111RACING.COM
TABLE OF CONTENTS:
1. GENERAL PROVISIONS
2. BASES FOR DATA PROCESSING
3. OBJECTIVE, BASIS, AND TERM OF DATA PROCESSING IN THE ONLINE STORE
4. THE ONLINE STORE’S DATA RECIPIENTS
5. PROFILING IN THE ONLINE STORE
6. RIGHTS OF A PERSON WHOSE DATA IS BEING PROCESSED
7. COOKIES & ANALYTICS
8. FINAL PROVISIONS
1. general provisions
1.1. This privacy policy of an Online Store is by nature informational only, which means that it does not list any formal duties that the Clients or Recipients of the Store’s Services need to fulfill. The privacy policy mainly outlines the rules of personal data processing by the data Administrator, including bases, objectives and terms of data processing as well as rights of the people whose data is being processed, but also the information regarding the use of cookies and analytic tools by the Store.
1.2. The administrator of personal data stored through the Online Store is 111 BŁAŻUSIAK SP. K., a company headquartered in Nowy Targ (registration and correspondence address: ul. Składowa 26, 34-400 Nowy Targ, Poland); entered in the register of entrepreneurs of the National Court Register under number 0000890195; court of registration where the company’s documentation is being archived: Krakow’s Regional Court – Sródmieście in Krakow, 12th Commercial Division of the National Court Register; VAT ID 7352896022, National Business Registry Number 388547769, email address: shop@111racing.com contact phone: +48 182610894 – hereinafter referred to as the “Administrator”, being also the Online Store’s Service Provider, and Vendor.
1.3. Personal data in the Online Store is being processed by the Administrator in compliance with the law, especially in accordance with the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as „GDPR” or „GDPR Regulation”. The formal content of the Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.
1.4. The use of the Online Store, including shopping, is voluntary. So is providing any personal data by a Service Recipient or Client, with two exceptions: (1) contractual agreements with the Administrator – not providing (in cases and within the scope indicated on the Online Store’s website and in the Online Store’s terms of use and in this privacy policy) the personal data necessary for the creation and execution of a Sales Agreement or Service Agreement with the Administrator, results in the impossibility of completing such agreement. Providing personal data becomes under such circumstances a contractual obligation, and if a person whose data is being processed wants such agreement to be completed, they are obliged to provide the data. Each time, the scope of the required data is first indicated on the Online Store’s website and in the Online Store’s terms of use; (2) statutory obligations of the Administrator – providing personal data is a statutory requirement by law and requires from the Administrator to process personal data (for such purposes as bookkeeping), and lack thereof might result in the Administrator not able to carry out such obligations.
1.5. The Administrator does their due diligence to protect best interests of persons whose data is being processed, remains responsible and assures that the collected data is: (1) processed in accordance with the law; (2) collected for designated, legitimate purposes and not processed further for any other purposes; (3) correct in essence, and adequate for the purposes intended; (4) stored in a manner allowing identification of persons concerned, not longer than necessary to achieve the objective of its processing; (5) processed in a manner assuring proper security of personal data, including protection from forbidden or illegal processing or accidental loss, destruction or damage, by providing the necessary technical and organizational means.
1.6. Taking into account the character, scope, context and objectives of processing, as well as risk of breaching laws or freedoms of natural persons, of different probability and weight of risk, the Administrator implements adequate technical and organizational means to assure that the processing undergoes in compliance with the Regulation, and to be able to prove it. These means are, when necessary, subject to review and update. The Administrator applies technical means preventing any unauthorized persons from obtaining and modifying the personal information submitted electronically.
1.7. All words, phrases and acronyms in this privacy policy starting with a capital letter (for example, Vendor, Online Store, Administrator), must be understood as defined in the Online Store’s terms of use available on the Online Store’s website.
2. BASES FOR DATA PROCESSING
2.1. The Administrator is entitled to process personal data in cases when – and within the scope that – at least one of the following conditions is met: (1) person, whose data is being processed agreed for their data to be processed for one or more designated purpose; (2) the processing is necessary to complete and execute an agreement in which a person whose data is being processed is a party, or to fulfill their demand prior to the finalization of such an agreement; (3) the processing is necessary for fulfilling the Administrator’s legal obligations; or (4) the processing is necessary for purposes resulting from legally justified interests of the Administrator or a third party, with the exception of situations where legal rights and freedoms of persons whose data is being processed are of an overriding nature, especially if such person is a child.
