© QUERSUS


PRIVACY POLICY
OF THE QUERSUS.COM ONLINE STORE



TABLE OF CONTENTS:


1. GENERAL PROVISIONS
2. GROUNDS FOR DATA PROCESSING
3. PURPOSE, GROUNDS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
4. DATA RECEIVERS IN THE ONLINE STORE
5. PROFILING IN THE ONLINE STORE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS
8. FINAL PROVISIONS



1. GENERAL PROVISIONS


1.1. This Online Store privacy policy is informative, which means that it is not a source of obligations for Clients or Customers of the Online Store. The privacy policy contains primarily rules for the processing of personal data by the Data Controller in the Online Store, including the grounds, purposes and scope of processing personal data and the rights of data subjects, as well as information on the use of cookie files and analytical tools in the Online Store.

1.2. 1.2 The Administrator of personal data received on behalf of the online shop is QUERSUS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (registered office and delivery address: ul. Podrzecze 182, 33-386 Podegrodzie) entered in the Register of Entrepreneurs of the National Court Register under KRS No. 0000550308; the register court where the company’s documentation is kept: District Court for Kraków-Śródmieście in Kraków, XII Economic Division of the National Court Register; share capital amounting to: PLN 10,000; NIP: 7343530735, REGON: 361114014, e-mail address: quersus@quersus.com, telephone number: 185488488 – hereafter referred to as the „Administrator” being the Service Provider of the Internet Shop and the Seller.

1.3. Personal data in the Online Store is processed by the Data Controller in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to processing of personal data and the free flow of such data and the repeal of Directive 95/46 / EC (general regulation on data protection) - hereinafter referred to as "GDPR" or the "GDPR Regulation". Official text of the GDPR Regulation: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679

1.4. Using the Online Store, including making purchases is voluntary. Similarly, giving personal data related to the use of the Online Store by the Client or the Customer using the Online Store is voluntary, subject to two exceptions: (1) Entering into agreements with the Data Controller - failure to provide personal data necessary to conclude and perform a Sales Agreement or a contract for the provision of Electronic Services with the Data Controller in cases and in the scope indicated on the Online Store website, in the Online Store Regulations and this privacy policy results in the inability to conclude this Agreement. Providing personal data is in this case a contractual requirement and if the data subject wants to conclude a given agreement with the Data Controller, the data subject is obliged to provide the required data. Each time, the scope of data required to conclude a contract is indicated previously on the Online Store website and in the Online Store Regulations; (2) the Data Controller's statutory obligations - providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing an obligation on the data Controller to process personal data (e.g. data processing for the purpose of keeping tax or accounting books) and failure to provide the data will prevent the Data Controller from performing these duties.

1.5. The Data Controller takes special care to protect the interests of persons whose the processed personal data concerns, and in particular is responsible for and ensures that the data collected by the Data Controller is: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which it is processed; (4) kept in a form that permits identification of persons whom it concerns, no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different level of probability and seriousness of risk, the Data Controller implements appropriate technical and organizational measures for processing in accordance with this Regulation and is able to prove it. These measures shall be reviewed and updated where necessary. The Data Controller uses technical measures to prevent unauthorized persons from acquisition and modification of personal data sent electronically.

1.7. All words, expressions and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. Seller, Online Store, and Electronic Service) should be understood in accordance with their definition contained in the Online Store Regulations available on the Online Store website.




2. GROUNDS FOR DATA PROCESSING


2.1. The Data Controller is entitled to process personal data in cases where - and to the extent to which - at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or take action at the request of the data subject prior to the conclusion of the contract; (3) processing is necessary to fulfill the legal obligation of the Data Controller; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Data Controller or by a third party, except when the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, prevail over those interests, in particular when the data subject is a child.

2.2. Processing of personal data by the Data Controller requires each time at least one of the grounds indicated in section 2.1 of the privacy policy. The specific grounds for processing the personal data of Customers and Clients of the Online Store by the Data Controller are indicated in the next section of the privacy policy - in relation to a given purpose of personal data processing by the Data Controller.




3. PURPOSE, GROUNDS, AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE


3.1. Each time, the purpose, basis and period as well as the recipient of personal data processed by the Administrator result from actions taken by the given Customer or Client in the Online Store or by the Administrator. For example, if the Customer decides to make purchases in the Online Store and selects personal collection of the purchased Product instead of delivery by courier, his personal data will be processed in order to conclude the Sales Agreement, but it will no longer be made available to the courier performing shipments at the request of the Data Controller.

3.2. TheAdministrator may process personal data in the Online Store for the following purposes, on the following grounds, during the periods as shown in the following table:


Purpose of processing data Legal basis for processing data Period of data storage
Execution of the Sales Contract or a contract for the provision of Electronic Services or taking action at the request of the subject of the data, before concluding the above agreements Article 6 paragraph 1 letter b) of the GDPR (carrying out of a contract). Processing the data is necessary to fulfilling the contract of which the data subject is party to, or to take action at the behest of the person whose data is being processed, prior to concluding the Agreement. The data is stored for the period of time necessary to carrying out, cancellation or expiry in some other manner of the concluded Agreement of Sale or Agreement involving the provision of electronic services.
Direct marketing Article 6 paragraph 1 letter f) of the GDPR (legally justified interest of the Administrator) - Data processing is necessary for the purposes of the legitimate interests of the Administrator – based on seeking the interests of and the good image of the Administrator, his Online Shop and efforts aimed at the sale of Products. The data is stored for the period that the legally justified interests of the Administrator exist, but no longer however than the period of limitation of the Administrator’s claims against the data subject due to the economic activity conducted by the Administrator. The statute of limitation is specified by law, particularly the Civil Code (basic term for the statute of limitations for claims connected with running a business is three years, and for a Sales Agreement – two years). The Administrator cannot proces data for the purposes of direct marketing where a person being the subject of the date expresses effective objection in this regard.
Marketing Article 6 paragraph 1 letter a) of the GDPR (consent) – the data subject has given consent for the processing of his/her personal data for marketing purposes by the Administrator. The data is stored up to the moment that the data subject withdraws consent for the further processing of their data for this purpose.
Keeping accounting books Article 6 paragraph 1 letter c) of the GDPR in connection with art. 74 par. 2 of the Accounting Act, of 30 January 2018 (Journal of Laws of 2018, item 395). Processing is necessary in order to fulfil the legal requirements being the responsibility of the Administrator. The data is stored for the period required by law requiring the Data Controller to store accounting books (5 years, counting from the beginning of the year following the business year the data concerns
Establishment, investigation or defense of claims that may be raised by the Data Controller or which may be raised against the Data Controller Article 6 paragraph 1 letter f) of the GDPR. (Administrator’s legitimate interest) - Data processing is necessary for the duration of the legitimate interest of the Administrator – depending on the establishment, investigation or defense of claims that may be incurred by the Administrator or which may be made against the Administrator. The data is stored for the period that the legally justified interests of the Administrator exist, but no longer however than the period of limitation of the Administrator’s claims against the Administrator (the basic period of limitation for claims against the Administrator is six years. )
Using the Shop web site and ensuring its correct functioning Article 6 paragraph 1 letter f) of the GDPR. (Administrator’s legitimate interest) – data processing is necessary for the duration of the legitimate interest of the Administrator – consisting in the operation and maintenance of the web site of the Online Shop. The data is stored for the period that the legally justified interests of the Administrator exist, but no longer however than the period of limitation of the Administrator’s claims against the person whose data it concerns, on account of the Adminsitrator’s business activities. The period of limitation is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to the conduct of busines activities is three years, and for the Sales Agreement – two years).
Keeping statistics and analysing traffic in the Online Shop Article 6 paragraph 1 letter f) of the GDPR. (Administrator’s legitimate interest) – data processing is necessary for the duration of the legitimate interest of the Administrator – involving the maintenance of statistics and traffic analysis in the Online Shop in order to improve its functioning and increase sales of Products. The data is stored for the period that the legally justified interests of the Administrator exist, but no longer however than the period of limitation of the Administrator’s claims against the person whose data it concerns, on account of the Adminsitrator’s business activities. The period of limitation is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to the conduct of busines activities is three years, and for the Sales Agreement – two years).


4. DATA RECEIVERS IN THE ONLINE STORE


4.1. For the proper functioning of the Online Store, including for the implementation of Sales Agreements concluded, it is necessary for the Data Controller to use the services of external entities (such as, for example, software provider, courier or payment processing agent). The Data Controller uses only the services of such processing entities that provide sufficient guarantees to implement the appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

4.2. Personal data may be shared by the Administrator with a third country, whereby the Controller shall ensure that, in such case, this will be done in relation to a country ensuring an adequate level of protection - in accordance with the GDPR Regulation and, in the case of other countries, that the transfer will take place on the basis of standard data protection clauses. The Administrator shall ensure that the data subject is able to obtain a copy of his/her data. The Administrator shall transfer the collected personal data only if and to the extent necessary for the fulfilment of the specific purpose of the processing in accordance with this privacy policy.

4.3. The personal data of the Clients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

4.3.1.. Carriers / forwarders / courier brokers - in the case of a Customer who uses the Online Store with the method of delivery of the Product by post or courier, the Data Controller provides the Customer's collected personal data to the selected carrier, forwarder or agent performing the shipment at the request of the Data Controller to the extent necessary to complete the delivery of the Product to the Customer.

4.3.2.. entities handling electronic payments or credit card payments - in the case of the Customer who uses the Online Store and uses electronic payment or payment by card, the Data Controller provides the Customer's collected personal data to the selected entity servicing the above payments in the Online Store at the request of the Data Controller in the scope necessary to handle payments made by the Customer.

4.3.3. service providers supplying the Data Controller with technical, IT and organizational solutions enabling the Data Controller to conduct business, including the Online Store and the Electronic Services provided via it (in particular, computer software suppliers to run the Online Store, electronic mail and hosting provider and business management software vendors and providing technical assistance to the Data Controller) - the Data Controller provides the collected personal data of the Customer to a selected supplier acting on the Data Controller’s behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

4.3.4. providers of accounting, legal and advisory services providing the Data Controller with accounting, legal or advisory support (in particular accounting office, law firm or debt collection company) - the Data Controller provides the collected personal data of a Customer to a selected supplier acting on the Data Controller’s behalf only in the case and to the extent necessary to carry out the given the purpose of data processing in accordance with this privacy policy.




5. PROFILING IN THE ONLINE STORE


5.1. The GDPR imposes on the Data Controller an obligation to inform about automated decision-making, including profiling referred to in art. 22 ust. 1 and 4 of the GDPR, and - at least in these cases - relevant information about the rules for their making, as well as the significance and envisaged consequences of such processing for the data subject. With this in mind, the Data Controller provides information on possible profiling in this section of the privacy policy.

5.2. The Data Controller may use profiling for direct marketing purposes in the Online Store, but the decisions made on its basis by the Data Controller do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, granting a given person a rebate, sending a rebate code, reminding about unfinished purchases, sending a Product proposal that may correspond to the interests or preferences of a given person, or offering better terms compared to the standard offer of the Online Store. Despite profiling, a given person makes a free decision whether they will want to use the rebate received in this way, or use better conditions and make a purchase in the Online Store

5.3. Profiling in the Online Store consists in an automatic analysis or forecast of a given person's behavior on the Online Store website, e.g. by adding a specific Product to the shopping cart, browsing a specific Product page in the Online Store, or by analyzing the previous history of purchases in the Online Store. The condition of such profiling is the Data Controller having personal data of a given person in order to be able to send e.g. a rebate code to such person.

5.4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and has legal effects on the person or substantially affects the person.




6. RIGHTS OF THE DATA SUBJECT


6.1. Right of access, rectification, restriction, deletion or transfer - the data subject has the right to request the Data Controller to access the data subject’s personal data, rectify it, remove it ("the right to be forgotten") or limit its processing and has the right to object to processing as well as the right to transfer the data subject’s data. Detailed conditions for the exercise of the above-mentioned rights are indicated in art. 15-21 of the GDPR Regulation.

6.2. The right to withdraw consent at any time - a person whose data is processed by the Data Controller on the basis of expressed consent (pursuant to Article 6 paragraph 1 letter a) or art. 9 par. 2 lit. a) of the GDPR), has the right to withdraw the consent at any time without affecting the legality of the processing, which was made on the basis of the consent before its withdrawal.

6.3. The right to lodge a complaint to the supervisory body - a person whose data is processed by the Data Controller, has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the GDPR and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Office for Personal Data Protection.

6.4. The right to object - the data subject has the right to object at any time - for reasons related to the data subject’s particular situation - to the processing of their personal data based on art. 6 par. 1 letter e) (public interest or public service) or f) (legitimate interest of the data controller), including profiling based on these provisions. In such a case, the Data Controller may no longer process such personal data unless the Data Controller demonstrates the existence of legally valid grounds for processing that override the interests, rights and freedoms of the data subject or the grounds for determining, investigating or defending claims.

6.5. Right to object to direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent the processing is related to such direct marketing.

6.6. In order to exercise the rights referred to in this section of the privacy policy, you can contact the Data Controller by sending a relevant message in writing or by e-mail to the Data Controller’s address indicated at the beginning of the privacy policy or using the contact form available on the Online Store website.




7. COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS


7.1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website of the Online Store (e.g. on the hard drive of the computer, laptop or in the smartphone memory card - depending which device is used visiting our Online Shop). Detailed information about cookies as well as the history of their creation can be found, among others here:
https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. The Data Controller may process the data contained in the Cookies when users use the Online Store for the following purposes:

7.2.1.. Saving the information on Products added to the cart in order to place an Order;

7.2.2. Saving the data from the filled in Order Forms, surveys or the Online Store login details;

7.2.3. Adjusting the content of the Online Store's website to the individual preferences of the Client (e.g. regarding colors, font size, and page layout) and optimizing the use of the Online Store websites;

7.2.4. Keeping anonymous statistics showing the manner of use of the Online Store website;

7.3. The Administrator may process the data contained in Cookies when visitors use the website of the Online Shop for the following specific purposes:

Purposes of using cookies in the Administrator's Online Shop To identify customers as logged in to the Online Shop and show that they are logged in (essential cookies)

Remembering the Products added to the shopping basket with the aim of placing an Order (cookies required)

Storing data from completed Order Forms, surveys or login data for the Online Shop (essential and/or functional/preference cookies)

adapting the content of the website of the Internet Shop to the individual preferences of the Customer (e.g. as regards colours, font size, page layout) and optimising the use of the pages of the Internet Shop (functional/preference cookies)

keeping anonymous statistics showing how the website of the Internet Shop is used (analytical and performance cookies)

Display and rendering of advertisements, to limit the number of times advertisements are displayed and to ignore those advertisements which the Client does not wish to see, to measure the effectiveness of advertisements, and to personalise advertisements, i.e. to study the behavioural characteristics of visitors to the Online Shop through anonymous analysis of their actions (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, including when they visit other Google Ireland Ltd and Meta Platforms Ireland Ltd websites on the Internet (marketing, advertising and social media cookies)

7.4. Browser settings in the scope of cookies are important from the point of view of consent to the use of cookies by our Online Store - in accordance with the law; such consent can also be expressed through the settings of the web browser. In the absence of such consent, the browser settings for cookies should be changed accordingly.

7.5. Detailed information on changing cookies settings and their removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click the link):


Chrome
Firefox
Internet Explorer
Opera
Safari
Microsoft Edge


7.6. The Data Controller may use Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Irlandia). These services help the Data Controller analyze the traffic in the Online Store. The data collected is processed as part of the aforementioned services in an anonymised manner (this is the so-called operating data that prevents the identification of a person) to generate statistics helpful in administering the Online Store. This data is aggregate and anonymous in nature, i.e. it does not contain identification features (personal data) of the visitors to the Online Store. The Data Controller using the above services in the Online Store collects such data as the source and medium of obtaining visitors to the Online Store and how they behave on the Online Store website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age , sex) and interests.

7.7. Any person can easily block Google Analytics from sharing information about their activity on the Online Store website - in order to so it is enough to install the browser plug-in provided by Google Ireland Ltd. for this purpose available here: https://tools.google.com/dlpage/gaoptout?hl=en.


7.8. The Data Controller may use the Facebook Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) in the Online Store. This service helps the Data Controller to measure the effectiveness of advertisements and find out what activities the visitors of the online store are taking, as well as display relevant ads to these vistors. Detailed information about the operation of the Facebook Pixel can be found at the following Internet address:
https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.9. In connection with the Administrator's ability to use advertising and analytical services provided by Google Ireland Ltd. in the Internet Shop, the Administrator points out that full information on the principles of processing of data of visitors to the Internet Shop (including information saved in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services available at: https://policies.google.com/technologies/partner-sites.




8. FINAL PROVISIONS


8.1. The Online Store may contain links to other websites. The Data Controller urges to read the privacy policy of other websites. This privacy policy applies only to the Data Controller's Online Store.