madejcarport.de

Menu

Privacy policy

OF THE ONLINE STORE SHOP.MADEJCARPORT.DE

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. BASIS FOR DATA PROCESSING
  3. PURPOSE, LEGAL BASIS, AND STORAGE PERIOD OF DATA PROCESSING IN THE ONLINE STORE
  4. RECIPIENTS OF DATA IN THE ONLINE STORE
  5. PROFILING IN THE ONLINE STORE
  6. RIGHTS OF THE DATA SUBJECT
  7. COOKIES AND ANALYTICS IN THE ONLINE STORE
  8. FINAL PROVISIONS

 

  1. GENERAL PROVISIONS

1.1. This Privacy Policy of the Online Store is informational in nature, which means it does not create obligations for Service Recipients or Customers of the Online Store. The Privacy Policy primarily contains the principles regarding the processing of personal data by the Administrator in the Online Store, including the legal bases, purposes, and periods for processing personal data, the rights of data subjects, as well as information on the use of Cookies and analytical tools in the Online Store.
1.2. The Administrator of the personal data collected through the Online Store is Paula Madej, running a business under the name MADEJ STAL PAULA MADEJ, registered in the Central Registration and Information on Business of the Republic of Poland, managed by the minister responsible for economic affairs, with the following details: business address and address for correspondence: ul. Łąkowa 2, 66-436 Lemierzyce, NIP 4290007313, REGON 380395828, email address: kontakt@madejcarport.de, and phone number: +48 512 159 233 or +49 163 5270606 – hereinafter referred to as the “Administrator” and also acting as the Service Provider and Seller of the Online Store.
1.3. Personal data in the Online Store are processed by the Administrator in accordance with applicable laws, particularly the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the “GDPR” or the “GDPR Regulation”. Official text of the GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
1.4. Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the User or Customer of the Online Store is voluntary, with two exceptions: (1) entering into agreements with the Administrator – failure to provide the personal data necessary for entering into and performing the Sales Agreement or Electronic Service Agreement with the Administrator, as indicated on the Online Store’s website and in the Online Store’s Terms and this Privacy Policy, will result in the inability to enter into such agreements. Providing personal data is therefore a contractual requirement, and if the person whose data is being provided wishes to enter into the agreement with the Administrator, they are obligated to provide the required data. The scope of the data required to conclude the agreement is always indicated on the Online Store’s website and in the Terms of the Online Store; (2) statutory obligations of the Administrator – providing personal data is a legal requirement arising from generally applicable legal regulations that impose an obligation on the Administrator to process personal data (e.g., processing data for bookkeeping purposes), and failure to provide this data will prevent the Administrator from fulfilling those obligations.
1.5. The Administrator takes special care to protect the interests of the persons whose personal data are processed, and in particular, ensures that the data collected are: (1) processed lawfully; (2) collected for specified, legitimate purposes and not processed further in a manner incompatible with those purposes; (3) accurate and relevant to the purposes for which they are processed; (4) stored in a form which allows identification of the data subjects for no longer than is necessary for the purposes of processing; and (5) processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.
1.6. Considering the nature, scope, context, and purposes of processing, as well as the risks to the rights and freedoms of individuals with different probabilities and severity of the threat, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR Regulation and to demonstrate compliance. These measures are reviewed and updated as needed. The Administrator uses technical measures to prevent unauthorized persons from obtaining or altering personal data transmitted electronically.
1.7. Any words, phrases, and acronyms appearing in this Privacy Policy, starting with a capital letter (e.g., Seller, Online Store, Electronic Service), should be understood according to their definitions contained in the Online Store’s Terms available on the Online Store’s website.

2.BASIS FOR DATA PROCESSING

  1. 2.1. The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party, or for taking steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring protection of personal data, particularly where the data subject is a child.
    2.2. The processing of personal data by the Administrator requires the fulfillment of at least one of the bases mentioned in section 2.1 of the Privacy Policy. The specific bases for processing personal data of the Users and Customers of the Online Store by the Administrator are indicated in the next section of the Privacy Policy – in relation to the specific purpose of processing personal data by the Administrator.