2.2. The processing of personal data by the Administrator, every time when it occurs, requires at least one of the bases indicated in point 2.1 of this privacy policy. Specific bases of processing of the data of the Online Store’s Clients and Service Recipients by the Administrator are indicated in the next point of this privacy policy – in relation to specific objectives of processing the personal data by the Administrator.
3. OBJECTIVE, BASIS, AND TERM OF DATA PROCESSING IN THE ONLINE STORE
3.1. Each objective, basis, and term, as well as recipients of personal data processed by the Administrator, are exclusively initiated by actions taken by a given Service Recipient or Client of the Online Store, or by the Administrator. For example, if Client decides to make a purchase through the Online Store and chooses to personally collect the purchased Product instead of using a standard delivery, their personal data will be processed to execute the Sales Agreement but will not be shared with the delivery company completing deliveries as per Administrator’s order.
3.2. The Administrator is entitled to process personal data through the Online Store to accomplish the following objectives, on the following bases, and within the scope indicated in the table below:
Objective for data processing |
Legal basis for data processing |
Term of data storing |
Fulfilling of Sales Agreements or Online Service Agreements, or demands of a person whose data is being processed prior to executing the said agreements |
Article 6 paragraph 1 letter b) GDPR Regulation (executing agreements) – data processing is necessary for execution of an agreement in which a person whose data is being processed is a party, or to initiate actions as per demand of a person whose data is being processed prior to agreement’s execution. |
The data is stored as long as necessary for execution, termination or other form of expiration of a Sales Agreement or an Online Service Agreement. |
Direct Marketing |
Article 6 paragraph 1 letter f) GDPR Regulation (legally justified interest of an administrator) – the processing is necessary for purposes resulting from legally justified interests of the Administrator – such as: taking care of interests and positive image of the Administrator, their Online Store, as well as the goal to sell Products.
|
The data is stored for the term of legally justified interest carried out by the Administrator, but not longer than the limitation period for the claim of the Administrator in respect to a person whose data is being processed, based on the Administrator’s business activity. The limitation period is defined by law, specifically its Civil Code. (Base limitation period for claims related to business activity is three years, and for Sales Agreements, two years.) The Administrator is not allowed to process data for purposes related to direct marketing actions in case of expressing an efficient objection against it by a person whose data is being processed. |
Marketing |
Article 6 paragraph 1 letter a) GDPR Regulation (consent) – person whose data is being processed expressed consent to the processing of their personal data by the Administrator for marketing purposes.
|
The data is stored until the moment when consent is withdrawn by a person whose data is being processed. |
Expressing opinion on a Sales Agreement by the Client |
Article 6, paragraph 1, letter a) GDPR Regulation – person whose data is being processed expressed consent to the processing of their personal data in order to express opinion. |
The data is stored until the moment when consent is withdrawn by a person whose data is being processed. |
Bookkeeping |
Article 6 paragraph 1 letter c) GDPR Regulation, related to article 74 paragraph 2 of Accounting Act dated 30 January 2018 (Official Gazette from 2018, position 395) – processing is necessary to fulfill a statutory obligation of the Administrator. |
The data is stored for the period required by law, ordering the Administrator to keep their books for 5 years, counting from the beginning of the year following the fiscal year the data is related to. |
Determination, pursuit or defense of the potential claims the Administrator can seek or that can be sought against the Administrator |
Article 6 paragraph 1 letter f) GDPR Regulation (legally justified interest of an administrator) – processing is necessary for purposes resulting from legally justified interests of the Administrator – such as determination, pursuit or defense of claims the Administrator can seek or that can be sought against the Administrator.
|
The data is stored for the term of legally justified interest carried out by the Administrator, but not longer than the limitation period for the potential claims the Administrator can seek or that can be sought against the Administrator (base limitation period for the claims against the Administrator is six years). |
Use of the Store’s website and assuring its proper operation |
Article 6 paragraph 1 letter f) GDPR Regulation (legally justified interest of an administrator) – processing is necessary for purposes resulting from legally justified interests of the Administrator – such as use and maintenance of the Online Store’s website. |
The data is stored for the term of legally justified interest carried out by the Administrator, but not longer than the limitation period for the claim of the Administrator in respect to a person whose data is being processed, based on the Administrator’s business activity. The limitation period is defined by law, specifically its Civil Code (base limitation period for claims related to business activity is three years, and for Sales Agreements, two years).
