• online stores: www.hedonskate.com, www.bladeville.com, and www.twotip.com (hereinafter collectively referred to as the “online store”);
• stationary store located in Katowice, at ul. Ceglana 67C (40-514);
• application form on the website www.iloverolki.pl.
2. The owner of the online store, the stationary store and a rollerblading school offering rollerblading courses and workshops, acting also as the controller of Your personal data is:
Mirosław Ragan conducting business activity under the name SPOKO BRAND MIROSŁAW RAGAN with registered office in Katowice, ul. Marii Skłodowskiej-Curie 19/17 [address for service: ul. Ceglana 67c, Katowice (40-514)], registered in the Central Registration and Information on Business maintained by the Minister of Economy under the tax identification (NIP) number: 5170129818, and business identification (REGON) number: 180177693, hereinafter referred to as the “Controller”.
3. The Controller of personal data is the owner of the following brands: www.iloverolki.pl, www.twotip.com, www.hedonskate.com, www.bladeville.com.
4. The personal data collected by the Controller through the online store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.
5. All information transmitted to our servers, in particular data concerning payments, is encrypted with the SSL (Secure Socket Layer) protocol using 256-bit coding, thus even in the case data transmission is intercepted, the data in question are impossible to be deciphered by unauthorized parties.
Only specifically authorized employees of the Controller have access to personal data.
a) via email at firstname.lastname@example.org;
b) via email at email@example.com; or
c) by postal mail: Mirosław Ragan – 40-514 Katowice, ul. Ceglana 67c.
§ 1 The type of data processed, purposes and legal basis
1. Users visiting the online store remain anonymous until the first purchase, subscription for a newsletter, or completion of a registration form on the website.
2. Users visiting the website www.iloverolki.pl, when sending a request for participation in workshops/courses, must give their full name, email address, telephone number, place of residence and age.
3. Registration in the online store requires the user to provide his or her email address and set a password.
4. The Controller collects information on natural persons (customers) in the case of:
a. registering an account in the online store to create and manage an individual user account (legal basis: Article 6(1)(b) of the GDPR);
b. placing an order in the online store, for the performance of a sales contract (legal basis: Article 6(1)(b) of the GDPR);
c. subscribing to the newsletter, for the performance of a contract for the provision of services by electronic means (legal basis: Article 6(1)(a) of the GDPR);
d. sending an application form to participate in courses/workshops (legal basis: Article 6(1)(a) and (b) of the GDPR).
5. To make a purchase in the online store, the user is required to provide data necessary for deliveries. When placing an order, users will be asked to provide the address. All information about our customers that is at our disposal is used solely for the purpose of processing orders, including the issue of sales documents and the shipment of products (this means making the contact details available to our business partners). Your data will not be used for any other purpose without Your explicit consent.
6. When registering an account in the online store, the user shall provide his or her:
a. full name;
b. address of permanent residence;
c. address for correspondence (if other than the address of permanent residence);
d. email address;
e. telephone number.
Providing the above-mentioned data is voluntary, yet necessary for the registration and making purchases in the online store.
7. In the case of registering for a rollerblading course of workshop, the user shall provide the following data:
a. first name;
b. last name;
c. email address;
d. telephone number;
e. place of residence;
Providing the above-mentioned data is voluntary, yet necessary for the registration for courses or workshops.
8. When registering an account in the online store, the user independently sets an individual password for his or her account. The password may be changed at a later time.
9. When registering an account in the online store or signing up for a course or workshop, the user may express consent for the processing of personal data and receiving newsletter. Consent is voluntary and given individually for each option.
10. When using the website of the online store, some additional data may be collected, in particular: IP address of the customer’s computer or an external IP address of internet services provider, domain, browser type, access time, type of operational system.
11. As part of the agreement with the user, the online store is authorized to send an invitation to complete a post-sales survey to the email address of the user. The survey aims to examine users’ opinions about transactions. The User may complete the survey voluntarily.
The Controller processes personal data, including full name, email address, and also answers to questions included in the satisfaction survey and forms used to measure satisfaction. Participation in such activities in voluntary. If the customer does not agree to take part in such processes, he or she may inform the Controller at any time, and the Controller shall block the relevant data.
Legal basis – legitimate interest (Article 6(1)(f) of the GDPR), consisting in the improvement of the functionality of services provided by electronic means and measuring users’ satisfaction with our services.
§ 2 Sharing or entrusting data and the time of their storage
1. The customer’s personal data are transferred to the providers of services used by the Controller in the operation of the online store. The service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, either are subject to the Controller’s instructions with regard to the purposes and means of the processing of the data (Processors) or establish the purposes and means of data processing individually (Controllers).
a) Processors. The Controller is using services rendered by providers who process personal data acting only on instructions from the Controller. These include providers of hosting services, accounting services, marketing systems, systems for analyzing traffic in the online store, systems for analyzing the effectiveness of marketing campaigns.
b) Controllers. The Controller relies on providers who do not act solely on instructions and set the purposes and means of using the personal data of customers. These entities are electronic payment and banking providers.
