I. Personal data protection
1. The controller of the personal data (in the meaning of Article 4 (7) of the GDPR) of Users using Shop functionalities is High & Safe Mariusz Solarz based in Krasnem (Krasne 400B, 36-007 Krasne, PL), NIP: 7721192631, REGON: 100705625.
2. The Seller has appointed a Data Protection Supervisor (DPS) who may be contacted in matters concerning personal data protection and the exercise of the rights related thereto. To that end, the User may contact the Data Protection Supervisor by means of electronic mail at sklep@highandsafe.pl, or by means of traditional mail at High & Safe Mariusz Solarz, Krasne 400B, 36-007 Krasne, PL (annotated with 'Data Protection Supervisor (DPS)).
3. Users' personal data may be processed for the following purposes and based on the following legal grounds:
3.1. accepting orders and performing contracts of sale (data processing legal grounds: Article 6 (1) (b) of the GDPR),
3.2. ongoing communication in matters related to the orders placed, inclusive of the confirmation of the same and information on the status thereof (data processing legal grounds: Art. 6 (1) (b) of the GDPR),
3.3. enabling registration and operation of a Shop User Account (in the event of the User creating the same) and providing other functionalities through the Shop, specified in Section IV of the Terms and Conditions, within the framework of the contract for the provision of services by electronic means concluded with the User (data processing legal grounds: Article 6 (1) (b) of the GDPR),
3.4. enabling the User to log in to their User Account using their Facebook account, involving User authentication on their account registered in the Shop through verification of their data against the data assigned to their Facebook account (in such case Facebook, in accordance with its user authentication tools, will provide the Seller with data comprising: first name, last name, email address, and profile picture), exclusively where the User selected this form of logging, with such processing being within legitimate interests of the Seller (Article 6(1)(f) of the GDPR),
3.5. examining complaints related to the concluded contracts of sale (Article 6 (1) (b) of the GDPR),
3.6. examining complaints related to the concluded contracts for the provision of services by electronic means – in the situation wherein the User has entered into such a contract with the Seller pursuant to the rules specified in Legal Notice (Article 6 (1) (b) of the GDPR),
3.7. accepting notifications and queries directed at the Seller, other than complaints and matters related to the contracts performed (e.g. via contact details indicated on the Shop Website), which constitutes the Seller's legitimate interest (data processing legal grounds: Article 6 (1) (f) of the GDPR),
3.8. accepting declarations of withdrawal from distance contracts of sale pursuant to the provisions hereof and the provisions of Section 4 of the Act dated 30 May 2014 on consumer rights, which is the Seller's legitimate interest (data processing legal grounds: Article 6 (1) (f) of the GDPR),
3.9. handling complaints, bringing and defending against claims, exercising extrajudicial methods for handling complaints and bringing claims, which is the Seller's legitimate interest (data processing legal grounds: Article 6 (1) (f) of the GDPR),
3.10. monitoring the manner wherein Users use the services provided within the framework of the Shop with respect to compliance with the Legal Notice, and with a view to developing Shop functionalities and improving the operation of the services provided through it, which is the Seller's legitimate interest (data processing legal grounds: Article 6 (1) (f) of the GDPR),
3.11. for direct marketing, including profiling, by selecting and displaying the goods available at the Store, taking into account the activity and preferences of specific Users, as well as by creating tailored groups of ad recipients taking into account their preferences, which is a legitimate interest of the Seller (legal grounds for processing: Article 6(1)(f) of the General Data Protection Regulation (GDPR)),
3.12. conducting statistical analyses, which is the Seller's legitimate interest (data processing legal grounds: Article 6 (1) (f) of the GDPR),
3.13. carrying out direct marketing, inclusive of profiling, by means of selecting and displaying available Goods from the Shop while allowing for specific User's activity and preferences, which is the Seller's legitimate interest (data processing legal grounds: Article 6 (1) (f) of the GDPR),
3.14. implementing legal requirements in the field of tax and accounting regulations, in particular those specified in the provisions of the Act dated 11 March 2004 on the tax on goods and services (VAT), of the Act dated 15 February 1992 on income tax from legal persons, and of the Act dated 29 September 1994 on accounting (data processing legal grounds: Article 6 (1) (c) of the GDPR),
3.15. storing data for archiving purposes and to demonstrate correct fulfilment of legal obligations imposed on the Seller, which is the Seller's legitimate interest (data processing legal grounds: Article 6 (1) (f) of the GDPR),
3.16. sending commercial information by electronic means, in the form of the Newsletter, if a particular individual has expressed a separate consent to receiving commercial information by electronic means,
3.17. storing data in the form of cookies, collecting data from the Shop Website and the Shop mobile version, if a particular individual has expressed a separate consent thereto pursuant to the terms of the Cookies Policy applicable on the Shop Website.
