interatletika.pl
0
Privacy Policy of InterAtletika

Privacy Policy of InterAtletika

1. Purpose of the privacy policy

This privacy policy is for informational purposes only.

The services of the online store available at https://interatletika.pl/ are carried out by uploading the website, browsing the website, purchasing goods, using services or other related features, communicating or creating an account. It involves processing the personal data of persons interacting with the online store. This document aims to demonstrate the principles of operation of the Online Store, as well as the rules for handling and processing personal data.

At the same time, it has to be noted that this policy does not describe how personal data is processed in InterAtletika's social media profiles. For information on such processing, please read the privacy policy and the relevant information on processing personal data posted on the respective social media profiles.

The following terms shall be interpreted as follows in this document:

  • "Data" means the personal data of persons interacting with the Online Store within the meaning of the General Data Protection Regulation (GDPR);
  • "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
  • "Regulations" the Regulations of the Online Shop operated by InterAtletika, available at https://interatletika.pl/regulamin/
  • "Policy on the Use of Cookies and Similar Technologies" - a document containing essential information about cookies and other similar technologies used on the websites available on the https://interatletika.pl/cookies_policy/ domain;
  • "We" and its derivative forms - InterAtletika with its registered office at Poland, Warsaw, Staniewicka str. 14
  • "You" and its derivatives - the user of the Online Store and other persons interacting with the Online Store and other related websites, communications, and services.

2. Data controller

The controller of the data collected:

  • through the Online Store, in particular, using cookies, similar technologies, or other channels of communication with you;
  • based on your activity on the Internet,

is a company InterAtletika with its registered office at Staniewicka 14 str., apt. 211, 03-310 Warsaw, Poland (which is also the address for sending correspondence), registered District Court for the Capital City of Warsaw, REGON: 361564480, EU VAT: 6751518338.

Please contact us with questions regarding data at the registered office or by e-mail at info@interatletika.pl . In some instances, we process your data on behalf of our partners—data controllers, i.e., we act to a certain extent as their data processors. This is possible in cases where we offer you additional services from our partners, such as further product insurance.

3. Purpose and legal basis for data processing. Consequences of refusal to transfer data

Purpose of data processingLegal basis for data processingConsequences of not providing data?

Management of the website of the online store, through which we provide you with the opportunity to create, access, and use a user account, maintain it, and ensure the proper functioning of the functions related to the account and the use of the website, for example, leave feedback or comments on the website.

Implementation of the contract for the sale of products or services concluded between you and us, in particular in connection with the execution of orders (placing an order, payment process, insurance, shipment, issuance of sales documents, use of guarantees, filing complaints, cancellation of the contract, etc.).

Use of additional services related to the execution of the order, for example, delivery of goods, collection of used equipment, assembly, installation, and configuration.

Use our other services and functions on the website, such as chatbots.

Article 6(1)(b) GDPR is the basis for processing such data.

If you enter into a purchase agreement with us (place an order), the data you provide in the order form will be processed to execute and settle the agreement or to allow you to exercise your right to complain or cancel it.

Likewise, if you have ordered digital content from us, the data you provide will be processed to deliver the ordered file (e.g., software updates), related contacts, and possible settlements.

The provision of this data is voluntary; however, refusal to provide the data may hinder or impede the conclusion or performance of the contract or our services.

Fulfilment of legal obligations, including obligations arising from taxation and accounting rules.

The basis for processing such data is Art. 6 (1) (c) GDPR.

The right to request the data is based on the law, and you are obliged to provide it. Refusing to provide the data will prevent us from properly fulfilling our legal obligations and may have other legal consequences, depending on the situation.

Processing requests submitted when not directly related to the transaction implementation.

The basis for processing such data is Art. 6(1)(f) GDPR. Our legitimate interest in this case is our right to process your requests.

The provision of data is voluntary but necessary for processing your request.

Communication via the Customer Service Centre (processing personal data in connection with your communication with our Customer Service Centre).

The basis for processing such data is Article 6(1)(f) GDPR. Our legitimate interest in this case is our right to process your requests and to communicate with you at your request.

The provision of data is voluntary but necessary for processing your request.

Determining, investigating, or defending legal claims, if necessary.

