With our customers in mind, we pay special attention to your privacy and your data. We really want you to feel comfortable while using our services.
For this reason below we have presented the most important information on how we process your personal data and cookies used by our store. This information has been prepared with special regard to the Resolution of the European Parliament and Council (EU) 2016/679 dated 27 April 2016 on protection of natural persons due to processing personal data and on free flow of such data and repeal of the directive 95/46/CE (hereinafter: GDPR).
YOUR PERSONAL DATA CONTROLLER
The controller of your personal data collected through the website zeegma.com is BrandLine Group sp. z o.o. [limited liability company], entered into the National Court Register under the number: 0000552768, NIP [taxpayer’s ID]: 7822579840, REGON [business ID]: 361233546, address: ul. A. Kręglewskiego 1, 61-248 Poznań (hereinafter referred to as Controller).
As the Controller of your data, we do our utmost to provide them with suitable protection and to process them properly:
- data are processed legally and in a transparent way for the person who they apply to;
- data are collected for specific and clearly defined purposes, and also processed in this way;
- data are collected only to the extent required for achievement of a specific goal;
- data processed are properly protected against unauthorized and illegal processing as well as damage or destruction.
With regard to all matters related to personal data protection, please contact the Controller in the following way:
- by sending a traditional letter to ul. A. Kręglewskiego 1, 61-248 Poznań,
- by electronic means: [email protected]
SCOPE OF DATA COLLECTION
- The Controller processes personal data required to render and develop its services and functionalities available on zeegma.com.
- The scope of collected data corresponds to the purpose of collection. These are the following in particular: first and last name, e-mail address, phone number, delivery address, sometimes NIP and REGON, name and place of business.
PURPOSES OF AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
- Personal data can be processed by the Controller for the following purposes:
- to create the account and verify the customer’s identity – based on acceptance of Terms and Conditions (art. 6 para. 1 b) of GDPR;
- to conclude and perform the electronic services agreement pursuant to the act dated 18 July 2002 on rendering electronic services, in particular through providing possibilities of using the online store, browsing products, making purchases (by registered or unregistered customers) and lodging complaints (art. 6 para. 1 b) of GDPR;
- to fulfill the Controller’s legal obligations related to accounting and taxes and for archival purposes (art. 6 para. 1 c) of GDPR);
- to communicate with the customer in order to provide it with required information as well as build positive and reliable relationship with the customer, which is a legally justified interest of the Controller (art. 6 para. 1 f) of GDPR);
- to provide marketing information by electronic means and/or through phone calls, including newsletters, provided that the Customer has given its consent to receive such notifications (art. 6 para. 1 a) of GDPR);
- to collect and present opinions on products provided through the website and to study satisfaction of our customers, which is a legally justified interest of the Controller (art. 6 para. 1 f) of GDPR);
- for analytical and statistical purposes on the basis of the legally justified interest of the Controller, that is verifying customers’ activities and preferences to optimize services and products as well as functionalities of the website (art. 6 para. 1 f) of GDPR);
- to establish and pursue claims or defend against them on the basis of the legally justified interest of the Controller, that is protecting its rights (art. 6 para. 1 f) of GDPR).
- In any of the aforesaid cases, giving personal data is voluntary, yet required to conclude the agreement or use other functionalities of the website.
PERSONAL DATA PROTECTION PERIOD
- The period of processing personal data corresponds to the period in which the specific person remains a registered online store customer. After deletion of the account, personal data will be processed for the period required for assurance of compliance with rules of law, pursuance of or defense against potential claims, yet not longer than 6 years from the day of terminating the electronic services agreement.
- As for unregistered customers who do the shopping, personal data are processed for the period required for maintenance of compliance with rules of law, pursuance of or defense against potential claims, yet not longer than 6 years from the day of terminating the electronic services agreement.
- Data processed for the purposes of sending marketing information, including rendering newsletter services, will be processed until the approval has been withdrawn, with the provision that withdrawal of the above-stated approval does not affect compliance of data processing made before the withdrawal.
- In any other cases, personal data will be processed for the period of time required to achieve the goal for which they are collected, yet not longer than until your objection to the Controller processing the data.
INFORMATION ON PROCESSING
- Depending on the purpose of processing, personal data may be disclosed to:
- trusted entities which cooperate with the Controller, including entities which deliver or manage specific IT systems and solutions,
- entities which support online payments,
- entities which render courier and postal services,
- law firms.
- As a rule the personal data processed by the Controller will not be disclosed out of the European Economic Area or to international organizations.
YOUR RIGHTS
- Right to access data
Pursuant to the art. 15 of GDPR, the registered customer has an unlimited access to the following at any time:
- all its personal data provided to the Controller, history of orders, history of complaints, list of favorites and its reviews
- information on processing its personal data, presented in the Privacy Protection Policy and Terms and Conditions.
To receive information on its personal data processed by the Controller, the unregistered customer must contact the Controller in the following way:
- by sending a traditional letter to ul. A. Kręglewskiego 1, 61-248 Poznań,
- by electronic means: [email protected]
- Right to rectify data
The right to rectify data applies when the customer’s data are incorrect, especially because they have been erroneously collected or changed. This right also allows supplementing missing data.
The registered customer may feel free to rectify its personal data in its profile on its own and at any time.
