PRIVACY POLICY OF EASYKLIMA.COM

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. GROUNDS FOR DATA PROCESSING
  3. PURPOSE, BASIS AND DURATION OF PROCESSING ON THE WEBSITE
  4. DATA RECIPIENTS ON THE WEBSITE
  5. PROFILING ON THE WEBSITE
  6. RIGHTS OF THE DATA SUBJECT
  7. WEBSITE COOKIES AND ANALYTICS
  8. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. This Website privacy policy is for information purposes only, which means that it does not create any obligations for the Service recipients or Customers of the Website. The Privacy policy primarily contains rules concerning the processing of personal data by the Controller on the Website, including the grounds, purposes and duration of personal data processing and the rights of data subjects, as well as information on the use of cookies and analytical tools on the Website.

1.2. The Controller of personal data collected via the Website is Ishtar Limited Incorporation No: 114897, REID Number:GICO.114897-36, TIN: 667257 April 30 2021, 28 IRISH TOWN GIBRALTAR GX11 1AA, NIP: 5263528190,VAT: PL5263528190; Share capital GPB 100,00 , e-mail address: info@easyklima.com – hereinafter referred to as the “Controller” and being simultaneously the Website Service provider and the Seller.

1.5. The Controller shall take particular care to protect the interests of the data subjects and in particular shall be responsible and ensures that the data collected by it is: (1) processed lawfully; (2) collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes; (3) substantially accurate and adequate in relation to the purposes for which it is processed; (4) kept in a form that allows for identification of data subjects for no longer than is necessary to achieve the purpose of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organisational measures.

1.6. Having regard to the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Controller shall implement appropriate technical and organisational measures to ensure that the processing is carried out in accordance with this regulation and to be able to demonstrate it. These measures shall be reviewed and updated as necessary. The Controller shall apply technical measures to prevent unauthorised persons from acquiring and modifying personal data sent electronically.

1.7. All words, phrases and acronyms appearing in this Privacy policy and beginning with a capital letter (e.g. Seller, Website, Electronic service) shall be understood in accordance with their definition contained in the Terms and Conditions of the Website available on the Website.

2. GROUNDS FOR DATA PROCESSING

2.2. Processing of personal data by the Controller shall each time require the existence of at least one of the grounds indicated under point 2.1 of the Privacy policy. Specific grounds for processing the personal data of the Service recipients and Customers of the Website by the Controller are indicated in the next point of the Privacy policy – with reference to a given purpose of personal data processing by the Controller.

3. PURPOSE, BASIS AND DURATION OF PROCESSING ON THE WEBSITE

3.1. In each case, the purpose, basis and duration and recipients of the personal data processed by the Controller result from the activities undertaken by the respective Service recipient or Customer on the Website or by the Controller.

3.2. The Controller may process personal data within the Website for the following purposes, on the grounds and for the periods indicated in the table below:

Purpose of data processingLegal basis for processingPeriod of data retention
Performance of a Sales agreement or an agreement for the provision of the Electronic service, or taking action at the request of the data subject prior to entering into the above-mentioned agreementsArt. 6 para. 1 (b) of the GDPR Regulation (performance of an agreement) – processing is necessary for the performance of an agreement to which the data subject is party or in order to take steps at the request of the data subject prior to entering into an agreement  The data shall be stored for the period necessary for the performance, termination or other expiration of the concluded Sales agreement or Electronic service agreement.
Direct marketingArt. 6 para. 1 (f) of the GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from the Controller’s legitimate interests, consisting in taking care of the Controller’s interests and good image, its Website and striving to sell the Products  The data shall be stored for the period of existence of the legally justified interest pursued by the Controller, however, no longer than for the period of the statute of limitations of the Controller’s claims against the data subject on account of the Controller’s economic activity. The period of limitation shall be determined by the provisions of law, in particular the Civil Code (the basic period of limitation for claims related to the conduct of business activities is three years, and for the Sales agreement – two years). The Controller may not process the data for direct marketing purposes in the event of an effective objection by the data subject.
MarketingArt. 6 para. 1 (a) of the GDPR Regulation (consent) – the data subject has given consent to the processing of his/her personal data for marketing purposes by the Controller  The data shall be stored until the data subject withdraws the consent to further processing for this purpose.
Customer’s opinion on the concluded Sales agreementArt. 6 para. 1 (a) of the GDPR Regulation – the data subject has consented to the processing of the personal data for the purpose of expressing an opinion  The data shall be stored until the data subject withdraws the consent to further processing for this purpose.
BookkeepingArt. 6 para. 1 (c) of the GDPR Regulation in conjunction with art. 74 para. 2 of the Accounting act of 30 January 2018. (Journal of Laws 2018, item 395 as amended) – processing is necessary for compliance with a legal obligation to which the Controller is subject  The data is kept for the period required by the law requiring the Controller to keep accounts (5 years, counting from the beginning of the year following the financial year to which the data refers).
Determining, pursuing or defending claims which the Controller may assert or which may be asserted against the ControllerArt. 6 para. 1 (f) of the GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from the Controller’s legitimate interests, consisting in establishing, pursuing or defending claims, which may be raised by the Controller or which may be raised against the Controller  The data shall be stored for the period of existence of the legally justified interest pursued by the Controller, however no longer than for the period of limitation of claims that may be raised against the Controller (the basic limitation period for claims against the Controller is six years).
Using the Website and ensuring its proper functioningArt. 6 para. 1 (f) of the GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from the Controller’s legitimate interests, consisting in running and maintaining the WebsiteThe data shall be stored for the period of existence of the legally justified interest pursued by the Controller, however, no longer than for the period of the statute of limitations of the Controller’s claims against the data subject on account of the Controller’s economic activity. The period of limitation shall be determined by the provisions of law, in particular the Civil Code (the basic period of limitation for claims related to the conduct of business activities is three years, and for the Sales agreement – two years).
Keeping statistics and Website traffic analysesArt. 6 para. 1 (f) of the GDPR Regulation (legitimate interest of the Controller) – processing is necessary for the purposes resulting from the Controller’s legitimate interests, consisting in statistics and analysis of traffic on the Website in order to improve the functioning of the Website and increase sales of the ProductsThe data shall be stored for the period of existence of the legally justified interest pursued by the Controller, however, no longer than for the period of the statute of limitations of the Controller’s claims against the data subject on account of the Controller’s economic activity. The period of limitation shall be determined by the provisions of law, in particular the Civil Code (the basic period of limitation for claims related to the conduct of business activities is three years, and for the Sales agreement – two years).

4. DATA RECIPIENTS ON THE WEBSITE

4.1. For proper functioning of the Website, including performance of the concluded Sales agreements, it is necessary for the Controller to use services of external entities (such as e.g. software provider, courier or payment processor). The Controller shall only use the services of sub-processors who provide sufficient guarantees of implementing adequate technical and organisational measures for the processing to meet the requirements of the GDPR Regulation and to protect the rights of data subjects.

4.2. Personal data may be transferred by the Controller to a third country, whereby the Controller ensures that, in such a case, this will be done in relation to a country ensuring an adequate level of protection – in accordance with the GDPR Regulation and, in the case of other countries, that the transfer will take place on the basis of standard data protection clauses. The Controller shall ensure that the data subject is able to obtain a copy of his/her data. The Controller shall transfer the personal data collected only if and to the extent necessary for the fulfilment of the given purpose of the processing in accordance with this Privacy policy.

4.3. Transfer of data by the Controller does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy policy – the Controller transfers the data only if it is necessary for the implementation of a given purpose of personal data processing and only to the extent necessary for such implementation.

4.4. The personal data of the Service recipients and Customers of the Website may be transferred to the following recipients or categories of recipients:

  • carriers – in the case of the Customer who uses the courier for Product delivery under the Website, the Controller shall make the collected personal data of the Customer available to the selected courier, executing the shipment on the order of the Controller to the extent necessary to carry out the delivery of the Product to the Customer.
  • entities processing electronic or credit card payments – in the case of the Customer who uses the electronic or credit card payment method under the Website, the Controller shall make the collected personal data of the Customer available to a selected entity processing the aforementioned payments under the Website at the request of the Controller to the extent necessary to handle the payment made by the Customer.
  • crediting entities – in the case of the Customer who uses the payment in instalments under the Website, the Controller shall make the collected personal data of the Customer available to a selected entity processing the aforementioned payments under the Website at the request of the Controller to the extent necessary to handle the payment made by the Customer.
  • opinion poll system provider – in the case of the Customer who agreed to express an opinion on the Sales agreement concluded, the Controller makes the collected personal data of the Customer available to a selected entity providing a system of opinion polls on the Sales agreements concluded under the Website at the request of the Controller to the extent necessary to express an opinion by the Customer with the help of the opinion poll system.
  • service providers supplying the Controller with technical, IT and organisational solutions enabling the Controller to run its business, including the Website and the Electronic services provided by means of it (in particular, providers of computer software for running the Website, e-mail and hosting providers, and providers of business management and technical support software for the Controller) – the Controller shall make the collected personal data of the Customer available to the chosen provider acting on its behalf only in the case and to the extent necessary for the performance of the given purpose of data processing in accordance with this Privacy policy.
  • providers of accounting, legal and advisory services providing the Controller with accounting, legal or advisory support (in particular an accounting office, a law firm or a debt collection agency) – the Controller shall make the collected personal data of the Customer available to the selected provider acting on its behalf only in the case and to the extent necessary to carry out the given purpose of data processing in accordance with this Privacy policy.
  • (e.g. logging in with social network credentials) and to transfer the personal data of the visitor to these providers for this purpose, including:
    • Facebook Ireland Ltd. – the Controller uses Facebook social plug-ins on the Website (e.g. button Like, button Share or logging in with Facebook credentials) and therefore collects and discloses the personal data of the Customer using the Website to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and in accordance with the Privacy policy available at: https://www.facebook.com/about/privacy/ (this data includes information about your activities on the Website, including information about your device, the sites you visit, your purchases, the ads you see, and how you use the services – regardless of whether you have a Facebook account and are logged into Facebook).

5. PROFILING ON THE WEBSITE

5.1. The GDPR Regulation imposes an obligation on the Controller to inform about automated decision-making, including profiling as referred to in art. 22 para. 1 and 4 of the GDPR Regulation, and, at least in these cases, relevant information on the modalities of such decision-making, as well as on the significance and the expected consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling in this point of the Privacy policy.

5.2. The Controller may use profiling on the Website for direct marketing purposes, but decisions made on its basis by the Controller do not concern concluding or refusing to conclude the Sales agreement or the possibility of using the Electronic services on the Website. The use of profiling on the Website may result, for example, in a person being given a discount, being sent a discount code, being reminded of unfinished purchases, being offered a Product that may match his/her interests or preferences, or being offered better terms compared to the Website’s standard offer. Despite the profiling, it is the individual who freely decides whether he/she wishes to take advantage of the discount received in this way or better conditions and make a purchase on the Website.

5.3. Profiling on the Website consists in automatic analysis or prediction of a given person’s behaviour on the Website, e.g. by adding a particular Product to the shopping cart, browsing a particular Product page on the Website or by analysing the history of purchases made on the Website to date. The condition for such profiling is that the Controller possesses the personal data of the person in question in order to be able to send him/her a discount code, for example.

6. RIGHTS OF THE DATA SUBJECT

6.1. Right to access, rectify, restrict the processing, delete or transfer – the data subject has the right to request from the Controller access to his/her personal data, rectify it, delete it (“right to be forgotten”) or restrict its processing, the right to object to processing and to transfer the data. The detailed conditions for exercising the rights indicated above are indicated in art. 15-21 of the GDPR Regulation.

6.3. Right to lodge a complaint to the supervisory body – the data subject whose data is processed by the Controller has the right to lodge a complaint to the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.

6.4. Right to object – the data subject shall have the right to object at any time, on grounds relating to his/her particular situation, to the processing of personal data concerning him/her based on art. 6 para. 1 (e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under these provisions. The Controller shall in that case no longer be permitted to process such personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.

6.6. In order to exercise the rights referred to in this point of the Privacy policy, one can contact the Controller by sending a relevant message in writing or by e-mail to the Controller’s address indicated at the beginning of the Privacy policy or by using the contact form available on the Website.