The legal basis for processing such Data is Article 6(1)(f) GDPR. The basis for processing such data is Article 6 (1) (f) GDPR. Our legitimate interest in this case is our right to take measures to determine, investigate, or defend these claims.

The data is collected automatically.

Marketing purposes: we may ask you to provide feedback about our online store, and our products and services; we may advertise our products and services to you and display personalized advertising or offers relevant to your interests. For this purpose, we profile users, which, however, does not affect your rights and freedoms.

The basis for processing such data is Art. 6 (1) (f) GDPR. Our legitimate interest in this case is our right to engage in marketing for direct marketing purposes.

The data is collected automatically.

Providing you with marketing materials (newsletters)

The basis for processing this data is Art. 6 (1) (f) GDPR.

Your email address or telephone number will be used to send you commercial information (e.g., a newsletter) to provide access to our online store's current offers and its partners. Our legitimate interest includes the right to act for direct marketing purposes.

Providing data is voluntary but necessary if you want to receive marketing information.

A newsletter or other commercial information will only be sent to you if you give your additional consent to this (by the Act of 16.07.2004 on Telecommunications Law)

Management of the page of our online store (for example, we collect and store HTTP requests sent to our server, store IP addresses from which users view the information content of our website, URLs of the page previously viewed by the user from which the redirect took place, information about the user's browser)

The basis for processing such data is Art.6 (1) (f) GDPR. Our legitimate interest in this case is our right to take measures to minimise the risk of events that may have adverse consequences for us.

The data is collected automatically.

Detection of possible security threats and ensure the safe and uninterrupted operation of this website, in particular, to detect, prevent, and mitigate the effects of security incidents, cyber-attacks, and similar malicious acts and acts that may expose us to liability or cause damage to users.

The basis for processing such data is Article 6(1)(f) GDPR. Our legitimate interest in this case is the right to ensure the safe and uninterrupted operation of our online store and website.

The data is collected automatically.

Analytical and statistical purposes: to better understand our customers' needs and the effectiveness of our operations, as well as to improve our services, products, and overall customer experience (including using third-party solutions such as Google Analytics, Google BigQuery, and Exponea).

The basis for processing such data is Article 6(1)(f) GDPR. Our legitimate interest in this case is the right to conduct analytical studies to determine the effectiveness of our operations and our right to improve our website, products, and services.

The data is collected automatically.

Retargeting/remarketing

Art. 6(1)(f) GDPR is the basis for processing this data. Our legitimate interest in this case includes the right to conduct analytical studies to determine the effectiveness of our activities and our right to improve our website, products, and services.

The data is collected automatically.

4. Sources of data collection

Data SourceData collection method and amount of data

Data collected directly from you (e.g., when you enter data to create an account or in contact forms, provide information about transaction details, when you write product reviews).

Data is provided by you when you purchase products (e.g., first and last name, address, shipping details, payment details, transaction details, products ordered, price, transaction date, payment methods, discounts provided or used), register for an account (e.g., login, email), contact us (e.g., information about your claims, complaints, returns, warranties), feedback you have left, or consent.

Data that we collect automatically (without your direct participation), including event logs.

Data is collected automatically by us when you use or otherwise interact with the Online Store and our website (for example, items and web pages viewed or selected by you, logs, your feedback, information about your device, IP address, information about errors that occurred during the HTTP transaction, the URL of the page previously visited by the User (referrer link) - if the transition to the Online Store website occurred via a link, information about the User's browser.

Data received from third parties (partners, social media providers)

We may also receive your personal information from other sources (for example, from partners with whom we jointly offer you goods and services or carry out joint marketing activities).

If you choose to create a user account on our online store or log in to our online store through a registered Facebook or Google account, your specific personal data will be shared with us at your request - more on this below:

How to create an accountPersonal data collected from third partiesData provider
Registration with a Facebook accountUsername (public profile), which is publicly available information; e-mailMeta
Registration with a Google accounte-mail, phone numberGoogle
Apple IDe-mail, phone numberApple

5. Categories of Data

If Data is collected directly from you, the categories of Data collected will be indicated when you provide us with such Data.

