- European Parliament and Council’s Legislation of /UE/ 2016/679 of 27 April 2016 concerning the protection of individuals with regard to the personal data processing and the case of free flow of such data and the repeal of the 95/46/WE (OJ of the EU 2016.119.1 on 4 May, 2016) directive, later addressed as RODO.
- May 10th, 2018 legislation about the protection of personal data (OJ of the EU 2018 r. pos. 1000).
THE EXECUTION OF PERSONAL DATA PROTECTION
Person data protection is executed by physical and organizational protections, system software, applications, and users, proportionally and adequately to the risk of safety violation of personal data that is processed as a matter of conducted business activity.
The manipulation of personal data is reduced to the minimum and the sensitive data is not processed.
PERSONAL DATA ADMINISTRATOR
The administrator of personal data, i.e. entity, which determines the goals and decides about the way of personal data processing, is DACPOL Sp. z o.o. with headquarters at ul. Puławska 34, 05-500 Piaseczno, included in the Entrepreneur Registry by the Regional Court for Warsaw XIV Economic Department of KRS (National Court Registry), under the number KRS 0000105242, with a share capital of 5.000.000 PLN, and a tax identification NIP number: 521-008-36-44, REGON: 012546238.
In the matters concerning privacy, you can contact DACPOL Sp. z o.o. through email: email@example.com.
CONCLUSION AND EXECUTION OF THE CONTRACT
Dacpol processes personal data to undertake actions towards conclusion of the contract or to execute the already concluded contract with a Client [article 6(1b) RODO], i.e.
a) concluding with Dacpol a contract of products’ sale,
b) concluding with Dacpol a contract for online services, which is mentioned in the Statute https://www.dacpol.eu/pl/regulamin (later addressed as Online shop), related to the registration and setting up a user’s account.
c) sending entries to Dacpol through email or contact forms available on Dacpol online sites related to the account registration in the Online shop or in connection with concluding or executing the contracts through the agency of above-mentioned online sites.
Dacpol processes personal data to fulfil their legal obligation [article 6 (1c) RODO]. It indicates a necessity to process personal data in connection with fulfilling the obligations that come from legal regulations, especially the obligations coming from the legal tax regulations, accounting law, national insurance law, Civil Code, consumers’ rights law.
LEGALLY LEGITIMIZED Dacpol Sp. z o. o. OR THIRD PARTY’S VENTURE
Dacpol can process personal data if it’s necessary for goals that result from justified ventures conducted by Dacpol or a third party [article 6 (1f) RODO]. In practice, it involves personal data processing in the following cases:
a) Management of relations with the Client
(Due to internal necessities, Dacpol analyses past cooperation with Clients to create charts, analysis and statistics about sales. Based on above-mentioned information Dacpol acquires useful knowledge for creating offers, prices, better offer adjustment to the clients’ interests, taking more directed marketing actions, and improving the quality of provided services).
(Based on the - made during the account registration process in the online shop - client’s classification of their business to one of the market’s segments, Dacpol determines a set price list in the Online shop. The decision is made automatically, but does not cause any unfavorable effects for the Client.
Based on the acquired data about the Client, gathered in the past cooperation (i.e. information about purchase history in the Online shop, activity history in the Online shop, assigned to a given client segment: consumer/entrepreneur), Dacpol displays to the Client on the site of the Online shop personalized ads and information about organized by Dacpol sales. The decision is made automatically, but does not cause any unfavorable effects for the Client.
Based on the acquired data about the Client, gathered in the past cooperation (i.e. information about purchase history in the Online shop) connected with information about other Clients, with given characteristic stated by Dacpol, Dacpol displays offers to the Client about the recommended products, bought by other Clients. The decision is made automatically, but does not cause any unfavorable effects for the Client)
c) Marketing of products and services provided by Dacpol
(Dacpol contacts clients by phone or sends marketing information about products and services offered by Dacpol if the Client agreed at https://www.dacpol.eu site to the phone, email or text messages contact for direct marketing purposes.
