Table of Contents:
§1 General Information
§2 Personal data controller
§3 Data acquisition and purpose of data processing
§4 Categories of personal data
§5 Recipients of personal data
§6 Archiving of personal data
§7 Rights, accessing and updating personal data, complaints
1. GENERAL INFORMATION
- All phrases and words written with a capital letter (e.g. Online Store, Customer, etc.) should be understood in accordance with the content of the Rules of the Online Store.
2. PERSONAL DATA CONTROLLER
- The Administrator of your personal data is LAST MILE Sp. z o.o. with its registered office in Warsaw (00-351) at ul. Zajęcza 7/1, entered in the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Department of the National Court Register under KRS number 0000969015, NIP 5252902733, REGON 521540983 (hereinafter: the Administrator).
- For all data protection issues, we encourage you to contact us at the above address or via email address: email@example.com.
- You can also send a request to this address for information on what personal data we hold about you and for what purposes we process it.
- The Administrator informs that it stores the correspondence for statistical purposes and for the purpose of improving the support system within the scope of RODO, as well as for the resolution of complaints and possible decisions on administrative interventions made on the basis of notifications in the designated Customer Account. Addresses and data collected in this way will not be used for communication for any purpose other than the fulfilment of the request, in particular will not be used for marketing purposes and will not be passed on to third parties.
- If the Administrator is contacted in order to perform a specific action (e.g. lodge a complaint, make a refund), the Administrator may ask the person concerned to provide data, including personal data, e.g. name, surname, address, e-mail address, in order to confirm his or her identity and enable the possibility of contacting the person concerned and performing the requested action. Providing such data is not obligatory, but it may be necessary to perform an action or to obtain information that is of interest to a given person.
3. DATA ACQUISITION AND PURPOSE OF DATA PROCESSING
- We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, (hereinafter: RODO) and other data protection laws currently in force at the time of processing certain data.
- According to the content of the indicated legal acts, personal data is information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
- We ensure that the data we obtain from you is confidential, secure and processed only when necessary. We process data lawfully, fairly and transparently for the data subject. We process only such data and only with such content that is necessary due to the legitimate purpose, i.e. the reason for the processing. Personal data are collected with due care and are adequately protected against access by unauthorized persons. We use appropriate and adequate security measures and state of the art technology to protect personal data against accidental loss and unauthorized access, use, alteration, or disclosure. We store personal data in a manner that enables the identification of the data subject for no longer than is necessary for the purposes for which the data are processed.
- The Administrator obtains information about personal data in the following ways:
- by making a purchase in the Store (online store) by the Customer;
- by registering a Customer Account;
- by voluntarily subscribing to a newsletter service;
- by posting an opinion in the Online Shop;
- by voluntarily entering information in an email message or contact form;
- by sending a complaint, request, inquiry or letter of any other nature;
- by voluntarily entering information in an email sent in connection with your desire to do business with us;
- by directing a message in Chat messenger;
- through cookies, pixels or similar Internet technologies.
- Please be informed that the purpose and scope of data processed by the Administrator derives from the consent of the Website Visitor or Client or from legal regulations, and in selected cases is further specified as a result of actions taken by these persons in the Online Store or through other communication channels.
- Providing personal data by the Visitor or the Customer of the Internet Shop is voluntary, but it is necessary in order to use certain functionalities of the Internet Shop (e.g. placing an Order by the Customer and its settlement, Customer Account registration or using contact forms).
- Each time the scope of data required to conclude the relevant agreement is indicated in advance in the Online Shop (we mark the data whose submission is necessary to conclude the agreement/use a specific functionality), within other communication channels with the Visitor or the Customer or in the Regulations. The consequence of failing to provide personal data may be inability to effectively use the functionality of the Website, e.g. inability to place an order.
