- SHOPBOARD LTD based in London – hereinafter referred to as Shopboard ltd.
- Customer – a Consumer or Entrepreneur who has placed or intends to place an order or uses other Shopboard ltd services .
- Consumer – a natural person who performs a legal act not directly related to his business or professional activity.
- Entrepreneur – a natural person, legal person or organizational unit, which the law grants legal capacity, undertaking activities for purposes directly related to its business or professional activity.
- Goods – a tangible movable item being the subject of the Sales Agreement or the right being the subject of the Sales Agreement.
- Service(s) – Order, License Order or Quotation Request, as well as other services provided by Shopboard ltd .
- Order – Customer’s declaration of will constituting an offer to conclude a Sales Agreement with Shopboard ltd , aiming directly at concluding a Distance Sales Agreement specifying the type and number of Goods being the subject of the Sales Agreement.
- Inquiry for an offer – submitted by the Customer via the form available on the website, inquiries for an offer specifying the Goods that are the subject of the inquiry, as well as the Customer’s data necessary for contact, indicated in the form or e-mail.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) data).
- User – means an entity for which, in accordance with the Regulations and the law, services may be provided electronically or with whom an Agreement for the provision of electronic services may be concluded.
2. Who is the administrator of personal data?
The administrator of your personal data in connection with the use of our services is SHOPBOARD LTD with its registered office in London, 85 Great Portland Street , London, United Kingdom, Company No. 12313387.
If you have any questions regarding the processing of your personal data and your rights, please contact us. Please direct your privacy inquiries to email@example.com .
3. What personal data do we process, for what purpose and on what legal basis?
Due to the fact that we provide various services to our clients, we process your personal data for various purposes, to a different extent and on a different legal basis specified in the GDPR. In order to provide the most transparent information, we have grouped this information, referring to the purpose of processing your personal data.
3.1. Services that do not require creating an Account
Types of services. We process your personal data in order to provide services that do not require creating an Account, such as: a. sending e-mails with marketing and commercial information, b. ad display.
Scope of data: For this purpose, we process personal data regarding your activity, i.e. data regarding the products viewed and other subpages, as well as data regarding the session, your device and operating system, browser, location and unique ID.
Legal basis: Consent (Article 6(1)(A) of the GDPR) to send e-mails with marketing and commercial information and our legitimate interest (Article 6(1)(F) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
3.2. Statistics on the use of individual website functionalities, facilitating the use of the website and ensuring the website’s IT security
Scope of data: For these purposes, we process personal data regarding your activity on the website, such as: visited pages and subpages and the amount of time spent on each of them as well as data about your search history, your IP address, location, device ID, and data about your browser and operating system. Legal basis: Our legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
3.3. Determination, investigation and enforcement of claims
Scope of data: For this purpose, we may process some of your personal data provided in the Account, such as: name, surname, address of residence, data on the use of our services, if the claims result from the way you use our services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis: The contract concluded between the parties (Article 6 (1) (b) and our legitimate interest (Article 6 (1) (f) GDPR), consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
3.4. Consideration of complaints and requests, answers to questions
Scope of data: For this purpose, we may process some of your personal data provided in the Account, as well as data on the use of our services, which are the cause of the complaint or request, data contained in the documents attached to the complaint or request. Basis legal: Our legitimate interest (Article 6(1)(f) of the GDPR), consisting in improving the functionality of services provided electronically and in building positive relationships with the Customer, based on reliability and loyalty.
3.5. Customer satisfaction survey
Data scope: For this purpose, we process your personal data, including data necessary to complete the order, as well as your answers to the questions we have prepared, contained in surveys and forms used for satisfaction surveys. Legal basis: Our legitimate interest (Article 6(1)(f) of the GDPR), consisting in improving the functionality of services provided electronically and assessing satisfaction with the services we provide.
4. Marketing of our products and services and our clients Scope of data: For this purpose, we process your personal data provided when subscribing to the newsletter list, registered and stored via cookies . Activity data concerns in particular such data as: search history, clicks on the website, visits to main pages and their subpages, dates of visit, data on the use of specific functionalities on the website, history and activity related to our e-mail communication.