Dacpol does not send spam, i.e. not ordered sales information.
Dacpol does not pass along any personal data, especially the email addresses or phone numbers to the third party ventures to enable them to take direct marketing actions concerning the products and services offered by those ventures).
d) Vindication of claims by Dacpol and defense against claims aimed at Dacpol
(In case of defaulting or undue defaulting of the Clients to the concluded with Dacpol contract, Dacpol according to the effective law can vindicate claims e.g. vindicated a payment for sold products.
In case of Client’s vindication of claims aimed at Dacpol, Dacpol processes Client’s personal data as a protection against such claims).
e) Protection of claims connected to the products’ sales.
(In cases justified by the value of concluded by the Client - as an entrepreneur - sales contracts, in case of granting by Dacpol the right to deferred payment date due to the granted by Dacpol mercantile credit, Dacpol can demand from the entrepreneur to issue or guarantee a blank promissory note, in purpose of securing the due execution by the Client/entrepreneur the sales contract concluded with Dacpol).
f) Evaluation of creditworthiness
(In the case when the Client - as an entrepreneur, applies to Dacpol for a possibility to pay for the purchased goods in the Online shop as a deferred payment date within the granted by Dacpol mercantile credit, Dacpol gathers and stores the information about financial situation of the Client, that enables an evaluation of creditworthiness and the analysis of the risk connected to the conclusion of the sales contract with a deferred payment date).
g) Contacting Dacpol
(Dacpol enables sending to Dacpol claims through email or contacts forms, available on Dacpol site in other matters, not connected to the account setup in the Online shop or not connected to the conclusion and execution of the contracts through the above-mentioned online sites).
h) Storage of data in purpose for providing accountability, i.e. proving the fulfilment of the regulations concerning personal data processing.
PERSONAL DATA RECEIVERS
Due to the Client’s personal data processing in purposes, which are discussed above, Dacpol can share data to the following receivers or categories of receivers:
a) Entities providing delivery services (courier), entities providing postal services, suppliers of products sold by Dacpol - in case of executing the delivery of the products directly from this supplier’s storage, due to the concluded contracts of insuring the liability,
b) offices of Economic Information,
c) entities providing services of sharing economic reports about the entrepreneurs,
d) bank, in which Dacpol owns a bank account in connection with the transmission by the agency of the bank of the amounts to the given account, in case of the products return, complaints, overpayments,
e) entities providing in favor of Dacpol: logistic services, agency or distribution services, financial statements’ evaluation services, accounting services, tax advisory services, financial, business, and legal services, IT services, marketing services,
f) entities providing services in the field of public investor relations,
g) entities, which Dacpol delegates conducting the eviction actions and process agents representing Dacpol or above-mentioned entities.
PLANNED PERIOD OF DATA STORAGE
- In case of data being processed to conclude or execute the contract - Dacpol processes personal data until the date of the limitation period resulting from them civil law claims.
- In case of data being processed to execute a legal obligation - the period of data processing results from legal regulations.
- In case of data being processed in the purpose of the execution of the justified venture of Dacpol or a third party - the period of personal data storage is different depending on a specific purpose of the processing.
- In case of data processing in the purpose of managing the relations with the Client, data is processed by us for an indefinite period of time or until the Client hands in an objection based on the article 21(1) of RODO Regulation regarding the special situation of the Client.
- In case of data being processed for the purpose of profiling, data is processed for an indefinite period of time or until the Client hands in an objection based on the article 21(1) of RODO Regulation regarding the special situation of the Client. The Client can advance an entry for withdrawal of data being processed by Dacpol.
- In case of data being processed for the purpose of product of service marketing offered by Dacpol - Dacpol processes personal data until the Client withdrawal of the agreement for sending sales information through email, text messages or calls.
- In case of personal data being processed in purpose of vindication of claims by Dacpol or in the purpose of defense against claims directed at Dacpol. Dacpol processes personal data until the inquiry of the claim is being carried into effect or until the claims are terminated, depending on which event happens first.
