Privacy policy
PRIVACY POLICY
ERGOOFFICE.EU
§ 1 GENERAL INFORMATION
The Privacy Policy of the Online Store www.ergooffice.eu does not constitute a source of obligations for the Visiting Person (including a Guest) or the Customer of the Online Store. It is informational in nature; it is neither a contract nor terms and conditions.
All expressions and words written with capital letters (e.g., Online Store, Customer, etc.) should be understood in accordance with the Terms and Conditions of the Online Store.
In the event of any discrepancies between this Privacy Policy and the personal data processing consents granted by a natural person, the legal basis for determining the scope of the Controller’s actions shall be the voluntarily given consents or the provisions of law applicable in a given factual situation.
§ 2 PERSONAL DATA CONTROLLER
The controller of your personal data is Euroelectronics.eu Sp. z o.o. Sp. k. with its registered office in Tarnowskie Góry (42-600), ul. Korfantego 7, KRS: 0000717942, NIP: 6452554585, REGON: 369459764 (hereinafter: the Controller).
The Controller has appointed a Data Protection Officer in its organization. In all matters related to the protection of personal data, we encourage you to contact us at the above address or via e-mail: iodo@centrumelektroniki.pl; you can also contact us by phone at 32 797 93 69 (available: 8:00–16:00).
You may also send to the indicated address a request to obtain information on what personal data we hold about you and for what purposes we process it.
The Controller informs that it stores correspondence for statistical purposes and in order to improve the GDPR help system, as well as for the purposes of handling complaints and any decisions on administrative interventions undertaken on the basis of notifications in the indicated Customer Account. The addresses and data collected in this way will not be used for communication for any purpose other than handling the notification; in particular, they will not be used for marketing purposes or shared with third parties.
If you contact the Controller to perform specific actions (e.g., submitting a complaint, making a return), the Controller may again ask the relevant person to provide data, including personal data, e.g., first name, last name, home address, e-mail address, in order to confirm their identity and enable follow-up contact in the given matter and to perform the requested action. Providing such data is not mandatory, but it may be necessary to perform the action or obtain the information in which the person is interested.
If you have given additional consent for us to use cookies, the controllers of data obtained on the basis of your Internet activity may also be our trusted partners.
§ 3 DATA COLLECTION AND PURPOSES OF PROCESSING
We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the GDPR), as well as other currently applicable personal data protection laws in force at the time specific data are processed.
According to the above legal acts, personal data means information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We ensure that the data obtained from you are confidential, secure and processed only when necessary. We process data lawfully, fairly and transparently for the data subject. We process only such data and only of such content as are necessary due to a legitimate purpose, i.e., the reason for processing. Personal data are collected with due diligence and appropriately protected against access by unauthorized persons. We apply appropriate and adequate security measures and state-of-the-art technical knowledge to protect personal data against accidental loss and unauthorized access, use, alteration or disclosure. We store personal data in a manner enabling identification of the data subject for no longer than is necessary for the purposes for which the data are processed.
- The Controller collects information about personal data in the following ways:
- by making a purchase in the Online Store by the Customer;
- by registering a Customer Account;
- by logging in or registering via external authentication services;
- by voluntary subscription to the newsletter;
- through information provided in an e-mail message or form;
- by submitting a complaint or inquiry;
- through information contained in a cooperation-related message;
- through a phone call;
- through the callback function;
- by posting a review;
- through cookies and similar technologies.
We inform you that the purpose and scope of data processed by the Controller results from the consent of the Visiting Person or Customer or from legal provisions, and in selected cases is further specified as a result of actions taken by such persons in the Online Store or via other communication channels.
Providing personal data by the Visiting Person or the Customer of the Online Store is voluntary, but necessary to use certain functionalities of the Online Store (e.g., placing and settling an Order by the Customer, registering a Customer Account, subscribing to the newsletter or using contact forms).
Each time, the scope of data required to conclude the relevant agreement is indicated in advance in the Online Store (we mark the data whose provision is necessary to conclude the agreement/use a given functionality), via other communication channels with the Visiting Person or Customer, or in the Terms and Conditions. The consequence of not providing personal data may be the inability to effectively use the functionality of the Website, e.g., inability to place an order.
