Language and currency:
en |
Country of collecting the order:
Poland
0,00 zł

Polityka prywatności

WEBSITE PRIVACY POLICY
WWW.SECRETPLACE.PL
Dear Sir or Madam,
Below we present information describing the principles of processing personal data obtained in connection with the use of our website https://secretplace.pl/, hereinafter referred to as the "Website."
I. BASIC INFORMATION
1. The controller of personal data collected via the Website is:
PLAYROOM FRÖHLICH, STRZELECKI SPÓŁKA JAWNA
00-850 Warsaw, ul. Prosta 2/14
NIP: 5272898555, REGON: 383865269, KRS: 0000793462
2. You can contact the Administrator by email: sklep@secretplace.pl or by phone: +48 501 93 33 32 (opening hours: 12:00 PM to 9:00 PM).
3. Each entity using the Website is its "User."
4. The personal data of Website Users are processed by the Administrator in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as the "GDPR." 5. You can contact the Data Protection Supervisor by email: iod@playroom.com.pl.
6. To exercise your data subject rights, please contact us at the Administrator's email address indicated above or the Data Protection Supervisor's email address.
7. We guarantee the confidentiality of all personal data provided to us. We use appropriate technical and organizational security measures to ensure that your data is adequately protected against unauthorized access.
II. PERSONAL DATA PROCESSING
1. User Account
When registering an Account, the User provides the personal data required to create an account, i.e., first name, last name, and email address. This data is processed by the Administrator under a contract for the provision of electronic services (Article 6, paragraph 1, letter b of the GDPR) for the purpose of creating and maintaining the account.
The User may provide other personal data, such as their address and telephone number, which may later be used to fulfill the order. Providing this data during registration is optional.
Personal data relating to the User's account will be processed for the duration of the account's validity. However, after its deletion, order data will be further processed in accordance with applicable regulations.
The User has the right to access their personal data contained in the account, rectify it, request restriction of processing, and request deletion of the account. The User also has the right to data portability in accordance with Article 20 of the GDPR and to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office, if they believe their personal data is being processed unlawfully.
2. Orders
When placing an order, the User must provide the data necessary to fulfill the order, such as their name, billing address, and email address. Depending on the selected delivery option, a telephone number may also be required.
This data is processed for the purpose of fulfilling the order under a contract for the provision of electronic services (Article 6, paragraph 1, letter b of the GDPR). If the User orders an invoice, the data will be processed for the purpose of issuing the invoice and including it in the accounting records in accordance with applicable law (Article 6, Section 1, Letter c of the GDPR).
In the event of claims being pursued, the Administrator will process the User's data to defend against such claims, which constitutes the Administrator's legitimate interest in accordance with Article 6, Section 1, Letter f of the GDPR.
Order data will be processed for the time necessary to fulfill the order and then until the expiry of the limitation period for claims under the concluded contract. Personal data appearing on the invoice will be stored for a period of 5 years from the end of the year in which the invoice was issued.
Under the terms described in the GDPR, the User has the right to access their personal data, the right to request rectification, deletion, restriction of processing, the right to object to their processing based on the Administrator's legitimate interest, as well as the right to data portability (referred to in Article 20 of the GDPR). The User has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe their personal data is being processed unlawfully.
3. Profiling and personalization of commercial and marketing information
If the User consents to receiving commercial information, including marketing information, the Administrator may – based on various information provided by the User – take steps to tailor the commercial offer to the User's preferences. These actions, in accordance with the GDPR, may be considered profiling.
The Administrator may analyze, among other things:
a) what content is viewed by the Useron the website,
b) what products are added to the shopping cart,
c) what payment methods are selected.
Based on this information, the User may receive, for example:
a) suggestions for products available in the store,
b) reminders about abandoned shopping carts in the case of unfinished purchases,
c) other messages tailored to their interests.
Thanks to such actions, the User can more quickly find products of interest, receive reminders about forgotten purchases, or learn about assortments tailored to their needs.
