Privacy policy
The administrator of personal data responsible for their processing is:
IBB.PL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
Ożarowska 40/42
05-850
Thank you for your interest in our online store. The protection of your privacy is very important to us. Below you will find detailed information on the handling of your data.
1. Access data and hosting
You can visit our website without providing any personal information. Each time the website is accessed, the server automatically saves only the so-called server logs, e.g. the name of the requested file, your IP address, date and time of the call, the amount of data transferred and the Internet service provider submitting the inquiry (so-called access logs) and documents the page call. These data are analyzed solely for the purpose of ensuring the proper functioning of our website and improving our offer. The above serves in accordance with Art. 6 sec. 1 lit. f GDPR, securing our legitimate interest, consisting in the optimal and correct presentation of our websites and offers. All access data will be deleted no later than seven days after the end of your visit to the website.
Hosting
Our website hosting and display services are partly provided on our behalf by our service providers as part of entrusting data processing. Unless otherwise provided in this privacy policy, all access data and data collected in the forms provided for this purpose on our website will be processed on their servers. If you have questions about our service providers and the basis of cooperation with them, please contact us. Our contact details can be found under "Our contact details and your rights".
2. Collection and processing of data for contract and contact purposes
2.1 Data processing for the purposes of contract performance
We process the personal data provided by you voluntarily when placing the order in order to perform the contract (including inquiries regarding the consideration of claims under the warranty for defects or guarantees and the obligation to inform about necessary updates). The legal basis in this regard is Art. 6 sec. 1 lit. b GDPR. Mandatory fields are marked as such because they relate to data that is necessary to complete the order and we are not able to fulfill it without providing it. What data is collected results directly from the forms into which the data is entered.
Further information on the processing of your data, in particular regarding the transfer of data to our service providers for order processing, payment and shipping, can be found in the following sections of this privacy policy. After the performance of the contract, the processing of your data will be limited, and after the retention periods required by the tax regulations and the Accounting Act, the data will be deleted (Article 6 (1) (c) of the GDPR), unless you expressly consent (Article 6 paragraph 1 letter a of the GDPR) for further use of this data for other purposes or we reserve the right to further use it in cases permitted by law, about which we inform you in this privacy policy.
Commodity management system
In order to handle orders and perform the contract, we also use an external goods management system. Our service providers provide us with services in this area under the data entrustment agreement. If you have any questions about our service providers and the basis of our cooperation with them, please contact us. Contact details can be found in the section "Our contact details and your rights".
2.2 Customer Account
If, pursuant to Art. 6 sec. 1 lit. a GDPR, you give your consent to set up a customer account - we will process your personal data necessary for this purpose. They will also be used for future orders on our website. Your customer account can be deleted at any time. For this purpose, please send a message to our contact address indicated in the section "Our contact details and your rights" or use the appropriate function in the customer account settings. After deletion of your customer account, the processing of your data will be limited, and after the retention periods specified in tax regulations and the Accounting Act, these data will be deleted (Article 6 (1) (c) of the GDPR), unless you expressly consent (Article 6 (1) (a) of the GDPR) for further use of this data or in accordance with We reserve the right to further use the data for other purposes under applicable law, which we inform you about in this privacy policy.
2.3 Data processing for contact purposes
As part of communication with the client, we process personal data in order to process your inquiries (Article 6 (1) (b) of the GDPR). You provide this data to us voluntarily when contacting us (e.g. via the contact form or e-mail). Mandatory fields are marked as such because they relate to data that is necessary to process the inquiry. What data is collected results directly from the forms into which the data is entered. After your request has been fully processed, your data will be deleted, unless you expressly consent (Article 6 (1) (a) of the GDPR) for further use of this data for other purposes or we reserve the right to further use it in cases permitted by law, as described in in this case, we inform you in this privacy policy.
3. Data processing for the purpose of delivery
In order to perform the contract (Article 6 (1) (b) of the GDPR), we transfer your data to the shipping company selected by you in the ordering process, which was commissioned to deliver the ordered products.
The same applies to the transfer of data to our manufacturers or wholesalers cooperating with us in the event that they take over the shipment on our behalf (dropshipping) They are considered suppliers of shipping services for the purposes of this privacy policy.
4. Data processing for the purpose of making payments
In order to make payments in our online store, we cooperate with external service providers that support online electronic payments and transfer your data to the payment processing company selected by you in the ordering process. The above serves the purpose of performing the contract (Article 6 (1) (b) of the GDPR).