4. Users' personal data may be disclosed to the following categories of recipients:
4.1. subcontractors providing the Seller with technical support regarding operation, maintenance and development of the Shop, such as hosting service providers, Shop management software providers, Shop software technical maintenance service providers, commercial correspondence mailing software providers, Customer Service Office maintenance service providers, marketing agencies wherewith the Seller has entered into legally required data processing outsourcing agreements;
4.2. entities supporting the Seller in its marketing and sales activities, such as marketing agencies, entities running online portals, including social media portals;
4.3. entities supporting the Seller in the implementation of applicable laws, rights and obligations arising herefrom in connection with the provision of services through the Shop, such as law firms and debt collection agencies wherewith the Seller has entered into legally required data processing outsourcing agreements;
4.4. entities requiring data provision to ensure proper service provision through the Shop, as requested by a particular User – electronic payment service providers (if this option payment is selected), entities delivering goods to the address specified (courier services, shipping companies) whereto the data are made available as to separate controllers or wherewith the Seller has entered into legally required data processing outsourcing agreements (depending on the status of these entities with respect to the personal data provided).
5. Users' personal data may be transferred by the Seller outside the European Economic Area (EEA) as part of using subcontractors' services (out of the categories of recipients referred to in item 4 hereinabove). In such case, the Seller shall ensure legally required personal data protection measures, namely (depending on the case):
5.1. provision to a subcontractors located in a third country in respect whereof a decision has been made, finding an adequate level of protection in accordance with the requirements of Article 45 of the GDPR;
5.2. data are provided on the basis of a data transfer agreement with a subcontractor that has been based on the Standard Contractual Clauses adopted by a decision by the European Commission;
5.3. data are provided within the framework of binding corporate rules applied by the subcontractor and referred to in Article 47 of the GDPR.
For more information on the Seller's security measures associated with the transmission of data outside the EEA can be obtained by contacting the Data Protection Supervisor appointed by the Seller.
6. Apart from the foregoing instances, Users' personal data may be transferred outside the EEA only in those cases wherein a specific User is ordering from a country located outside the EEA and expected the goods ordered to be delivered to the said country. In such case, the Seller shall transfer the User's personal data outside the EEA solely to properly fulfil the order placed and deliver the same to the address specified therein, in accordance with the User's request.
7. Personal data obtained shall be stored by the Seller throughout the period of performance of the Contracts of Sale concluded, until they are correctly settled, and throughout the period of Shop service provision (to Users) for the period of agreements on the provision of services by electronic means; moreover:
7.1. until potential claims under the contracts / agreements specified hereinabove become prescribed,
7.2. for the time required by the Seller to vindicate or defend specific claims (if brought by a User in connection with the concluded contracts / agreements specified hereinabove),
7.3. for the time of fulfilment of the obligations under the law, tax and accounting regulations in particular, for instance obligations related to the storage of documentation pursuant to the requirements of Article 74 of the Accounting Act of 29 September 1994,
7.4. for the period required by the Seller to demonstrate before public administration bodies, including personal data protection supervision bodies, proper fulfilment of the legal obligations imposed thereon,
7.5. for archiving purposes when it concerns the history of the correspondence and replies to the questions asked (not directly related to the concluded contracts / agreements) – for a period which shall be no longer than 3 years from obtaining the data,
7.6. for direct marketing purposes – for the period of agreements on the provision of services by electronic means (Users) and for the period of performance of contracts of sale, or until data processing for this purpose is objected,
7.7. until the consent to data processing is withdrawn, or data become obsolete (found so by the Seller) if data are processed pursuant to the consent given by a specific individual.
