PRIVACY POLICY

1. 1. This Privacy Policy outlines the principles of processing personal data collected through the Omium.eu online store (hereinafter referred to as the “Online Store”).

1. 1. The owner of the Online Store and at the same time the data administrator is IKERSHOP.COM SPÓŁKA KOMANDYTOWA with its registered office in Sanok (38-500), Plac Św. Michała 3, entered in the register of entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, 12th Commercial Division of the National Court Register under number KRS 0000466098, with a share capital of 5,000 PLN, NIP: 7343520406, REGON: 122882066, hereinafter referred to as Ikershop.com.

1. 1. The personal data collected by Ikershop.com through the Online Store is processed in accordance with the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.

1. 1. Ikershop.com takes special care to respect the privacy of customers visiting the Online Store.

---

§ 1 Type of Processed Data, Purposes, and Legal Basis

1. 1. Ikershop.com collects information about natural persons engaging in legal activities not directly related to their business, natural persons running their own business or professional activities, and natural persons representing legal persons or organizational units that are not legal entities, which are collectively referred to as Customers.

1. 1. Personal data of Customers are collected in the following cases: a) Registration of an account in the Online Store to create and manage an individual account. Legal basis: necessity for the performance of the contract for account service (Art. 6(1)(b) GDPR); b) Placing an order in the Online Store to execute the sales contract. Legal basis: necessity for the performance of the sales contract (Art. 6(1)(b) GDPR); c) Subscribing to the newsletter to fulfill the agreement regarding the electronic newsletter service. Legal basis: consent of the data subject for the execution of the newsletter service (Art. 6(1)(a) GDPR).

1. 1. When registering an account in the Online Store, the Customer provides: a) Email address; b) Address data: a. Postal code and city; b. Country (state); c. Street and house/apartment number. c) First and last name; d) Phone number.

1. 1. When registering an account in the Online Store, the Customer independently sets an individual password to access their account. The Customer can change the password later, according to the rules described in §5.

1. 1. When placing an order in the Online Store, the Customer provides the following data: a) Email address; b) Address data: a. Postal code and city; b. Country (state); c. Street and house/apartment number. c) First and last name; d) Phone number.

1. 1. In the case of Entrepreneurs, the data scope is additionally extended by: a) The Entrepreneur’s company name.

1. 1. When using the newsletter service, the Customer provides only their email address.

1. 1. Additional information may be collected during the use of the Online Store, including: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, and operating system type.

1. 1. Navigation data may also be collected from Customers, including information about links and references they choose to click or other actions taken in the Online Store. Legal basis: legitimate interest (Art. 6(1)(f) GDPR), consisting of facilitating the use of electronically provided services and improving their functionality.

1. 1. Some personal data provided by the Customer during the use of the Online Store’s functionalities may be processed for the purposes of determining, pursuing, or defending claims, such as the Customer’s name, data regarding the use of services, and other data necessary to prove the existence of a claim, including the extent of the damage. Legal basis: legitimate interest (Art. 6(1)(f) GDPR), consisting of determining, pursuing, and defending claims, as well as defending against claims in court and other state authorities.

1. 1. Providing personal data to Ikershop.com is voluntary, in relation to the concluded sales contracts or services provided via the Online Store, with the reservation that failure to provide certain data in the registration forms will prevent registration and the creation of a Customer Account. Similarly, failing to provide data necessary for placing an order without registering will prevent the submission and execution of the Customer’s order.

§ 2 To whom are the data shared or entrusted, and how long are they stored?

Customer personal data are shared with service providers used by Ikershop.com in the operation of the Online Store. The service providers who receive the personal data may either process the data following Ikershop.com’s instructions (processors) or determine the purposes and methods of processing on their own (controllers), depending on contractual agreements and circumstances.
a) Processors: ikershop.com uses service providers who process personal data solely based on ikershop.com’s instructions. These include hosting providers, accounting services, marketing systems providers, systems for analyzing traffic in the Online Store, and systems for analyzing the effectiveness of marketing campaigns.
b) Controllers: Ikershop.com also works with providers who determine the purposes and methods of processing personal data on their own, such as electronic payment and banking service providers.

Location: Service providers are based in Poland and other European Economic Area (EEA) countries.
Customer personal data are stored:
a) If the basis for processing personal data is consent, the personal data will be processed for as long as the consent is not withdrawn, and after withdrawal, for the period corresponding to the limitation period of claims that Ikershop.com can raise or that may be raised against Ikershop.com. Unless a specific provision states otherwise, the limitation period is six years, and for periodic services and claims related to business activities, three years.
b) If the basis for processing data is the execution of a contract, personal data will be processed for as long as necessary to perform the contract, and after that period, for a time corresponding to the limitation period for claims. Unless a specific provision states otherwise, the limitation period is six years, and for periodic services and claims related to business activities, three years.