2. Location. Service providers and mainly established in Poland and other countries of the European Economic Area (EEA).
3. For the purposes of the agreement, the online store may share Your data with the following types of service providers:
a. electronic payment operators;
b. parcel operators.
In such cases, the amount of personal data disclosed is limited to the strict minimum needed. In the case You would like to withdraw your consent expressed for this scope, please submit such information:
a) via email at firstname.lastname@example.org;
b) via email at email@example.com; or
c) by postal mail: Mirosław Ragan – 40-514 Katowice, ul. Ceglana 67c.
Moreover, personal data provided by the user may be disclosed to the competent public authorities, if it is required by the applicable laws.
4. The personal data of customers are stored:
a. Where the legal ground for the processing of personal data is consent, then the Controller stores the customer’s personal data until he or she withdraws consent, and, after the consent has been withdrawn – for the period corresponding to the limitation period for the claims which the Controller may make or which may be made against the Controller. Unless otherwise specified in a special provision, the limitation period is ten years, and for claims concerning periodic benefits and claims in connection with economic activity – three years.
b. Where the legal ground for the processing of personal data is the performance of an agreement, then the Controller stores the customer’s personal data for as long as it is necessary for the performance of the agreement, and, after this time – for the period corresponding to the limitation period for claims. Unless otherwise specified in a special provision, the limitation period is ten years, and for claims concerning periodic benefits and claims in connection with economic activity – three years.
5. In the case the customer subscribes to the newsletter, the Controller will send emails containing commercial information about promotions and new products available in the online store to the customer’s email address.
6. The Controller, where a relevant request has been made, shall make the personal data available to the authorized state authorities, in particular to the organizational units subordinate to the Prosecutor’s Office, Police, President of the Office for the Protection of Personal Data, President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
§ 3 Cookies mechanism, IP address
1. The online store does not automatically collect any data, with the exception of data contained in cookies used during usage of the Website.
2. Cookies are small text files sent by the online store and stored on Your terminal device, containing information relating to your usage of the Website and the online store. Cookies used by the online store may be of temporary or permanent nature.
3. Temporary cookie files are erased when you close Your browser, while permanent cookies are also stored once You leave the Website and are designed to store data such as Your password or login, which facilitates and streamlines the usage of the Website.
4. The online store uses the following types of cookies for the purposes as follows:
• encrypted cookies save session data for the users and employees of the store. Separate cookies for individual customers and employees are stores in the cache memory of the browser.
In any case You can block the installation of cookies or erase permanent cookies, using the relevant settings in Your internet browser. In the case any problems occur, we suggest using the browser’s “help” file or contacting the browser’s manufacturer.
5. Apart from cookies, the online store may also collect data which is traditionally collected by the controllers of online systems as part of the so-called logs or log files. Information contained in logs may include Your IP address, platform and browser type, internet services provider, and the URL address of the site from which You accessed the Website. Some sites within the Website and other means of communication may contain the so-called “web beacons”. Web beacons allow for receiving such information as the IP address of the computer on which a web page containing the web beacon was placed was loaded, the URL number of the site, time to load, browser type, and also information contained in cookies for measuring the effectiveness of our ads. Such data will be archived and used for statistical analysis and assessment of the global traffic of Website users. The data in question will not be combined with the Your personal data provided.
§ 4 The rights of data subjects
1. The right to withdraw consent – legal basis: Article 7(3) of the GDPR;
a. The Customer has the right to withdraw any consent granted to the Controller;
b. Withdrawal of consent is effective as from the moment in which the consent has been withdrawn.
c. Withdrawal of consent does not affect the processing of data carried out in accordance with the law prior to the withdrawal;
d. Withdrawal of consent has no adverse consequences for the Customer, it may, however, prevent the use of services or functionalities, which the online store may legally provide only with the Customer’s consent.
2. The right to object to the processing of data – legal basis: Article 21 of the GDPR;
a. The Customer has the right to object at any time to processing of personal data concerning him or her, including profiling, if the Controller processes his or her data based a legitimate interest, e.g. the marketing of products and services offered by the online store, keep statistical data showing the usage of individual functionalities of the online store and facilitation of the usage of the online store as well as measuring satisfaction;
b. Unsubscribing by email from receiving marketing information relating to products or services will mean that the Customer objects to the processing of his or her personal data, including profiling, for the purposes mentioned above;
c. If the Customer’s objection is justified and the Controller has no other legal basis to support the processing of personal data, the Customer’s data subject to objection will be deleted.
