Privacy policy
Online store privacy policy
1. This document defines the principles of processing and protecting personal data of Customers of the Online Store available at https://rcscaleparst.eu
2. The owner of the Online Store and the administrator of personal data of Customers - natural persons - and users whose data is related is the company SpecialDesign Urszula Lipska, NIP. 6581899688. REGON. 529891819, address: 41-250 Czeladź ul. Grodziecka 87 Poland, phone: email: orders@rcscaleparts.eu hereinafter referred to as the Administrator and being at the same time the Seller.
3. Personal data collected by the Administrator via the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU.L No. 119, p. 1) (General Data Protection Regulation, GDPR) and other currently applicable, i.e. throughout the period of processing of specific data, provisions of the law on the protection of personal data. Personal data means information about an identified or identifiable natural person (hereinafter referred to as Personal Data). An identifiable natural person is a person who can be directly or indirectly identified, in particular on the basis of an identifier such as name and surname, identification number, internet identifier, location data, one or more specific factors determining the physical, genetic, mental, economic, cultural or social identity of a natural person.
4. The Administrator takes special care to respect the privacy of Customers visiting its Online Store.
§ 1 Type of data processed, purposes and legal basis
1. The Administrator collects information on natural persons performing legal acts not directly related to their activities, natural persons conducting business or professional activities on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, conducting business or professional activities on their own behalf, hereinafter referred to as Customers.
2. The purposes of processing Customers' Personal Data by the Administrator are in particular:
a) registering an account in the Online Store, in order to create an individual account and manage this account. Legal basis - necessary for the performance of the contract for the provision of the Account service - art. 6 sec. 1 letter b GDPR;
b) placing an order in the Online Store, in order to perform the sales contract. Legal basis - necessary for the performance of the sales contract - art. 6 sec. 1 letter b GDPR;
c) Newsletter subscription, in order to perform the contract, the subject of which is the service provided electronically. Legal basis - consent of the person whose data is being processed, to perform the contract for the provision of the Newsletter service - art. 6 sec. 1 letter a GDPR.
3. When registering an account for the Newsletter service in the Online Store, the Customer provides the following data:
a) e-mail address.
4. When placing an order in the Online Store, the Customer provides the following data:
a) e-mail address;
b) address data: postal code and town, country, street, house/apartment number;
c) first name and last name;
d) telephone number.
5. Entrepreneurs provide the above data and additionally:
a) Entrepreneur's company name;
b) Tax Identification Number.
6. When using the Newsletter service, the Customer provides the following data:
a) e-mail address;
b) telephone number.
7. Additional information may also be collected when using the Online Store, including: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain, browser type, access time, operating system type.
8. Navigation data may also be collected from Customers, including information about the links and references they decide to click on or other activities performed in our Online Store. Legal basis - legitimate interest - art. 6 sec. 1 letter f of the GDPR, enabling better use of services provided electronically.
9. In order to determine, pursue and enforce claims, some personal data provided by the Customer as part of using the functionality may also be processed, including: first name, last name, data regarding the use of services, if the claims result from the way in which the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - legitimate interest - art. 6 sec. 1 letter f of the GDPR. f GDPR, consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state bodies.
10. Personal data collected by the Administrator are voluntarily provided to him in connection with concluded sales agreements or the provision of services via the Online Store, with the proviso that failure to provide the data specified in the forms in the Registration process prevents Registration and creation of a Customer Account, and in the event of placing an order without Registration of a Customer Account, it will prevent the order from being placed and fulfilled.
§ 2 Who can we transfer your data to and how long they are stored
1. The catalogue of recipients of Personal Data processed by the Administrator results primarily from the scope of services used by the Customer. The Customer's personal data are transferred to service providers used by the Administrator when running the Online Store. The Administrator's service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are subject to the Administrator's instructions as to the purposes and methods of processing such data - processors - or independently determine the purposes and methods of their processing - administrators.
a) Processing entities - The Administrator uses suppliers who process personal data only at the Administrator's request, including providers of hosting or ICT services, accounting services, providers of marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns, companies performing marketing campaigns, software servicing companies.
b) Administrators - The Administrator also uses suppliers who do not act solely at its request and themselves determine the purposes and methods of using the personal data of Customers. They provide electronic payment services and banking services.
