Privacy policy

PRIVACY POLICY FOR THE

 

LEOSEASON.COM ONLINE SHOP

GENERAL PROVISIONS

  1. The Data Controller for the processing of data collected through the leoseason.com online Shop is EUROPEJSKIE BIURO PRACY z o.o. entered into the Register of Entrepreneurs by the District Court for Wrocław Fabryczna in Wrocław, VI Commercial Division of The National Court Register under the KRS number: 0000414961, share capital: PLN 5 000.00, service address: ul. Grójecka 194/66C, 02-390 Warsaw, Ochota commune NIP: 5651525551, REGON: 061395620, principal place of business: ul. Grójecka 194/66C , 02-390 Warszawa, e-mail address: info@leoseason.com, telephone number: +48 721 211 130, hereinafter referred to as “Data Controller” or Service Provider.
  2. Personal data collected by the Data Controller via the website are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE (General Data Protection Regulation), hereinafter referred to as the
  3. Capitalised terms used in this Privacy Policy shall have the meaning set forth in the “Definitions” section of the com Terms and Conditions.

 

TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

  1. PURPOSE AND LEGAL BASIS OF PROCESSING. The Data Controller shall process a User’s personal data in the following circumstances:
    • Account registration with com, for the purpose of creation and management of an individual User Account, as set forth in Article 6 (1) (b) of the GDPR (performance of the electronic services agreement in accordance with the Terms and Conditions for leoseason.com).
    • Order placement with com, for the purpose of performance of the Sales Agreement as prescribed under Article 6 (1) (b) of the GDPR (performance of the Sales Agreement),
    • Subscribing to the Newsletter for the purpose of receiving commercial information electronically. Personal data are processed after expressing separate consent, pursuant to Article 6(1)(a) of the GDPR.
    • fulfilling the legal obligations incumbent on the Controller, arising in particular from the provisions of tax law, accounting law, consumer protection law, and other provisions regulating business activities, pursuant to Article 6(1)(c) of the GDPR (processing necessary to fulfill a legal obligation incumbent on the controller).
  2. TYPE OF THE PERSONALL DATA PROCESSED. The User provides, in the case of:
    • Accounts: e-mail address
    • Orders: name and surname, address, tax identification number, e-mail address, telephone number,
    • Newsletter: name and surname, e-mail address.
  3. PERSONAL DATA STORAGE PERIOD. Personal data submitted by Users are retained by the Data Controller for the following retention periods:
    • If the lawful basis is agreement performance: personal data are stored for as long as necessary for the performance of an agreement, and thereafter until the expiry of any statutory period of prescription or limitation. Unless a specific regulation provides otherwise the limitation period is six years, whereas for claims concerning periodical performances and claims connected with conducting business activity – three years.
    • If the lawful basis is consent: personal data are stored until withdrawal of consent, and thereafter until the expiry of any statutory period of prescription or limitation for claims that may be raised by the Data Controller or that may be brought against the Data Controller. Unless a specific regulation provides otherwise the limitation period is six years, whereas for claims concerning periodical performances and claims connected with conducting business activity – three years.
  4. The Data Controller may collect additional User information, including, in particular: a User’s computer IP address, the IP address of the internet provider, domain name, browser type, duration of a visit, operating system.
  5. After expressing separate consent, pursuant to Article 6(1)(a) of the GDPR, data may also be processed for the purpose of sending commercial information by electronic means or making telephone calls for direct marketing purposes – in connection with Article 398 paragraphs 1 and 2 of the Act of 12 July 2024 – Electronic Communications Law, respectively, including those directed as a result of profiling, provided that the Service User has given appropriate consent.
  6. As part of User activity on the Store, profiling may occur, the purpose of which is to select appropriate advertising content that will be directed to the User.
  7. Profiling means any form of automated personal data processing that involves the use of personal data to evaluate certain personal factors about an individual, in particular to analyze or forecast aspects relating to that individual’s performance at work, their economic situation, health, personal preferences, interests, credibility, behavior, location, or movements. Profiling does not produce legal effects for the Service User nor does it significantly affect their situation. Its sole purpose is to better tailor marketing content and offers.
  8. Navigation Users may also collect navigation data, including information about links and links in which they decide to click or other activities undertaken in the Shop. The legal basis for this type of activity is the Data Controller’slegitimate interest Article 6(1)(f) of the GDPR, consisting in facilitating the use of electronic services and improving the functionality of these services.
  9. Submitting personal data to leoseason.com is voluntary.
  10. The Data Controller shall take all reasonable steps to protect the interests of data subjects and ensure that all data is:
    • lawfully processed,
    • obtained only for specified, lawful purposes, and not further processed in any manner incompatible with those purposes,
    • factually correct, adequate and relevant in relation to the purposes for which it is processed; stored in a form that permits identification of the data subject, for no longer than is necessary for those purposes.

 

THIRD PARTY ACCESS TO PERSONAL INFORMATION

  1. The personal data of the Customers are provided to service providers used by the Data Controller when running the Shop, in particular to:
    • wholesalers and entities delivering Products,
    • payment system providers,
    • accounting office,
    • hosting providers,
    • software providers that enable business operations,
    • entities providing the mailing system,
    • software provider needed to run an online store
    • public entities processing data in connection with the legal obligation of the Controller, including the Ministry of Finance operating the KSeF system.
  2. The service providers referred to in point 1 of this paragraph to which personal data are transferred, depending on contractual arrangements and circumstances, or are subject to the Data Controller’s instructions as to the purposes and methods of processing this data (processors) or independently define the purposes and methods their processing (administrators).
  3. Personal data of the Users are stored only in the European Economic Area (EEA), subject to § 5 point 5 and § 6 of the Privacy Policy.
  4. Personal data may be transferred outside the European Economic Area (EEA), in particular to the United States, in connection with the Controller’s use of the services of analytical and marketing tool providers (e.g., Google LLC, Meta Platforms Inc.). Data transfers are based on Standard Contractual Clauses (SCCs) approved by the European Commission, in accordance with Article 46(2)(c) of the GDPR.

