Privacy policy

1. Who is the controller of the website and personal data?

The controller of the website and personal data is ecommerce.legal sp. z o.o., registered office in Poznań (60-529), ul. Dąbrowskiego 77A, entered in the register of entrepreneurs of the National Court Register kept by the District Court Poznań – Nowe Miasto i Wilda in Poznań, 8th Commercial Division of the National Court Register, under number: KRS 0001071438, NIP (VAT): 7812061024, REGON: 527034850, share capital: PLN 10,000.00.

Contact details: email: biuro@ecommercelegal.pl, phone: +48 530 091 988.

The Seller has not appointed a Data Protection Officer (DPO).

2. What is the legal basis for processing personal data?

Personal data is collected and processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (the General Data Protection Regulation, GDPR). The processing of personal data is also governed by the Polish Personal Data Protection Act of 10 May 2018 (consolidated text: Journal of Laws of 2019, item 1781).

3. What data do we process?

Depending on the purpose and user preferences, we may process data such as: first and last name, address, email address, phone number, bank account number, IP address, and for business users also VAT ID and business address. We may also process other personal data sent to us in correspondence. For analytics purposes we may also process data on the source of the visit, operating system and browser used, products viewed, time spent on site, orders placed, engagement with newsletters, user age range, gender, approximate location and interests (based on web activity).

We receive the above data as a result of actions such as:

• sending correspondence directly to our email address,
• providing us with data during a phone call,
• placing an order on the Website,
• creating an account on the Website,
• collection of other analytics data by the Website software or by the tools listed in this Privacy Policy,
• signing up for the waiting list.

Please note that our website hosting provider is Netlify, Inc., headquartered in San Francisco (USA).

4. For what purposes do we process your data?

We process data to the extent relevant for the operation of our service and we retain it for the period permitted by law. We process data provided by users while using the service.

• Conclusion and performance of a contract - on the basis of Art. 6(1)(b) GDPR, where processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
• Providing contact by email or phone - on the basis of Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR (legitimate interest of the Controller).
• Creating and maintaining an account - on the basis of Art. 6(1)(b) GDPR.
• Direct marketing - on the basis of Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest of the Controller).
• Fulfilment of legal obligations, establishing and pursuing claims - on the basis of Art. 6(1)(c) GDPR (legal obligation) and Art. 6(1)(f) GDPR (legitimate interest of the Controller).
• Analytics and statistics - on the basis of Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest of the Controller).

We use tools such as Google Analytics and Meta Pixel, which allow us to target ads to specific audiences based on interests, gender, age and profession. These tools are described in detail in the cookies policy.

5. Automated processing and profiling

Ecommerce.legal uses your personal data, including purchase history and user settings, to conduct personalised email communication (profiling). As a result, the information we send about products, promotions and events is matched to your interests.

You may withdraw your consent to such communication and profiling at any time by clicking the unsubscribe link in the email received or by contacting us. Detailed rules on data protection are set out in our Privacy Policy.

6. With whom do we share personal data?

We share personal data with other entities only to the extent that the data subject has consented to the processing, to the extent necessary to perform a contract, or to the extent arising from the legitimate interests of the controller. These include partners cooperating with the service: the hosting provider, providers of CRM and invoicing systems, the accounting office, the IT company providing services for the Website, online payment operators, banks, marketing tool providers and other subcontractors, as well as entities to which we are obliged to transfer your data under applicable law. Analytics and statistics data, which does not constitute personal data, may also be transferred to companies providing analytics, statistics and optimisation services, including in the United States (e.g. Google LLC, Meta Platforms Inc.).

7. Is data transferred to third countries or international organisations?

Some data processing operations may involve the transfer of anonymised data to third countries or international organisations in connection with the use of tools that store personal data on servers located in third countries, particularly in the USA.

Please note, however, that the providers of these tools guarantee an adequate level of personal data protection, in particular by participating in the Data Privacy Framework or by using standard contractual clauses. This applies in particular to the services of Google Ireland Limited and Meta Platforms Inc.

8. What rights do you have in connection with the processing of your personal data?

You have the right to:

• request access to your personal data,
• request rectification of your personal data,
• object to the processing of your personal data,
• request erasure of your personal data,
• request restriction of processing,
• request portability of your personal data,
• obtain information about automated decision-making, including profiling, and about the safeguards applied in connection with the transfer of this data outside the EU,
• obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of this data,
• obtain information about the rights under the GDPR, the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), the planned retention period or the criteria used to determine this period, and the source of the data,
• obtain a copy of your personal data.

If you wish to exercise any of the above rights, please let us know. We will promptly inform you of any actions taken in response to the request.

You may withdraw your consent to the processing of your personal data at any time. To do so, please contact us.

9. Cookies policy

Cookies are short, commonly used text files that allow you to identify the software used, adapt content to user needs and ensure the correct functioning of websites. They are saved on the device you are using and have a domain name, retention period and a specified value. The cookies used on our website are safe and are divided into session and persistent cookies. Session cookies are stored only until the browser session ends. Persistent cookies are stored on the device until they are deleted. Using your web browser, you can change your cookie preferences or delete them (persistent cookies) at any time.

10. Legal basis for the use of cookies

We use some cookies to the extent necessary for the proper provision of services by electronic means; other cookies are used on the basis of consent.

Consent is based on your browser settings, other software for managing cookies, or the cookie manager settings if available on the website.

You may disable cookies, including specific categories. Please note, however, that disabling or limiting cookies may cause you to lose access to some features of the site whose functioning requires consent to the use of specific cookies.

11. Third parties whose cookies we use

Google tools - Google Analytics provided by Google Ireland Limited (Registration Number: 368047 / VAT Number: IE6388047V), Gordon House, Barrow Street, Dublin 4, Ireland. We base our use of this tool on our legitimate interest related to marketing using commonly used tools. From our perspective, the data collected in connection with the use of these tools is not personal data due to anonymisation.

Google Analytics

We use Google Analytics for analytics and statistics purposes, which serve to improve the operation of our website.

The data collected in connection with the use of the tool is not personal data due to anonymisation and includes tracking of user traffic on the site (information about the operating system, browser, pages and subpages visited, time spent on the site and subpages, and the source of the visit).

Meta Pixel

We use marketing tools available on Facebook and provided by Meta Platforms Ireland Limited.

The Meta Pixel is a short code placed on a website that allows measuring the effectiveness of ads based on analysis of user actions on the site and personalising ads. The purpose of the code is to display ads to the right audience, increase sales and measure ad performance.

The Meta Pixel uses cookies that record actions on the site - for example, traffic on the site, visits to specific subpages, adding products to cart or making purchases. Analysis of these actions helps optimise the site and our offering.

12. Server logs

Visiting the website and using it involves sending requests to the server, which are recorded in so-called server logs. They contain, among others, information about the user's IP address, date and time of the request, browser and operating system.

Server logs are saved and stored on the server. They are not linked to specific persons using the site and are not intended for identification - they are used solely to administer the site, and their content is not disclosed to unauthorised persons.