2. Location - Service providers are based in Poland and other countries of the European Economic Area (EEA).
3. Personal data of Customers are stored:
a) In a situation where the basis for the processing of personal data is the consent provided, the Customer's personal data are processed by the Administrator until the consent is revoked. After its revocation, personal data are stored for a period corresponding to the limitation period for claims that the Administrator may raise and which may be raised against him. Unless special provisions provide otherwise, the limitation period is 10 years, and for claims for periodic benefits and claims related to running a business, 3 years.
b) In a situation where the basis for data processing is the performance of a contract, then the Customer's personal data are processed by the Administrator for as long as it is necessary to perform the contract. After this time, the personal data are processed for a period corresponding to the limitation period for claims. Unless special provisions provide otherwise, the limitation period is 10 years, for claims for periodic benefits and claims related to running a business, 3 years.
4. In the event of making a purchase in the Online Store, personal data may be transferred, depending on the Customer's choice, to the following entities, in order to deliver products ordered in the Online Store:
a) Poczta Polska S.A. with its registered office in Warsaw;
b) InPost Paczkomaty Sp. z o.o. with its registered office in Krakow, providing delivery services and maintenance of the Paczkomaty post office box system.
c) DHL Parcel Polska Sp. z o.o.
ul. Osmańska 2
02-823 Warsaw
5. If the Online Store Customer chooses to pay via the PayPal payment system, their personal data are transferred to the extent necessary to process the payment to PayPal (Europe) S.à r.l. & Cie, S.C.A with its registered office at L-1150 in Luxembourg,
6. Navigational personal data may be used to provide Customers with better service, to analyze statistical data and to adjust the Online Store to Customer preferences and to administer the Online Store.
7. If the Customer chooses the Newsletter subscription service, the Administrator will send information to their e-mail address or SMS messages to their mobile phone, containing commercial information about promotions, discounts, new products available in their Online Store.
8. In the event of a request to provide data to the Administrator, he will provide personal data to authorized state bodies, in particular organizational units of the Public Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.
§ 3 Cookies and IP addresses
1. Cookies used by the Administrator primarily serve to optimize the service of visitors when using the Online Store and provide the ability to develop statistics of visits to products presented in the Online Store. These files are saved by the Administrator on the end device of the person visiting the Online Store, if the web browser allows it. Cookies usually contain the name of the domain they come from, their "expiration time" and an individual, randomly selected number identifying these files.
2. Two types of cookies are used:
a) Session cookies - after the browser session ends or the computer is turned off, the saved information is deleted from the device's memory. The session cookie mechanism does not allow for downloading any personal data or any confidential information from the Customers' computers;
b) Persistent cookies - are stored in the memory of the Customer's end device and remain until they are deleted or expired. The persistent cookie mechanism does not allow for downloading any personal data or any confidential information from the Customers' computer.
3. The Administrator uses its own cookies for the purpose of:
a) authenticating the Customer in the Online Store and providing them with a Customer session after logging in to the Customer Account;
b) anonymous statistics and analyses that help understand how Customers use the Online Store.
4. The Administrator uses external cookies for the purpose of:
a) collecting static data via Google Analytics analytical tools - external cookie administrator: Google Inc. based in the USA;
b) presenting advertisements from the Google AdSense service - external cookie administrator: Google Inc. based in the USA;
c) promoting the Online Store on Facebook.com - external cookie administrator: Facebook Inc. based in the USA or Facebook Ireland based in Ireland;
5. The cookie mechanism is completely safe for the computers of the Online Store Customers. The Customer may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access by Cookies to their device. The Customer may change the settings referred to using the web browser settings. These settings may be changed in particular in such a way as to block the automatic handling of Cookies in the web browser settings or to inform each time Cookies are placed on the Customer's Device. Detailed information on the possibilities and methods of handling Cookies is available in the web browser settings. Blocking cookies may affect some of the functionalities available in the Online Store.
6. The Administrator may collect IP addresses of Customers. An IP address is a number assigned to the computer of a person visiting the Online Store by the Internet service provider. The IP address is used by the Administrator to diagnose technical problems with the server, create statistical analyses and improve the Online Store.
7. The Online Store contains links and references to other websites on the Internet and the Administrator is not responsible for the privacy policies applicable on these websites.
§ 4 Rights and obligations of the person whose Personal Data is processed
1. The right to withdraw consent - legal basis art. 7 sec. 3 GDPR.
a) The Customer has the right to withdraw any consent granted to the Administrator.
b) Withdrawal of consent takes effect from the moment of withdrawal of consent.
c) Withdrawal of consent does not fundamentally affect the processing performed by the Administrator in accordance with the law before its withdrawal.
d) Withdrawal of consent does not cause any negative consequences for the Customer of the Online Store, but may prevent further use of services or functionalities that can only be provided with consent.
