Privacy and Cookies Policy

 

§ 1

Introduction

 

This privacy policy (hereinafter referred to as the “Policy”) contains information regarding the processing by the controller, specified below, of your personal data as well as the use of cookies.

 

§ 2

Processing of personal data

 

in connection with the application starting from 25 May, 2018 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) (Journal of Laws of the EU L of 4 May, 2016) pursuant to art. 13 of the GDPR below, we provide you with information regarding our processing of your personal data.

 

The Data Controller uses organisational and technical security measures to ensure protection of personal data processing appropriate to threats and data categories. As a personal data controller, we take care that personal data of our website’s users are processed in accordance with the provisions of the General Data Protection Regulation (GDPR) and the provisions of Polish law.

 

I – Controller

 

The Controller of your data is OEX24 Sp. z o.o., ul. Franciszka Klimczaka 1, 02-797 Warsaw, National Court Register (KRS) number: 0000757616 (hereinafter referred to as the “Controller”).

 

If you purchase products from a third party using our online platform, the controller of your personal data necessary to fulfil the order is the specific seller from whom you are buying the products.

 

 

II – Contact:

 

You can contact us at the email address contact@oex24.com in all matters regarding our processing of your personal data.

 

You can also contact our Data Protection Officer: Marcin Gocławski at the following e-mail address: iodo@oex24.om.

 

III – Goals and basis of processing your data:

 

Creating and maintaining a user account (seller) require the processing of personal data such as:

  • e-mail address;
  • company (disclosed in the Central Register and Information on Economic Activity (CEIDG) or the National Court Register (KRS);
  • first and surname;
  • registered office address (street, postal code, place);
  • Tax Identification Number (NIP);
  • country;
  • telephone number

The processing of personal data for the above purpose is based on Art. 6 para 1(b) of the GDPR, according to which we can process personal data necessary to perform the contract or take action to conclude it.

 

Creating and maintaining a user (buyer) account require the processing of personal data such as:

  • e-mail address;
  • company (disclosed in the Central Register and Information on Economic Activity (CEIDG) or the National Court Register (KRS);
  • first and surname;
  • registered office address (street, postal code, place);
  • Tax Identification Number (NIP);
  • country;
  • telephone number

The processing of personal data for the above purpose is based on Art. 6 para 1(b) of the GDPR, according to which we can process personal data necessary to perform the contract or take action to conclude it.

 

Order fulfilment requires the processing of personal data such as:

  • the Buyer's first name and surname, the Buyer's company registration details, the Buyer's e-mail address and telephone number, the Buyer's delivery address;
  • the Seller’s first name and surname, the Seller’s company registration data, the Seller’s e-mail address and telephone number.

The processing of personal data for the above purpose is based on Art. 6 para 1(b) of the GDPR, according to which we can process personal data necessary to perform the contract or take action to conclude it.

 

Processing of complaints requires the processing of personal data such as:

  • first and surname;
  • place of residence;
  • e-mail address;

The processing of personal data for the above purpose is based on Art. 6 para 1(b) of the GDPR, according to which we can process personal data necessary to perform the contract or take action to conclude it.

 

Sending e-mail notifications requires the processing of personal data such as:

  • first name
  • e-mail address;

The processing of personal data for the above purpose is based on Art. 6 para 1(f) of the GDPR, according to which we may process personal data in order to implement our legally legitimate interest, in this case providing you with information about activities related to the fulfilment of orders and performance of services, in order to improve their quality.  

 

Sending marketing information - newsletter - requires the processing of personal data such as:

  • first name
  • e-mail address;

The processing of personal data for the above purpose is based on art. 6 par. 1(f) of the GDPR, according to which we may process personal data based on the justified interest of the Controller, where the Controller’s legitimate interest is to send commercial information to which you have agreed.

 

Making out a VAT invoice and fulfilling other obligations under the provisions of tax law (e.g. storing accounting records) require the processing of personal data such as:

  • company name;
  • registered office address;
  • Tax Identification Number (NIP);
  • order number.

The processing of personal data for the above purpose is based on Art. 6 para 1(c) of the GDPR, according to which we can process personal data if it serves to fulfil the legal obligation imposed on us.

 

The fulfilment of duties related to the protection of personal data (e.g. creation of appropriate registers) requires the processing of personal data such as:

  • user name (login), possibly first name and surname;
  • e-mail address;

The processing of personal data for the above purpose is based on Art. 6 para 1(c) of the GDPR, according to which we can process personal data if it serves to fulfil the legal obligation imposed on us, and Art. 6 para 1(f) of the GDPR, according to which we may process personal data in order to fulfil our legitimate interest, in this case proper implementation of your rights arising from the GDPR.

 

Determining, investigating or defending against claims require the processing of personal data such as:

  • user name (login);
  • first name and surname (if provided);
  • e-mail address;
  • place of residence/registered office address/address for service (if provided);
  • company name (if provided);
  • Tax Identification Number (NIP) (if provided);
  • IP;
  • order number.

The processing of personal data for the above purpose is based on Art. 6 para 1(f) of the GDPR, according to which we may process personal data in order to implement our legally legitimate interest, in this case determining, investigating, or defending against customer or third-party claims.

 

Archiving and collecting evidence require the processing of personal data such as:

  • user name (login);
  • first name and surname (if provided);
  • e-mail address;
  • place of residence/registered office address/address for service (if provided);
  • company name (if provided);
  • Tax Identification Number (NIP) (if provided);
  • IP;
  • order number.

The processing of personal data for the above purpose is based on Art. 6 para 1(f) of the GDPR, according to which we may process personal data in order to implement our legally legitimate interest, in this case determining, investigating, or defending against customer or third-party claims.

 

The Website users' activity analysis requires the processing of personal data such as:

  • date and time of visiting the Website;
  • operating system type;
  • approximate location;
  • type of web browser used for browsing the Website;
  • time spent on the Website;
  • subpages visited;
  • subpage where the form was filled out.

The processing of personal data for the above purpose is based on Art. 6 para 1(f) of the GDPR, according to which we may process personal data in order to implement our legally legitimate interest, in this case obtaining information on the Website users’ activity.

 

We also process personal data to analyse your preferences and behaviours and create your profile for marketing purposes (profiling) and direct marketing (this applies to persons using a user account):

    • Analysis and creating a profile for marketing purposes: To learn about your personal preferences and behaviours in order to present you information about products, new products, and promotions offered on our Website. In order to create it we will process your personal data provided by you in the user account registration form, information related to your activity within the user account within the last 24 months (order history), frequency and method of user account use (i.e. through a mobile application / through the website), your opinions and suggestions, location data (if you enable this option on your device or in the browser), cookies and similar technologies used for collecting data about your activity, i.e. places visited and activities on our websites, technical information about your device (IP/MAC address, operating system, and browser type);
    • Direct marketing: In order to conduct direct marketing, i.e. to inform you about products, new products, and promotions offered on the Website, we will process data from the profile;
    • The legal basis for the processing of the said data is the legitimate interest of the Website to examine your preferences and behaviours for the purposes of preparing and presenting information about products, new products, and our promotions that we think may interest you and will be tailored to your needs (profiling) and direct marketing of our products mentioned above (Article 6 para 1(f) of the GDPR).

 

IV – Recipients of data

 

The recipient of your personal data will be external entities that process data on our behalf based on data entrustment agreements (e.g. a company providing hosting services for us, an accounting office) as well as our other subcontractors. The data may also be transferred to public or private entities, if such an obligation arises from the generally applicable provisions of law.

 

In connection with our use of tools such as Google Analytics and Google AdWords, we transfer your data to the United States of America on the basis of Implementing Decision (EU) 2016/1250 adopted under Directive 95/46 / EC of the European Parliament and of the Council on the adequacy of protection provided by the EU-US Privacy Shield (notified under document C (2016) 4176). You can get a copy from us related to the data transferred to a third country.