 

3.PURPOSE, LEGAL BASIS, AND STORAGE PERIOD OF DATA PROCESSING IN THE ONLINE STORE

  1. 3.1. The purpose, legal basis, and period of processing as well as the recipients of personal data processed by the Administrator are determined by the actions taken by the User or Customer in the Online Store or by the Administrator. For example, if a Customer chooses to make a purchase in the Online Store and selects in-store pickup of the purchased product instead of delivery, their personal data will be processed for the purpose of performing the Sales Agreement, but it will not be shared with the carrier responsible for delivering shipments on the Administrator’s behalf.
    3.2. The Administrator may process personal data in the Online Store for the following purposes, based on the legal grounds and periods indicated in the table below:

Purpose of Data Processing

Legal Basis for Processing

Data Retention Period

Execution of the Sales Agreement or Electronic Service Agreement, or taking steps at the request of the data subject before concluding such agreements

Article 6(1)(b) GDPR (contract performance) – processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject before concluding the contract

Data will be stored for the period necessary to execute, terminate, or otherwise end the Sales Agreement or Electronic Service Agreement

Direct marketing

Article 6(1)(f) GDPR (legitimate interest of the Administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which include safeguarding the interests and reputation of the Administrator, the Online Store, and the goal of selling Products

Data will be stored for the duration of the legitimate interest pursued by the Administrator, but not longer than the statutory limitation period for claims of the Administrator against the data subject arising from the Administrator’s business activities. The limitation period is set by law, in particular, the Civil Code (the general limitation period for claims related to business activities is three years, and for Sales Agreements, it is two years). The Administrator cannot process data for direct marketing if the data subject effectively objects to it.

Marketing

Article 6(1)(a) GDPR (consent) – the data subject has consented to the processing of their personal data for receiving marketing information from the Administrator

Data will be stored until the data subject withdraws consent for further processing of their data for this purpose.

Bookkeeping

Article 6(1)(c) GDPR (legal obligation) in connection with Article 74(2) of the Accounting Act (January 30, 2018, Journal of Laws 2018, item 395, as amended) – processing is necessary for fulfilling a legal obligation on the Administrator

Data will be stored for the period required by the law imposing an obligation on the Administrator to retain accounting records (5 years, starting from the beginning of the year following the year the data pertains to).

Determining, pursuing, or defending claims that may be raised by the Administrator or against the Administrator

Article 6(1)(f) GDPR (legitimate interest of the Administrator) – processing is necessary for the legitimate interests pursued by the Administrator, which include determining, pursuing, or defending claims

Data will be stored for the period of the legitimate interest pursued by the Administrator, but not longer than the limitation period for claims that can be raised against the Administrator (the basic limitation period for claims against the Administrator is six years).

Using the Online Store and ensuring its proper functioning

Article 6(1)(f) GDPR (legitimate interest of the Administrator) – processing is necessary for the legitimate interests pursued by the Administrator, which include operating and maintaining the Online Store

Data will be stored for the period of the legitimate interest pursued by the Administrator, but not longer than the limitation period for claims of the Administrator against the data subject arising from the Administrator’s business activities. The limitation period is set by law, in particular, the Civil Code (the basic limitation period for claims related to business activities is three years, and for Sales Agreements, it is two years).

Keeping statistics and analyzing traffic on the Online Store

Article 6(1)(f) GDPR (legitimate interest of the Administrator) – processing is necessary for the legitimate interests pursued by the Administrator, which include keeping statistics and analyzing traffic in the Online Store to improve its operation and increase product sales

Data will be stored for the period of the legitimate interest pursued by the Administrator, but not longer than the limitation period for claims of the Administrator against the data subject arising from the Administrator’s business activities. The limitation period is set by law, in particular, the Civil Code (the basic limitation period for claims related to business activities is three years, and for Sales Agreements, it is two years).

