Privacy policy
| PRIVACY POLICY | ||||||||||
| 1. | This Privacy Policy defines the principles for the processing of personal data obtained through the online store 2407.pl (hereinafter referred to as the "Online Store"). | |||||||||
| 2. | The owner of the Online Store and at the same time the data administrator is 2407.PL sp. z o.o., based in Reguły (05-820), ul. Elizy Orzeszkowej 1C, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number 0000807732, with a share capital of 50,000 PLN, NIP: 5223169715, REGON: 384581210, hereinafter referred to as 2407.PL sp. z o.o.. | |||||||||
| 3. | Personal data collected by 2407.PL sp. z o.o. via the Online Store is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR. | |||||||||
| 4. | 2407.PL sp. z o.o. takes special care to respect the privacy of Customers visiting the Online Store. | |||||||||
| § 1 Type of processed data, purposes, and legal basis | ||||||||||
| 1. | 2407.PL sp. z o.o. collects information regarding individuals performing a legal action not directly related to their business activity, individuals conducting business or professional activity on their own behalf, and individuals representing legal entities or organizational units not being legal entities to which the law grants legal capacity, hereinafter collectively referred to as Customers. | |||||||||
| 2. | Customer personal data is collected in the following cases: | |||||||||
| a) | account registration in the Online Store, for the purpose of creating an individual account and managing it. Legal basis: necessity to perform the contract for the provision of the Account service (art. 6 para. 1 lit. b GDPR); | |||||||||
| b) | placing an order in the Online Store, for the purpose of executing the sales contract. Legal basis: necessity to perform the sales contract (art. 6 para. 1 lit. b GDPR); | |||||||||
| c) | using the service to submit a review, for the purpose of executing the contract whose subject is the service provided electronically. Legal basis - necessity to perform the contract for the provision of the review submission service (art. 6 para. 1 lit. b GDPR). | |||||||||
| d) | using the chat service, for the purpose of executing the contract whose subject is the service provided electronically. Legal basis: necessity to perform the contract for the provision of the chat service (art. 6 para. 1 lit. b GDPR); | |||||||||
| e) | customer satisfaction surveys. Legal basis: necessity of processing to fulfill the legitimate interest of 2407.PL sp. z o.o., which involves ensuring and maintaining high-quality service and customer satisfaction with products and services (art. 6 para. 1 lit. f GDPR). | |||||||||
| 3. | In the case of account registration in the Online Store, the customer provides: | |||||||||
| a) | email address; | |||||||||
| b) | first name and last name; | |||||||||
| c) | phone number. | |||||||||
| 4. | During the account registration in the Online Store, the customer sets an individual password for their account. The customer may change the password later, according to the rules described in §6. | |||||||||
| 5. | In the case of placing an order in the Online Store, the customer provides the following data: | |||||||||
| a) | email address; | |||||||||
| b) | address data: | |||||||||
| a. | postal code and city; | |||||||||
| b. | country (nation); | |||||||||
| c. | street along with house/apartment number. | |||||||||
| c) | first and last name; | |||||||||
| d) | phone number. | |||||||||
| 6. | In the case of Entrepreneurs, the above data is additionally extended by: | |||||||||
| a) | Entrepreneur's company; | |||||||||
| b) | tax identification number (NIP). | |||||||||
| 7. | In the case of using the service "post a review", the client provides the following data: | |||||||||
| a) | email address; | |||||||||
| b) | first name. | |||||||||
| 8. | In the case of using the free chat service to contact a consultant, the Client may provide the following data: | |||||||||
| a) | email address; | |||||||||
| b) | first name; | |||||||||
| c) | phone number. | |||||||||
| 9. | In the case of customer satisfaction surveys, 2407.PL sp. z o.o. processes the following data: | |||||||||
| a) | email address; | |||||||||
| b) | order number. | |||||||||
| 10. | While using the Website of the Store, additional information may be collected, including: IP address assigned to the Client's computer or the external IP address of the Internet service provider, domain name, browser type, access time, operating system type. | |||||||||
| 11. | Navigation data may also be collected from Clients, including information about the links and references they choose to click on or other activities performed in the Online Store. Legal basis - legitimate interest (art. 6 sec. 1 lit. f GDPR), aiming to facilitate the use of electronically provided services and improve the functionality of these services. | |||||||||
| 12. | In order to establish, pursue, and enforce claims, certain personal data provided by the Client while using the functionality of the Online Store may be processed, such as: first name, last name, data regarding the use of services, if the claims arise from the way the Client uses the services, and other data necessary to prove the existence of the claim, including the extent of the incurred damage. Legal basis - legitimate interest (art. 6 sec. 1 lit. f GDPR), aiming to establish, pursue, and enforce claims as well as defend against claims in proceedings before courts and other public authorities. | |||||||||
