- The website (hereinafter: „Website”) is run by LAPARO sp. z o.o. with the registered office in Wrocław, ul. Wilcza 25C, 50-429 Wrocław, entered into Register of Entrepreneurs of the National Court Register run by District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Department of the National Court Register under number 0000595136, tax ID: 8971818380, e-mail address: firstname.lastname@example.org (hereinafter: „Controller”).
- During Website activity there can be collected and used data of Website’s users (hereinafter: „Users”), including personal data.
- Users’ data can be collected as a result of: voluntary providing by the Users (e.g. during completing contact form, ordering newsletter, making orders) and usage of cookies files – both own and coming from external subjects ones.
- There can be also collected information about User’s IP address, time of arrival of the question and sending the answer, address of the website form which the User was put through to the Website and kind of the software used by the User (kind of operating system and kind of browser). Data are used for purposes of running the Website and making statistics and analysis.
- Controller cares for appropriate security of the User’s data by implementing proper organisational and technical measures.
- Security of the personal data during transfer is provided by SSL transmission protocol. Protocol codes data prior to its dispatch from the User’s browser and decodes them after secure arrival on the Website’s server.
- Controller of the User’s personal data is LAPARO sp. z o.o. with the registered office in Wrocław, ul. Wilcza 25C, 50-429 Wrocław, entered into Register of Entrepreneurs of the National Court Register run by District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Department of the National Court Register under number 0000595136, tax ID: 8971818380.
[source of the data]
- The Controller can obtain personal data from people who the data concerns, but also from social media and portals in which the person, who the data concerns entered into interaction with the Controller’s profiles.
[purposes of processing]
- Through the Website, the Controller can collect and later process personal data for purposes such as:
- sending a newsletter – based on art. 6 par. 1 letter a GDPR, which is permission of the User for sending newsletter to him; permission is given by providing email address and clicking the button confirming ordering newsletter;
- contact with the User, if he wrote to the Controller (filled in contact form or used one of the available functionality, e.g. chatbot) – based on art. 6 par. 1 letter f GDPR, because processing is necessary for purposes arising from legally justified interest of the Controller; such interest is to contact with the User;
- running direct marketing of products and services of the Controller – based on art. 6 par. 1 letter f GDPR, because processing is necessary for purposes arising from legally justified interest of the Controller; such interest is to promote products and services of the Controller;
- statistic and analysis of users’ behaviour on the Website – based on art. 6 par. 1 letter of GDPR, because processing is necessary for purposes arising from legally justified interest of the Controller; such interest is to make arrangements concerning use of the Website by the Users for purposes of its optimisation for the Users’ needs.
- The Controller can make personal data available to his subcontractors (subjects providing services connected with processing) such as:
- suppliers of IT services, application and tools (e.g. hosting providers, firms providing software services);
- suppliers of services of joint email sending;
- suppliers of tools of running marketing (e.g. chatbot’s suppliers);
- suppliers of tools of management of the business of Controller (e.g. suppliers of CRM systems);
- suppliers of software of Online Shop service (e.g. programmes to calculate orders);
- suppliers of tools of analysis of users’ behaviour on the Website;
- suppliers providing advertising and marketing services;
- suppliers providing accounting services;
- legal and tax advisors.
- Personal data can be made available to the following, specific subjects:
- Facebook Ireland Ltd. with the registered office in Ireland – supplier of the service concerning the presentation of advertisements to the Users – Facebook Pixel, in scope in which the personal data are processed for purposes of services of adjustment, measurement and analysis (e.g. providing the Controller with analysis and report concerning campaign);
- Google LLC with the registered office in the USA and Google Ireland Limited with the registered office in Ireland – suppliers of Google services, such as:
- Google Analytics – tools to analyse the Website;
- Google Ads – service concerning presentation of advertisements to the Users;
- The Rocket Science Group LLC with the registered office in the USA – supplier of Mailchimp service of sending emails (including newsletter).
- As regards personal data included in data of events concerning actions of the people in websites and applications of the User, which integrate Facebook business tools, for which processing the Controller and Facebook jointly establish measures and purposes, the Controller and Facebook are joint controllers of personal data according to art. 26 GDPR. More information can be found in the following link: https://www.facebook.com/legal/terms/businesstools_jointprocessing.
- couriers delivering products;
- subjects serving electronic payments.
[transferring data outside EEA]
- The Controller does not transfer data outside European Economic Area, excluding using services of following subjects:
- Google LLC;
- The Rocket Science Group LLC;
- Facebook Ireland Ltd.
- In case of Google LLC, The Rocket Science Group LLC and Facebook Ireland Ltd., transfer of data to the USA occurs. Transfer of data outside European Economic Area is based on standard contractual clauses (art. 46 par. 2 GDPR).
Text of standard contractual clauses of Google is available in this link: https://privacy.google.com/businesses/processorterms/mccs/.
Text of data processing agreement made with The Rocket Science Group LLC with the information about standard contractual clauses is available in this link: https://mailchimp.com/legal/data-processing-addendum/.
Information concerning transfer of data to the USA by Facebook Ireland Ltd. with information about standard contractual clauses are available in this link: https://www.facebook.com/legal/EU_data_transfer_addendum.
[time of processing]
- Personal data processed for the purpose of:
- sending a newsletter to the User – are stored to the moment of revocation of the permission for receiving newsletter by the User;
- contact with the User – are stored for the period of 3 years from their collection;
- running direct marketing of products and services of the Controller – are stored to the moment of:
- making objection towards their processing for this purpose, unless the Controller will prove existence of important, legally justified grounds for processing, superior to interests, rights and freedoms of person that the data concerns; in this case the data will be stored until the moment of existence of such important, legally justified grounds for processing, or
- revocation of permission for receiving commercial information or usage of telecommunications final devices and automatic calling systems for purposes of direct marketing;
- statistic and analysis of users’ behaviour on the Website – are stored for the period of 3 years from their collection.
[rights of Users]
- The User, who personal data concern, owns following rights:
- right of access to given personal data and right to obtain their copy;
- right to correct personal data;
- right to delete personal data;
- right to demand of restriction of personal data processing;
- right to transfer personal data;
- right of objection toward personal data processing;
- right to lodge a complaint to the supervisory body.
- In the event when personal data processing takes place under permission, Users, who have personal data concern, have also right to revoke the permission for personal data processing at any moment. Revocation of permission does not influence conformity with the law of personal data processing which took place under the permission before its revocation.
- Right to revoke the permission also concerns permission for receiving commercial information and permission for usage of telecommunications final devices and automatic calling systems for purposes of direct marketing.
- For the purpose of exercising the above rights, User, whose personal data concern can contact the Controller.
- The User can ask the Controller to gain information concerning why the Controller acknowledged that he can process personal data on the grounds of legally justified interests.
[voluntary data disclosure]
- Disclosure of personal data with usage of the Website is voluntary. If the User won’t disclose them it won’t be possible to conclude a contract with the User, contact him, send him offers or send a newsletter.
[automated decision making]
- Controllers does not make decisions towards the Users, which are based on automated processing, including profiling and cause legal consequences towards the Users or have similar significant impact on them.
- In the framework of the Website activity there are cookies files used that are saved in Users’ final devices. By means of using cookie files one could understand their storage and reach access to them by the Controller.
- Cookies files are IT data, in particular text files, that are stored in the final device of the User and are designated to the usage of websites. Cookies files usually consist of the name of the website they come from, time of their storage in the final device, content (e.g. action ID) and unique number.
- Cookies files are used in the aim of:
- adjustment of the Website content to the User preferences and optimization of the Online Store usage; in particular, these files allow to recognize the device of the User and project Website appropriately, adjusting it to the User’s needs and preferences;
- adjustment of advertisements presented to the User to his preferences;
- making statistics and analysis of the Website usage.
- In the framework of the website there are two fundamental types of cookie files used: session cookies (session storage) and persistent cookies (local storage). Session cookies are temporary files stored in the final device of the User until the end of the session (e.g. leaving the Website, deletion by the User or closing the software). Persistent cookies are stored in the User’s final device for the period stated in parameters of the cookies files or until its deletion by the User.
