Privacy policy

Privacy policy of the ONLINE STORE WWW.MILERMENSWEAR.COM

TABLE OF CONTENTS:

1. GENERAL PROVISIONS
2. LEGAL BASES FOR DATA PROCESSING
3. PURPOSE, LEGAL BASIS, DURATION, AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
4. DATA RECIPIENTS IN THE ONLINE STORE
5. PROFILING IN THE ONLINE STORE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE STORE, USAGE DATA, AND ANALYTICS
8. FINAL PROVISIONS

1. 1. GENERAL PROVISIONS
      1. This privacy policy of the Online Store is for informational purposes only, which means that it is not a source of obligations for the Service Recipients or Customers of the Online Store. The privacy policy primarily outlines the rules for the processing of personal data by the Administrator within the Online Store, including the legal bases, purposes, and scope of personal data processing, the rights of data subjects, as well as information regarding the use of cookies and analytical tools in the Online Store.
      2. The administrator of personal data collected via the Online Store is MILER Tomasz Miler Olga Miler s.c., registered in the Central Registration and Information on Business (CEIDG) of the Republic of Poland, maintained by the minister responsible for economic affairs, with the following details: business and correspondence address: ul. Podgórna 4, 61-829 Poznań, NIP (Tax ID): 7831795170, REGON: 382116181, email address: [email protected] — hereinafter referred to as the "Administrator", who is also the Service Provider of the Online Store and the Seller.
      3. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) — hereinafter referred to as the “GDPR” or the “GDPR Regulation.”
      4. Using the Online Store, including making purchases, is voluntary. Likewise, providing personal data by the Service Recipient or Customer using the Online Store is voluntary, with two exceptions: (1) contract conclusion with the Administrator – failure to provide the personal data required in the cases and scope specified on the Online Store’s website, in the Store Regulations, and in this privacy policy will result in the inability to conclude the Sales Agreement or the agreement for the provision of Electronic Services with the Administrator. In such cases, providing personal data is a contractual requirement, and if the data subject wishes to conclude such an agreement with the Administrator, they are obliged to provide the required data. The scope of data required to conclude an agreement is indicated in advance on the Online Store’s website and in the Store Regulations. (2) legal obligations of the Administrator – providing personal data is a legal requirement arising from generally applicable laws that impose on the Administrator an obligation to process personal data (e.g., for the purpose of maintaining tax or accounting records). Failure to provide such data will prevent the Administrator from fulfilling these legal obligations.
      5. The Administrator exercises particular care to protect the interests of individuals whose personal data is being processed. In particular, the Administrator is responsible for ensuring that the collected data is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; (3) factually accurate and adequate in relation to the purposes for which it is processed; (4) stored in a form that allows the identification of the data subjects for no longer than necessary to achieve the purpose of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage, using appropriate technical or organizational measures.
      6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of violating the rights or freedoms of natural persons with varying degrees of probability and severity, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with this Regulation and to be able to demonstrate such compliance. These measures are reviewed and updated as necessary. The Administrator applies technical safeguards to prevent unauthorized persons from accessing or modifying personal data transmitted electronically.
      7. All words, expressions, and acronyms used in this privacy policy that begin with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definitions provided in the Terms and Conditions of the Online Store, available on the Online Store's website.
   2. LEGAL BASES FOR DATA PROCESSING
      1. The Administrator is authorized to process personal data if — and to the extent that — at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) the processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract; (3) the processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) the processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data, particularly where the data subject is a child.
      2. The processing of personal data by the Administrator must always be based on at least one of the legal grounds specified in point 2.1 of this privacy policy. The specific legal bases for the processing of personal data of the Service Recipients and Customers of the Online Store by the Administrator are indicated in the following section of the privacy policy — in relation to each specific purpose for which the Administrator processes personal data.
         
         
   3. PURPOSE, LEGAL BASIS, DURATION, AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE
      1. In each case, the purpose, legal basis, duration, scope, and recipients of the personal data processed by the Administrator depend on the actions taken by the specific Service Recipient or Customer in the Online Store. For example, if a Customer decides to make a purchase in the Online Store and chooses personal pickup of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of fulfilling the concluded Sales Agreement, but it will not be shared with the carrier responsible for deliveries on behalf of the Administrator.
      2. The Administrator may process personal data in the Online Store for the following purposes, on the following legal bases, for the following periods, and to the following extent:
         
         