Your personal data are collected by the Controller for the following purposes:
| Purpose of processing | Legal basis | Legitimate interest (if applicable) |
|---|---|---|
| Keeping statistics. | Art. 6(1)(f) GDPR | Having information about statistics of our activities, which allows us to improve our business operations. |
| Marketing of our own products and services without the use of electronic means of communication. | Art. 6(1)(f) GDPR | Carrying out marketing activities promoting our business. |
| Marketing of our own products and services using electronic means of communication, including profiling. | Art. 6(1)(f) GDPR, however, due to other applicable regulations, in particular telecommunications law and the Act on the Provision of Services by Electronic Means, such activities are carried out only on the basis of obtained consents (Art. 6(1)(a) GDPR). | Marketing activities promoting our business using e-mail addresses. Displaying ads, adjusting discounts and promotions. |
| Handling submissions made via contact form, messenger, e-mail, complaints, other requests. | Art. 6(1)(a) GDPR Art. 6(1)(c) GDPR |
Responding to submissions and inquiries, storing critical requests and responses to ensure accountability. Handling requests, responding to consumer complaints. Pursuing claims, including against third parties, and defense against them. |
| Customer Account service. | Art. 6(1)(a) GDPR | Conclusion and performance of the Service Agreement (Account) or taking steps at the request of a prospective Customer prior to its conclusion. |
| Conclusion and performance of the Sales Agreement. | Art. 6(1)(b) GDPR | Conclusion and performance of the Sales Agreement or taking steps at the request of a prospective Customer prior to its conclusion. |
| Archiving sales documents. | Art. 6(1)(c) GDPR | Fulfillment of legal obligations arising from regulations, e.g., tax and accounting regulations, especially in the case of paid agreements. |
For an adult Customer or an adult Visiting Person, with their additional consent, Personal Data may also be processed for the purpose of displaying, creating, granting and implementing advertisements, offers or promotions (discounts) dedicated to a given Customer, concerning products or services of the Controller and its partners, to the highest possible degree tailored to their preferences (profiling), as a result of automated decision-making that may produce legal effects concerning them or similarly significantly affect them, e.g., through a short-term discount dedicated solely to such a person on a specific product that they recently viewed in our Online Store (option unavailable to persons who are not adults or are adults but did not consent to such processing).
Newsletter. If you wish to subscribe to our newsletter, you must provide us with your e-mail address via the newsletter subscription form. Providing the data is voluntary, but necessary to use the newsletter service.
The data provided during newsletter subscription are used to send you the newsletter, in which we inform you about company activities, current collections, promotions and discounts, as well as to indirectly identify the Customer. The legal basis for processing is your voluntary consent expressed during newsletter subscription.
Your data are processed in this case for the purpose of periodic distribution of the newsletter, and the legal basis is Art. 6(1)(a) GDPR, i.e., your consent resulting from the desire to receive the service.
The data will be processed for as long as the newsletter operates, unless you unsubscribe earlier, which will result in permanent deletion of your data from the database. In addition, you can correct your data stored in the newsletter database at any time, as well as request their deletion by unsubscribing from the newsletter. You also have the right to data portability under Art. 20 GDPR.
E-mail contact. By contacting us via e-mail, including by sending an inquiry through the contact form, you provide us with your e-mail address as the sender’s address. In addition, you may also include other personal data in the content of the message. Providing the data is voluntary, but necessary to contact us.
Your data are processed in this case for the purpose of contacting you, and the legal basis is Art. 6(1)(a) GDPR, i.e., your consent resulting from the desire to contact us. The legal basis for processing after the contact ends is a legitimate purpose in the form of archiving correspondence for internal needs (Art. 6(1)(c) GDPR).
The content of correspondence may be archived and we are not able to clearly determine when it will be deleted. You have the right to request the history of correspondence you conducted with us (if it was archived), as well as to request its deletion, unless archiving is justified due to our overriding interests.
Customer Account. When you create a Customer Account on our Website, you provide us with your e-mail address, first name and last name. This is voluntary, but necessary to effectively register the Customer Account.
A Customer Account may also be created by logging in via Google or Facebook services. In such case, we receive identification data provided by the providers of these services, such as first name, last name and e‑mail address, in accordance with the privacy policies of these services.
Your data are processed in this case for the purpose of operating the Customer Account, and the legal basis is Art. 6(1)(a) GDPR, i.e., your consent resulting from the desire to create it.
The data will be processed for as long as you have the Customer Account, unless you request its deletion earlier, which will result in deletion of your data from the database.
Your data are processed in this case for the purpose of operating the Customer Account, and the legal basis is Art. 6(1)(a) GDPR, i.e., your consent resulting from the desire to create it. The data will be processed for as long as you have the Customer Account, unless you request its deletion earlier, which will result in deletion of your data from the database. You can correct your data assigned to the Customer Account at any time, as well as request their deletion. You also have the right to data portability under Art. 20 GDPR. When creating the Customer Account, you may – but do not have to – subscribe to the newsletter service.
