PL | PLN EN | EUR

Privacy policy

Section 1: What is a privacy policy and what is it used for?

A privacy policy is a set of guidelines that dictate how an organisation handles Customers’ personal data. It also sets out how personal data is secured, how it is obtained. The privacy policy also outlines the purposes for which personal data is processed. All processes relating to customers’ personal data are carried out in accordance with the applicable legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, as well as the Act of 10 May 2018 on the protection of personal data. Whenever the term ‘User’ appears in the privacy policy, it refers to all users of the online shop operated by the Controller.

Section 2: Definitions

1. Controller – Europejskie Biuro Pracy Spółka z ograniczoną odpowiedzialnością with its registered office in Chełm (22-100), at ul. Lwowska 13W, registered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000414961, NIP (Tax Identification Number): 5651525551, running an online shop at www.leoseason.pl under the brand name LeoSeason. 2. Personal data – any information about a natural person who is identified or identifiable by one or more factors related to their genetic, physical, physiological, behavioural, psychological, economic, cultural, or social characteristics. This includes the IP address of the user’s device, device location data, and information collected through cookies or other technology working in a similar manner. 3. Privacy Policy – this Privacy Policy. Online shop/Online system – the online shop operated by Europejskie Biuro Pracy Spółka z ograniczoną odpowiedzialnością, with its registered office in Chełm, available at the internet address: www.leoseason.pl. User/Customer – any natural person who visits the Online shop and uses the services or functionalities described in the privacy policy. 6. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95 / 46 / EC (General Data Protection Regulation). Act – Act of 10 May 2018 on the protection of personal data (Dz.U. 2019.1781, consolidated text, as amended).

Section 3: Controller and Data Protection Officer

The Controller and Data Protection Officer is Europejskie Biuro Pracy Spółka z ograniczoną odpowiedzialnością with its registered office in Chełm (22-100), at ul. Lwowskiej 13W, running an online shop at www.leoseason.pl under the brand name LeoSeason. The Controller and the Data Protection Officer can be contacted by post or email at info@leoseason.pl.

Section 4: Why, on what basis, and to what extent is my personal data being processed??

1. The provision of personal data is voluntary, except in two cases: A. conclusion of a product sales contract with the Controller – failure to provide personal data required for the fulfilment of an order prevents the conclusion of the contract and the sale of the product by the Controller. B. Fulfilment of the Controller’s statutory obligations – provision of personal data is a statutory requirement resulting from legal regulations imposing certain obligations on the Controller (e.g. keeping of accounts), and refusal to provide such data will prevent the Controller from fulfilling these obligations. 2. Personal data is processed in connection with the following categories of activities: A. Browsing the online shop: The data of all Users of the Online shop is processed by the Controller for the following purposes: – provision of services by electronic means, to the extent necessary for the performance of the contract – legal basis for processing: Article 6(1)(b) of the GDPR,

– processing of orders made in the Online Shop – legal basis for processing: Article 6(1)(b) of the GDPR,

