Privacy policy
Privacy policy
This document governs the Privacy and Cookies Policy
for the website, available at https://hopchop.pl, owned by Next Look Solution Sp. z o.o. ul. WIDOK 10/-, 05-090 DAWIDY BANKOWE, NIP: 5342634489, REGON: 388099093
- 1 Personal Data Administrator
1.1 The administrator of your personal data is Next Look Solution Sp. z o.o. 10/- WIDOK St., 05-090 DAWIDY BANKOWE, NIP: 5342634489, REGON: 388099093 (hereinafter: "Administrator").
1.2 Contact details of the Administrator:
Address for correspondence: 10/- WIDOK street, 05-090 DAWIDY BANKOWE
Email address: [email protected]
Telephone: 535 828 030
1.3 Pursuant to Article 37 of the DPA, the Data Controller has not appointed a Data Protection Officer (DPO) and performs its own data protection duties.
- 2 Definitions
Administrator - Personal Data Controller, the entity that decides on the purposes and means of the processing of personal data
Personal data - is information about a natural person and relates to an identified or identifiable person, either directly or indirectly; personal data includes in particular an identification number, factors relating to physical, physiological, mental, economic, cultural or social characteristics
RODO - Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC
Privacy and cookies policy - this document, hereinafter referred to as "the Policy"
Service - the website operated by the Administrator at the following address:
https://hopchop.pl
Service user - any natural person visiting the Service or using at least one of the services performed by the Administrator or a function of the Service
Cookies - cookies are small pieces of information in the form of a text string which are placed on or read by a website in the browser used by the User
JDG entrepreneurs - natural persons conducting economic activity on the basis of an entry in the Central Business Register and Information on Economic Activity
- 3 General provisions
3.1 The Administrator collects the data of the Users of the Website located at:
https://hopchop.pl.
3.2 The type of data collected by the Administrator depends on the service offered by the Administrator and used by the User.
3.3 Personal data will be processed by the Controller in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, referred to as the General Data Protection Regulation, hereinafter referred to as "RODO".
3.4 The provision of any personal data is voluntary and at the User's discretion. However, in some cases, the provision of certain personal data is necessary in order to meet the User's expectations with regard to the use of the services offered by the Administrator.
3.5 The services offered by the Administrator within the Service are offered to persons who are 18 years of age or older. Accordingly, the Administrator does not knowingly process the personal data of children.
- 4 Purpose, basis and duration of data processing
4.1 Registration of a customer account
4.1.1 Whose data are being processed?
Data of persons who have registered their account on the Website are processed
https://hopchop.pl.
4.1.2 Which data are subject to processing?
- name
- e-mail address
- address for service
- billing address
- password
- the company name and VAT number (of the sole trader)
4.1.3 What is the purpose of the data processing?
The data will be processed in order to provide services related to the maintenance and operation of your account on the Website.
4.1.4 What is the legal basis for data processing?
- Preparation and performance of the contract - Article 6(1)(b) of the RODO.
- Legitimate interest of the Administrator, in order to optimise the services provided - Article 6(1)(f) RODO.
4.1.5 What is the data retention period?
Data is processed until the contract is fulfilled (e.g. deletion of the account from the Website) and then for the period necessary to establish, assert or defend against claims.
4.1.6 Is it necessary to provide data?
The provision of data is voluntary, however, without the provision of data it will not be possible to create an account.
4.2 Order handling in the shop:
4.2.1 Whose data are being processed?
Details of those who have placed an order at https://hopchop.pl.
4.2.2 Which data are subject to processing?
- name
- e-mail address
- phone number
- address for service
- billing address
- the company name and VAT number (of the sole trader)
4.2.3 What is the purpose of the data processing?
The data will be processed for the purpose of order fulfilment, complaint processing, the assertion or defence of claims, as well as in connection with the fulfilment of obligations relating to tax and accounting regulations.
4.2.4 What is the legal basis for data processing?
- Preparation and performance of the contract - Article 6(1)(b) of the RODO.
- Legitimate interest of establishing, investigating and defending against possible claims - Article 6(1)(f) RODO.
- Fulfilment of a legal obligation incumbent on the Administrator - Article 6(1)(c) of the DPA.
4.2.5 What is the data retention period?
- Data is processed until the contract is fulfilled, while data obtained for the purpose of fulfilling legal obligations is processed until it is fulfilled.
- Data processed on the basis of a legitimate interest shall be processed until the legitimate interest is fulfilled or the User has lodged an effective objection. The above processing periods may be extended for a maximum of the time necessary to establish, assert or defend against claims. After this period, the personal data will be anonymised or deleted.
