Polityka prywatności

PRIVACY POLICY AND USE OF COOKIES

IN THE ONLINE STORE WWW.HYDROFLEX.PL

(hereinafter referred to as the “Privacy Policy” or “Policy”)

I. INFORMATION GENERAL INFORMATION ON THE PROCESSING OF PERSONAL DATA

This document sets out the rules of the Privacy Policy for the online store operated at: www.hydroflex.pl (hereinafter referred to as "Online Shop" or „Shop”).

The administrator of personal data is Roland Rigoll, conducting business activity under the name: HYDROFLEX Roland Rigoll, entered in the Central Register and Information on Economic Activity (CEIDG), Tax Identification Number (NIP): 1990000895, REGON: 532440589, address of permanent place of business: ul. 3 Maja 12, 47-303 Krapkowice (hereinafter referred to as: ,,Administrator” or „Personal data administrator”).

Personal data collected by the Administrator is processed in accordance with generally applicable law, including in accordance with the content of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Dz. Urz. UE L 119, s. 1), hereinafter referred to as: "GDPR” and the Personal Data Protection Act (hereinafter referred to as "Act”)

The Administrator makes every effort to protect the privacy and information provided to him concerning customers and users of the Store. The Administrator selects and applies appropriate technical measures with due diligence, including programming and organizational measures, to ensure the protection of the data being processed, in particular to protect the data against unauthorized access, disclosure, loss, destruction, unauthorized modification, as well as processing in violation of applicable law.

The services available on the Store's website are not intended for persons under the age of 16.

The personal data administrator does not intend to deliberately collect data concerning persons under the age of 16.

The Online Store may use plug-ins and other social media tools, including, in particular, those that enable Store users to share content with other social media users or recommend it as part of their account with the provider of a given portal. The providers of these services may also process personal data as independent controllers.

The Administrator informs that the terms used in this Policy shall have the meanings specified in the Store Regulations, unless otherwise specified in the Policy.

II. CONTACT DETAILS

Regarding personal data, Store users may contact the Personal Data Administrator via:

traditional post at the following address: 3 Maja 12, 47-303 Krapkowice;
e-mail at: biuro@hydroflex.pl;
phone number: +48 77 407 85 15.

III. PURPOSES, SCOPE, AND BASIS FOR PROCESSING PERSONAL DATA

The personal data controller processes personal data for the following purposes and to the following extent, and on the following grounds:

Base: Personal data processed on the basis of Article 6(1)(b) of the GDPR – i.e. for the purposes of performing a contract, as well as taking steps prior to entering into a contract at the request of the Store user.

Purpose and scope: On this base, the Administrator processes data for the following purpose and scope:

- for the purpose of concluding and performing the Contract for the sale of Goods (e.g., delivery of Goods) – for this purpose, the Administrator processes, in particular, personal data provided by the Store user in the Order form or other data provided for the purpose of fulfilling the Order, in particular such as: first and last name, e-mail address, telephone number, address details, tax identification number, payment details;

- in order to provide the Services or deliver the functionality of the Store – in particular, data provided by the Store user in the registration form (Account) in the Online Store, such as, among others, e-mail address, first and last name, telephone number, mailing address, referral details, and password;

- In order to provide the Services and deliver the functionalities available in the Online Store, the Administrator processes, in particular, personal data relating to the activity of the Store user in the Online Store, including data concerning the content viewed by the Store user, Goods or Services, data concerning the Store user's device session, browser, IP address, as well as data provided by the Store user in the Order or for the purposes of Order fulfillment, and data provided by the Store user in forms available in the Store (including, for example, the electronic contact form, electronic complaint form);

- in order to provide Services and deliver functionalities that require the creation of an Account, such as, for example, functionalities related to the Account and delivered through it, for example: keeping a history of Orders, informing about the status of Order fulfillment – for this purpose, the Administrator processes, in particular, the data of the Store user provided in the Account, the Order form, or for the purposes of Order fulfillment, as well as other data collected as part of the Order, including data on purchase history.

Base: Where data processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, the Controller shall process personal data on the basis of Article 6(1)(f) of the GDPR..

