Privacy Policy
PRIVACY POLICY
warter.shop
§ 1 General provisions
-
The administrator of personal data of the users of the website located under the domain www.warter.shop is WARTER FUELS SPÓŁKA AKCYJNA, with its registered seat in Warsaw (02-967) at 60 Koralowa Street, 02-967 Warsaw (delivery address: ul. Chemików 5, 09-411 Płock), entered in the National Register of Entrepreneurs kept by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number: 0000287699, NIP: 7740001431, REGON: 1411387300 (hereinafter: “Administrator”).
-
Contact with the Administrator is possible:
(1) at e-mail address: info@warter.shop,
(2) in writing, to the Administrator’s address: 5 Chemików Street, 09-411 Plock.
(3) using the contact form, located on the site (if provided).
-
The purpose of the Policy is to define the activities undertaken with respect to personal data collected through the Administrator’s website and related services and tools used by its users, as well as in the activity of entering into and performing contracts in contact outside the website.
-
If necessary, the provisions of this Policy may be changed. The change will be communicated to the users by announcing the new content of the Policy, and in the case of the base of persons who have consented to the processing of data by e-mail or provided e-mail data in the execution of contracts, they will also be notified of the change by e-mail.
§ 2 Basis for processing, purposes and storage of personal data
-
Users’ personal data shall be processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act of 10.05.2018 and the Electronic Services Act of 18.07.2002, as amended above.
-
The Administrator may collect the following data for the following purposes:
Purpose of data processing |
Legal basis processing and data retention period |
Scope of data processed |
Performing a contract with the customer or taking action at the request of the data subject prior to the conclusion of the aforementioned contracts |
Article 6(1)(b) of the RODO Regulation (performance of a contract). The data is kept for the period necessary for the execution, termination or otherwise expiration of the concluded contract. |
|
Direct marketing |
Article 6(1)(f) of the RODO Regulation (legitimate interest of the Administrator). Data shall be stored for the period of existence of the legitimate interest pursued by the Administrator, but no longer than the period of the statute of limitations for claims against the data subject for the Administrator’s business activities. The Administrator may process data for direct marketing purposes only after obtaining consent and in the absence of an objection from the data subject. |
|
Marketing |
Article 6(1)(a) of the RODO Regulation (consent). Data is stored until the data subject withdraws his consent to further processing of his data for this purpose. |
|
Expression of opinion by the customer |
Article 6(1)(a) of the RODO Regulation. Data is stored until the data subject withdraws his consent to further processing of his data for this purpose. |
|
Bookkeeping |
Article 6(1)(c) of the RODO Regulation in conjunction with Article 86(1) of the Tax Ordinance i.e. dated January 17, 2017. (Journal of Laws of 2017, item 201) or Article 74(2) of the Accounting Act, i.e. of January 30, 2018. (Journal of Laws of 2018, item 395) The data shall be kept for the period required by law ordering the Administrator to keep tax books (until the expiration of the statute of limitations on tax liability, unless otherwise provided by tax laws) or accounting books (5 years, counting from the beginning of the year following the fiscal year to which the data refer). |
|
Determining, asserting or defending claims that the Administrator may assert or that may be asserted against the Administrator |
Article 6(1)(f) of the RODO Regulation. Data shall be kept for the period of existence of the legitimate interest pursued by the Administrator, but no longer than the period of the statute of limitations for claims against the data subject for the Administrator’s business activities. |
|
Conduct research and analysis to improve the performance of available services |
Article 6(1)(f) of the RODO Regulation. Data shall be kept for the period of existence of the legitimate interest pursued by the Administrator, but no longer than the period of the statute of limitations for claims against the data subject for the Administrator’s business activities. |
|
-
Users’ personal data shall be stored for no longer than necessary to achieve the purpose of processing, i.e. until the withdrawal of consent if processing is based on such consent, until the statute of limitations for claims of the Administrator and the other party regarding the performance of concluded contracts (in the case of sales/service contracts, 2 years, counting to the end of the year), and until the execution of an inquiry directed by e-mail or the completion of the processing of complaints.
-
To the extent necessary for the proper functioning of the website, its functionality and the proper execution of payment operations (if such is carried out by the website), the website uses the User’s metadata. Metadata should be understood as the process of reading and recognizing by the site’s computer system the configuration and components of the computer used by the user in order to adjust the site to its capabilities and establish a secure connection between the user’s computer and the site. Importantly, such metadata cannot lead to the identification of the User, as well as are not in any way harmful to the data stored on the computer. Nevertheless, the User has the right to withdraw consent to the processing of metadata at any time by configuring his/her browser accordingly or downloading the appropriate plug-in provided by the browser manufacturer. To do so, consult the software manufacturer and its recommendations.
-
Users’ personal data, obtained due to the performance of the user account contract, are stored for a period of 2 years from the last purchase made through it and no longer than 3 years from that activity based on and subject to the terms and conditions.
-
The Administrator may use profiling for direct marketing purposes, but decisions made on its basis by the Administrator do not relate to the conclusion or refusal of a contract or the possibility of using electronic services. The effect of the use of profiling may be, for example, to grant a person a discount, send him/her a discount code, remind him/her of unfinished purchases, send a proposal for a product that may match the person’s interests or preferences, or offer better terms compared to a standard offer. Despite the profiling, it is the person who freely decides whether he or she will want to take advantage of the discount or better terms received in this way and make a purchase. Profiling involves the automatic analysis or prediction of a person’s behavior on the Administrator’s website, e.g. by adding a particular product to the shopping cart, browsing the page of a particular product, or by analyzing the previous history of activity on the website. The condition for such profiling is that the Administrator has the personal data of the person in question in order to be able to then send him/her, for example, a discount code.
-
To the extent necessary for the proper functioning of the website, its functionality, the website may, during the User’s use of the website, collect other information, including but not limited to:
-
IP address;
-
device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g. Apple Identifier for Advertising [“IDFA”] or advertising identifier on an Android device [“AAID”]),
-
type of platform,
-
settings and components,
-
browser data, including browser type and preferred language;
-
Taking into account the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and severity, the Administrator shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with the Regulation and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent unauthorized persons from obtaining and modifying, personal data sent electronically.
§ 3 Data sharing
-
The administrator shall ensure that any personal information collected is used to fulfill obligations to users. This information will not be shared with third parties except when:
-
the express consent of the data subjects to do so is given in advance, or
-
if the obligation to provide such data is or will be imposed by applicable law, such as to law enforcement agencies.
-
-
In addition, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
-
-
service providers supplying the Administrator with technical, IT and organizational solutions enabling the Administrator to conduct its business, including the website and electronic services provided through it (in particular, computer software providers, marketing agencies, email and hosting providers, software providers for managing the business and providing technical support to the Administrator, and product delivery operator) – the Administrator shall make the collected personal data of the Client available to the selected provider acting on its behalf only in the case and to the extent necessary to realize the given purpose of data processing in accordance with this privacy policy.
-
providers of accounting, legal and advisory services that provide accounting, legal or advisory support to the Administrator (in particular, an accounting firm, law firm or debt collection company) – the Administrator shall make the collected personal data of the Client available to the selected provider acting on the Administrator’s order only if and to the extent necessary to realize the given purpose of data processing in accordance with this Privacy Policy.
-
-
The Administrator may share anonymized data (i.e., data that does not identify specific Users) with third-party service providers in order to better identify the attractiveness of advertisements and services to Users, and in this regard, due to the location of software providers, data may be transferred – subject to the principles of their protection – to third countries, however, providing standard contractual provisions approved by the European Commission for the processing of personal data or having the appropriate authority to do so on the basis of bilateral agreements for the entrustment of data processing between the European Union and the third country in question, while not being a member of the European Economic Area. These entities in the case of the Administrator are:
-
Google LLC. (Headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze Web site statistics, Google Tag manager: used to manage scripts by easily adding code snippets to a site or application and to track actions performed by users on a Web site, Google Ads used to display sponsored links in Google’s search engine results and on collaborative sites under the Google AdSense program,
-
Meta Platforms, Inc. (headquartered at 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build a targeted audience list for future advertising.
-
The Administrator’s website may use the functionality of Google Analytics, a web audience analysis service provided by Google, LLC. (“Google”). Google Analytics uses cookies to help website operators analyze how visitors use the website. The information generated by the cookie about visitors’ use of the website is generally transmitted to and stored by Google on servers in the United States. In accordance with current IT standards, the IP addresses of users visiting the Administrator’s website are abbreviated. Only in exceptional cases is the complete IP address transferred to a Google server in the United States and shortened there. On behalf of the Administrator, Google will use this information to evaluate the website for its users, to compile reports on website traffic and to provide other services related to website traffic and Internet usage for website operators. In doing so, Google will not associate the IP address submitted as part of Google Analytics with any other data in its possession. For more information on how Google Analytics collects and uses data, please visit Google’s official website at: www.google.com/policies/privacy/partners. In addition, any User can prevent Google from collecting and processing data about his/her use of the website by downloading and installing a browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.
-
(5) The Administrator, when sharing data with third parties, shall make every effort to do so only with entities certified under the (former) EU-U.S. and Switzerland-U.S. Privacy Shield programs, which are available at www.privacyshield.gov. Such entities, when handling information originating in the European Economic Area (EEA), shall do so in accordance with the Accountability for Onward Transfer principle of the Privacy Shield program. Where applicable, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the July 16, 2020 decision of the Court of Justice of the European Union with respect to the EU-US Privacy Shield and the European Data Protection Board guidelines, the Administrator continues to assess the legal regime of the countries to which data is transferred and, where necessary, updates measures to ensure adequate levels of protection.
§ 4 User’s rights
-
A user whose personal data is processed has the right to:
-
access, rectification, restriction, erasure or portability – the data subject has the right to request from the Controller access to his/her personal data, rectification, erasure (“right to be forgotten”) or restriction of processing, and has the right to object to processing, and has the right to portability of his/her data. The detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the RODO Regulation.
-
revoke consent at any time – a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the RODO Ordinance), then he/she has the right to revoke consent at any time without affecting the legality of the processing performed on the basis of consent before its revocation.
-
lodge a complaint to a supervisory authority – a person whose data is processed by the Administrator has the right to lodge a complaint to a supervisory authority in the manner and mode specified in the provisions of the RODO Ordinance and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection in Warsaw.
-
objection – The data subject has the right to object at any time – for reasons related to his or her particular situation – to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. In such a case, the controller shall no longer be allowed to process such personal data, unless the controller demonstrates the existence of compelling legitimate grounds for the processing overriding the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims.
-
objection to direct marketing – if personal data are processed for the purposes of direct marketing (based on the legitimate interests of the Controller, not on the basis of the data subject’s consent), the data subject shall have the right to object at any time to the processing of personal data concerning him or her for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
-
Exercise of the above rights is carried out on the basis of the user’s request sent to the e-mail address info@warter.shop. Such a request should include the name and surname of the user.
-
The user shall ensure that the data provided or published by him on the site is correct.
§ 5 Cookies
-
“Cookies” should be understood as IT data, in particular text files, stored on the users’ terminal devices (usually on the computer’s hard drive or mobile device) for the purpose of saving certain settings and data by the user’s browser in order to use the websites. These cookies allow to recognize the user’s device and display the website accordingly, providing comfort during its use. The storage of “cookies” therefore allows the website and the offer to be properly prepared for the user’s preferences – the server recognizes the user and remembers preferences such as visits, clicks, previous actions, among others.
-
“Cookies” contain, in particular, the domain name of the website from which they originate, the time they are stored on the terminal device and a unique number used to identify the browser from which the connection to the website is made.
-
“Cookies” are used for:
-
-
adapting the content of the websites to the user’s preferences and optimizing the use of the websites,
-
to create anonymous statistics which, by helping to determine how the user uses the websites, make it possible to improve their structure and content,
-
to provide site users with advertising content tailored to their interests.