These actions do not constitute decisions that have legal effects on the User, nor do they in any way limit their freedom of purchase – they do not affect the ability to make choices other than those suggested by the system.
The User may object to such actions at any time by contacting the Administrator at: info@playroom.pl.
4. Contact Form
Personal data sent to the Administrator via the Contact Form will be processed for the purpose of responding to the inquiry. The legal basis for the processing of personal data is the Controller's legitimate interest in responding to User messages and communicating with the User (legal basis: Article 6, paragraph 1, letter f of the GDPR).
If the User requests a commercial offer from the Controller, their personal data will be processed pursuant to Article 6, paragraph 1, letter b of the GDPR, i.e., activities aimed at concluding a contract.
The User's personal data will be processed for the period necessary to process the correspondence, extended by the period resulting from the connection between the correspondence and the concluded legal relationship, archiving obligations, the pursuit of potential claims, or other obligations required by generally applicable law.
The User has the right to access their personal data, the right to request its rectification, deletion, restriction of processing, and the right to object to its processing. The User has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe their personal data is being processed unlawfully. Providing personal data is voluntary, but necessary to respond to the message sent by the User.
III. DATA RECIPIENTS
1. For the proper functioning of the Website, including the execution of concluded Sales Agreements, the Controller must use the services of external entities (such as a software provider, courier, or payment processor). The Controller only uses the services of processors who provide sufficient guarantees for the implementation of appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR and protects the rights of data subjects.
2. Data is not transferred by the Controller in every case and not to all recipients or categories of recipients indicated in the privacy policy – ​​the Controller transfers data only when it is necessary to achieve the given purpose of personal data processing and only to the extent necessary to achieve it. 3. Users' personal data may be transferred to the following recipients or categories of recipients:
1. couriers/freight forwarders/carriers - in the case of a Customer who uses the online store to deliver a Product by post or courier, the Controller shares the collected Customer's personal data for the purpose of delivering the Product to the Customer.
2. entities processing electronic payments or payment cards.
3. service providers providing the Controller with IT, technical, and organizational solutions enabling the Controller to conduct its business, including the website and the electronic services provided via it (in particular, providers of computer software for operating the Website and online store, email and hosting providers, and providers of software for managing the company and providing technical support to the Controller).
4. legal, accounting, and advisory service providers providing accounting, legal, or advisory support to the Controller (accounting office, law firm, or debt collection agency).
IV. USER RIGHTS (DATA SUBJECT RIGHTS)
1. Under the terms described in the GDPR, Users have the following rights:
a. the right to access their data and request a copy thereof (Article 15 of the GDPR);
b. the right to request rectification of their personal data (Article 16 of the GDPR);
c. the right to request erasure of personal data (Article 17 of the GDPR);
d. the right to request restriction of data processing (Article 18 of the GDPR);
e. the right to request data portability, i.e., the right to receive personal data from the Controller in a structured, commonly used, machine-readable format, to the extent that the data is processed on the basis ofConsent or for the conclusion and performance of a contract by automated means (Article 20 of the GDPR);
f. the right to object to the processing of personal data based on a legitimate interest (Article 21 of the GDPR);
2. To exercise your rights, please send a request to the following email address: iod@playroom.com.pl or to the following email address: info@playroom.pl.
3. You also have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe your personal data is being processed unlawfully.
V. INFORMATION ON THE REQUIREMENT/VOLUNTARYITY OF PROVIDING DATA
1. Providing personal data is voluntary, but may be necessary to achieve a given processing purpose.
2. If you make a purchase on the Controller's website, failure to provide data may result in the inability to perform the Contract (it is therefore a contractual obligation).
3. In the forms available on the Website, required fields are marked with an asterisk. Entering other data into the forms is voluntary.
VI. INFORMATION ABOUT DATA TRANSFER OUTSIDE THE EEA
Personal data will not be transferred to third countries, i.e., outside the European Economic Area (EEA).

pixel