Privacy and cookies policy

TABLE OF CONTENTS:

GENERAL PROVISIONS
GROUNDS FOR DATA PROCESSING
PURPOSE, BASIS AND DURATION OF DATA PROCESSING ON THE SITE
RECIPIENTS OF DATA ON THE WEBSITE
PROFILING ON THE WEBSITE
RIGHTS OF THE DATA SUBJECT
COOKIES ON THE WEBSITE AND ANALYTICS
FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1 This Privacy Policy is for information purposes only, which means that it does not create any obligations for Service Recipients or Customers of the Website. The Privacy Policy primarily contains rules on personal data processing by the Website Controller, including the grounds, purposes and duration of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools on the Website.

1.2 The Controller of personal data collected through the Website is FINTECNIC.PL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ ul. Placydowska 15, 95-070 Aleksandrów Łódzki, NIP (Tax ID No.) 7322203008, REGON (Business ID No.) 388705576, KRS (National Court Register No.): 0000895631, e-mail address: fintecnic@fintecnic.pl, telephone number: 600 851 540, hereinafter referred to as the “Controller” and which is also the Service Provider.

1.3 Personal data on the Website are processed by the Controller in accordance with the applicable legal provisions, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “GDPR”. The official text of the GDPR:http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4 The use of the Website is voluntary. The related provision of personal data by the Service Recipient or Customer using the Website is also voluntary, subject to two exceptions: (1) entering into contracts with the Controller; (2) the Controller’s statutory obligations – the provision of personal data is a statutory requirement under generally applicable laws requiring the Controller to process personal data (e.g. data processing for tax or accounting purposes) and failure to provide such data shall prevent the Controller from fulfilling such obligations.

1.5 The Controller shall take particular care to protect the interests of the data subjects and, in particular, shall be responsible for and ensure that the data collected are: (1) processed lawfully; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; (3) correct in substantive terms and adequate in relation to the purposes for which they are processed;
(4) kept in a form that permits the identification of data subjects for no longer than is necessary to achieve the purpose of the processing; and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by means of appropriate technical or organisational measures.

1.6 Having regard to the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Controller shall implement appropriate technical and organisational measures to ensure that the processing complies with this Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Controller shall apply technical measures to prevent the acquisition and modification by unauthorised persons of any personal data sent electronically.

1.7 All words, phrases and acronyms used in this Privacy Policy and capitalised (e.g. Seller, Electronic Service) shall be understood as defined.

2. GROUNDS FOR DATA PROCESSING

2.1 The Controller shall have the right to process personal data where, and to the extent that, one or more of the following conditions are met: (1) the data subject has given their consent to the processing of their personal data for one or more specified purposes; (2) the processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract; (3) the processing is necessary for compliance with the Controller’s legal obligation; or (4) the processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require personal data protection, in particular where the data subject is a child.

2.2 The processing of personal data by the Controller requires in each case the existence of at least one of the grounds indicated in point 2.1 of the Privacy Policy. The specific grounds for the processing of personal data of the Service Recipients and Customers of the Website by the Controller are indicated in the next section of the Privacy Policy, with reference to the respective purpose of personal data processing by the Controller.

3. PURPOSE, BASIS AND DURATION OF DATA PROCESSING ON THE SITE

3.1 In each case, the purpose, basis and period and recipients of the personal data processed by the Controller result from the activities undertaken by the respective Service Recipient or Customer on the Website or by the Controller.

3.2 The Controller may process personal data on the Website for the following purposes, on the following grounds and for the periods as indicated in the table below:

_{Purpose of data processing}	_{Legal basis of data processing}	_{Data storage period}
_{Performing a Sales Agreement or an Electronic Service Agreement or taking action at the request of the data subject prior to the conclusion of the aforementioned agreements}	_{Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract}	_{Data shall be stored for the period necessary for the performance, termination or expiry of the concluded Sales Agreement or Electronic Service Agreement.}
_{Direct marketing}	_{Article 6(1)(f) of the GDPR (legitimate interest of the Controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller consisting of protecting the interests and good image of the Controller and its Website and of striving to sell Products.}	_{The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of the Controller’s claims against the data subject related to the Controller’s business activity. The period of limitation shall be determined by the provisions of law, in particular of the Polish Civil Code (the basic limitation period for claims related to business activities is three years; for the Sales Agreement, it is two years). The Controller may not process data for the purpose of direct marketing if the data subjects lodges an effective objection to that effect.}
_Marketing	_{Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data by the Controller for its marketing purposes}	_{The data are stored until the data subject withdraws their consent to further processing of their data for this purpose.}
_{Expression of opinion by the Customer on the concluded Sales Agreement}	_{Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of their personal data for the purpose of expressing an opinion}	_{The data are stored until the data subject withdraws their consent to further processing of their data for this purpose.}
_{Keeping tax books}	_{Article 6(1)(c) of the GDPR in conjunction with Article 86(1) of the Tax Ordinance, i.e. of 17 January 2017. (Journal of Laws of 2017, item 201, as amended) – processing is necessary to fulfil the Controller’s legal obligation.}	_{The data are kept for the period required by the law requiring the Controller to keep tax books (until the expiry of the period of limitation for tax liabilities, unless otherwise stipulated by tax acts).}
_{Establishing, asserting or defending claims which the Controller may raise or which may be raised against the Controller}	_{Article 6(1)(f) of the GDPR (legitimate interest of the Controller) – processing is necessary for the purposes deriving from the Controller’s legitimate interests, consisting of establishing, asserting or defending claims which the Controller may raise or which may be raised against the Controller}	_{The data are stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of claims that may be raised against the Controller (the basic limitation period for claims against the Controller is six years).}
_{Using the Website and ensuring its proper operation}	_{Article 6(1)(f) of the GDPR (legitimate interest of the Controller) – processing is necessary for the purposes arising from the Controller’s legitimate interests, consisting of the operation and maintenance of the Website}	_{The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of the Controller’s claims against the data subject related to the Controller’s business activity. The period of limitation shall be determined by the provisions of law, in particular of the Polish Civil Code (the basic limitation period for claims related to business activities is three years; for the Sales Agreement, it is two years).}
_{Conducting statistics and analysis of traffic on the Website}	_{Article 6(1)(f) of the GDPR (legitimate interest of the Controller) – processing is necessary for the purposes deriving from the Controller’s legitimate interests, consisting of conducting statistics and analysis of traffic on the Website in order to improve the functioning of the Website and increase sales of Products}	_{The data shall be stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of the Controller’s claims against the data subject related to the Controller’s business activity. The period of limitation shall be determined by the provisions of law, in particular of the Polish Civil Code (the basic limitation period for claims related to business activities is three years; for the Sales Agreement, it is two years).}

4. RECIPIENTS OF DATA ON THE WEBSITE

4.1 For the proper functioning of the Website, including the performance of concluded Sales Agreements, it is necessary for the Controller to use services provided by external entities (such as software provider, courier or payment processor). The Controller shall only use the services of such processors that provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

4.2 The transfer of data by the Controller does not take place in every case and not to all recipients or categories of recipients specified in the Privacy Policy. The Controller shall transfer data only when necessary for the fulfilment of a given purpose of personal data processing and only to the extent necessary for its fulfilment. For example, if the Customer uses personal collection, their data shall not be transmitted to the carrier cooperating with the Controller.

4.3 The personal data of the Service Recipients and Customers of the Website may be transmitted to the following recipients or categories of recipients:

4.3.1 carriers/forwarders/courier brokers/entities handling the warehouse and/or shipment process – For a Customer who uses the Product delivery method on the Website by post or courier, the Controller shares the collected personal data of the Customer with a selected carrier, forwarder or intermediary performing the shipment on behalf of the Controller and, if the shipment is made from an external warehouse, with an entity handling the warehouse and/or shipment process, to the extent necessary to complete the delivery of the Product to the Customer.

4.3.2 entities handling electronic or credit card payments – For a Customer who uses the electronic or credit card payment method on the Website, the Controller shall make the collected personal data of the Customer available to the selected entity handling the above payments on the Website when ordered by the Controller, to the extent necessary to handle the payment made by the Customer.

4.3.3 service providers supplying the Controller with technical, IT and organisational solutions enabling the Controller to conduct its business activity, including the Website and the Electronic Services provided by means thereof (in particular, computer software providers for running the Website, e-mail and hosting providers and providers of business management and technical support software to the Controller) – The Controller shall make the collected personal data of the Customer available to the chosen provider acting on its behalf only in the case and to the extent necessary for the performance of the given purpose of data processing in compliance with this Privacy Policy.

4.3.4 accounting, legal and advisory service providers providing accounting, legal or advisory support to the Controller (in particular an accounting office, a law firm or a debt collection agency) – The Controller shall make the collected personal data of the Customer available to the chosen provider acting on its behalf only if and to the extent necessary to achieve the given purpose of the data processing in accordance with this Privacy Policy

4.3.5 providers of social plug-ins, scripts and other similar tools placed on the Website to enable the Website visitor’s browser to retrieve content from the providers of such plug-ins (e.g. logging in with social network login details) and to transmit the visitor’s personal data to these providers for this purpose, including:

4.3.5.1 Facebook Ireland Ltd. – The Controller uses Facebook social plug-ins on the Website (e.g. Like button, Share or Login with Facebook login data) and therefore collects and shares the personal data of the Service Recipient using the Website with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland), to the extent and in accordance with the privacy policy available at https://www.facebook.com/about/privacy/ (the data include information about your activities on the Website, including information about your device, pages visited, purchases, advertisements displayed and your use of the services, whether or not you have a Facebook account and are logged into Facebook).

5. PROFILING ON THE WEBSITE

5.1 The GDPR requires the Controller to provide information on automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR, and, at least in these cases, relevant information on the methods of such decision-making, as well as on the significance and foreseeable consequences of such processing for the data subject. With this in mind, the Controller provides information on profiling, if any, in this section of the privacy policy.

5.2 The Controller may use profiling on the Website for direct marketing purposes, but the decisions taken by the Controller based on this profiling do not concern the conclusion or refusal of a Sales Agreement or the possibility of using Electronic Services on the Website. The use of profiling on the Website may result, for example, in a person being offered a discount, being sent a discount code, being reminded of unfinished purchases, being offered a Product that may match a person’s interests or preferences, or being offered better terms compared to the Website’s standard offer. Despite the profiling, it is up to the data subject to decide on their own whether they want to benefit from the discount or better conditions received in this way and make a purchase on the Website.

5.3 Profiling on the Website consists of an automatic analysis or prediction of a person’s behaviour on the Website, e.g. by adding a particular Product to the shopping cart, browsing the page of a particular Product on the Website or by analysing the previous history of purchases made on the Website. The condition for such profiling is for the Controller to possess the personal data of the person concerned in order to be able to subsequently send them e.g. a discount code.

5.4 The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects in relation to the data subject or in a similar manner materially affects the data subject.

6. RIGHTS OF THE DATA SUBJECT

6.1 Right of access, right to rectification, right to restriction of processing, right to erasure and right to data portability – The data subject has the right to request from the Controller access to their personal data, the right to rectification, the right to erasure (“right to be forgotten”), the right to restriction of processing, the right to object to processing and the right to data portability. The detailed conditions for exercising the rights indicated above are specified in Articles 15-21 of the GDPR.

6.2 Right to withdraw consent at any time – A person whose data are processed by the Controller based on expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw the consent at any time without prejudice to the lawfulness of the processing performed on the basis of consent before its withdrawal.

6.3 Right to lodge a complaint to a supervisory authority – The data subject has the right to lodge a complaint to a supervisory authority in the manner and mode specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.

6.4 Right to object – The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling based on those provisions. In such a case, the controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

6.5 Right to object to direct marketing – where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that the processing is related to such direct marketing.

6.6 In order to exercise the rights referred to in this section of the Privacy Policy, you may contact the Controller by sending a relevant message in writing or by e-mail to the Controller’s address indicated at the beginning of the Privacy Policy or by using the contact form available on the Website.

7. COOKIES ON THE WEBSITE AND ANALYTICS

7.1 Cookies are small pieces of information in the form of text files sent by a web server and stored on the Website visitor’s computer (e.g. on the hard drive of your computer, laptop or smartphone memory card, depending on the device used for visiting our Website). Detailed information on cookies and the history of their creation can be found here, among other places: https://pl.wikipedia.org/wiki/HTTP_cookie.

7.2 The cookies that may be sent by the Website can be divided into different types, according to the following criteria:

_{Due to their provider:}	_{Due to their storage period on the device of the person visiting the Website:}	_{Due to the purpose of their use:}
_{1) own (created by the Controller’s Website) and 2) third party (owned by entities other than the Controller)}	_{1) session (stored until you log out of the Website or switch off your web browser), and 2) permanent (stored for a specific period of time, defined by the parameters of each file or until manually deleted)}	_{1) essential (to enable the proper functioning of the Website), 2) functional/preference (making it possible to adjust the Website to the visitor’s preferences), 3) analytical and performance (gathering information on the manner of use of the Website), 4) marketing, advertising and social media (collecting information about a Website visitor in order to display personalised advertising to that person and to carry out other marketing activities, including on websites separate from the Website, such as social media websites).}

7.3 The Controller may process the data contained in cookies when visitors use the Website for the following specific purposes:

_{Purposes of using Cookies on the Controller’s Website}	_{identifying Users as logged in to the Website and showing that they are logged in (essential cookies)}
_{remembering Products added to the shopping basket for the purpose of placing an Order (essential cookies)}
_{remembering data from completed Order Forms, surveys or login data to the Website (essential and/or functional/preference cookies)}
_{adjusting the content of the Website to the individual preferences of the Service Recipient (e.g. as regards colours, font size, page layout) and optimising the use of the Website’s pages (functional/preference cookies)}
_{keeping anonymous statistics on how the Website’s pages are used (analytical and performance cookies)}
_{remarketing, i.e. the study of the behavioural characteristics of visitors to the Website through an anonymous analysis of their actions (e.g. repeated visits to certain pages, keywords, etc.) in order to create their profile and provide them with advertising tailored to their anticipated interests, also when they visit other websites on the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social media cookies)}

7.4 Checking which cookies (including the duration of the cookies and their provider) are sent at any given time by the Website is possible in the most popular browsers as follows:

_{In Chrome:}_{(1) in the address bar, click on the padlock icon on the left, (2) go to the “Cookies” tab.}	_{In Firefox:}_{(1) in the address bar, click on the shield icon on the left-hand side, (2) go to the “Allowed” or “Blocked” tab, (3) click on the “Cross-site tracking cookies” box, “Social media tracking elements” or “Content with tracking elements”}	_{In Internet Explorer:}_{(1) click the “Tools” menu, (2) go to the “Internet options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click the “View Files” box}
_{In Opera:}_{(1) in the address bar, click on the padlock icon on the left, (2) go to the “Cookies” tab.}	_{in Safari:}_{(1) click on the “Preferences” menu, (2) go to the “Privacy” tab, (3) click on the “Manage Website Data” box.}	_{Irrespective of the browser, using the tools available at, for example:}_{https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/}

7.5 Most web browsers available on the market accept the storage of cookies by default. You are able to determine the conditions for the use of cookies via the settings of your own browser. This means that it is possible, for example, to partially restrict (e.g. temporarily) or completely disable the possibility of storing Cookies. In the latter case, however, this may affect some of the Website’s functionalities (for example, it may not be possible to follow the Order path through the Order Form due to the Products not being saved in the basket during the subsequent steps of placing the Order).

7.6 Your browser cookies settings are relevant to your consent to the use of Cookies by our Website; in accordance with the law, such consent may be also given through your browser settings. Detailed information on how to change your cookie settings and how to delete them on your own in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the respective link):

7.7 The Controller may use the Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Website. These services help the Controller to keep statistics and analyse traffic on the Website. The data collected are processed as part of the above services to generate statistics helping to manage the Website and analyse traffic on the Website. The data are aggregate. When using the above services on the Website, the Controller collects such data as the source and medium of acquisition of Website visitors and their behaviour on the Website, information on the devices and browsers from which they visit the Website, IP and domain, geographical data and demographic data (age, gender) and interests.

7.8 You caneasily block the provision of information to Google Analytics about your activity on the Website. For this purpose, for example, you can install a browser add-on provided by Google Ireland Ltd., available at https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9 The Controller may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the Website. This service helps the Controller to measure the effectiveness of advertisements, to identify actions taken by visitors on the Website, and to display tailored advertisements to those visitors. You can find detailed information about the operation of the Facebook Pixel online at https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.10 You can manage the operation of the Facebook Pixel via the ad settings in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS

8.1 The Website may contain links to other websites. When visiting those websites, you are recommended to read their privacy policies. This Privacy Policy applies only to the Controller’s Website.

Quick contact

Need more information?
Get in touch with our specialists: