https://surfpoint.pl.

Formal information at the beginning – the administrator of the website and the shop is SurfPoint Spółka z ograniczoną odpowiedzialnością, Orkana 8c/46, 40-553 Katowice, NIP: 6342975162, REGON:385864601,

In case of any doubts related to privacy policy, you can contact us at any time by sending an email to info@surfpoint.pl

Short version – the most important information

We care about your privacy, but we also care about your time. That is why we have prepared an abridged version of the most important privacy-related rules for you.

1. By creating a user account, placing an order, submitting a complaint, withdrawing from a contract, subscribing to our newsletter, adding a comment or simply contacting us, you are providing us with your personal data and we guarantee that your data will remain confidential, secure and will not be made available to any third parties without your express consent.
2. We only entrust the processing of personal data to vetted and trusted personal data service providers.
3. We use Google Analytics analytical tools that collect information about your visits to the website, such as the sub-pages you have viewed, the time you have spent on the website or transitions between different sub-pages. Google LLC’s Google Analytics cookies are used for this purpose.
4. We use the analytics tool HotJar to track your behaviour within our pages. Cookies from Hotjar Limited are used for this purpose. As part of your cookie settings, you can decide whether or not you consent to the use of such cookies in your case.
5. We use marketing tools, such as the Facebook Pixel, to target you with personalised advertising on Facebook. This involves the use of cookies from Facebook. As part of your cookie settings, you can decide whether or not you consent to our use of the Facebook Pixel in your case.
6. We provide you with the possibility to chat with you via LiveChat.
7. We provide you with the possibility to use social features, such as sharing content on social networks and subscribing to your social profile. The use of these functions may involve the use of cookies of social network administrators such as Facebook, Instagram, YouTube, Twitter, Google , LinkedIN.
8. We embed videos from YouTube and Vimeo. Cookies from Google LLC for the YouTube service and cookies from Vimeo Inc. are used for this purpose. The cookies are only loaded when the video is played.
9. We use our own cookies for the proper functioning of the website, in particular for the operation of your account, the ordering process.

If the above information is not sufficient for you, you will find further details below.

Personal data

The administrator of your personal data within the meaning of data protection regulations is SurfPoint Limited Liability Company, Orkana 8c/46, 40-553 Katowice, NIP: 6342975162, REGON:385864601,

The purposes, legal basis and duration of personal data processing are indicated separately for each purpose of data processing (see description of individual purposes of personal data processing below).

Entitlements. The RODO grants you the following potential rights in relation to the processing of your personal data:

• the right of access to your personal data,
• the right to rectification of your personal data,
• the right to erasure of personal data,
• the right to restrict the processing of your personal data,
• the right to object to the processing of your personal data,
• the right to data portability,
• the right to lodge a complaint to a supervisory authority,
• the right to withdraw consent to the processing of personal data, if you have given such consent.

The rules related to the exercise of the indicated rights are described in detail in Articles 16 – 21 of the RODO. We encourage you to familiarise yourself with these provisions. For our part, we deem it necessary to explain to you that the rights indicated above are not absolute and you will not be entitled to them in relation to all processing of your personal data. For your convenience, we have endeavoured to indicate the rights to which you are entitled in the context of the description of the various personal data processing operations.

We emphasise that one of the rights indicated above is always available to you – if you consider that we have committed an infringement of data protection regulations in the processing of your personal data, you have the possibility to lodge a complaint with the supervisory authority (the President of the Office for Personal Data Protection).

You can also always ask us to provide you with information about what data we hold about you and for what purposes we process it. All you need to do is send an email to info@surfpoint.pl. However, we have made every effort to ensure that the information of interest to you is comprehensively set out in this privacy policy. You can also use the e-mail address given above if you have any questions about the processing of your personal data.

Security. We guarantee you the confidentiality of any personal data you provide to us. We ensure that all security and data protection measures required by data protection legislation are taken. Personal data is collected with due care and is adequately protected against access by unauthorised persons.

Data recipients. Your data may be processed by our subcontractors, i.e. entities whose services we use to process your data and to provide you with services or to fulfil orders in the online shop.