If the Data is collected by us automatically during your use of or other interaction with the Online Store, the Data may include the following:

  • Information about your interaction with the Online Store, including the products you browse or compare, the products you add to your cart, information about the date and time, as well as the type of interaction, information about the date and time of entry/exit from the Online Store website, and the web pages viewed;
  • Information about the date and time of logging in and out of the account and failed login attempts;
  • Information about specific products you have purchased (e.g., name, model, type, serial number);
  • Information about the device you use to interact with our online store, such as IP address, browser settings, and device information (e.g., IMEI).

6. Recipients of the Data. Third parties

The Data may be shared with our service providers and suppliers, such as IT service and solution providers, marketing agencies, legal entities involved in the fulfilment of your orders, such as courier or postal companies, our advisors, such as legal, tax or accounting advisors, or insurance brokers, banks, insurance companies, and other financial institutions, as well as service providers and co-operators, in particular those who facilitate payments, for example, in the case of card payments.

In addition, Data may be provided to courts and governmental authorities (e.g., tax authorities) if necessary to defend legal claims or exercise legal interests or if required by law.

7. Will the Data be transferred outside the European Economic Area?

Your data may be transferred to countries outside the European Economic Area with personal data protection standards different from those of the European Union. These countries may not provide an adequate level of protection for your data due to their failure to implement specific security measures.

If we transfer data to a third country for which the European Commission has not determined an adequate protection level, we will take appropriate measures to ensure that such transfers comply with applicable law, in particular, we will apply the proper security measures specified in Article 46(2)(c) and (d) GDPR or Article 49 (in particular, data transfers necessary for the performance of an agreement). You can obtain a copy of the relevant security measures by contacting us at the address in section 2 above.

In particular, the following data transfers may be made to countries outside the European Economic Area:

The third country to which the data may be transferredThe presence or absence of a European Commission decision on the adequacy of measures or a reference to a relevant or acceptable clause (e.g., Standard Contractual Clauses)
Ukraine Standard Contractual Clauses
USAStandard Contractual Clauses

8. Data Processing Period

We have implemented principles and methods that are compatible with the data minimisation principle provided by the GDPR rules so that we do not process unnecessary and redundant data. We strive to ensure that our database does not contain data that is not necessary for the correct performance of our obligations and the exercise of users' rights and freedoms.

We will store your data for the period necessary to collect this data. We will immediately delete your data upon the expiry of the legal basis for data processing.

The above means that, in essence:

  • The data provided by you to create an account in the Online Store will be processed for as long as you maintain your account and, after that, for the statutory limitation period for claims related to the maintenance of your account;
  • Data collected in connection with a specific order/agreement will be processed for the duration of the performance of the obligations under the order/agreement and for the statutory limitation period for any claims related to the order/agreement;
  • Data collected to fulfill the manufacturer's warranty will be processed for the duration of the warranty and after its expiration during the statutory limitation period for any claims related to the warranty.
  • The data collected for marketing purposes will be processed for the duration of the marketing activities, unless you object to data processing for these purposes in advance.
  • Data collected to send you a newsletter will be processed for the duration of the newsletter service and until you withdraw your consent to receive the newsletter.
  • The data collected to respond to your request/request will be processed until the request/request is fulfilled and within the statutory limitation period.
  • The data collected for analytical and statistical purposes will be processed for the period necessary to achieve the goals related to the effective functioning and development of the Online Store.
  • The Data that we collect automatically when you use or otherwise interact with the Online Store or its website will be stored for the period necessary to achieve the purpose of processing. If the Data is processed based on your consent, it will be stored no longer than until your consent is withdrawn.
  • Data that we process to establish, investigate, or defend claims will be processed for the period necessary to achieve this purpose, no longer than until the expiry of the statutory limitation period.
  • If the obligation to store data arises from the law (e.g., taxation and accounting rules), we will store the relevant data for the period provided for by the applicable provisions of the controller's national laws.

9. What rights do you have about the processing of your Data?

You have the right to withdraw your consent at any time (without explanation or justification) to process your Data for direct marketing purposes (e.g., newsletter), including profiling.

