sept

PRIVACY POLICY

OF SEPT.COM.PL ONLINE STORE

TABLE OF CONTENTS:

GENERAL PROVISIONS

GROUNDS FOR PROCESSING OF DATA

PURPOSE, GROUND AND PERIOD OF PROCESSING OF DATA IN THE ONLINE STORE

RECEPIENTS OF DATA IN THE ONLINE STORE

PROFILING IN THE ONLINE STORE

RIGHTS OF DATA SUBJECT

COOKIES IN THE ONLINE STORE AND ANALYTICS

FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. This privacy policy of the Online Store is informative, which means that it is not a source of any obligations of any Service Recipients or Clients of the Online Store. The privacy policy contains mainly principles governing the processing of personal data by the Controller in the Online Store, including the grounds, purposes and period of processing of personal data and rights of data subjects as well as information on the use of cookies and analytical tools in the Online Store.

1.2. The controller of personal data collected through the Online Store is SEPT. K. MACIEJEWSKA, A. WIŚNIEWSKA SPÓŁKA JAWNA with its registered office in Warsaw (registered office address and address for service of process: ul. Lustrzana 43, 01-342 Warszawa); registered in the Register of Business Entities of the National Court Register, under number KRS 0000797451; the registry court in which the company’s documentation is kept is as follows: District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register; NIP 5223164882, REGON 383995428, e-mail address: info@sept.com.pl; hereinafter referred to as the “Controller” and at the same time being the Service Provider of the Online Store and the Seller.

1.3. The personal data are processed in the Online Store by the Controller in accordance with the applicable provisions of law, in particular in accordance with the Regulation of the European Parliament and of the Council (UE) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (general data protection regulation) – hereinafter referred to as “GDPR”. The official text of GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679" style="text-decoration:none">http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4. Visiting the Online Store, including shopping therein, is voluntary. Similarly, the related provision of personal data by a Service Recipient or Client using the Online Store is voluntary, subject to two exceptions: (1) execution of contracts with the Controller – failure to provide, in the cases and within the scope indicated on the website of the Online Store and in the Regulations of the Online Store and this privacy policy, any personal data necessary to execute and perform a Sale Agreement or an agreement for the provision of Electronic Service with the Controller results in the impossibility to execute such agreement. The provision of personal data is in such case a contractual requirement and if a data subject wants to conclude any contract with the Controller, he or she is obliged to provide the required data. The scope of data required to execute a contract is previously indicated on the website of the Online Store and in the Regulations of the Online Store; (2) the Controller’s statutory obligations – the provision of personal data is a statutory requirement arising from the generally applicable laws imposing upon the Controller the obligation to process personal data (e.g. data processing for the purposes of keeping tax or accounting books) and the failure to provide such data will prevent the Controller from fulfilling such obligations.

1.5. The Controller shall exercise special diligence in order to protect interests of data subjects whose data it processes, and in particular it shall be responsible and shall warrant that the data it collects shall be: (1) processed in accordance with law; (2) collected for specified legitimate purposes and not subject to any further processing being contrary to such purposes; (3) substantively correct and adequate for the purposes for which they are processed; (4) stored in a form enabling identification of data subjects, for a period no longer than necessary to achieve the purpose of processing and (5) processed in a manner ensuring appropriate safety of personal data, including protection against inadmissible or illegal processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.

1.6. Taking into consideration the nature, scope, context and purposes of processing and the risk to the rights or freedoms of natural persons characterized by a different probability and severity, the Controller implements appropriate technical and organizational measures in order to make sure that processing is conducted in accordance with the regulation and to be able to demonstrate it. Such measures are reviewed and updated as needed. The Controller applies technical measures preventing unauthorized persons from obtaining and modifying personal data transmitted electronically.

1.7. All words, expressions and acronyms in this privacy policy and capitalized terms (e.g. Seller, Online Store, Electronic Service) should be understood in line with their definitions included in the Regulations of the Online Store available on the websites of the Online Store.