RIGHT OF CONTROLL, ACCESS AND RECTIFICATION

  1. Every User has a right to access and/or rectify his personal data as well as the right to erasure, the right to restrict processing, the right to data portability, the right to object to processing and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  2. Legal basis for data subjects’ rights:
    • Access to personal data – Article 15 of the GDPR
    • Rectification of personal data – Article 16 of the GDPR,
    • Erasure of personal data (right to be forgotten) – Article 17 of the GDPR,
    • Restriction of data processing – Article 18 of the GDPR,
    • Data portability – Article 20 of the GDPR,
    • Objection to processing – Article 21 of the GDPR,
    • Withdrawal of consent to processing – Article 7 (3) of the GDPR.
  3. The User may exercise his rights under point 2 by sending an email message to: info@leoseason.com
  4. If any request is received in relation to a data subject’s rights, the Data Controller must comply with or refuse to act on a User’s request without delay but not later than within a month of receiving the request. However, if a request is complex or if the Data Controller receives more requests, the Data Controller may extend the time to respond by a further two months. If this is the case the Data Controller shall inform the User within one month of receiving their request and explain why the extension is necessary.
  5. If the data subject considers that, in connection with personal data relating to him or her, there is an infringement of the GDPR, the data subject may make a complaint to the President of the Personal Data Protection Office.

 

COOKIE POLICY

  1. com uses cookies.
  2. Cookies are essential for the provision of electronic services via the Shop. Cookies, contain information that is necessary for the proper functioning of the Shop and for the statistical analysis of website traffic.
  3. The website uses two types of cookies: “session” cookies and “persistent” cookies.
    • “Session” cookies are temporary files which are stored on the User’s end-device until they log out (leave the website).
    • “Persistent” cookies remain stored on the User’s device until deleted manually or automatically after a set period of time.
  4. The Data Controller uses their own cookies to provide information on how individual Users interact with the Website. These files collect information about how Users use the website, what type of website referred the User to com, the frequency of visits and the time of each visit. This information does not register the Users’ personal data and is used solely for statistical analysis of website traffic.
  5. The Data Controller uses third party cookies for the purpose of collecting general and anonymous static data by means of Google Analytics, a web analysis tool (Data controller for third party cookies: Google Inc. based in USA).
  6. Cookies may also be used by advertising networks, in particular the Google network, in order to display advertisements tailored to the manner in which the Customer uses the Shop. For this purpose, they may keep information about the User’snavigation path or the time spent on a given page.
  7. The User has the right to decide on the access of “cookies” to his computer by:
    • selection of types of cookies, for the collection of which he agrees just after entering the Shop’s website and the appearance of a message regarding cookies,
    • changing the settings in your browser window. Detailed information on the possibilities and ways of handling “cookies” are also available in the software (web browser) settings.

ADDITIONAL SERVICES RELATED TO THE USER’S ACTIVITY IN THE SHOP

  1. The Shop uses so-called social plugins (“plugins”) of social networking sites. By displaying the website com containing such a plug-in, the User’s browser will establish a direct connection with the servers Instagram and Google.
  2. The content of the plug-in is forwarded by the given service provider directly to the User’s browser and integrated with the website. Thanks to this integration, service providers receive information that the User’s browser has displayed the website com, even if the User does not have a profile with the given service provider or is not currently logged in to him. Such information (together with the User’s IP address) is sent by the browser directly to the server of the given service provider (some servers are located in the USA) and stored there.
  3. If the User logs in to one of the above social networking sites, the service provider will be able to directly assign the visit to com to the User’s profile on the given social networking site.
  4. If the User uses a given plug-in, e.g. by clicking on the “Like” button or the “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.
  5. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and the User’s rights in this regard and the possibility of making settings that ensure the protection of the User’s privacy are described in the privacy policy of service providers:
  6. If the User does not want social networking services to assign data collected during visits to com directly to his profile on a given website, he must log out of this website before visiting leoseason.com. The User may also completely prevent the plugins from loading on the page by using the appropriate browser extensions, e.g. blocking scripts using “NoScript”.
  7. The Data Controller uses remarketing tools on his website, i.e. Google Ads, this involves the use of Google LLC cookies for the Google Ads service. As part of the mechanism for managing cookie settings, the User has the option to decide whether the Service Provider will be able to use Google Ads (external cookie administrator: Google Inc. based in the USA) in relation to him.

 

FINAL PROVISIONS

  1. The Data Controller shall implement all necessary technical and organisational security measures to safeguard the data during processing ensuring a level of security appropriate to the nature of the data to be protected and, in particular, protect the data against unauthorised access, takeover, processing in violation of law, alteration, loss, damage or destruction.
  2. The Data Controller provides appropriate technical measures to prevent unauthorized access and modification of personal data transmitted electronically.
  3. In matters not covered by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.
  4. The Data Controller updates this Privacy Policy in connection with legal changes or business development. Information about modifications to the Privacy Policy will be posted at least 7 days before its effective date on the Shop’s website or sent by email to the Service User who uses the Electronic Services provided continuously (Account or Newsletter).

Leo Season uses cookies to provide you with the best possible shopping experience. By using our services, you accept the use of such files. Learn more about cookies here.