|
Creation of statistics and analysis of the traffic in the Online Store |
Article 6 paragraph 1 letter f) GDPR Regulation (legally justified interest of an administrator) – processing is necessary for purposes resulting from legally justified interests of the Administrator – such as creation of statistics and analysis of the traffic in the Online Store in order to improve the functioning of the Online Store and increasing sales of Products. |
The data is stored for the term of legally justified interest carried out by the Administrator, but not longer than the limitation period for the claim of the Administrator in respect to a person whose data is being processed, based on the Administrator’s business activity. The limitation period is defined by law, specifically its Civil Code (base limitation period for claims related to business activity is three years, and for Sales Agreements, two years).
|
4. ONLINE STORE’S DATA RECIPIENTS
4.1. To assure proper operation of the Online Store, including the execution of Sales Agreements, it is necessary for the Administrator to use services of external entities (such as software providers, courier companies, or payment servicing entities). The Administrator uses only the services of such data processing entities that assure satisfactory guarantees of implementation of adequate technical and organizational means, so that the data processing remains in compliance with the GDPR Regulation and protect rights of the persons whose data is being processed.
4.2. Data transmission by the Administrator does not occur in every case and the data is not transferred to all recipients or categories of recipients indicated in this privacy policy – the Administrator transfers personal data only when it is absolutely necessary to accomplish a particular objective of processing of personal data and only within the scope absolutely necessary to accomplish it. For example, if the Client chooses personal collection of purchased Products, their data will not be shared with a courier company cooperating with the Administrator.
4.3. Personal data can be transferred by the Administrator outside of the Polish borders only when the Administrator can assure that in such a case, the transmission will happen to a country that assures an adequate level of security – in compliance with the GDPR Regulation, and that the person whose data is being processed maintains the right to receive a copy of their data. The Administrator transfers the gathered personal data only in cases, and within the scope absolutely necessary to accomplish a particular objective of processing of personal data, compliant with this privacy policy.
4.4. Personal data of Service Recipients and Online Store’s Clients can be transmitted to the following recipients or categories of recipients:
4.4.1. carriers / forwarders / courier brokers / entities supervising a warehouse and/or delivery process – in case of Clients who decide to use a postal or courier delivery, the Administrator shares the collected personal data of the Client to a chosen carrier, forwarding company or a broker carrying out deliveries per the Administrator’s request, and if the delivery is shipped from an external warehouse – also to an entity supervising that warehouse and/or delivery process – within the scope absolutely necessary to successfully complete the delivery of a Product to the Client.
4.4.2. Entities operating / running the Online Store – in each case where the Administrator, based on a relevant contractual arrangement, assigns a third party to directly operate the Online Store, the Administrator shares the collected personal data of the Client to such a party – within the scope absolutely necessary to successfully complete the order, including its delivery and payment.
4.4.3. Entities handling electronic payments or credit / debit card payments – in case of Clients who use electronic payments or credit / debit card payments in the Online Store, the Administrator shares the collected personal data of the Client to a chosen entity handling such payments in the Online Store as per Administrator’s order, within the scope absolutely necessary to successfully complete a payment by the Client.
4.4.4. Service providers, supplying the Administrator with technical, IT-related, or organizational solutions enabling the Administrator to carry out their business activity including the Online Store and Online Store’s Services (especially providers of computer software needed to run the Online Store, email and hosting service providers, and company management / technical support software providers) - the Administrator shares the collected personal data of the Client to a chosen provider acting per Administrator’s order only in cases and within the scope absolutely necessary to accomplish a particular objective of processing of personal data in compliance with this privacy policy.
4.4.5. Bookkeeping / legal / advisory services providers, supplying the Administrator with bookkeeping / legal / advisory support (especially an accounting office, legal firm, or a debt collection company) – the Administrator shares the collected personal data of the Client to a chosen provider acting per Administrator’s order only in cases and within the scope absolutely necessary to accomplish a particular objective of processing of personal data in compliance with this privacy policy.
4.4.6. Providers of social media plugins, scripts, and similar tools present on the Online Store’s website, enabling the browser of the Online Store’s website visitors to download content from providers of the said plugins (for example, to log into a social networking site using the login data) and sharing the visitor’s personal data with such providers, including also:
4.4.6.1. Facebook Ireland Ltd. – the Administrator, on the Online Store’s website, uses Facebook’s social plugins (for example „Like” button, „Share”) and therefore collects and shares personal data of the Service Recipient using the Online Store with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) within the scope and in compliance with privacy regulations available here: https://www.facebook.com/about/privacy/ (such data contains information on actions made on the Online Store’s website – including information on a device, visited sites, purchases, displayed ads and a way of using the services – regardless whether the Service Recipient has a Facebook account, or whether they are logged into Facebook).