Data processing to prevent fraud and optimize payments
In some situations, we may provide our service providers with additional information that they may use along with the information necessary to complete the payment. These service providers then act on our behalf as processors and provide us with services in the field of fraud prevention and optimization of payment processes (e.g. invoicing, analysis of rejected payments, accounting support). Pursuant to Art. 6 sec. 1 lit. f GDPR, this serves to fulfill our legitimate interests in protection against abuse and fraud and in the effective management of payments.
5. Channels of marketing activities: e-mail
If you subscribe to our newsletter, we will use the data you provide to us on the basis of your consent (Article 6 (1) (a) of the GDPR) to send our newsletter via e-mail on a regular basis.
It is possible to unsubscribe from the newsletter at any time. For this purpose, please send a message to our contact address indicated in the section "Our contact details and your rights" or use the link in the newsletter unsubscribing from the list of recipients. After unsubscribing from the list of newsletter recipients, we will delete your e-mail address, unless you express Your express consent (Article 6 (1) (a) of the GDPR) for further use of this data for other purposes or in accordance with applicable law, we reserve the right to further use of the data, which we inform you about in this privacy policy.
5.1 Sending the newsletter
5.2 Sending an invitation to issue a purchase review
If you have given your consent to this during or after placing the order (Article 6 (1) (a) of the GDPR), then we will use your e-mail address to send you an electronic invitation to evaluate the purchase made in our store. The opinion / evaluation is issued via the feedback system we use. You can withdraw your consent at any time by sending a message with information about the withdrawal of consent to our contact address indicated in the section "Our contact details and your rights". Alternatively, you can also use the link unsubscribing from the list of newsletter recipients included in the message with the invitation to issuing an opinion.
Invitations for review are sent by our service provider Trusted Shops GmbH Subbelrather Str. 15C, 50823 Cologne, Germany (Trusted Shops). As part of sending invitations, we receive status information from Trusted Shops (e.g. whether the invitation to issue an opinion was sent and whether it was received by the addressee). This is done in accordance with Art. 6 sec. 1 lit. f GDPR in order to fulfill our legitimate interest in receiving information on invitations to provide feedback, in order to be able to optimize on this basis, if necessary, and in order to fulfill Trusted Shops's legitimate interest in being able to offer this service.
We are jointly responsible for sending feedback invitations and for collecting and displaying feedback and rating or status information.
Within the framework of this joint liability that exists between us and Trusted Shops, please contact Trusted Shops if you have any questions regarding the protection of your data or wish to assert your rights. Contact details are available on this page . There you will also find further information on data protection at Trusted Shopsj. Regardless of this, you can also contact us directly at any time. If necessary, your request will be forwarded to Trusted Shops, which is jointly responsible for data processing.
6. Cookies and Similar Technologies
General Information
To make your visit to our website more attractive and to enable you to use its key functions, we use technological tools for this purpose, including so-called cookies. Cookies are small text files that are automatically saved on your end device. Some of the cookies we use are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow us to recognize your browser the next time you visit the website (so-called persistent cookies).
End device privacy protection
When using our online offer, we use technologies that are absolutely necessary to ensure the correct and optimal use of the necessary functions of our website. In this regard, the storage of information on the user's end device or access to information that is already stored on the user's end device does not require the user's consent.
For functions that are not strictly necessary, the storage of information on the user's end device or access to information already stored on the user's end device requires the user's consent. Please note that if you do not agree, some features or elements of the website may not be available to their full extent. Any consent given by the user remains valid until the consent is withdrawn, the settings are configured or the appropriate settings are reset on the end device.
Any further data processing using cookies and other technologies
We use technologies that are absolutely necessary to ensure the correct and optimal use of the necessary functions of our website (e.g. shopping cart function). These technologies process data such as your IP address, the time of visiting the website, information about the device and browser, as well as information about the use of our website (e.g. about the contents of the shopping cart). This serves in accordance with Art. 6 sec. 1 lit. f GDPR for the implementation of our legitimate interest in the optimal presentation of our offer.
In addition, we also use technology tools to fulfill the legal obligations to which we are subject (e.g. to prove consent to the processing of your personal data), as well as for internet analytics and internet marketing. Further information on this, including the relevant legal grounds for data processing, can be found in the following sections of this privacy policy.
In the auxiliary menu of the web browser you will find explanations on how to change the cookie settings. They are available at the following links: Microsoft Edge ™ / Safari ™ / Chrome ™ / Firefox ™ / Opera ™
If you have given us your consent to use certain technological tools (Article 6 (1) (a) of the GDPR), this may be withdrawn by you at any time. In order to withdraw your consent, please contact us via the contact address provided in the section "Our contact details and your rights".
