Privacy policy

OF THE ONLINE STORE www.sticker-brothers.com

 

TABLE OF CONTENTS:

• GENERAL PROVISIONS
• LEGAL BASIS FOR DATA PROCESSING
• PURPOSE, LEGAL BASIS, AND RETENTION PERIOD OF DATA IN THE ONLINE STORE
• DATA RECIPIENTS IN THE ONLINE STORE
• PROFILING IN THE ONLINE STORE
• RIGHTS OF THE DATA SUBJECT
• COOKIES IN THE ONLINE STORE AND ANALYTICS
• FINAL PROVISIONS

 

1. GENERAL PROVISIONS

1.1. This privacy policy of the Online Store is for informational purposes only, which means that it is not a source of obligations for the Service Recipients or Customers of the Online Store. The privacy policy sets out the rules for processing personal data by the Controller in the Online Store, including the legal basis, purposes, and scope of data processing and the rights of individuals whose data is processed, as well as information about the use of cookies and analytical tools in the Online Store.

1.2. The controller of personal data collected through the Online Store is dotMedia sp. z o.o., entered in the Central Registration and Information on Business of the Republic of Poland maintained by the minister competent for economic affairs, having:

• business and correspondence address: ul. Przemysłowa 21, 23-200 Kraśnik, Poland,
• NIP (VAT ID): 7151797589, REGON: 060059624,
• e-mail address: sklep@decomasteres.eu,
• contact phone number: +48 818251020 –
  hereinafter referred to as the “Controller” and also acting as the Service Provider of the Online Store and the Seller.

1.3. Contact details of the Data Protection Officer appointed by the Controller:
Paweł Stelmach, email: hello@sticker-brothers.com

1.4. Personal data in the Online Store is processed by the Controller in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR”. The official text of the GDPR Regulation is available at:

1.5. Using the Online Store, including making purchases, is voluntary. Likewise, the provision of personal data by a Service Recipient or Customer using the Online Store is voluntary, except for two cases:
1.5.1. Contract conclusion with the Controller – failure to provide personal data in the cases and to the extent indicated on the Online Store’s website and in the Store’s Terms and Conditions and this privacy policy, which is required for the conclusion and performance of a Sales Agreement or Electronic Service agreement with the Controller, results in the impossibility of concluding such an agreement. Providing personal data is in such a case a contractual requirement. If a person wishes to conclude a contract with the Controller, they are obliged to provide the required data. The scope of required data is always indicated in advance on the Online Store's website and in the Store’s Terms and Conditions.
1.5.2. Legal obligations of the Controller – providing personal data is a statutory requirement arising from generally applicable laws obligating the Controller to process personal data (e.g., for tax or accounting purposes), and failure to provide such data will prevent the Controller from fulfilling those obligations.

1.6. The Controller exercises special care to protect the interests of the data subjects and is in particular responsible for ensuring that the collected data is:

• processed lawfully;
• collected for specified, lawful purposes and not further processed in a way incompatible with those purposes;
• factually correct and adequate in relation to the purposes for which it is processed;
• stored in a form allowing the identification of the data subjects no longer than necessary for the purposes of processing;
• processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

1.7. Taking into account the nature, scope, context, and purposes of processing as well as the risk of violating the rights or freedoms of natural persons, the Controller implements appropriate technical and organizational measures to ensure and demonstrate that processing is carried out in accordance with this Regulation. These measures are reviewed and updated when necessary. The Controller uses technical safeguards to prevent unauthorized persons from acquiring or modifying personal data transmitted electronically.

1.8. All terms, expressions, and acronyms used in this privacy policy with capital letters (e.g., Seller, Online Store, Electronic Service) are to be understood in accordance with their definitions in the Terms and Conditions of the Online Store available on the Online Store’s website.

 

2. LEGAL BASIS FOR DATA PROCESSING

2.1. The Controller is authorized to process personal data in situations where – and to the extent that – at least one of the following conditions is met:

1. the data subject has given consent to the processing of their personal data for one or more specific purposes;
2. the processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract;
3. the processing is necessary for compliance with a legal obligation to which the Controller is subject;
4. the processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data, especially when the data subject is a child.