1. dhosting.pl Sp. z o.o. Al. Jerozolimskie 98, 00-807 Warsaw – for data storage on the server,
2. Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA – in order to use Google services within the G-Suite,
3. IFIRMA S.A. Grabiszyńska 241 B, 53-234 Wrocław, Dolnośląskie – in order to be able to issue you a VAT invoice
   
4. Sapere Aude Barbara Bańbuła Accounting Office, 4 Sowińskiego Street, Katowice – in order to use accounting services provided by an external entity,
5. Dropbox Inc., 333 Brannan St, San Francisco, CA 94107, USA – in order to use the Dropbox service,
6. Smsapi – ComVision Sp. z o.o. 101 Toszecka St., 44-100 Gliwice – in order to be able to send you text messages
7. Mailchimp – The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000
   Atlanta, GA 30308 USA – in order to be able to send you an email
8. TjSoft Sp. z o.o. Panewnicka 343c/7 40-774 Katowice
   – in order to provide technical support for the website and shop
9. LiveChat – LiveChat Software S.A. Zwycięska 47, 53-033 Wrocław – for the purposes of using the chat room on the surfpoint.pl website

All entities to which we entrust the processing of personal data guarantee the application of appropriate measures for the protection and security of personal data required by law.

Some of the IT systems we use for data processing use servers located in the United States of America (USA). Accordingly, your personal data processed within these systems may be transferred to the USA only to the extent that it is stored on servers. The providers of the IT systems referred to above have subscribed to the Privacy Shield programme, thereby guaranteeing an adequate level of personal data protection as required by European law

Processing purposes and activities

User account. When creating a user account, you must provide the data necessary to set up your account, such as your e-mail address, name, address data, telephone number. The provision of data is voluntary, but necessary for the creation of the account. As part of editing your account data, you can provide further data.

The data provided to us in connection with the creation of an account, is processed for the purpose of setting up and maintaining the account on the basis of the contract for the provision of electronic services concluded through the registration of the account (Art. 6(1)(b) RODO).

The account data will be processed for the duration of the account. When you decide to delete your account, we will also delete the data contained in it. Please note, however, that the deletion of your account does not lead to the deletion of information about orders placed by you using your account.

You have the opportunity to rectify the data contained in your account at any time. You can also decide to delete your account at any time. You also have the right to data portability as referred to in Article 20 of the RODO.

Orders. When placing an order, you must provide the data necessary to process the order, such as your name, billing address, email address, telephone number. The provision of data is voluntary, but necessary to place an order.

The data you provide to us in connection with your order is processed for the purpose of processing your order (Article 6(1)(b) RODO), issuing an invoice (Article 6(1)(c) RODO), including the invoice in our accounting records (Article 6(1)(c) RODO) and for archiving and statistical purposes (Article 6(1)(f) RODO).

Order data will be processed for the time necessary to process the order and thereafter until the expiry of the limitation period for claims under the contract concluded. In addition, data may still be processed by us for statistical purposes after this period has expired. Please also note that we are obliged to store invoices with your personal data for a period of five years from the end of the fiscal year in which the tax liability arose.

In the case of order data, you do not have the opportunity to rectify this data once the order has been processed. You also cannot object to the processing of the data and request the deletion of the data until the expiry of the limitation period for contractual claims. Likewise, you cannot object to the processing of your data and request the deletion of your invoice data. After the expiry of the limitation period for contractual claims, you may object to our processing of your data for statistical purposes as well as request the deletion of your data from our database.

In relation to your order data, you also have the right to data portability as referred to in Article 20 RODO.

Newsletter. If you wish to subscribe to the newsletter, you must provide us with your e-mail address via the newsletter subscription form. The provision of data is voluntary, but necessary to subscribe to the newsletter.

The data provided to us when you sign up for the newsletter is used for the purpose of sending you the newsletter, and the legal basis for its processing is your consent (Article 6(1)(a) RODO) given when you sign up for the newsletter.

Your data will be processed for the duration of the newsletter, unless you unsubscribe earlier, which will result in your data being deleted from the database.

You can rectify your data stored in the newsletter database at any time, as well as request its deletion by unsubscribing from the newsletter. You also have the right to data portability as referred to in Article 20 RODO.

Complaints and withdrawal. If you make a complaint or withdraw from the contract, you provide us with the personal data contained in the content of the complaint or withdrawal statement, which includes your name, home address, telephone number, e-mail address, bank account number. The provision of data is voluntary, but necessary in order to lodge a complaint or withdraw from the contract.

The data provided to us in connection with making a complaint or withdrawing from the contract are used for the purpose of the complaint procedure or the withdrawal procedure (Article 6(1)(c) RODO).

The data will be processed for the time necessary to carry out the complaint procedure or the withdrawal procedure. Complaints and withdrawal statements may also be archived for statistical purposes.

In the case of data contained in complaints and withdrawal declarations, you do not have the opportunity to rectify this data. You may also not object to the processing of the data and request the deletion of the data until the period of limitation for contractual claims has expired. However, once the limitation period for contractual claims has expired, you may object to our processing of your data for statistical purposes as well as request the deletion of your data from our database.

Comments. If you wish to add a comment, you must fill in the form and provide your e-mail address and name. The data you provide is voluntary, but necessary to add a comment.

The data provided to us when you add a comment is used for the purpose of sending you the newsletter, and the legal basis for its processing is your consent (Article 6(1)(a) of the DPA) resulting from the addition of the comment.

Your data will be processed for the duration of the blog comments, unless you ask to delete your comment beforehand, which will remove your data from the database.

You can rectify your data assigned to your comment at any time, as well as request its deletion. You also have the right to data portability as referred to in Article 20 of the DPA.

Email contact. When you contact us by e-mail, including by submitting an enquiry via the contact form, you naturally provide us with your e-mail address as the sender address of the message. In addition, you may also include other personal data in the body of the message. The provision of data is voluntary, but necessary in order to make contact.

Your data is processed in this case for the purpose of contacting you, and the basis for processing is Article 6(1)(a) of the RODO, i.e. your consent resulting from initiating contact with us. The legal basis for post-contact processing is the legitimate purpose of archiving correspondence for internal purposes (Article 6(1)(c) RODO).

The content of correspondence may be subject to archiving and we are not in a position to determine unequivocally when it will be deleted. You have the right to request the history of any correspondence you have had with us (if it has been subject to archiving), as well as to request its deletion, unless its archiving is justified due to our overriding interests, e.g. defence against potential claims on your part.

Cookies and other tracking technologies

Our website and shop, like almost all other websites, uses cookies.

Cookies are small textual information stored on your terminal device (e.g. computer, tablet, smartphone) that can be read by our ICT system (our own cookies) or a third party’s ICT system (third party cookies).

Some of the cookies we use are deleted when your browser session ends, i.e. when you close your browser (so-called session cookies). Other cookies are stored on your terminal device and enable us to recognise your browser the next time you visit the website (persistent cookies).

More details can be found below.

Consent to cookies. During your first visit to the website, you are shown information on the use of cookies. Thanks to a special tool, you have the possibility to manage cookies from the site. Furthermore, you can always change the cookie settings from within your browser or delete cookies altogether. Browsers manage the cookie settings in different ways. You will find explanations on how to change your cookie settings in the help menu of your browser.

Please note that disabling or restricting cookies may cause difficulties in using our website, as well as many other websites that use cookies.

Proprietary cookies. We use our own cookies in order to ensure the correct functioning of the website, in particular the order process and logging into your account.

Third party cookies. Our website, like most modern websites, uses functions provided by third parties, which involves the use of cookies from third parties. The use of such cookies is described below.

Google Analytics. We use the Google Analytics tool provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We carry out activities in this regard based on our legitimate interest in creating statistics and analysing them in order to optimise our websites.

Google Analytics automatically collects information about your use of our website. The information collected in this way is mostly transmitted to a Google server in the United States and stored there.

Due to the IP address anonymisation activated by us, your IP address is truncated before being passed on. Only in exceptional cases is the full IP address transferred to a Google server in the United States and only shortened there. The anonymised IP address transmitted by your browser within the scope of Google Analytics is generally not combined with other Google data.

As Google LLC is based in the USA and uses a technical infrastructure located in the USA, it has joined the EU-US-Privacy Shield programme to ensure an adequate level of data protection as required by European legislation. As part of the agreement between the US and the European Commission, the latter has stated an adequate level of data protection for companies certified by Privacy Shield.

You can prevent the data collected by the cookies concerning your use of our website from being recorded by Google, as well as the processing of this data by Google, by installing the browser plug-in found at the following address: https://tools.google.com/dlpage/gaoptout.

As part of Google Analytics, we also collect demographic and interest data. As part of the cookie settings, you can decide directly from our website whether or not you consent to the collection of such data about you.

If you are interested in the details relating to data processing within Google Analytics, we encourage you to read the explanations provided by Google: https://support.google.com/analytics/answer/6004245.

Facebook Pixel. We use marketing tools available within Facebook and provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA. As part of these tools, we target advertising to you on Facebook. We carry out activities in this respect based on our legitimate interest in marketing our own products or services.

In order to target you with advertisements personalised to your behaviour on our website, we have implemented the Facebook Pixel within our pages, which automatically collects information about your use of our website in terms of the pages you view. The information collected in this way is usually transmitted to and stored on a Facebook server in the United States.

The information collected within the Facebook Pixel is anonymous, i.e. it does not allow us to identify you. We only know what actions you have taken within our website. However, we would like to inform you that Facebook may combine this information with other information about you collected through your use of Facebook and use it for its own purposes, including marketing. Such activities of Facebook are no longer dependent on us, and you can look for information about them directly in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. From your Facebook account, you can also manage your privacy settings.