- Usage of cookies files doesn’t cause configurational changes in the User’s final device and its software.
- Default settings of the web browser usually allow saving cookies files in the website user’s final devices. Said settings can be changed by the User.
- The User has the possibility of stating the terms of cookies files’ usage by the settings of the (web browser’s) software installed in his final device.
- The User has also the possibility of change of set conditions of cookie files usage. Change can consist of partial or total restriction of saving cookies files on the final device of the User.
- Blockade of cookies or their deletion can cause difficulties in usage of the Website, e.g. because some of their options won’t be available for the User.
- Controller informs, that according to Telecomunications Act, permission of the final user for storage of the information or reaching access to information already stored in telecommunications final device of the final user can be given by the user also through settings of the software saved in the final device used by the user. In the event when the user doesn’t want to give such permission, he ought to change the settings of the web browser
- Detailed information in the scope of changing settings of the browser concerning cookies files and their deletion can be gained on the official website of a specific browser. In particular, above information can be found under following addresses of websites:
[tools used on Website]
- In the Website’s framework, the Controller uses IT tools delivered by external subjects. Usage of such tools can bind with usage of cookie files delivered by said subjects.
- On the Website the Controller uses tools delivered by Google:
- Google Analytics,
- Google Ads.
- Thanks to usage of cookies, Google Analytics analyses movement and kind in which the Users move through the Website.
Controller uses data collected by Google Analytics to remarketing/retargeting, reporting projection in advertisement network of Google and to analysis of demographic data and interests of the Users.
Controller can set key words, advertisements and campaigns which most effectively attract clients.
Controller can also observe activity on the Website: rewinding of the page, copying of its elements, time of activity of specific user and other events.
All of said data is collected anonymously. It is enabled by the user’s IP number anonymization mechanism.
Users can prevent usage of their data in Google Analytics. More information about how to do it is present in this link: https://tools.google.com/dlpage/gaoptout.
- Google Ads is used to present proper advertisements for the User. Cookies are placed in the device of the User to remember websites that he visits.
Based on collected information there are personalised for the User advertisements projected on websites visited by him.
Controller can commission advertisements to be chosen by their receivers, e.g. every person that visits the Website within 7 days.
Controller commissions advertisements based on collective criterions, e.g. to specific target groups, never to specific User.
Settings concerning personalising of advertisements in Google services can be changed in this link: https://adssettings.google.com/.
- Google can transfer data to third parties. More information concerning usage of cookies files by Google can be found in this link: https://policies.google.com/technologies/cookies?hl=pl&gl=pl.
[Facebook business tools]
- Controller uses business tools delivered by Facebook, including Facebook Pixel, which is used for marketing activities.
- Facebook Pixel „spies” visits and behaviour of Users moving through Websites. Thanks to it, it is possible to send them adjusted advertisements (remarketing/retargeting).
- The Controller obtains from Facebook only statistical data, without reference to specific Users. In this way the Controller checks effectiveness of advertisements on Facebook and Instagram, explores the market and runs its own statistics.
- Data from Facebook Pixel the Controller collects only to statistical analysis, and commissions advertisements only based on collective criterions, never to specific users.
- More information about rules of processing data on portal Facebook is present in this link: https://www.facebook.com/privacy/explanation, and on Instagram is present in this link: https://help.instagram.com/155833707900388.
- Controllers can be used on the Website tool Hotjar delivered by Hotjar Limited.
- The purpose of this tool is to analyse behaviour of the User when he uses the Website. Hotjar registers the way of movement of the User through the Website (including e.g. navigation or movement of cursor). The Controller is not collecting by this tool any data of the User. This tool is used by the Controller only for the purpose of analysis and optimisation of functioning of the Website.
- It is also possible for the User to turn off the possibility of analysis of his behaviour on the Website. More information about it can be found in this link: https://www.hotjar.com/legal/compliance/opt-out.
- The Controller uses Website codes connected with social services LinkedIN, YouTube, Facebook, Instagram and Twitter.
- Browsers of the User can make connections with proper social service and pass information about visiting the Website.
- Details about processing data by social services are in privacy policies.