- Your personal information is obtained by the Administrator for the following purpose:
|Purpose of processing||Legal basis||A legitimate purpose, if any|
|Keeping Statistics.||Article 6(1)(f) RODO.||To have information about the statistics of our operations, which allows us to improve our business operations.|
|Conducting marketing of its own products and services without the use of electronic communications.||Article 6(1)(f) RODO.||Conduct marketing activities to promote the business.|
|Conducting marketing of our own products and services using electronic communications, including profiling.||Article 6(1)(f) of the RODO, with these actions due to other applicable laws, in particular the Telecommunications Law and the Act on Provision of Electronic Services, are conducted only on the basis of the consents held (Article 6(1)(a) of the RODO).||Conducting marketing activities to promote the business using email addresses. Presenting advertisements, customizing discounts and promotions.|
|Handle requests made using the contact form, emails, complaints, other requests.||Article 6(1)(a) of the RODO; Article 6(1)(c) of the RODO.||Responding to requests and inquiries submitted using the contact form or in any other form, including storing sensitive requests and responses in order to maintain accountability. Handling requests, providing answers to consumer complaints. Pursuing claims, including from third parties, and defending against them.|
|Posting an opinion in the Online Store.||Article 6(1)(a) of the RODO.||Product Satisfaction Survey.|
|Customer Account Maintenance.||Article 6(1)(a) of the RODO.||Entering into and performing a Service Agreement (Account) or taking action at the request of a prospective Customer prior to entering into such an Agreement.|
|Conclusion and execution of the Sales Agreement.||Article 6(1)(b) of the RODO.||Conclusion and execution of the Sales Agreement or taking action at the request of a future Customer before its conclusion.|
|Archiving of sales documents.||Article 6(1)(c) of the RODO.||Fulfillment of legal obligations arising from legislation, e.g. tax and accounting, especially in the case of contracts for a fee.|
9. In case of an adult Client or an adult Website Visitor, with his or her additional consent, the Personal Data may also be processed in order to present, create, grant and carry out advertisements, offers or promotions (discounts) related to the products or services of the Administrator and its partners dedicated to such Client, customized to his or her preferences to the greatest possible extent (profiling), as a result of automated decision-making that may produce legal effects with regard to him or her or similarly significantly affect him or her, e.g. This may include, for example, a short-term discount on a particular product that you have recently viewed in our Online Store (not available to persons who are not of legal age or who are of legal age but have not given their consent to this action).
10. Newsletter. If you wish to subscribe to our newsletter, it is mandatory to provide us with your e-mail address via the newsletter subscription form. Providing this data is voluntary, but necessary to use the newsletter service. Subscribing to the newsletter is also possible at the stage of creating a Customer Account and placing an order.
The data provided to us when signing up for the newsletter is used to send you the newsletter, in which we inform you about company activities, the current collection, promotions and discounts. The legal basis for processing in this situation is your voluntary consent given when signing up for the newsletter.
Your data are processed in this case for the purpose of sending the newsletter periodically, and the basis for the processing is Article 6(1)(a) of the RODO, i.e. your consent resulting from your wish to receive the service.
The data will be processed for the duration of the newsletter, unless you unsubscribe earlier, which will permanently delete your data from the database. Furthermore, you can correct your data stored in the newsletter database at any time, as well as request their deletion by unsubscribing from the newsletter. You also have the right to data portability, contained in Article 20 of the RODO.
The newsletter database is properly secured by the Administrator. Newsletter as a database is operated by an external entity. In emails sent using it there are links to hidden images (the so-called tracking pixel). Apart from its basic function, which is counting the number of e-mail openings, it is also optionally used to identify the Customer and conduct marketing activities.
11. Email Contact. When you contact us by e-mail, you provide us with your e-mail address as the sender address of the message. In addition, you may also include other personal data in the body of the message. The provision of data is voluntary, but necessary in order to get in touch with us.
Your data is processed in this case for the purpose of contacting you, and the basis for processing is Article 6(1)(a) of the RODO, i.e. your consent resulting from your desire to contact us. The legal basis for post-contact processing is the legitimate purpose of archiving correspondence for internal purposes (Article 6(1)(c) RODO).
The contents of correspondence may be archived and we are unable to specify when they will be deleted but this will be for a period not exceeding 5 years. You have the right to request a history of your correspondence with us (if it is archived) as well as to request its deletion unless archiving it is justified in our overriding interests.
