PRIVACY POLICY OF GOOD4WALL STORE


I. GENERAL PROVISIONS

  1. This Online Store privacy policy is for information purposes only, which means that it is not a source of obligations for Service Users or Clients of the Online Store. It primarily contains rules regarding the processing of personal data by the Controller in the Online Store, including the grounds for, purposes and scope of personal data processing and the rights of data subjects, as well as information on the use of cookie files and analytical tools in the Online Store.
  2. The role of the controller of the personal data collected through the Online Store is the company operating under business name:“Good4Wall Spółka z ograniczoną odpowiedzialnością spółka komandytowa” with its registered office in Warsaw (00-337), at ul. Bartoszewicza 3/24, entered in the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 12th Commercial Division of KRS under KRS number 0000786728, REGON: 383378776, NIP: 5252789828 – hereinafter referred to as the: “Controller”, at the same time being the Online Store’s Service Provider and Seller.
  3. Personal data in the Online Store are processed by the Controller in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and in the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR”. The official GDPR test can be found here.
  4. Using the Online Store (including making the purchases) is voluntary. Similarly, provision of personal data by the Service User or Client using the Online Store is voluntary, subject to the following exceptions:
  • entering into agreements with the Controller – failure to provide, in the cases and to the extent indicated on the Online Store’s website and in the Online Store’s Regulations as well as in this privacy policy, personal data necessary to enter into and perform the Sales Agreement or an agreement on provision of Electronic Services with the Controller results in the inability to enter into that agreement. In this case, providing personal data is a contractual requirement, and if the data subject wants to enter into a given agreement with the Controller, he is obliged to provide the required data to the extent indicated by the Controller and permitted by the legal regulations on protection of personal data, including, in particular, the provisions of the GDPR. Each time the scope of data required to enter into an agreement is indicated earlier on the Online Store’s website and in the Online Store’s Regulations;
  • Controller’s statutory obligations – providing personal data is a statutory requirement resulting from the generally applicable provisions of law imposing an obligation on the Controller to process personal data (e.g. data processing for the purpose of keeping tax books or accounting ledgers) and failure to provide them will prevent the Controller from fulfilling those obligations.
  1. The Controller exercises special care to protect the interests of data subjects, and, in particular, is responsible and ensures that the data collected by it are:
  • processed lawfully;
  • collected for lawfully indicated purposes and not subject to further processing which does not comply with them;
  • correct from the subject-matter point of view and adequate for the purposes for which they are processed;
  • stored in a form which allows identification of data subjects, but not for a longer period than necessary for achieving the purpose of processing;
  • processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.
  1. Taking into account the nature, scope, context and purposes of processing, as well as the risk of violation of the rights or freedoms of natural persons with different probability and severity of threat, the Controller implements appropriate technical and organizational measures so that the processing takes place in accordance with applicable law on protection of personal data and so that the Controller is able to demonstrate it. Should the need arise, the measures are reviewed and updated. The Controller uses technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.
  2. Any capitalised words, phrases and acronyms used in this privacy policy (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Online Store’s Regulations.

II. GROUNDS FOR DATA PROCESSING

  1. The Controller has the right to process personal data in cases where – and to the extent that – at least one of the following conditions has been met:
  • the data subject has given consent to the processing of their personal data for one or more specific purposes;
  • processing is necessary to perform the agreement to which the data subject is a party, or to take actions at the request of the data subject prior to entering into the agreement;
  • processing is necessary to fulfil a legal obligations imposed on the Controller;
  • processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except for situations where the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, override these interests, in particular when the data subject is a child.
  1. Processing of personal data by the Controller each time requires at least one of the conditions indicated in section II.1 of the privacy policy. The specific grounds for the processing of personal data of the Service Users and Clients of the Online Store by the Controller have been indicated in the subsequent section of the privacy policy – with respect to a given purpose of personal data processing by the Controller.

