In order to comply with the obligations provided for in the Regulation of the European Parliament and

the Council (EU) 2016/679 of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter “GDPR”), we hereby provide you with the following information:

The Controller of your personal data is ELECTROSMART Węgrzyn sp. k., ul. Polonijna 23/U1, 30-668 Kraków, REGON: 38682226600000, NIP: 6793204047, KRS: 0000855964 (hereinafter referred to as we, the Company, ELECTROSMART), which is the operator of the online store available at www.electrosmart.pl (hereinafter referred to as the Store).

Write us an e-mail at: [email protected] or contact us by post at the following address:

ELECTROSMART Węgrzyn sp. k., ul. Polonijna 23/U1, 30-668 Kraków.

We received them from you when you registered an account with us and also in connection with orders you place with our Store on AMAZON.

- Given name, surname, email address, postal address, telephone number, bank account number, login, password for our Store, operating data for our Store (e.g. order history, content viewed, correspondence exchanged).

• Also NIP, REGON and company name - in case of sole traders.

We process your personal data on the basis of Article 6(1)(b) of the GDPR, i.e. in order to perform the contract concluded with you and to carry out your order or to take action before concluding a contract with you, in particular:

• to inform you about our offer or the terms of use of the Store;
• to enable you to use our Store;
• to set up and manage your account and to resolve technical problems;
• to process your orders;
• to handle your complaints and your right of withdrawal;
• to handle other requests you submit to us (e.g. via the contact form);
• to contact you for contractual purposes.

• analyse data from our website, stored in cookies;

- organise competitions and promotional activities;

- conduct marketing activities by telephone or e-mail;

- manage the newsletter you have subscribed to.

You may withdraw your consent to the processing of your personal data in the above scope at any time, without giving reasons, in the same way you gave your consent. We will process your personal data in the above scope until you withdraw your consent. Withdrawal of consent will not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

In addition, we process your data on the basis of Article 6(1)(c) of the GDPR, as we are required by law to process your data for tax and accounting purposes.

We also process your personal data on the basis of Article 6(1)(f) of the GDPR, for the purposes indicated below, as the following tasks related to our business activities are our legitimate interest:

• monitoring your activity and that of all other users, including, for example, keyword searches, browsing and managing your activity in our Store;
• tailoring advertising according to the content you have previously viewed,
• customising categories of offers or individual offers according to your

shopping preferences (this is mere profiling of your data - you can object to this - see below);

• conducting marketing activities towards you, including direct marketing of our own services - you may object to this, see below;
• contacting you, including for legitimate marketing purposes, via the available communication channels, in particular, and with your consent, via e-mail and telephone;
• ensuring the security of the services we provide to you electronically, including enforcing compliance with our internal policies and preventing fraud and abuse and ensuring traffic security;
• handling your requests, communicated in particular to the user service team and via the contact form, where these are not directly related to the performance of the contract;
• maintaining commercial relations with you;
• asserting our claims or defending against claims;
• conducting statistical analyses;
• storing data for the purpose of archiving that data and ensuring accountability (demonstrating our compliance with legal obligations).

To conclude a contract with us, the following personal data must be provided (contractual requirement to conclude a contract):

- given name, surname, e-mail address, full correspondence address, telephone number, and, in case of sole traders, also NIP (tax identification number) and company name.

- in case of free-of-charge registration in the Store, also the password to access the account (the login is the e-mail address).

Provision of this data is voluntary, but if for any reason you do not provide this personal data,

we will not be able to enter into a contract with you and consequently you will not be able to

purchase through our site or otherwise use this service.

If required by law, we may require you to provide other data necessary, for example, for accounting or taxation purposes. Apart from these cases, provision of your data is voluntary.

You have the right to ask us:

1. For access to your data, based on Article 15 of the GDPR,
2. To rectify your data, pursuant to Article 16 of the GDPR,
3. To delete your data, based on Article 17 of the GDPR ("right to be forgotten"),
4. To restrict their processing (for example, only to data storage) pursuant to Art. 18 GDPR,
5. To transfer your data, pursuant to Article 20 of the GDPR,

You also have the right to object at any time to the processing of your personal data, including processing for direct marketing and profiling purposes - on the basis of Article 21 of the GDPR. When the prerequisites indicated in this provision are met, we will cease to process the data for such purposes.

You can also withdraw your consent for us to process your personal data at any time if the processing is based on your consent.

You have the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection (address: ul. Stawki 2, 00-193 Warsaw).

You can exercise these rights when:

- regarding your access request: you want to know whether we are processing your data and, if so, on what basis, to what extent and for what purpose.