4.4.6.2. Google Ireland Limited - the Administrator, on the Online Store’s website, uses Google.com’s plugins and therefore collects and shares personal data of a Service Recipient using the Online Store with Google.com (Gordon House, Barrow Street, Dublin 4, Ireland) within the scope and in compliance with privacy regulations available here: https://policies.google.com/privacy?hl=pl (such data contains information on actions made on the Online Store’s website – including information on a device, visited sites, purchases, displayed ads and a way of using the services – regardless whether the Service Recipient has a Google account, or whether they are logged into their account).
5. PROFILING IN THE ONLINE STORE
5.1. The GDPR Regulation obliges the Administrator to inform about automated decision-making, profiling included, as described in article 22 paragraphs 1 & 4 of the GDPR Regulation, and – at least in such cases – about important information on the rules of such decision making, as well as on the meaning and foreseeable impact of such processing on a person whose data is being processed. With that in mind, in this section of this privacy policy, the Administrator hereby informs about possible profiling.
5.2. The Administrator may use profiling in the Online Store for purposes related to direct marketing, but the decisions made based on the profiling are not inclusive of initiating a Sales Agreement or the possibility of using Online Services in the Online Store. The result of using profiling in the Online Store may be, for example: providing a discount to a given Client, sending them a discounting voucher, reminding about unfinished shopping, sending a recommendation of a Product that could correspond with a given person’s interests or preferences, or offering better terms than the standard Online Store’s offering. Despite profiling, it is a given Client that ultimately and freely decides whether to use a given discount or better terms offered and make a purchase through the Online Store.
5.3. Online Store’s profiling means that an automated analysis or a forecast of a given person’s behavior while visiting the Online Store’s website is run, for example through adding a particular Product to the cart, browsing a webpage of a concrete Product available in the Online Store, or through the analysis of the history of purchases made at the Online Store. The condition of such profiling is for the Administrator to have the personal data of such a person, in order to be able to then send them, for example, a discount code.
5.4. A person whose data is being processed has the right not to be subjected to a decision based exclusively on the automated processing, including profiling, and causes legal ramifications for such a person, or impacts their life in any other significant way.
6. RIGHTS OF A PERSON, WHOSE DATA IS BEING PROCESSED
6.1. The right to access, rectify, restrict, erase or transfer – a person whose data is being processed has the right to demand from the Administrator access to their personal data, to rectify it, erase it („right to be forgotten”), or limit the processing of it, as well as the right to object against the processing, or to transfer their data. The detailed conditions of executing the rights listed in this paragraph can be found in article 15-21 of the GDPR Regulation.
6.2. The right to withdraw consent at any moment – a person whose data is being processed based on the consent given (based on article 6 paragraph 1 letter a) or article 9 paragraph 2 letter a) of the GDPR Regulation), has the right to withdraw the consent at any time without affecting the legality of the retrospective processing.
6.3. The right to file a complaint to the supervisory authority – a person whose data is being processed by the Administrator, has the right to file a complaint to the supervisory authority in compliance with the rules outlined in the GDPR Regulation and the Polish law, especially the Data Protection Act. The supervisory authority in Poland is the Polish President of the Data Protection Office.
6.4. The right to object – a person whose data is being processed has the right to raise an objection at any time – for reasons related to a unique situation of such a person – against the processing of their personal data, based on article 6 paragraph 1 letter e) (interest and public tasks) or (f) (legally justified interest of an administrator), including the profiling based on the above regulations. The Administrator is from that moment on forbidden from processing that personal data, unless they are able to prove the existence of important, legally justified bases to continue the processing, overriding the interests, rights, and freedoms of the person whose data is being processed, or bases to determine, pursue or defend the claims.
6.5. The right to object against direct marketing – if the personal data is being processed for the purposes of direct marketing, then a person whose rights are being processed has the right at any time to raise an objection against the said processing for the said purpose, including profiling, within the scope of processing that is directly related to the practice of direct marketing.
6.6. In order to exercise the rights stated in this section of the privacy policy, the Administrator can be contacted via email or conventional mail sent to the Administrator’s address provided in the first section of this privacy policy, or through the contact form available on the Online Store’s website.
