This section contains information regarding GDPR and the policy regarding privacy and cookie files in the shop.StethoMe.com
This document establishes the conditions for processing of personal data (hereinafter referred to also as “data”) and cookie files within the shop.stethome.com online service, carried out through the website available under the URL address: shop.stethome.com, hereinafter referred to as the “Online Service”. This document does not regulate the principles of personal data processing in the StethoMe application.
§1. HOW TO CONTACT THE DATA ADMINISTRATOR
The administrator of the personal data processed within the Online Services is the StethoMe sp. z o.o. company having its seat in Poznań (postal code: 61-663) in Poland at the address ul. Winogrady 18a, entered into the Entrepreneur Register of National Court Register (KRS) under KRS number: 0000558650, NIP (tax identification number): 7831726542, REGON (business register number): 361535342
The Administrator of the data can be contacted using the e-mail address: firstname.lastname@example.org.
§2. THE BASIS UPON WHICH WE PROCESS YOUR DATA
When collecting personal data, we always notify of the legal basis for its processing. The said basis stems from provisions of GDPR (Regulation of the European Parliament and of the Council (EU) 2016/679 of 27th of April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - General Data Protection Regulation). When we refer to:
- Article 6 Item 1 Letter a) of GDPR – it means that we process the personal data on the basis of the consent received,
- Article 6 Item 1 Letter b) of GDPR – it means that we process the personal data since it is indispensable to use for the purposes of performing the contract or taking actions prior to concluding it, at a request received,
- Article 6 Item 1 Letter c) of GDPR – it means that we process the personal data for the purpose of meeting an obligation under law,
- Article 6 Item 1 Letter f) of GDPR – it means that we process the personal data for the purpose of pursuing legally justified interests.
§3. INFORMATION ON PROCESSING OF DATA FOR THE PURPOSES OF CONCLUDING AND PERFORMING CONTRACTS, PRESUMPTIVE PURSUIT OF CLAIMS, AND DEFENCE AGAINST CLAIMS
- We may also process the personal data required for implementation of the contract concluded with you. However, even before concluding it, we may process the personal data required for taking action at your request. This data is processed under Article 6 Item 1 Letter b) of GDPR.
- In the event of implementation of the contract for provision of paid services, we may process your data for the purposes of meeting the accounting and tax obligations. This data is processed under Article 6 Item 1 Letter c) of GDPR.
- During and after implementation of the contract, we process the personal data of the party to it for the purposes of presumptive consideration and pursuit of claims. Our legally justified interest includes, for example, the possibility of responding to a presumptive complaint, which we are obligated to do under separate provisions of the civil law. In such case we will process the personal data under the legally justified interest consisting in defence against presumptive claims or pursuit of presumptive claims. This data is processed under Article 6 Item 1 Letter f) of GDPR.
- We will store this data for the period required to fulfil the objectives indicated, not longer than until prescription of claims resulting from separate provisions of the law.
- You are entitled to access your data, rectify it, remove it, limit its processing, transfer it, and file a complaint to a supervisory body. In the situation where the data is processed for the purposes specified in Item 3, you are also entitled to object to its processing.
- Provision of this data is voluntary. However, if it is not provided, it will make it impossible to conclude or implement the contract.
- The recipients of this data include: our hosting provider, e-mail service provider, IT service provider, transport service provider, advertising service provider, provider of accounting services and software intended for invoice handling, banking service and online payment provider, legal, counselling, and debt collection service provider, and other service providers whose services we take advantage of within the framework of the purpose indicated.
§4. INFORMATION ON PROCESSING OF DATA FOR THE PURPOSES OF SENDING A NEWSLETTER
- We provide an option to subscribe to the list of recipients of our newsletter. If you used this function, we process your personal data for the purposes of sending that newsletter. A newsletter may contain advertising, commercial, or marketing content.
- This data is processed under your consent, and therefore under Article 6 Item 1 Letter a) of GDPR.
- You are entitled to withdraw your consent at any time. However, such a withdrawal of consent has no impact on compliance of any previous data processing with law.
- We will store your data until the withdrawal of the consent granted. In the event of you never withdrawing it, we will process your data until we cease sending the newsletter.
- You are entitled to access your data, rectify it, remove it, limit its processing, transfer it, and file a complaint to a supervisory body.
- Provision of this data is voluntary. However, if it is not provided, it will make it impossible to send the newsletter.
- The recipients of this data are: our hosting provider, IT service provider, e-mail service provider, and newsletter distribution service provider.
§5. INFORMATION ON PROCESSING OF DATA FOR THE PURPOSES OF DIRECT MARKETING AND PROFILING
- We may process your personal data for the purposes of direct marketing. This happens, for example, when we answer a message of yours and present the details of our offer.