- In case of personal data being processed in the purpose of protecting claims connected with the sales of goods, Dacpol processes personal data for an indefinite period of time, as long as the Client remains related commercially with Dacpol or there are unsatisfied Dacpol’s claims to the Client.
- In case of personal data being processed for the purpose of accountability, Dacpol processes personal data for the time it is necessary to document the fulfillment of legal requirements and enabling the control of their fulfillment by the authorized public bodies.
THE RIGHTS OF A CLIENT, TO WHOM THE DATA APPLIES
1. THE RIGHT TO ACCESS THE DATA
The client has access to their data, along with the right to obtain a copy of the data, including through the email.
2. THE RIGHT TO DATA REFUTATION
The client has the right to refute the wrong above mentioned personal data, but also the right to claim the filling of the missing above mentioned personal data.
3. THE RIGHT TO DELETE DATA
The Client has the right to delete by Dacpol personal data when:
a) the data is no longer necessary for the purposes, for which they were gathered or processed differently,
b) the Client hands in an objection, because of their special situation concerning their personal data being processed by Dacpol based on the premise of the legally justified Dacpol or a third party’s purpose and there are no overriding legally justified bases for the processing,
c) the Client issues an objection against data processing in the purpose of direct marketing,
d) Client’s personal data was processes against the law,
e) personal data must be deleted in the purpose of fulfilling the legal obligation stated in EU laws or Polish law, to which Dacpol is liable.
- However, Dacpol points out that the law is under significant limitations.
- Dacpol will not be able to fulfill the claim if further processing is necessary for:
a) fulfilling by Dacpol the legal obligation requiring processing based on the EU laws or national laws (e.g. the date of limitation period of the tax obligations connected to the contract concluded with Dacpol and the Client is not yet finished, the period of storing the accounting documents written out in regard to the contract concluded between Dacpol and a Client is not yet finished),
b) agreements, inquiries or defense against claims.
4. THE RIGHT TO LIMIT THE PROCESSING
The Client has the right to demand limiting of the processing if:
a) the Client questions the correctness of personal data – for the period that enables Dacpol to check the correctness of the data;
b) processing is in accordance with the law and the Client objects to the removal of the personal data, demanding in exchange the limitation of their usage;
c) Dacpol does not need the personal data anymore for the purposes of processing, but are necessary for agreement, inquiry or claims’ defense;
d) the Client handed out an objection regarding their special situation, against the Client’s personal data processing by Dacpol or third body – until the confirmation whether the legally justified bases on Dacpol’s side are overriding the bases of the objection stated by the Client.
5. THE RIGHT TO RELOCATE THE DATA
The Client has the right to get, in the form of a file in a commonly used format available to be used by computer programs, data provided by the Client, which Dacpol processes in the automatic way according to the concluded contract. The Client also has the right to demand sending the above mentioned file to a different data administrator, if it’s technically possible.
6. THE RIGHT TO OBJECTION
The Client has the right to file an objection at any time – because of the reasons connected to the special situation of the Client – against processing of their personal data, based on the legally justified purpose of Dacpol or a third party, including profiling.
Dacpol has the right to deny stopping data processing If it declares:
a) the existence of important legally justified bases for processing, superior to the ventures or rights and freedom or
b) the existence of bases for the agreement, inquiry or defense of claims
The Client has the right to file an objection at any time if Dacpol processes Client’s data for direct marketing purposes.
7. COMPLAINT TO THE REGULATORY ORGAN
The Client has a right to file a complaint to the regulatory body, i.e. President of the Personal Data Protection Office.
VOLUNTARINESS OF GIVING THE DATA
1. The Client can search online sites https://www.dacpol.eu without the necessity to give their personal data.
2. If the Client sets up an account in the Online shop as a consumer, It is necessary to give following data, i.e. email address, password for logging into the account, name and last name, phone number, full home address, postal address, city. Providing above mentioned data is voluntary, however, the refusal to give them make the account registration in the Online shop unavailable.