| 13. | The provision of personal data to 2407.PL sp. z o.o. is voluntary in connection with the sales contracts or the provision of services through the Website of the Online Store, with the reservation that not providing the specified data in the registration forms during the Registration process prevents Registration and the creation of the Client's Account, and in the case of placing an order without Client Account Registration, it prevents placing and fulfilling the Client's order. | |||||||||
| § 2 Who are the data shared or entrusted to and how long are they stored? | ||||||||||
| 1. | Customer's personal data is passed on to the service providers used by 2407.PL sp. z o.o. for operating the Online Store. The service providers to whom personal data is provided either follow the instructions of 2407.PL sp. z o.o. regarding the purposes and methods of processing these data (data processors), or independently determine the purposes and methods of processing the data (data controllers). | |||||||||
| a) | Data processors. 2407.PL sp. z o.o. uses service providers who process personal data exclusively on the instructions of 2407.PL sp. z o.o. These include, among others, service providers for hosting, accounting services, marketing systems, customer satisfaction survey systems, traffic analysis in the Online Store, and systems for analyzing the effectiveness of marketing campaigns; | |||||||||
| b) | Data controllers. 2407.PL sp. z o.o. uses service providers who do not act exclusively on instructions and determine the purposes and methods of using the personal data of customers. These include providers of electronic payment and banking services. | |||||||||
| 2. | Location. Service providers are located in Poland and other countries within the European Economic Area (EEA). | |||||||||
| 3. | Customer's personal data is retained: | |||||||||
| a) | In the case where the basis for processing personal data is consent, personal data of the customer is processed by 2407.PL sp. z o.o. as long as the consent is not revoked, and after the revocation of consent for a period corresponding to the statute of limitations for claims that 2407.PL sp. z o.o. may raise and those that may be raised against it. Unless a specific provision states otherwise, the limitation period is six years, and for claims related to periodic benefits and claims associated with running a business – three years. | |||||||||
| b) | In the case where the basis for processing data is the performance of a contract, the customer's personal data is processed by 2407.PL sp. z o.o. as long as necessary for the performance of the contract, and after that for a period corresponding to the statute of limitations for claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims related to periodic benefits and claims associated with running a business – three years. | |||||||||
| 4. | In the case of a purchase in the Online Store, personal data may be transferred, depending on the Customer's choice, to the following entities for the purpose of delivering the ordered goods: | |||||||||
| a) | Courier company; | |||||||||
| b) | InPost Paczkomaty Sp. z o.o. based in Krakow, providing delivery services and handling the postal locker system (Paczkomaty). | |||||||||
| 5. | In the case that the Customer chooses to pay via the imoje system, their personal data is transferred to the extent necessary for the payment to ING Bank Śląski S.A. based in Katowice (40-086), at Sokolna 34 Street, registered in the business register maintained by the District Court Katowice - East in Katowice, 8th Economic Department of the National Court Register under number KRS 0000005459. | |||||||||
| 6. | Navigational data may be used to ensure better service for Customers, analyze statistical data, and tailor the Online Store to Customer preferences, as well as administer the Online Store. | |||||||||
| 7. | If requested, 2407.PL sp. z o.o. provides personal data to authorized state authorities, particularly the organizational units of the Prosecutor's Office, Police, President of the Personal Data Protection Office, President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications. | |||||||||
| § 3 Cookie Mechanism, IP Address | ||||||||||
| 1. | The Online Store uses small files called cookies. They are saved by 2407.PL sp. z o.o. on the device of the person visiting the Online Store, if the web browser allows it. A cookie file usually contains the domain name from which it originates, its "expiration time", and a randomly selected individual number identifying this file. Information collected through these files helps tailor the products offered by 2407.PL sp. z o.o. to the individual preferences and real needs of visitors to the Online Store. They also enable the development of general statistics on the visits to presented products in the Online Store. | |||||||||
| 2. | 2407.PL sp. z o.o. uses two types of cookies: | |||||||||
