PRIVACY POLICY OF THE ONLINE STORE www.laq.pl

§1 GENERAL PROVISIONS

1. This Privacy Policy governs the principles of processing personal data of persons using the services offered by the Administrator via the online store www.laq.pl.
2. The owner of the online store www.laq.pl and the Controller of personal data collected via the online store www.laq.pl is LATECH spółka z ograniczoną odpowiedzialnością with its registered office in Suchy Las (62-002) at ul. Klonowa 2, registered by the District Court Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the KRS number: 0000992181, NIP: 9721331275, REGON: 523121457, e-mail address: sklep@laq.pl.
3. The Administrator, when processing personal data via the online store www.laq.pl, ensures that their processing is carried out in accordance with the provisions of the law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as GDPR), and ensures their proper protection against access by unauthorized persons.
4. Any words or expressions written in the content of this Privacy Policy with a capital letter should be understood in accordance with their definitions contained in the Regulations of the online store www.laq.pl.

§2 TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

1. Administrator przetwarza dane osobowe klientów Sklepu www.laq.pl, którzy dokonują za jego pośrednictwem jakiejkolwiek czynności prawnej z Administratorem. W szczególności przetwarzanie danych osobowych Klientów Sklepu odbywa się w następujących celach:
   1. In order to enable the Customer to enter into an account agreement with the Store and to fulfill the terms and conditions of this agreement – we will process the following personal data:
      – first and last name;
      – login;
      – mailing address;
      – delivery address (if different from the mailing address);
      – e-mail address;
      – telephone number;
      – company of the entrepreneur (in the case of persons entering into an account agreement as an entrepreneur);
      – VAT number (in the case of persons entering into an account agreement as an entrepreneur).
   2. In order to enable the Customer to place orders and make purchases of Goods and services offered through the Store – we will process the following personal data:
      – name and surname;
      – delivery address;
      – e-mail address;
      – telephone number;
      – company name of the entrepreneur (in the case of persons concluding the Agreement as an entrepreneur);
      – VAT number (in the case of persons concluding the Agreement as an entrepreneur).
   3. In order to enable you to send an inquiry to the Administrator via the contact form – we will process the following personal data:
      – e-mail address;
   4. In order to comply with tax obligations, in the form of the need to keep records of sales of Goods, made through the Store – we will store the following personal data:
      – name/company name of the entrepreneur;
      – address of residence/site;
      – Tax Identification Number;
      – order number.
   5. In order to conduct activities promoting the Goods and services offered by the Administrator, including sending ordered commercial correspondence – we will process:
      – e-mail address;
      – telephone number;
   6. For the purpose of archiving (providing the Administrator with the possibility of evidence), including the possible establishment, investigation or defense against claims – we will process the following data:
      – name/company of the entrepreneur;
      – address of residence/site;
      – order history;
      – proof of payment for the Goods;
      – Tax Identification Number.
2. Legal basis for processing personal data and their storage period. The Administrator will process the personal data indicated above only if it has a valid legal basis for their processing. Accordingly, the Administrator always makes every effort to obtain a valid legal basis authorizing the Administrator to process personal data, and at the same time, does not process personal data if it is not authorized to do so.
   The legal basis for processing the personal data indicated above is:
   1. Customer’s consent to the processing of personal data – art. 6 sec. 1 letter a) GDPR – in the case of processing personal data on the basis of the consent granted by the owner of such data, the Administrator will process personal data until the consent granted is withdrawn, or until the purpose for which the personal data was collected is achieved.
   2. Taking actions necessary to conclude a contract and implement the concluded contract – Article 6, paragraph 1, letter b) of the GDPR – in the case of processing personal data on the basis of the necessity to take actions aimed at concluding a contract or those necessary to implement the concluded contract, the Administrator will process personal data until the contract concluded with the Client is implemented.
   3. Fulfillment of a legal obligation imposed on the Administrator under generally applicable provisions of law – art. 6 sec. 1 letter c) of the GDPR – in the case of processing personal data on the basis of the need to fulfill legal obligations imposed on the Administrator, the Administrator will process personal data until the obligations resulting from generally applicable provisions of law are fulfilled.
   4. The legitimate interest of the Administrator – art. 6 sec. 1 letter f) of the GDPR – in the case of processing personal data based on the existence of a legitimate interest of the Administrator, the Administrator will process personal data for the period of the legitimate interest or until a justified objection to the processing of personal data is filed. An example of the processing of personal data based on the legitimate interest of the Administrator can be indicated, storing data regarding the completed Agreement in order to ensure the possibility of defending against potential claims such as complaint claims. In such a situation, personal data will be stored until the limitation period for any claims of Customers expires. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
3. When using the Store, additional information may be downloaded, in particular: the IP address assigned to the Service Recipient’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.
4. As part of using the Store, the Administrator may also collect the following data: navigation data, including information about links and references that the Customer decides to click or other actions taken in the Store. The legal basis for such actions is the legitimate interest of the Administrator (Article 6, paragraph 1, letter f of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
5. Providing personal data when using the Store is always voluntary. However, in a situation where this data is used to perform a concluded agreement (account management agreement or sales agreement), failure to provide personal data will result in the impossibility of concluding and properly performing the agreement (account management agreement in the Store, placing an order and purchasing Goods offered through the Store).
6. The Administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are:
   1. processed in accordance with the law,
   2. collected for specified, lawful purposes and not subject to further processing incompatible with those purposes,
   3. factually correct and adequate in relation to the purposes for which they are processed and stored in a form which enables identification of data subjects for no longer than is necessary to achieve the purpose of processing.

§3 SHARING PERSONAL DATA

1. Personal data of Customers using the Store may be transferred to other entities with which the Administrator cooperates within the scope of its business activity. This applies in particular to entities providing services to the Administrator within the Store, i.e.:
   1. entities delivering Goods;
   2. providers of payment systems through which Customers can make quick payments for purchased Goods;
   3. entity providing accounting services to the Administrator;
   4. entities providing hosting services;
   5. providers of software that enables business operations (e.g. accounting software),
   6. entities providing mailing services;
   7. Entities providing the Administrator with software necessary for the proper operation of the Store.
2. The service providers referred to in point 1 of this paragraph to whom the personal data of the Customers are transferred, depending on the contractual arrangements and circumstances, are either subject to the Controller’s instructions as to the purposes and methods of processing such data (processors) or independently determine the purposes and methods of their processing (controllers).
3. In addition, the personal data of the Customers may be transferred to other entities if the obligation to transfer them results from the provisions of law, e.g. tax offices, or other entities if they are authorized to access personal data based on the provisions of law. In such a case, the data will be made available on the basis of an express request from these entities, addressed directly to the Administrator. The Administrator may transfer the personal data of the Customers to other entities only on the basis of the express consent granted by the Customer to whom the personal data relates.
4. Under no circumstances will Customers’ personal data be transferred to a third country, i.e. to a country outside the European Economic Area (EEA).

§4 RIGHTS OF CUSTOMERS IN CONNECTION WITH THE PROCESSING OF THEIR PERSONAL DATA BY THE ADMINISTRATOR

1. Customers using the Store whose personal data are processed by the Administrator have the following rights:
   1. the right to access personal data and obtain a copy thereof – Article 15 of the GDPR;
   2. the right to request the rectification or completion of personal data – Article 16 of the GDPR;
   3. the right to have personal data deleted (the so-called right to be forgotten) – Article 17 of the GDPR;
   4. the right to restrict the processing of personal data – Article 18 of the GDPR;
   5. the right to transfer personal data in the scope of personal data that we process on the basis of the express consent of the Client or in connection with the performance of the contract and via the IT system – Art. 20 of the GDPR;
   6. the right to object to the processing of personal data – Article 21 of the GDPR.
   7. the right to withdraw consent to the processing of personal data at any time. The withdrawal of consent to the processing of personal data is made by sending an electronic message to the following address: sklep@laq.pl. The withdrawal of consent does not affect the lawfulness of the processing of personal data that was carried out before its withdrawal – Article 7, paragraph 3 of the GDPR;
   8. the right to lodge a complaint with a supervisory authority if the Client considers that we are processing his/her personal data in a manner inconsistent with the provisions of the law. The supervisory authority is the President of the Office for Personal Data Protection.
2. In order to properly exercise the rights of Customers referred to in § 4 section 1 letters a) – g) of this Privacy Policy, an appropriate request should be submitted to the Administrator via e-mail to the following address: sklep@laq.pl.
3. In the event that the Customer submits a request to exercise the rights resulting from the above rights, the Administrator shall comply with the request or refuse to comply with it immediately, but no later than within one month of receiving it. However, if – due to the complex nature of the request or the number of requests – the Administrator is unable to comply with the request within one month, it shall comply with it within the next two months, informing the Service Recipient in advance within one month of receiving the request of the intended extension of the deadline and the reasons for it.

§5 “COOKIES”

1. When using our Store, we also collect cookies in an automated manner. Cookies allow us to identify the end user’s device, through which the user enters our Store’s website, so we have knowledge about the number of visits to our Store’s website and the level of interest in our Products.
2. The installation of “cookies” files is necessary for the proper provision of services on the Store’s website. “Cookies” files contain information necessary for the proper functioning of the website, and they also enable the development of general statistics of website visits.
3. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number. Importantly, we do not collect any personal data that would allow us to identify a specific natural person (the Customer) using cookies. It is also not possible for any viruses or unwanted software to get into the user’s device using cookies.
4. The Store’s website uses two types of “cookies”: “session” and “persistent”:
   1. Cookies; “session” cookies are temporary files that are stored on the Service User’s end device until logging out (leaving the website).
   2. “Persistent” Cookies are files stored on the Service User’s end device for the time specified in the “cookie” file parameters or until they are deleted by the Service User.
5. The Administrator uses its own cookies to better understand how Service Users interact with the content of the website. The files collect information about how the Service User uses the website, the type of website from which the Service User was redirected, and the number of visits and the time of the Service User’s visit to the website. This information does not register specific personal data of the Service User, but is used to develop statistics on the use of the website.
6. The Administrator uses external cookies to collect general and anonymous static data via Google Analytics analytical tools (external cookie administrator: Google Inc. based in the USA).
7. Cookies may also be used by advertising networks, in particular the Google network, to display advertisements tailored to the way in which the Service User uses the Store. For this purpose, they may store information about the Service User’s navigation path or the time spent on a given page.
8. Very often, web browsers allow cookies to be saved by default. However, the web browsers used by users allow you to change the settings in such a way that they cannot be saved on the end device. If you do not agree to the saving of these files, we kindly ask you to make a change in the web browser settings in a way that prevents the saving of cookies on the end device.
9. Below you will find detailed information on how to change the settings of the most popular web browsers in order to block the ability to save cookies on your end device while using the Store website:
   1. Mozilla Firefox – https://support.mozilla.org/pl/kb/blokowanie-ciasteczek;
   2. Internet Explorer – http://windows.microsoft.com/pl-pl/windows-vista/block-or-allow- cookies;
   3. Microsoft Edge – https://privacy.microsoft.com/pl-PL/windows-10-microsoft-edge-and- privacy;
   4. Google Chrome – https://support.google.com/chrome/answer/95647?hl=pl;
   5. Opera – http://help.opera.com/Linux/9.22/pl/cookies.html;
   6. Safari – http://safari.helpmax.net/pl/ochrona-i-prywatnosc/zarzadzanie-plikami-cookie/.

§6 ADDITIONAL SERVICES RELATED TO USER ACTIVITY IN THE STORE

1. The Store uses so-called social plugins (“plugins”) of social networking sites. When displaying the website www.laq.pl, which contains such a plugin, the Service Recipient’s browser will establish a direct connection with the Facebook, Instagram and Google servers.
2. The content of the plugin is transferred by a given service provider directly to the Service User’s browser and integrated with the page. Thanks to this integration, service providers receive information that the Service User’s browser has displayed the www.laq.pl page, even if the Service User does not have a profile with a given service provider or is not currently logged in. Such information (along with the Service User’s IP address) is sent by the browser directly to the server of a given service provider (some servers are located in the USA) and stored there.
3. If the Service Recipient logs in to one of the above social networking sites, the service provider will be able to directly assign the visit to the website www.laq.pl to the Service Recipient’s profile on the given social networking site.
4. If the Service Recipient uses a given plug-in, e.g. by clicking the “Like” button or the “Share” button, the appropriate information will also be sent directly to the server of the given service provider and stored there.
5. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and the rights of the Customer in this regard and the possibility of making settings to ensure the protection of the Customer’s privacy are described in the service providers’ privacy policies:
   – https://www.facebook.com/policy.php
   – https://help.instagram.com/519522125107875?helpref=page_content
   – https://policies.google.com/privacy?hl=pl&gl=ZZ
6. If the Service Recipient does not want social media sites to assign data collected during visits to the www.laq.pl website directly to their profile on a given website, they must log out of that website before visiting the www.laq.pl website. The Service Recipient may also completely prevent plugins from loading on the website by using appropriate browser extensions, e.g. blocking scripts using “NoScript”.
7. The Administrator uses remarketing tools on its website, i.e. Google AdWords, which involves the use of Google LLC cookies for the Google AdWords service. As part of the cookie settings management mechanism, the Service Recipient has the option to decide whether the Service Provider will be able to use Google AdWords (external cookie administrator: Google Inc. based in the USA) in relation to it.

§7 AUTOMATED DECISION MAKING

When using our Store, Customer data will not be processed in an automated manner, in particular they will not be profiled.

§8 CONTACT WITH THE ADMINISTRATOR

In all matters related to the processing of personal data via our Store, any person whose personal data we process may contact the Administrator by e-mail to the following address: sklep@laq.pl or by letter sent to the address of our registered office, indicated in § 1 section 2 of this Privacy Policy.

§9 FINAL PROVISIONS

1. The Administrator applies technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data subject to protection, and in particular protects data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.
2. The Administrator provides appropriate technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.
3. The Administrator reserves the right to change this Privacy Policy. Customers will be notified of any change by publishing the new content of the Privacy Policy on the Store’s website, 3 days before the date of entry into force of the amended provisions of the Privacy Policy. In the event of a change in the content of the Privacy Policy, further use of the Store is a declaration of will of the Customer, declaring acceptance of the new wording of the Privacy Policy.