3. The right to erasure (the “right to be forgotten”) – legal basis: Article 17 of the GDPR;
a. The Customer has the right to request the erasure of all or some of his or her personal data;
b. The Customer has the right to request the erasure of personal data if:
i. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
ii. he or she withdraws the relevant consent to the extent that personal data were processed based on his or her consent;
iii. he or she objects to the processing his or her personal data for marketing purposes;
iv. the personal data have been unlawfully processed;
v. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
vi. the personal data have been collected in relation to the offer of information society services.
c. Notwithstanding the request to erase personal data relating to the Customer’s objection of withdrawal of consent, the Controller may retain some personal data to the extent necessary for the establishment, exercise or defense of legal claims. This shall apply in particular to the following personal data: first and last name, email address, which are retained for the purpose of handling complaints and claims relating to the use of services rendered by the Controller, or, additionally, address of residence/address for correspondence, order number, which are retained for the purpose of handling complaints and claims relating to the sales or service agreements in place.
4. The right to restriction of processing – legal basis: Article 18 of the GDPR;
a. The Customer has the right to request the restriction of processing with regard to his or her personal data. Submitting a request, pending its outcome, prevents from the use of certain functionalities or services, the use of which involves the processing of the personal data subject to the request. Also, the Controller will not send any messages, including marketing information.
a. The Customer has the right to request the restriction of the use of personal data in the following cases:
i. when he or she questions the accuracy of personal data – in this case, the Controller limits their use for the time necessary to verify the accuracy of data, but for not longer than 7 days;
ii. when the processing of data is unlawful, and instead of requesting erasure, the Customer requests the restriction of their use;
iii. when personal data are no longer necessary for the purposes for which they were initially collected or used, but the Customer needs the data for the establishment, exercise or defense of legal claims;
iv. when he or she objected to the processing of his or her personal data – in such case, restriction is effected for the time necessary to establish whether – in view of the specific situation – the protection of interests, rights and freedoms of the Customer outweighs the interests pursued by the Controller when processing the Customer’s personal data.
5. The right of access to data – legal basis: Article 15 of the GDPR;
a. Every user of the online store has the unlimited right to access, edit or delete his or her personal data. To check their personal data themselves, registered Customers may log in to www.bladeville.com and enter the tab My Account, where they can edit their personal data. If you would like to delete your account together with your personal data, write to us:
1. via email: firstname.lastname@example.org
2. via email: email@example.com
3. via postal mail: Mirosław Ragan – 40-514 Katowice, ul. Ceglana 67c.
b. The Customer has the right to receive confirmation stating whether the Controller is processing his or her personal data, and should that be the case, the Customer has the right to:
i. access his or her personal data;
ii. receive information on the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients of these data, the envisaged period for which the personal data of the Customer will be stored or the criteria used to determine that period; the Customer’s rights under the GDPR and the right to lodge a complaint with a supervisory authority; the source of personal data; the existence of automated decision-making, including profiling; and the appropriate safeguards used in relation to the transmission of the data outside the European Union;
iii. obtain a copy of his or her personal data.
6. The right to have personal data rectified – legal basis: Article 16 of the GDPR;
a. The Customer has the right to request from the Controller the immediate rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement via:
a) email at firstname.lastname@example.org;
b) email at email@example.com; or
3. postal mail: Mirosław Ragan – 40-514 Katowice, ul. Ceglana 67c.
7. The right to data portability – legal basis: Article 20 of the GDPR;
a. The Customer shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, and transmit those data to another controller of his or her choice. Where technically feasible, the Customer shall also have the right to request to have the personal data transmitted directly from one controller to another. In such case, the Controller will send the Customer’s personal data in the form of a csv file, which is commonly used and machine-readable format allowing for the transfer of data received to another data controller.
8. In the case the Customer undertakes to execute an entitlement resulting from the rights stated above, the Controller shall comply with the request or refuse to comply immediately, but not later than one month following the receipt thereof. However, if – due to the complexity of request made or the number of requests – the Controller will not be able to comply with the request within one month, the Controller shall meet the request within a further period of two months, giving the Customer due notice of the intended extension.
9. The Customer may submit complaints, queries and requests concerning the processing of his or her personal data and the execution of his or her rights to the Controller.
10. The Customer shall have the right to request from the Controller the copies of standard contractual clauses via email to the email address of the online store.
11. The Customer shall have the right to lodge a complaint to the President of the Office for the Protection of Personal Data, regarding the violation of his or her right to the protection of personal data or any other rights under the GDPR.
§ 5 Other websites
The website may periodically display links to external websites. Such external websites function independently from the website and are in no way monitored by the online store. These websites may have separate and independent privacy policies, which we recommend to read. The online store shall not be responsible for the rules regarding the handling of data used by such websites.