In the case of purchases made in the Online Store, personal data may be transferred to a courier company to deliver the ordered goods.
Navigational data may be used to provide better service to Customers, analyze statistical data, adapt the Online Store to Customers’ preferences, and administer the Online Store.
If a Customer subscribes to the newsletter, Ikershop.com will send commercial emails with information about promotions and new products available in the Online Store to the provided email address.
If requested, Ikershop.com will disclose personal data to authorized state authorities, including the Prosecutor’s Office, Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Electronic Communications Office.

§ 3 Cookies mechanism, IP address

The Online Store uses small files called cookies, which are saved by Ikershop.com on the device of the person visiting the Online Store if the web browser permits. A cookie file typically contains the domain name from which it originates, its “expiry time,” and a unique randomly chosen identifier. The information collected by these files helps tailor the products offered by Ikershop.com to the individual preferences and actual needs of the visitors to the Online Store. They also enable the creation of general statistics regarding the presentation of products in the Online Store.

Ikershop.com uses two types of cookies:
a) Session cookies: After a browser session ends or the computer is turned off, the stored information is removed from the device memory. The session cookie mechanism does not allow the retrieval of any personal data or confidential information from the Customer’s computer.
b) Persistent cookies: These are stored in the Customer’s device memory and remain there until they are deleted or expired. The persistent cookie mechanism does not allow the retrieval of any personal data or confidential information from the Customer’s computer.

Ikershop.com uses its own cookies for:
a) Authenticating the Customer in the Online Store and ensuring the Customer’s session (after logging in), so that the Customer does not have to re-enter their login and password on every subpage of the Online Store.
b) Analysis, research, and audits of viewership, particularly for creating anonymous statistics that help understand how Customers use the Online Store, which allows improving its structure and content.

Ikershop.com uses external cookies for:
a) Promoting the Online Store via social media platforms using the tool addthis.com (external cookie administrator: AddThis, Inc., USA).
b) Promoting the Online Store via the social network facebook.com (external cookie administrator: Facebook Inc, USA, or Facebook Ireland, Ireland).
c) Displaying advertisements tailored to the Customer’s preferences using the Google AdSense advertising tool (external cookie administrator: Google Inc, USA).
d) Presenting the Trustworthy Regulation Certificate through the website rzetelnyregulamin.pl (external cookie administrator: Rzetelna Grupa Sp. z o.o., Warsaw).

The cookies mechanism is safe for the computers of Online Store Customers. In particular, it is not possible for viruses or unwanted or malicious software to enter the Customers’ computers through this means. However, Customers can limit or disable access to cookies on their computers in their browser settings. In this case, the use of the Online Store will still be possible, except for functions that, by nature, require cookies.

Below are instructions for changing cookie settings in popular web browsers:
a) Internet Explorer;
b) Microsoft EDGE;
c) Mozilla Firefox;
d) Chrome;
e) Safari;
f) Opera.

Ikershop.com may collect Customers’ IP addresses. An IP address is a number assigned to the device of a person visiting the Online Store by their Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned dynamically and changes with each Internet connection. The IP address is used by Ikershop.com to diagnose technical problems with the server, create statistical analyses (e.g., determining from which regions most visits are recorded), as useful information for administering and improving the Online Store, and for security purposes and identifying automated programs that may overload the server by browsing content on the Online Store.
The Online Store contains links and references to other websites. Ikershop.com is not responsible for the privacy policies in place on those websites.

§ 4 Rights of Data Subjects

1. 1. Right to Withdraw Consent – Legal Basis: Article 7(3) GDPR. a) The customer has the right to withdraw any consent given to Ikershop.com. b) Withdrawal of consent is effective from the moment of withdrawal. c) Withdrawal of consent does not affect processing carried out by Ikershop.com lawfully prior to the withdrawal. d) Withdrawal of consent does not result in any negative consequences for the customer but may prevent further use of services or functionalities that Ikershop.com can legally offer only with consent.

1. 1. Right to Object to Data Processing – Legal Basis: Article 21 GDPR. a) The customer has the right to object at any time—on grounds relating to their particular situation—to the processing of their personal data, including profiling, if Ikershop.com processes the data based on legitimate interests, e.g., for marketing Ikershop.com’s products and services, compiling usage statistics for the online store, or facilitating store usage and customer satisfaction surveys. b) Unsubscribing from marketing communications via email implies the customer’s objection to the processing of their personal data, including profiling for these purposes. c) If the customer’s objection is justified and Ikershop.com has no other legal grounds for processing the data, the personal data in question will be deleted.

