Privacy and cookies policy of the website SWAG42

§ 1

Introductory provisions

  1. This document regulates Privacy and Cookies Policy of the Webpage SWAG42, operated via the website provided at URL address: https://swag42.com/, here in after referred to as „Website”.
  2. The Website is managed by:
  3. SWAG42 Sp. z o.o. with its registered seat in Warsaw, Poleczki 23, piętro 2, 02-822 Warsaw Poland, Poland, KRS: 0000957590, NIP: 5213960548, REGON: 521519670, here in after referred to as - “Administrator or Seller”. There is possibility to contact with Administrator by phone number: +48 662 428 687 or by e-mail address: admin@swag42.com

Definitions

  1. RODO - Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE;
  2. Website - the internet site managed by the Administrator at https://swag42.com/.
  3. Personal data - according to RODO, personal data is information about an identified or identifiable natural person. In the case of the use of our Service, such data are, for example, name, surname, email address, phone number, IP address and others.
  4. Client - means the subject, visiting the Website, to whom, in accordance with this policy and generally applicable law, services may be provided.
  5. Cookies - means IT data, in particular small text files, recorded and stored on the devices with the help of which the Client uses the Website.

§ 1

Introduction

  1. Website SWAG42 makes every effort to ensure that the privacy and protection of the personal data provided is respected when using the site and takes all necessary measures in this regard.
  2. The use of the services provided by the Seller involves the processing of personal data, therefore we take the issue of security and privacy protection particularly seriously.
  3. This document has been developed to help understand how privacy is protected, what kind of personal data is collected, for what purpose it is done and how it is used. It also contains information on how the rights deriving from the Regulation of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE are enabled.
  4. The document also lists the technologies used that involve the processing of personal data. These include, for example, the handling of browser memory, geolocation or pixel tags.
  5. With regard to the cookies policy, information is provided on the conditions for storing of information or accessing information already stored in telecommunications end-user devices. An end-user is considered to be an individual or entity using or requesting a publicly available telecommunications service to meet personal needs.

§ 2

Declaration

  1. Whilst pursuing the primary goal of respecting the privacy of Clients, the Administrator tries to exercise all due diligence. In order to meet this objective, the norms and principles resulting from generally applicable laws are implemented. These include in particular: Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE, the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2016, No. 0, item 1030, as later amended), as well as the Act of 16 July 2004. Telecommunications Law (Journal of Laws of 2016, No. 0, item 1489 as later amended).
  2. In particular, due efforts are made to ensure that Clients' personal data are:
    1. processed lawfully,
    2. collected for the legitimate purposes indicated herein,
    3. not further processed in a way incompatible with those purposes,
    4. substantively correct and adequate in relation to the purposes for which they are processed,
    5. appropriately protected against unauthorised access, destruction, disclosure and unlawful use,
    6. kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing.

§ 3

Personal data Administrator

  1. Personal data Administrator processing in Shop is Seller – SWAG42 Sp. z o.o. its registered seat in Poleczki 23, piętro 2, 02-822 Warsaw, Poland. Contact with Administrator is possible by phone number:+48 662 428 687, e-mail address: admin@swag42.com or on Administrator’s registered seat.

§ 4

Data provided by Clients

  1. The data provided by the Clients include the name, e.g. name and surname, and e-mail address, as well as other data provided by the Client in the message submitted via the form on the website. The purpose of collecting the aforementioned data is to carry out a preliminary analysis of the question presented and to contact the Client in order to inform them of the arrangements made and to present commercial information with their consent.
  2. If the Client has consented to this (by subscribing to the newsletter), the email address provided by the Client may be used for marketing purposes of the Administrator. In the above case, the legal basis for the processing is: Article 6 section 1 (a) RODO - the data subject has consented to the processing of personal data and Article 6 section 1 (f) RODO - the Administrator's legitimate interest in the form of sending information to the Customer regarding promotions, discounts and products and services provided by the Administrator.
  3. The data collected via the form are collected taking into account the principle of data minimisation resulting from the law, i.e. they are adequate, relevant and limited to what is necessary for the purposes for which they are processed.