7. COOKIES AND ANALYTICS
7.1. Cookie files are small text-based pieces of information in the form of text files, sent by a server and saved on the Online Store’s visitor’s side (for example, on their PC’s or laptop’s hard drive, or on their smartphone’s memory card – depending on the device a given visitor is using while browsing the Online Store’s website). The detailed information regarding cookie files, and also the concept’s history, can be found, for instance, here: https://pl.wikipedia.org/wiki/HTTP_cookie.
7.2. Cookies that can be sent through the Online Store’s website can be broken down into different categories, based on the below criteria:
Provider of the cookie files: 1) Our own (created by the Administrator’s Online Store’s website), and 2) Owned by a third party / external entity (other than the Administrator) |
Term during which the files are stored on the visitor’s device: 1) session (stored until the moment of the user logging out of the Online Store or closing the web browser) 2) permanent (stored for a given period of time, defined by each file’s parameters or until they are manually erased) |
Purpose of use: 1) necessary (enabling proper operation of the Online Store), 2) functional/preferential (enabling the adjustment of the Online Store’s website based on its visitor’s preferences), 3) performance (gathering information on the way the Online Store’s website is used), 4) marketing, advertising, and social (gathering information on a person visiting the Online Store’s website in order to display to that person personalized ads and carry out other marketing activities including other websites, separate from the Online Store’s website, such as social media platforms).
|
7.3. The Administrator may process the data in Cookies, while the visitors browse the Online Store’s website, for the following purposes:
Purposes of using Cookies in the Administrator’s Online Store |
Identification of Service Recipients logged into the Online Store, and displaying their logged-in status (necessary Cookies) |
Saving of the Products which have been added to the cart to place the Order (necessary Cookies) |
|
Saving of the data from filled in Order Forms, surveys, or login data (necessary and/or preferential Cookies) |
|
Customizing the contents of the Online Store’s website based on individual preferences of the Service Recipient (e.g., regarding colors, font size, page’s structure) and optimizing the use of the Online Store’s webpages (preferential Cookies) |
|
Running anonymous statistics showing the way the visitors use the website of the Online Store (statistical Cookies) |
|
Remarketing, meaning the surveying of traits of behavior of the Online Store’s visitors through an anonymous analysis of their actions (e.g., recurring visits of particular pages, keywords, etc.) in order to create a profile and provide those visitors with ads matching their predicted interests, also when they are visiting other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising, and social Cookies). |
7.4. To find out what Cookies (including their provider and term of storage) are sent by the Online Store at a given moment, please follow the below instructions for the most popular Internet browsers:
Chrome: |
Firefox: |
Internet Explorer: |
Opera: |
Safari: |
Browser-independent tools available, for example here: https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/ |
7.5. By standard, most of the Internet browsers available in the market accept the saving of Cookies by default. Each user has the possibility to define terms of using Cookies through the settings of their own browser. This means that one can, for example, partially restrict (e.g., for a chosen time period) or completely disable the possibility of saving Cookies – in the latter case it might impact particular functionalities of the Online Store (for example, it may not be possible to go through the ordering path through the Online Form due to the fact that the saved Products in the cart will not be saved for next steps of the Ordering process).
7.6. Browser Cookie settings are important from the point of view of consent to use Cookies by the Online Store – according to the regulations, such a consent can also be given through particular settings of the user’s browser. Detailed information on Cookies-related browser settings and the manual removal of such files in the most popular browsers is available in the support/help sections of a given browser, and on the below webpages (you can click on the chosen hyperlink):
7.7. The Administrator, in their Online Store, can use the services of Google Analytics, Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Those services support the Administrator in running statistics and analytics of the traffic in the Online Store. The collected data is processed under the above services in order to generate statistics supporting the operation of the Online Store and analyze its traffic. The data is aggregate. The Administrator, by using the above services in the Online Store, gathers such data as: sources and means of visitors of the Online Store, their behavior while visiting the Online Store’s website, information on devices and browsers through which the website is visited, IP addresses, as well as domains, geographical data and demographics (age, gender), and interests.
7.8. It is possible for each person to easily block the sharing of data regarding the activity on the Online Store to Google Analytics – in order to do so, a browser plugin provided by Google Ireland Ltd. can be installed, it is available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
8. FINAL PROVISIONS
8.1. The Online Store can include links to external websites. The Administrator recommends each visitor to become familiar with such websites privacy policies upon visiting. This privacy policy applies exclusively to the Online Store of the Administrator.