PRIVACY POLICY
TRUCKBP.PL ONLINE STORE

TABLE OF CONTENTS:
1. GENERAL PROVISIONS
2. BASICS OF DATA PROCESSING
3. PURPOSE, LEGAL BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
4. RECIPIENTS OF DATA IN THE ONLINE STORE
5. TARGETING IN AN ONLINE STORE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE STORE AND ANALYTICS
8. FINAL PROVISIONS

1. GENERAL PROVISIONS
1.1. This Online Shop’s privacy policy is for information purposes only, which means that it does not impose any obligations on the Online Shop’s Service Users or Customers. The Privacy Policy primarily sets out the rules governing the processing of personal data by the Controller in the Online Shop, including the legal basis, purposes and duration of such processing, as well as the rights of data subjects; it also provides information on the use of cookies and analytical tools in the Online Shop.
1.2. The data controllers for the personal data collected via the Online Shop are the partners who jointly operate a business under a partnership agreement under the name TRUCK BP S.C. ŁAMANOWSKA-LISKOWSKA, KUCHARSKI (business address: ul. Bosmańska 3, 62-510 Konin and address for service: Spławie 60A, 62-590 Golina), civil law partnership tax identification number (NIP): 6652883394, REGON number of the civil law partnership: 300937163, e-mail address: biuro1@truckbp.pl, telephone number +48 669-303-059, i.e.:
ANNA ŁAMANOWSKA-LISKOWSKA conducting business activity under the name ŁAMANOWSKA-LISKOWSKA ANNA (business address: ul. Bosmańska 3, 62-510 Konin) entered in the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister responsible for the economy, NIP: 6652320478, REGON: 311604007;
BARTOSZ KUCHARSKI conducting business activity under the name KUCHARSKI BARTOSZ (business address: ul. Bosmańska 3, 62-510 Konin) entered in the Central Register and Information on Economic Activity of the Republic of Poland maintained by the Minister responsible for the economy, Tax Identification Number (NIP): 6651623768, National Business Registry Number (REGON): 311097384
– hereinafter referred to as the “Controller”, who is also the Online Shop Service Provider and the Seller.
1.3. Personal data in the Online Shop is processed by the Controller in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the ‘GDPR’ or the ‘GDPR Regulation’. Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. The use of the Online Store, including making purchases, is voluntary. Similarly, the provision of personal data by a Service User or Customer using the Online Shop is voluntary, subject to two exceptions: (1) entering into contracts with the Controller – failure to provide, in the cases and to the extent specified on the Online Store website, in the Online Store Terms and Conditions and in this privacy policy, the personal data necessary for the conclusion and performance of a Sales Contract or a contract for the provision of Electronic Services with the Controller will result in the inability to conclude such a contract. In such cases, the provision of personal data is a contractual requirement, and if the data subject wishes to enter into the relevant contract with the Controller, they are obliged to provide the required data. In each case, the scope of data required to conclude a contract is specified in advance on the Online Shop’s website and in the Online Shop’s Terms and Conditions; (2) the Controller’s legal obligations – the provision of personal data is a legal requirement arising from generally applicable legal provisions imposing an obligation on the Controller to process personal data (e.g. (processing data for the purposes of maintaining tax or accounting records) and failure to provide such data will prevent the Controller from fulfilling these obligations.
1.5. The controller takes particular care to protect the interests of the data subjects whose personal data it processes, and in particular is responsible for ensuring that the data it collects is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; (3) factually accurate and relevant to the purposes for which they are processed; (4) stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
1.6. Taking into account the nature, scope, context and purposes of the processing, as well as the risk of infringement of the rights or freedoms of natural persons, which varies in likelihood and severity, the Controller implements appropriate technical and organisational measures to ensure that the processing is carried out in accordance with the GDPR and to be able to demonstrate this. These measures are reviewed and updated as necessary. The controller implements technical measures to prevent unauthorised persons from accessing or altering personal data transmitted electronically.
1.7. All words, phrases and acronyms appearing in this privacy policy and beginning with a capital letter (e.g. (Seller, Online Shop, Electronic Service) should be understood in accordance with their definitions set out in the Online Shop Terms and Conditions available on the Online Shop’s website.

2. BASICS OF DATA PROCESSING
2.1. The controller is authorised to process personal data where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2.2. The processing of personal data by the Controller requires, in each case, the existence of at least one of the grounds set out in point 2.1 Privacy Policy. The specific legal grounds for the Controller’s processing of the personal data of Service Users and Online Shop Customers are set out in the following section of the privacy policy – in relation to the specific purpose of the Controller’s processing of personal data.

3. PURPOSE, LEGAL BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
The conclusion of a Sales Agreement between the Customer and the Seller takes place after the Customer has placed an Order using the Order Form in the Online Store in accordance with section 3.2. In each case, the purpose, legal basis, retention period and recipients of the personal data processed by the Controller are determined by the actions taken by the relevant Service User or Customer in the Online Shop or by the Controller. For example, if a Customer decides to make a purchase from the Online Shop and chooses to collect the purchased Product in person rather than have it delivered by courier, their personal data will be processed for the purpose of fulfilling the Sales Contract, but will not be shared with the carrier handling deliveries on behalf of the Controller.
3.2. The Data Controller may process personal data within the Online Shop for the following purposes, on the legal grounds and for the periods set out in the table below:

4. RECIPIENTS OF DATA IN THE ONLINE STORE
4.1. In order for the Online Shop to function properly, including the fulfilment of concluded Sales Agreements, it is necessary for the Administrator to use the services of third parties (such as, for example, (software provider, courier or payment processor). The controller shall only use the services of processors who provide sufficient guarantees that they will implement appropriate technical and organisational measures to ensure that the processing meets the requirements of the GDPR and protects the rights of data subjects.
4.2. The Controller does not transfer data in every instance, nor to all recipients or categories of recipients specified in the privacy policy – the Controller transfers data only where this is necessary to achieve the specific purpose of processing personal data, and only to the extent necessary to achieve that purpose. For example, if a customer chooses to collect their order in person, their details will not be passed on to the carrier working with the Controller.
4.3. The personal data of Service Users and Customers of the Online Shop may be disclosed to the following recipients or categories of recipients:
4.3.1. carriers / freight forwarders / courier brokers / entities managing the warehouse and/or the dispatch process – in the case of a Customer who, when using the Online Shop, chooses to have the Product delivered by post or courier, the Controller shall make the Customer’s personal data available to the selected carrier, freight forwarder or intermediary handling the shipment on the Controller’s behalf, and if the shipment is dispatched from an external warehouse – to the entity managing the warehouse and/or the dispatch process – to the extent necessary to deliver the Product to the Customer.
4.3.2. entities processing electronic or card payments – where a Customer uses an electronic or card payment method in the Online Shop, the Controller shall make the Customer’s personal data available to the selected entity processing such payments in the Online Shop on the Controller’s behalf, to the extent necessary to process the payment made by the Customer.
4.3.3. service providers supplying the Controller with technical, IT and organisational solutions enabling the Controller to conduct business activities, including the Online Shop and the Electronic Services provided through it (in particular, suppliers of computer software for operating the Online Shop, email and hosting providers, and suppliers of business management software and technical support to the Controller) – The Controller shall make the collected personal data of the Customer available to a selected supplier acting on its behalf only where and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.
4.3.4. accounting, legal and advisory service providers providing the Controller with accounting, legal or advisory support (in particular an accounting firm, a law firm or a debt collection agency) – The Controller shall make the collected personal data of the Customer available to a selected provider acting on its behalf only where and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.

5. TARGETING IN AN ONLINE STORE
5.1. The GDPR requires the Controller to provide information on automated decision-making, including profiling, as referred to in Article 22( Articles 1 and 4 of the GDPR, and – at least in those cases – relevant information on the grounds for such processing, as well as on the significance and anticipated consequences of such processing for the data subject. With this in mind, the Controller provides information in this section of the privacy policy regarding potential profiling.
5.2. The Controller may use profiling in the Online Shop for direct marketing purposes, but any decisions taken by the Controller on this basis do not affect the conclusion or refusal to conclude a Sales Contract, nor the ability to use the Electronic Services in the Online Shop. The use of profiling on the Online Shop may result in, for example, offering a discount to a customer, sending them a discount code, reminding them of unfinished purchases, sending suggestions for products that may match their interests or preferences, or offering better terms than the standard offer available on the online shop. Despite the profiling, the individual is free to decide whether to take advantage of the discount or the better terms offered and make a purchase in the online shop.
5.3. Profiling on the Online Shop involves the automatic analysis or prediction of a person’s behaviour on the Online Shop’s website, for example: by adding a specific Product to the basket, viewing the page for a specific Product in the Online Shop, or by analysing your previous purchase history in the Online Shop. A prerequisite for such profiling is that the data controller holds the individual’s personal data, so that they can subsequently send them, for example, discount code.
5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

6. RIGHTS OF THE DATA SUBJECT
6.1. The right of access, rectification, restriction, erasure or data portability – the data subject has the right to request from the Controller access to their personal data, its rectification, erasure (‘the right to be forgotten’) or restriction of processing; they also have the right to object to the processing, as well as the right to data portability. The detailed conditions for exercising the rights set out above are set out in Article Articles 15–21 of the GDPR.
6.2. The right to withdraw consent at any time – a data subject whose data is processed by the Controller on the basis of consent given (pursuant to Article 6( 1(a) (a) or Article 9( 2(a) (a) the GDPR, has the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of consent prior to its withdrawal.
6.3. The right to lodge a complaint with a supervisory authority – a data subject whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and in accordance with the procedures set out in the GDPR and under Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
6.4. Right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6( 1(a) (e) (public interest or public tasks) or (f) (the controller’s legitimate interests), including profiling based on those provisions. In such cases, the controller may no longer process that personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds relating to the establishment, exercise or defence of legal claims.
6.5. Right to object regarding direct marketing – where personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
6.6. To exercise the rights referred to in this section of the privacy policy, you may contact the Controller by sending a written message or an email to the Controller’s address provided at the beginning of the privacy policy, or by using the contact form available on the Online Shop’s website.

7. COOKIES IN THE ONLINE STORE AND ANALYTICS
7.1. Cookies are small pieces of text information in the form of text files, sent by the server and stored on the device of the person visiting the Online Shop (e.g. on the hard drive of a computer or laptop, or on a smartphone’s memory card – depending on which device the visitor to our online shop is using). Further information regarding Information about cookies, as well as their history, can be found at et al. here: https://pl.wikipedia.org/wiki/HTTP_cookie.
7.2. The administrator may provide a tool on the Website for the easy and active management of cookies – this tool is available upon your first visit to the Website and can subsequently be accessed via the Website’s footer. Active management allows you, amongst other things, to check which cookies are or may be stored whilst using the Website, as well as to select and subsequently change the scope and purposes of cookie use in relation to the device and the person visiting the Website. When you start using the Website, you will be asked to select your cookie settings. You can change these settings at a later date by adjusting the settings within this tool, which is available on the website.
7.3. In the privacy policy, the controller provides a range of information regarding the use of cookies on the Website, their types and purposes, and how they are managed, for example by using your web browser settings and/or the cookie management tool available on the Website. The administrator encourages you to use the cookie management tool available on the Website, which allows you to easily and actively manage cookies whilst using the Website; if this tool is not available, please read the information below regarding including managing cookies from within your browser.
7.4. Cookies that may be sent by the Online Shop website can be categorised into different types according to the following criteria:

7.5. The controller may process the data contained in cookies when visitors use the Online Shop website for the following specific purposes:

7.6. You can check which cookies are currently being sent by the Online Shop’s website, regardless of the web browser you are using, by using tools available, for example, at: https://www.cookiemetrix.com or https://www.cookie-checker.com.
7.7. By default, most web browsers available on the market accept cookies. Everyone can set their own preferences regarding the use of cookies via their web browser settings. This means that, for example, partially restrict (e.g. (temporarily) or completely disable the saving of cookies – in the latter case, however, this may affect certain features of the Online Shop (for example, it may not be possible to complete the Order process via the Order Form, as the Products in the basket will not be remembered during the subsequent steps of placing the Order).
7.8. Your web browser settings regarding cookies are important in relation to consenting to the use of cookies by our online shop – in accordance with the regulations, such consent may also be given via your web browser settings. Detailed information on how to change your cookie settings and delete cookies yourself in the most popular web browsers is available in your browser’s help section and on the websites below (simply click on the relevant link):
in the Chrome browser
in the Firefox browser
in Internet Explorer
in the Opera browser
in the Safari browser
in the Microsoft Edge browser
7.9. The Administrator may use Google Analytics and Universal Analytics services in the Online Shop, provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Administrator to compile statistics and analyse traffic on the Online Shop. The data collected is processed as part of the above services to generate statistics that assist in the administration of the Online Shop and the analysis of traffic on the Online Shop. This data is aggregated. When using the above services on the Online Shop, the Administrator collects data such as the sources and channels through which visitors access the Online Shop, as well as their behaviour on the Online Shop website; information about the devices and browsers they use to visit the site; their IP address and domain; geographical data; and demographic data (age, gender) and interests.
7 October Users can easily prevent their activity on the Online Shop website from being shared with Google Analytics – for example, by installing a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
7 November As the Controller may use advertising and analytics services provided by Google Ireland Ltd. on the Online Store, the Controller wishes to point out that full details regarding the processing of data relating to visitors to the Online Store (including information stored in cookies) by Google Ireland Ltd. can be found in Google’s privacy policy, available at: https://policies.google.com/technologies/partner-sites.

8. FINAL PROVISIONS
8.1. The online shop may contain links to other websites. The administrator advises you to read the privacy policy in place on those websites when you visit them. This privacy policy applies only to the Administrator’s Online Shop.