partydeco.pl PLATFORM PRIVACY POLICY

1. This document, covering the Privacy policy and the use of cookies by the Internet Platform www.shop.partydeco.pl, hereinafter referred to as the “Platform”, has been created and adopted by its owner: PartyDeco sp. z o.o. with its registered office at ul. Piskorskiego 11, 70-809 Szczecin, registered in the business registry of the National Court Register by the District Court for Szczecin-Centrum in Szczecin, 13th Commercial Department of the National Court Register under number: 0000989139, with share capital of: PLN 8 015 000.00, NIP: 9552356219, REGON: 321519156, in order to

• emphasize the special importance we attach to the protection of the privacy of users visiting the Platform;
• provide the Users with information on the use of cookies, required by the provisions of the Act of 16 July 2004 – Telecommunications Law (consolidated text OJ of 2017, item 935).

2. We ensure that our overriding goal is to provide the Platform Users with the protection of their privacy at a level corresponding at least to the standards specified in applicable legal provisions, in particular the Act

• on Rendering Electronic Services of 18 July 2002 (consolidated text OJ of 2017, item 1219);
• of 16 July 2004. Telecommunications Law (consolidated text OJ of 2017, item 935) and Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

3. We also ensure that we are committed to complying with applicable laws, especially those that protect the privacy of Portal Users.

4. The Platform performs the function of obtaining information about users and their behaviour in the following way:

• from information entered voluntarily by clients in forms;
• by saving cookie files in the end-user devices (so-called “cookies”);
• by collecting web server logs by the hosting operator OVH, operating at the address www.ovh.pl.

We collect personal information that you voluntarily provide to us when you register on the Platform, express an interest in obtaining information about us or our products, when you participate in activities on the Platform, or otherwise when you contact us.

The personal information that we collect depends on the context of your interactions with us and the Platform, the choices you make, and the products and features you use. The personal information we collect may include the following:

• names
• phone numbers
• email addresses
• mailing addresses
• job titles
• usernames
• passwords
• contact preferences
• contact or authentication data
• billing addresses
• shipping addresses

We do not process sensitive information. All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Platform. We automatically collect certain information when you visit, use, or navigate the Platform. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Platform, and for our internal analytics and reporting purposes.

5. Principles regarding information entered by customers:

• The platform collects information provided by the customer voluntarily in the appropriate form;
• The platform may also save information about connection parameters (time, IP address);
• The data provided in the form is processed to ensure the proper performance and settlement of the sales contract, and also to fulfil secondary functions that can be used by customers;
• The data provided in the forms may be forwarded to entities providing services supporting the implementation of the platform functions, in particular it applies to the customer’s contact details for the person responsible for the transportation of ordered goods.
• The data may only be made available to entities authorized on the basis of legal regulations or a written consent of the data owner;
• Personal data collected by PartyDeco sp. z o.o. is  processed in a manner, for a purpose and to the extent defined in the Internet Platform Regulations https://shop.partydeco.pl/webpage/en/terms-conditions.html.

6. Principles regarding cookie files:

• The platform uses cookies.
• Cookies are IT data, especially text files that are stored on the user’s equipment and are intended for the use of the platform. Cookies usually contain the name of the website from which they originate, their storage time on the user’s device and a unique number.
• The owner of the platform is the entity that places cookies on the customer’s device and gains access to them.
• Cookies are used for the following purposes:
  • creating statistics that help to understand how customers use websites, which makes it possible to improve their structure and content;
  • maintaining the session after logging in, so that the customer does not have to log in, or retype their login and password on each page of the platform,
  • optimizing the use of websites, in particular these files make it possible to identify the customer’s device and display the web page properly, adjusted to their individual needs,
• As part of the platform two basic types of cookies are used: session cookies and persistent cookies. Session cookies are temporary files that are stored on the customer’s device until logging out, leaving the website or disabling the software (web browser). Persistent cookies are stored on the customer’s device for the time specified in the parameters of cookies or until their removal by the customer.
• Software for browsing the websites (web browser) usually by default allows for the storage of cookies on the customer’s device.  The user may change the settings in this area. The web browser allows the user to delete cookies. It is also possible to block cookies automatically. Detailed information on this subject is provided in the ‘help’ or ‘documentation’ section of the browser.
• Please note that disabling the cookies required for authentication processes, security or maintaining the customer’s preferences may make it difficult and, in extreme cases, even prevent the customer from using the platform.
• Cookies may be used by advertisement networks, in particular Google, to display advertisements adjusted to the way in which the customer uses the Platform. For this purpose, they may keep information about the customer’s navigation path or the time spent on a given page;
• With regard to information about the customer’s preferences collected by the Google advertising network, the customer can view and edit the information derived from cookies using the tool: https://www.google.com/ads/preferences/

7. Server logs.

• Information about some of the customers’ behaviour is subject to logging in the server layer. This data is used only to administer the platform and in order to provide the most efficient service possible.
• Viewed resources are identified by URL addresses. In addition, the following items may also be subject to saving:
  • time of arrival of the inquiry,
  • time of sending the response,
  • the name of the client’s station – identification carried out by the HTTP protocol,
  • information about errors that occurred during the implementation of the HTTP transaction,
  • URL address of the page previously visited by the customer (referrer link) – where the transition to the platform was made via a link,
  • information about the customer’s browser,
  • information about the customer’s IP address.
• The above data is not associated with specific persons browsing the website.
• The above data is used only for the purposes of administering the platform.