         Purpose of data processing	Legal basis for processing and data retention period	Scope of processed data
         Performance of the Sales Agreement or the agreement for the provision of Electronic Services, or taking steps at the request of the data subject prior to the conclusion of the aforementioned agreements	Article 6(1)(b) of the GDPR (performance of a contract) The data is stored for the period necessary to perform, terminate, or otherwise expire the concluded contract.	Maximum scope: first and last name; email address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country); residential/business/registered office address (if different from the delivery address). In the case of Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Customer. The scope provided is the maximum — for example, in the case of personal pickup, providing a delivery address is not required.
         Direct marketing	Article 6(1)(f) of the GDPR (legitimate interest of the Administrator) The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject arising from the Administrator's business activities. The limitation period is defined by legal regulations, particularly the Civil Code (the basic limitation period for claims related to business activities is three years, and for a sales contract, two years). The Administrator may not process data for direct marketing purposes if the data subject has effectively objected to such processing.	Email address
         Marketing	Article 6(1)(a) of the GDPR (consent) The data is stored until the data subject withdraws their consent for further processing of their data for this purpose.	Name, email address
         Submission of a Customer review regarding the concluded Sales Agreement	Article 6(1)(a) of the GDPR (consent) The data is stored until the data subject withdraws their consent for further processing of their data for this purpose.	Email address
         Keeping accounting records	Article 6(1)(c) of the GDPR in connection with Article 86 § 1 of the Tax Ordinance Act of January 17, 2017 (Journal of Laws 2017, item 201)/p> The data is stored for a period required by law, which obliges the Administrator to retain tax records (until the expiration of the tax liability limitation period, unless tax laws provide otherwise).	First and last name; residential/business/registered office address (if different from the delivery address), company name, and tax identification number (NIP) of the Service Recipient or Customer.
         Establishment, exercise, or defense of claims that may be raised by the Administrator or against the Administrator	Article 6(1)(f) of the GDPR The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject arising from the Administrator’s business activity. The limitation period is defined by law, in particular the Civil Code (the standard limitation period for claims related to business activity is three years, and for a sales contract, two years).	First and last name; contact phone number; email address; delivery address (street, house number, apartment number, postal code, city, country); residential/business/registered office address (if different from the delivery address). In the case of Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Customer.

   4. DATA RECIPIENTS IN THE ONLINE STORE
      1. For the proper functioning of the Online Store, including the fulfillment of Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software providers, couriers, or payment processors). The Administrator uses only those processors that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that processing complies with the requirements of the GDPR and protects the rights of data subjects.
      2. The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients mentioned in the privacy policy — the Administrator transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent required to fulfill that purpose. For example, if a Customer chooses personal pickup, their data will not be shared with the carrier cooperating with the Administrator.
      3. The personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
         1. Carriers / shipping agents / courier brokers – in the case of a Customer who uses postal or courier delivery for the Product in the Online Store, the Administrator provides the collected personal data of the Customer to the selected carrier, shipping agent, or intermediary handling deliveries on behalf of the Administrator, to the extent necessary to complete the delivery of the Product to the Customer.
         2. entities processing electronic or card payments – in the case of a Customer who uses electronic payment or credit/debit card payment in the Online Store, the Administrator provides the collected personal data of the Customer to the selected entity processing such payments on behalf of the Administrator, to the extent necessary to process the payment made by the Customer.
         3. providers of review survey systems – in the case of a Customer who has agreed to submit a review of the concluded Sales Agreement, the Administrator provides the collected personal data of the Customer to the selected entity that supplies the review survey system used for Sales Agreements in the Online Store, on behalf of the Administrator, to the extent necessary for the Customer to submit a review through the survey system.
         4. service providers supplying the Administrator with technical, IT, and organizational solutions that enable the Administrator to conduct business operations, including the Online Store and the Electronic Services provided through it (in particular, providers of software for operating the Online Store, email and hosting providers, and providers of business management and technical support software) — the Administrator shares the collected personal data of the Customer with a selected provider acting on its behalf only when and to the extent necessary to fulfill the specific purpose of data processing in accordance with this privacy policy.
         5. providers of accounting, legal, and advisory services who support the Administrator with accounting, legal, or consultancy assistance (in particular, an accounting office, law firm, or debt collection agency) — the Administrator shares the collected personal data of the Customer with a selected provider acting on its behalf only when and to the extent necessary to fulfill the specific purpose of data processing in accordance with this privacy policy.
            
            
   5. PROFILING IN THE ONLINE STORE
      1. The GDPR Regulation imposes an obligation on the Administrator to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR Regulation, and – at least in such cases – to provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Taking this into account, the Administrator provides in this section of the privacy policy information regarding possible profiling.
      2. The Administrator may use profiling in the Online Store for the purposes of direct marketing; however, decisions made on this basis by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement, nor the ability to use Electronic Services in the Online Store. The result of using profiling in the Online Store may include, for example, granting a discount to a given person, sending them a discount code, reminding them of unfinished purchases, sending product suggestions that may match their interests or preferences, or offering better terms compared to the standard offer of the Online Store. Despite profiling, it is entirely up to the individual whether they wish to take advantage of the received discount or improved terms and proceed with a purchase in the Online Store.
      3. Profiling in the Online Store consists of the automated analysis or prediction of an individual’s behavior on the Online Store’s website — for example, by adding a specific Product to the shopping cart, viewing the page of a particular Product in the Online Store, or analyzing the individual's purchase history in the Online Store. Such profiling requires that the Administrator has access to the individual’s personal data in order to, for instance, send them a discount code.
      4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
         