  1. RECIPIENTS OF DATA IN THE ONLINE STORE
    4.1. To ensure the proper functioning of the Online Store, including the fulfillment of Sales Agreements, the Administrator may use the services of external entities (such as software providers, courier companies, or payment processors). The Administrator works exclusively with data processors that provide adequate guarantees for implementing appropriate technical and organizational measures to ensure that the processing complies with the GDPR and protects the rights of the data subjects.
    4.2. Personal data may be transferred by the Administrator to a third country, provided that the Administrator ensures that the data is transferred to a country that provides an adequate level of protection in accordance with the GDPR, or in the case of other countries, that the transfer is carried out based on standard data protection clauses. The Administrator ensures that the data subject can obtain a copy of their data. The Administrator only transfers collected personal data in cases and to the extent necessary to fulfill the relevant data processing purpose in line with this Privacy Policy.
    4.3. The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients mentioned in the Privacy Policy – the Administrator transfers data only when necessary to achieve the given purpose of personal data processing and only to the extent required to achieve that purpose. For example, if a Customer opts for in-store pickup, their data will not be shared with the carrier cooperating with the Administrator.
    4.4. Personal data of Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
    4.4.1. carriers / forwarders / courier brokers / entities handling warehouse and/or shipping processes – for a Customer who selects postal or courier delivery of the Product in the Online Store, the Administrator will share the collected personal data with the selected carrier, forwarder, or intermediary handling shipments on the Administrator’s behalf, and if the shipment is made from an external warehouse, the entity handling the warehouse and/or shipping process, to the extent necessary to deliver the Product to the Customer.
    4.4.2. entities handling electronic or credit card payments – for a Customer who uses electronic payment methods or credit card payments in the Online Store, the Administrator will share the collected personal data with the selected entity handling the payment on behalf of the Administrator, to the extent necessary to process the payment made by the Customer.
    4.4.3. service providers supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business, including the Online Store and the Electronic Services provided through it (particularly software providers for managing the Online Store, email and hosting service providers, and providers of business management software and technical support for the Administrator) – the Administrator shares the collected personal data of the Customer with the selected service provider acting on the Administrator’s behalf only in cases and to the extent necessary to fulfill the given data processing purpose in line with this Privacy Policy.
    4.4.4. accounting, legal, and advisory service providers offering the Administrator accounting, legal, or advisory support (particularly accounting offices, law firms, or debt collection agencies) – the Administrator shares the collected personal data of the Customer with the selected service provider acting on the Administrator’s behalf only in cases and to the extent necessary to fulfill the given data processing purpose in line with this Privacy Policy.
  2. PROFILING IN THE ONLINE STORE
    5.1. The GDPR requires the Administrator to inform individuals about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and – at least in such cases – provide essential information on the rules for making such decisions, as well as the significance and expected consequences of such processing for the data subject. Bearing this in mind, the Administrator provides information about possible profiling in this section of the Privacy Policy.
    5.2. The Administrator may use profiling in the Online Store for direct marketing purposes, but the decisions made based on profiling by the Administrator will not concern the conclusion or refusal to conclude a Sales Agreement or the ability to use Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, offering a discount, sending a discount code, reminding the customer about incomplete purchases, offering a product that may match the interests or preferences of the individual, or proposing better terms compared to the standard offer of the Online Store. Despite profiling, the individual is free to decide whether they want to use the discount or better terms and make a purchase in the Online Store.
    5.3. Profiling in the Online Store involves the automatic analysis or prediction of a person’s behavior on the Online Store website, for example, by adding a specific product to the shopping cart, viewing the page of a particular product in the Online Store, or analyzing the history of previous purchases in the Online Store. The condition for such profiling is that the Administrator has personal data about the individual to then send them, for example, a discount code.
    5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
  3. RIGHTS OF THE DATA SUBJECT
    6.1. Right of access, rectification, restriction, deletion, or transfer – the data subject has the right to request the Administrator to access their personal data, rectify, delete (“right to be forgotten”), or restrict processing, as well as the right to object to processing and the right to data portability. Detailed conditions for exercising these rights are provided in Articles 15-21 of the GDPR.
    6.2. Right to withdraw consent at any time – the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
    6.3. Right to lodge a complaint with the supervisory authority – the data subject has the right to lodge a complaint with the supervisory authority in accordance with the provisions of the GDPR and Polish law, particularly the Personal Data Protection Act. In Poland, the supervisory authority is the President of the Personal Data Protection Office.
    6.4. Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or task) or (f) (legitimate interest of the administrator), including profiling based on those provisions. In such a case, the Administrator may no longer process the personal data unless it demonstrates the existence of compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
    6.5. Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that processing is related to direct marketing.
    6.6. To exercise the rights mentioned in this section of the Privacy Policy, the data subject can contact the Administrator by sending a written or electronic message to the Administrator’s address provided at the beginning of this Privacy Policy or using the contact form available on the Online Store’s website.
  4. COOKIES IN THE ONLINE STORE AND ANALYTICS
    7.1. Cookies are small text files sent by the server and stored on the device of the person visiting the Online Store’s website (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on the device used by the visitor). Detailed information about cookies, as well as their history, can be found here: https://en.wikipedia.org/wiki/HTTP_cookie.
    7.2. Cookies sent by the Online Store’s website can be divided into various types based on the following criteria:
  • By their provider:
    1. First-party cookies (created by the Online Store’s website),
    2. Third-party cookies (created by entities other than the Administrator).
  • By their storage duration on the device of the person visiting the website:
    1. Session cookies (stored until the person leaves the website or closes the web browser),
    2. Persistent cookies (stored for a defined period set by the parameters of each cookie or until manually deleted).
  • By the purpose of their use:
    1. Necessary (enabling the proper functioning of the Online Store),
    2. Functional/preference (enabling the customization of the Online Store according to the preferences of the visitor),
    3. Analytical and performance (gathering information on how the website is used),
    4. Marketing, advertising, and social (gathering information about the visitor for displaying personalized advertisements, measuring effectiveness, and performing other marketing activities, including on websites separate from the Online Store, such as social media portals or other sites belonging to the same advertising networks as the Online Store).
      7.3. The Administrator may process data contained in cookies during the visitor’s use of the Online Store for the following specific purposes:
  • Purpose of cookies in the Online Store:
    • Remembering products added to the shopping cart for order submission (necessary cookies).
    • Remembering data entered in forms or surveys on the Online Store pages (necessary or functional/preference cookies).
    • Customizing the content of the Online Store’s website to individual preferences of the user (e.g., regarding colors, font size, layout) and optimizing website use (functional/preference cookies).
    • Conducting anonymous statistics to present how the website is used (analytical and performance cookies).
    • Displaying and rendering advertisements, limiting the number of times an ad is shown, skipping ads that the user does not want to see, measuring ad effectiveness, and personalizing advertisements based on anonymous analysis of user behavior (e.g., recurring visits to certain pages, keywords) to create profiles and deliver ads matching their predicted interests, even when visiting other websites in Google’s or Meta’s advertising network (marketing, advertising, and social cookies).