| a) | Session Cookies: after the session of the given browser ends or the computer is turned off, the saved information is removed from the device's memory. The session cookie mechanism does not allow any personal data or confidential information to be retrieved from the Customers' computers. | |||||||||
| b) | Persistent Cookies: they are stored in the memory of the customer's device and remain there until they are deleted or expired. The persistent cookie mechanism does not allow any personal data or confidential information to be retrieved from the Customers' computers. | |||||||||
| 3. | 2407.PL sp. z o.o. uses its own cookies for the following purposes: | |||||||||
| a) | authenticating the Customer in the Online Store and maintaining the Customer session in the Online Store (after logging in), which allows the Customer not to re-enter the login and password on every page of the Online Store; | |||||||||
| b) | for analysis, research, and audience auditing, and particularly for creating anonymous statistics that help understand how Customers use the Store's Website, enabling the improvement of its structure and content. | |||||||||
| 4. | 2407.PL sp. z o.o. uses external cookies for the following purposes: | |||||||||
| a) | presentation of the Reliable Regulations Certificate via the website rzetelnyregulamin.pl (administrator of the external cookie: Rzetelna Grupa sp. z o.o. with its registered office in Warsaw); | |||||||||
| b) | presentation of reviews on the Store's website pages, which are retrieved from the external service opineo.pl (administrator of the external cookie: Opineo Sp. z o.o. with its registered office in Wrocław); | |||||||||
| 5. | The cookie mechanism is safe for the computers of the Online Store's Customers. In particular, it is not possible for viruses, unwanted software, or malicious software to penetrate Customers' computers through this mechanism. However, Customers can limit or disable access to cookies on their computers through their browsers. In the case of using this option, access to the Online Store will still be possible, except for functions that, by nature, require cookies. | |||||||||
| 6. | Below is how to change the settings of popular web browsers regarding the use of cookies: | |||||||||
| a) | browser Internet Explorer; | |||||||||
| b) | browser Microsoft EDGE; | |||||||||
| c) | browser Mozilla Firefox; | |||||||||
| d) | browser Chrome and Chrome Mobile; | |||||||||
| e) | browser Safari and Safari Mobile; | |||||||||
| f) | browser Opera. | |||||||||
| 7. | 2407.PL sp. z o.o. may collect IP addresses of Customers. An IP address is a number assigned to a person's computer by the internet service provider when visiting the Online Store. The IP number allows access to the Internet. In most cases, it is assigned to the computer dynamically, meaning it changes with every connection to the Internet. The IP address is used by 2407.PL sp. z o.o. to diagnose technical problems with the server, create statistical analyses (e.g., determining from which regions we record the most visits), as information useful for administering and improving the Online Store, as well as for security purposes and potential identification of unwanted automatic programs that overload the server and view the content of the Online Store. | |||||||||
| 8. | The Online Store contains links and references to other websites. 2407.PL sp. z o.o. is not responsible for the privacy policies applicable on those sites. | |||||||||
| § 4 Rights of individuals whose data are processed | ||||||||||
| 1. | Right to withdraw consent - legal basis: Art. 7, paragraph 3 of the GDPR. | |||||||||
| a) | The customer has the right to withdraw any consent they have given to 2407.PL sp. z o.o.. | |||||||||
| b) | The withdrawal of consent takes effect from the moment of withdrawal. | |||||||||
| c) | The withdrawal of consent does not affect the processing carried out by 2407.PL sp. z o.o. in accordance with the law before its withdrawal. | |||||||||
| d) | The withdrawal of consent does not result in any negative consequences for the customer, but it may prevent further use of services or functionalities that, by law, 2407.PL sp. z o.o. can provide only with consent. | |||||||||
| 2. | Right to object to data processing - legal basis: Art. 21 of the GDPR. | |||||||||
| a) | The customer has the right to object at any time - for reasons related to their particular situation - to the processing of their personal data, including profiling, if 2407.PL sp. z o.o. processes their data based on a legitimate interest, e.g., marketing of products and services of 2407.PL sp. z o.o., conducting statistics on the use of specific functionalities of the Online Store, facilitating the use of the Online Store, as well as satisfaction surveys. | |||||||||
| b) | Opting out via email from receiving marketing messages about products or services will signify the customer's objection to the processing of their personal data, including profiling for these purposes. | |||||||||
| c) | If the customer's objection is justified and 2407.PL sp. z o.o. has no other legal basis for processing the personal data, the customer's personal data will be deleted, with respect to which the customer raised the objection. | |||||||||
| 3. | Right to erasure of data (“right to be forgotten”) - legal basis: Art. 17 of the GDPR. | |||||||||
