Privacy Policy PartyPal

TABLE OF CONTENTS:

1. GENERAL PROVISIONS

2. LEGAL BASES FOR DATA PROCESSING

3. PURPOSE, LEGAL BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE

4. RECIPIENTS OF DATA IN THE ONLINE STORE

5. PROFILING IN THE ONLINE STORE

6. RIGHTS OF THE DATA SUBJECT

7. COOKIES IN THE ONLINE STORE AND ANALYTICS

8. FINAL PROVISIONS                                                                                                                                                                                                                                                                                                                                   

1. GENERAL PROVISIONS 

1.1. This privacy policy of the Online Store has an informative character, which means that it is not a source of obligations for the Service Recipients or Customers of the Online Store. The privacy policy primarily contains the rules concerning the processing of personal data by the Administrator in the Online Store, including the legal bases, purposes and period of personal data processing and the rights of the data subjects, as well as information regarding the use of Cookies and analytical tools in the Online Store.

1.2. The controller of personal data collected via the Online Store is TENTU GLOBAL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw (registered address: ul. Hoża 86/410, 00-682 Warsaw and correspondence address: Aleja Krakowska 1A, 05-552 Wola Mrokowska); entered in the Register of Entrepreneurs of the National Court Register under KRS number: 0000983876; the registry court where the company’s documentation is kept: District Court for the Capital City of Warsaw, XII Commercial Division of the National Court Register; share capital: PLN 5,000.00; VAT ID (NIP): 9542843231; REGON: 522645313; email address: shop@partypal.pl and contact phone: +48 516-106-398 — hereinafter referred to as the “Administrator” and also acting as the Online Store Service Provider and Seller.

1.3. Personal data in the Online Store are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) — hereinafter “GDPR” or “the GDPR Regulation”. The official text of the GDPR: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

1.4. Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by a Service Recipient or Customer using the Online Store is voluntary, subject to two exceptions: (1) entering into contracts with the Administrator — failure to provide, in the cases and to the extent indicated on the Online Store website and in the Online Store Terms and in this privacy policy, the personal data necessary to conclude and perform a Sales Contract or an Electronic Service contract with the Administrator will make it impossible to conclude such a contract. In such case, providing personal data is a contractual requirement and if the data subject wishes to conclude a given contract with the Administrator, they are obliged to provide the required data. Each time the scope of data required to conclude a contract is indicated in advance on the Online Store website and in the Online Store Terms; (2) statutory obligations of the Administrator — providing personal data is a legal requirement resulting from generally applicable laws imposing on the Administrator an obligation to process personal data (e.g., processing data necessary for keeping tax or accounting books) and failure to provide them will prevent the Administrator from fulfilling those obligations.

1.5. The Administrator takes particular care to protect the interests of the persons whose personal data it processes and, in particular, is responsible for and ensures that the data collected are: (1) processed lawfully; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) substantively correct and adequate in relation to the purposes for which they are processed; (4) stored in a form enabling identification of the data subjects no longer than necessary to achieve the purpose of processing; and (5) processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by means of appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context and purposes of processing and the risk of a breach of the rights or freedoms of natural persons of varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the Regulation and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Administrator uses technical means to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.

1.7. All words, expressions and acronyms used in this privacy policy and beginning with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Online Store Terms available on the Online Store pages.

2. LEGAL BASES FOR DATA PROCESSING

2.1. The Administrator is authorized to process personal data where — and to the extent that — at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2. Processing of personal data by the Administrator always requires the presence of at least one of the bases set out in clause 2.1 of the privacy policy. The specific legal bases for processing the personal data of Service Recipients and Customers by the Administrator are indicated in the next section of the privacy policy — in relation to each specific purpose of processing.

3. PURPOSE, LEGAL BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE

3.1. Each time, the purpose, legal basis, period and recipients of personal data processed by the Administrator result from actions taken by the given Service Recipient or Customer in the Online Store or by the Administrator. For example, if a Customer decides to make purchases in the Online Store and chooses personal collection of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of performing the concluded Sales Contract, but will not be disclosed to the carrier handling shipments on behalf of the Administrator.