2. The right to object to data processing - legal basis art. 21 GDPR.
a) The Customer has the right to object at any time to the processing of his personal data, including profiling, if the Administrator processes his data based on a legitimate interest, e.g. marketing of products and services, maintaining statistics on the use of individual functionalities of the Online Store and facilitating the use of the Online Store, and customer satisfaction surveys.
b) Resignation from receiving commercial messages regarding products or services, sent via e-mail, will constitute the Client's objection to the processing of his/her personal data, including profiling for these purposes.
c) If the Client's objection proves to be justified and the Administrator has no other legal basis for processing personal data, the Client's data will be deleted, to the processing of which the Client has filed this objection.
3. Right to delete data, right to be forgotten - legal basis art. 17 of the GDPR.
a) The Client has the right to send a request to delete all or some of the personal data.
b) The Client has the right to request the deletion of personal data if:
a. the personal data are no longer necessary for the purposes for which they were collected or for which they were processed;
b. the Client has withdrawn consent, to the extent to which the Client's data were processed based on his/her consent;
c. has filed an objection to the use of his/her data for commercial or marketing purposes;
d. the personal data are processed unlawfully;
e. personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State to which the Administrator is subject;
f. personal data have been collected in connection with the provision of information society services.
c) Despite the request to delete personal data, in connection with the filing of an objection or withdrawal of consent, the Administrator may retain some personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to comply with a legal obligation requiring their processing under EU law or the law of a Member State to which the Administrator is subject.
4. Right to restrict data processing - legal basis art. 18 GDPR.
a) The Online Store Customer has the right to request the restriction of the processing of their data. Submitting such a request prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by this request.
b) The Online Store Customer has the right to request the restriction of the use of personal data in the following situations:
a. in the event of inconsistency of their personal data, then the Administrator limits their use for the time needed to verify the correctness of this data;
b. when the processing of data is unlawful and the Client does not request its deletion but a restriction of its use;
c. when the Client's personal data are no longer necessary for the purposes for which they were collected or used but they are needed by the Client in order to establish, pursue or defend claims;
d. when he has filed an objection to the use of his data, then the restriction is for the time needed to consider whether, due to the special situation, the protection of the Client's interests, rights and freedoms outweighs the interests pursued by the Administrator by processing the Client's data.
5. The right to access data, legal basis art. 15 GDPR.
a) The Client has the right to obtain from the Administrator confirmation as to whether his personal data is being processed, and if so, the Client has the right to:
a. obtain access to his personal data;
b. obtain information about the purposes of processing and the recipients or categories of recipients of this data, the planned period of data storage or the criteria for determining this period, the rights of the Customer under the GDPR and the right to lodge a complaint with the supervisory authority, the source of the data, automated decision-making, including profiling and the security measures applied in connection with the transfer of this data outside the European Union;
c. obtain a copy of their personal data.
6. The right to rectify data - legal basis art. 16 GDPR.
a) The Customer has the right to demand that the Administrator immediately rectify their personal data that is incorrect. Taking into account the purposesin processing, the Customer has the right to request supplementation of incomplete personal data, including by submitting an additional statement, by sending an e-mail to the Administrator's e-mail address.
7. The right to transfer data - legal basis art. 20 of the GDPR.
a) The Customer has the right to receive their data, which they have provided to the Administrator, and then send them to another personal data administrator of their choice. The Online Store Customer also has the right to request that their indicated personal data be sent by the Administrator directly to such administrator, if technically possible. In such a situation, the Administrator will send such Customer data in the CSV file format, which is a commonly used format.
8. In the event that the Customer requests the fulfillment of their above rights, the Administrator has the right to fulfill them or refuse them, and will do so immediately.
9. The Customer has the right to submit complaints, inquiries and requests to the Administrator regarding the processing of their personal data and the implementation of their rights.
10. The Customer has the right to request that the Administrator provide copies of standard contractual clauses by sending a request to the Administrator's e-mail address.
11. The Client has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of his/her rights to the protection of personal data or other rights granted under the GDPR.
n
§ 5 Personal Data Protection
1. The Administrator declares that it makes every effort to provide Customers with a high level of security in the use of the Online Store and for this purpose:
a) applies technical and organizational measures required by law, in particular in the area of security of Personal Data processing;
b) applies measures ensuring the ability to continuously ensure the confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to quickly restore the availability of Personal Data and access to them in the event of a physical or technical incident;
d) provides Customers of the Online Store with a secure and encrypted connection when transferring personal data and when logging in to the Customer Account, using an SSL certificate.
2. Any events affecting the security of information transfer, personal data, including suspicions of sharing files containing viruses, should be reported to the Administrator by e-mail: orders@rcscaleparts.eu .
§ 6 Final Provisions
1. In matters not regulated in the Privacy Policy, the provisions of the law regarding the processing of Personal Data, including the GDPR, shall apply.
2. The current version of the Privacy Policy shall be effective from 15.10.2024.