8. The Seller shall provide each User with the right to exercise all of their rights under the GDPR, i.e. the right to request access to the personal data thereof, the right to rectify, delete or demand restriction of processing thereof, the right to data transfer, and the right to object to the processing thereof, on the terms and in the cases provided for in the provisions of the GDPR.
9. In the case of the Seller processing personal to realise a legitimate interests thereof (specified hereinabove), each User shall have the right object to data processing for reasons relating to a specific situation thereof.
10. Data processed to realise a legitimate interest consisting in the Seller carrying out direct marketing shall be processed solely until objection to this form of processing. The User shall have the right to object to the processing of the personal data thereof for direct marketing purposes, including profiling, at any time.
11. In the event of the Seller processing personal data pursuant to a consent given by the User, any individual shall have the right to withdraw the consent to the processing of the personal data thereof at any time, which shall not affect legality thereof preceding the withdrawal.
12. Provision of personal data with respect to:
12.1. Users who wish to create a Shop User Account – to register and create a User account, it shall be required to provide data within the scope specified in the registration form, i.e. first name, last name, address of residence, e-mail address. A failure to provide the same shall prevent User Account creation (and, consequently, conclusion of an agreement on the provision of services by electronic means), but the Client shall still be able to place orders through the Shop within the option without registering a User Account;
12.2. Users placing orders through the Shop – to place and enable the Seller to fulfil the same (and, consequently, to conclude a contract of sale), it shall be required to provide the following data: first name, last name, address of residence (or another address for delivery), e-mail address, telephone number. A failure to provide the same shall result in the inability to accept the order (and, consequently, to conclude a contract of sale);
12.3. Users submitting a declaration of withdrawal from a contract of sale – to submit a declaration of withdrawal from a distance contract of sale, it shall be required to provide the following data: first name, last name, e-mail address, address of residence (street, house / apartment number, postal code, town / city (post office)), telephone number, order number, bank account number. A failure to provide the same shall prevent effective submission of the declaration of withdrawal from the contract of sale, and a failure to specify the bank account number may prevent the refund;
12.4. Users making complaints with respect to the contract of sale concluded – to make the same and enable the Seller to examine it, it shall be required to provide the following data: first name, last name, e-mail address, bank account number, address (street, house / apartment number, postal code, town / city (post office)), telephone number, form of compensation, order number, and information what Goods specifically are complained about, and for what reason. A failure to provide the same shall prevent the Seller from examining the complaint;
12.5. Users making complaints with respect to the agreement on the provision of services by electronic means, concluded with the Seller pursuant to the rules specified in Terms and Conditions – to make the same and enable the Seller to examine it, it shall be required to provide the e-mail address provided by the User during the Shop User Account registration or during registration of the subscription to the Newsletter (if the complaint is related to the said service). A failure to provide the same may prevent the Seller from examining the complaint;
12.6. In other cases, provision of data shall be voluntary.
13. The Seller shall not conduct User data processing operations in an automated manner resulting in decisions having legal effects thereon or similarly and significantly affecting the situation thereof. Possible automated data processing, including profiling, shall be used solely to analyse and forecast individual preferences of Users using the Shop.
14. Any individual personal data whereof are processed by the Seller shall have the right to file a data processing related complaint with the supervisory body, i.e. the Inspector General for Personal Data Protection; as of the entry into force of the new act on personal data protection, with the legal successor thereof, i.e. the Head of the Office For Personal Data Protection having its registered address at ul. Stawki 2, 00-193 Warsaw.
II. Cookie Policy
1. This Cookie Policy sets forth the rules for the use of small files, hereinafter referred to as "cookies", used by the website at: www.highandsafe.pl (hereinafter referred to as "the Website").
2. The owner of the Website is High & Safe Mariusz Solarz having its regestered address in Krasne (Krasne 400B, 36-007 Krasne, PL), NIP: 7721192631, REGON: 100705625, (hereinafter referred to as “Seller”).