| a) | The customer has the right to request the deletion of all or some of their personal data. | |||||||||
| b) | The customer has the right to request the deletion of personal data if: | |||||||||
| a. | the personal data is no longer necessary for the purposes for which it was collected or processed; | |||||||||
| b. | the customer has withdrawn their consent, to the extent that the personal data was processed based on their consent; | |||||||||
| c. | the customer has objected to the use of their data for marketing purposes; | |||||||||
| d. | the personal data is being processed unlawfully; | |||||||||
| e. | the personal data must be erased in order to comply with a legal obligation under Union law or the law of the Member State to which 2407.PL sp. z o.o. is subject; | |||||||||
| f. | the personal data was collected in connection with offering information society services. | |||||||||
| c) | Despite the request for the deletion of personal data, in relation to an objection or withdrawal of consent, 2407.PL sp. z o.o. may retain certain personal data to the extent necessary for the establishment, exercise, or defense of legal claims, as well as to comply with a legal obligation requiring processing under Union law or the law of the Member State to which 2407.PL sp. z o.o. is subject. This particularly applies to personal data including: name, surname, email address, which is retained for the purposes of addressing complaints and claims related to the use of services of 2407.PL sp. z o.o., or additionally the residential/address for correspondence, order number, which is retained for the purposes of addressing complaints and claims related to concluded sales contracts or service provision. | |||||||||
| 4. | Right to restriction of processing of data - legal basis: Art. 18 GDPR. | |||||||||
| a) | The customer has the right to request the restriction of processing of their personal data. Submitting such a request, until it is resolved, will prevent the use of certain functionalities or services that involve the processing of data covered by the request. 2407.PL sp. z o.o. will also not send any communications, including marketing messages. | |||||||||
| b) | The customer has the right to request the restriction of the use of personal data in the following cases: | |||||||||
| a. | when the accuracy of their personal data is disputed - in which case 2407.PL sp. z o.o. restricts the use of the data for as long as necessary to verify its accuracy, but no longer than 7 days; | |||||||||
| b. | when the processing of data is unlawful, and instead of deleting the data, the customer requests the restriction of its use; | |||||||||
| c. | when personal data is no longer necessary for the purposes for which it was collected or used, but is required by the customer for the establishment, exercise, or defense of legal claims; | |||||||||
| d. | when the customer has objected to the use of their data – in which case the restriction occurs for as long as necessary to consider whether, due to the particular situation, the protection of the customer's interests, rights, and freedoms outweighs the interests pursued by the administrator in processing the customer's personal data. | |||||||||
| 5. | Right of access to data - legal basis: Art. 15 GDPR. | |||||||||
| a) | The customer has the right to obtain confirmation from the administrator whether personal data is being processed, and if so, the customer has the right to: | |||||||||
| a. | access their personal data; | |||||||||
| b. | obtain information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of these data, the planned retention period of the customer's data, or the criteria for determining that period (if it is not possible to determine the planned period of data processing), the rights granted to the customer under the GDPR, the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making including profiling, and the safeguards applied in relation to the transfer of these data outside the European Union; | |||||||||
| c. | to obtain a copy of their personal data. | |||||||||
| 6. | Right to Rectification - legal basis: Article 16 of the GDPR. | |||||||||
| a) | The Client has the right to request from the Administrator the immediate rectification of any incorrect personal data. Taking into account the purposes of processing, the Client, whose data is concerned, has the right to request the completion of incomplete personal data, including by providing an additional statement, by sending a request to the email address in accordance with §7 of the Privacy Policy. | |||||||||
| 7. | Right to Data Portability - legal basis: Article 20 of the GDPR. | |||||||||
| a) | The Client has the right to receive their personal data provided to the Administrator and subsequently transmit it to another data controller of their choice. The Client also has the right to request that the personal data be sent directly by the Administrator to such a controller, if technically feasible. In such a case, the Administrator will send the personal data of the Client in a CSV file format, which is widely used, machine-readable, and allows the transfer of received data to another data controller. | |||||||||