§ 5

Basis for the processing of personal data

  1. Administrator has a right to processing personal data in the case of – and to that extent on which – there is fulfilled at least one of below condition: person, to whom personal data relates, agreed for processing his or her personal data on one or more purposes; processing is necessary for execution the agreement, in which one of the parties is the person, to whom personal data relates, or for take an action for person, to whom personal data relates, request, before agreement; processing is necessary to execute of legal obligation incumbent on Administrator; or processing is necessary for purposes which are results of legitimate business realizing by Administrator or third part, excluding situations on which business and primary rights and freedoms of person, to whom personal data relates has overriding character, which demand personal data protection, especially when person, to whom personal data relates, is a child.
  2. Personal data will not be processed after using services by Client, however provided the possibility of further usage of that of personal data, which are:
    1. necessary for settlement of the service and pursuing claims on account of payments for using services.
    2. necessary for advertisement purposes, market research, Client’s behaviors and preferences with intended results of these research for needed improvements of quality services provided by Administrator with the consent of Client,
    3. admitted to processing on the basis of separate acts or an agreement
  3. The data thus obtained is processed on the basis of Article 6 of Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE.
  4. Data Administrator does not use “profiling”, which means automated form of personal data processing, which involves using personal data for assessment of certain personal factors of natural person, especially to analyze or to forecast aspects relating to personal preferences and interests. Administrator does not make automated decisions in individual cases based on profiling, and does not make a decision that may be based solely on automated processing, including profiling, that would significantly affect the data subject.
  5. Independently, it is possible to process personal data if this is necessary for the fulfilment of a legitimate purpose pursued by us or the recipients of the data and the processing does not infringe the rights and freedoms of the data subject. A legitimate purpose is considered to be, in particular, direct marketing of our products or services, as well as the assertion of claims from our business activities. The data obtained in this way are processed on the basis of Article 6 of Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE.
  6. In other cases, the Administrator asks for voluntary consent to the processing of personal data. The granting of this consent takes place in particular by ticking a check box ("checkbox"), next to the declaration of consent to the processing of personal data. The data obtained in this manner are processed on the basis of Article 6 of Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE or Article 18 (4) of the Act of 18 July 2002 on the provision of e-services (Journal of Laws of 2016, No. 0, item 1030, as later amended).

§ 6

Collections, their scopes and purposes of processing personal data

  1. Administrator process Clients’ personal data in structured collections, which we defined by the purpose of their processing. These data are processed to the extent necessary to fulfil the established purpose. The following list includes the sets, scopes and purposes of data processing.
  2. Name of collectionAmount of data to be processedPurpose of processing
    Collecting the personal data of the Client (the user who registers in the personal account)
    1. name
    2. e-mail
    3. IP
    Registering an account to interact within the contract with the client company
    Collecting the personal data of the client company's employees
    1. name and surname
    2. e-mail
    3. gender
    4. delivery address
    5. date of birth
    6. phone number
    Interacting within the framework of the contract with the client company
    Collecting the personal data of a Client who has given consent to the Newsletter
    1. e-mail
    Sending „Newsletter”
    Collection of personal data from Client who use the contact form as well as the form to submit a question about the Product
    1. name
    2. e-mail
    Providing an opportunity for contact with the Client
    Collection of personal data of Client when using online chat
    1. name
    2. e-mail
    Providing an opportunity for contact with the Client
    Collecting the personal data of the Client who uses the website
    1. IP
    2. geolocation
    Providing the opportunity to use the website
    Collection of the personal data of the Client who submitted the complaint.
    1. name and surname
    2. address
    3. e-mail
    4. phone number
    5. bank account number
    6. complaint number
    Conducting proceedings in relation to a submitted complaint.
    Collection of personal data of the Client who comes into contact with the Administrator
    1. name and surname
    2. e-mail
    3. phone number
    4. IP
    Provision of commercial, organizational or technical information to Clients by the Administrator

§ 7

Personal data entrustment and sharing

  1. The Administrator may entrust Clients' personal data to other entities. These may be, for example, a hosting provider, an accounting or legal service, a payment operator or any other entity with which we cooperate in order to properly provide services. The entrustment of personal data always takes place on the basis of a written entrustment agreement. An up-to-date list of the entities to whom we entrust data processing is permanently available to all customers. In order to gain access to it, it is sufficient to make such a request to the Administrator. This can be done, for example, by sending an e-mail. The legal basis for the entrustment of personal data is Article 28 of Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/WE.
  2. The Administrator may transfer the processed data outside the European Economic Area. The laws on the processing of personal data which are in force in those countries may provide for less protection than the laws in force in the Republic of Poland. Therefore, if such data is transferred, the Administrator shall take special care to comply with the terms and conditions of processing as set out herein. One form of this care is the use of standard contractual clauses approved by the European Commission, including those compliant with the EU-USA Privacy Shield.
  3. The Administrator shall not make the collected data available to third parties, except in situations where this is required by generally applicable law, i.e. on the basis of a request from an authorised body or court.

§ 8

Client’s rights

  1. In connection with the processing of personal data, the persons whose personal data are processed have associated rights. The possibility of exercising the following rights depends on the legal basis for the processing of personal data:
    1. Art. 15 of RODO, right of access for personal data:
      1. Subject, to whom personal data relates, 1. Article 15 RODO right of access to personal data: Subject is entitled to obtain confirmation from us as to whether personal data concerning them is being processed. If this is the case, they are entitled to obtain access and additional information (e.g. purposes, categories, recipients, retention, rights, source).
    2. Art. 16 of RODO, right of rectification:
      1. Subject, to whom personal data relates, has a right to request for immediate rectification, if personal data which relate to them are invalid. Including purposes of processing, the subject has a right to request to completion of incomplete personal data, including through presentation extra statement.
    3. Art. 17 of RODO, right to delete personal data (“right to be forgotten”):
      1. Subject, to whom personal data relates, has a right to request from us an immediate deletion of their personal data. Then we are obliged delete this personal data without unnecessary delay, if one of the following circumstances applies:
        1. the consent to the processing of personal data has been withdrawn and there is no other basis for the processing,
        2. Subject, to whom personal data relates, has lodged an effective objection to the processing,
        3. personal data were processed illegally,
        4. the personal data must be deleted in order to comply with a legal obligation,
        5. the data was collected in connection with the offering of information society services.
    4. Art. 18 of RODO, he right to request the Administrator to restrict the Processing of Personal Data, excluding cases referred in art. 18 para. 2 of RODO:
      1. Person, to whom personal data relates, has a right to request from us the restriction of personal data processing in following situations:
      2. Subject, to whom personal data relate, contests correctness of personal data – for a period allowing us to check correctness this data;
      3. Processing is illegal and subject, to whom personal data relates, opposes to delete personal data, requesting instead of this, limitation of their using;
      4. We do not already need personal data for purpose of their processing, but they are needed by subject, to whom personal data relate for the establishment, assertion or defence of claims;
      5. Subject, to whom personal data relates, has lodged an objection pursuant to art. 21 section 1 of RODO towards of processing – until statement, if there are legitimated bases on Administrator side and if there are superior than bases of objection of subject, to whom personal data relate.
    5. Art. 20 of RODO, right to transfer Personal Data:
      1. Subject, to whom personal data relate, is entitled to receive their personal data, which they provide to Administrator in a structured, common using format, which is machine-readable and has a right to send this personal data for other administrator unhindered from administrator, to whom personal data were given.
      2. Executing right to transfer personal data, subject, to whom personal data relate, has a right to request that personal data will be sent by the administrator directly to another administrator, if it is technically possible.
    6. Art. 21 of RODO, right to object against personal data processing
      1. Subject, to whom personal data relates, has a right in every moment lodge an objection – on reasons relating to their particular situation - against the processing of personal data concerning him or her based on Article 6 section 1 (f) (legitimate interest of the administrator). In that case, we are no longer allowed to process the personal data unless we can demonstrate the existence of compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or grounds for the establishment, assertion or defence of claims.
      2. In addition, subjects, whose personal data are processing, have a right to lodge a complaint to The President of the Office for Personal Data Protection, if they decided that processing their personal data infringes actual law.
      3. The Administrator may provide system functionalities enabling the exercise of these rights. Should you wish to exercise said rights, please contact us in accordance with the instructions in § 21 of this Privacy and Cookies Policy.

§ 9

Server logs

  1. Server logs these are inside logs of Website server events, automatically recording site’s requests, which are sent, when Clients use the Website. Server logs include site’s request, which was sent by the Client, IP address, type of browser, language of browser, date and time of request and at least one ,,cookie” file, which could clearly identify Client’s browser.
  2. Data are collected in server logs and they are used by us for unspecified time, only for Website’s administration. They are not transferred to third parties, excluding situations described in this document.

§ 10

Cache memory

  1. Providing services for Clients, Administrator could automatically use the cache memory of Client’s browser, application or device. This usage consist of data storage in browser’s memory, which is installed on Client’s device. In the context of local memory it is possible to storage intersessional data, i.e. between consecutive Client’s sessions. The purpose of using cache memory is acceleration of using Website, through elimination situations, in which the same data are repeatedly downloaded from the Website, putting a strain on Client’s internet connection.

§ 11

Geolocation

  1. Administrator or third parties through administrating cookies, could use of geolocation’s functionality, involving the collection and processing of information about Client’s residence. In this case the following data could be processed: IP number, from a GPS sensor, from a Wi-Fi point or from mobile network base stations.

§ 12

Pixel tag

  1. Administrator or third parties through administrating cookies, could benefits from functionality of pixel tags. These are elements, which are published in digital content and allow the recording of information, e.g. Client’s activity on Shop’s website.

§ 13

Cookies – introduction

  1. During the provision of services to Clients, the Administrator uses professional technologies for collecting and storing information, such as cookies. Cookies contain information necessary for the proper use of the Website. They are commonly used, small files containing a string of characters that are sent to and stored on the terminal device (e.g. computer, laptop, tablet, smartphone) used by the Client when visiting the Website. This information is sent to the clipboard of the browser used, which sends it back on subsequent visits to the Website. They most often contain the name of the website from which they originate, the length of time they are stored on the end device and a unique number. Data from cookies may also be accessed by the external entities listed in § 17 of this Privacy and Cookies Policy.

§ 14

Basis of cookies processing

  1. Cookies are processed on the basis of art. 173 of Act of 16 July 2004. Telecommunications Law (Journal of Laws of 2016, No. 0, item 1489 as later amended).
  2. Clients using services provided electronically through the Website are asked by the Administrator to voluntarily consent to the processing of cookies by storing information or gaining access to information already stored in their telecommunications terminal equipment.
  3. Consent to the processing of cookies is granted in particular by using the button containing a declaration of consent to the processing of cookies or confirming that you have read its terms and conditions. This consent may be withdrawn at any time, free of charge and as described in the section on the management of cookies.

§ 15

Cookies used by Administrator

  1. Cookies are commonly used, small files containing a string of characters which are sent to and stored on the end device (e.g. computer, laptop, tablet, smartphone) used when visiting. The information is sent to the memory of the browser used, which sends it back the next time you visit the website. Cookies can be categorised by the Administrator according to three methods of division.
  2. In terms of the purposes for which cookies are used, we distinguish between following categories of cookies:
    1. Essential cookies - these files enable the proper functioning of the Website and its functionalities, e.g. authentication or security cookies.
    2. Functionality cookies – files which make it possible to remember the settings selected by the customer and to adapt them to the customer's needs and preferences, e.g. with regard to the chosen language, font size, appearance of the website.
    3. Business files – this category includes, e.g. advertising cookies. They enable advertisement adaptation, displayed on or off the Website to the Client's preferences.
  3. In terms of time their validity, we differentiate two categories of cookies:
    1. Session files – existing for end of Client’s session,
    2. Permanent files – existing after end of Client’s session.
  4. In terms of differentiating the entity administering the cookies, we distinguish:
    1. Administrator cookies
    2. Third parties cookies

§ 16

Technical requirements

  1. The Administrator's cookies enable the Website to recognise the Client's device and display the Website tailored to the Client's individual expectations, making the use of its functionalities easier and more enjoyable. By storing these files on the Client's device, it is possible, for example, to remember login data, maintain the session after logging in, remember the selected goods or services, or adjust to the Client's preferences, such as content layout, language or colour.

§ 17

Third parties cookies

  1. Administrator could use cookies used by Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA, as part of the service:
    1. Google Adwords – these enable the guidance and assessment of quality of advertising campaign, implemented in terms of using Google Adwords services,
    2. Google Analytics – these enable evaluation of the quality of advertising campaigns run using the Google Adwords service, as well as the study of client behaviour and traffic, and the compilation of traffic statistics,
    3. Google Maps – these enable to store information about the Client that allows them to use the map functionality available through the Google Maps service. Google Inc. may track the Customer's location,
    4. YouTube – these enable the storage of information about the Client which allows the use of the functionality of the YouTube service. Google Inc. may track the playback of videos by the Customer.
  2. The administrator may use cookies used by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, United States. These cookies may be used to link user accounts: on the external social network Facebook with the Website account, insofar as the Administrator provides such functionality. These files may also be used to process the Client's activities on Facebook, performed using the "Share" or "Like" buttons. The processing of these activities could have public character.
  3. The use of third-party cookies is subject to the privacy and cookie policies applied by these entities. We encourage you to read the personal data processing and privacy policies of the entities that most frequently and extensively process our data:
    1. Google privacy policy
    2. Facebook privacy policy
    3. Pinterest privacy policy
    4. Rules of using Instagram privacy policy
    5. Twitter privacy policy
    6. LinkedIn privacy policy
    7. Telegram privacy policy
    8. WhatsApp privacy policy

§ 18

Managing cookies and other information

  1. Most commonly, the browser settings allow cookies and other information to be placed on the end device by default. If the customer does not agree to the storing of these files, it is necessary to change the browser settings accordingly. It is possible to disable their storage for all connections from a particular browser or for a specific website, or to delete them. How you manage your files depends on the software you are using. Actual rules of files managing could be found in settings specific website.
  2. To manage your cookie settings, select your browser / system from the list below and follow the instructions:
    1. Internet Explorer
    2. Edge
    3. Chrome
    4. Safari
    5. Firefox
    6. Opera
    7. Android
    8. Safari (iOS)
  3. Actual rules of files managing in browser do not mentioned above could be found in browser settings you are using
  4. In the terms of information about user preferences, collecting by ad network Google, it is possible to view and edit information arising from cookies by using Google Ads Preferences instrument. Information about cookies managing on telephone could be found in User Guide specific telephone.
  5. Agreement for cookies processing is voluntary. Please note, however, that restrictions in their use may make it difficult or impossible to use parts of the functionality of the Website.

§ 19

Links to other websites or software

  1. The Website may contain links to other websites or software. The Administrator is not responsible for the privacy and cookie processing policies of these websites or software. It is recommended to become acquainted with privacy and cookies policy these websites or this software upon entry on them or before installing.

§ 20

Changes of privacy and cookies policy

  1. The Administrator reserves the right to change this Privacy and Cookies Policy. In the event of a change to the Privacy and Cookies Policy, the Administrator will publish an updated version in this location.

§ 21

Contact and applications

  1. The Administrator continually does its utmost to process Clients' personal data and cookies to the highest standards. In the event that a threat or breach is identified, please contact us immediately using the details below:
    1. admin@swag42.com
    2. +48 662 428 687
    3. SWAG42 Sp. z o.o.
    4. Poleczki 23, piętro 2,
    5. 02-822 Warsaw, Poland
  2. We would welcome any feedback. If you have any questions, requests or concerns regarding the processing of your personal data or cookies, we encourage you to contact us.

§ 22

Final provisions

  1. In matters not regulated in the Privacy Policy, the provisions of the law on the processing of personal data, including the RODO, shall apply.