- For the purposes of direct marketing, we may take advantage of profiling, consisting in automated decision-making with regard to showing you advertisements. Such a decision is made on the basis on the actions you have been making within the Online Service, and in particular on the basis of contracts concluded and websites browsed. In practice, profiling supports the usefulness of our Online Service, allowing to present you the content that may potentially be of interest to you.
- This data is processed under Article 6 Item 1 Letter f) of GDPR.
- We will store your data for the time it is required for the purposes of implementation.
- You are entitled to access your data, rectify it, remove it, limit its processing, transfer it, and object to its processing, and to file a complaint to a supervisory body.
- You are entitled not to be subject to profiling, unless you granted your consent to it. However, in such case the basis for processing your data will be the consent that you granted (Article 6 Item 1 Letter a) of GDPR), which you can withdraw at any moment. In such case your data will be processed until the moment of withdrawal of the consent that you granted.
- Provision of this data is voluntary. However, if it is not provided, it will make it impossible to carry out direct marketing activities.
- The recipients of this data are: our hosting provider, IT service provider, e-mail service provider, and advertising service provider.
§6. INFORMATION ON PROCESSING OF DATA FOR THE PURPOSES OF ENSURING SECURITY
- Starting from the moment you launch our website, we process certain data for the purposes of ensuring security of services, namely:
- public IP address of the device sending the enquiry,
- browser type and language,
- enquiry date and time,
- the number of bytes sent by the server,
- the URL address of the previously visited page in the event of the visit resulting from using a link,
- information on errors that occurred during the execution of the enquiry.
2. Our legally justified interest within this processing is keeping server event logs and securing the Online Service against potential hacker attacks and other abuses. This includes the possibility of determining the IP address of the person performing illegal activity within the Online Service, such as an attempt at breaching the security measures, publishing prohibited content, or attempted illegal activities with the use of our servers.
3. This data is processed under Article 6 Item 1 Letter f) of GDPR.
4. We will store this data for the period required to fulfil the objectives indicated, not longer than until prescription of claims resulting from separate provisions of the law.
5.You are entitled to access your data, rectify it, remove it, limit its processing, object to its processing, and file a complaint to a supervisory body.
6. The provision of this data is a prerequisite for using the Online Service. If this data is not provided, it will be impossible to use the Online Service.
7. The recipients of this data are our hosting provider and IT service provider.
§7. INFORMATION ON DATA RECIPIENTS
When processing personal data, we take advantage of external services. As a result of that, the recipients of your personal data may be third parties. When collecting personal data, we always inform of those recipients. However, since the intelligibility of the message is our top priority, we only include a general mention. That is why we hereby explain that when informing of individual categories of recipients, we have the following entities in mind:
- IT service provider: eCommerceConnections Sp. z o.o., ul. Topolowa 2a, 62-090 Bytkowo, Poland; Shopify International Ltd., 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland; LINKER CLOUD Sp. z o.o., ul. Tadeusza Borowskiego 2, 03-475 Warszawa, Poland.
- Transport/courier service provider: eCommerceConnections Sp. z o.o., ul. Topolowa 2a, 62-090 Bytkowo, Poland; InPost S.A, ul. Wielicka 28, 30-552 Kraków, Poland; DHL Parcel Polska Sp. z o.o., ul. Osmańska 2, 02-823 Warszawa, Poland.
- Hosting service provider: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
- E-mail service provider: Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA.
- Advertising and analytics service provider: Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA; Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA; LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
- Accounting service provider: Taxteam sp. z o.o., al. Kościuszki 39, 90-418 Łódź, Poland.
- Invoice handling software provider: Fakturownia sp. z o.o., ul. Juliana Smulikowskiego 6/8, 00-389 Warszawa, Poland; Shopify International Ltd., 2nd Floor 1-2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.
- Legal / counselling / debt collection service provider - these service providers are appointed individually each time when a necessity arises.
- Newsletter distribution service provider: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
- Banking service provider: Santander Bank Polska S.A., al. Jana Pawła II 17, 00-854 Warszawa, Poland; mBank S.A. seated in Warsaw (in Poland) at the address ul. Senatorska 18.
- Online payment service provider: PayU S.A., ul. Grunwaldzka 186, 60-166 Poznań, Poland; PayLane Sp. z o.o., ul. Norwida 4, 80–280 Gdańsk, Poland.
§8. INFORMATION ON TRANSFER OF DATA TO THIRD COUNTRIES
- In view of the fact that we take advantage of services of other providers, your personal data may be transferred outside of the European Economic Area, namely to the following country: United States of America (USA).
- The European Commission has determined that certain countries from beyond the European Economic Area (EEA) protect personal data sufficiently.
- Since the country to which we transfer the personal data has not been considered a secure country, the transfer of data takes place under a contract that includes standard data protection clauses adopted by the European Commission.
§9. UNCONDITIONAL RIGHTS OF THE PERSONS WHOSE DATA IS PROCESSED
Whenever we refer to the rights related to processing of your personal data, we refer to the rights described below. The possibility of exercising the rights described below is independent of the legal basis for processing of personal data.
The right to access the data
You are entitled to receive from us a confirmation whether we process any personal data that regards you. If we do, you are entitled to access this data and to receive additional information on:
- purposes of data processing,
- categories of the data considered,
- recipients or categories of recipients to whom the data has been or will be disclosed, particularly regarding recipients in third countries or international organisations,
- to the extent possible, the planned period of data storage, and if it is not possible, on the criteria of determining that period,
- the right to demand us to rectify, delete, or limit the processing of data, to file an objection to such processing, and on the right to submit a complaint to a supervisory body,
- the source of data, if your data was not collected directly from you,
- automated decision making, including profiling, and the principles of making such decisions, as well as on the significance and anticipated consequences of such processing for you.
After receiving such a demand, we are obligated to provide you with a copy of the personal data that is subject to processing. If such a demand is received by electronic means and if we do not receive any reservation to the contrary, we will provide the information also by electronic means.
The right to rectify the data
You are entitled to demand us to rectify immediately any personal data that regards you and is incorrect. With taking into account any purposes of processing, you are entitled to demand supplementation of incomplete personal data, including by submitting an additional declaration.
The right to removal of data (to be forgotten)
You are entitled to demand us to remove immediately any personal data that regards you. We are obligated then to remove the personal data without undue delay if any of the following circumstances take place:
- you have removed your consent to processing of your personal data and we have no other basis for processing it,
- you have made an effective objection to processing of data that regards you,
- your personal data was processed illegally,
- your personal data has to be removed in order to meet an obligation under law,
- your data was collected in relation to offering information society services.
The right to limit data processing
You are entitled to demand us to limit the processing in the following cases:
- when you question the correctness of the data – for the period allowing us to check its correctness,
- when the processing is illegal and you object to the removal of data, demanding limitation of its use instead,
- when we no longer need the personal data for processing purposes, but you require it in order to establish, pursue, or defend claims,
- when you submitted an objection to processing of your data – until establishing whether the legally justified basis on our side is superior in relation to the basis of your objection.
Automated decisions, including profiling
You are entitled not to be subject to a decision that is based solely on automated processing, including profiling, and has legal consequences for you and has a similar significant impact on you.
This entitlement is not applicable if such a decision:
- is indispensable for conclusion or performance of a contract between you and us,
- is allowed under provisions of the EU law or the law of the Republic of Poland, which envisage appropriate means for protecting your rights, freedoms, and legally justified interest, or
- is based on your explicit consent.
The right to submit a complaint
You are entitled to submit a complaint in relation to processing of your personal data to a supervisory body: President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warszawa, Poland, tel. +48 22 531 03 00, fax. +48 22 531 03 01; e-mail: email@example.com
§10. CONDITIONAL RIGHTS OF THE PERSONS WHOSE DATA IS PROCESSED
Whenever we refer to the rights related to processing of your personal data, we refer to the rights described below. The possibility of exercising them depends each time on the legal basis for processing of personal data.
The right to withdraw the consent to processing
In case when we process your personal data on the basis of your consent to it, you are entitled to withdraw such consent at any moment. Naturally, such a withdrawal of consent granted has no impact on compliance of any previous personal data processing with law.
The right to transfer the data
You are entitled to receive the personal data that you have provided, in a structured in commonly used format fit for machine reading. You are also entitled to send this personal data to another administrator without obstacles on our part, provided that the processing takes place:
- on the basis of consent or on the basis of a contract, and
- in automated manner.
By exercising your right to transfer the data you are entitled to demand us to send the personal data directly to another administrator, provided that this is technically possible. This right may not have any negative impact on the rights and freedoms of others.
The right to object
In the even of us processing your personal data under Article 6 Item 1 Letter f) of GDPR, you are entitled to object to processing of that data for reasons related to your special situation.
In such case we are no longer allowed to process such personal data, unless we demonstrate the existence of:
- valid and legally justified basis for processing, whereas such basis has to be superior in relation to your interests, rights, and freedoms, or
- basis for determining, pursuing, or defending claims.
Therefore, if you object to processing of your personal data for direct marketing purposes, we will not be allowed to process it for such purposes.
§11. COOKIE FILES - INTRODUCTION
The Online Service website uses cookie files. They are small, commonly used files that contain a sequence of characters, which are sent and then saved on the end device (e.g. a computer, laptop, tablet, or smartphone) used when visiting the Online Service. This information is sent to the memory of the browser used, which send them back when the user enters the same website later. Cookie files can be categorised using three methods of division.
When it comes to the purposes of using the cookie files, we differentiate three categories of them:
- Necessary cookies – these files enable correct functioning of a website and its functions, e.g. authenticating or securing cookie files. Without saving them on your device it will be impossible to use the website.
- Analytics cookies – these files enable monitoring of the websites opened, traffic sources, and duration of stay at a website. If they are not saved, there will be no limitation in using the website functions.
- Advertising cookies – these files enable displaying customised advertisements within the website or outside of it. If they are not saved, there will be no limitation in using the website functions.
- Social media files – these files enable displaying a fanpage within the website, as well as “liking” it. If they are not saved, there will be no limitation in using the website functions.
In terms of the time of their validity, we differentiate two categories of cookie files:
- session cookies – existing until the end of a given session,
- persistent cookies – existing after the end of a given session.
With regard to differentiation of the entity administering the cookie files, we differentiate:
- our cookies,
- third party cookies.
§12. COOKIE FILES OF THE DATA ADMINISTRATOR
The cookie files administrated by us enable:
- authenticating access,
- maintaining session after signing in,
- securing the Online Service against the attacks of hackers,
- browser “memory” of the content of form fields filled in (optional)
- browser “memory” of the items added to the basket.
Thanks to that, using the functions of the Online Service becomes easier and more pleasant.
§13. COOKIE FILES OF THIRD PARTIES
We use the cookie files administered by Google Inc. 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA, within the framework of the following services:
- Google Ads – advertising files used for conducting advertising campaigns using the Google Ads service and evaluating their quality,
- Google Analytics – analytics files intended for studying user behaviour and traffic and elaborating traffic statistics,
- Google Analytics for Firebase: analysis of application users, using e.g. the remarketing lists created for advertising purposes,
- BigQuery: provided that we will carry out integration, analysis of raw data about users.
The data collected by Google Inc are of anonymous and aggregated nature. In particular, it does not contain any identifying characteristics (understood as personal date) of the Online Service users. By using the services listed, we collect data such as the source of acquisition of users visiting the Online Service, their behaviour at the Online Service website, information on the devices and browsers they use, IP address, domain, demographic data (age, sex), interests, and geographic data.
You can find more information within that scope here: https://policies.google.com/technologies/cookies?hl=pl
We use the files administrated by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA.
- Advertising pixel tags used by Facebook Inc. 1 Hacker Way, Menlo Park, CA 94025, USA. They are elements published within digital content and enabling recording information about e.g. activity at the website, as well as the efficiency of advertising. The pixel tag of Facebook Inc. can be managed through the Facebook service, in its user panel,
- Facebook analytics: analysis of users,
- Facebook Ads: advertisements on the basis of data from pixel FB and remarketing lists.
You can find more information within that scope here: https://www.facebook.com/policies/cookies/
We use cookie files administered by Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. Thanks to the HotJar too, we analyse your activities at our website, including: information about your device, browser, and browser language, location, and anonymised IP number. We carry out this analysis on order to optimise our website with regards to its usability. If you want to object to processing of your data for these purposes, use the following link: https://www.hotjar.com/legal/compliance/opt-out.
§14. CONSENT TO THE USE AND MANAGEMENT OF COOKIE FILES
With the exception of the necessary cookie files, the processing of cookie files takes place under user’s consent.
The consent to processing of cookie files is voluntary and may be withdrawn at any time. However, it is necessary to remember that the lack of consent to using certain cookie files may cause limitations in using the Online Service and its functions, and even prevent using it.
Granting consent to processing of cookie files may take place:
- through settings of the software installed in the telecommunications end device used by the user,
- using the button that includes a declaration of granting consent to processing of cookie files or confirmation of familiarising oneself with its conditions,
- using the setting available within the website.
When you are using the Online Service website we may automatically use the cache installed in your device. Within the framework of the local memory it is possible to store data between sessions, i.e. between subsequent visits at the Online Service website. The purpose of using the cache is making the use of the Online Service faster by eliminating situations in which the same data would be downloaded from the Online Service multiple times, thus putting burden on the online connection of the User. The cache may also store data such as a sign-in password.
§16. LINKS TO OTHER WEBSITES OR SOFTWARE
Version 1.1 v 04.01.2021