3.2. The Administrator may process personal data within the Online Store for the following purposes, on the legal bases and for the periods indicated in the table below:

Purpose of data processing
Legal basis for data processing
Data retention period
Performance of the Sales Agreement or the electronic services agreement, or taking steps at the request of the data subject prior to the conclusion of the aforementioned agreements.
Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract.
The data are stored for the period necessary for the performance, termination or other form of expiry of the concluded Sales Agreement or electronic services agreement.



Direct marketing



Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting in safeguarding the interests and good image of the Controller and its Online Store, as well as in pursuing the sale of Products.



The data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims of the Controller against the data subject arising from the business activity conducted by the Controller. The limitation period is defined by law, in particular by the Civil Code (the basic limitation period for claims related to the conduct of business activity is three years, and for a Sales Agreement – two years). The Controller may not process the data for direct marketing purposes if the data subject has effectively objected to such processing.
Marketing

Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of his or her personal data for marketing purposes by the Controller.
The data are stored until the data subject withdraws their consent to the further processing of their data for this purpose.


Expression by the Customer of an opinion on the concluded Sales Agreement


Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of his or her personal data for the purpose of submitting an opinion.
The data are stored until the data subject withdraws their consent to the further processing of their data for this purpose.
Keeping accounting records

Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act of 30 January 2018 (Journal of Laws of 2018, item 395, as amended) – processing is necessary for compliance with a legal obligation to which the Controller is subject.
The data are stored for the period required by the legal provisions obliging the Controller to keep accounting records (5 years from the beginning of the year following the financial year to which the data relate).



Establishment, exercise or defence of claims that may be asserted by the Controller or against the Controller



Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting in the establishment, exercise or defence of claims that may be asserted by the Controller or against the Controller.
The data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims that may be brought against the Controller (the basic limitation period for claims against the Controller is six years).



Use of the Online Store website and ensuring its proper functioning



Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting in operating and maintaining the Online Store website.



The data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims of the Controller against the data subject arising from the business activity conducted by the Controller. The limitation period is defined by law, in particular by the Civil Code (the basic limitation period for claims related to the conduct of business activity is three years, and for a Sales Agreement – two years).
Keeping statistics and analysing traffic in the Online Store



Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting in operating and maintaining the Online Store website.



The data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims of the Controller against the data subject arising from the business activity conducted by the Controller. The limitation period is defined by law, in particular by the Civil Code (the basic limitation period for claims related to the conduct of business activity is three years, and for a Sales Agreement – two years).

4. RECIPIENTS OF DATA IN THE ONLINE STORE

4.1. For the correct functioning of the Online Store, including for the performance of Sales Contracts, the Administrator needs to use the services of external entities (such as software providers, couriers or payment processors). The Administrator uses only processors who provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of the data subjects.

4.2. Personal data may be transferred by the Administrator to a third country; in such case the Administrator ensures that transfer will be made to a country ensuring an adequate level of protection — in accordance with the GDPR, or, in the case of other countries, that the transfer will be based on standard contractual clauses for data protection. The Administrator ensures that the data subject has the possibility to obtain a copy of their data. The Administrator transfers collected personal data only when and to the extent necessary to achieve the specific purpose of processing in accordance with this privacy policy.

4.3. Data transfer by the Administrator does not occur in every case and not to all recipients or recipient categories listed in the privacy policy — the Administrator discloses data only when it is necessary to fulfill the given purpose of processing and only to the extent necessary to do so. For example, if a Customer chooses in-store pickup, their data will not be transferred to a carrier cooperating with the Administrator.

4.4. Personal data of Service Recipients and Customers of the Online Store may be disclosed to the following recipients or categories of recipients:

4.4.1. carriers / freight forwarders / courier brokers / entities operating warehouses and/or the shipping process — if the Customer chooses delivery by mail or courier, the Administrator discloses the Customer’s data to the selected carrier, forwarder or intermediary handling shipments on the Administrator’s behalf, or — if shipment is made from an external warehouse — to the entity handling the warehouse and/or shipping process, to the extent necessary to deliver the Product to the Customer.

4.4.2. entities processing electronic payments or card payments — if the Customer uses electronic or card payment methods, the Administrator discloses the Customer’s data to the selected provider processing such payments on the Administrator’s behalf to the extent necessary to process the Customer’s payment.