1. 1. Right to Erasure (“Right to Be Forgotten”) – Legal Basis: Article 17 GDPR. a) The customer has the right to request the deletion of all or some personal data. b) The customer may request the deletion of personal data if: a. The personal data is no longer necessary for the purposes for which it was collected or processed; b. The customer has withdrawn consent, to the extent that the data was processed based on consent; c. The customer objects to the use of their data for marketing purposes; d. The personal data is processed unlawfully; e. Deletion of the personal data is required to comply with a legal obligation under Union or Member State law to which Ikershop.com is subject; f. The personal data was collected in connection with the provision of information society services. c) Despite a request for data deletion due to an objection or withdrawal of consent, Ikershop.com may retain certain personal data if necessary to establish, assert, or defend claims, or to fulfill a legal obligation. This applies in particular to data such as name, email address (for handling complaints or claims related to services or sales contracts), and in some cases, residential address, correspondence address, and order number.

1. 1. Right to Restrict Data Processing – Legal Basis: Article 18 GDPR. a) The customer has the right to request the restriction of their personal data processing. Upon such a request, Ikershop.com will suspend certain functionalities or services that require the processing of restricted data until the request is resolved. b) The customer can request data processing restrictions in the following cases: a. If they contest the accuracy of their personal data— ikershop.com will limit its use for up to 7 days while verifying the accuracy of the data; b. If the processing is unlawful, but the customer requests restriction rather than deletion; c. If the data is no longer necessary for its original purpose, but the customer needs it to establish, assert, or defend legal claims; d. If the customer has objected to the data processing—Ikershop.com will restrict data use while determining whether the customer’s rights outweigh the legitimate interests of Ikershop.com.

1. 1. Right to Access Data – Legal Basis: Article 15 GDPR. a) The customer has the right to obtain confirmation from Ikershop.com whether their personal data is being processed. If so, they are entitled to: a. Access their personal data; b. Obtain information about the purposes of processing, the categories of processed personal data, recipients of the data, the planned retention period, the customer’s rights under the GDPR, and their right to lodge a complaint with the supervisory authority, the source of the data, automated decision-making, including profiling, and the safeguards for data transfers outside the European Union; c. Receive a copy of their personal data.

1. 1. Right to Rectify Data – Legal Basis: Article 16 GDPR. a) The customer has the right to request the rectification of any inaccurate personal data. Considering the purposes of processing, the customer also has the right to request the completion of incomplete data by submitting a statement to the email address specified in §6 of the Privacy Policy.

1. 1. Right to Data Portability – Legal Basis: Article 20 GDPR. a) The customer has the right to receive their personal data from Ikershop.com and transfer it to another data controller. The customer may also request that their personal data be transmitted directly between controllers where technically feasible, in a commonly used machine-readable format, such as CSV.

1. 1. When a customer exercises their rights, Ikershop.com will comply or refuse the request without delay, but no later than one month after receiving the request. If the request is complex or there are multiple requests, Ikershop.com may extend the response time by two months, informing the customer within the initial month.

1. 1. The customer may submit complaints, inquiries, or requests regarding their personal data to the data controller.

1. 1. The customer has the right to request a copy of the standard contractual clauses from Ikershop.com by submitting a request as outlined in §6 of the Privacy Policy.

1. 1. The customer has the right to lodge a complaint with the President of the Office for Personal Data Protection if their data protection rights are violated.

§ 5 Security Management – Passwords

1. 1. Ikershop.com ensures secure and encrypted connections during the transmission of personal data and when logging into the customer account. Ikershop.com uses SSL certificates issued by leading global companies specializing in internet security and encryption.

1. 1. If a customer loses their account password, the online store provides a mechanism to generate a new password. Ikershop.com does not send password reminders. Passwords are stored in encrypted form, making them unreadable. To generate a new password, the customer must provide their email address via the “Forgot Password” link in the login form. The new password will be sent automatically to the email address registered with the account.

1. 1. Ikershop.com never sends any communication, including emails, requesting login details, especially passwords.

§ 6 Changes to the Privacy Policy

1. 1. The Privacy Policy may change, and Ikershop.com will notify customers 7 days in advance.

1. 1. Questions regarding the Privacy Policy should be sent to: info@omium.eu 
      Last modified: October 15, 2019.