WARNING! To withdraw your consent, please get in touch with us at the address/email/phone number specified in section 2 above or, in the case of a newsletter, according to the instructions contained in the newsletter you receive. The withdrawal of your consent will not affect the lawfulness of the processing carried out prior to the withdrawal of consent.

Your rightAdditional information

Object to the processing of your Data (where the basis for processing is the controller's legitimate interest)

Right to withdraw consent (where consent is the basis for processing)

You have the right to object at any time, for reasons related to your particular situation, to the processing of your data for a specific purpose arising from our legitimate interests.

WARNING! In some cases, we may not be able to consider your objection because other legitimate grounds for processing override your interests, rights, and freedoms or if the processing is necessary to establish, exercise, or defend claims.

If your objection relates to the processing of data for marketing purposes, no justification is required from you, and such objection will be considered.

Right of access to data

You have the right to receive confirmation from us whether we are processing your Data, and if so, you have the right to receive information regarding the purpose of the processing, the categories of Data processed, the recipients of the Data, and the period of processing.

You also have the right to request copies of the processed data.

The right to request data rectification

You have the right to request data rectification if it is inaccurate or incomplete.

The right to request the erasure of the Data

You have the right to request the erasure of the Data, in particular:

  • if the Data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • you revoke the consent that is the basis for processing unless there is another legal basis for processing;
  • you object to the processing according to Article 21(1) GDPR, and there is no overriding legal basis for the processing, or you object to the processing by Article 21(2) GDPR;
  • the data was processed unlawfully.

WARNING! We may refuse to erase your data despite your request if one of the exceptions mentioned in the GDPR applies, e.g., if processing your data is necessary for the performance of our legal obligations or the establishment, investigation, or defense of legal claims.

The right to request restriction of processing

You have the right to request restriction of processing in the following cases:

  • you dispute the accuracy of the Data - in this case, you may request a restriction for a period to allow us to verify the accuracy of the Data;
  • the processing is unlawful and you object to the erasure of the Data and instead request a restriction of its use;
  • we no longer need the Data for processing, but you need it to establish, investigate, or defend against legal claims;
  • you have objected to the processing according to Article 21(1) GDPR while verifying whether our legitimate grounds override yours.

Right to request data portability

You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit this Data to another controller without hindrance from us, if the processing is based on your consent or a contract and if the processing is carried out by automated means.

You have the right to have the Data transmitted directly from us to the other controller, where technically feasible.

The possibility of exercising the above rights may depend on the basis on which a particular category of Data is processed and the conditions set out in the GDPR. If your request is not fulfilled, you will receive a response together with the reasons for the refusal.

You also have the right to complain to the supervisory authority, which in Poland is the Head of the Office for Personal Data Protection https://uodo.gov.pl/

10. Automated decision-making. Profiling

We may use an automated decision-making mechanism to analyse reviews and comments posted by you on our website to block customer reviews/comments (e.g., those containing offensive language). In such a case, you may contact our call center (Customer Service Centre) to exercise your right to express your opinion and/or appeal such a decision.

We may use your Data to create your customer profile for direct marketing purposes, in particular, to personalise the advertising displayed to you.

We may also use your Data to provide you with personalised offers.

11. Security.

We take great care to ensure that your data is kept secure, including:

  • we carry out the necessary risk analysis for the data processing operations or categories of data,
  • we conduct data protection impact assessments where the risk of violation of the rights and freedoms of individuals is high due to the nature of the data or the place of storage,
  • we adapt data protection measures to the level of identified risks,
  • we have internal procedures for managing information security,
  • we use procedures that allow us to identify, evaluate, and report detected data breaches to the Personal Data Protection Office - Incident Management.

If you notice or suspect a breach of your data protection or the rules for the safe operation of our online store website, please report such an incident immediately at info@interatletika.pl. , marked "Personal Data" or "Incident".

12. Changes to this Privacy Policy

We will regularly review this Privacy Policy and make changes to it when necessary or desirable due to new regulations, new guidelines of regulatory authorities overseeing data protection processes, and best practices applied in the field of data protection. We also reserve the right to change this Privacy Policy in the event of a change in the technology with which we process data (if the change affects the wording of this Privacy Policy), as well as in the event of a change in the ways, purposes or legal grounds for our data processing.