2. GROUNDS FOR PROCESSING OF DATA

2.1. The Controller is entitled to process personal data if and to the extent that at least one of the following applies: (1) data subject has given explicit consent to the processing of his or her personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2. At least one of the grounds indicated in point 2.1 of the privacy policy must exist for the Controller to be able to process personal data. Exact grounds for processing of personal data of Service Recipients and Clients of the Online Store by the Controller are indicated in the next point of the privacy policy – with respect to a particular purpose of processing of personal data by the Controller.

3. PURPOSE, GROUND AND PERIOD OF PROCESSING OF DATA IN THE ONLINE STORE

3.1. The purpose, ground and period as well as recipients of personal data processed by the Controller arise from activities performed by the relevant Service Recipient or Client in the Online Store or by the Controller. For example, if a Client decides to shop in the Online Store and chooses personal collection of the purchased Product instead of courier delivery, his personal data will be processed for the purpose of performance of the concluded Sale Agreement, but it will not be made available to the operator carrying out the delivery at the Controller’s request.

3.2. The Controller may process personal data within the Online Store for the following purposes, under the following grounds and during the periods indicated in the table below:

Purpose of data processing

Legal ground for processing of data

Data storage period

Performance of a Sale Agreement or an agreement for the provision of Electronic Service or in order to take steps at the request of the data subject prior to entering into such contracts

Article 6 sec. 1 point (b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract

Data is stored for a period necessary for the performance, termination or any other expiry of the Sale Agreement or an agreement for the provisions of Electronic Service.

Direct marketing

Article 6 sec. 1 lit. f) of the GDPR (legitimate interest pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting of looking after the interests and good image of the Controller and its Online Store and pursuing a sale of Products

Data is stored for a period of existence of a legitimate interest pursued by the Controller, no longer, however, than for a limitation period for the Controller’s claims against a data subject, relating to the business activity conducted by the Controller. The limitation period is specified by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business activity amounts to three years, and for Sale Agreement – two years).

The Controller cannot process any data for direct marketing purposes if a data subject has expressed an effective objection against such processing.

Marketing

Article 6 sec. 1 point (a) of the GDPR (consent) – data subject has given its consent to the processing of his or her personal data for marketing purposes by the Controller

Data is stored until the data subject withdraws his or her consent for further processing of his or her data for such purpose.

Provision of the Client’s opinion on the executed Sale Agreement

Article 6 sec. 1 point (a) of the GDPR – data subject has given its consent to the processing of his or her personal data for the purpose of expressing opinions

Data is stored until the data subject withdraws his or her consent for further processing of his or her data for such purpose.

Keeping of tax books

Article 6 sec. 1 point (c) of the GDPR in connection with Article 86 § 1 of the Tax Code, consolidated text of 17 January 2017 (Journal of Laws of 2017, item 201) – processing is necessary for compliance with a legal obligation to which the Controller is subject

Data is stored for a period required by the provisions of law requiring the Controller to store tax books (until the limitation period for a tax liability elapses, unless the tax laws provide otherwise).

Establishment, exercise or defense of legal claims which may be raised by or against the Controller

Article 6 sec. 1 point (f) of the GDPR (legitimate interest pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting of the establishment, exercise or defense of legal claims, which may be raised by or against the Controller

Data is stored for a period of existence of a legitimate interest pursued by the Controller, no longer, however, than for a limitation period for claims which may be asserted against the Controller (the basic limitation period for claims against the Controller amounts to six years).

Using the Online Store site and ensuring its proper operation

Data is stored for a period of existence of a legitimate interest pursued by the Controller, no longer, however, than for a limitation period for the Controller’s claims against the data subject, relating to business activity conducted by the Controller. The limitation period is specified by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to the conduct of business activity amounts to three years, and for Sale Agreement – two years).

Keeping statistics and analyzing traffic in the Online Store

Article 6 sec. 1 point (f) of the GDPR (legitimate interest pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting of keeping statistics and analyzing traffic in the Online Store in order to improve the operation of the Online Store and increase sales of Products

4. RECIPIENTS OF DATA IN THE ONLINE STORE

4.1. For proper operation of the Online Store, in particular for performance of Sale Agreements the Controller must use services of external entities (such as e.g. software provider, courier or entity processing payments). The Controller shall use only processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.

