Alertbag.pl Privacy Policy
Protecting your privacy is very important to us, therefore, below we present information on how we collect, use, and protect the personal data of users of the alertbag.pl store (“Store“). The personal data administrator is the company
§ 1 Definitions
The following terms are used in this Privacy Policy:
- User – any natural person visiting the Store or using electronically supplied services.
- Personal Data – information about an identified or identifiable natural person (e.g., name, surname, address, phone number, email address, device IP, location data, browser identifiers), as defined by GDPR.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.
- Cookies – small text files stored on the User’s device; the Store uses both session and persistent files to improve functionality, remember preferences, and conduct statistics.
§ 2 Scope of Data Collected
The Administrator processes Users’ personal data collected during:
- Account registration or order placement: name, surname, residential or delivery address, email address, phone number, purchase history, delivery information, and payment data (e.g., payment method, card type, card number, expiration date, CVV number), payment history.
- Contact with the Administrator: data provided in the correspondence (email address, phone number) – to respond to inquiries.
- Automatically collected data: IP address, domain name, internet browser type, operating system, visit time, activity history – this information is collected in system logs and through cookies.
§ 3 Purposes and Legal Bases for Data Processing
Personal data is processed for the following purposes and on the following legal bases:
- Conclusion and performance of a sales contract or provision of electronic services – including account creation, order fulfillment, complaint handling – the basis is the necessity for the performance of a contract (Art. 6(1)(b) GDPR).
- Handling complaints and returns – the basis is the necessity for the performance of a contract and a legal obligation (Art. 6(1)(b) and (c) GDPR).
- Conducting statistical analyses and improving services – the basis is the legitimate interest of the Administrator, consisting of analyzing User activity and preferences to improve the Store’s functionality (Art. 6(1)(f) GDPR).
- Establishing, pursuing, or defending claims – the basis is the legitimate interest of the Administrator, consisting of protecting their rights (Art. 6(1)(f) GDPR).
- Issuing invoices and fulfilling accounting obligations – the basis is a legal obligation (Art. 6(1)(c) GDPR).
- Contact with the User (responding to inquiries, providing information) – the basis is the User’s consent or the legitimate interest of the Administrator (Art. 6(1)(a) and (f) GDPR).
- Marketing of own products and services (newsletter) – the basis is the User’s consent (Art. 6(1)(a) GDPR).
Providing data marked as mandatory in forms is a condition for concluding a contract. Failure to provide them will prevent order fulfillment. In other cases, providing data is voluntary.
§ 4 Data Recipients
Access to personal data may only be granted to persons authorized by the Administrator or entities supporting them in their operations. Data recipients may include:
- employees and collaborators of the Administrator authorized by power of attorney, to the extent necessary to achieve the purposes specified in this Policy
- entities providing IT, hosting, data security, accounting and legal services, PR and marketing, banks and payment operators, courier and logistics companies
- public authorities authorized to receive data under legal provisions – when they request information;
- other entities, if the User gives consent (e.g., marketing partners).
§ 5 Data Retention Period
Personal data will be processed for the period:
- necessary for the performance of the contract and provision of services, and after its termination – until the expiration of the limitation period for claims or defense against them
- required by law, including tax and accounting regulations
- of validity of the granted consent – until its withdrawal or the exercise of another right that necessitates restricting or ceasing data processing
- necessary to protect the Administrator’s interest, in particular until the completion of potential complaint, settlement, or claim-related proceedings.
§ 6 Rights of Data Subjects
Users have the following rights:
- the right to access their data and obtain information about its processing
- the right to request rectification (correction) of data
- the right to request erasure of data (“right to be forgotten”) or restriction of processing, if there is no justified basis for further processing
- the right to object to data processing based on the Administrator’s legitimate interest
- the right to withdraw consent at any time, if processing is based on consent – withdrawal does not affect the lawfulness of processing carried out before its withdrawal
- the right to data portability (to receive them in a structured format and transmit them to another administrator) – to the extent specified in Art. 20 GDPR;
- the right to lodge a complaint with the President of the Personal Data Protection Office if the User considers that data processing violates GDPR provisions
To exercise these rights, the User may send a message to the email address: kontakt@alertbag.pl.
§ 7 Data Security
The Administrator applies technical and organizational measures ensuring the protection of personal data appropriate to the risks and categories of data, in particular, securing data against unauthorized access, loss, or damage. Data entry forms are secured with an SSL protocol, and access to data is only possible for authorized persons.
§ 8 Cookies and Other Tracking Technologies
The Store uses cookies and similar technologies for the purpose of:
- ensuring the proper functioning and security of the Store (e.g., authentication, session maintenance, remembering the shopping cart)/li>
- personalizing the interface and remembering User settings;
- analyzing User activity and conducting visit statistics (e.g., via Google Analytics)
- marketing purposes, including profiling and displaying advertisements tailored to Users’ interests.
During the first visit to the Store, the User may consent to the saving of cookies in their browser. Consent can be withdrawn at any time by changing browser settings or by deleting saved cookies. Disabling cookies may, however, cause difficulties in using some functionalities of the Store.
§ 9 Transfer of Data Outside the EEA
Users’ personal data is stored and processed within the European Economic Area (EEA). The Administrator does not transfer data to third countries outside the EEA, unless it results from a service provided by a supplier (e.g., analytical tools, communicators). In the event of data transfer outside the EEA, the Administrator will ensure the application of appropriate safeguards required by GDPR, such as standard contractual clauses.
§ 10 Changes to the Privacy Policy
The Administrator reserves the right to make changes to this Privacy Policy in order to update it and adapt it to changes in legal provisions or changes in the functioning of the Store. Information about changes to the Policy will be published on the Store’s website. Changes will be effective from the moment of publication, unless otherwise specified. For contracts concluded before the introduction of changes, the version valid at the time of concluding the contract applies.
