Privacy Policy

Contents:

1. This Privacy Policy sets out the rules for the processing and protection of personal data of Customers using the online store available at https://spreest.pl (hereinafter referred to as the "Online Store").
2. This Privacy Policy constitutes the fulfillment of the information obligation incumbent on the Controller in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as "GDPR").

The Controller of Personal Data of Customers of the Online Store is Spreest Sp. z o. o., ul. Powstania Styczniowego 55, 05-074 Długa Kościelna, Tax Identification Number: 8222391241 , REGON: 52105004900000 , KRS 0000948155 , e-mail address: sklep@spreest.pl. (hereinafter referred to as the "Administrator").

You can contact the Administrator via e-mail: sklep@spreest.pl or in writing to the following address: Spreest Sp. z o. o., Powstania Styczniowego 55, 05-074 Długa Kościelna  

1. The Administrator processes Customers' personal data in accordance with the provisions of the GDPR.
2. The Administrator applies technical and organisational measures required by EU law to ensure the protection of personal data being processed and to secure personal data against disclosure to unauthorised persons, takeover by unauthorised persons, processing in violation of the regulations and alteration, loss or destruction.
3. The Administrator declares that providing data marked as required in the Online Store is voluntary, but necessary to use the functionality, including creating and maintaining a Customer account and placing and fulfilling an order.

1. Customers' personal data will be processed for the following purposes:

1. Customer data will be stored for the following period:
2. data relating to the provision of services under the Regulations - for the period of provision of a given service, unless their further storage is justified by the limitation period for claims or results from generally applicable provisions of law,
3. data related to the execution of orders - for a period of 5 years from the end of the year in which the sale took place, unless their further storage is justified by the limitation period for claims,
4. maintaining the newsletter service – until you unsubscribe from the newsletter,
5. data related to the implementation of marketing activities – until an objection is raised,
6. data related to responding to an e-mail, telephone or online chat message – until the correspondence is conducted or the consent is withdrawn, unless further storage of the data is justified by an overriding interest of the Controller, e.g. defense against possible claims,
7. keeping statistics – until an objection is raised, but no longer than for a period of 50 months from the time of the Customer's last activity on the website
8. archival purposes – for the period necessary to achieve this purpose,
9. establishing, investigating or defending against claims – for the period necessary to achieve this purpose,

§7 Categories of personal data
The Administrator collects, processes and stores the following Customer data:

1. in connection with the creation of a Customer Account – first name, last name, e-mail address and other data entered in the Customer Account;

2. in connection with placing an Order – e-mail address, name and surname, correspondence address (street, house/apartment number, postal code, town, country), telephone number, and in the case of Entrepreneurs additionally: company name and Tax Identification Number;

3. in connection with the delivery of sales documents
   – in particular e-Receipt or e-Invoice:
   e-mail address and/or telephone number, used to send a unique hyperlink or notification of the issuance of a document;

4. in connection with contact by e-mail, telephone or online chat – e-mail address, name and surname and telephone number;

5. in connection with the provision of the newsletter service – e-mail address.

In the remaining scope, the Administrator processes only the data necessary to achieve a given purpose.

When using the Online Store, the Administrator automatically collects and stores information such as: IP address, request URL, device identifier, amount of time spent on individual pages, browser type and version, browser language, date and time of using the website, screen resolution, type and version of the operating system and other such information.

1. The Online Store uses small files called cookies. They are stored on the end device of the person visiting the Online Store.
2. Cookies are computer data, specifically text files, stored on the Customer's end device and intended for use with the Online Store. Cookies typically contain the name of the website they originate from, the duration of their storage on the end device, and a unique number.
3. Cookies are used for the following purposes:
1. recognizing the device used by the Customer in order to properly display the content of the page,
2. creating statistics that help us understand how customers use websites, which allows us to improve their structure and content,
3. maintaining the Online Store Customer’s session, thanks to which the Customer does not have to re-enter the login and password on each subpage of the Online Store,
4. adjusting the content and functioning of the Online Store by matching an anonymous, randomly generated tracking identifier, which makes it possible to, among other things, check where the Customer comes from, what search engine they used, what link they clicked on, what keywords they entered and at what point they stopped using the Online Store,
4. Web browsers typically allow cookies to be stored on the customer's end device by default. Customers can change these settings. The web browser allows for the deletion of stored cookies and their automatic blocking. Using the Online Store without changing the cookie settings in your browser constitutes acceptance of cookies, which will result in them being stored on the customer's device. For detailed information, please refer to the help file or documentation for your web browser.
5. The online store uses marketing and analytical tools from third-party providers who use cookies in the online store. These tools are primarily provided by Google Ireland Limited (Google Analytics, Google Ads, Google Search Console) and Facebook Ireland Limited (Facebook Pixel). This website also uses additional Google Analytics features (Google Analytics Advertising Features). You can change this not only through the above-mentioned browser settings, but also through Google's advertising preferences. More information about the cookies used by the above-mentioned providers can be found in their privacy policies. Some of the above-mentioned providers may store customer data outside the European Economic Area. In such cases, your data will be transferred only to countries that provide an adequate level of protection, and to countries that do not provide an adequate level of protection, only if appropriate safeguards are in place, including standard contractual clauses adopted by the European Commission.

1. Customers' personal data may be transferred to entities to which the Administrator entrusts the processing of personal data on the basis of agreements and to entities authorized to obtain personal data under the law.
2. In order to perform the contract concluded via the Online Store and to ensure the proper functioning of the Store, the Administrator makes the personal data of Customers available, in particular, to entities providing services:
1. postal, forwarding and courier services as well as order processing,
2. electronic payments,
3. accounting,
4. hosting,
5. IT and the supply of software and tools, in particular for conducting analytical research, creating statistics, tracking traffic on our website, marketing automation, CRM systems,
6. marketing in the field of online store management,
3. Entities providing services to the Controller may store Customer data outside the European Economic Area. In such situations, User data will be transferred only to countries that ensure an adequate level of protection, and to countries that do not ensure an adequate level of protection, only if appropriate safeguards are in place, including, among others, standard contractual clauses adopted by the European Commission.
4. The entity operating the Eparagony System (eparagony.pl) to the extent necessary to issue, store and make available the eReceipt;
   
5. Entity operating the e-Invoice System or the National e-Invoice System (KSeF) – to the extent necessary to issue and deliver e-Invoices.

1. The Customer has the right to access their data and the right to request its rectification, deletion, or restriction of processing. To the extent that the basis for processing personal data is the legitimate interest of the controller, the Customer has the right to object to the processing of their personal data.
2. To the extent that the processing of the Client's personal data is based on consent, the Client has the right to withdraw consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
3. To the extent that the Customer's data is processed for the purpose of concluding and performing the Agreement or processed based on consent, the Customer also has the right to data portability, i.e., to receive personal data from the controller in a structured, commonly used, machine-readable format. The Customer may transmit this data to another controller.
4. The customer also has the right to lodge a complaint with the supervisory authority responsible for personal data protection.