– handling of complaints – legal basis for processing: Article 6(1)(b) of the GDPR,
– analysis and statistics – to the extent constituting the legitimate legal interest of the Controller – legal basis for processing: Article 6(1)(f) of the GDPR,
– investigation, establishment and defence against claims – to the extent constituting the legitimate legal interest of the Controller – legal basis of processing: Article 6(1)(f) of the GDPR,
– marketing of the Controller – to the extent constituting the legitimate legal interest of the Controller, legal basis of processing: Article 6(1)(f) of the GDPR, the detailed manner of processing of personal data for marketing purposes will be described in Section 4.2.E of the Policy,
B. Registering in the Seller’s online system: Users creating an account on the Seller’s online system are asked to provide personal data necessary for account creation, order processing, and user account. The personal data provided to the Controller is processed for one or more of the following purposes: – provision of services related to the maintenance, operation of the account in the Seller’s online system – to the extent necessary for the performance of the contract – legal basis of processing: Article 6(1)(b) of the GDPR,
– analysis and statistics – personal data will be processed to the extent constituting the legitimate legal interest of the Controller – legal basis of processing: Article 6(1)(f) of the GDPR,
– marketing of the Controller – to the extent constituting the legitimate legal interest of the Controller – legal basis of processing: Article 6(1)(f) of the GDPR, the detailed method of data processing will be described in Section 4.2.E of the Policy,
– investigation, establishment and defence against claims – to the extent constituting the legitimate legal interest of the Controller – legal basis of processing: Article 6(1)(f) of the GDPR,
C. Placing and processing an order: The provision of personal data marked as mandatory in the registration form and order form is necessary for the processing of the order. Failure to provide such personal data will result in the inability to process the order. The provision of additional data is optional and does not impact the ability to process the order The personal data provided to the Controller is processed for one or more of the following purposes: – the fulfilment of the order placed, the data necessary for the fulfilment of the order will be processed on the basis of Article 6(1)(b) of GDPR – necessity for the performance of the contract. Personal data, the provision of which is optional, will be processed to the extent constituting a legitimate legal interest of the Controller and covered by the User’s consent based on Article 6(1)(a) of GDPR, – fulfilment of statutory obligations incumbent on the Controller – results from generally applicable laws, in particular tax regulations and the provisions of the Act of 29 September 1994 on accounting (Journal of Laws 2021.217, consolidated text, as amended), the legal basis for processing and the scope is regulated by Article 6(1)(c) of the GDPR, – analysis and statistics – the data will be processed to the extent constituting the legitimate legal interest of the Controller – legal basis of processing: Article 6(1)(f) of the GDPR, – investigation, establishment and defence against claims – the data will be processed to the extent constituting the legitimate legal interest of the Controller – legal basis of processing: Article 6(1)(f) of the GDPR. D. Contact form: You can contact the Controller’s online shop by using the provided contact form. To use the contact form, it is necessary to provide personal data, specifically an active e-mail address that is essential to process and respond to the enquiry. The personal data provided to the Controller when using the contact form will be processed for one or more of the following purposes: – identification of the sender, handling of the enquiry sent by the form – to the extent necessary for the performance of the contract for the provision of services – legal basis of processing: Article 6(1)(b) of the GDPR, – analysis and statistics – the data will be processed to the extent constituting the legitimate legal interest of the Controller – legal basis of processing: Article 6(1)(f) of the GDPR, – investigation, establishment and defence against claims – the data will be processed to the extent constituting the legitimate legal interest of the Controller – legal basis of processing: Article 6(1)(f) of the GDPR. E. Marketing
The Controller may process personal data for marketing activities with the User’s consent and to the extent of the Controller’s legitimate interest as per Article 6(1)(f) of the GDPR. Marketing activities may include, but are not limited to: – displaying marketing content that does not match the User’s preferences (contextual advertising). – displaying marketing content that matches the User’s preferences (behavioural advertising). The display of behavioural advertising is based on cookies that are installed on the User’s computer only with their consent to the installation of such cookies. The User has the right to withdraw their consent at any time by configuring their browser settings accordingly and deleting cookies. – direct marketing – If the User has provided their consent to receive marketing information, they may receive SMS and e-mails related to the Controller’s and its partners’ offers to the extent of the User’s consent and the Controller’s legitimate interest. The User has the right to withdraw their consent at any time, and doing so will not affect their ability to use the other services offered by the Controller’s Online Shop.

Section 5: Cookies

The Controller’s Online Shop utilizes cookies that may collect personal data and information to enhance User experience while using the Online Shop, in particular: A. Cookies that are related to the Online Shop: The Controller and its affiliates use cookies to enhance the quality of the services provided to the User. To achieve this, the Controller may store or access files that are already stored on the User’s end device in the following areas: – user input cookies, – authentication cookies, – user centric security cookies, – multimedia player session cookies, – user interface customization cookies, – shopping cart cookies, – cookies used to monitor website traffic, i.e., data analytics, including Google Analytics cookies (these are files used by Google to analyse your use of the Online Shop, to create statistics and reports on the functioning of the Online Shop). Google does not use the personal data collected to identify the User, nor does it combine this information in a way that enables identification of the User. For more information regarding the scope and principles of data collection in connection with this service, please refer to the following link: https://www.google.com/intl/pl/policies/privacy/partners. A. Marketing-related cookies
The Controller also uses cookies for marketing purposes, to the extent described in Section 4.E of the Policy.