4.2. Personal data may be transferred by the Controller to a third country, whereas the Controller warrants that in such case the transfer shall be made to a country which ensures an adequate level of protection – in accordance with the GDPR, and the data subject shall be able to obtain a copy of his or her data. The Controller shall only transfer gathered personal data if and to the extent necessary to pursue a given purpose of processing of data compliant with this privacy policy.

4.3. Data is not transferred by the Controller in each case and to all recipients and categories of recipients indicated in the privacy policy – the Controller shall only transfer data when it is necessary to pursue a given purpose of processing of personal data and only to the extent necessary to pursue such purpose. For example, if the Client chooses personal collection, his or her data will not be provided to the carrier cooperating with the Controller.

4.4. Personal data of Service Recipients and Clients of the Online Store may be transferred to the following recipients or categories of recipients:

4.4.1. transport agents / freight forwarders / delivery agents / warehouse operators and/or entities handling shipment process – in case of Clients who use in the Online Store the method of delivery of a Product by post or courier, the Controller shall share the gathered personal data of the Client with a selected transport agent, freight forwarder or agent carrying out deliveries for the Controller, and if shipment is made from an external warehouse – with a warehouse operator and/or entity handling the shipment process – to the extent necessary to carry out the delivery of the Product to the Client.

4.4.2. entities processing electronic or debit card payments – in case of Clients who use in the Online Store electronic or debit card payment methods, the Controller shall share the gathered personal data of the Client to a selected entity handling such payments in the Online Store at the Controller’s request to the extent necessary to handle payments carried out by the Client.

4.4.3. providers of services supplying the Controller with technical, IT and organizational solutions enabling the Controller to conduct business activity, including the Online Store and Electronic Services rendered through it (in particular suppliers of computer software for operation of the Online Store, electronic mail and hosting services providers and suppliers of managing the company and providing technical assistance to the Controller) – the Controller shall share the gathered personal data of the Client to a selected supplier acting at its request only if and to the extent necessary to pursue a given purpose of processing of data compliant with this privacy policy.

4.4.4. providers of accounting, legal and advisory services providing the Controller with accounting, legal and advisory assistance (in particular accountancy office, law firm or debt collection company) – the Controller shall share the gathered personal data of the Client with a selected supplier acting at its request only if and to the extent necessary to pursue a given purpose of processing of data compliant with this privacy policy.

4.4.5. providers of social plugins, scripts and other similar tools placed on the Online Store site, enabling the browsers of the person visiting the Online Store site to download content from the providers of the said plugins (e.g. logging in using social network login details) and provision of personal data of the visiting person to such providers for such purpose, including also:

4.4.5.1. Facebook Ireland Ltd. – the Controller shall use, on the Online Store site, Facebook social plugins (e.g. Like! button, Share button or logging in using Facebook login details) and accordingly it shall collect and share personal data of the Service Recipient visiting the Online Store site with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy principles available here: https://www.facebook.com/about/privacy/ (such data includes information on activities on the Online Store site – including information on the device, visited sites, purchases, displayed ads and manner of use of services – irrespective of whether the Service Recipient has an account on Facebook and whether he or she is logged in to Facebook).

5. PROFILING IN THE ONLINE STORE

5.1. The GDPR imposes upon the Controller the obligation to inform about automated decision making, including profiling, as referred to in Article 22 sec. 1 and 4 of the GDPR, and – at least in such cases – material information on the principles of making such decisions, as well as the significance and anticipated consequences of such processing for the data subject. Bearing the foregoing in mind, the Controller indicates, in this point of the privacy policy, information concerning potential profiling.