7.4. It is possible to check, in the most popular web browsers, which cookies (including their duration and provider) are being sent by the Online Store’s website at the moment, in the following way:

  • In Chrome browser:
    (1) Click on the padlock icon to the left of the address bar.
    (2) Go to the “Cookies” tab.
  • In Firefox browser:
    (1) Click on the shield icon to the left of the address bar.
    (2) Go to the “Allowed” or “Blocked” tab.
    (3) Click on the “Cookies tracking between websites,” “Social media tracking elements,” or “Tracking content elements.”
  • In Internet Explorer browser:
    (1) Click on the “Tools” menu.
    (2) Go to the “Internet Options” tab.
    (3) Go to the “General” tab.
    (4) Go to the “Settings” tab.
    (5) Click on the “View files” button.
  • In Opera browser:
    (1) Click on the padlock icon to the left of the address bar.
    (2) Go to the “Cookies” tab.
  • In Safari browser:
    (1) Click on the “Preferences” menu.
    (2) Go to the “Privacy” tab.
    (3) Click on the “Manage Website Data” button.
    Regardless of the browser, tools such as https://www.cookiemetrix.com/ or https://www.cookie-checker.com/ can also be used to check cookies.

7.5. By default, most web browsers accept cookies. Users have the ability to define the conditions for cookie usage through their browser settings. This means that users can partially limit (e.g., temporarily) or completely disable the ability to store cookies. However, this may affect certain functionalities of the Online Store (e.g., it may become impossible to proceed with the order process due to the inability to remember the products in the cart during subsequent steps of the order).

7.6. Browser settings regarding cookies are important from the perspective of consent for the Online Store to use cookies. According to the regulations, this consent can also be given through the browser settings. Detailed information on changing settings for cookies and how to delete them in the most popular browsers is available in the browser’s help section or on the following websites (just click on the respective link):

  • In Chrome browser
  • In Firefox browser
  • In Internet Explorer browser
  • In Opera browser
  • In Safari browser
  • In Microsoft Edge browser

7.7. The Administrator may use Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Online Store. These services help the Administrator maintain statistics and analyze traffic on the Online Store’s website. The collected data is processed within these services to generate statistics useful for managing the Online Store and analyzing website traffic. This data is aggregated. By using these services in the Online Store, the Administrator collects data such as the sources and medium through which visitors arrived at the Online Store, their behavior on the website, information about the devices and browsers they used, IP addresses, domain names, geographical and demographic data (age, gender), and interests.

7.8. It is possible for the data subject to easily block the sharing of their activity information with Google Analytics by installing a browser extension provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=en.

7.9. Due to the possibility of using advertising and analytics services provided by Google Ireland Ltd. in the Online Store, the Administrator indicates that full information on the principles of processing data of visitors to the Online Store (including data stored in cookies) by Google Ireland Ltd. can be found in Google’s privacy policy available at: https://policies.google.com/technologies/partner-sites.

7.10. The Administrator may use the Meta Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) in the Online Store. This service helps the Administrator measure the effectiveness of advertisements and learn what actions visitors take on the Online Store’s website. Additionally, it allows the Administrator to display targeted ads to these individuals. Detailed information about how the Meta Pixel works can be found at: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.11. Management of the Meta Pixel service is possible through the ad settings in the individual’s Facebook account at: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

  1. FINAL PROVISIONS
    8.1. The Online Store may contain links to other websites. The Administrator encourages users to review the privacy policy of those websites once they are redirected. This Privacy Policy only applies to the Online Store operated by the Administrator.