7. The use of cookies and similar technological tools for the purposes of web analytics and marketing
Provided you have given your consent (Article 6 (1) (a) of the GDPR), we use the following cookies and other similar technological tools of external service providers on our website. After the purpose of processing is achieved and the use of a given technological tool is completed, the data collected as part of the use of these tools will be deleted. The consent granted may be withdrawn by you at any time. Detailed information on the possibility to revoke consent and your right to object can be found in the section "Cookies and similar technologies". Further information can be found on the websites of the individual service providers. If you have any questions about our service providers and the basis of our cooperation with them, please contact us. Contact details can be found in the section "Our contact details and your rights".
7.1 Use of Google Services
We use the following technology tools from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information collected automatically by Google technologies regarding the use of our website is usually transferred to the server of Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA and stored there. The European Commission has not issued an adequacy decision for the US. Our cooperation is based on standard data protection clauses adopted by the European Commission. If your IP address is processed as part of the use of Google technology tools, your IP address is shortened due to the activated IP anonymization before being stored on Google servers. Only in exceptional cases will the full IP address be sent to a Google server and shortened there. Unless otherwise stated for individual Google technologies described in this privacy policy, data processing is carried out on the basis of a data processing agreement concluded with Google in accordance with Art. 26 GDPR. Further information on data processing by Google can be found in the privacy policy of the Google website .
Google Analytics
For the purpose of analyzing the use of our website, we use Google Analytics - a web analytics tool from Google, which automatically processes your data for this purpose (IP address, time of visit to the website, information about the device and browser, as well as information on the use of our website. ) and creates pseudonymous user profiles based on them. Cookies may be used for this purpose. As a rule, your IP address is not combined with other data collected by Google. Data processing as part of the Google Analytics service is based on the data entrustment agreement concluded with Google.
Google Ads
With the help of Google Ads, we promote our website in search results and on third party websites. For this purpose, when visiting our website , a Google cookie remarketing file will be automatically saved on your device , which, based on the pages you visit, allows you to display advertisements based on your interests, processing for this purpose your data (IP address) using a pseudonymous identifier (ID). , time of visit to the website, information about the device and browser, as well as information on the use of our website). Further data processing only takes place if you have activated the ad personalization option in your Google account settings. In this case - if you are logged in to Google while visiting our website, Google will use your data together with the data collected as part of Google Analytics in order to create and define the so-called. list of target groups for remarketing purposes on different devices.
Google Maps
For the visual presentation of geographic information, Google Maps will save and process information about your use of maps and individual functions, including, for example, your IP address and location data. We have no influence on the above data processing by Google.
Google reCAPTCHA
In order to protect against spam and prevent abuse and misuse of our web forms (e.g. using malicious bots), our website has been integrated with the Google reCAPTCHA tool that processes your data for this purpose (IP address, time of visit to the website, information about the device). and browser as well as information on the use of our website) and uses them to analyze your use of our website using JavaScript and cookies. The personal data entered by you in the individual form fields on our pages will not be read or saved.
Google Fonts
In order to ensure a consistent presentation of content on our websites, the "Google Fonts" script is integrated with our website, which processes your data (IP address, time of visit to the website, information about the device and browser, as well as information on the use of our website. ). We have no influence on the above data processing by Google.
YouTube Video Plugin
In order to integrate third-party content using the YouTube video plug-in - when playing a video, Google processes the following data: IP address, time of visit, information about the user's device and browser.
7.2 Use of Facebook services
Facebook Ads (ad management)
Facebook Ads allows us to advertise our website on Facebook and other platforms. We set the parameters of a given advertising campaign. Facebook is responsible for the exact implementation and in particular for the decision to display an advertisement to individual users. Unless otherwise stipulated for individual functions and tools, data processing is carried out on the basis of a personal data co-administration agreement in accordance with Art. 26 GDPR. The joint responsibility is limited to the collection of data and their transmission to Facebook Ireland. This does not include any subsequent data processing by Facebook Ireland.
7.3 Other service providers for analytical and marketing tools
Use of Hotjar for web analytics purposes
For the purpose of analyzing the use of our website - using the web analytics tool Hotjar Ltd., Level 2, St Julians Business Center, 3, Elia Zammit Street, St Julians STJ 3155, Malta ("Hotjar") when visiting our website data is automatically collected and saved (your IP address, time of visit to the website, information about the device and browser, as well as information on the use of our website) on the basis of which pseudonymous user profiles are created. Cookies may be used for this purpose. Without giving a separate, explicit consent - pseudonymous user profiles are not combined with the personal data of the entity that has been given a pseudonym. Data processing in connection with the services provided by Hotjar takes place within the framework of the concluded data entrustment agreement.
