1. GENERAL PROVISIONS
1.1. This privacy policy of the Online Store is for informational purposes only, which means it does not create any obligations for the Service Recipients or Customers of the Online Store. The privacy policy contains primarily the rules regarding the processing of personal data by the Administrator in the Online Store, including the basis, purposes, and period of personal data processing and the rights of individuals whose data is processed, as well as information on the use of Cookies and analytical tools in the Online Store.
1.2. The administrator of personal data collected via the Online Store is (1) Marek Jakuboszczak conducting business activity under the name STEJ - TRUCK MAREK JAKUBOSZCZAK entered into the Central Register and Information on Economic Activity of the Republic of Poland conducted by the minister competent for economic affairs, having: business address and address for service: ul. Słowackiego 9, 66-120 Kargowa, NIP 9231351721, REGON 080340854, (2) STEJ-TRUCK LIMITED LIABILITY COMPANY based in Kargowa (registered office address and address for service: ul. Kilińskiego 21/1, 66-120 Kargowa); entered into the Register of Entrepreneurs of the National Court Register under KRS number 0000840193; the registry court where the company's documentation is kept: District Court in Zielona Góra, VIII Commercial Division of the National Court Register; share capital: 10,000 PLN; NIP: 9731070913; REGON: 386006236; joint email address: stej@stej-truck.pl, joint contact phone number: +48 602 626 099 – hereinafter referred to as the "Administrator" and being at the same time the Service Provider of the Online Store and the Seller.
1.3. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as "GDPR" or "GDPR Regulation". Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
1.4. Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the Service Recipient or Customer using the Online Store is voluntary, with two exceptions: (1) entering into agreements with the Administrator – failure to provide, in cases and to the extent indicated on the Online Store's website and in the Online Store Regulations and this privacy policy, personal data necessary to conclude and perform a Sales Agreement or an agreement for the provision of Electronic Services with the Administrator results in the inability to conclude such an agreement. Providing personal data is in this case a contractual requirement, and if the person whose data concerns wishes to conclude a given agreement with the Administrator, they are obliged to provide the required data. The scope of data required to conclude an agreement is indicated each time on the Online Store's website and in the Online Store Regulations; (2) statutory obligations of the Administrator – providing personal data is a statutory requirement resulting from generally applicable laws imposing on the Administrator the obligation to process personal data (e.g., processing data for the purpose of keeping tax or accounting books) and failure to provide them will prevent the Administrator from fulfilling these obligations.
1.5. The Administrator exercises special care to protect the interests of individuals whose personal data is processed by him, and in particular is responsible for and ensures that the data collected by him is: (1) processed lawfully; (2) collected for specified, lawful purposes and not subjected to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form that permits identification of the data subjects for no longer than is necessary to achieve the purpose of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.
1.6. Taking into account the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR Regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent unauthorized persons from acquiring and modifying personal data sent electronically.
1.7. All words, expressions, and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Online Store Regulations available on the Online Store's website.
2. BASIS FOR DATA PROCESSING
2.1. The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2.2. The processing of personal data by the Administrator requires the existence of at least one of the bases indicated in point 2.1 of the privacy policy. The specific bases for processing personal data of Service Recipients and Customers of the Online Store by the Administrator are indicated in the next point of the privacy policy – in relation to the specific purpose of processing personal data by the Administrator.
3. PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
3.1. Each time, the purpose, basis, and period as well as the recipients of personal data processed by the Administrator result from the actions taken by a given Service Recipient or Customer in the Online Store or by the Administrator. For example, if a Customer decides to make a purchase in the Online Store and chooses personal collection of the purchased Product instead of courier delivery, their personal data will be processed to execute the concluded Sales Agreement, but will not be shared with the carrier executing shipments on behalf of the Administrator.
3.2. The Administrator may process personal data within the Online Store for the following purposes, on the bases, and for the periods indicated in the table below:
Purpose of data processing Legal basis for data processing Data storage period
Execution of the Sales Agreement or agreement for the provision of Electronic Services or taking action at the request of the data subject prior to entering into the aforementioned agreements Article 6(1)(b) of the GDPR Regulation (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract
Data is stored for the period necessary to execute, terminate, or otherwise expire the concluded Sales Agreement or agreement for the provision of Electronic Services.
Sending commercial information, including direct marketing, using telecommunications terminal equipment (e.g., email, phone) or automatic calling systems Article 6(1)(f) of the GDPR Regulation (legitimate interest of the administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, which include direct marketing – taking care of the interests and good image of the Administrator, its Online Store, and striving to sell Products – for example, in connection with the prior consent given by the data subject (e.g., during Newsletter subscription) to send commercial information using telecommunications terminal equipment, such as email or phone, depending on the scope of the consent given Data is stored for the period of existence of the legitimate interest pursued by the Administrator, but no longer than the period of limitation of claims of the Administrator against the data subject due to the business activity conducted by the Administrator. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to business activity is three years, and for the Sales Agreement, two years).
The Administrator cannot process data for direct marketing purposes if the data subject has effectively objected to such processing.</