Reviews. To add your review about a product or our post, you must fill out the form and provide your first name and e-mail address. If you add a review under our articles, you also provide us with your e-mail address, which is not displayed to other users.
Your data are processed in this case to enable posting a Review or comment, and the legal basis is Art. 6(1)(a) GDPR, i.e., your consent resulting from the desire to post your entry on our Website.
The data will be processed for as long as the review exists on the Website, unless you request deletion of the review earlier, which will result in deletion of your data related to the review from the database. You can correct your data in the review at any time, as well as request their deletion. You also have the right to data portability under Art. 20 GDPR.
Messenger (Live Chat). By contacting us via the chat available in the lower right corner of our Website, you may provide us with personal data in the chat window.
Your data are processed in this case for the purpose of contacting you, and the legal basis is Art. 6(1)(a) GDPR, i.e., your consent resulting from the desire to contact us.
§ 4 CATEGORIES OF PERSONAL DATA
The Controller may process the following categories of personal data:
- personal data provided in the form when registering a Customer Account, placing Orders in the Online Store, in particular: e-mail address, other data collected while using the Online Store or the Customer Account;
- personal data supplemented by the user while using the Customer Account, in particular: first name and last name; e-mail address; contact phone number; home address [street, house number, apartment number, postal code, city, country], bank account number, and for Customers who are not consumers additionally company name and tax identification number [NIP];
- personal data provided for the newsletter, provided when using the contact form, sent via e-mail, or provided when submitting complaints, grievances or requests, in particular: first name and last name; e-mail address; contact phone number; address [street, house number, apartment number, postal code, city, country], bank account number;
- personal data provided to participate in contests: first name and last name; e-mail address; contact phone number; home address [street, house number, apartment number, postal code, city, country];
- other data, in particular obtained based on the Customer’s Internet activity, including obtained via the Online Store or other communication channels with the Customer, using cookies and similar technologies.
§ 5 RECIPIENTS OF PERSONAL DATA
Your personal data may be processed by our partners and subcontractors, i.e., entities whose services we use when processing data and providing services to you. To the best of our knowledge, all entities to whom we entrust the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.
The Controller may transfer your personal data to:
- state authorities or other entities authorized under provisions of law;
- in a limited scope, the Controller’s partners may participate in the processing of personal data, in particular those who technically help run the Online Store efficiently;
- we may also share fully anonymized data (that cannot identify you) with entities with whom we cooperate.
As part of marketing (advertising) activities, the Controller uses services of third parties that use cookies, pixels or marketing functions similar to cookies in the Online Store. The catalog of these entities is specified in detail in § 8 of this Policy.
Our providers are mainly headquartered in Poland or other countries of the European Economic Area (EEA), and also, for example, in the case of Google Analytics, outside the EEA. In connection with the CJEU Schrems II (C-311/18) ruling, we have enabled anonymization of your IP numbers – we do not transfer these data to the USA. Other data sent to Google do not have the characteristics of personal data, i.e., it is not possible to identify a specific natural person on their basis.
§ 6 RETENTION OF PERSONAL DATA
The Controller will store your personal data only for as long as necessary for the purposes set out in this Privacy Policy and/or to meet legal and regulatory requirements. After this period, the Controller will securely delete your personal data.
We store data for the periods indicated below:
| Data | Retention period |
|---|---|
| Data related to the sales procedure | 8 years |
| Data for marketing purposes | Where data are processed based on consent – until it is withdrawn. Where data are processed based on legitimate interest – until an objection is raised. |
| Data provided via contact form, e-mail | 3 years to ensure the accountability principle |
| Personal data related to cookies and similar functions | Until these files are deleted using the website/browser/device settings (note: deleting files is not always equivalent to deleting Personal Data obtained via these files – in such case, personal data will be deleted until an objection is raised). |
| Data provided during complaint procedures and other claim-related procedures | 8 years |
| Other data categories (except cookie data – see our Cookies Policy for more) | 5 years |
In each case, personal data will also be stored where provisions of law (e.g., accounting or tax) oblige the Controller to process them; we will store personal data longer in the event the Customer may have any claims against the Controller, in order to pursue claims by the Controller, or to pursue or defend against claims by third parties, for the duration of their limitation periods as defined by law, in particular the Civil Code.
Depending on the scope of personal data and the purposes of processing, they may therefore be stored for different periods. In each case, the longer retention period applies.
§ 7 RIGHTS, ACCESS AND UPDATING OF PERSONAL DATA, COMPLAINTS
Pursuant to Art. 15 GDPR, you have the right to obtain from the Controller information as to whether your personal data are being processed.