| 8. | In the event the Client exercises their rights resulting from the above rights, 2407.PL sp. z o.o. will fulfill the request or refuse to fulfill it promptly, no later than within one month of receiving it. If, however, due to the complex nature of the request or the number of requests, 2407.PL sp. z o.o. is unable to fulfill the request within one month, it will do so within the following two months, informing the Client within one month of receiving the request about the intended extension of the deadline and its reasons. | |||||||||
| 9. | The Client may submit complaints, inquiries, and requests to the Administrator regarding the processing of their personal data and the exercise of their rights. | |||||||||
| 10. | The Client has the right to request from 2407.PL sp. z o.o. a copy of the standard contractual clauses by directing the inquiry in the manner specified in §7 of the Privacy Policy. | |||||||||
| 11. | The Client has the right to lodge a complaint with the President of the Personal Data Protection Office regarding any violation of their rights to the protection of personal data or other rights granted under the GDPR. | |||||||||
| § 5 Services tailored to preferences and interests (profiling) | ||||||||||
| 1. | Profiling means any form of automated Processing of Personal Data, which involves using Personal Data to assess certain personal aspects of an Individual, particularly to analyze or predict aspects concerning the performance of that Individual, their economic situation, health, personal preferences, interests, reliability, behavior, location, or movement. | |||||||||
| 2. | Personal data of Clients may be processed in an automated manner (profiling); however, this will not have any legal consequences for them or similarly significantly affect the situation of Clients. | |||||||||
| 3. | Profiling of personal data by 2407.PL sp. z o.o. involves the automated and manual processing of Clients' data, using it to assess certain information about the Client, particularly to analyze or predict their personal preferences and interests. | |||||||||
| 4. | In order to reach the Client with marketing messages outside the Online Store's Website, 2407.PL sp. z o.o. uses the services of external providers. These services involve displaying marketing messages on websites other than the Online Store's Website. For this purpose, external providers install, for example, the appropriate code or pixel to collect information about the Client's activity on the Online Store's Website. Details regarding the cookies used are in §3. Legal basis - legitimate interest (art. 6 para. 1 lit. f GDPR), consisting of tailoring marketing messages to preferences and interests. | |||||||||
| 5. | In order to reach the Client with marketing messages through the Online Store's Website, 2407.PL sp. z o.o. uses the services of external providers. These services involve displaying marketing messages on the Online Store's Websites. For this purpose, external providers install, for example, the appropriate code or pixel to collect information about the Client's activity on the Online Store's Website. Details regarding the cookies used are in §3. Legal basis - legitimate interest (art. 6 para. 1 lit. f GDPR), consisting of tailoring marketing messages to preferences and interests. | |||||||||
| 6. | In order to reach the Client with marketing messages through the Online Store's Website, 2407.PL sp. z o.o. uses its own cookie mechanisms to collect information about the Client's activity on the Online Store's Website. Details regarding the cookies used are in §3. Legal basis - legitimate interest (art. 6 para. 1 lit. f GDPR), consisting of tailoring marketing messages to preferences and interests. | |||||||||
| § 6 Security Management - Password | ||||||||||
| 1. | 2407.PL sp. z o.o. ensures secure and encrypted connections when transmitting personal data and when logging into the Client Account in the Service. 2407.PL sp. z o.o. uses an SSL certificate issued by one of the leading global companies in data security and encryption over the Internet. | |||||||||
| 2. | If a Client with an account in the Online Store loses their access password in any way, the Online Store allows for the generation of a new password. 2407.PL sp. z o.o. does not send password reminders. The password is stored in encrypted form, making it impossible to read. To generate a new password, the Client must provide their phone number in the form available under the "Forgot Password" link next to the login form to the account in the Online Store. The Client will receive an SMS with a code to assign a new password. The password change is possible if the Client enters the confirmation code received via SMS on the provided phone number and enters the new password twice. | |||||||||
| 3. | 2407.PL sp. z o.o. never sends any correspondence, including electronic correspondence, asking for login data, especially the access password to the Client's account. | |||||||||
| § 7 Changes to the Privacy Policy | ||||||||||
| 1. | The Privacy Policy may change, and 2407.PL sp. z o.o. will inform Clients in advance 7 days before any changes. | |||||||||
| 2. | For questions related to the Privacy Policy, please contact: [email protected] | |||||||||
| 3. | Last modified: 01.01.2023 | |||||||||
Privacy Policy - Download