7. WEBSITE COOKIES AND ANALYTICS

7.2. Cookies that may be sent by the Website can be divided into different types, according to the following criteria:

According to the supplier: own (created by the Controller’s Website) and belonging to third parties (other than the Controller)According to the storage period on the device of the visitor accessing the Website: session (stored until you log out of the Website or close your web browser) and permanent (stored for a specific period defined by the parameters of each file or until manually deleted)According to the purpose of their use: essential (to enable the proper functioning of the Website), functional/preferential (enabling the Website to adapt to the visitor’s preferences), analytical and performance (gathering information about how the Website is used),marketing, advertising and social network (collecting information about a visitor to the Website in order to display advertisements to that person, personalise them, measure effectiveness and conduct other marketing activities, including on websites other than the Website, such as social networking sites or other sites belonging to the same advertising networks as the Website)

7.3. The Controller may process the data contained in Cookies when visitors use the Website for the following specific purposes:

Purposes of cookies on the Controller’s Websiteidentifying the Service recipients as logged in to the Website and showing that they are logged in (essential cookies)
remembering the Products added to the basket in order to place the Order (essential Cookies)
storing data from completed Order forms, surveys or login data to the Website (essential and/or functional/preferential cookies)
adjusting the content of the Website to the individual preferences of the Service recipient (e.g. as regards colours, font size, page layout) and optimising the use of the Website’s pages (functional/preference cookies)
keeping anonymous statistics showing how the Website is used (analytical and performance cookies)
displaying and rendering advertisements, limiting the number of times advertisements are displayed and ignoring advertisements which the Service recipient does not wish to see, measuring the effectiveness of advertisements and personalising them, i.e. studying the behavioural characteristics of visitors to the Website by analysing their actions anonymously (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and to deliver advertisements to them tailored to their anticipated interests, also when they visit other websites on the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social network cookies)
Chrome:
(1) in the address bar, click on the lock icon on the left, (2) go to the “Cookies” tab.
Firefox:
(1) in the address bar, click on the shield icon on the left, (2) go to the “Allowed” or “Blocked” tab, (3) click “Cross-site tracking cookies”, “Social media trackers” or “Tracking content”
Internet Explorer:
(1) click the “Tools” menu, (2) go to the “Internet options” tab, (3) go to the “General” tab, (4) go to the “Settings” tab, (5) click the “View Files” box
Opera:
(1) in the address bar, click on the lock icon on the left, (2) go to the “Cookies” tab.
Safari:
(1) click on the “Preferences” menu, (2) go to the “Privacy” tab, (3) click on the “Manage website data” box
Irrespective of the browser, using the tools available, for example, at: https://www.cookiemetrix.com/ or:  https://www.cookie-checker.com/

7.5. By default, most web browsers accept the storage of Cookies. You can determine the conditions for the use of Cookies through the settings of your browser. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable Cookies storing – in the latter case, however, this may affect some functionalities of the Website (for example, it may not be possible to follow the Order placing sequence through the Order form due to failure to remember the Products in the shopping cart during subsequent steps).

7.7. The Controller may use Universal Analytics services on the Website provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller keep statistics and analyse traffic on the Website. The data collected is processed as part of the above services to generate statistics to help administer the Website and analyse Website traffic. This data is aggregated. When using the above services on the Website, the Controller collects such data as the source and medium of acquisition of visitors to the Website and their behaviour on the Website, information about the devices and browsers used to access the Website, IP and domain, geographical data and demographic data (age, gender) and interests.

7.8. It is possible for the person concerned to easily block the provision of information to Google Analytics about his/her activities on the Website – for this purpose, you can, for example, install a browser add-on provided by Google Ireland Ltd. available at: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9.          In connection with the Controller’s use of advertising and analytical services provided by Google Ireland Ltd. on the Website, the Controller points out that full information on the principles of processing of data of Website visitors (including information saved in Cookies) by Google Ireland Ltd. can be found in the Google Privacy policy available at: https://policies.google.com/technologies/partner-sites.

7.10. The Controller may use on the Website the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller measure the effectiveness of advertisements and analyse what actions visitors to the Website undertake, and display advertisements tailored to those individuals. You can find detailed information on how the Facebook Pixel works at: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.11. You can manage the operation of the Facebook Pixel via the ad settings in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS