PRIVACY POLICY
OF THE QUERSUS.COM ONLINE STORE

TABLE OF CONTENTS:

1. GENERAL PROVISIONS
2. GROUNDS FOR DATA PROCESSING
3. PURPOSE, GROUNDS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
4. DATA RECEIVERS IN THE ONLINE STORE
5. PROFILING IN THE ONLINE STORE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS
8. FINAL PROVISIONS


1. GENERAL PROVISIONS

1.1. This Online Store privacy policy is informative, which means that it is not a source of obligations for Clients or Customers of the Online Store. The privacy policy contains primarily rules for the processing of personal data by the Data Controller in the Online Store, including the grounds, purposes and scope of processing personal data and the rights of data subjects, as well as information on the use of cookie files and analytical tools in the Online Store.

1.2. The controller of the personal data collected via the Online Store is QUERSUS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ (LIMITED LIABILITY COMPANY) entered into the National Court Register of the Republic of Poland kept by the minister competent for justice, with: its address of the place of business and address for delivery: ul. Podrzecze 182, 33-386 Podegrodzie, Poland, Tax ID No PL7343530735, and KRS 0000550308, e-mail address: quersus@quersus.uk, phone number: +48 18 5488488/884882832 - hereinafter referred to as the "Data Controller" and being at the same time the Service Provider of the Online Store and the Seller.

1.3. Personal data in the Online Store is processed by the Data Controller in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to processing of personal data and the free flow of such data and the repeal of Directive 95/46 / EC (general regulation on data protection) - hereinafter referred to as "GDPR" or the "GDPR Regulation". Official text of the GDPR Regulation: http://eurlex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4. Using the Online Store, including making purchases is voluntary. Similarly, giving personal data related to the use of the Online Store by the Client or the Customer using the Online Store is voluntary, subject to two exceptions: (1) Entering into agreements with the Data Controller - failure to provide personal data necessary to conclude and perform a Sales Agreement or a contract for the provision of Electronic Services with the Data Controller in cases and in the scope indicated on the Online Store website, in the Online Store Regulations and this privacy policy results in the inability to conclude this Agreement. Providing personal data is in this case a contractual requirement and if the data subject wants to conclude a given agreement with the Data Controller, the data subject is obliged to provide the required data. Each time, the scope of data required to conclude a contract is indicated previously on the Online Store website and in the Online Store Regulations; (2) the Data Controller's statutory obligations - providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing an obligation on the data Controller to process personal data (e.g. data processing for the purpose of keeping tax or accounting books) and failure to provide the data will prevent the Data Controller from performing these duties.

1.5. The Data Controller takes special care to protect the interests of persons whose the processed personal data concerns, and in particular is responsible for and ensures that the data collected by the Data Controller is: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which it is processed; (4) kept in a form that permits identification of persons whom it concerns, no longer than it is necessary to achieve the purpose of processing, and (5) processed in a manner that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context and purposes of processing as well as the risk of violating the rights or freedoms of natural persons with different level of probability and seriousness of risk, the Data Controller implements appropriate technical and organizational measures for processing in accordance with this Regulation and is able to prove it. These measures shall be reviewed and updated where necessary. The Data Controller uses technical measures to prevent unauthorized persons from acquisition and modification of personal data sent electronically.

1.7. All words, expressions and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. Seller, Online Store, and Electronic Service) should be understood in accordance with their definition contained in the Online Store Regulations available on the Online Store website.


2. GROUNDS FOR DATA PROCESSING

2.1. The Data Controller is entitled to process personal data in cases where - and to the extent to which - at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or take action at the request of the data subject prior to the conclusion of the contract; (3) processing is necessary to fulfill the legal obligation of the Data Controller; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Data Controller or by a third party, except when the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, prevail over those interests, in particular when the data subject is a child.

2.2. Processing of personal data by the Data Controller requires each time at least one of the grounds indicated in section 2.1 of the privacy policy. The specific grounds for processing the personal data of Customers and Clients of the Online Store by the Data Controller are indicated in the next section of the privacy policy - in relation to a given purpose of personal data processing by the Data Controller.


3. PURPOSE, GROUNDS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE

3.1. Each time, the purpose, grounds, period and scope as well as the recipient of personal data processed by the Data Controller result from actions taken by a given Customer or Client in the Online Store. For example, if the Customer decides to make purchases in the Online Store and selects a personal collection of the purchased Product instead of a courier mail, the Customer’s personal data will be processed in order to execute the concluded Sales Agreement, but it will no longer be made available to the carrier performing the shipment at the request of the Data Controller.

3.2. The Data Controller may process personal data in the Online Store for the following purposes, on the following grounds, in periods and in the following scope:

Purpose of processing data Legal basis for processing and data retention period Scope of processing data
Implementation of the Sales Agreement or a contract for the provision of Electronic Services or taking action at the request of the data subject, before concluding the above agreements Article 6 paragraph 1 letter b) of the GDPR (performance of a contract). The data is stored for the period necessary to perform, expire or otherwise terminate the concluded contract. Maximum scope: name and surname; e-mail address; contact phone number; delivery address (street, house number, apartment number, post code, city, country), address of residence / business / seat (if different from delivery address) and customer identification number. In the case of Client or Customers who are not consumers, the Data Controller may also process the company name and tax identification number of the Customer or Client. The specified scope is maximal - in the case of, for example, personal collection, it is not necessary to provide the delivery address.
Direct marketing Article 6 paragraph 1 letter f) of the GDPR (legally justified interest of the data controller). The data is stored for the duration of the legitimate interest pursued by the Data Controller, but no longer than during the period of limitation of claims against the data subject due to the business activity conducted by the Data Controller. The limitation period is defined by the law, in particular the Civil Code (the basic period of limitation for claims related to running a business is three years, and for a contract of sale - two years). The Data Controller cannot process data for direct marketing purposes in case of effective opposition in this regard carried by the data subject. E-mail address
Marketing Article 6 paragraphs 1 letter a) of the GDPR (consent). The data is stored until the consent for further processing of the data for this purpose is withdrawn by the data subject. First name, e-mail address
Keeping accounting books Article 6 paragraph 1 letter c) of the GDPR in connection with art. 74 par. 2 of the Accounting Act, of 30 January 2018 (Journal of Laws of 2018, item 395). The data is stored for the period required by law requiring the Data Controller to store accounting books (5 years, counting from the beginning of the year following the business year the data concerns). First name and surname; address of residence / business activity / registered office (if different from the delivery address), company name and tax identification number of the Client or Customer
Establishment, investigation or defense of claims that may be raised by the Data Controller or which may be raised against the Data Controller Article 6 paragraph 1 letter f) of the GDPR. The data is stored for the duration of the legitimate interest pursued by the Data Controller, but no longer than during the period of limitation of claims against the data subject due to the business activity conducted by the Data Controller. The limitation period is defined by the law, in particular the Civil Code (the basic period of limitation for claims related to running a business is three years, and for a contract of sale - two years). First name and surname; contact phone number; e-mail address; delivery address (street, house number, apartment number, post code, city, country), address of residence / business / seat (if different from delivery address). In the case of Clients or Customers who are not consumers, the Data Controller may additionally process the company name and tax identification number of the Client or the Customer.

4. DATA RECEIVERS IN THE ONLINE STORE

4.1. For the proper functioning of the Online Store, including for the implementation of Sales Agreements concluded, it is necessary for the Data Controller to use the services of external entities (such as, for example, software provider, courier or payment processing agent). The Data Controller uses only the services of such processing entities that provide sufficient guarantees to implement the appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

4.2. The transfer of data by the Data Controller is not in each case and not to all recipients or categories of recipients indicated in the privacy policy - the Data Controller provides data only when it is necessary for the purpose of processing personal data and only to the extent necessary to achieve the purpose. For example, if a Customer uses a personal collection, the Customer data will not be transferred to the carrier cooperating with the Data Controller.

4.3. The personal data of the Clients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

4.3.1.. Carriers / forwarders / courier brokers - in the case of a Customer who uses the Online Store with the method of delivery of the Product by post or courier, the Data Controller provides the Customer's collected personal data to the selected carrier, forwarder or agent performing the shipment at the request of the Data Controller to the extent necessary to complete the delivery of the Product to the Customer.

4.3.2.. entities handling electronic payments or credit card payments - in the case of the Customer who uses the Online Store and uses electronic payment or payment by card, the Data Controller provides the Customer's collected personal data to the selected entity servicing the above payments in the Online Store at the request of the Data Controller in the scope necessary to handle payments made by the Customer.

4.3.3. service providers supplying the Data Controller with technical, IT and organizational solutions enabling the Data Controller to conduct business, including the Online Store and the Electronic Services provided via it (in particular, computer software suppliers to run the Online Store, electronic mail and hosting provider and business management software vendors and providing technical assistance to the Data Controller) - the Data Controller provides the collected personal data of the Customer to a selected supplier acting on the Data Controller’s behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

4.3.4. providers of accounting, legal and advisory services providing the Data Controller with accounting, legal or advisory support (in particular accounting office, law firm or debt collection company) - the Data Controller provides the collected personal data of a Customer to a selected supplier acting on the Data Controller’s behalf only in the case and to the extent necessary to carry out the given the purpose of data processing in accordance with this privacy policy.


5. PROFILING IN THE ONLINE STORE

5.1. The GDPR imposes on the Data Controller an obligation to inform about automated decision-making, including profiling referred to in art. 22 ust. 1 and 4 of the GDPR, and - at least in these cases - relevant information about the rules for their making, as well as the significance and envisaged consequences of such processing for the data subject. With this in mind, the Data Controller provides information on possible profiling in this section of the privacy policy.

5.2. The Data Controller may use profiling for direct marketing purposes in the Online Store, but the decisions made on its basis by the Data Controller do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, granting a given person a rebate, sending a rebate code, reminding about unfinished purchases, sending a Product proposal that may correspond to the interests or preferences of a given person, or offering better terms compared to the standard offer of the Online Store. Despite profiling, a given person makes a free decision whether they will want to use the rebate received in this way, or use better conditions and make a purchase in the Online Store

5.3. Profiling in the Online Store consists in an automatic analysis or forecast of a given person's behavior on the Online Store website, e.g. by adding a specific Product to the shopping cart, browsing a specific Product page in the Online Store, or by analyzing the previous history of purchases in the Online Store. The condition of such profiling is the Data Controller having personal data of a given person in order to be able to send e.g. a rebate code to such person.