3. If the Client registers a new account in the Online shop as an entrepreneur (COMPANY) it is necessary to provide following data, i.e. email address, password for logging into the account, name and last name, phone number, NIP number, name under which business activity is conducted (company name), full street address, postal address, city. Providing above mentioned data is voluntary, however, the objection to providing them makes the Online shop account setting-up unavailable.
4. Concluding the goods sales contract the Client can provide a different delivery address than during the registration. Providing above mentioned data is voluntary.
5. If the client gives back the order, through the Online shop, in the form of the pick-up from the product returning Client, Dacpol processes Client’s data in a necessary range for execution of this contract, i.e. name and last name, phone number, email address, invoice number concerning the returned product, the marking of the returned product, the address at which the product should be collected. The Client also has the possibility to provide an account number, to which the money for the returned product will be returned. Providing above mentioned data is voluntary, however, the objection to provide them makes it unavailable to make an order for collection of the product from the Client.
6. In case when the Client wants to place a complaint concerning the product, through the complaint form available in the Online shop it is necessary to provide following data: name, last name, company’s name, contact address, phone number, email address, invoice number concerning the product from a complaint, marking of the product from the complaint. The Client can also provide an account number, to which the money will be returned. Providing above mentioned data is voluntary, however, the objection to provide them makes the complaint through the complaint form in the Online shop unavailable.
7. If the Client wants to sign up to the newsletter, the email address must be provided, and they must agree to sending commercial information at this address within the meaning of article 2 point 2 regulation of 18.07.2002 about providing services through email, in the purpose of direct marketing. Providing above mentioned data is voluntary, however, the objection to provide them makes sending of the newsletter to the Client unavailable.
8. If the Client wants to receive through phone, including text messages, information about sales, novelties and cut prices concerning Dacpol’s offer it is necessary to agree to the phone contact and sending to the phone number commercial information within the meaning of the article 2 point 2 of 18.07.2002 about providing services through email, in the purpose of direct marketing. Providing above mentioned data is voluntary, however, the objection to provide them makes Dacpol unable to make phone contact, including text messages.
9. If the client wants to contact Dacpol through the contact form available at https://www.dacpol.eu the have to provide name, last name and email address. Providing above mentioned data is voluntary, however, the objection to provide them makes it impossible to send messages to Dacpol through the above mentioned contact form.
SOURCES OF ACQUIRING DATA
1. Dacpol acquires personal data of a Client directly from him, subject to regulation 2
2. If the Client is an entrepreneur, who applied for making a deferred payment date available, within the granted by Dacpol mercantile credit, Dacpol can collect about the Client, through economic information offices - information according to the legislation from 09.04.2010 about sharing economy information and exchange of economy information. Dacpol also collects from entities providing services of sharing economy reports about entrepreneurs, information about payment credibility, especially the due time, regulated by the obligations to other economy entities, e.g. payment history, obligations value, payment structure, history of delays, average delay.
DATA COLLECTED AUTOMATICALLY
1. On a basis of article 18 point 5 of the regulation from 18.07.2002 about providing services through online ways Dacpol processes Client’s data characterizing the method of using the services provided online (exploitative data):
a) information about the beginning, finish and the extent of each usage of the service provided online, gathered by Google Analytics and Google Ads. Google Analytics is a system of online analytics providing information about the traffic in the Online shop, used in the purpose of conducting marketing actions. Dacpol implemented the following Google Analytics functions:
- views reports in the Google ad network,
- integration of a tool of DoubleClick Campaign Manager,
- Google Analytics reports of interests and demographic data.
Google Ads is an ad system of Google, enabling viewing sponsored links in search results in Google and on the sites cooperating within the Google AdSense program and Facebook Pixel used for creating Facebook Ads and consumer behavior analytics.
b) information about using by the Client the service provided online.
c) markings identifying the Client in Dacpol IT system, carried based on data provided by the Client.
d) markings identifying the ending of the communication network or ICT system, which the Client uses when connecting with https://www.dacpol.eu, (IP, domain name, type of the browser, operating system type). Data can be gathered through:
- Google Analytics,
- Google Ads,
- Facebook Pixel,
- Facebook Ads.