Legal basis: Consent (Article 6(1)(a) of the GDPR) to send e-mails with marketing and commercial information and our legitimate interest (Article 6(1)(f) of the GDPR), consisting in the marketing of our products and services and products and services.
Balance of interests: After weighing our interest and your interests, rights and freedoms, we decided that marketing combined with profiling will not interfere excessively with your privacy or be an excessive nuisance. When weighing interests, rights and freedoms, we took into account the following circumstances: a. you have expressed your wish to receive marketing communications to the e-mail address provided, and therefore we have considered that you can reasonably expect us to send you such communications, b. we respect your will and facilitate the implementation of your rights. For this purpose, we provide the ability to easily withdraw consent to receive e-mails from the Account settings or from the browser settings.
5. Who do we share your personal data with?
Our databases are protected from access by third parties. The data collected during registration or purchase are used for the proper execution of orders, as well as for tracking the status of the order and making changes to it at the Customer’s request before it is sent. In order to perform the contract, Shopboard may share the data collected from you with entities such as:
5.1. Service providers
Your personal data is transferred to service providers that we use to run the website. Service providers to whom we transfer your personal data, depending on contractual arrangements and circumstances, or are subject to our instructions as to the purposes and methods of data processing (processors) or independently determine the purposes and methods of their processing (administrators). The list of suppliers whose services we use can be found in the tab: ovh.pl. The list is updated on an ongoing basis. Processing entities: We use suppliers who process your personal data only on our instructions. They provide us with a cloud computing hosting service, provide us with systems for online marketing, for displaying web push notifications , for sending e-mails, for analyzing website traffic, for analyzing the effectiveness of marketing campaigns, as well as supporting the implementation of specific Account functionalities.
Administrators: We use suppliers who do not act solely on our instructions and will set the purposes and methods of using your personal data on their own. They provide us with remarketing campaign services and conduct statistical research.
Location. Our suppliers are mainly based in Poland and other countries of the European Economic Area (EEA). Some of our suppliers are based outside the EEA. In connection with the transfer of your data outside the EEA, we have made sure that our suppliers guarantee a high level of personal data protection. These guarantees result in particular from the obligation to use standard contractual clauses adopted by the Commission (EU) or participation in the „Privacy Shield” program established by Commission Implementing Decision (EU) 2016/1250 of July 12, 2016 on the adequacy of protection provided by by the EU-US Privacy Shield.
5.2. State authorities
Your personal data may be made available to authorized state authorities.
6. How long do we store your personal data?
Your personal data is stored for the period from the moment of consent until its withdrawal and for the duration of the contract, and then for the period required by law or necessary to implement the legitimate interests of the personal data administrator. After withdrawing the consents, the data will be anonymized, except for the data necessary to implement the legitimate interests of the administrator. We store
Personal data collected using forms on the website are processed in the scope of the implementation of a given inquiry and are deleted after the completion of the inquiry, if the inquiry does not require further processing. Personal data collected using the newsletter functionality on the website are stored and processed only in the scope of implementation functionality of the newsletter and at any time the user may request the discontinuation of the processing of his data in this respect (removal from the newsletter address list ), in the same way as he was subscribed to it on the basis of the consent given by the user.
In case of any doubts as to the scope of processing the user’s personal data, the user may contact directly the person responsible for the security of personal data processing at the e-mail address firstname.lastname@example.org .
7. What rights do you have in connection with the processing of personal data?
We ensure the implementation of your rights indicated below by contacting us via the e-mail address email@example.com .
7.1. The right to withdraw the consent granted
Pursuant to art. 7 sec. 3 of the GDPR, you have the right to withdraw any consent that was given when completing the contact form or the newsletter list , as well as when using individual services and functionalities offered on the website. Withdrawal of consent is effective from the moment of consent withdrawal, does not affect the processing carried out by us in accordance with the law before its withdrawal and does not involve any negative consequences for you. However, it may prevent you from continuing to use services or functionalities that we can legally provide only with your consent.
7.2. Right to object to the use of data
Pursuant to Art. 21 of the GDPR, you have the right to object to the use of personal data if we process it based on our legitimate interest, e.g. in connection with keeping statistics on the use of individual website functionalities and facilitating the use of the website, as well as satisfaction surveys. If your objection turns out to be justified and we have no other legal basis for processing personal data, we will delete the data to which you objected.
7.3. The right to delete data („the right to be forgotten”)
Pursuant to art. 17 GDPR, you have the right to request the deletion of all or some of your personal data. We will treat the request to delete all personal data as a request to delete the Account. You have the right to request the removal of personal data when: a. a specific consent has been withdrawn, to the extent that personal data was processed on the basis of consent; b. the personal data are no longer necessary for the purposes for which they were collected or processed; c. an objection to the use of data for marketing purposes has been raised;
d. an objection has been raised against the use of data for the purpose of keeping statistics on the use of the website and satisfaction surveys, and the objection was considered justified;
e. personal data is processed unlawfully. Despite the request to delete personal data, in connection with raising an objection or withdrawing consent, we may retain certain personal data to the extent necessary for the purposes of establishing, pursuing or defending claims. This applies in particular to personal data including: name, surname, e-mail address and purchase history, which we retain for the purpose of handling complaints and claims related to the execution of orders.
7.4. The right to limit data processing
Pursuant to art. 18 of the GDPR, you have the right to request the restriction of the processing of personal data. In a situation where such a request is submitted, until it is considered, you will not be able to use certain functionalities or services that were related to the processing of data covered by the request. We will also not send you any messages, including marketing ones. You have the right to request the restriction of the use of personal data when: a. the correctness of personal data has been questioned – the use of this data will be limited for the time needed to verify their correctness, but no longer than for 7 days; b. the processing of this data is unlawful, and instead of deleting the data, a request to limit their use has been received; c. personal data are no longer necessary for the purposes for which they were collected or used, but you need them to establish, pursue or defend claims; d. an objection to the use of this data has been raised – then the restriction takes place for the time necessary to verify whether the protection of your interests, rights and freedoms outweighs the interests that we pursue by processing these personal data.
7.5. Right of access to data
Pursuant to art. 15 of the GDPR, you have the right to obtain from us confirmation of the processing of personal data. In a situation where these data are actually processed, you have the right to: a. access your personal data; b. obtain information about the purposes of processing, categories of personal data being processed, about the recipients or categories of recipients of this data, the planned period of data storage or the criteria for determining this period, about the rights under the GDPR and the right to lodge a complaint with the supervisory body, about the source of this data, on automated decision-making, including profiling, and on the safeguards applied in connection with the transfer of such data outside the European Union; c. obtain a copy of your personal data. If you wish to exercise the right to access data, please contact the Personal Data Administrator referred to in point 2.
7.6. The right to rectify data
Pursuant to art. 16 of the GDPR, you have the right to request rectification of the personal data provided by you (if they are incorrect) and to supplement them (if they are incomplete).
7.7. The right to transfer data
Pursuant to art. 20 of the GDPR, you have the right to receive the personal data provided by you and then send it to another personal data administrator of your choice. You can also request that we send your personal data directly to another administrator, if it is technically possible. We will send your personal data in the form of a csv file . The csv format is a commonly used, machine-readable format that allows you to send the received data to another personal data controller.
7.8. When do we meet your request?
If you request us to exercise the above-mentioned rights, we comply with this request or refuse to comply with it without undue delay, but no later than within 30 days after receiving it. If necessary, this period can be extended by another two months due to the complexity of the request or the number of requests. For technical reasons, we always need 48 hours to update the settings selected by the User in our systems. Therefore, it may happen that during the system update, you will receive an e-mail from us that you have opted out of.
7.9. Submitting complaints, inquiries and requests
You can submit complaints, inquiries and requests to us regarding the processing of personal data and the exercise of your rights. If you believe that the right to the protection of personal data or other rights granted under the GDPR have been violated, you have the right to lodge a complaints to the Inspector General for Personal Data Protection (in the future, the President of the Office for Personal Data Protection).
8. How do we ensure the security of your personal data?
We make every effort to ensure the security of your personal data. The websites use encrypted data transmission (SSL) when sending data in forms embedded on the website, which ensures the protection of Users’ identification data and significantly hinders data interception by unauthorized systems or persons. Personal data stored in the database will be safely stored until the consent to the processing of personal data in order to receive technical and marketing information is withdrawn – then it will be deleted.