To rectify the personal data processed by the Controller, the unregistered customer should contact the Controller in the following way:
- by sending a traditional letter to ul. A. Kręglewskiego 1, 61-248 Poznań,
- by electronic means: [email protected]
- Right to delete data
Pursuant to art. 17 of GDPR, every customer may feel free to request deletion of its personal data at any time, and the relevant petition must be sent directly to the Controller:
- via a traditional letter to ul. A. Kręglewskiego 1, 61-248 Poznań,
- by electronic means: [email protected]
The Controller may refuse to consider the request to delete data if the law allows so, particularly when further processing is necessary to fulfill the legal obligation of processing on the basis of EU law or domestic law or for the purposes of establishing, pursuing or defending against claims.
Pursuant to the Terms and Conditions, every customer may delete its account at any time. Deletion of the account is not tantamount to deletion of data, as mentioned above. If the account is deleted, the Controller processes personal data for 6 years from the day of terminating the electronic services agreement in order to fulfill tax obligations (in accordance with art. 74 of the accounting act) as well as establish, pursue or defend against potential claims (as long as the user has made a purchase in our online store).
- Right to limit processing
To use the right to limit data processing, the customer must contact the Controller by sending a petition in the following way:
- through a traditional letter to ul. A. Kręglewskiego 1, 61-248 Poznań,
- by electronic means: [email protected]
In the petition, it is necessary to specify the range of data to be limited and justification of the request. This right applies particularly when it is suspected that processed data are incorrect, the very processing is illegal or data ceased to be necessary to the Controller, but for reasons attributable to the user cannot be deleted.
- Right to transfer data
Every customer has a right to transfer its personal data to other controllers. To do so, it should request the Controller to give access to the data. The request must be sent in the following way:
- through a traditional letter to ul. A. Kręglewskiego 1, 61-248 Poznań,
- by electronic means: [email protected]
In the petition, it is necessary to specify whether data are to be disclosed to the person who they apply to or other controller.
- Right to object
The right to object to personal data processing applies to data processed on the basis of the legally justified interest of the Controller, that is art. 6 para. 1 f) of GDPR. To exercise this right, the customer should contact the Controller in the following way:
- by sending a traditional letter to ul. A. Kręglewskiego 1, 61-248 Poznań,
- by electronic means: [email protected]
The Controller may refuse to consider the request if the law allows so, particularly when further processing is necessary to fulfill the legal obligation of processing on the basis of EU law or domestic law or for the purposes of establishing, pursuing or defending against claims.
- Right to withdraw consent
Every customer may withdraw the personal data processing consent, at any time, based on sending marketing information. The aforesaid withdrawal may be made in any of the following ways:
- by activating the link in any newsletter marketing information message,
- by lodging a petition to the e-mail address: [email protected] or by sending a traditional letter to ul. A. Kręglewskiego 1, 61-248 Poznań.
The Controller declares that withdrawal of the consent shall not affect compliance with right of processing made on the basis of this consent before withdrawing.
- Right to lodge a complaint to supervisory body
Every customer has a right to lodge a complaint to the President of the Personal Data Protection Office if it decides that the processing violates its right and liberties, especially the ones which arise from GDPR.
AUTOMATIC DECISION-MAKING, INCL. PROFILING
- The Controller uses systems intended for automatic decision-making, including profiling, yet it will not trigger any legal effects or otherwise affect the situation of our customers.
- Personal data profiling by the Controller is subject to data processing (also in an automatic way) by using them to assess certain information, in particular to analyze or forecast personal preferences of our customers.
- The information obtained as a result of automatic decision-making, including profiling, will be used only to adapt our marketing actions to customers’ needs and preferences.
COOKIES POLICY
WHAT ARE COOKIES?
A cookie file is information in the form of text in the user’s final device when the user accepts them or otherwise configures its browser. The information in cookies may be read by the website which the user is currently visiting, and the access to files of other sites is impossible.
WHAT KIND OF COOKIES ARE USED?
In our systems the following kinds of cookies are used:
- systemic: required for proper operation of the website, and to maintain the session after logging in,
- analytical and statistical: required to study website traffic, learn our users’ preferences,
- preferential: allow remembering website settings, and to arrange specific elements, layout, font size, region the user is from,
- marketing and advertising: allow adapting advertisements to our customers’ preferences and conducting customized marketing campaigns,
- external files used for automatic decision-making, incl. profiling.
The site uses both own files (files straight from the Website) and external files (files from third parties’ site).
STORAGE TIME AND LEGAL BASIS FOR PROCESSING
The cookies we use are processed on the following legal bases:
- systemic: depending on a specific type, these are persistent files or stored for 1-28 day(s),
- analytical and statistical: depending on a specific type, they are stored for the period from 1 day to 2 years,
- preferential: files are stored 1 day after saving,
- marketing and advertising: depending on a specific type, these are persistent files or stored for 1 day-10 years,
- external files used for automatic decision-making, incl. profiling: depending on a specific type, these are session files or persistent files, or stored for 1 day-10 years.
COOKIES MANAGEMENT, APPROVAL OF USE
By default most web browsers on the market accept saving cookies. The customer may specify terms of using cookies through settings in its own web browser. This means that it may partially limit (e.g. temporarily) or completely disable cookies saving on its device. If the latter is chosen, it may however affect some functions of the Website.
The user’s web browser settings related to cookies are significant from the point of view of approval of using cookies by our Website – according to regulations, such consent may also be expressed through web browser settings.
Detailed information on change of cookies settings and their own deletion in the most popular web browsers can be accessed in the help section of the web browser.