Section 6: How long is my personal data stored?

1. Personal data is stored until the intended purpose is achieved. Upon completion of the intended purpose, the personal data will be irreversibly deleted. 2. If the only operation being carried out on the User’s personal data is storage (e.g. for the purpose of defending against claims or fulfilling statutory obligations), the personal data will be pseudonymised by encrypting it in a manner that cannot be read without an additional key.

Section 7: What rights do you have in relation to your personal data?

You have the following rights, and the Controller has the following obligations, in relation to your personal data: 1. The right to be informed – the Controller is obligated to provide information on the scope and legal basis for the processing of your personal data, as well as the scheduled date of deletion and the entities with whom the data have been shared. 2. The right to data access – the Controller is obligated to provide your with a copy of the data in their possession. 3. The right to rectification – the Controller is obligated to correct any inconsistencies, errors or additions in the personal data processed by them. 4. The right to erasure – the Controller is obligated to erase personal data if the purpose of their processing has been achieved.5. The right to restriction of processing – the Controller is obligated to limit the extent of processing to the minimum necessary to achieve the purpose.

6. The right to data portability – the Controller is obligated to provide you with personal data in a computer-readable format. You have the right to request that such data be sent to another entity – only if there is the technical capacity to do so, 7. Right to object to processing for marketing purposes – the Controller is obliged to stop processing personal data for marketing purposes upon your request. Such a request does not need to be substantiated, 8. Right to object to other purposes of personal data processing – you have the right to request the Controller to stop processing your personal data for other purposes (e.g. for analytical, statistical purposes). Such an objection should contain a statement of reasons and is subject to the Controller’s assessment in each case.

Section 8: What should a personal data request contain and where should it be addressed?

Requests related to personal data should be addressed to the Controller via registered mail or email using the contact information provided in Section 2.1 of the Policy. Requests should identify the person making the request, the right the User wishes to exercise, and indicate the purpose of the processing of personal data to which the request pertains. If the Controller is unable to identify the person making the request, they may request additional information and set a deadline for its submission. If the Administrator does not receive the additional information within the specified deadline, they will leave the application unprocessed. Requests related to the processing of personal data will be answered promptly and no later than one month after receipt, using the communication method specified by the User.

Section 9: Right to withdraw consent

You have the right to withdraw the consent you have given for the processing of your personal data. You may do so by sending a registered letter sent to the Controller’s address as indicated in Section 2.1 of the Policy or by e-mail sent to the Controller’s address as indicated in Section 2.1 of the Policy. Withdrawing consent does not retroactively invalidate the previous processing of personal data, and the Controller has the right to continue processing personal data to the extent that is consistent with the previously given consent and corresponding to its legitimate interests, until the Controller receives the withdrawal of consent.

Section 10: Right to lodge a complaint

If you believe that your personal data is being processed in violation of the law or the consent you have given, you have the right to file a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.

Section 11: Final provisions, transfer of data outside the European Economic Area (EEA).

1. To the extent not covered by this Policy, the provisions of the Act and the GDPR shall apply. 2. You will be notified of any changes to the Policy via e-mail. 3. Your personal data will not be transferred outside the European Economic Area. 4. This Policy is effective as of May 6, 2022.

Leo Season używa plików cookie, aby zapewnić Ci jak najlepsze wrażenia podczas robienia zakupów. Korzystając z naszych usług, akceptujesz używanie takich plików. Dowiedz się więcej o plikach cookies tutaj.