4.2.6 Is it necessary to provide data?
The provision of data is voluntary, however, without data it will not be possible to process the order.
4.3 Newsletter:
4.3.1 Whose data are being processed?
Data of persons who have subscribed to the Newsletter.
4.3.2 Which data are subject to processing?
- e-mail address
4.3.3 What is the purpose of the data processing?
- Carrying out Newsletter service, informing about discounts, promotions, new offer.
- Matching the content of the Newsletter service requested to the User's activity on the Site.
4.3.4 What is the legal basis for data processing?
- Performance of the Newsletter service contract - Article 6(1)(b) RODO.
- Legitimate interest of direct marketing (information on offers, news, personalisation of content) - Article 6(1)(f) RODO.
4.3.5 What is the data retention period?
Personal data will be processed until the User withdraws his/her consent to the processing and then for the period necessary to establish, assert or defend against claims. After this period, the personal data will be anonymised or deleted.
4.3.6 Is it necessary to provide data?
The provision of data is voluntary, however, without the provision of data it will not be possible to subscribe to the Newsletter.
4.4 Contact form:
4.4.1 Whose data are being processed?
Details of those who contact via the contact form.
4.4.2 Which data are subject to processing?
- name
- e-mail address
4.4.3 What is the purpose of the data processing?
Identifying the contacting user and answering the question.
4.4.4 What is the legal basis for data processing?
Legitimate interest - Article 6(1)(f) RODO.
4.4.5 What is the data retention period?
Until the expiry of the statute of limitations for claims.
4.4.6 Is it necessary to provide data?
The provision of data is voluntary, but necessary for the verification of the User.
4.5 Information on product availability:
4.5.1 Whose data are being processed?
Details of those who wish to receive information on product availability.
4.5.2 Which data are subject to processing?
- name
- e-mail address
4.5.3 What is the purpose of the data processing?
Providing information on product availability.
4.5.4 What is the legal basis for data processing?
To provide information on product availability based on the consent given - Article 6(1)(a) of the DPA.
4.5.5 What is the data retention period?
Data is processed for the period necessary to provide the information or until consent is withdrawn, whichever event occurs first.
4.5.6 Is it necessary to provide data?
The provision of data is voluntary but necessary to provide information.
- 5 Entrusting and sharing personal data
5.1 In connection with its activities, the Controller may disclose personal data to the following entities if this is necessary for the purposes of the processing:
5.1.1 Companies providing services or IT solutions,
5.1.2 Courier and postal service companies,
5.1.3 Banks and other financial and payment institutions,
5.1.4 Public authorities receiving data in connection with the fulfilment of the Administrator's legal obligations,
5.1.5 Companies providing marketing activities,
5.1.6 Employees and associates,
5.1.7 Firms providing accounting and bookkeeping services.
- 6 Service user rights
6.1 In connection with the processing of personal data, the User shall have the associated rights:
6.1.1 Right of access to the content of your data - You have the right to obtain information regarding the personal data held by the Administrator about you, including a copy of that data.
6.1.2 Right to rectification (correction) of your data - You have the right to request the rectification of your personal data that is incorrect or incomplete.
6.1.3 Right to erasure - You have the right to request the erasure of your personal data stored by the Administrator in the following cases: (a)the User's personal data are no longer necessary for the purposes for which they were collected,(b)the User has withdrawn the consent on which the processing is based and there is no other legal basis for the processing,(c)the User has objected to the processing and there are no overriding legitimate grounds for the processing or the objection relates to the processing for direct marketing purposes,(d)the User's personal data have been unlawfully processed,(e) the personal data must be erased in order to comply with a legal obligation under Union or national law.
6.1.4 Right to withdraw consent to the processing of personal data for marketing purposes at any time - You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of your consent to processing will not affect the lawfulness of the processing carried out before the withdrawal.
6.1.5 Right to restrict data processing - The User has the right to request that the processing of his/her personal data be restricted in the following cases:(a) The User questions the correctness of the personal data, for a period of time allowing the Administrator to check the correctness of the data,(b) the processing is unlawful and the User objects to the erasure of the personal data, requesting instead the restriction of their use,(c)The Administrator no longer needs the personal data for the purposes of processing, but the data are necessary for the User to establish, assert or defend claims,(d)The User has raised an objection under Art. 21(1) RODO against the processing - until it is determined whether the legitimate grounds on the part of the Administrator override the grounds for the objection.
6.1.6 Right to object to processing (objection on grounds of special situation) - if the User's personal data is processed on the basis of the Administrator's legitimate interest, the User has the right to object at any time to the processing, in accordance with Article 21 RODO.