 

V – Data Retention Period

 

We will process your data for the following period of time:

 

  1. complying with legal obligations resulting from the GDPR in the implementation of your rights and therefore archiving your requests to us or informing you about the threats to your privacy - until the limitation dates expire,
  2. concluding and performing the contract - when you register an account with us or buy something - until expiry of the limitation dates
  3. establishing, investigating, or defending claims - for example, if you file a complaint - - until expiry of the limitation dates,
  4. creating your profile based on your preferences and predilections in order to send you a personalised advertisement - until you raise an objection
  5. sending you the newsletter, that is information about new products and promotions - until the usefulness of your personal data expires, unless you previously withdraw your consent to receive the said content, or until you raise an objection,
  6. complying with tax law obligations - for a period resulting from tax law provisions.

 

VI – Your rights

 

In connection with processing of personal data under the GDPR, you have certain rights:

  1. the right to information which personal data relating to you are processed by us and to obtain a copy of these data (the so-called right of access). The first copy of the data is free, we can charge a fee for subsequent copies;
  2. if the data being processed becomes obsolete or incomplete (or otherwise incorrect), you have the right to request their rectification;
  3. in certain situations, you may ask us to delete your personal data, i.e. when the data ceases to be needed for the purposes we have informed you about; when the consent for data processing is effectively revoked (unless we have the right to process data on a different legal basis); if processing is unlawful; or if the need to delete data results from our legal obligation;
  4. in the event personal data are processed by us on the basis of a consent granted for processing or for the purpose of performing the contract concluded with us, you have the right to transfer your data to another controller;
  5. in the event that personal data is processed by us on the basis of your consent for processing, you have the right to withdraw this consent at any time;
  6. if you believe that the processed personal data is incorrect, the processing is unlawful, or we do not specific data any more, you can also request that for a certain time (e.g. data validation or redress), we do not make any operations on the data, but only store them;
  7. we process your personal data, among others to conduct marketing activities regarding our products and services. The basis for such processing is the so-called “legitimate interest of the controller”. In the event of such processing, you have the right raise an objection. As a consequence, we will cease processing personal data for the purpose described above;
  8. you have the right to lodge a complaint to the President of the Personal Data Protection Office when you feel that the processing of personal data violates the provisions of the GDPR.

 

VII – Information on the requirement/voluntary provision of data  

 

Providing your data is:

  1. when required by law – a legal obligation
  2. a condition for concluding a contract – when you register an account or purchase something
  3. a condition for sending you information about new products and promotions – regarding the newsletter

 

§ 3

Cookies

 

  1. Please be advised that our Website uses “cookies”.
  2. Starting to use the Website, by activating the “Accept” button, you accept the placement of cookie files on your device via the website (e.g. computer, telephone).
  3. The data obtained by means of cookies do not allow to identify the user or third parties.
  4. We can place both permanent and temporary files on the user's device and devices of third parties.
  5. We use cookies to/for:
  1. ensure the proper operation of the Website,
  2. statistic purposes,
  3. adapt the Website to your preferences.
  1. Temporary files are usually removed when the browser is closed, while closing the browser does not delete permanent files.
  2. We use Google Analytics, which uses cookies located on your device and third-party devices to compile statistics on the amount of traffic on the platform and how to use the platform.
  3. We use Google AdWords, which uses cookies on your device and devices of third parties to customize the contents of the oex24.com website for behavioural analysis of its users.
  4. We use a server that automatically saves in the server logs, in order to analyse the IT system’s operation, information about the device, which is used by the users when connecting to the platform, i.e. about the type of device and browser used by the user, about the user's computer IP, date and time of entry, text description of the event, and qualification of the event.
  5. Through the majority of commonly used browsers, you can check whether cookies have been installed on your device, as well as delete the installed cookies and block them from being installed in the future by the Website or other websites. However, deleting or blocking cookies may cause problems with using the Website. For more information about deleting, modifying, or blocking cookies, please visit http://www.cookiecentral.com/faq/.
  6. According to international NAI standards (https://www.networkadvertising.org/), we store cookies for a period of up to five years.

 

§ 4

Final provisions

 

  1. The regulations on personal data protection shall apply to any matters not regulated by this Policy.
  2. You will be notified by e-mail about any changes made to this Privacy Policy.
  3. This Policy is in force as of 25 May 2018. Information on any change to the Policy will be made available by electronic mail or on our Website.