         
   6. RIGHTS OF THE DATA SUBJECT
      1. Right of access, rectification, restriction, erasure or portability – the data subject has the right to request from the Administrator access to their personal data, its rectification, erasure (“right to be forgotten”), or restriction of processing, and has the right to object to the processing, as well as the right to data portability. Detailed conditions for the exercise of the above-mentioned rights are set out in Articles 15–21 of the GDPR Regulation.
      2. Right to withdraw consent at any time – if the data subject’s data is processed by the Administrator based on consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation), they have the right to withdraw their consent at any time, without affecting the lawfulness of the processing carried out on the basis of that consent before its withdrawal.
      3. Right to lodge a complaint with a supervisory authority – a data subject whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner, and under the procedure, specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
      4. Right to object – the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interest of the Administrator), including profiling based on those provisions. In such a case, the Administrator may no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
      5. Right to object to direct marketing – if personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
      6. To exercise the rights referred to in this section of the privacy policy, you may contact the Administrator by sending an appropriate message either in writing or by email to the address of the Administrator indicated at the beginning of this privacy policy, or by using the contact form available on the Online Store’s website.
         
         
   7. COOKIES IN THE ONLINE STORE, USAGE DATA, AND ANALYTICS
      1. Cookies are small text-based pieces of information in the form of text files, sent by a server and stored on the side of the person visiting the Online Store’s website (e.g., on the hard drive of a computer or laptop, or on a smartphone’s memory card – depending on the device used by the visitor to access our Online Store). Detailed information about cookies, as well as their origin and history, can be found for example here: http://pl.wikipedia.org/wiki/Ciasteczko.
      2. The Administrator may process data contained in Cookies during visitors’ use of the Online Store’s website for the following purposes:
         1. identifying Service Recipients as logged in to the Online Store and displaying that they are logged in;
         2. remembering Products added to the shopping cart for the purpose of placing an Order;
         3. remembering data entered into Order Forms, surveys, or login details for the Online Store;
         4. customizing the content of the Online Store’s website to the individual preferences of the Service Recipient (e.g., regarding colors, font size, page layout) and optimizing the use of the Online Store’s pages;
         5. conducting anonymous statistics presenting how the Online Store’s website is used;
         6. remarketing, i.e., studying the behavioral characteristics of visitors to the Online Store through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) in order to create their profile and deliver advertisements tailored to their predicted interests, including when they visit other websites within the advertising networks of Google Inc. and Facebook Ireland Ltd.;
      3. By default, most web browsers available on the market accept the storage of Cookies. Everyone has the ability to define the conditions for the use of Cookies through their individual browser settings. This means, for example, that it is possible to partially limit (e.g., temporarily) or completely disable the storage of Cookies — however, in the latter case, this may affect certain functionalities of the Online Store (for instance, it may become impossible to proceed through the Order path using the Order Form due to the failure to remember Products in the shopping cart during subsequent steps of placing an Order).
      4. The settings of the web browser regarding Cookies are important from the perspective of consent to the use of Cookies by our Online Store – in accordance with the regulations, such consent may also be expressed through the settings of the web browser. If such consent is not given, the browser settings for Cookies should be appropriately changed.
      5. Detailed information on how to change Cookie settings and how to delete them manually in the most popular web browsers is available in the browser’s help section and on the following websites (just click on the relevant link):
         • in the Chrome browse
         • in the Firefox browser
         • in the Internet Explorer browser
         • in the Opera browser
         • in the Safari browser
         • in the Microsoft Edge browser
      6. The Administrator may use Google Analytics and Universal Analytics services in the Online Store, provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). These services assist the Administrator in analyzing traffic within the Online Store. The data collected through these services is processed in an anonymized manner (so-called operational data that does not allow the identification of individuals) to generate statistics that help manage the Online Store. This data is aggregate and anonymous, meaning it does not contain identifying features (personal data) of individuals visiting the Online Store’s website. By using the above services in the Online Store, the Administrator collects data such as the sources and mediums through which visitors arrive at the Online Store, their behavior on the website, information about the devices and browsers they use to visit the site, IP address and domain, geographic data, as well as demographic data (age, gender) and interests.
      7. It is possible for an individual to easily block Google Analytics from collecting information about their activity on the Online Store’s website – to do so, they can install a browser add-on provided by Google Inc., available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
         
         
   8. FINAL PROVISIONS
      1. The Online Store may contain links to other websites. The Administrator encourages users to review the privacy policy applicable on those sites after navigating to them. This privacy policy applies only to the Administrator’s Online Store.