5.2. The Controller may use, in the Online Store, profiling tools for direct marketing purposes, but decisions made on the basis thereof by the Controller do not concern the execution or refusal to execute a Sale Agreement or the possibility of using Electronic Services in the Online Store. As a result of using profiling tools in the Online Store, e.g. a given person may be granted a discount, provided with a discount code, reminded about unfinished purchase, provided with Product recommendations, which may suit interests or preferences of a given person, or better terms compared to the standard offer of the Online Store may be proposed. Despite profiling, it is the relevant person who freely decides whether he or she will want to use the discount granted to him or her or such better terms and make a purchase in the Online Store.

5.3. Profiling in the Online Store consists in automatic analyzing or predicting a given person’s behavior on the Online Store site, e.g. through adding any Product to the basket, browsing the site of a particular Product in the Online Store or through analyzing the history of purchases made in the Online Store. Such profiling is conditional upon the Controller holding personal data of a given person, in order to be able to subsequently send e.g. a discount code to it.

5.4. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

6. RIGHTS OF DATA SUBJECT

6.1. Right of access, rectification, restriction of processing, erasure or data portability – the data subject has the right to obtain from the Controller access to his or her personal data, its rectification, erasure (“right to be forgotten”) or restriction of processing and has the right to object to processing, and also has the right to transfer his or her data. The detailed terms of exercising the above-mentioned rights are indicated in Article 15-21 of the GDPR.

6.2. Right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of his or her consent (on the basis of Article 6 sec. 1 point (a) or Article 9 sec. 2 point (a) of the GDPR), such person has the right to withdraw its consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6.3. Right to lodge a complaint with a supervisory authority – a person whose data is processed by the Controller, has the right to lodge a complaint with a supervisory authority in the manner and according to the procedure specified in the GDPR and the provisions of Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

6.4. Right to object – the data subject has the right to object on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on Article 6 sec. 1 point (e) (public interest and rights) or point (f) (legitimate interest pursued by the controller), in particular on the basis of such provisions. In such case the Controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

6.5. Right to object to processing for direct marketing purposes – Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

6.6. In order to exercise the rights referred to in this point of the privacy policy, one may contact the Controller through sending an appropriate message in writing or by electronic mail to the Controller’s address indicated in the introduction to the privacy policy or using a contact form available on the Online Store site.

7. COOKIES IN THE ONLINE STORE AND ANALYTICS

7.1. Cookies are small amounts of information in the form of text files, sent by a server and saved on the side of the person visiting the Online Store site (e.g. on the hard disc of a computer or laptop, or a memory card of a smartphone – whichever is used by the person visiting our Online Store). For detailed information on cookies, and the history of their creation, please visit inter alia: https://pl.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookies which may be sent by the Online Store site may be divided into various types, according to the following criteria:

According to their supplier:

1) own (created by the Controller’s Online Store site) and

2) owned by third parties/entities (other than the Controller)

According to their storage period on the device of a person visiting the Online Store site:

1) session cookies (stored until one logs out of the Online Store or closes the web browser) and

2) persistent cookies (stored for a specific period of time, as defined by the parameters of each file or until they are removed manually)

According to the purpose of their use:

1) necessary cookies (enabling proper operation of the Online Store site),

2) functional/preference cookies (enabling adjustment of the Online Store site to preferences of a person visiting the site),

3) analytical and performance cookies (gathering information on the manner of use of the Online Store site),

4) marketing, advertising and social cookies (gathering information on a person visiting the Online Store site in order to display to such person personalized ads and conduct other marketing activities, including also on websites separate from the Online Store site, such as social networking sites

7.3. The Controller may process data included in cookies while visitors use the Online Store site for the following particular purposes:

Purposes of using Cookies in the Controller’s Online Store

to identify Service Recipients as persons logged into the Online Store and show that they are logged in (necessary cookies)

to remember Products added to the basket to place an Order (necessary cookies)

remember data from the filled-out Order Forms, surveys and login details for Online Store (necessary cookies and/or functional/preference cookies)

to adjust the content of the Online Store site to individual preferences of Service Recipients (e.g. colors, font size, page layout) and optimize the use of the Online Store sites (functional/preference cookies)

to keep anonymous statistics presenting the method of use of the Online Store site (statistic cookies)

for remarketing purposes, i.e. to conduct research on behavior of the Online Store visitors through an anonymous analysis of such behavior (e.g. repeated visits on certain sites, key words, etc.) in order to create their profile and deliver to them ads adjusted to their anticipated interests, also when they visit other websites within the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social cookies)

7.4. It is possible to check in the most popular web browsers what kind of cookies (including the storage period of cookies and their supplier) are sent at a given moment by the Online Store site in the following manner:

In the Chrome browser:
(1) in the address bar click the padlock icon on the left side, (2) go to the “Cookies” tab.