Cookies are IT data, especially text files, which are stored in the end device of the Client and intended for Online shop use. Cookies usually include the name of an online site, from which they come, time of storing them in the end device and a unique number.
2. The entity placing cookies in the end device and acquiring access to them is Dacpol Sp. z o.o. with headquarters in Piaseczno ul. Puławska 34.
3. Cookies are used for the purpose of:
a) adjusting the online shop content to Client’s preferences and the optimization of online site usage; especially these files enables to identify the end device and correctly display the site, adjusted to the individual needs;
b) creating statistics, which help with understanding in what way the Client uses online sites of the Online shop, which enables improving their structure and content;
c) maintenance of a session (after logging in), thanks to which the Client doesn’t have to insert password and log in on every subpage;
4. Within the Online shop there are two main types of cookies used: session cookies and persistent cookies. Session ones are temporary files, which are stored in the end device until the log out, leaving the site or turning off of the software (browser). Persistent ones are stored in the end device for the given period of time in the cookies parameters or until their removal by the Client.
5. Within the framework of the Online shop, the following types of cookies are used:
a) “necessary” cookies, enabling using services available within the Online shop, e.g. testimonial cookies used for services requiring certifying within the Online shop;
b) Cookies used for providing safety, e.g. used for detecting malpractice within the certifying in the Online shop;
c) “efficiency” cookies, enabling information collecting about the method of usage of the Online shop sites;
d) “functional” cookies, enabling “remembering” of the specified by the Client settings and personalization of the interface, e.g. within the chosen language or region, from which they come from, font size, appearance, functionality of the online site and the possibility of using additional functions of the online site, etc.;
e) “advertisement” cookies, owned by Dacpol Google and external entities (e.g. DoubleClick) enabling delivering advertising content more adjusted to their interests based on the visit history on the Online shop site.
6. In many cases the software used for browsing (browser) by default allows storing cookies in the end device. The Client can at any time change the cookies settings. These settings can be changed especially in the way to block the automatic usage of cookies in the browser’s settings or informing about their every time locating in the Client’s device. Detailed information about possibilities and methods of cookies usage are available in the browser’s settings.
7. Dacpol informs that the limitations of cookies’ usage can influence some functionalities available on the Online shop sites.
8. Cookies located in the end device of a Client can be also used by cooperating with Dacpol advisers and partners.
9. Full information about the method of the change in the storing way or access is available in the browser’s settings. Details for people using particular most popular browsers are available under links below:
10. Dacpol holds marketing actions using display ads. The Client can at any time resign from Google Analytics service for display ads and adjust Google Ads through ads settings.
11. In connection to using remarketing through Google Analytics:
a) ads connected to Dacpol can be displayed while using Google by the user, but also while using WWW partners of Google that display ads,
b) Dacpol Google, Google partners displaying Google Ads, using their own cookies (e.g. Google Analytics) and cookies of external companies (e.g. DoubleClick) for informing about ads and for their optimization and displaying based on the history of visits on the Online shop sites.
13. Due to the implementation of interests reports and demographic data of Google Analytics, Facebook Pixel, Dacpol uses data coming from Google Ads and Facebook based on the interests or data of the external receivers (such as the interests) in Google Analytics, Facebook for analysis of the traffic on the site of the Online shop.
PROTECTION OF PERSONAL DATA
1. Dacpol applies technical and organizational means protecting personal data from sharing them to unauthorized entities, losing them or damaging, according to the risk connected to data processing.
2. To prevent acquiring and modification of personal data by unauthorized entities, data that is sent by the Client during logging in and registration in the Online shop, Dacpol access encryption with Dacpol’s server by using SSL certificate.
3. Actions undertaken by Dacpol can turn out to be not enough, if the Client doesn't keep safety measures themselves. They should especially keep their login and password to the Online shop private and not share them to third parties. To prevent unauthorized people from using the account, the Client should every time log out after finishing using the Online shop.
Dacpol Sp. z o.o.