If the Controller processes your personal data, you have the right to:
- access personal data;
- obtain information about the purposes of processing, categories of processed personal data, recipients or categories of recipients, the planned period of storage or the criteria used to determine that period, the rights available to you under the GDPR and the right to lodge a complaint with a supervisory authority, the source of the data, automated decision-making, including profiling, and safeguards applied in connection with transfers outside the European Union;
- obtain a copy of your personal data.
In addition, you may request rectification of personal data (Art. 16 GDPR), erasure of personal data (Art. 17 GDPR), object to the processing of personal data (Art. 21 GDPR) and, where technically feasible, request that the provided personal data be transferred to another organization (Art. 20 GDPR).
In connection with the right to be forgotten, the Controller will update or delete your data unless it has a legal obligation to retain them for business purposes or compliance with the law. In some cases, you have the right to request restriction of processing of personal data (Art. 18 GDPR). You may also contact the Controller if you have concerns regarding how personal data are collected, stored or used.
The Controller endeavors to handle all requests regarding the above operations on your personal data without undue delay, but no later than within 30 days of receiving the request. Due to the complex nature of the request, the Controller has the right to handle it within a period exceeding 30 days, of which the User will be informed in advance.
The Controller aims to resolve complaints finally; however, if you are still dissatisfied with the response received, you may lodge a complaint with the supervisory authority responsible for personal data protection. In Poland, the supervisory authority within the meaning of the GDPR is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych).
§ 8 AUTOMATED PROCESSING OF PERSONAL DATA, COOKIES POLICY
Our Website, like almost all other websites, uses cookies. The Cookies Policy applies both to Customers of the Online Store and to Visiting Persons, i.e., users who browse the Store’s content but do not make purchases.
The Cookies Policy is a document that forms an integral part of this Privacy Policy. The content of the Cookies Policy is available here.
The Website also uses functionalities similar to cookies. Therefore, individual provisions of the Cookies Policy should be applied accordingly to those technologies as well.
Selected cookies process your personal data. Processing of personal data originating from cookies or similar technologies on our Website is carried out to ensure the functioning of the Website, adapt the Website to the preferences of the Visiting Person and the Customer, and for analytical purposes. Processing is carried out on the basis of our legitimate interest. The legal basis for processing personal data for advertising purposes and linking with social media will be your additional consent, expressed by selecting and ticking a checkbox during the cookies consent process.
When a Visiting Person uses the Online Store, cookies are used that enable identification of their browser or device – cookies collect various types of information which, as a rule, do not constitute personal data. However, some information, depending on its content and the manner of use, may be associated with a specific person – assigning certain behaviors to a particular Visiting Person or Customer, e.g., by linking them with data provided when registering an Account in the Online Store or with a specific e-mail address – and thus be considered personal data.
With respect to information collected by cookies that may be associated with a specific person, the provisions of the Online Store’s Privacy Policy relating to personal data apply, in particular those concerning the rights of the data subject.
The Website uses profiling. Thanks to cookies used in the Online Store, the Controller can become familiar with the preferences of the Visiting Person – e.g., by analyzing how often they visit the Online Store and whether and what products they buy. Analysis of online behavior helps to better understand the habits and expectations of Customers and Visiting Persons and adapt to their needs and interests. Thanks to this technology, it is possible to present Visiting Persons with advertisements tailored to their needs and interests (for example, advertising resulting from browsing only lamps in the “red” category recently) and to prepare better promotions and surprises for adult Visiting Persons who have consented to this.
§ 9 CHANGES TO THE PRIVACY POLICY
These rules of Privacy Policy 2.0 are effective as of 03 January 2023.
The Controller declares that it has the right to make changes to this document for important reasons, including:
- changes to applicable laws, in particular regarding the GDPR, telecommunications law, electronically provided services and consumer protection regulations, affecting the rights and obligations of the Controller or the rights and obligations of the data subject;
- development of functionalities or electronic services caused by progress in Internet technology, including implementation of new IT, technological or technical solutions on the Website, affecting the scope of this Privacy Policy.
The Controller undertakes to inform Users of any changes with appropriate advance notice allowing them to familiarize themselves with the content of the amended document, e.g., by posting a consolidated text of the Privacy Policy on the homepage of the online service.
For users using the newsletter function, if the Controller makes material changes to the content of the Privacy Policy, it will inform Users by e-mail. In the event of any objections to the change in the Policy, the User has the right to stop using the newsletter by sending a request to unsubscribe from the newsletter and a request to delete their personal data.
