Equihero.eu
Personal data privacy policy (RODO)
Effective from: 19.01.2024
§1 Identity of the data controller
- The administrator of the personal data provided during the use of the Website and/or the Online Store operated under the name equihero.eu is – Equine Systems spółka z ograniczoną odpowiedzialnością with its registered office in Opole (45-047) at ul. Waryńskiego 2, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court in Opole, VIII Economic Department of the National Court Register under the KRS number 0001050142, NIP 7543361616, REGON 525971415, with the share capital of PLN 6,000.00, e-mail address: info@equihero.eu, tel. 662 285 89.
- The data is processed in accordance with the current legal regulations; i.e. Regulation 2016/679 of the European Parliament and of the EU Council of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (hereinafter: RODO), the Law of May 10, 2018. On data protection, as well as the law of July 18, 2002. On the provision of electronic services.
- The following Privacy Policy covers the rules for the processing of data of Site Users, as well as of persons entering into contracts with the Data Controller, including those related to the execution of Order in the Online Store, as well as data collected through contact with the Data Controller (e-mail address or telephone) or traditional correspondence, as well as persons who like and/or observe the Administrator’s fanpage on social media, if it operates.
§2 Definitions used
- The following definitions are used in this policy:
-
-
- Service/Store – Internet service available at www.equihero.eu through which the User can: browse its content, place orders for products and goods, order commercial and marketing information, schedule a consultation.
- Personal data controller – the entity that decides on the purpose and means of data processing, in this policy it is understood as: Equine Systems spółka z ograniczoną odpowiedzialnością with its registered office in Opole (45-047) at ul. Varinsky 2
- User – a natural person to whom the data pertains and who uses the services available on the Website/Store.
- Personal information – any information that without excessive time and cost can lead to the identification of an individual, including his/her identification, address and contact information.
- Third countries – countries outside the European Economic Area (EEA).
-
§3 Purposes of personal data processing
- The Personal Data Administrator processes personal data only when permitted by currently applicable laws, including for the following purposes:
-
- preparation and execution of the concluded sales contract, including the conclusion of a distance contract through an online store, to which the person is a party, as well as the exercise of rights arising therefrom, and this processing is carried out on the basis of Art. 6 paragraph. 1(b) RODO,
- To document the performance of contracts, including the issuance of a bill or invoice to an individual, the maintenance of accounting and tax records, pursuant to Art. 6 paragraph. 1(c) RODO, i.e.. in order to comply with legal obligations incumbent on the Personal Data Controller, based on Art. 70 of the Law of August 29, 1997. Tax Ordinance,
- to take action at the request of the data subject, including responding to inquiries made through electronic means of communication or for the purpose of handling traditional correspondence, and this processing is carried out on the basis of Art. 6 paragraph. 1(b) RODO,
- to send ordered marketing information by electronic means (newsletter) to the e-mail address provided by the User for this purpose, and this processing takes place on the basis of Art. 6 paragraph. 1(a) RODO, i.e.. consent of the data subject,
- Registration and establishment of an Account in the Store, and processing of this is done on the basis of Art. 6 paragraph. 1(a) RODO, i.e.. consent of the data subject,
- Marketing of the Data Controller’s own products and services by traditional means, based on Art. 6 paragraph. 1(f) RODO, i.e.. in order to pursue the legitimate interests of the controller or the data subject,
- for the purpose of sending an email requesting an evaluation of the Store and/or the Goods/Product is made pursuant to Art. 6 paragraph. 1(f) RODO, and this processing is carried out for the legitimate purpose of the data controller (Seller), which is to improve the offer and/or the Goods/Product and/or the Store by collecting reliable opinions about them by the Store owner,
- the assertion of rights and claims by the Data Controller or the data subject, pursuant to Art. 6 paragraph. 1(f) RODO and is done for a legitimate purpose.
- Provision of personal data is necessary for the performance of the contract concluded remotely, including the shipment of goods or the provision of a digital product and the issuance of an accounting document, the investigation of claims, as well as answering questions. Provision of personal data otherwise is voluntary.
- Failure to provide the required data makes it impossible to execute a distance contract, issue a bill or invoice, or make contact at the request of the data subject.
§4 Ways of obtaining data
- User’s personal data is collected directly from data subjects, i.e. via:
-
-
- filling out the form with contact information when submitting an inquiry via the form on the site,
- Filling out the newsletter sign-up form,
- filling out the order form in the store-online,
- registration of an account on the Website,
- Providing data for the preparation and conclusion of the contract,
- direct contact with the data controller using the contact details available on the website or in traditional form at the place of business.
-
§5 Scope of processed data
- The scope of personal data processed has been limited to the minimum necessary to provide services in the field:
-
-
- submission of an inquiry through the contact form or by means of the contact details available on the site: e-mail address, telephone number, first name, any other data voluntarily provided by the data subject,
- make a newsletter subscription: name, email address,
- placing an order in the online store: name, email address, phone number, delivery address, possibly the address of the pickup point,
- registration of an account on the Website or online store: name, email address, password, login,
- issuance of a bill or invoice: name and surname or name of the entity, registered office address, Tax Identification Number,
- preparation and conclusion of the contract: name, address, identity card number, or company data.
-
§6 Period of data processing
- The period of data processing depends on the purpose for which the data was collected and is for the purpose:
-
-
- conclusion and execution of a sales contract, including distance sales – for the period necessary to document the executed contract, including the issuance of a bill or invoice – 5 years, counting from the end of the calendar year in which the deadline for payment of tax expired, pursuant to Art. 112 of the Law of March 11, 2004. On tax on goods and services, in conjunction with Art. 70 of the Law of August 29, 1997. – Tax Ordinance,
- for the purpose of sending commercial information by electronic means (newsletter) and/or setting up an Account in the Store/submitting a request for opinion by external satisfaction survey services – until the consent is revoked, without affecting the compatibility of the processing carried out before its revocation,
- for the period necessary to answer a question asked via a contact form or by telephone, but for no longer than 6 months, unless the person decides to conclude a contract with the Personal Data Controller,
- For the purpose of asserting claims, pursuant to the Law of Art. 118 of the Law of April 23, 1964. – Civil Code. Unless a special provision provides otherwise, the statute of limitations is six years, and for claims for periodic benefits and claims related to the conduct of business – three years.
-
§7 Recipients of data
(1) The User’s personal data may be entrusted to other entities for the purpose of performing services on behalf of the data controller, in particular to entities in the field:
-
-
-
- Service and maintenance of the IT systems in which the data is processed, including for newsletter automation, invoicing, order processing, etc..,
- conducting accounting services,
- running office services,
- courier service broker,
- Dropshipping and/or logistics handling of orders.
-
-
- Your personal data may also be shared with entities supporting the data controller, including entities providing courier and postal services, online payment processing.
- Your personal data may be processed by suppliers whose headquarters and/or servers are located in a third country, i.e. within the United States of America (US). The transfer of data to the US is based on a decision by the European Commission on July 10, 2023. state the appropriate degree of protection of personal data provided by the so-called “personal data”. “EU-U.S. Data Privacy Framework” with respect to U.S. Department of Commerce-listed providers, such as Google LLC. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; Meta Platforms, Inc., Menlo Park, California, USA.
§8 Fanpage of the Data Controller in social media
- The Data Controller is also, at the same time, the co-controllers of the data of its observers in social media – especially those who use electronic means of communication on the fanpage – Facebook – “@equihero.eu” and/or Instagram under the account name “@equihero.eu”, maintained by the Data Controller in these social networks.
- For the rest, the controller of the Users’ data of these social networks is Meta Platforms, Inc., (formerly: Facebook Inc., headquartered at 1 Hacker Way, Menlo Park, CA 94025, USA), and the processing of this data is carried out in accordance with the terms and conditions described in the regulations and privacy policies of the users of these sites, including at: https://www.facebook.com/privacy
- Personal data of the User who likes and/or observes the Administrator’s fanpage on social media will be processed outside the European Economic Area in the so called “European Economic Area”. third country, in particular in the United States of America in connection with the use of IT solutions whose servers are located outside the European Economic Area.
- Your personal data will be processed in a third country, i.e. within the United States of America (US). The transfer of data to the US is based on a decision by the European Commission on July 10, 2023. stating the adequate degree of protection of personal data provided by the so-called. “EU-U.S. Data Privacy Framework” to U.S. Department of Commerce-listed suppliers, such as Meta Platforms, Inc., Menlo Park, California, USA.
§9 Rights of data subjects
- Data subjects have the right:
-
- access to the content of personal data, including receiving a first copy of the content of personal data free of charge,
- To correct data,
- The right to erasure, unless there are other laws that oblige the data controller to archive the data for a certain period of time,
- The right to data portability, insofar as the processing is based on a contract or the consent of the data subject, and the processing is carried out by automated means,
- to revoke consent to the processing of personal data – if the basis for such processing was the consent of the data subject. Revocation of consent does not affect the compatibility of the processing that was carried out before its withdrawal,
- to object to the processing of data – for reasons related to your particular situation against the processing of personal data concerning them based on Art. 6 paragraph. 1 lit. (e) or (f) RODO, as well as the right to restrict processing,
- The right not to be subject to automated profiling, if the controller would make decisions based solely on automated profiling with legal consequences for or similarly affected the data subject,
- The right to control the processing of data and to be informed about who is the data controller, as well as to obtain information about the purpose, scope and manner of data processing, the content of the data, the source of the data, and the manner of sharing, including the recipients or categories of recipients of the data,
- In order to exercise your right to information, access to the content of data, correction of data, as well as other rights, you can contact the Data Controller.
- The data subject also has the right to lodge a complaint with the Data Protection Authority (DPA) if the processing of data violates the provisions of the General Data Protection Regulation (GDPR). The complaint may be filed electronically or by mail to the following address: Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.
§10 Final provisions
In the event of changes to the applicable privacy policy, in particular if required by the technical solutions used or changes in the law regarding the privacy of data subjects, appropriate modifications to this Privacy Policy will be made, which will be effective within 14 days of their publication on the Website/Store.