3. Cookie files are IT files, in particular text files, which are stored on terminal devices of Users visiting the Online Store (e.g. on a computer, phone or other device from which Users have connected to the Online Store) and are intended for use within the Online Store, if the internet browser allows it.
4. A cookie usually contains a name of a domain, which it comes from, the time it is stored on the User’s terminal device and a randomly selected individual number identifying the file. The main purpose of the cookies is to make it easier for the User to use the Website and to make it more user-friendly, without causing any damage to the User’s computer or other terminal device. Information collected by means of such files will be stored for the purpose of maintaining the User's session within the Website, and it may improve the Website through assessments concerning the Website usage statistics, help to adjust products offered by Seller to the Users’ individual preferences and actual needs, speed up searches, etc. and if Seller obtains the User’s prior informed consent, Seller may use cookies, tags or other similar functionalities to obtain information allowing to display advertisements, both from the Website and from third parties’ websites or otherwise, based on the analysis of the User’s viewing habits.
The information stored or accessed does not change the configuration of the end-user's telecommunications terminal device or the software installed therein.
5. Seller uses four types of cookies:
5.1. Session cookies: collect information on the user’s activities and exist only during a given session, which begins with opening the Website and ends with closing it. At the end of a browser session or upon turning off a computer, the stored information is deleted from the memory of the User's terminal device. The session cookie mechanism does not allow downloading of any personal data or any confidential information from the User's computer.
5.2. Persistent cookies: are stored in the memory of the User's terminal device and remain there until they are deleted or expired. The permanent cookie mechanism does not allow downloading any personal data or any confidential information from the User's computer.
5.3. Own cookies: placed by Seller.
5.4. External cookies: placed by third parties, approved by Seller, including cookies of the Google Analytics tools used to analyse activities of Users of the Website for statistical purposes.
6. Seller uses its own cookies for:
6.1. authentication of the User on the Website and provision of the User's session on the Website (after logging in), thanks to which the User does not have to re-enter the login and the password on every subpage of the Website;
6.2. analyses and research, as well as the audience measurement audit, and in particular creation of anonymous statistics that help to understand how Users use the Website, which enables improvement of its structure and content.
7. Seller uses external cookies for:
7.1. popularization of the Website by means of the social network facebook.com (external cookie administrator: Facebook Inc., based in the USA, or Facebook Ireland, based in Ireland);
7.2. collecting general and anonymous static data using analytical tools Google Analytics (external cookie administrator: Google Inc. based in the USA);
7.3. enabling the assessment of the correctness and effectiveness of advertising activities conducted using in particular the AdWords and DoubleClick networks (external Google AdWords and DoubleClic cookie administrator: Google Inc. based in the USA), for the purpose of such services as remarketing, categories of interest, similar customers, other types of advertising based on interests and demographic and location orientation.
8. Cookies are safe for the computers of the Website’s Users. In particular, it is not possible for viruses or other unwanted software or malware to get to the User's computers this way.
9. Cookies are used on the Website with the User's consent. The consent may be obtained from the User through appropriate software settings, in particular the Internet browser, installed on a device used by the User to browse the contents of the Website.
10. The User may at any time withdraw or change the scope of the previously granted consent to the use of cookies on the Website and remove them from his/her browser. Although the settings vary from browser to browser, cookies are usually configured in the "Preferences" or "Tools" menus. Detailed information about the possibility and methods of using cookies is available in the settings of the software (web browser). If you use this option, you will be able to use the Website, apart from the functions that by their very nature require cookies. Limiting the use of cookies may affect some of the functionalities available on the Website and may hinder the proper functioning of the Website.
11. Cookies do not store information constituting personal data of the Website’s Users. Cookies are not used to identify the User or to collect or store sensitive personal data.
12. The Online Store contains links and references to other websites. Seller is not responsible for their privacy practices.
13. The cookie policy may be subject to change and Seller will inform the Users about this fact one day in advance.
14. If you have any questions regarding the cookies policy, please contact us: shop@highandsafe.pl.