6.1.7 Right to data portability - You have the right to receive, in a structured, commonly used machine-readable format, the personal data concerning you which you have supplied to the Controller, and you have the right to send this personal data to another Controller without hindrance from the Controller to whom the personal data has been supplied, where the processing is based on consent and by automated means.
6.1.8 the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.
6.2 If you wish to exercise the rights listed in section 6.1 of the Policy, please contact us at the Administrator's contact details.
- 7 Transfer of personal data to third countries
As a rule, your personal data will not be transferred outside the European Economic Area.
- 8 Cookie policy
8.1 Purpose of cookies
8.1.1 The Administrator does not collect any information by automatic means, with the exception of the information contained in cookies.
8.1.2 Cookies are used in a number of ways.
8.1.3 Cookies are used for functional, content personalisation, statistical, analytical and marketing purposes.
8.2 Types of cookies
8.2.1 The Website uses the following types of cookies:
- "session cookies", which are deleted from the computer's hard drive when the session of a particular browser ends or the computer or mobile device is switched off
- "persistent cookies", which are stored in the memory of a computer or mobile device until they are manually deleted by the User using the appropriate tools in the web browser or until they expire
- "Third-party cookies", are information placed by the scripts of other websites.
8.2.2 The following types of cookies are used within the Service:
- "necessary" to enable you to use the services available on the Website,
- "performance", enabling the collection of information about how the Website is used,
- "functional", enabling "remembering" the settings selected by the User
and personalisation of the user interface, e.g. with regard to the selected language or region, - "advertising", enabling the delivery to Users of advertising content more tailored to their interests.
8.3 Google Analytics
- The website uses Google Analytics, a web analytics service. Its provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies", text files which are stored on your computer and enable analysis of your use of the website.
- The storage of Google Analytics cookies takes place on the basis of Article 6(1)(f) of the Data Protection Regulation (DPA). The controller has a legitimate interest in analysing user behaviour both to optimise its online offering and its advertising.
- Google's privacy policy, the Service User can read at: https://policies.google.com/privacy?hl=pl .
- If the Service User does not want their information to be collected in this way, they can, for example, change their browser settings.
- The Administrator informs that in this case the Service User's data is subject to transfer outside the European Economic Area.
8.4 Pixel Meta (Facebook)
- The website uses Facebook Pixel, a service that enables effective marketing campaigns and product promotions. Its provider is Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA or, for users who are EU residents, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
- A Facebook pixel is a short code placed on the website to measure the effectiveness of advertisements based on analysis of users' actions on the website, which we understand to be our legitimate interest. (Article 6(1)(f) RODO).
- The information collected within the Facebook Pixel is anonymous, i.e. it does not identify you personally. We only know what actions have been taken within our service.
- With Facebook's privacy policy at: https://www.facebook.com/privacy/explanation .
- If the Service User does not want their information to be collected in this way, they can, for example, change their settings by clicking on the link: https://www.facebook.com/ads/preferences .
- The Administrator informs that in this case the Service User's data may be subject to transfer outside the European Economic Area.
8.5 Cookie management:
8.5.1 In most cases, your browser settings will allow cookies and other information to be placed on your terminal device by default. If the User does not agree to the storing of these files, it is necessary to change the browser settings accordingly. It is possible to disable their storage for all connections from a particular browser or for a specific website, or to delete them. How you manage your files depends on the software you are using. The current file management rules can be found in the settings of the browser used.
8.5.2 For information on how to manage cookies on your mobile phone, please refer to the User Guide of your particular phone.
8.5.3 Consent to the processing of cookies is voluntary. However, please note that restrictions on their use may make it difficult or impossible to use some of the functionality of the website operated at: https://hopchop.pl.
- 9 Data security
9.1 The User's personal information is stored and protected with due care, in accordance with the Administrator's implemented internal procedures. The Administrator processes User information using appropriate technical and organisational measures that meet the requirements of generally applicable legislation, in particular the provisions on personal data protection. These measures are primarily aimed at protecting the Users' personal data from access by unauthorised persons.
9.2 In particular, only authorised persons who are obliged to keep the data confidential or entities entrusted with the processing of personal data on the basis of a separate data entrustment agreement have access to the Users' personal data.
- 10 Final provisions
10.1 The Administrator reserves the right to amend this Privacy and Cookies Policy. In such case, an updated version will be published in this location.
10.2 To the extent not covered by this Privacy Policy, the data protection regulations apply.
10.3 This Privacy Policy is effective as of 10 February 2023.