The use of Adobe Fonts for the purpose of presenting content on the website
For the optimal and consistent presentation of content on our websites, we use the script "Adobe Fonts" from Adobe, Inc. , 345 Park Avenue San Jose, CA 95110-2704, USA (hereinafter "Adobe"), which processes the data (your address IP, time of visit to the website, information about the device and browser). We have no influence on the processing of this data. In relation to the USA, the European Commission has not issued a decision stating an adequate level of data protection. Our cooperation is based on standard data protection clauses adopted by the European Commission Data processing is carried out in accordance with Article 26 of the GDPR on the basis of mutual agreements concluded between the joint controllers.
8. Integration with the Trusted Shops Trustbadge and other widgets
Trusted Shops widgets (e.g. Trustbadge) are integrated into our website to present Trusted Shops services (seal of quality and customer reviews collected using the Trusted Shops review system) and the Trusted Shops offer available to buyers after placing an order.
The above serves in accordance with Art. 6 sec. 1 lit. f GDPR for the implementation of our legitimate interest in the optimal marketing of our offer by enabling safe online purchases. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, Germany (hereinafter Trusted Shops) with which we are jointly responsible for the protection of the jointly controlled data in accordance with Art. 26 GDPR. We hereby inform you about the main content of the joint arrangements of the joint controllers (Article 26 (2) of the GDPR). If you have any questions about the processing of your data jointly controlled by us and Trusted Shops GmbH or to assert your rights, please contact Trusted Shops. Contact details can be found in the privacy policy of Trusted Shops, available here . Further information on data processing and data protection by Trusted Shops is available here . Notwithstanding the foregoing, you can always contact us using the contact details indicated in the content of this privacy policy under "Our contact details and your rights". Your inquiry or request may, if necessary, be forwarded to the second joint administrator (Trusted Shops ) in order to develop it and answer it.
8.1 Data processing as part of the integration of the Trustbadg and other widgets
The Trustbadge is made available under the co-administration by the American content provider CDN (Content-Delivery-Network). An adequate level of data protection is ensured by standard data protection clauses and additional contractual agreements. Further information on data protection by Trusted Shops GmbH can be found here . When the Trustbadge is called, the web server automatically saves the so-called log file (server logs), which also contains your IP address, date and time of the call, the amount of data transferred and the requesting operator (access data) and documents the call. The IP address is anonymized immediately after collection so that the stored data cannot be assigned to a specific person. Anonymized data is used in particular for statistical purposes and error analysis.
8.2 Data processing after placing an order
After you place an order in the shop, your e-mail address encrypted by the cryptological one-way function will be forwarded to Trusted Shops GmbH. The legal basis for processing is Art. 6 sec. 1 point 1 lit. f GDPR. This is done in order to check whether you are already registered in the Trusted Shops GmbH system and is necessary for the implementation of overriding, legitimate interests - both ours and Trusted Shops - consisting in the possibility of ensuring the protection of the buyer in connection with a specific order and the provision of services. transaction evaluation. If you are already registered for the use of Trusted Shops services, then further data processing is carried out in accordance with the contract between you and Trusted Shops. Those who have not registered will be able to register for the first time. The further processing of the data after registration also depends on the type of contract you have concluded with Trusted Shops GmbH. If you do not register for the use of Trusted Shops services, all transmitted data will be automatically deleted by Trusted Shops GmbH and it will not be possible to link them to a specific person.
Trusted Shops uses external service providers for hosting, monitoring and logging of logs. The above is to ensure failure-free operation of the systems, the legal basis in this regard is Art. 6 sec. 1 lit. f GDPR. Data processing may take place in third countries (USA and Israel). In the case of the USA, an adequate level of data protection is ensured by contractual provision of standard data protection clauses and further contractual measures, and in the case of Israel by the existence of an adequacy decision.
9. Social media
9.1 Social Media Plugins: Facebook (Meta), Twitter, Instagram (Meta)
Our website uses so-called plugins (buttons) of social networks. These plugins are available via an HTML link, which ensures that when visiting our website containing such plugins (buttons), no automatic, direct connection is established with the servers of the operator of the given social network. After clicking on one of the buttons (plug-in), a new window of your browser will open, displaying the page of a given social networking site, where you can approve the use of a given button, eg "Like" or "Share".