5.4. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and has legal effects on the person or substantially affects the person.


6. RIGHTS OF THE DATA SUBJECT

6.1. Right of access, rectification, restriction, deletion or transfer - the data subject has the right to request the Data Controller to access the data subject’s personal data, rectify it, remove it ("the right to be forgotten") or limit its processing and has the right to object to processing as well as the right to transfer the data subject’s data. Detailed conditions for the exercise of the above-mentioned rights are indicated in art. 15-21 of the GDPR Regulation.

6.2. The right to withdraw consent at any time - a person whose data is processed by the Data Controller on the basis of expressed consent (pursuant to Article 6 paragraph 1 letter a) or art. 9 par. 2 lit. a) of the GDPR), has the right to withdraw the consent at any time without affecting the legality of the processing, which was made on the basis of the consent before its withdrawal.

6.3. The right to lodge a complaint to the supervisory body - a person whose data is processed by the Data Controller, has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the GDPR and Polish law, in particular the Act on the Protection of Personal Data. The supervisory body in Poland is the President of the Office for Personal Data Protection.

6.4. The right to object - the data subject has the right to object at any time - for reasons related to the data subject’s particular situation - to the processing of their personal data based on art. 6 par. 1 letter e) (public interest or public service) or f) (legitimate interest of the data controller), including profiling based on these provisions. In such a case, the Data Controller may no longer process such personal data unless the Data Controller demonstrates the existence of legally valid grounds for processing that override the interests, rights and freedoms of the data subject or the grounds for determining, investigating or defending claims.

6.5. Right to object to direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent the processing is related to such direct marketing.

6.6. In order to exercise the rights referred to in this section of the privacy policy, you can contact the Data Controller by sending a relevant message in writing or by e-mail to the Data Controller’s address indicated at the beginning of the privacy policy or using the contact form available on the Online Store website.


7. COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS

7.1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the website of the Online Store (e.g. on the hard drive of the computer, laptop or in the smartphone memory card - depending which device is used visiting our Online Shop). Detailed information about cookies as well as the history of their creation can be found, among others here:
https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. The Data Controller may process the data contained in the Cookies when users use the Online Store for the following purposes:

7.2.1.. Saving the information on Products added to the cart in order to place an Order;

7.2.2. Saving the data from the filled in Order Forms, surveys or the Online Store login details;

7.2.3. Adjusting the content of the Online Store's website to the individual preferences of the Client (e.g. regarding colors, font size, and page layout) and optimizing the use of the Online Store websites;

7.2.4. Keeping anonymous statistics showing the manner of use of the Online Store website;

7.3. As a rule, most web browsers available on the market accept cookies by default. Everyone has the possibility to define the terms of using cookies using the own browser settings. This means that the user can, for example, partially restrict (e.g. temporarily) or completely disable the option of saving cookies - in the latter case, however, it may affect some functionalities of the Online Store (for example, it may not be possible to pass the order path through the Order Form due to the fact that the Products in the cart wil not be saved through the steps of placing the Order).

7.4. Browser settings in the scope of cookies are important from the point of view of consent to the use of cookies by our Online Store - in accordance with the law; such consent can also be expressed through the settings of the web browser. In the absence of such consent, the browser settings for cookies should be changed accordingly.

7.5. Detailed information on changing cookies settings and their removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click the link):

Chrome

Firefox

Internet Explorer

Opera

Safari

Microsoft Edge

7.6. The Data Controller may use Google Analytics, Universal Analytics provided by Google Inc. in the Online Store. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA. These services help the Data Controller analyze the traffic in the Online Store. The data collected is processed as part of the aforementioned services in an anonymised manner (this is the so-called operating data that prevents the identification of a person) to generate statistics helpful in administering the Online Store. This data is aggregate and anonymous in nature, i.e. it does not contain identification features (personal data) of the visitors to the Online Store. The Data Controller using the above services in the Online Store collects such data as the source and medium of obtaining visitors to the Online Store and how they behave on the Online Store website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age , sex) and interests.

7.7. Any person can easily block Google Analytics from sharing information about their activity on the Online Store website - in order to so it is enough to install the browser plug-in provided by Google Inc. for this purpose available here: https://tools.google.com/dlpage/gaoptout?hl=en.

7.8. The Data Controller may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) in the Online Store. This service helps the Data Controller to measure the effectiveness of advertisements and find out what activities the visitors of the online store are taking, as well as display relevant ads to these vistors. Detailed information about the operation of the Facebook Pixel can be found at the following Internet address:
https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.9. Managing the operation of Facebook's Pixel is possible by setting the ads in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.


8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Data Controller urges to read the privacy policy of other websites. This privacy policy applies only to the Data Controller's Online Store.