Purpose and scope: On this base, the Administrator processes data for the following purpose and scope:

- in order to keep statistics on the use of individual functionalities available in the Online Store, facilitate the use of the Online Store, and ensure the IT security of the Online Store – for this purpose, the Administrator processes, in particular, personal data concerning the activity of Store users in the Online Store, including the amount of time spent on each subpage of the Online Store, search history, location, IP address, device ID, data concerning the web browser and operating system of the Store user;

- in order to establish, investigate, and enforce claims and defend against claims in court proceedings and before other enforcement authorities – for this purpose, the Administrator may primarily process personal data provided by the Store user in the Online Store, including when Ordering Goods or using Services or functionalities (including in forms in the Store) and other data necessary to prove the existence of a claim or which result from a legal requirement, court order, or other legal procedure;

Legitimate interest of the Administrator: In the case of personal data processing for the above purposes, the legitimate interest pursued by the Administrator consists in: the ability to establish, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities, improving the level of services provided and the efficiency and security of the Online Store, as well as building positive relationships with Store users.

Base: where data processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, and where the consent of the Store user was also required for the processing of personal data – on the basis of that consent – i.e. on the basis of Article 6(1)(f) of the GDPR and on the basis of Article 6(1)(a) of the GDPR. However, if personal data is processed for the purposes of performing a contract as well as taking action prior to entering into a contract at the request of the Store user – on the basis of Article 6(1)(b) of the GDPR.

Purpose and scope: On this base, the Administrator processes data for the following purpose and scope:

- for the purpose of marketing the Administrator's Goods and Services - for this purpose, the Administrator mainly processes personal data provided by the Store user when creating and updating their Account and using it, including login and registration dates, subscription to the Newsletter for the purpose of sending commercial/marketing information, data concerning the Store user's activity in the Online Store, including Orders, data that is recorded and stored via cookies, in particular Order history, search history, clicks in the Online Store, history and activity of the Store user related to communication with the Administrator.

- for use by the Administrator in the Online Store Cookies. Depending on the type (category of Cookies), the basis for the processing of personal data is different, i.e. Necessary Cookies – the basis is Article 6(1)(f) of the GDPR and Article 6(1)(b) of the GDPR. In the case of cookies in the Analytical/Functional category – the basis is Article 6(1)(a) of the GDPR. In the case of cookies in the Marketing/Advertising category – Article 6(1)(a) of the GDPR. Details on this subject can be found in the provisions on cookies later in this document;

- for the purpose of market research, opinion polling, measurement, and statistics by the Administrator itself or its partners or suppliers—for this purpose, the Administrator uses, in particular, data such as: information about the Order, data provided in the Account, or during the purchase of Goods. Detailed instructions are provided in the information about a given survey, form, or in the place where the Store user enters their data..

Legitimate interest of the Administrator: In the case of personal data processing for the above purposes, the legitimate interest pursued by the Administrator, in cases where it is the basis for processing, consists in: the possibility of informing Store users about the Administrator's offer, including in particular the Services or Goods offered, and building an image on the market, direct marketing of Goods, as well as ensuring the most optimal use of the Services and functionality of the Store and its pages in general, and improving their level, efficiency, and security.

Base: performance of the Agreement, as well as in cases where data processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party – the legitimate interest of the controller, i.e. on the basis of and pursuant to Article 6(1)(b) of the GDPR and Article 6(1)(f) of the GDPR.

Purpose and scope: On this base, the Administrator processes data for the following purpose and scope:

- in order to consider complaints, claims, and requests, and to respond to questions from Store users – for this purpose, the Administrator primarily processes personal data provided by Store users in forms in the Online Store, complaints, claims, and requests, as well as questions submitted in other forms. For this purpose, the Administrator also processes certain personal data provided by the Store user in the Account, data relating to the Order of Goods and other Services provided in the Online Store that are the subject of the complaint, request or inquiry, questions, and data contained in documents attached to complaints, requests, inquiries, and questions;

- for the purpose of organizing and running competitions, loyalty programs, or similar campaigns, and in particular for performing activities such as notifying users about accumulated points, notifications of winnings, as well as promoting and advertising the Store's offer and the campaigns themselves – for this purpose, the Administrator processes, in particular, the personal data provided by the Store user during registration (joining such campaigns) in a competition or loyalty program, as well as the personal data included in the Account. In addition, detailed information about a given contest, loyalty program, or other promotion will be provided each time in the terms and conditions of participation in a given contest, loyalty program, or promotion;

Legitimate interest of the Administrator: In the case of personal data processing for the above purposes, the legitimate interest pursued by the Administrator consists in the possibility of lawfully considering complaints, responding to comments or questions from Store users, as well as improving the level of Services provided and building positive relationships with Store users.