9.2 Our activity on social networks: Facebook, Instagram, Youtube, LinkedIn
If you have given your consent in this regard to a given social network (Article 6 (1) (a) of the GDPR), when visiting our account / profile in the above-mentioned social networks, your data will be automatically collected and stored for the purposes of web analytics and marketing. Based on this data, pseudonymous user profiles are created. They can be used, for example, to place within social networks and outside them, the so-called personalized ads that are likely to match your interests. Cookies are usually used for this purpose.
Detailed information on the processing and use of your data by individual social networking sites, as well as information on your rights and the possibility of configuring privacy settings, as well as contact details for the purpose of submitting an inquiry are described in the privacy policies of individual social networking sites linked below. Should you require assistance in this regard, you can also contact us.
Facebook (by Meta) is a social networking site provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Irland ("Meta Platforms Ireland"). Automatically processed information about your activity and how to use our Facebook fanpage (by Meta) is usually sent to the Meta Platforms Ireland, Inc., 1 Hacker Way, Menlo Park, California 94025 server in the USA and stored there. . In relation to the USA, the European Commission has not issued an adequacy decision. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing as part of visiting a fan page on Facebook (by Meta) takes place in accordance with art. 26 GDPR on the basis of the joint arrangements made by the joint controllers, which are available here . Further information on the processing of your personal data when visiting the Facebook fan page (information on page statistics functions) is available here .
Instagram (by Meta) is a social networking site provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). Automatically processed information about your activity and how you use our fan page on Instagram is usually sent to the Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025 server in the USA and stored there. In relation to the USA, the European Commission has not issued an adequacy decision. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing as part of visiting a fanpage account on Instagram (by Meta) is carried out in accordance with art. 26 of the GDPR based on the joint arrangements made by the joint administrators. Further information on the processing of your personal data when visiting the Facebook fan page (information on page statistics functions) is available here .
YouTube is a social networking service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Automatically processed information about your activity and the use of our YouTube profile is usually transferred to the server of Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043 in the USA and stored there. In relation to the USA, the European Commission has not issued an adequacy decision. Our cooperation is based on standard data protection clauses adopted by the European Commission.
LinkedIn is a social networking site provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). Automatically processed information about your activity and the use of our LinkedIn profile is generally transferred to the LinkedIn Corporation server, 1000 W. Maude Avenue, Sunnyvale, CA 94085 in the USA and stored there. In relation to the USA, the European Commission has not issued an adequacy decision. Our cooperation is based on standard data protection clauses adopted by the European Commission.
10. Our contact details and your rights
10.1 Your rights
Persons whose data is processed have the following rights:
- in accordance with Art. 15 GDPR: the right to obtain information on data processing in the scope specified in this article;
- in accordance with Art. 16 GDPR: the right to rectify your inaccurate or incomplete personal data;
- in accordance with Art. 17 GDPR: the so-called "Right to be forgotten", i.e. the right to delete your personal data stored with us, unless further processing is necessary:
- for exercising the right to freedom of expression and information;
- to comply with a legal obligation;
- for reasons of public interest;
- to establish, assert or defend claims;
- in accordance with Art. 18 GDPR: the right to limit the processing of personal data, provided that:
- the accuracy of this personal data is contested by you;
- the processing is unlawful and you oppose its deletion;
- we no longer need personal data, but you need them to establish, assert or defend claims;
- pursuant to Art. 21 objection to data processing;
- in accordance with Art. 20 GDPR: the right to receive the data provided to us in a structured, commonly used machine-readable format and to send it to another administrator;
- in accordance with Art. 77 GDPR: the right to lodge a complaint with the supervisory body (the President of the Personal Data Protection Office "UODO").
Right to object If we process personal data in the manner described in this privacy policy in order to protect our legitimate interests, you may object to the processing of your data for this purpose - with effect for the future. If the processing takes place for direct marketing purposes, you can exercise your right to object at any time. If the processing takes place for other purposes, you only have the right to object for reasons arising from your particular situation. After you exercise your right to object, we will not continue to process your personal data, unless we demonstrate the existence of valid, legitimate grounds for processing and they override your interests and rights, or if the data processing is to assert, exercise or defend legal claims . The preceding sentence does not apply when data processing is carried out for direct marketing purposes. In this case, after you object, we will always stop processing your personal data. |
10.2 Contacting Us
If you have any questions regarding the collection, processing and use of your personal data, as well as in the event of a request for information, rectification, restriction of processing or deletion of data, and in order to revoke granted consents or object to the use of specific data, please contact the data administrator directly. indicated at the beginning of this privacy policy.