4.4.3. suppliers of technical, IT and organizational solutions enabling the Administrator to run the business, including the Online Store and the Electronic Services provided through it (in particular, suppliers of software for running the Online Store, email and hosting providers, and suppliers of software for company management and technical support) — the Administrator discloses Customer data to such suppliers acting on its behalf only when and to the extent necessary to accomplish the relevant processing purpose in accordance with this privacy policy.

4.4.4. suppliers of accounting, legal and advisory services providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection agency) — the Administrator discloses Customer data to such suppliers acting on its behalf only when and to the extent necessary to accomplish the relevant processing purpose in accordance with this privacy policy.

4.4.5. providers of social plugins, scripts and other similar tools placed on the Online Store website that enable the visitor’s browser to fetch content from the providers of those plugins (e.g., login using social network credentials) and transfer personal data of the visitor to those providers for that purpose, including:

4.4.5.1. Meta Platforms Ireland Ltd. — the Administrator uses social plugins of Facebook (e.g., Like, Share button or login via Facebook credentials) and Instagram on the Online Store website and therefore collects and shares personal data of Website Users to Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) in the scope and according to the privacy rules available — for Facebook here: https://www.facebook.com/about/privacy/ and — for Instagram here: https://help.instagram.com/519522125107875/?helpref=hc_fnav. These data include information on activity on the Online Store site — including device information, visited pages, purchases, displayed ads and the way services are used — regardless of whether the Website User has a Facebook or Instagram account and whether they are logged in.

5. PROFILING IN THE ONLINE STORE

5.1. The GDPR requires the Controller to inform about automated decision-making, including profiling referred to in Article 22(1) and (4) of the GDPR, and — at least in such cases — provide essential information about the logic involved and the significance and envisaged consequences of such processing for the data subject. With this in mind, the Administrator provides information in this section on possible profiling.

5.2. The Administrator may use profiling in the Online Store for direct marketing purposes, but decisions based on such profiling by the Administrator do not concern the conclusion or refusal to conclude a Sales Contract or the possibility of using Electronic Services in the Online Store. The effect of profiling may be, for example, granting a person a discount, sending a discount code, reminding about abandoned purchases, proposing a Product that may match the person’s interests or preferences, or offering better terms compared to the standard Online Store offer. Despite profiling, the person remains free to decide whether to use the received discount or improved offer and make a purchase.

5.3. Profiling in the Online Store consists of automatic analysis or prediction of a person’s behavior on the Online Store website (e.g., adding a specific Product to the cart, viewing a specific Product page, or by analyzing past purchase history). A condition for such profiling is that the Administrator holds the person’s personal data to enable sending, for example, a discount code.

5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

6. RIGHTS OF THE DATA SUBJECT

6.1. Right of access, rectification, restriction, erasure or data portability — the data subject has the right to request access to their personal data from the Administrator, to have them rectified, erased (“right to be forgotten”) or the processing restricted, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising these rights are set out in Articles 15–21 of the GDPR.

6.2. Right to withdraw consent at any time — where processing is based on consent (Article 6(1)(a) or Article 9(2)(a) GDPR), the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.

6.3. Right to lodge a complaint with a supervisory authority — the data subject has the right to lodge a complaint with a supervisory authority in the manner and under the procedure provided by the GDPR and Polish law. The supervisory authority in Poland is the President of the Personal Data Protection Office.

6.4. Right to object — the data subject has the right to object at any time, for reasons relating to their particular situation, to processing of personal data based on Article 6(1)(e) (public interest) or (f) (legitimate interests), including profiling based on these provisions. In such case the Administrator shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

6.5. Right to object regarding direct marketing — if personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of their personal data for such marketing, including profiling insofar as it is related to such direct marketing.

6.6. To exercise the rights described above, contact the Administrator by written message or email to the Administrator’s contact details provided at the start of this privacy policy, or use the contact form available on the Online Store website.

7. COOKIES IN THE ONLINE STORE AND ANALYTICS

7.1. Cookies are small text files sent by a server and stored on the visitor’s device (e.g., hard drive of a computer, laptop, or smartphone memory card). Detailed information about cookies and their history can be found, for example, at: https://pl.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookies used by the Online Store may be categorized by:

Based on their provider:
1. first-party (created by the Online Store website Administrator),
2. third-party (belonging to persons/entities other than the Administrator).

Based on their storage duration on the device of the person visiting the Online Store website:
1. session (stored until logging out of the Online Store or closing the web browser),
2. persistent (stored for a specified period defined by the parameters of each Cookie or until manually deleted).
Based on their purpose:
1. necessary (enabling the proper functioning of the Online Store website),
2. functional/preference (allowing the Online Store website to be customized to the preferences of the person visiting the site),
3. analytical and performance (collecting information on how the Online Store website is used),
4. marketing, advertising, and social (collecting information about the person visiting the Online Store website for the purpose of displaying advertisements to them, personalizing ads, measuring effectiveness, and conducting other marketing activities, including on websites other than the Online Store, such as social media platforms or other websites belonging to the same advertising networks as the Online Store).

7.3. The Administrator may process data contained in cookies for specific purposes, such as:

Purposes of using Cookies in the Online Store of the Administrator

- identifying Users as logged in to the Online Store and showing that they are logged in (necessary Cookies),
- storing Products added to the cart for the purpose of placing an Order (necessary Cookies),
- storing data from completed Order Forms, surveys, or login details for the Online Store (necessary and/or functional/preference Cookies),
- customizing the content of the Online Store website to the individual preferences of the User (e.g., regarding colors, font size, page layout) and optimizing the use of the Online Store pages (functional/preference Cookies),
- conducting anonymous statistics showing how the Online Store website is used (analytical and performance Cookies)

7.4. Checking which Cookies (including their duration and provider) are currently sent by the Online Store website in the most popular web browsers is possible in the following way:

In the Chrome browser:
1. click the padlock icon on the left side of the address bar,

2. go to the ‘Cookies’ tab.


In the Firefox browser:
1. click the shield icon on the left side of the address bar,
2. go to the ‘Allowed’ or ‘Blocked’ tab,
3. click the ‘Cross-site tracking cookies’, ‘Social media trackers’, or ‘Content with tracking elements’ field.
In the Internet Explorer browser:
1. click the ‘Tools’ menu,

2. go to the ‘Internet Options’ tab,
3. go to the ‘General’ tab,
4. go to the ‘Settings’ tab,
5. click the ‘View files’ field.

In the Opera browser:
1. click the padlock icon on the left side of the address bar,
2. go to the ‘Cookies’ tab.
In the Safari browser:
1. click the ‘Preferences’ menu,
2. go to the ‘Privacy’ tab, 
3. click the ‘Manage Website Data’ field.

Regardless of the browser, using tools available, for example, at
https://www.cookiemetrix.com/ or:  https://www.cookie-checker.com/

7.5. By default, most web browsers on the market automatically accept saving Cookies. Each user can define the conditions for using Cookies through their browser settings. This means that it is possible, for example, to partially limit (e.g., temporarily) or completely disable the ability to save Cookies – however, in the latter case, this may affect certain functionalities of the Online Store (for example, it may become impossible to complete the Order process through the Order Form due to Products in the cart not being remembered during subsequent steps of placing the Order).

7.6. Web browser settings regarding Cookies are important from the perspective of consenting to the use of Cookies by our Online Store – according to regulations, such consent can also be given through the browser settings. Detailed information on how to change Cookie settings and delete them manually in the most popular web browsers is available in the browser’s help section and on the following websites (simply click the link):

In the Chrome browser

In the Firefox browser

In the Internet Explorer browser

In the Opera browser

In the Safari browser

In the Microsoft Edge browser

7.7. The Administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) to maintain statistics and analyze traffic. Data processed by these services are used to generate aggregate statistics helpful for site administration and traffic analysis. Collected data are aggregate and may include acquisition source/medium, visitor behavior on the site, device and browser information, IP and domain, geographic and demographic data (age, gender) and interests.

7.8. It is possible to block Google Analytics from collecting information about activity on the Online Store by installing the browser add-on provided by Google Ireland Ltd.: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9. For full information on how Google Ireland Ltd. processes data of site visitors (including cookie data), see Google’s privacy policy for partner sites: https://policies.google.com/technologies/partner-sites.   

8. FINAL PROVISIONS

8.1. The Online may contain links to other websites. The Administrator encourages users to review the privacy policies on those sites. This privacy policy applies only to the Administrator's Online Store.