Privacy
Privacy Policy of the www.peniche.store Online Store (hereinafter referred to as the Store).
1. GENERAL PROVISIONS
1.1. This privacy policy of the Online Store is for informational purposes only, meaning it does not impose any obligations on Service Users or Customers of the Online Store. It contains information primarily about the rules for processing personal data by the Administrator in the Online Store, including the grounds, purposes, and scope of personal data processing, as well as the rights of individuals whose data is being processed and details on the use of cookies and analytical tools in the Online Store.
1.2. The Administrator of personal data collected via the Online Store is Paweł Skadorwa, operating under the name “PENICHE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ” located in Gdynia, Poland, with the address Al. Zwycięstwa 241/13, NIP identification number 5862389895, KRS number 0001022797, email hello@peniche.store (hereinafter referred to as the “Administrator”), who is also the Service Provider and Seller of the Online Store.
1.3. Personal data in the Online Store is processed by the Administrator in accordance with applicable legal regulations, in particular, in line with the EU Regulation 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Official text of GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. The use of the Online Store, including the purchase of products, is voluntary. Similarly, providing personal data by the Service User or Customer using the Online Store is voluntary, with two exceptions: (1) conclusion of agreements with the Administrator—failure to provide data necessary to conclude and perform the Sales Agreement or the Electronic Service Agreement may result in the inability to conclude the agreement; (2) statutory obligations of the Administrator—providing personal data is a statutory requirement arising from universally binding legal regulations that impose on the Administrator the obligation to process personal data (e.g., for tax or accounting purposes).
1.5. The Administrator exercises particular care to protect the interests of individuals whose personal data is being processed, ensuring that the data is processed lawfully, collected for designated, lawful purposes, and not processed further in a way incompatible with those purposes; it is accurate, adequate, stored in a form allowing identification of the individuals only as long as necessary, and processed in a manner ensuring security through technical and organizational measures.
1.6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of infringement of rights or freedoms of natural persons, the Administrator implements appropriate technical and organizational measures to ensure processing compliance with this regulation and demonstrate such compliance. These measures are reviewed and updated as necessary. The Administrator employs technical measures to prevent unauthorized persons from acquiring or modifying personal data transmitted electronically.
1.7. Terms capitalized in this privacy policy (e.g., Seller, Online Store, Electronic Service) should be understood according to their definitions provided in the Online Store Regulations available on the Online Store’s website.
2. BASIS OF DATA PROCESSING
2.1. The Administrator is authorized to process personal data if at least one of the following conditions is met: (1) the individual has given consent for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the individual is a party, or to take steps at their request prior to entering into a contract; (3) processing is necessary to fulfill a legal obligation imposed on the Administrator; or (4) processing is necessary for legitimate interests pursued by the Administrator or a third party, except where such interests are overridden by the rights and freedoms of the individual, particularly if they are a child.
2.2. Personal data processing by the Administrator requires the existence of at least one of the grounds indicated in section 2.1. Specific grounds for processing personal data by the Administrator are outlined in the next section of the privacy policy regarding the purpose of processing personal data.
3. PURPOSE, BASIS, DURATION, AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
3.1. The purpose, basis, duration, and scope of data processing depend on the activities taken by the Service User or Customer in the Online Store. For example, if a Customer decides to make a purchase and chooses in-store pickup rather than delivery, their personal data will be processed for the performance of the Sales Agreement but will not be shared with the carrier.
3.2. The Administrator may process personal data in the Online Store for the following purposes, based on specific grounds, for particular durations, and in specific scopes:
4. RECIPIENTS OF DATA IN THE ONLINE STORE
4.1. To ensure proper functioning of the Online Store, including fulfilling Sales Agreements, the Administrator uses services of third-party entities (such as software providers, couriers, or payment processors). The Administrator only cooperates with entities that offer sufficient guarantees for implementing adequate technical and organizational measures to comply with GDPR requirements and protect data subjects’ rights.
4.2. Personal data may be transferred by the Administrator to third countries, ensuring appropriate protection in compliance with GDPR, and the data subject has the right to obtain a copy of their data. The Administrator shares collected personal data only as necessary to achieve the specific data processing purpose in line with this privacy policy.