In the Firefox browser:
(1) in the address bar click the target icon on the left side, (2) go to the “Accept” or “Block” tab, (3) click the field “Cross-site tracking cookies between sites”, “Social media trackers” or “Tracking content”

In the Internet Explorer browser:
(1) click the “Tools” menu, (2) go to the “Internet options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click “Display files”

In the Opera browser:
(1) in the address bar click the padlock icon on the left side, (2) go to the “Cookies” tab.

in the Safari browser:
(1) click the “Preferences” menu, (2) go to the “Privacy” tab, (3) click “Manage website data”

Irrespective of the browser, using tools available e.g. at the following website: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/<;/span>

7.5. As a standard, most web browsers available in the market accepts saving cookies by default. Everyone has the possibility of determining the conditions of use of cookies through the settings of its own web browser. It means that one may e.g. partially reject (e.g. temporarily) or completely disable Cookies – however, in the latter case it may affect certain functionalities of the Online Store (for example, it may turn out to be impossible to go through the Order path using the Order Form due to the fact that Products in the basket are not remembered at subsequent steps of placing the Order).

7.6. Settings of a web browser with respect to cookies are significant from the perspective of consent to the use of cookies by our Online Store – in accordance with the regulations such consent may also be expressed through web browser settings.. Detailed information on how to change settings concerning cookies and how to delete them independently in the most popular web browsers are available in the help section of the web browser and on the following websites (please click the appropriate link):

http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647" style="text-decoration:none">in the Chrome browser

http://support.mozilla.org/pl/kb/W%C5%82%C4%85czanie%20i%20wy%C5%82%C4%85czanie%20obs%C5%82ugi%20cia..." style="text-decoration:none">in the Firefox browser

https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies" style="text-decoration:none">in the Internet Explorer browser

https://help.opera.com/pl/latest/web-preferences/#cookies" style="text-decoration:none">in the Opera browser

https://support.apple.com/pl-pl/guide/safari/sfri11471/11.0/mac/10.13" style="text-decoration:none">in the Safari browser

http://windows.microsoft.com/pl-pl/windows-10/edge-privacy-faq" style="text-decoration:none">in the Microsoft Edge browser

7.7. The Controller may use, in the Online Store, Google Analytics and Universal Analytics services supplied by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Such services help the Controller keep statistics and analyze traffic in the Online Store. The gathered data are processed in the course of the above-mentioned services to generate statistics helpful in administering the Online Store and analyzing traffic in the Online Store. Data are collective. By using the above-mentioned services in the Online Store the Controller gathers data such as sources and media through which persons visiting the Online Store have been attracted and the way they behave on the Online Store site, information on devices and browsers from which they visit the site, IP and domain name, geographical and demographic data (age, sex) and hobbies.

7.8. It is possible to easily block sharing with Google Analytics information about a person’s activity on the Online Store site – to this end one can for example install a browser add-on supplied by Google Ireland Ltd. which is available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9. The Controller may use, in the Online Store, Facebook pixel tool supplied by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). Such service helps the Controller to measure advertising effectiveness and learn what the Online Store visitors do, and to display adjusted ads to such persons. For detailed information on Facebook pixel tool, please visit the following address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.10. It is possible to manage Facebook pixel tool through ad settings on your account at Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Controller encourages you to read the privacy policy placed on particular websites after you go to such other websites. This privacy policy applies only to the Controller’s Online Store.

CLASSIC

TASSEL

PENNY