2.2. The processing of personal data by the Controller always requires the existence of at least one of the grounds specified in point 2.1 of this Privacy Policy. The specific legal basis for the processing of personal data of Service Recipients and Customers of the Online Store by the Controller is indicated in the next section of the Privacy Policy – in relation to the relevant purpose of personal data processing by the Controller.

 

3. PURPOSE, LEGAL BASIS, AND RETENTION PERIOD OF DATA IN THE ONLINE STORE

3.1. In each case, the purpose, legal basis, period, and scope as well as the recipients of personal data processed by the Controller result from the actions undertaken by the given Service Recipient or Customer in the Online Store or from legal regulations.

3.2. The Controller may process personal data in the Online Store for the following purposes, on the following legal bases, and for the following periods:

Purpose of Data Processing	Legal Basis for Processing	Data Retention Period
Performance of the Sales Agreement or Electronic Service Agreement or taking actions at the request of the data subject prior to the conclusion of such agreements	Article 6(1)(b) of the GDPR (performance of a contract)	For the duration of the agreement
Direct marketing	Article 6(1)(f) of the GDPR (legitimate interest of the controller)	Until objection is raised by the data subject
Keeping tax books	Article 6(1)(c) of the GDPR in connection with Article 74(2) of the Accounting Act of 29 September 1994 (Journal of Laws of 1994, No. 121, item 591, as amended)	5 years from the beginning of the year following the financial year to which the data relates
Establishing, pursuing, or defending claims that may be raised by the Controller or against the Controller	Article 6(1)(f) of the GDPR (legitimate interest of the controller)	Until the expiration of the limitation period for claims under applicable law
Using the website and ensuring its proper functioning	Article 6(1)(f) of the GDPR (legitimate interest of the controller)	Until the end of the session or deletion of cookies by the user
Creating statistics and analyzing traffic in the Online Store	Article 6(1)(f) of the GDPR (legitimate interest of the controller)	Until the end of the session or deletion of cookies by the user

 

4. DATA RECIPIENTS IN THE ONLINE STORE

4.1. For the proper functioning of the Online Store, including the performance of concluded Sales Agreements, it is necessary for the Controller to use the services of external entities (such as software providers, couriers, or payment processors). The Controller only uses the services of such processors who provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.

4.2. The transfer of data by the Controller does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Controller transfers data only when it is necessary to achieve the given purpose of personal data processing and only to the extent necessary for its achievement.

4.3. Personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
4.3.1. Carriers / shipping brokers / logistics companies – in the case of a Customer who uses postal or courier delivery in the Online Store, the Controller makes the collected personal data of the Customer available to the selected carrier, shipping broker, or logistics company handling shipments at the Controller’s request – to the extent necessary to deliver the Product to the Customer.
4.3.2. Entities handling electronic payments or card payments – in the case of a Customer who uses electronic payment or card payment in the Online Store, the Controller provides the collected personal data of the Customer to the selected entity handling the above payments in the Online Store at the Controller’s request – to the extent necessary to handle the payment by the Customer.
4.3.3. Providers of IT, hosting, or technical support services – the Controller makes the data available to entities supporting the functioning of the Online Store (including, for example, those maintaining servers or supporting the software used).
4.3.4. Accounting or legal service providers – in the case where the Controller uses external accounting or legal support, the Customer's data may be transferred to the relevant entities for proper bookkeeping or legal services.

 

5. PROFILING IN THE ONLINE STORE

5.1. The GDPR requires the Controller to provide information concerning automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR, and – at least in those cases – relevant information about the principles of such processing and its significance and expected consequences for the data subject. Therefore, the Controller provides information regarding possible profiling in this section of the privacy policy.

5.2. The Controller may use profiling in the Online Store for the purpose of direct marketing, but decisions made based on it by the Controller do not concern the conclusion or refusal to conclude a contract or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, granting a discount, sending a discount code, reminding about unfinished purchases, or proposing a Product that may match the interests or preferences of the person. Despite profiling, the individual freely decides whether they want to take advantage of the received discount or promotional offer and make a purchase in the Online Store.

5.3. Profiling in the Online Store consists of the automatic analysis or forecast of a person’s behavior on the website, e.g. by adding a specific Product to the cart, browsing the page of a specific Product, or by analyzing the previous history of activity in the Online Store. The condition for such profiling is that the Controller possesses the personal data of the person (e.g. email address), so that later they can send, for example, a discount code.

5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

 

6. RIGHTS OF THE DATA SUBJECT

6.1. Right of access, rectification, restriction, erasure, or portability – the data subject has the right to request from the Controller access to their personal data, rectification, erasure ("right to be forgotten"), or restriction of processing, and has the right to object to processing and the right to data portability. The detailed conditions for exercising these rights are indicated in Articles 15–21 of the GDPR.

6.2. Right to withdraw consent at any time – the person whose data is processed by the Controller based on their consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time, without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.

6.3. Right to lodge a complaint with a supervisory authority – the person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office (UODO).

6.4. Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interests of the controller), including profiling based on those provisions. The Controller may no longer process such personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

6.5. Right to object to direct marketing – if personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that it is related to such direct marketing.

6.6. To exercise the rights referred to in this section of the privacy policy, the data subject may contact the Controller using the contact details provided in section 1 of the privacy policy.

 

7. COOKIES IN THE ONLINE STORE AND ANALYTICS

7.1. Cookies are small text files sent by a server and stored on the device of the visitor to the Online Store (e.g. on a computer hard drive, laptop, or smartphone memory card – depending on the device used by the user). Detailed information about cookies, as well as the history of their creation, can be found, among others, here: https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. The Controller may process data contained in cookies when visitors use the Online Store website for the following purposes:

• remembering Products added to the cart to place an Order;
• remembering data from completed Order Forms, surveys, or login details to the Online Store;
• adjusting the content of the Online Store to the user’s individual preferences (e.g. colors, font size, page layout) and optimizing the use of the Online Store pages;
• keeping anonymous statistics showing how the Online Store is used;
• remarketing, i.e. examining the behavioral characteristics of visitors to the Online Store through anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords used, etc.), to create their profile and provide them with advertisements tailored to their anticipated interests, even when they visit other websites within the advertising network of Google Inc. and Meta Platforms Ireland Limited.

7.3. By default, most web browsers available on the market accept storing cookies. Everyone can determine the conditions for the use of cookies through their browser settings. This means, for example, that it is possible to partially restrict (e.g. temporarily) or completely disable the ability to save cookies – in the latter case, however, some functionalities of the Online Store may be limited (e.g. it may be impossible to complete an Order via the Order Form due to the failure to remember the Products in the cart during subsequent steps of the Order placement process).

7.4. Browser settings for cookies are important in terms of consent to the use of cookies by our Online Store – in accordance with the regulations, such consent may also be expressed through the settings of the web browser. In the absence of such consent, the browser settings for cookies should be changed accordingly.

7.5. Detailed information about changing cookie settings and deleting them yourself in the most popular web browsers is available in the help section of the browser and on the following websites (click to open):

• Chrome: https://support.google.com/chrome/answer/95647?hl=en
• Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
• Internet Explorer: https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies
• Safari: https://support.apple.com/en-us/HT201265
• Microsoft Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge

7.6. The Controller may use the Google Analytics, Universal Analytics, and Facebook Pixel services in the Online Store, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). These services help the Controller analyze the use of the Online Store and conduct remarketing activities. The data collected is processed under the above services in an anonymized manner (they are so-called operational data, which make it impossible to identify a person) for the purposes of compiling statistics that help administer the Online Store. The data is aggregated and anonymous – it does not contain identifying characteristics (personal data) of visitors to the Online Store.

7.7. It is possible for a person to easily block information about their activity on the Online Store website from being shared with Google Analytics – to do this, for example, you can install a browser add-on provided by Google Inc., available here: https://tools.google.com/dlpage/gaoptout?hl=en.

 

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Controller encourages the user to read the privacy policies established there after navigating to other sites. This privacy policy applies only to the Online Store www.sticker-brothers.com.

8.2. The Controller applies technical and organizational measures to ensure the protection of the processed personal data appropriate to the risks and category of the data protected, and in particular, protects the data against being made available to unauthorized persons, taken by an unauthorized person, processed in violation of applicable laws, as well as alteration, loss, damage, or destruction.

8.3. The Controller provides the following technical means to prevent the acquisition and modification of personal data sent electronically by unauthorized persons:

• Securing the data set against unauthorized access.
• Access to the Account only after entering an individual login and password.
• SSL certificate on the pages of the Online Store where personal data is provided.