Gdynia, registered by the District Court Gdańsk-North in Gdańsk, 8th Commercial Division of the National Court Register, KRS 0000259812, NIP 5860101341, REGON 008103797, with a share capital of 50,000 PLN, represented by the Management Board, acting as the sole general partner of the limited partnership (which is: us).

Personal Data

Which legal regulation governs the processing of your personal data?

Your personal data is collected and processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119, p. 1), commonly referred to as GDPR. In areas not regulated by GDPR, the processing of personal data is governed by the Personal Data Protection Act of May 10, 2018.

Who is the administrator of your personal data?

The administrator of your personal data is "CEZOS" Limited Liability Company Limited Partnership, headquartered in Gdynia at 88B Olgierda Street, 81-534 Gdynia, registered by the District Court Gdańsk-North in Gdańsk, 8th Commercial Division of the National Court Register, KRS 0000585942, NIP 5860018456, REGON 190273058, BDO 000016804, represented by "CEZOS" Limited Liability Company, headquartered in Gdynia at 88B Olgierda Street, 81-534 Gdynia, registered by the District Court Gdańsk-North in Gdańsk, 8th Commercial Division of the National Court Register, KRS 0000259812, NIP 5860101341, REGON 008103797, with a share capital of 50,000 PLN, represented by the Management Board, acting as the sole general partner of the limited partnership. Phone: +48 (58) 664 88 61, email: sklep@cezos.com.

You can contact us regarding your personal data via:

  • email: sklep@cezos.com,
  • traditional mail: 88B Olgierda Street, 81-534 Gdynia,
  • phone: +48 (58) 664 88 61.

HOW DO WE PROCESS YOUR PERSONAL DATA THAT YOU PROVIDE TO US?

What personal data do we process and for what purposes?

On our website, we offer you various services, for which we process different personal data, based on different legal grounds.

Purpose Personal Data Legal Basis for Processing Data Retention Period
Conclusion and performance of a contract Name, surname, tax ID (NIP), email address, phone number, payment card number Art. 6(1)(b) GDPR – processing necessary for the performance of a contract to which you are a party Until the expiration of the limitation period for claims related to the contract
Account creation and management Name, surname, email address, phone number, mailing address Art. 6(1)(b) GDPR – processing necessary for the performance of a contract to which you are a party Until the expiration of the limitation period for claims related to the contract
Adding reviews Nickname, name, surname, email address Art. 6(1)(f) GDPR – processing based on our legitimate interest in displaying reviews on our website Until objection to the processing is made
Newsletter Email address Art. 6(1)(a) GDPR – processing based on your consent Until consent withdrawal
Contact form Name, surname, email address, phone number Art. 6(1)(f) GDPR – processing based on our legitimate interest in maintaining communication Until objection to the processing is made
"Ask about a product" form Name, surname, email address, phone number Art. 6(1)(f) GDPR – processing based on our legitimate interest in maintaining communication Until objection to the processing is made
Website traffic analysis IP address, browser data Art. 6(1)(f) GDPR – processing based on our legitimate interest in analyzing website traffic Until objection to the processing is made
Direct marketing of our own goods and services, including remarketing Residence address, IP address, browser data Art. 6(1)(f) GDPR – processing based on our legitimate interest in direct marketing, including remarketing Until objection to the processing is made
Establishment, pursuit, and defense of claims before courts and other state authorities Name, surname, residence address, personal ID number (PESEL), tax ID (NIP), company registration number (REGON), email address, phone number, IP address, bank account number, payment card number Art. 6(1)(f) GDPR – processing based on our legitimate interest in establishing, pursuing, and defending claims before courts and other state authorities Until the expiration of the limitation period for claims related to the contract
Compliance with legal obligations, particularly tax and accounting regulations Name, surname, company, personal ID (PESEL), tax ID (NIP) or company registration number (REGON), email address, phone number, mailing address, payment card number Art. 6(1)(c) GDPR – processing necessary to comply with legal obligations Until the expiration of legal obligations

Voluntariness of providing personal data

Providing the required personal data is voluntary, but it is necessary for us to provide services to you (e.g., sending newsletters or creating an account).