12. Feedback. If you want to add your opinion about a product or our entry, you need to fill in the form.
Your data is processed in this case for the purpose of enabling you to post Opinions, and the basis for processing is Article 6(1)(a) of the RODO, i.e. your consent resulting from your desire to post on our website.
Data will be processed for the duration of the opinion on the website, unless you request earlier deletion of the opinion, which will delete your data related to the opinion from the database.
You can correct your data in the feedback at any time, as well as request their deletion. You also have the right to data portability, contained in Article 20 of the RODO.
13. Customer Account. When you create a Customer Account on our Website you provide us with your email address. This is voluntary but necessary for a successful registration of the customer account. Then you can also enter your name and address data in the My Account section.
Your data is processed in this case for the purpose of maintaining a Customer Account, and the basis for processing is Article 6(1)(a) of the RODO, i.e. your consent resulting from the desire to create one.
Data will be processed for the duration of the Customer’s Account, unless you have previously requested its deletion, which will delete your data from the database.
You can correct your data assigned to your Customer Account at any time, as well as request their deletion. You also have the right to data portability, contained in Article 20 RODO.
As part of creating a Customer Account you may, but are not required to, agree to subscribe to a newsletter service.
4. CATEGORIES OF PERSONAL DATA
- The controller may process the following categories of personal data:
- personal data provided in the form when registering Customer Account, placing Orders in the Online Store, in particular: e-mail address, telephone number, name and surname, address of residence;
- personal data completed by the user during the use of the Customer Account, in particular: name and surname; e-mail address; contact telephone number; address of residence [street, house number, apartment number, postal code, city, country], and in case of Customers who are not consumers, additionally company name and tax identification number [NIP];
- personal data necessary to place the order, in particular: name and surname; e-mail address; contact telephone number; address of residence [street, number of the house, number of the premise, postal code, town, country], and in case of Customers who are not consumers, additionally company name and tax identification number [NIP];
- personal data provided for the use of the newsletter, provided during the use of the contact form, sent by e-mail; or provided during the lodging of complaints, claims or requests, in particular: name and surname; e-mail address; contact telephone number; address [street, house number, apartment number, zip code, city, country], bank account number;
- personal data provided in order to take part in competitions/promotional actions: name and surname; e-mail address; contact telephone number; address of residence [street, number of house, number of premises, postal code, town, country];
- personal data contained in the opinion, in particular name and age;
- other data, in particular data obtained on the basis of the Customer’s activity on the Internet, including data obtained through the Internet Store or other channels of communication with the Customer, using cookies and similar technologies.
5. RECIPIENTS OF PERSONAL DATA
- Your personal data may be processed by our partners and subcontractors, i.e. entities whose services we use to process data and provide services to you. To our knowledge, all entities to whom we entrust the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.
- Your personal information may be transferred by the Administrator:
- to state authorities or other entities authorized by law, in order to fulfill our obligations;
- to a limited extent, the Administrator’s partners may be involved in the processing of personal data, in particular those who technically support the proper functioning of the Internet Shop (e.g. support us in sending e-mails, and in the case of advertising activities – also in marketing campaigns), providers of hosting or data communication services, carriers or agents for Order deliveries, entities processing electronic payments or payment card payments in the Internet Shop, companies servicing software, supporting the Administrator in marketing campaigns, as well as providers of legal and advisory services and external accountants;
- in addition, we may share fully anonymized data (data that cannot identify you) with entities that we work with.
- Our providers are mainly based in Poland or in other countries of the European Economic Area (EEA) and also, e.g. in the case of Google Analytics, based outside the EEA. Due to the content of the CJEU ruling Schrems II (C-311/18), we have enabled the anonymization of your IP numbers – we do not transfer this data to the USA. The remaining data sent to Google do not have the characteristics of personal data, i.e. a specific natural person cannot be identified from them.
6. ARCHIVING OF PERSONAL DATA
- We retain data for the periods indicated below:
|Data associated with the sales procedure.||5 years|
|Data for marketing purposes.||In the case of data processing based on consent – until its withdrawal. In the case of data processing based on a legitimate purpose – until you raise an objection.|
|Data submitted using the contact form, email.||For a period of 3 years to maintain accountability.|
|Opinion data.||In the case of data processing on the basis of consent – until its withdrawal. In the case of data processing on the basis of a legitimate purpose – until the time of raising an objection.|
|Personal information related to cookies and similar features.||Until you delete these files using your website / browser / device settings (whereby deletion of files is not always the same as deletion of Personal Data obtained through these files – in which case Personal Data will be deleted until you object).|
|Data provided during complaint and other procedures related to Customer’s claims.||5 years.|
|The remaining category of data (with the exception of cookie data, which is covered more in our Cookies Policy).||5 years.|
3. In any case, personal data will be stored also when legal regulations (e.g. accounting or tax regulations) oblige the Administrator to process them; we will store personal data longer in case the Customer has any claims against the Administrator, in order to assert claims by the Administrator, or in order to assert or defend against third-party claims, for the period of their limitation specified by law, in particular the Civil Code.
4. Depending on the scope of the personal data and the purposes for which they are processed, they may therefore be stored for different periods. In each case, the longer storage period for the personal data is decisive.
7. RIGHTS, ACCESSING AND UPDATING PERSONAL DATA, COMPLAINTS
- Pursuant to Article 15 of the RODO, you have the right to obtain information from the Data Controller as to whether your personal data are being processed.
- If the Administrator processes your personal data, then you have the right to:
- access to personal information;
- obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the intended period of storage of your data or the criteria for determining that period, your rights under the RODO and your right to lodge a complaint with the supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
- obtain a copy of your personal information.
- In addition, you may request rectification of your personal data (Article 16 of the RODO), erasure of your personal data (Article 17 of the RODO), object to the processing of your personal data (Article 21 of the RODO) and, where technically feasible, request the transfer of the personal data provided to another organization (Article 20 of the RODO).
- In relation to the right to be forgotten, the Controller will update or delete your data unless it has a legal obligation to retain it for business purposes or to comply with the law. In some cases, you have the right to request the restriction of the processing of your personal data (Article 18 of the RODO). You may also contact the Controller if you have concerns about how we collect, store or use your personal data.
- The Administrator endeavours to deal with any requests concerning the above-mentioned operations on your personal data immediately, but no later than within 30 days of receiving the request. Due to the complexity of the request, the Administrator is entitled to consider your request within a period exceeding 30 days, of which it will inform you in advance.
- The Administrator strives to resolve complaints conclusively, but if you are still dissatisfied with the response you receive, you may file a complaint with the supervisory authority dealing with personal data protection at your local data protection authority. In Poland, the supervisory authority under RODO is the President of the Office for Personal Data Protection.
- Selected cookies process your personal data. The processing of personal data derived from cookies or similar technologies on our Website is carried out for the purposes of ensuring the functioning of the Website, adapting the Website to the Visitor’s and Client’s preferences, or for analytical purposes. The processing is carried out on the basis of our legitimate interest. The legal basis for the processing of personal data for advertising and social media connection purposes will be your additional consent, expressed by making a selection and ticking the checkbox during the cookie consent process.
- When a Visitor uses the Online Shop, cookies are used to identify his/her browser or device – cookies collect various types of information which, as a rule, do not constitute personal data. However, some information, depending on its content and use, may be associated with a specific person – the attribution of certain behaviours to a specific Visitor or Customer, e.g. by linking it to the data provided when registering an Account with the Online Shop or a specific e-mail address – and thus be considered personal data.
- The Website uses profiling. Thanks to cookies used in the Internet Shop it is possible for the Administrator to learn about Visitor’s/Customer’s preferences – e.g. by analyzing how often they visit the Internet Shop and if and what products they buy. Analyzing online behavior helps to better understand the habits and expectations of Customers and Visitors and to adapt to their needs and interests. This technology makes it possible to present Visitors with advertisements tailored to their needs and interests, and to provide better promotions and surprises to adult Visitors who have consented to receive them.
- The Administrator declares that he has the right to amend this document for important reasons, among others:
- changes in applicable regulations, in particular those concerning RODO, telecommunication law, electronically delivered services and regulating consumer rights, affecting the rights and obligations of the Controller or the rights and obligations of the Data Subject;