8. Data availability.

The data referred to in para. 6 and 7 may only be made available to authorized entities on the basis of legal regulations or a written consent of the data subject.

9. Processing of personal data in connection with the use of the Internet platform.

The Controller of your personal data is PartyDeco sp. z o.o., ul. Piskorskiego 11, 70-809 Szczecin, tel +48 91 433 81 97, e-mail: bok@partydeco.com, hereinafter referred to as the “Controller”.
2.     Personal data:

• 1) will be processed for the purposes related to:
  • a) registration on the Controller’s Internet platform (legal basis: Article 6(1)(a) of the GDPR),
  • b) opening and maintenance of the Customer’s account (legal basis: Article 6(1)(a) of the GDPR),
  • c) conclusion of contracts and processing of orders via the Internet platform (legal basis: Article 6(1)(b) of the GDPR),
  • d) processing of a lodged complaint (legal basis: Article 6(1)(b) of the GDPR),
  • e)  the Controller sending the following:
    • –      Newsletter,
    • –      commercial information,
      (legal basis: Article 6(1)(a) of the GDPR),
  • f) shipping of goods purchased from the Controller (legal basis: Article 6(1)(b) of the GDPR),
• 2) will not be made available, with the exception of entities authorized on the basis of legal regulations (in order to perform obligations to which the controller is subject) or on the basis of a written consent of the data owner.

3.     It is possible to contact the Controller’s Data Protection Officer via email address: iod@partydeco.com or Controller’s postal address.

4.     Personal data will be stored until the consent is withdrawn or for the duration of time required by law for the specific purpose of data processing, including:

• 1) statute of limitations for claims under the contract;
• 2) expiry of the obligation to archive the documentation produced in the process (regardless of its form).

5.     The data subject has the right to:

• 1) request that the Controller:
  • a) grants access to the data;
  • b)  rectifies the data;
  • c)  removes data or limits its processing;
• 2) raise objections to the processing;
• 3) transfer the data;
• 4) withdraw the consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
• 5) lodge a complaint with the President of Personal Data Protection Office in Warsaw.

6.     Providing data is voluntary, but it is necessary in order to achieve the objectives specified in para 2(1).

7.     The data provided will be used for profiling in order to present an individualized offer of the Controller’s products.

10. If you are California resident, this section may apply to you.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information.

CCPA Privacy Notice

The California Code of Regulations defines a “resident” as: (1) every individual who is in the State of California for other than a temporary or transitory purpose and (2) every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose All other individuals are defined as “non-residents.” If this definition of “resident” applies to you, we must adhere to certain rights and obligations regarding your personal information.

What categories of personal information do we collect? We have collected the following categories of personal information in the past twelve (12) months:

Category	Examples	Collected
A. Identifiers	Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name	YES
B. Personal information categories listed in the California Customer Records statute	Name, contact information, education, employment, employment history, and financial information	YES
C. Protected classification characteristics under California or federal law	Gender and date of birth	YES
D. Commercial information	Transaction information, purchase history, financial details, and payment information	YES
E. Biometric information	Fingerprints and voiceprints	NO
F. Internet or other similar network activity	Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements	NO
G. Geolocation data	Device location	YES
H. Audio, electronic, visual, thermal, olfactory, or similar information	Images and audio, video or call recordings created in connection with our business activities	YES
I. Professional or employment-related information	Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us	NO
J. Education Information	Student records and directory information	NO
K. Inferences drawn from other personal information	Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics	YES
L. Sensitive Personal Information		NO

We will use and retain the collected personal information as needed to provide the Services or for:

• Category A – As long as the user has an account with us
• Category B – As long as the user has an account with us
• Category C – As long as the user has an account with us
• Category D – As long as the user has an account with us
• Category G – As long as the user has an account with us
• Category H – As long as the user has an account with us
• Category K – As long as the user has an account with us

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

• Receiving help through our customer support channels;
• Participation in customer surveys or contests; and
• Facilitation in the delivery of our Services and to respond to your inquiries.

You may contact us by email at iod@partydeco.com, or by referring to the contact details provided in this document. If you are using an authorized agent to exercise your right to opt out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf, following the same strict privacy protection obligations mandated by the CCPA.

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information. PartyDeco Sp. z o.o. has disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

• Category A. Identifiers, such as contact details like your real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name.
• Category B. Personal information, as defined in the California Customer Records law, such as your name, contact information, education, employment, employment history, and financial information.
• Category C. Characteristics of protected classifications under California or federal law, such as gender or date of birth.
• Category D. Commercial information, such as transaction information, purchase history, financial details, and payment information.
• Category K. Inferences drawn from any of the personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics.

The categories of third parties to whom we shared personal information with are: Data Analytics Services.

Your rights with respect to your personal data

Right to request deletion of the data — Request to delete

You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed — Request to know

Depending on the circumstances, you have a right to know:

• whether we collect and use your personal information;
• the categories of personal information that we collect;
• the purposes for which the collected personal information is used;
• whether we sell or share personal information to third parties;
• the categories of personal information that we sold, shared, or disclosed for a business purpose; the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;
• the business or commercial purpose for collecting, selling, or sharing personal information; and
• the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to reidentify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information

We do not process consumer’s sensitive personal information.

Verification process

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights

• You may object to the processing of your personal information.
• You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.
• You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
• To exercise these rights, you can contact us by email at iod@partydeco.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.