Recipients of personal data

The current list of entities to which we disclose your personal data can be found here.

Automated decision-making (including profiling)

We do not make decisions concerning you in an automated manner nor do we use profiling.

Will we transfer your personal data outside the EEA or to an international organization?

To use tools such as Google and YouTube, your personal data may be transferred to the United States, where Google LLC's servers are located.

Google LLC is listed among the entities participating in the Data Privacy Framework (link), ensuring an adequate level of data protection consistent with EU regulations, as per the European Commission's Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of data protection in accordance with the EU-U.S. Data Privacy Framework (link).

To use LinkedIn tools, your personal data may be transferred to the United States, where LinkedIn Corporation's servers are located.

LinkedIn Corporation is listed in the Data Privacy Framework (link), ensuring an adequate level of data protection consistent with EU regulations, as per the European Commission's Implementing Decision (EU) C(2023) 4745 of 10 July 2023 on the adequate level of data protection in accordance with the EU-U.S. Data Privacy Framework (link).

To use Apple tools, your data may be transferred outside the EEA.

Personal data concerning individuals from the European Economic Area, the UK, and Switzerland is controlled by Apple Distribution International Limited in Ireland. Apple’s international data transfers from the European Economic Area, the UK, and Switzerland are subject to standard contractual clauses. Apple’s international transfers from countries participating in the Asia-Pacific Economic Cooperation (APEC) system comply with the APEC Cross-Border Privacy Rules (CBPR) and the Privacy Recognition for Processors (PRP) system.

HOW DO WE PROCESS YOUR PERSONAL DATA THAT WE RECEIVE FROM OTHER DATA CONTROLLERS (E.G., FACEBOOK)?

  • Our online store allows:
  • logging into your store account using your Facebook profile,
  • logging into your store account using your Google account,
  • logging into your store account using your LinkedIn account,
  • logging into your store account using your Apple account.

In such cases, we receive your personal data not directly from you but from the services providing these functionalities, i.e., Facebook, Google, Apple, LinkedIn. To ensure you have full control over your data, we provide the following information about how we process your personal data:

1. Category of the relevant personal data:

We process the following categories of relevant personal data:

  • Identification data (i.e., personal data you have published on your profile on Facebook, Google, Apple, LinkedIn, primarily your name, surname, nickname, email address, and image).

2. Source of the personal data:

We process the following categories of relevant personal data:

  • Identification data (i.e., personal data you have published on your profile on Facebook, Google, Apple, LinkedIn, primarily your name, surname, nickname, email address, and image).

Your personal data comes from:

  • Facebook, administered by Meta Platforms Ireland,
  • Google, administered by Google Ireland Ltd.
  • LinkedIn, administered by LinkedIn Ireland Unlimited Company.
  • Apple, administered by Apple Distribution International Limited;

3. Purposes and legal bases for processing personal data

The personal data we have obtained will be processed for the following purposes:

Purpose Personal Data Legal Basis for Processing Data Retention Period
Logging into the store account using a Facebook profile Name, surname, image Art. 6(1)(f) GDPR – processing based on the legitimate interest of the Administrator, allowing you to log into the store using your Facebook profile Until the store account is deleted
Logging into the store account using a Google account Name, surname, image Art. 6(1)(f) GDPR – processing based on the legitimate interest of the Administrator, allowing you to log into the store using your Google account Until the store account is deleted
Logging into the store account using a LinkedIn account Name, surname, image Art. 6(1)(f) GDPR – processing based on the legitimate interest of the Administrator, allowing you to log into the store using your LinkedIn account Until the store account is deleted
Logging into the store account using an Apple account Name, surname, image Art. 6(1)(f) GDPR – processing based on the legitimate interest of the Administrator, allowing you to log into the store using your Apple account Until the store account is deleted

WHAT RIGHTS DO YOU HAVE REGARDING THE PROCESSING OF YOUR PERSONAL DATA?