-
Cookies are not used to identify the user, and the user’s identity is not established from them.
-
The main division of “cookies” is their distinction into:
-
Necessary “cookies” – are absolutely necessary for the proper functioning of the website or the functionality you wish to use, as without them we could not provide many of the services we offer. Some of them also ensure the security of the services we provide electronically.
-
Cookies of a functional nature – are important for the operation of the website due to the fact that:
– serve to enrich the functionality of the websites; without them, the website will work properly, but will not be customized to the user’s preferences,
– serve to ensure a high level of website functionality; without them, the level of website functionality may decrease, but their absence should not prevent you from using the website completely,
– serve the majority of website functionality; blocking them will result in selected functions not working properly.
-
Business “cookies” – enable the business model on the basis of which the website is provided; blocking them will not make all functionality unavailable, but may reduce the level of service provision due to the website owner’s inability to realize revenues that subsidize its operation. This category includes, for example, advertising “cookies”.
-
“Cookies” for website configuration – allow you to set functions and services on websites.
-
Cookies for security and reliability of websites – enable verification of authenticity and optimization of website performance.
-
Authentication “cookies” – enable information when a user is logged in so that the website can show relevant information and features.
-
Session research “cookies” – allow recording information about how users use the website. They may relate to the most visited pages or possible error messages displayed on certain pages. The “cookies” used to record the so-called “session state” help improve services and enhance the browsing experience.
-
“Cookies” for studying the processes taking place on the site – they enable the smooth operation of the website and the functions available on it.
-
Ad serving “cookies” – allow displaying ads that are more interesting for users and at the same time more valuable for publishers and advertisers; “cookies” can also be used to personalize advertising, as well as to display ads outside the websites.
-
Location-accessing “cookies” – allow the information displayed to be tailored to the user’s location.
-
Analytics, research or audience auditing “cookies” – allow the website owner to better understand the preferences of its users and, through analysis, improve and develop products and services. Typically, the website owner or research company collects information anonymously and processes trend data without identifying the personal data of individual users.
-
The use of “cookies” in order to adapt the content of the websites to the user’s preferences does not, in principle, imply the collection of any information that allows the user to be identified, although this information may sometimes have the nature of personal data, that is, data that allow the attribution of certain behaviors to a specific user. Personal data collected using “cookies” may be collected solely for the purpose of performing certain functions for the user. Such data are encrypted in a way that prevents access by unauthorized persons.
-
Cookies used by this site are not harmful either to the user or to the terminal device used by the user, so in order for the site to function properly it is recommended not to disable them in browsers. In many cases, web browsing software (web browser) allows by default to store information in the form of “cookies” and other similar technologies on the user’s terminal device. The user can change the browser’s use of “cookies” at any time. To do this, change the browser settings. How to change the settings varies depending on the software (web browser) you use. You will find relevant instructions on the subpages, depending on the browser you use.
-
As part of the cookie technology, the Administrator may use tracking pixels or pure GIF files to collect information about your use of its services and your response to marketing messages sent by e-mail. A pixel is a software code that allows an object, usually an image the size of a pixel, to be embedded on a page, which provides the ability to track user behavior on the web pages where it is deployed. Once the appropriate consent is given, the browser automatically establishes a direct connection to the server that stores the pixel, so the processing of data collected by the pixel is done within the framework of the data protection policy of the partner that administers the aforementioned server.
-
The Administrator may use Internet log files (which contain technical data, such as the user’s IP address) to monitor traffic within its services, resolve technical problems, detect and prevent fraud, and enforce the User Agreement.
-
The Administrator informs you that the website does not respond to Do Not Track (DNT) signals, but you may disable certain forms of online tracking, including certain analytics and personalized advertising, by changing the cookie settings in your browser or using our cookie consent tools (if applicable).
-
Detailed information on how to change the settings for cookies and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following pages (just click on the link):
-
Detailed information about the management of cookies on a cell phone or other mobile device should be found in the user manual of the respective mobile device.