III. PURPOSE, GROUNDS, PERIOD AND SCOPE OF DATA PROCESSING IN ONLINE STORE

  1. Each time the purpose, grounds, period and scope as well as the recipients of the personal data processed by the Controller result from actions taken by a given Service User or Client in the Online Store. For instance, if the Client decides to make purchases in the Online Store and chooses personal pickup of the Product purchased instead of courier, his personal data will be processed in order to perform the concluded Sales Agreement, but will no longer be made available to the carrier shipping the goods at the request of the Controller.
  2. The Controller may process personal data in the Online Store for the following purposes, on the following grounds, in periods and to the following extent:
Purpose of processingLegal basis for processing and data storage periodScope of data processing
Performance of the Sales Agreement or agreement on provision of Electronic Service, or taking actions at the request of the data subject prior to entering into the above-mentioned agreements

Article 6.1 (a) of the GDPR (performance of the agreement)

The data are stored for a period necessary to perform or terminate the agreement, or let it expire in another way.

Maximum scope: name and surname; e-mail address; contact telephone number; delivery address (street, house number, apartment number, postal code, city, country), residence / business / registered office address (if different from the delivery address).

In the case of Service Users or Clients who are not consumers, the Controller may additionally process the company name and the tax identification number (NIP) of the Service User or Client.

This is the maximum scope – in the case of personal pickup, providing the delivery address is not necessary.

Marketing including direct marketing

Article 6.1 (a) of the GDPR (consent to sending marketing content through e-mail)

The data are stored for the duration of the consent given to the Controller by a specific client, but no longer than for the period of limitation of claims against the data subject on account of the business activity conducted by the Controller. The period of limitation is set out in the legal regulations, in particular in the Civil Code (the basic period of limitation of claims connected with conducting business activity is three years, whereas for the sales agreement – two years).

The Controller may not process personal data for the purpose of marketing, including direct marketing in the case of effective withdrawal of the relevant consent by the data subject.

Data are processed until the data subject withdraws consent for further processing of his data for that purpose.

Name, e-mail address
Keeping books of account

Article 6.1 (c) of the GDPR in conjunction with Article 86 § 1 of the Tax Law Act of 17 January 2017 (Journal of Laws of 2017 item 201)

The data are stored for the period required by law ordering the Controller to store tax books (until the expiry of the limitation period of the tax liability, unless tax acts stipulate otherwise)

Name and surname; residence / business / registered office address (if different from the delivery address), company name and the tax identification number (NIP) of the Service User or Client.
Establishment, exercise or defence of legal claims which the Controller may pursue or which may be pursued against the Controller

Article 6.1 (f) of the GDPR

The data are stored for the period of the legitimate interest pursued by the Controller, but no longer than for the period of limitation of claims against the data subject on account of the business activity conducted by the Controller. The period of limitation is set out in the legal regulations, in particular in the Civil Code (the basic period of limitation of claims connected with conducting business activity is three years, whereas for the sales agreement – two years).

Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, postal code, city, country), residence / business / registered office address (if different from the delivery address).

In the case of Service Users or Clients who are not consumers, the Controller may additionally process the company name and the tax identification number (NIP) of the Service User or Client.

