Privacy Policy
Dear User!
We care about your privacy and want you to feel comfortable while using our services. Therefore, below, we provide you with the most important information about the rules for processing your personal data and the use of cookies by our Store. This information has been prepared in accordance with the GDPR, the General Data Protection Regulation.
General Information
- This policy applies to the Online Store, operating at the following URL: secondstore.pl
- The operator of the service and the Data Controller is: Second Store Kamila Semerak, Suflerska 10/10, 04-471 Warsaw.
- Operator’s email contact address: sklep@secondstore.pl
- The operator is the Administrator of your personal data in relation to data provided voluntarily on the Website.
- The Service uses personal data for the following purposes:
- Running a newsletter
- Operating a comment system
- Conducting online chat conversations
- Handling inquiries through the contact form
- Preparing, packing, and shipping goods
- Fulfilling ordered services
- Debt collection
- Presentation of offers or information
- The service collects information about users and their behavior in the following ways:
- By voluntarily entering data in forms, which are then entered into the systems of the Operator.
- By storing cookie files (“cookies”) in end-user devices.
Selected data protection methods used by the Operator
- Places of login and personal data entry are protected in the transmission layer (SSL certificate). Thanks to this, personal data and login data entered on the website are encrypted on the user’s computer and can only be read on the target server.
- Personal data stored in the database are encrypted in such a way that only the Operator with the key can read them. This ensures that the data is protected in case the database is stolen from the server.
- User passwords are stored in a hashed form. The hashing function operates in a one-way direction, meaning it cannot be reversed, which is the modern standard for storing user passwords.
- To protect data, the Operator regularly creates backup copies.
- An important element of data protection is the regular update of all software used by the Operator to process personal data, which includes regular updates of programming components in particular.
Hosting
The service is hosted (technically maintained) on the operator’s servers: zenbox.pl
Your rights and additional information about data usage.
- In some situations, the Administrator has the right to transfer your personal data to other recipients if it is necessary to fulfill the contract concluded with you or to fulfill the obligations incumbent on the Administrator. This applies to such groups of recipients:
- hosting company on the basis of entrustment
- couriers
- postal operators
- insurance companies
- law firms and debt collectors
- banks
- payment operators
- public authorities
- comment system operators
- online chat solution operators
- authorized employees and associates who use the data to achieve the purpose of the website’s operation
- companies providing marketing services to the Administrator
- Your personal data is processed by the Administrator for no longer than is necessary to perform activities related to them as specified in separate regulations (e.g., accounting regulations). In the case of marketing data, the data will not be processed for longer than 3 years.
- You have the right to request from the Administrator:
- access to your personal data,
- their rectification,
- deletion,
- restriction of processing,
- and data portability.
- You have the right to object to the processing of your personal data for the purposes of pursuing legitimate interests by the Controller, including profiling, unless there are compelling legitimate grounds for processing that override your interests, rights, and freedoms, especially the establishment, exercise, or defense of legal claims.
- You have the right to lodge a complaint with the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, regarding the actions of the Administrator.
- Providing personal data is voluntary but necessary for the use of the Service.
- Automated decisions, including profiling, may be taken in relation to you in order to provide services under the contract and for direct marketing carried out by the Administrator.
- Personal data is not transferred to third countries within the meaning of personal data protection regulations. This means that we do not transfer them outside the European Union territory.
Information in forms
- The service collects information voluntarily provided by the user, including personal data, if provided.
- The service may record information about the connection parameters (timestamp, IP address).
- The service, in some cases, may save information that facilitates linking data in the form with the email address of the user filling out the form. In such a case, the user’s email address appears within the URL address of the page containing the form.
- Data provided in the form is processed for the purpose resulting from the specific form’s function, e.g., to process a service request, commercial contact, registration of services, etc. Each time, the context and description of the form clearly inform what it is used for.
Administrator’s Logs
Information about user behavior on the website may be subject to logging. This data is used for the administration of the website.
Significant marketing techniques
- The operator employs statistical analysis of traffic on the website through Google Analytics (Google Inc. based in the USA). The operator does not transfer any personal data to this service provider, only anonymized information. This service is based on the use of cookies on the user’s end device. Regarding user preference information collected by the Google advertising network, users can view and edit this information using the following tool: https://www.google.com/ads/preferences/
- The operator uses remarketing techniques that allow for tailoring advertising messages to user behavior on the website. This may give the impression that the user’s personal data is being tracked, but in practice, no personal data is transferred from the operator to advertisers. The technological requirement for such actions is the enabled support for cookies.
- The operator uses Facebook pixel technology. This technology allows Facebook (Facebook Inc., based in the USA) to know that a registered user is using the Service. In this case, it relies on data for which it is the administrator, and the operator does not provide any additional personal data to the Facebook service. The service is based on the use of cookies in the user’s end device.
- The operator uses a solution to analyze user behavior by creating heatmaps and recording user interactions on the website. This information is anonymized before being sent to the service operator, so they do not know which specific individual the data pertains to. In particular, passwords and other personal data are not recorded during this process.
- The operator uses an automated solution to manage the operation of the Service in relation to users. For example, it can send an email to a user after they have visited a specific subpage, provided that the user has given their consent to receive commercial correspondence from the Operator.
Cookie Policy
- The service uses cookies.
- Cookies (so-called “cookies”) are computer data, in particular text files, which are stored on the end device of the Service User and are intended for using the websites of the Service. Cookies usually contain the name of the website they come from, the time of their storage on the end device, and a unique number.
- The entity that places cookies on the end device of the Service User and has access to them is the operator of the Service.
- Cookies are used for the following purposes:
- maintaining the user’s session on the Service (after logging in), so the user doesn’t have to re-enter their login and password on each subpage of the Service;
- achieving the goals specified above in the “Important marketing techniques” section;
- Within the Service, two main types of cookies are used: “session cookies” and “persistent cookies.” “Session cookies” are temporary files that are stored on the User’s end device until they log out, leave the website, or close the software (web browser). “Persistent” cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.
- The web browsing software (web browser) typically allows the storage of cookies on the User’s end device by default. Users of the Service can change their settings in this regard. The web browser allows for the deletion of cookies, and it is also possible to automatically block cookies. Detailed information on this topic is available in the help or documentation of the web browser.
- Limiting the use of cookies may affect some of the functionalities available on the Service’s websites.
- Cookies placed on the end device of the Service User may also be used by entities cooperating with the Service operator, in particular, this applies to companies such as Google (Google Inc. headquartered in the USA), Facebook (Meta Platforms, Inc. headquartered in the USA), Twitter (Twitter Inc. headquartered in the USA).
Managing cookies – how to give and withdraw consent in practice?
- If a user does not wish to receive cookies, they can change their browser settings. Please note that disabling cookies that are necessary for authentication, security, and maintaining user preferences may hinder, and in extreme cases, prevent the use of websites
- To manage your cookie settings, please select the internet browser you are using from the list below and follow the provided instructions: Edge, Internet Explorer, Chrome, Safari, Firefox, Opera. Mobile devices: Android, Safari (iOS), Windows Phone