Base: when data processing is necessary to fulfill a legal obligation incumbent on the Controller, i.e. pursuant to Article 6(1)(c) of the GDPR - in particular, consisting in the Controller's fulfillment of legal obligations imposed by tax law/ accounting regulations in connection with the settlement of Orders, competitions, loyalty programs, and similar campaigns.

Purpose and scope: To this end, the Administrator primarily processes personal data provided by the Store user for the purpose of placing and settling an Order, as well as data provided by the Store user when joining a loyalty program, competition, or similar campaign, in accordance with its rules..

Base: performance of the Agreement, as well as in cases where data processing is necessary for purposes arising from legitimate interests pursued by the Controller or by a third party – the legitimate interest of the controller, i.e. pursuant to Article 6(1)(f) of the GDPR and Article 6(1)(b) of the GDPR (for the purposes of performing the Agreement as well as taking action prior to the conclusion of the Agreement at the request of the Store user).

Purpose and scope: To this end, the Administrator processes personal data (in particular: identifiers, content of comments, opinions) concerning persons (users) visiting profiles maintained by the Administrator on social media or other websites (e.g., Facebook, Instagram, Google, YouTube). Personal data is processed for the purpose of maintaining such profiles and providing information about the Administrator's activities, as well as sharing opinions expressed about the Administrator.

Legitimate interest of the Administrator: building the image of the Administrator, promoting its activities, as well as the possibility of pursuing or defending against possible claims, with the proviso that this Policy doesn't constitute a regulation related to the processing of personal data by the administrators of the above-mentioned websites or social media.

IV. DATA PROCESSING TIME

Personal data will be processed by the Administrator, as a rule, for the period necessary to fulfill Orders, provide Services and deliver functionality, marketing activities, and other services performed for the Store user. Personal data will be deleted by the Administrator in the following cases:
1. when the data subject requests their deletion or withdraws their consent;
2. when the data subject has not taken any action for more than 3 years (inactive contact);
3. after receiving information that the stored data is outdated or inaccurate;
4. when the data subject effectively objects to the processing of their personal data by the Controller, where the basis for the processing of personal data is the legitimate interest of the Controller.
Some data, such as your email address, first and last name, address, and phone number, may be additionally stored for as long as it may be necessary to pursue any claims or defend against claims by individuals, for evidentiary purposes in relation to claims related to both the sale of Goods and Services provided in the Online Store, as well as for the purposes of considering complaints, grievances, or other requests - until the claims expire. This data will not be used by the Administrator for marketing purposes.
Data concerning orders for Goods and any paid Services, competitions, and loyalty programs, to the extent necessary for bookkeeping and accounting purposes, will be stored for the period required by generally applicable law, including in particular accounting and bookkeeping regulations.
The data collected through cookies and similar mechanisms is stored by the Administrator for a period corresponding to the life cycle of cookies stored on devices or until they are deleted from the user's device by the user. Details on the lifetime of a given cookie can be found in the provisions on cookies later in this document..

V. RECIPIENTS OF PERSONAL DATA

According to Article 4 of the GDPR, a recipient is understood to be a natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not.
Due to the necessity to conclude and perform Sales Agreements and provide Services electronically, the personal data of Store users may be transferred to the following categories of recipients:

state authorities, e.g., the prosecutor's office, the police, the President of the Personal Data Protection Office (PUODO), if they request this from the Administrator, indicating the legal basis for their requests;
service providers with whom we cooperate, in particular in the scope of delivery of Orders or execution of payments, as well as enabling the use of the Online Store's websites, including providers responsible for the proper operation of ICT systems, entities providing accounting services to the Administrator, as well as other external entities cooperating with the Administrator in the scope of its activities. Depending on contractual arrangements and circumstances, these entities act on behalf of the Administrator or independently determine the purposes and means of processing.
Personal data may also be transferred to other entities – suppliers of tools that use cookies. Information about these entities and the purposes for which cookies are used can be found in the section on cookies later in this Policy.

3. A detailed list of suppliers may be provided by the Administrator at the request of the Store user.
4. The above-mentioned suppliers are mainly based in countries of the European Economic Area (EEA). The personal data controller may commission specific activities to recognized subcontractors operating outside the EEA, in particular entities operating in Bosnia and Herzegovina, Serbia, or Ukraine. Personal data transferred outside the EEA will be protected by appropriate legal safeguards so that the recipients guarantee a high level of personal data protection. These guarantees result in particular from the obligation to apply standard contractual clauses adopted by the Commission (EU) or binding corporate rules duly approved by a supervisory authority within the meaning of the GDPR. In the case of transferring personal data to the US, the Administrator will apply the provisions contained in the implementing decision of July 10, 2023, issued on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council, confirming the adequate level of personal data protection provided under the EU-US data protection framework. The method of data protection complies with the principles set out in Chapter V of the GDPR. The Store User may request the Administrator to provide additional information on the security measures applied in this regard, obtain a copy of these security measures, and information on where they are disclosed. In addition, the Administrator will inform the data subjects of the intention to transfer personal data outside the EEA at the stage of collecting personal data.

VI. CATEGORIES OF RELEVANT PERSONAL DATA

The personal data controller processes the following categories of relevant personal data:

contact details, including those provided in the electronic contact form and other forms available in the Online Store;
data concerning activity on the Online Store;
data concerning Orders in the Online Store;
data concerning Services, including the Newsletter Service;
settlement data - payments;
data concerning complaints, grievances, and requests;
data concerning marketing services;
data concerning user activity on social networking sites where the Data Controller has profiles/accounts.

VII. VOLUNTARY PROVISION OF PERSONAL DATA

The provision of required personal data by Store users is voluntary, subject to subparagraph 2.
Providing certain data is a prerequisite for using specific Services and functionalities of the Online Store or for fulfilling an Order.
The system used by the Administrator automatically marks mandatory data. Failure to provide this data will result in the Administrator being unable to provide certain Services and functionalities of the Store, as well as the inability to complete the Order. Apart from data marked as mandatory, providing other personal data is voluntary.

VIII. AUTOMATED DECISION MAKING

The administrator doesn't make automated decisions, including profiling.

IX. RIGHTS OF THE PERSON WHOSE PERSONAL DATA IS PROCESSED

Under the GDPR, the data subject has the right to:

1) access to personal data (Article 15 of the GDPR).

She may obtain information from the Administrator as to whether her data is being processed and, if so, she has the right to:

access to data;
obtain information about the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients of such data, the planned period of storage of the data or the criteria for determining that period, the rights conferred on her under the GDPR, and the right to lodge a complaint with a supervisory authority, about the source of the data, about automated decision-making, including profiling, and about the safeguards applied in connection with the transfer of the data outside the European Union;
obtain a copy of your personal data.

2) rectification of personal data (Article 16 of the GDPR).

If the personal data of this person is incorrect, they may request the Administrator to correct it immediately. They may also request the Administrator to supplement this data. If such a person has an Account in the Online Store, they can also correct and supplement their personal data themselves after logging into their Account.

3) deletion of personal data, the so-called “right to be forgotten” (Article 17 of the GDPR)

The data subject may request this when:

personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
withdrawn specific consent, to the extent that personal data was processed on the basis of that consent;
personal data was processed unlawfully;
has objected to the processing of her personal data for direct marketing purposes, including profiling, to the extent that the processing of personal data is related to direct marketing;
has objected to the processing of her personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for purposes arising from legitimate interests pursued by the Controller or a third party.

Despite the request to delete personal data, the Administrator may continue to process the data for the purpose of establishing, pursuing, or defending claims, of which the data subject will be informed.

4) submit a request to restrict the processing of personal data (Article 18 of the GDPR).

The data subject may request this when:

questions the accuracy of their personal data – the personal data controller will restrict the processing of personal data for a period enabling the accuracy of the data to be verified;
when the processing of personal data is unlawful, and instead of erasure, the data subject requests restriction of processing of personal data;
her personal data is no longer needed for processing purposes, but is needed to establish, pursue, or defend against claims;
when she objected to the processing of her personal data – until it is determined whether the legitimate interests of the personal data controller override the grounds indicated in the objection raised by the person who submitted it.

5) objection to the processing of personal data (art. 21 GDPR).

The data subject may object at any time to the processing of their personal data, including profiling, in connection with:

processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of the legitimate interests pursued by the Controller or a third party;
processing for direct marketing purposes.

6) request to transfer personal data (art. 20 GDPR).

The data subject has the right to receive their personal data from the Controller in a structured, commonly used, machine-readable format and to send it to another personal data controller or request that the Controller send their personal data directly to another controller (if technically possible).

7) withdrawal of consent to the processing of personal data.

The data subject may do so at any time. This does'nt affect the lawfulness of processing based on consent before its withdrawal.

8) complaints to the supervisory authority.

If the data subject believes that the processing of their personal data violates the GDPR, they have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement.

In Poland, the supervisory authority responsible for personal data protection is the President of the Personal Data Protection Office (PUODO).

Method of exercising rights:

The data subject may exercise all their rights by contacting the Administrator at the contact details provided in this Policy.

The Administrator shall, without undue delay, and in any case within one month of receiving the request, provide information on the actions taken in connection with the request submitted by that person. If necessary, the one-month period may be extended by a further two months due to the complexity of the request or the number of requests. In any case, the Administrator shall inform the person who made the request of such an extension within one month of receiving the request, stating the reasons for the delay.

RULE FOR USING COOKIES IN THE ONLINE STORE

I. GENERAL INFORMATION

The Online Store uses cookies (hereinafter referred to as “Cookies” or “Cookie files”). Cookies are small text files that are used by websites for specific purposes, mainly to improve the quality of the functionality provided within them.
Cookies are stored on the end device of the Store user in connection with the use of the Online Store's websites. Cookies allow us to identify the software used by the user and customize the Online Store to their individual needs.
Cookies usually contain the name of the domain from which they originate, their storage time on the device, and the assigned value.
Various types of cookies may be used in the Online Store, including files from external entities.
Unless otherwise specified, the following information applies to both the use of cookies by the Administrator and other similar technologies.
The cookies used by the Administrator are safe for the devices of the Store's users. In particular, it is not possible for viruses or other unwanted software or malware to enter such devices through cookies.

II. FILE TYPES

The Administrator uses two types of cookies in the Store:

Session cookies: are stored on the user's device and remain there until the end of the browser session. The stored information is then permanently deleted from the memory of the Store user's device after the session ends or the browser is closed. The session cookie mechanism does not allow the collection of any personal data or confidential information from the Store user's device.
Persistent cookies: are stored on the Store user's device and remain there until they are deleted (from the settings of the given web browser). Ending a given browser session or turning off the device does not delete them from the Store user's device. The persistent cookie mechanism does not allow the collection of any personal data or confidential information from the Store user's device.

III. PURPOSES OF USING COOKIES

The Administrator may also use third-party cookies. For the purposes of this document, the cookies used by the Administrator have been divided into main categories according to their main purpose, i.e.: 1. Basic (necessary), 2. Analytical/Functional, 3. Marketing/Advertising.
Basic (essential) cookies are files without which it would not be possible to use the full functionality of the Online Store website, in particular those that enable user authentication and generally improve website security.
Analytical/Functional Cookies – these are files used primarily for the Administrator to perform analyses and statistics regarding the use of the Online Store website by users, where their main purpose is to adapt these websites to the current needs of users and improve services.
Marketing/advertising cookies – these are files that allow the Administrator to display advertisements to users of the Online Store in a manner better suited to their expectations or needs.
Below you will find detailed information on the purpose for which cookies are used and by which entities. Each of these entities also independently determines its own privacy policy – links to the policies of individual providers can also be found directly on their websites.

The Administrator uses the following Cookies:

Cookie name	Existence period (expiration date)	Objective	Own/third parties	Supplier	Category
_ga _ga_# _gat _gid	_ga (2 years) _ga_# (2 years) _gat (1 day) _gid (1 day)	Determining how often a Store user visits the Store's pages	Own	Online Store Administrator	Statistics
collect	Session cookies	Collecting data about the Store user's device and their interactions in the Store	Entity Third	Google Analytics	Statistics
Solex_c Solex_lang	Persistent cookies	Ensuring the proper functioning of the Store	Own	Online Store Administrator	Basic

Detailed information about the possibilities and methods of handling cookies is available in the settings of the user's software (web browser).

IV. EDIT, ENABLE, BLOCK COOKIES

Store users can view and edit information about their preferences collected by the Google advertising network using the tool available at the following link https://www.google.com/ads/preferences/ and https://policies.google.com/technologies/partner-sites.

Using the settings of the web browser used by the Store user, or by configuring the service, the user can independently and at any time change the settings for cookies, specifying the conditions for their storage and access by cookies to their device. The Store user can change these settings to block the automatic handling of Cookies in the web browser settings or to inform them each time they are placed on the Store user's device.