- in relation to a request for rectification: when you establish that your data are incorrect or incomplete;

- with regard to the request for erasure: in the cases set out in Article 17 of the GDPR;

- as regards a request for restriction of data processing: in the cases referred to in

Article 18 of the GDPR - in which case your data will only be stored by us, and the rest of the processing will require your consent, unless there are other circumstances referred to in Article 18(2) of the GDPR.

- as regards a request for data portability: if you need to receive a set of data processed by us in order to send it to another Company.

• as regards your right to object to us - if the cessation of processing of your personal data on the basis of Article 6(1)(e-f) of the GDPR (including profiling) or for direct marketing purposes is justified by your particular circumstances.

We share or may share your personal data with:

1. our employees, contractors and other entities authorised by us to process your personal data.
2. companies that provide technical and IT services for our Company and its websites (mailbox server, website server, hosting, cloud computing services, remote working software, etc.).
3. companies providing IT solutions for online stores (the so-called sales manager).
4. companies that provide other computer software to the Company, including instant messaging (e.g. WhatsApp).
5. payment service providers.
6. companies connected with the Company in terms of capital or personal relations, as subcontractors (among others: GLOBTEL Paweł Węgrzyn, Inntoo sp. z o.o. sp. k. with its registered office in Kraków, PWPL sp. z o.o. sp. k. with its registered office in Kraków).
7. companies that analyse statistical data (e.g. Google Analytics).
8. companies providing CRM software to the Company.
9. companies providing delivery services (e.g. courier companies, postal operators, other carriers).
10. authorised public bodies under common law.
11. law firm.
12. accounting office.
13. with your consent, also with others who work with us or to whom we have entrusted the processing of personal data under a separate contract.

We keep your personal data for no longer than is necessary due to the purpose of processing and the requirements of common law.

We keep your personal data for the duration of the contract and also after contract termination - for a maximum period of 6 years from the date of expiry of the contract or for the duration of judicial or administrative proceedings.

In the case of pre-contractual processing of your data, we will store it for a maximum of one year from the date of transfer.

We keep your personal data for marketing purposes for the duration of the contract or until you object to such processing, depending on which of these events occurs first.

In the case of the organisation of loyalty programmes, competitions and promotional activities

you can take part in, we will process your data for the duration of the event and for the period of settlement of the award ceremony.

Your personal data may be transferred outside the European Economic Area, but only to entities providing us with IT solutions and systems, which may store personal data on servers located outside the EEA (including in the United States).

The transfer of your data outside the EEA may be based on a decision of the European Commission

establishing an adequate level of protection or the application of appropriate legal safeguards, which are in particular standard contractual clauses for the protection of personal data approved by the European Commission. If the European Commission does not issue the decision referred to above and adequate safeguards are not provided, your personal data may be transferred to a third country on the basis of one of the grounds listed in Article 49(1) of the GDPR, including in particular your explicit consent. You have the right to obtain a copy of personal data transferred to a third country.

Your personal data may be processed by automated means (including profiling), however, we will not base our decisions that produce legal effects or similar decisions solely on automated decision-making or profiling.

Personal data profiling involves the processing of your data (including by automated means), by using them to evaluate certain information about you, in particular to analyse or forecast your personal preferences and interests.

We may use cookies when you use services available through our online store. Cookies that may be used on our store's website are associated only with the browser of the respective computer - the user is anonymous

(the user’s name is not provided). This is information which is stored by our server on your computer and which can be read by our server each time you connect to your computer. Cookies provide statistical data on user traffic and usage of individual pages on our website. We may also place cookies to monitor user traffic on the site.

You can choose how cookies are handled in the web area at any time by switching from automatic handling of cookies to individual handling (user settings).

 Detailed information in this regard can be obtained from the providers of Internet software (browsers), usually under “Internet options” or a similar tab. Disabling the option for the user to accept cookies in their browser - blocking or prompting them may cause difficulties or even prevent you from using some of our services.

You have the option of storing your username, email address and password to access your account on our website in cookies, so that when you make a subsequent enquiry or order the above information will be conveniently filled in. These cookies expire after one year.

If you visit the login page, we will create a temporary cookie to verify that your browser accepts cookies. This cookie does not contain any personal data and will be discarded when you close your browser.

When you log in, we also create a number of cookies to store your login information and the screen options you have selected. Login cookies expire after two days and screen option cookies after one year. If you select the “Remember me” option, the login will expire after two weeks. If you log out of your account, your login cookies will be deleted.

For users who have registered on our website, we also store personal information entered in the profile. Any user may review, correct or delete their personal information at any time (not including the user name,

which cannot be changed).

Download the ELECTROSMART Privacy Policy