4.3. Personal data of Service Users and Customers may be transferred to recipients or categories of recipients, such as:
4.4.1. Carriers or shipping brokers for postal or courier delivery of products;
4.4.2. Entities processing electronic or card payments, if the Customer uses electronic or card payment options;
4.4.3. Service providers providing the Administrator with technical, IT, and organizational solutions for the Online Store;
4.4.4. Accounting, legal, and advisory service providers supporting the Administrator in accounting, legal, or advisory matters.
5. PROFILING IN THE ONLINE STORE
5.1. The GDPR obliges the Administrator to inform about automated decision-making, including profiling. Profiling in the Online Store may involve direct marketing but does not determine the conclusion or refusal of a Sales Agreement. Profiling can help, for instance, by granting a discount, reminding about incomplete purchases, or suggesting products of interest based on the individual’s browsing history. However, the person is free to decide whether to use the discount or improved terms.
5.3. Profiling in the Online Store involves automated analysis or forecasting of an individual’s behavior, e.g., by adding products to the cart or reviewing product pages. This is only possible when the Administrator has personal data to provide such offers.
5.4. The data subject has the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning them.
6. DATA SUBJECT RIGHTS
6.1. Data subjects have rights to access, correct, restrict, delete, or transfer their data. Detailed conditions for exercising these rights are set out in GDPR Articles 15-21.
6.2. Data subjects may withdraw their consent at any time if the Administrator processes data based on their consent, without affecting the legality of prior processing.
6.3. Data subjects have the right to file a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection.
6.4. Data subjects may object at any time, for reasons related to their particular situation, to the processing of their personal data based on legitimate interests of the Administrator.
6.5. Data subjects have the right to object to direct marketing at any time.
6.6. To exercise their rights, individuals may contact the Administrator by sending a message in writing or by email.
7. COOKIES IN THE ONLINE STORE, USAGE DATA, AND ANALYTICS
7.1. Cookies are small text files saved on the device of a person visiting the Online Store. Detailed information about cookies is available at: http://pl.wikipedia.org/wiki/Ciasteczko.
7.2. The Administrator may process data contained in cookies to identify logged-in Users, remember products in the shopping cart, save form data, customize site content to the User’s preferences, and for anonymous statistics and remarketing purposes.
1. GENERAL PROVISIONS
1.1. This privacy policy of the Online Store is for informational purposes only, meaning it does not impose any obligations on Service Users or Customers of the Online Store. It contains information primarily about the rules for processing personal data by the Administrator in the Online Store, including the grounds, purposes, and scope of personal data processing, as well as the rights of individuals whose data is being processed and details on the use of cookies and analytical tools in the Online Store.
1.2. The Administrator of personal data collected via the Online Store is Paweł Skadorwa, operating under the name “PENICHE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ” located in Gdynia, Poland, with the address Al. Zwycięstwa 241/13, NIP identification number 5862389895, KRS number 0001022797, email hello@peniche.store (hereinafter referred to as the “Administrator”), who is also the Service Provider and Seller of the Online Store.
1.3. Personal data in the Online Store is processed by the Administrator in accordance with applicable legal regulations, in particular, in line with the EU Regulation 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Official text of GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. The use of the Online Store, including the purchase of products, is voluntary. Similarly, providing personal data by the Service User or Customer using the Online Store is voluntary, with two exceptions: (1) conclusion of agreements with the Administrator—failure to provide data necessary to conclude and perform the Sales Agreement or the Electronic Service Agreement may result in the inability to conclude the agreement; (2) statutory obligations of the Administrator—providing personal data is a statutory requirement arising from universally binding legal regulations that impose on the Administrator the obligation to process personal data (e.g., for tax or accounting purposes).
1.5. The Administrator exercises particular care to protect the interests of individuals whose personal data is being processed, ensuring that the data is processed lawfully, collected for designated, lawful purposes, and not processed further in a way incompatible with those purposes; it is accurate, adequate, stored in a form allowing identification of the individuals only as long as necessary, and processed in a manner ensuring security through technical and organizational measures.
1.6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of infringement of rights or freedoms of natural persons, the Administrator implements appropriate technical and organizational measures to ensure processing compliance with this regulation and demonstrate such compliance. These measures are reviewed and updated as necessary. The Administrator employs technical measures to prevent unauthorized persons from acquiring or modifying personal data transmitted electronically.
1.7. Terms capitalized in this privacy policy (e.g., Seller, Online Store, Electronic Service) should be understood according to their definitions provided in the Online Store Regulations available on the Online Store’s website.
2. BASIS OF DATA PROCESSING
2.1. The Administrator is authorized to process personal data if at least one of the following conditions is met: (1) the individual has given consent for one or more specified purposes; (2) processing is necessary for the performance of a contract to which the individual is a party, or to take steps at their request prior to entering into a contract; (3) processing is necessary to fulfill a legal obligation imposed on the Administrator; or (4) processing is necessary for legitimate interests pursued by the Administrator or a third party, except where such interests are overridden by the rights and freedoms of the individual, particularly if they are a child.
2.2. Personal data processing by the Administrator requires the existence of at least one of the grounds indicated in section 2.1. Specific grounds for processing personal data by the Administrator are outlined in the next section of the privacy policy regarding the purpose of processing personal data.
3. PURPOSE, BASIS, DURATION, AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
3.1. The purpose, basis, duration, and scope of data processing depend on the activities taken by the Service User or Customer in the Online Store. For example, if a Customer decides to make a purchase and chooses in-store pickup rather than delivery, their personal data will be processed for the performance of the Sales Agreement but will not be shared with the carrier.
3.2. The Administrator may process personal data in the Online Store for the following purposes, based on specific grounds, for particular durations, and in specific scopes:
4. RECIPIENTS OF DATA IN THE ONLINE STORE
4.1. To ensure proper functioning of the Online Store, including fulfilling Sales Agreements, the Administrator uses services of third-party entities (such as software providers, couriers, or payment processors). The Administrator only cooperates with entities that offer sufficient guarantees for implementing adequate technical and organizational measures to comply with GDPR requirements and protect data subjects’ rights.
4.2. Personal data may be transferred by the Administrator to third countries, ensuring appropriate protection in compliance with GDPR, and the data subject has the right to obtain a copy of their data. The Administrator shares collected personal data only as necessary to achieve the specific data processing purpose in line with this privacy policy.
4.3. Personal data of Service Users and Customers may be transferred to recipients or categories of recipients, such as:
4.4.1. Carriers or shipping brokers for postal or courier delivery of products;
4.4.2. Entities processing electronic or card payments, if the Customer uses electronic or card payment options;
4.4.3. Service providers providing the Administrator with technical, IT, and organizational solutions for the Online Store;
4.4.4. Accounting, legal, and advisory service providers supporting the Administrator in accounting, legal, or advisory matters.
5. PROFILING IN THE ONLINE STORE
5.1. The GDPR obliges the Administrator to inform about automated decision-making, including profiling. Profiling in the Online Store may involve direct marketing but does not determine the conclusion or refusal of a Sales Agreement. Profiling can help, for instance, by granting a discount, reminding about incomplete purchases, or suggesting products of interest based on the individual’s browsing history. However, the person is free to decide whether to use the discount or improved terms.
5.3. Profiling in the Online Store involves automated analysis or forecasting of an individual’s behavior, e.g., by adding products to the cart or reviewing product pages. This is only possible when the Administrator has personal data to provide such offers.
5.4. The data subject has the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning them.
6. DATA SUBJECT RIGHTS
6.1. Data subjects have rights to access, correct, restrict, delete, or transfer their data. Detailed conditions for exercising these rights are set out in GDPR Articles 15-21.
6.2. Data subjects may withdraw their consent at any time if the Administrator processes data based on their consent, without affecting the legality of prior processing.
6.3. Data subjects have the right to file a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection.
6.4. Data subjects may object at any time, for reasons related to their particular situation, to the processing of their personal data based on legitimate interests of the Administrator.
6.5. Data subjects have the right to object to direct marketing at any time.
6.6. To exercise their rights, individuals may contact the Administrator by sending a message in writing or by email.
7. COOKIES IN THE ONLINE STORE, USAGE DATA, AND ANALYTICS
7.1. Cookies are small text files saved on the device of a person visiting the Online Store. Detailed information about cookies is available at: http://pl.wikipedia.org/wiki/Ciasteczko.
7.2. The Administrator may process data contained in cookies to identify logged-in Users, remember products in the shopping cart, save form data, customize site content to the User’s preferences, and for anonymous statistics and remarketing purposes.