As Facebook Inc. is based in the USA and uses a technical infrastructure located in the USA, it has joined the EU-US-Privacy Shield programme to ensure an adequate level of personal data protection as required by European legislation. As part of the agreement between the US and the European Commission, the latter has stated an adequate level of data protection for companies certified under Privacy Shield.

Within the cookie settings accessible from our website, you can decide whether or not you consent to our use of Facebook Pixel in your case.

Hotjar. We use the Hotjar tool provided by Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. With the help of Hotjar, we analyse your behaviour on our websites, such as the time you spend on particular pages, the buttons you click on, the links you use, etc. We do this in order to optimise our websites for your user experience. We carry out activities in this respect based on our legitimate interest in optimising our websites.

Hotjar uses cookies and other technologies to collect information about your behaviour on the website and the devices used to use the website, such as your IP number (anonymised), screen size, browser information, location, language. Hotjar stores this information as part of a psedononymised profile. Neither Hotjar nor we will ever use this information to identify you. You can find more information in Hotjar’s privacy policy: https://www.hotjar.com/legal/policies/privacy.

You can object to Hotjar creating your anonymised profile and storing information about you by going to this page: https://www.hotjar.com/legal/compliance/opt-out. Furthermore, within the cookie settings from our website you can decide whether or not we will be able to use Hotjar in your case.

Social media tools. Our websites use plugins and other social tools provided by social networks such as Facebook, Twitter, Instagram, Google, LinkedIN.

When displaying our website containing such a plug-in, your browser will establish a direct connection to the servers of the social network administrators (service providers). The content of the plug-in is transmitted by the respective service provider directly to your browser and integrated into the website. Through this integration, service providers receive information that your browser has viewed our website, even if you do not have a profile with the respective service provider or are not currently logged in with them. This information (along with your IP address) is sent by your browser directly to the provider’s server (some servers are located in the USA) and stored there.

If you are logged in to one of the social networks, this service provider will be able to directly associate your visit to our website with your profile on the respective social network.

If you use the respective plug-in, e.g. by clicking on the “Like” or “Share” button, the corresponding information will also be transmitted directly to the server of the respective service provider and stored there.

Furthermore, this information will be published on the respective social network and will appear to the persons added as your contacts. The purpose and scope of data collection and their further processing and use by the service providers, as well as the possibility to contact you and your rights in this respect and the possibility to make settings to ensure your privacy are described in the privacy policies of the respective service providers.

• Facebook – https://www.facebook.com/legal/FB_Work_Privacy,
• Instagram – https://help.instagram.com/519522125107875?helpref=page_content,
• Twitter – https://twitter.com/en/privacy,
• Google – https://policies.google.com/privacy?hl=pl,
• LinkedIN – https://www.linkedin.com/legal/privacy-policy.

If you do not want the social networks to attribute the data collected during your visit to our website directly to your profile on the respective service, then you must log out of that service before visiting our website. You can also prevent plug-ins from loading on the website altogether by using the appropriate extensions for your browser, such as script blocking.

Video. We embed videos from YouTube and Vimeo on the website. Cookies from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA for the YouTube service and cookies from Vimeo Inc. are used for this purpose. The cookies are only loaded when the video is played. If you do not agree to their loading, please refrain from playing the video

When you play back a video, Google or Vimeo will receive information about this, even if you do not have a profile with the respective service provider or are not currently logged in with them. This information (including your IP address) is sent by your browser directly to the server of the relevant service provider (some servers are located in the USA) and stored there.

If you have logged into Google or Vimeo, this service provider will be able to directly associate the video playback on our website with your profile on the respective social network. The purpose and scope of data collection and its further processing and use by the service providers, as well as the possibility of contacting us and your rights in this respect and the possibility of making settings to ensure your privacy are described in the privacy policies of the respective service providers.

If you do not want Google or Vimeo to attribute the data collected during video playback on our website directly to your profile on the respective service, you must log out of this service before visiting our website. You can also prevent the loading of plug-ins on the website altogether by using appropriate extensions for your browser, such as script blocking.

We encourage you to read the details of the privacy policies of Google(https://policies.google.com/privacy) and Vimeo(https://vimeo.com/privacy).

Server logs

Using the website involves sending requests to the server where the website is stored. Each request made to the server is recorded in the server logs.

The logs include, among other things, your IP address, the date and time of the server, information about your browser and the operating system you are using. The logs are saved and stored on the server.

The data stored in the server logs are not associated with specific users of the website and are not used by us to identify you.

The server logs are only ancillary material for the administration of the site, and their contents are not disclosed to anyone other than those authorised to administer the server.