Due to the application on May 25, 2018, of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals regarding the processing of personal data and the free movement of such data and the repeal of Directive 95/46/WE, (hereinafter referred to as "GDPR"), a company under the name of Exotech Sp. z o.o. based in Gdynia informs you that from May 25, 2018, you will have the following rights related to the Company's processing of your personal data.
Personal Data Administrator
The Administrator of personal data is Exotech Sp z o.o. based in Europe, Poland, Gdynia 81-451, Aleja Zwycięstwa 96/98/A1.05, NIP: 5862316672, REGON: 366999307, entered into the register of entrepreneurs of the National Court Register by the District Court GDAŃSK-PÓŁNOC IN GDAŃSK, 8th ECONOMIC DEPARTMENT OF THE NATIONAL REGISTER under KRS number 0000672673., being a VAT payer with NIP number: 5862316672.
Personal Data Protection Inspector
Address for correspondence:
Exotech Sp. z o.o with headquarters in Europe, Poland, Gdynia 81-451, Aleja Zwycięstwa 96/98/A1.05
Email address: firstname.lastname@example.org
On what grounds and for what purpose do we process your personal data?
The data provided are processed according to Article 6(1)(a), (b) and (f) of the Regulation (EU) 2016/679 of the European Parliament and the Council on the protection of natural persons regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: "General Data Protection Regulation" or "GDPR").
The processing of personal data is therefore based on the following legal grounds and purposes:
- The processing of personal data is necessary for the conclusion and performance of the contract (providing services by electronic means) or taking steps before the conclusion of the contract, including in particular for:
- creating and managing an Account;
- handling and implementation of the Order;
- carrying out the payment process;
- ensuring the proper functioning and use of the website and the quality of services;
- settlement of contracts performed and services provided by Exotech Sp. z o.o as part of the website and the Seller;
- handling complaints and notifications submitted via the contact form;
- making contact in connection with the performance of the contract (service provision);
- The processing of personal data is necessary to fulfill the legal obligations incumbent on the Data Administrator, e.g., tax, accounting, warranty, and guarantee obligations;
- processing is necessary for the legitimate interests pursued by the Data Administrator or by a third party, such as:
— data archiving and documenting the fulfillment of obligations related to the protection of personal data;
— handling notifications not directly related to the performance of the contract;
— ensuring the safety of the services provided and a high level of customer service;
— debt collection and claim recovery;
— preparing internal statistics and analyzes for marketing and website development;
— preparing promotional offers for regular Customers and Users;
- The processing of personal data takes place based on the consent of Users or Customers given voluntarily and consciously relating to a specific purpose of data processing clearly and specifically indicated in the content of this consent.
Your personal data is processed for purposes related to transactions made as part of the www.foldingfins.com website and for purposes resulting from legitimate interests pursued by the Administrator and based on the Customer's consent — for the purposes specified in the consent including commercial purposes and marketing.
What data do we collect? What data is necessary?
Providing data is voluntary, but necessary to make transactions as part of the www.foldingfins.com website and company fan pages on social networks such as Facebook, Twitter, Instagram, etc. Failure to provide personal data makes it impossible to create an account on the www.foldingfins.com website and make transactions on the www.foldingfins.com website; This does not apply to data processing for commercial and marketing purposes, which is carried out only concerning voluntary consent, regardless of the transaction within the www.foldingfins.com website.
Data collected during the registration
Some system functions are available only to registered users. We will ask you for your email address and the password you will use in our store during the registration process. In addition, you will have to declare the type of Account (private or business) and provide the following data: name, surname, street, house number, apartment number, zip code, city, and telephone number, and if you run a business, also your company and your NIP number. The last step in registering an account will be the acceptance of the regulations for using the www.foldingfins.com store, available on the website at https://www.
The personal data indicated above are necessary for the conclusion and performance of the contract. Providing additional data is voluntary and is equivalent to consenting to their processing by the Data Administrator to conclude or perform the contract. At the same time, the Data Administrator has the right to delete them if he considers that these data are not necessary to conclude or perform the contract.
Orders placed without registering the User
It is possible to place an order without creating a User Account. In this case, enter the data mentioned above required during registration to the order form and send the order form to the Data Administrator via the www.foldingfins.com website.
Orders placed by phone and email
It is possible to place an order by phone or email. In this case, a person from Exotech Sp. z o.o accepts an order from the Buyer placed by phone or email, and then, with the consent of the Buyer and at his express request, enters the data into the system. Depending on the type of goods and the specificity of the Order, the Seller's employee then decides whether the Buyer should confirm the placed Order or not. Depending on the above, the Buyer will receive an electronic link to the Order, after clicking on which the Buyer will be able to confirm, cancel or change the Order.
Data collected during the purchase
Data we collect when you contact us
By contacting us using the contact form, you provide us with data such as name and surname, company name, order number, and email address to which we are to send a reply. These data are used only to contact us in a given case, for the time necessary to handle the request, and are not collected or processed by the Data Administrator.
To ensure a higher level of personal data protection, in connection with the GDPR, each User can set a unique password for telephone contact, the provision of which will be required during the conversation to provide any information about the Order by the employee. This password should not be the same as the password used to log into the website for security purposes.
The User should not disclose the password for telephone contact to third parties. If the User provides a password for telephone contact to a third party, that person will be a person authorized by the User to obtain information regarding the implementation of current orders, and such authorization expires when the password for telephone contact is changed by the User using his Account.
Data collected automatically
During your visit to our website, data about your visit is automatically collected, e.g., your IP address, domain name, browser type, operating system type, etc. These data will be used only for statistical purposes to adjust the store www.foldingfins.com to the needs and requirements of Customers.
Data about the Users of the www.foldingfins.com website are collected for statistical research. The basis for the processing of this data is the legitimate interest of the data controller. These studies aim to improve the functionality of the website and make it easier for potential Customers to use it. These data are collected automatically about each User visiting the website www.foldingfins.com.
How do we process your personal data?
The processing of personal data takes place following applicable regulations, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals regarding the processing of personal data and the free flow of such data and the repeal of Directive 95/46/EC (hereinafter referred to as the "General Data Protection Regulation" or "GDPR") and national regulations, including the Act of May 10, 2018, on the Protection of Personal Data.
The data collected in the situations described in point 4 of this security policy will be processed for one or more purposes detailed in point 3 of this policy.
Who do we transfer your data to?
The Data Administrator will not resell our clients' personal data to third parties. The data collected during registration will be processed only to enable you to log into our system, make a possible purchase, and perform the contract.
The Administrator informs that to perform the contract, he transfers personal data to the necessary extent to his trusted partners.
To perform the contract, your data may be transferred in particular to:
- entities designated by the Buyer to service payment transactions to charge the Buyer's credit card or make an online payment. The data transfer will occur based on a contract for entrusting the processing of personal data concluded between the Data Administrator and the selected entity servicing payment transactions. Providing this data is mandatory if the Buyer wants to make an electronic payment for the purchased products;
- the shipping company that will be responsible for delivering the ordered products to the address provided during the purchase. The data transfer will occur based on a contract for entrusting the processing of personal data concluded between the Data Administrator and the selected shipping company. If the Buyer has chosen the option of delivery of the Order by one of the shipping companies, the transfer of data to this company is necessary to complete the Order;
- the producer or distributor of a given product, to fulfill the Order, particularly its shipment directly from the manufacturer's or distributor's premises. The data transfer will occur based on a contract for entrusting the processing of personal data concluded between the Data Administrator and a given producer.
If the Customer decides to take out insurance, his personal data will be transferred to the entity providing insurance services, in particular in the field of the money-back guarantee. The data transfer will occur based on a contract for entrusting the processing of personal data concluded between the Data Administrator and the insuring entity.
How will we contact you?
If you have purchased goods, you may receive messages from us regarding the status of your Order and occasional advertising and promotional messages related to the offer of the www.foldingfins.com store if you have previously agreed to receive this type of information. We can also contact you by phone if we have important information about your Order, and it is necessary for its implementation.
With your consent, we will also process your data for providing additional services, such as a newsletter (promotional newsletter). You can get additional information on promotional offers after subscribing to the newsletter.
If you subscribed to our newsletter or otherwise agreed to receive it, you will receive our newsletter by email (advertising and promotional messages regarding the www.foldingfins.com offer.
Our newsletter will be sent to you only after your express consent to receive it. When sending the newsletter, we use two-step verification of the address owner, which consists in the fact that in addition to your explicit consent to activate the newsletter service, we also require confirmation of the subscription by clicking on the link sent to the email address provided by you in the form.
The data you provide (email address) will be forwarded by the Administrator to https://mailchimp.com, the owner of the https://mailchimp.com website, to order the newsletter delivery service to the email address provided by you. In addition, your data will not be shared with other entities.
By subscribing to the newsletter, you consent to transfer your data to the entity mentioned above to the extent necessary to perform the newsletter delivery service.
Unsubscribing from the newsletter (withdrawal of consent)
You can unsubscribe from the newsletter at any time by withdrawing your consent. To unsubscribe from the newsletter, you can click on the "unsubscribe" link in the footer of each newsletter or send an email with a request to unsubscribe to email@example.com.
The above fact will be recorded in the consent register we keep, after which your data will be deleted from the Administrator's mailing database.
Protection of privacy and personal data
By concluding the contract, the Customer agrees to the processing by the Administrator of Personal Data contained in the Order following the applicable provisions of the General Regulation on the Protection of Personal Data and the Act on the Protection of Personal Data of May 10, 2018.
Personal data included in the Administrator's database are processed solely for the Administrator's needs; they are not and will not be made available to other external entities.
The User is entitled to the right:
- a) to access his data and receive a copy of it;
- b) to rectify (correct) his data;
- c) to delete data, limit data processing;
- d) to object to data processing;
- e) to transfer data.
For this purpose, please get in touch with us at: firstname.lastname@example.org. In addition, after logging into the system, you can make changes or delete your personal data collected during registration and used to log into the system and send the newsletter.
The Customer also has the right to withdraw consent to the processing of his personal data at any time without affecting the lawfulness of the processing, which was made based on consent before its withdrawal;
The Customer has the right to complain with the President of the Personal Data Protection Office if the Customer considers that the processing of personal data concerning him violates the law;
The Administrator's databases are encrypted and secured against unauthorized access by third parties. Data processing takes place only with the participation of persons who have the necessary authorization to process data in this regard. Entrusting data to external entities takes place based on appropriate contracts for entrusting the processing of personal data.
How long will your data be stored?
Personal data will be stored for the period necessary for the transaction on the www.foldingfins.com website and for considering complaints processed for the period of the Customer's Account on the www.foldingfins.com website, no longer than ten years from the Account liquidation on the www.foldingfins.com website.
If the Customer makes a transaction without creating an account on the www.foldingfins.com website, the data is processed for ten years from the date of performance of the contract.
In the case of processing the personal data based on the Customer's consent — the data is stored until the consent is withdrawn and after the consent is withdrawn, for a 10-year limitation period for any claims.
The use of "cookies"
What are cookies?
The cookie files ("cookies") are defined as IT data that is stored in users' end devices. They are intended mainly for the use of websites, and cookies allow for the correct display of a website tailored to the User's individual needs.
Who are cookies related to, and what data do they collect?
Cookies used by our website refer to people using the website, regardless of whether the person visiting our website remains our client because the cookie technology used by the Administrator collects data about each person who visits our website.
Cookies used by the www.foldingfins.com website collect various types of information about customers visiting our store, but as a rule, they do not collect personal data. Some information collected using cookies may be associated with a specific person based on customer profiling.
The basis and purpose of using cookies
We use information saved using cookies for advertising, statistical purposes, and, above all, to adapt our websites to recipients' individual needs. In the browser, it is possible to change the settings for saving cookies. Cookies used by the www.foldingfins.com website are mainly used to store information about the User once provided on our website.
Cookies placed on the www.foldingfins.com website are also used for cooperation in the field of marketing activities with third parties. For the purposes of the cooperation in question, the browser used by the users of the www.foldingfins.com website will also save other cookies from entities conducting such marketing activities. They are intended to provide Users only with advertisements that match their individual preferences.
Doubleclick by Google, (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA);
Facebook Inc., (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA);
Twenga Solutions (Chez WeWork — 33 Rue La Fayette 75009 Paris — France);
Google Analytics (Google LLC1600 Amphitheatre Parkway Mountain View, CA 94043 USA);
HotJar (HotJar LLC, Level 2, St. Julian’s Business Center, 3, Elia Zammit Street, St. Julian’s STJ 1000, Malta).
The use of the above tools is carried out following the privacy protection principles set out by these entities available on their websites.
How to disable or limit cookies?
Analytical, sales, and marketing profiling
Profiling means the processing of personal data consisting in the use of the User data to evaluate some of its characteristics, in particular, to analyze or forecast aspects of its work results, economic situation, health, personal preferences, interests, reliability, behavior, location, or movement.
Transferring data outside the European Economic Area
To ensure a high level of services, the Administrator may transfer personal data to its partners outside the European Economic Area to conduct analytical activities. In the event of changes in this respect, the Administrator will notify users of this fact by modifying the Regulations. The transfer of data outside the European Economic Area takes place in a manner consistent with applicable law, following the standards required by the GDPR.
The Administrator has ensured adequate security employing standard personal data protection clauses adopted according to the decisions of the European Commission and contracts for entrusting the processing of personal data adapted to the requirements of the GDPR.
Concerning data transfer to the United States, some local entities may also ensure an appropriate data protection level under the "Privacy Shield" program (www.privacyshield.gov).