PRIVACY POLICY OF THE ONLINE STORE

www.salonled.pl

1. The Personal Data Controller of the Online Store available at: www.salonled.pl, hereinafter referred to as the Online Store, is Salon LED Spółka z ograniczoną odpowiedzialnością with its registered office at: ul. Mokra Strona 12A, 36–020 Tyczyn, NIP: 8133781242, REGON: 380303750, entered into the register of entrepreneurs of the National Court Register kept by the District Court in Rzeszów, 12th Commercial Division of the National Court Register, under KRS number: 0000732977, hereinafter referred to as the Personal Data Controller.

2. All inquiries, requests, complaints regarding the processing of personal data by the Personal Data Administrator, hereinafter referred to as Reports, should be sent to the following e-mail address: iodo@salonled.pl or in writing to the following address: ul. Mokra Strona 12A, 36 – 020 Tyczyn. The notification must clearly indicate:

a) data of the person or persons concerned by the Report,

b) the event that is the reason for the Report,

c) present your demands and the legal basis for these demands,

d) indicate the expected way of resolving the matter.

3. In our Online Store we collect the following personal data:

a) name and surname - may be processed when users provide them to us via e-mail, contact form, registration form or order form available in our Online Store, as well as when they provide us with this data via traditional mail or by telephone , in order to take advantage of the offer of our Online Store,

b) telephone number - may be processed in the event of telephone contact, as well as when the Store user provides it to us via e-mail, contact form, registration form or order form available in our Online Store. The telephone number is processed to enable us to contact the user regarding the execution of a given order or to answer other questions asked,

c) residential/correspondence address - we process this data in order to properly ship the ordered Products, its indication is necessary when making purchases in our Store,

d) e-mail address - may be processed when the user provides it in the event of contact via e-mail, contact form, registration form or order form available in our Store, as well as via traditional mail or by telephone. Through our e-mail address, we answer questions related to our offer and provide information related to the implementation of the concluded contract. In addition, if the user has agreed to receive marketing content and/or has subscribed to our newsletter, we will also send him commercial and marketing information several times a month,

e) IP address of the device and potential personal data contained in Cookies - information resulting from the general principles of connections made on the Internet, such as the IP address (and other information contained in system logs), are used for technical and statistical purposes, in particular to collect general demographic information (e.g. about the region from which the call is made). This type of data is also used for marketing and analytical purposes if consent is granted in accordance with Art. 173 section 1 telecommunications law,

f) NIP and company name - data necessary to issue all invoices and other documents related to the use of our Online Store,

g) edrone tracking codes - - to analyze the statistics of the Store's website, as well as for marketing purposes only for the needs of e-mail, SMS and social media campaigns launched or indicated by the Administrator using the edrone system.

h) possibly other data may be collected as part of conducting specific matters or may be provided by users of our Online Store via e-mail, contact form available in the Online Store, traditional mail or by telephone.

4. Each person using our Online Store has the opportunity to choose whether and to what extent they want to use our services and share information and data about themselves, to the extent specified in this Privacy Policy.

5. We process personal data for the purpose of:

a) making purchases in our Online Store using the order form available on the Online Store website (Article 6(1)(b) of the GDPR) - in this respect, the personal data provided will cease to be processed when a specific transaction is finalized,

b) concluding and performing contracts in connection with the services we offer (Article 6(1)(b) of the GDPR) - in this respect, personal data will cease to be processed when a given contract is completed,

c) maintaining an individual user account (Article 6(1)(b) of the GDPR) - in this respect, personal data will cease to be processed when the user deletes the account,

d) directing marketing content regarding the Administrator and conducting website analytics in connection with the use of cookies (Article 6(1)(a) of the GDPR) - personal data is processed until the end of the session or deletion of cookies by the user, withdrawal of consent or until effective objection to processing for this purpose,

e) running a website (Article 6(1)(f) of the GDPR in connection with Article 173(1) of the Telecommunications Law) - in this respect, personal data will cease to be processed if the Cookie file expires, Cookies are deleted or, as appropriate, when a given session ends,

f) providing the newsletter service (subscription) (Article 6(1)(a) of the GDPR) - in this respect, the personal data provided will be deleted when the consent is withdrawn and the list of newsletter subscribers is deleted,

g) performing legal obligations incumbent on the Personal Data Administrator, in particular keeping records, issuing invoices, etc. (Article 6(1)(c) of the GDPR) - in this respect, personal data will be deleted after fulfilling certain legal obligations,

h) ongoing communication related to the operation of the Online Store (Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Personal Data Administrator) - in this respect, your personal data will cease to be processed when the given question or questions are answered,

i) determining and pursuing claims or defending against these claims (Article 6(1)(f) of the GDPR, i.e. the legitimate interest of the Personal Data Administrator) - in this respect, personal data will be deleted when the claims expire, but generally after the expiry of 3-year limitation period for claims,

6. The source of Personal Data processed by the Administrator are users, i.e. persons to whom the data relates.

7. If there is a button or function that is a link to an external website, application or social media, a co-administration relationship exists between the Administrator of this Online Store and the administrator of the external website. Co-administration is limited only to data to the extent necessary for operations related to the functioning of a given button or function. The Administrator is not responsible for the policies regarding further processing of personal data of other entities and organizations or providers of social networking sites. Our Joint Administrators within this Online Store are:

a) Meta Platforms Ireland Ltd. (Facebook, Messenger, Instagram) with its registered office at: 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland,

b) Google Ireland Ltd. (YouTube, Google Maps) with its registered office at: Google Building Gordon House, 4 Barrow St, Grand Canal Dock, Dublin 4, D04 V4X7, Ireland,

8. The Administrator uses the tools: described in the Cookie Policy, provided by entities based outside the EU (EEA) or within the EU (EEA), whose parent company is based outside the EU (EEA). As a rule, data processed as part of the use of these tools is processed on servers located within the EEA. However, entities providing these tools may be obliged to transfer data to third countries if such an obligation is imposed on them by law or if it is necessary due to the characteristics of the services provided (e.g. hosting, etc.). The scope of personal data transferred in this respect refers to all personal data indicated in point 3 of this Privacy Policy. The legal basis for the processing of personal data indicated in the preceding sentence is indicated in point 5(a). d and e of this Policy. The transfer of personal data to the United States is based on the Decision of the European Commission of July 10, 2023 on ensuring an adequate level of protection by the EU-US Data Protection Framework (Article 45(1) of the GDPR). Our entities-importers of personal data, i.e. Amazon.com Inc based in the USA, Google Ireland Ltd. (parent company: Google LLC based in the USA), Microsoft Corporation, meeting the criteria of the decision and participating in the Data Protection Framework program, are located on list at: https://www.dataprivacyframework.gov/s/participant-search. Entities PayPal (Europe) S.à r.l.et Cie, S.C.A. based in the USA, may transfer data to third countries on the basis of Standard Contractual Clauses adopted by these entities.

9. We do not disclose any personal data to third parties without the express consent of the data subject. Data may be made available without the consent of the data subject only to entities authorized to process personal data under applicable law (e.g. law enforcement authorities, ZUS or Tax Office). The Administrator provides personal data of its clients, in particular, to: payment operators, companies providing postal and courier services and tax authorities.

10. Personal data may be entrusted for processing to entities processing such data for us as the Personal Data Administrator. In such a situation, as the Personal Data Administrator, we conclude an agreement with the processor to entrust the processing of personal data. The processing entity processes the entrusted personal data only for the needs, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without entrusting personal data for processing, we would not be able to conduct our business within the Online Store or deliver shipments of ordered Products. As the Personal Data Administrator, we entrust personal data for processing, in particular, to the following entities:

a) providing hosting services for the website where our Online Store operates,

b) supporting CRM,

c) providing accounting services,

d) Edrone Sp. z o. o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197 - in order to use the edrone.me mailing system for sending the newsletter,

e) Edrone Sp. z o. o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197: - for marketing purposes only and exclusively for the needs of e-mail, SMS, social media campaigns launched or indicated by the Administrator using the edrone system

f) providing us with other services that are necessary for the ongoing operation of the Online Store.

11. Personal data is not subject to profiling by us as the Personal Data Administrator within the meaning of the provisions of the GDPR.

12. Pursuant to the provisions of the GDPR, each person whose personal data we process as the Personal Data Administrator has the right to:

a) access to your personal data referred to in Art. 15 GDPR,

b) being informed about the processing of personal data referred to in Art. 12 GDPR,

c) correcting, supplementing, updating and rectifying personal data referred to in Art. 16 GDPR,

d) withdraw consent at any time, as referred to in Art. 7 section 3 GDPR,

e) deletion of data (right to be forgotten), referred to in Art. 17 GDPR,

f) restrictions on processing referred to in Art. 18 GDPR,

g) data transfer referred to in Art. 20 GDPR,

h) object to the processing of personal data, as referred to in Art. 21 GDPR,

i) in the case of the legal basis, in the form of consent - the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal,

j) not to be subject to profiling referred to in Art. 22 in connection with joke. 4 point 4 GDPR,

k) submit a complaint to the supervisory authority (i.e. the President of the Personal Data Protection Office) referred to in Art. 77 GDPR.

13. If you want to exercise your rights referred to in the preceding point, please send a message by e-mail to the e-mail address or in writing to the correspondence address referred to in point. 2 above.

14. Each identified case of security breach is documented, and in the event of one of the situations specified in the provisions of the GDPR or the Act, data subjects and, if applicable, PUODO are informed about such a breach of the provisions on the protection of personal data.

15. The Cookie Policy is a separate document available at: https://www.salonled.pl/pl/content/6-polityka-cookies

16. In matters not regulated by this Privacy Policy, the applicable provisions of generally applicable law shall apply. In the event of any inconsistency between the provisions of this Privacy Policy and the above provisions, these provisions shall prevail.

Information regarding online dispute resolution pursuant to Art. 14 Para. 1 of the ODR (Online Dispute Resolution Regulation):

The European Commission gives consumers the opportunity to resolve online disputes pursuant to Art. 14 Para. 1 of the ODR on one of their platforms. The platform (http://ec.europa.eu/consumers/odr) serves as a site where consumers can try to reach out-of-court settlements of disputes arising from online purchases and contracts for services.