Based on GDPR, you have the right to:

  • request access to your personal data,
  • request correction of your personal data,
  • request deletion of your personal data,
  • request the restriction of personal data processing,
  • object to the processing of personal data,
  • request the transfer of personal data.

Upon receiving any of the above requests, without undue delay – and in any case within one month of receiving the request – we will inform you of the actions taken regarding the submitted request. If necessary, we may extend the one-month deadline by an additional two months due to the complexity or number of requests. In any case, we will inform you within one month of receiving the request of the extension and the reasons for the delay.

Right of access to personal data (Article 15 GDPR)

You have the right to obtain information on whether we are processing your personal data. If we are processing your personal data, you have the right to:

  • access the personal data,
  • obtain information on the purposes of the processing, categories of personal data processed, the recipients or categories of recipients of the data, the planned period for storing your data, or the criteria for determining that period, your rights under GDPR, the right to lodge a complaint with the President of the Personal Data Protection Office, the source of the data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of the data outside the European Union;
  • obtain a copy of your personal data.

If you want to request access to your personal data, submit your request to: sklep@cezos.com.

Right to rectification of personal data (Article 16 GDPR)

If your personal data is incorrect, you have the right to request that we promptly correct your personal data. You also have the right to request that we complete your personal data. If you want to request rectification or completion of your personal data, submit your request to: sklep@cezos.com.

Right to erasure of personal data, or the "right to be forgotten" (Article 17 GDPR)

You have the right to request the erasure of your personal data when:

  • Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • You have withdrawn your consent, to the extent that the processing of personal data was based on your consent;
  • Your personal data was processed unlawfully;
  • You objected to the processing of your personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing;
  • You objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by us or a third party.

Despite the request for the erasure of personal data, we may continue to process your data to establish, pursue, or defend claims, about which you will be informed.
If you want to request the erasure of your personal data, submit your request to: sklep@cezos.com.

Right to request the restriction of personal data processing (Article 18 GDPR)

You have the right to request the restriction of the processing of your personal data when:

  • You contest the accuracy of your personal data – in such a case, we will restrict the processing of your personal data for the time needed to verify the accuracy of the data;
  • The processing of your personal data is unlawful, and instead of deleting the data, you request the restriction of its processing;
  • Your personal data is no longer needed for processing, but it is necessary to establish, pursue, or defend claims;
  • You objected to the processing of your personal data – pending verification of whether our legitimate interests override the grounds indicated in your objection.

If you want to request the restriction of processing of your personal data, submit your request to: sklep@cezos.com.

Right to object to the processing of personal data (Article 21 GDPR)

You have the right to object at any time to the processing of your personal data, including profiling, in connection with:

  • Processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by the Data Controller or a third party;
  • Processing for direct marketing purposes.

If you want to object to the processing of your personal data, submit your request to: sklep@cezos.com.

Right to request data portability (Article 20 GDPR)

You have the right to receive your personal data from us in a structured, commonly used, machine-readable format and transmit it to another data controller.
We will typically provide your personal data in a CSV format. If you prefer to receive your data in a different format, please indicate the preferred format in your request. We will try to provide your data in your preferred format to the extent possible.
You may also request that we transmit your personal data directly to another data controller (if technically feasible).
If you want to request the portability of your personal data, submit your request to: sklep@cezos.com.

Can you withdraw your consent to the processing of personal data?

You can withdraw your consent to the processing of your personal data at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of your consent before its withdrawal. If you want to withdraw your consent to the processing of your personal data, submit your request to: sklep@cezos.com.
If you wish to withdraw your consent to the processing of your personal data for the "Newsletter" service, you can unsubscribe here.

Complaint to a supervisory authority

If you believe that the processing of your personal data violates data protection regulations, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, your place of work, or the place of the alleged violation. In Poland, the supervisory authority under the GDPR is the President of the Personal Data Protection Office, which replaced the GIODO on May 25, 2018. For more information, see here.