TABLE OF CONTENTS:
- GENERAL PROVISIONS
- BASIS FOR DATA PROCESSING
- PURPOSE, BASIS, AND DURATION OF DATA PROCESSING IN THE ONLINE SERVICE
- DATA RECIPIENTS IN THE ONLINE SERVICE
- PROFILING IN THE ONLINE SERVICE
- RIGHTS OF THE DATA SUBJECT
- COOKIES IN THE ONLINE SERVICE AND ANALYTICS
- FINAL PROVISIONS
1) GENERAL PROVISIONS
- This privacy policy of the Online Service is informational, meaning it does not impose obligations on the users of the Online Service. The privacy policy primarily sets out the principles for processing personal data by the Administrator in the Online Service, including the basis, purposes, and duration of data processing, as well as the rights of data subjects, and information on the use of Cookies and analytical tools in the Online Service.
- The administrator of personal data collected via the Online Service is Dariusz Chmielewski operating under the business name SPEEDER DARIUSZ CHMIELEWSKI, registered in the Central Registration and Information on Economic Activity of the Republic of Poland maintained by the minister responsible for the economy, with business and correspondence address: ul. Polna 29, 62-095 Murowana Goślina, NIP 8541060093, REGON 810394680, email address: biuro@speeder.com.pl, contact phone number: +48 61 670-4047 – hereinafter referred to as the “Administrator” and also the Service Provider of the Online Service.
- Personal data in the Online Service is processed by the Administrator in accordance with applicable laws, particularly with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation.” Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
- Use of the Online Service is voluntary. Similarly, providing personal data by the user of the Online Service is voluntary, with the proviso that failure to provide personal data required to use a specific Electronic Service as indicated on the Online Service website, in the Service Regulations, or this privacy policy, will result in the inability to use such Electronic Service. Providing personal data may be contractually required (e.g., creating an Account) or based on the Administrator’s legitimate interests (e.g., handling complaints or responding to inquiries).
- The Administrator takes particular care to protect the interests of individuals whose personal data it processes and ensures that the data collected is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; (3) accurate and adequate for the purposes for which it is processed; (4) stored in a form that permits identification of data subjects for no longer than necessary for the purposes of processing; and (5) processed securely to prevent unauthorized or unlawful processing and accidental loss, destruction, or damage using appropriate technical and organizational measures.
- Considering the nature, scope, context, and purposes of processing as well as risks to the rights and freedoms of individuals of varying probability and severity, the Administrator implements appropriate technical and organizational measures to ensure and demonstrate compliance with the GDPR. These measures are reviewed and updated as necessary. The Administrator employs technical measures to prevent unauthorized access and modification of personal data transmitted electronically.
- All words, expressions, and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Service Provider, Online Service, Electronic Service) should be understood as defined in the Service Regulations available on the Online Service website.
2) BASIS FOR DATA PROCESSING
- The Administrator is authorized to process personal data if – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject before entering into a contract; (3) processing is necessary for compliance with a legal obligation incumbent on the Administrator; or (4) processing is necessary for the purposes of legitimate interests pursued by the Administrator or a third party, except where overridden by the interests or fundamental rights and freedoms of the data subject requiring data protection, particularly if the data subject is a child.
- Processing of personal data by the Administrator requires at least one of the bases specified in point 2.1 of this privacy policy. The specific bases for processing personal data by the Administrator in the Online Service are outlined in the following sections of this privacy policy.
3) PURPOSE, BASIS, AND DURATION OF DATA PROCESSING IN THE ONLINE SERVICE
- The purpose, basis, and duration of processing, as well as the recipients of personal data processed by the Administrator, result from the actions taken by the specific user in the Online Service.
- The Administrator may process personal data in the Online Service for the following purposes, on the following bases, and for the following periods:
Purpose of Data Processing | Legal Basis for Data Processing | Data Retention Period |
Performance of an Electronic Service Agreement (e.g., Account) or actions requested by the data subject before entering into an agreement | Article 6(1)(b) GDPR (contract) – processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject before entering into a contract | Data is retained for the duration necessary to perform, terminate, or otherwise expire the contract with the Administrator. |
4) DATA RECIPIENTS IN THE ONLINE SERVICE
- For the proper functioning of the Online Service, including the correct provision of Electronic Services by the Administrator, it is necessary for the Administrator to use the services of external entities (such as software providers, etc.). The Administrator uses only the services of entities that provide sufficient guarantees for implementing appropriate technical and organizational measures to ensure that processing complies with the GDPR and protects the rights of data subjects.
- Personal data may be transferred by the Administrator to a third country, but the Administrator ensures that in such cases it will be done to a country providing an adequate level of protection or, in the absence of a relevant adequacy decision, at least on the basis of standard contractual clauses – in accordance with the GDPR. The data subject has the right to obtain a copy of their data. The Administrator transfers collected personal data only when and to the extent necessary to fulfill a specific data processing purpose in accordance with this privacy policy.
- The transfer of data by the Administrator does not occur in all cases and not to all recipients or categories of recipients indicated in this privacy policy – the Administrator transfers data only when it is necessary for the implementation of a specific purpose of personal data processing and only to the extent necessary for its implementation.
- Personal data of Online Service Users may be transferred to the following recipients or categories of recipients:
- a. Carriers / freight forwarders / courier brokers / entities handling warehouses and/or shipment processes – in the case of a User who has filed a warranty claim using the RMA Panel, the Administrator may provide the collected personal data of the User to a selected carrier, forwarder, or intermediary handling shipments on behalf of the Administrator, or, if the shipment is made from an external warehouse – to the entity handling the warehouse and/or shipment process – to the extent necessary to carry out the transport of the claimed Product and return the Product to the User after the complaint has been processed.
- b. Guarantors – in the case of a User who has filed a warranty claim using the RMA Panel, the Administrator may provide the collected personal data of the User to a selected guarantor on whose behalf the Service Provider handles the warranty process – to the extent necessary to handle the mentioned process (claim).
- c. Providers of services supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to run a business, including the Online Service and Electronic Services provided through it (in particular, software providers for running the Online Service, email, and hosting providers, and software providers for managing the company and providing technical support to the Administrator) – the Administrator provides the collected personal data of the User to a selected service provider acting on its behalf only in cases and to the extent necessary to implement the purpose of processing data in accordance with this privacy policy.
- d. Providers of legal and advisory services supporting the Administrator (in particular law firms) – the Administrator may provide the collected personal data of the User to a selected service provider acting on its behalf only in cases and to the extent necessary to implement the purpose of data processing in accordance with this privacy policy, particularly for purposes related to establishing, asserting, or defending claims.
5) PROFILING IN THE ONLINE SERVICE
- The GDPR requires the Administrator to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and – at least in those cases – relevant information about the rules for their decision-making, as well as the significance and expected consequences of such processing for the data subject. Considering this, the Administrator provides information on possible profiling in this section of the privacy policy.
- The Administrator may use profiling on the Online Service for direct marketing purposes, but decisions based on profiling made by the Administrator do not concern entering into or refusing to enter into an agreement with the Administrator or the possibility of using Electronic Services on the Online Service. The result of profiling in the Online Service may be, for example, reminders about unfinished actions on the Service, sending product proposals that may match the interests or preferences of the person, or offering better conditions compared to the standard offer of the Administrator. Despite profiling, the person makes a free decision whether to use, for instance, the offer received from the Administrator in this way.
- Profiling in the Online Service involves automatic analysis or prediction of a person’s behavior on the Online Service, e.g., by analyzing their past activities on the Service. The condition for such profiling is that the Administrator has personal data of the person to subsequently send them, for example, an offer.
- The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them.
6) RIGHTS OF THE DATA SUBJECT
- Right to access, rectify, restrict, erase, or transfer data – the data subject has the right to request from the Administrator access to their personal data, rectification, erasure (“right to be forgotten”), or restriction of processing, as well as the right to object to processing and the right to data portability. Detailed conditions for exercising these rights are outlined in Articles 15–21 of the GDPR.
- Right to withdraw consent at any time – the data subject whose data is processed by the Administrator on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority – the data subject whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and mode specified in the provisions of the GDPR and Polish law, particularly the Act on Personal Data Protection. In Poland, the supervisory authority is the President of the Personal Data Protection Office.
- Right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the Administrator), including profiling based on these provisions. In such cases, the Administrator may no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for establishing, exercising, or defending claims.
- Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that it is related to such direct marketing.
- To exercise the rights mentioned in this privacy policy, contact the Administrator by sending a relevant message in writing or by email to the Administrator’s address specified at the beginning of this privacy policy.
7) COOKIES IN THE ONLINE SERVICE AND ANALYTICS
- Cookies are small text files in the form of text files sent by the server and stored on the side of the person visiting the Online Service (e.g., on the hard drive of a computer, laptop, or smartphone memory card – depending on the device used by the visitor). Detailed information on cookies and their history can be found, among others, here: https://en.wikipedia.org/wiki/HTTP_cookie.
- Cookies that may be sent by the Online Service can be divided into various types according to the following criteria:
By their provider: Own (created by the Online Service Administrator) and third-party (belonging to entities other than the Administrator) | By their storage duration on the visitor’s device: Session (stored until logging out of the Online Service or closing the browser) and persistent (stored for a defined period specified by the parameters of each file or until manually deleted) | By their purpose: Necessary (allowing the proper functioning of the Online Service), functional/preference (enabling adjustment of the Online Service to the visitor’s preferences), analytical and performance (collecting information about how the Online Service is used), marketing, advertising, and social (collecting information about the visitor to display personalized ads and other marketing activities) |
3. The Administrator may process data contained in cookies while visitors use the Online Service for the following specific purposes:
Purpose of using cookies in the Online Service | Identifying users logged into the Online Service and showing they are logged in (necessary cookies) |
Remembering data from completed forms, surveys, or login data for the Online Service (necessary or functional/preference cookies) | |
Adapting the Online Service’s content to the individual preferences of the user (e.g., regarding colors, font size, page layout) and optimizing the use of Online Service pages (functional/preference cookies) | |
Conducting anonymous statistics showing how the Online Service is used (analytical and performance cookies) |
4. Checking in popular web browsers which cookies (including their duration and provider) are sent at any given time by the Online Service is possible as follows:
In Chrome: (1) Click the lock icon on the left side of the address bar, (2) go to the “Cookies” tab. | In Firefox: (1) Click the shield icon on the left side of the address bar, (2) go to “Allowed” or “Blocked,” (3) click the “Cross-site tracking cookies,” “Social media trackers,” or “Content tracking” field. | In Internet Explorer: (1) Click the “Tools” menu, (2) go to “Internet Options,” (3) go to the “General” tab, (4) go to “Settings,” (5) click “View files.” |
In Opera: (1) Click the lock icon on the left side of the address bar, (2) go to the “Cookies” tab. | In Safari: (1) Click “Preferences,” (2) go to “Privacy,” (3) click “Manage website data.” | Independently of the browser, using tools available on sites such as: https://www.cookiemetrix.com/ or https://www.cookie-checker.com/ |
5. By default, most web browsers available on the market accept the storage of cookies. Each individual can determine the terms of cookie usage through their browser settings. For example, it is possible to partially limit (e.g., temporarily) or completely disable the ability to store cookies – however, this may affect some functionalities of the Online Service.
8) FINAL PROVISIONS
The Online Service may contain links to other websites. The Administrator encourages you to review the privacy policies established there when navigating to other sites. This privacy policy applies only to the Administrator’s Online Service.