IV. DATA RECIPIENTS IN ONLINE STORE 

  1. In order to ensure proper operation of the Online Store, including performance of the Sales Agreements entered into, the Controller has to use services of external entities (such as e.g. a software supplier, courier or payment processing entity).The Controller uses only the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organisational measures, so that the processing meets the requirements of the GDPR and protects the rights of data subjects.
  2. Transfer of data by the Controller does not occur in every case and not to all recipients or categories of recipient indicated in the privacy policy – the Controller transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.
  3. Personal data of the Online Store’s Service Users and Clients may be transferred to the following recipients or categories of recipients:
  • carriers / forwarders / courier brokers – in the case of the Client who uses the Online Store’s method of delivery of a Product by post or courier, the Controller provides the Client’s personal data it has collected to a selected carrier, forwarder or agent performing shipments at the request of the Controller to the extent necessary to deliver the Product to the Client;
  • entities that handle electronic or payment card payments – in the case of the Client who uses in the Online Store an electronic payment or card payment method, the Controller provides the Client’s personal data it has collected to the selected entity handling the above-mentioned payments in the Online Store at the request of the Controller to the extent necessary to handle the payments made by the Client;
  • opinion survey system providers – in the case of the Client who has agreed to express an opinion on the Sales Agreement entered into, the Controller provides the Client’s personal data it has collected to the selected entity providing the system of opinion surveys on the Sales Agreements concluded in the Online Store at the request of the Controller to the extent necessary for the Client to express an opinion by means of the opinion survey system;
  • service providers which provide the Controller with technical, IT and organisational solutions enabling the Controller to conduct the business activity, including the Online Store and Electronic Services provided through it (in particular, providers of the computer software to run the Online Store, the e-mail and hosting providers and providers of the software for managing the company and providing technical support to the Controller) – the Controller provides the Client’s personal data it has collected to the selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
  • providers of accounting, legal and consultancy services which provide the Controller with accounting, legal or consultancy support (in particular an accounting office, law firm or debt collection company) – the Controller provides the Client’s personal data it has collected to the selected supplier acting on his behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

    V. PROFILING IN ONLINE STORE

  1. The GDPR obliges the Controller to inform about automated decision-making, including about profiling referred to in Article 22 clause 1 and 4 of the GDPR and – at least in those cases – relevant information about the rules according to which they are made, as well as about the significance and anticipated consequences of such processing for the data subject. In view of the foregoing, in this part of the privacy policy the Controller provides information on possible profiling.
  2. The Controller may use profiling for direct marketing in the Online Store, but the decisions taken on the basis of it by the Controller are not related to entering into or refusal to enter into the Sales Agreement or the possibility of using Electronic Services in the Online Store. What may result from profiling in the Online Store is, for example, granting a discount to a given person, sending them a discount code, reminding them about unfinished purchases, proposal of a Product which may correspond to the interests or preferences of a given person, or offering better terms and conditions, as compared to the standard offer of the Online Store. Despite profiling, it is a given person that makes a free decision as to whether they want to take advantage of the discount received in this way or better terms and conditions, and make a purchase in the Online Store.
  3. Profiling in the Online Store is based on the automatic analysis or forecast of a given person’s behaviour on the Online Store website, e.g. through adding a specific Product to the basket, browsing the page of a specific Product in the Online Store, or through analysing the previous history of purchases made in the Online Store. In order to enable such profiling, the Controller has to be in possession of the personal data of a given person so that it can subsequently send them, e.g. a discount code.
  4. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and has legal effects on them, or has significant influence on them in a similar way.
  5. The Controller may use profiling for direct marketing purposes in the Online Store after obtaining the consent of the person to whom the use of direct marketing methods applies. The consent must be expressed freely and explicitly at the time of conclusion of the Sales Agreement with the Controller. The consent may be withdrawn at any time, which should be notified to the person who gives the consent, at the moment of giving the consent.

    VI. RIGHTS OF DATA SUBJECT

  1. Right of access, rectification, limitation, deletion or transfer – the data subject has the right to request from the Controller access to their personal data, rectification, deletion (“right to be forgotten”) or restriction of processing thereof, and has the right to object to processing, and also has the right to transfer their data. The specific terms and conditions on which the above-mentioned rights can be exercised have been indicated in Articles 15-21 of the GDPR.
  2. The right to withdraw consent at any time – the person whose data are processed by the Controller on the basis of the consent given (pursuant to Article 6.1 (a) or Article 9.2 (a) of the GDPR), has the right to withdraw consent at any time without affecting the lawfulness of the processing that was performed on the basis of consent prior to its withdrawal.
  3. The right to lodge a complaint with the supervisory authority – a person whose data is processed by the Controller has the right to lodge a complaint with the supervisory authority in the manner set out in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The President of the Personal Data Protection Office is the supervisory authority in Poland.
  4. Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Article 6.1 (e) (public interest or tasks) or (f) (Controller’s legitimate interest), including profiling based on these regulations. In this case, the Controller is no longer allowed to process such personal data, unless it demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishment, exercise or defence of claims.
  5. Right to object to direct marketing – if personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of their personal data for the purposes of such marketing, including profiling, to the extent that which processing is connected with such direct marketing.
  6. In order to exercise the rights referred to in this section of the privacy policy, you can get in touch with the Controller, by sending an appropriate message in writing or by e-mail to the Controller’s address indicated at the beginning of the privacy policy or using the contact form available on the Online Store’s website.

VII. COOKIES IN ONLINE STORE, OPERATIONAL DATA AND ANALYTICS

  1. Cookies are small pieces of text information in the form of text files, sent by the server and saved on the device of the person visiting the Online Store’s website (e.g. on the hard drive of a desktop computer, laptop or on the smartphone’s memory card – depending on the device used by the person who visits the Online Store).Detailed information about cookie files and their history can be found here.
  2. The Controller may process the data contained in cookies when visitors use the Online Store’s website for the following purposes:
  • identification of Service Users as users logged in the Online Store and showing that they are logged it;
  • remembering Products added to the basket in order to place the Order;
  • remembering data from the completed Order Forms, questionnaires or Online Store logging data;
  • adapting the content of the Online Store’s website to the individual preferences of the Service User (e.g. regarding colours, font size, page layout) and optimising the use of Online Store’s website;
  • keeping anonymous statistics showing how the Online Store’s website is used;
  • remarketing, i.e. research into the characteristics of the behaviour of visitors to the Online Store by anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit other websites in the advertising network of Google Inc. and Facebook Ireland Ltd.
  1. Normally, most web browsers available on the market accept cookies by default. Everybody can determine the terms and conditions of cookie use by means of their own browser’s settings. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the possibility of saving cookies – in the latter case, however, this may affect some of the functionalities of the Online Store (for example, it may be impossible to go through the Order path via the Order Form due the failure to remember Products in the basket during the subsequent steps of placing the Order).
  2. The web browser’s cookie settings are important from the point of view of consent to the use of cookies by our Online Store – in accordance with the law, such consent may be also given through the web browser’s settings. In absence of such consent, one needs to change the web browser’s cookie settings.
  3. Detailed information on changing the cookie settings and deleting them on one’s own in the most popular web browsers is available in the help section of the web browser and on the following websites (just click on the link):

for Chrome browser;

for Firefox browser;

for Internet Explorer browser;

for Opera browser;

for Safari browser;

for Microsoft Edge browser.

  1. In the Online Store the Controller may use Google Analytics, Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).These services help the Controller analyse the traffic in the Online Store. The data collected are processed as part of the above-mentioned services in an anonymised way (these are the so-called operational data that prevent the person’s identification) to generate statistics helpful in administering the Online Store. The data are aggregate and anonymous, i.e. they do not contain identification features (personal data) of the persons who visit the Online Store’s website. Using the above-mentioned services in the Online Store, the Controller collects such data as sources and medium of acquiring visitors to the Online Store, the manner in which they behave on the Online Store’s website, information on the devices and browsers through which they visit the website, IP and domain, geographical data and demographic data (age, sex) as well as interests.
  2. Everybody can easily block sharing of Google Analytics information about their activity on the Online Store website – for this purpose, you can install the browser add-on provided by Google Inc. available here.

VIII. FINAL PROVISIONS

The Online Store may contain links to other websites. The Controller recommends users to become acquainted with the privacy policy of the websites upon visiting them. This privacy policy concerns only the Online Store and Controller.

Sign up for the newest design trends

0