Privacy policy

1. Personal data controller

 

  1. The Personal data controller within the meaning of Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (RODO) is ROKO.BIKE – Limited Liability Company with registered office in Wisła at St. Wyzwolenia 59, 43-460 Wisła, NIP: 5482734593, REGON: 388073745, entered in the Register of Entrepreneurs of the National Court Register under KRS: 0000881660, registration court: District Court in Bielsko-Biała, VIII Economic Division of the National Court Register, share capital: PLN 5.000,00.
  2. E-mail address of the data controller: info@roko.bike.
  3. The controller pursuant to Article 32(1) of the RODO observes the principle of personal data protection and applies appropriate technical and organisational measures to prevent accidental or unlawful destruction, loss, modification, unauthorised disclosure or unauthorised access to personal data processed in connection with its activities.
  4. Providing personal data by the customer is voluntary, but necessary to conclude a contract with the data controller.
  5. The controller processes personal data to the extent necessary to perform the contract or provide services to the data subject.

 

2. Purpose and basis of personal data processing

 

The controller processes personal data for the following purposes:

 

  1. preparation of a commercial offer in response to customer interest, which is a legitimate interest of the controller (Article 6(1)(f) RODO);
  2. concluding and performing sales contracts with customers, on the basis of a concluded agreement (Article 6(1)(b) RODO);
  3. providing services electronically via the Online Shop, on the basis of the agreement concluded (Article 6(1)(b) of the RODO);
  4. handling of the complaint process, on the basis of the obligation incumbent on the data controller in connection with the applicable legal provisions (Article 6(1)(c) of the RODO);
  5. accounting related to the issuing and acceptance of billing documents, based on tax law (Article 6(1)(c) of the RODO);
  6. data archiving for the possible establishment, investigation or defence against claims or the need to prove facts, which is a legitimate interest of the data controller (Article 6(1)(f) RODO);
  7. contact by telephone or e-mail, in particular in response to enquiries addressed to the controller, which is a legitimate interest of the controller (Article 6(1)(f) of the RODO);
  8. sending technical information concerning the functioning of the Online Shop and the services used by the customer, which is the legitimate interest of the controller (Article 6(1)(f) of the RODO);
  9. marketing, which is its legitimate interest (Article 6(1)(f) RODO) or takes place on the basis of previously granted consent (Article 6(1)(a) RODO).

 

3. Recipients of data. Transfer of data to third countries

 

  1. The recipients of personal data processed by the controller may be entities cooperating with the controller, if it is necessary for the performance of a contract concluded with the data subject.
  2. The recipients of personal data processed by the controller may also be subcontractors – entities, whose services are used by the controller to process the data, e.g. accounting offices, law firms, entities providing IT services (including hosting services).
  3. The controller may be obliged to disclose personal data under the applicable law, in particular to disclose personal data to authorised state authorities or institutions.
  4. Personal data in connection with the controller’s use of tools for analysing and tracking website traffic may be transferred to an entity located outside the European Economic Area, e.g. to Google LLC. As an appropriate data protection measure, the controller has agreed to standard contractual clauses pursuant to Article 46 RODO with the providers of these services. More information on this is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

 

4. Period for storage of personal data

 

  1. The controller shall store personal data for the duration of the contract concluded with the data subject and after its termination for the purposes related to the assertion of claims related to the contract, the performance of obligations arising from applicable laws, but for no longer than the period of limitation under the provisions of the Civil Code.
  2. The controller shall store personal data contained in settlement documents for the period specified in the provisions of the Value Added Tax Act and the Accounting Act.
  3. The controller shall store personal data processed for marketing purposes for the period of 10 years, but not further than until the withdrawal of consent to data processing or objection to data processing.
  4. The controller shall store personal data for purposes other than those referred to in paragraphs 1-3 for the period of one year, unless the consent to data processing has been withdrawn earlier, and data processing cannot be continued on any other basis than the consent of the data subject.

 

5. Rights of the data subject

 

  1. Every data subject shall have the right:
    1. access – to obtain confirmation from the controller as to whether his/her personal data are being processed. If the data concerning the person are processed, he/she shall be entitled to have access to them and to obtain the following information: on the purposes of processing, the categories of personal data, information on the recipients or categories of recipients to whom the data have been or will be disclosed, the period of data storage or the criteria for their determination, the data subject’s right to demand rectification, erasure or restriction of personal data processing and to object to such processing (Article 15 of the RODO);
    2. to obtain a copy of the data – to obtain a copy of the data undergoing processing, the first copy being free of charge and for subsequent copies the controller may charge a reasonable fee based on administrative costs (Article 15(3) RODO);
    3. to rectification – to request the rectification of personal data concerning him/her which are inaccurate or the completion of incomplete data (Article 16 RODO);
    4. to erasure – to request the erasure of his/her personal data where the controller no longer has a legal basis for processing them or the data are no longer necessary for the purposes of the processing (Article 17 RODO);
    5. to restriction of processing – to request restriction of processing of personal data (Article 18 RODO) when:
      1. the data subject challenges the accuracy of the personal data – for a period allowing the controller to verify the accuracy of the data,
      2. he processing is unlawful and the data subject opposes their erasure by requesting the restriction of their use,
      3. the controller no longer needs the data, but they are necessary for the data subject to establish, assert or defend his/her claims,
      4. the data subject has objected to the processing, until such time as it is established whether the legitimate grounds on the part of the controller override the grounds of the data subject’s objection;
    6. to data portability – to receive in a structured, commonly used and machine-readable format the personal data concerning him/her which he/she has supplied to the controller, and to request that these data be sent to another controller, where the data are processed on the basis of the data subject’s consent or a contract concluded with him/her and where the data are processed by automated means (Article 20 of the RODO);
    7. to object – to object to the processing of his/her personal data for the legitimate purposes of the controller on grounds relating to his/her particular situation, including profiling. The controller shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the controller shall be obliged to stop processing the data for those purposes (Article 21 RODO)
  2. In order to exercise the aforementioned rights, the data subject shall contact, using the contact details provided, the controller and inform the controller of which right and to what extent the data subject wishes to exercise it.
  3. The data subject shall have the right to lodge a complaint with the supervisory authority, which is the President of the Office for Personal Data Protection in Warszawa.

 

6. Profiling

 

Personal data obtained by the data controller will not be processed by automated means, including profiling.

 

7. Google Analytics

 

  1. The controller uses Google Analytics, a web analytics service provided by Google Inc. based in the USA.
  2. Google Analytics uses cookies to analyse your use of the website. The information generated by the cookie about your use of the website is transmitted to and stored on a Google server. On behalf of the controller, Google will use this information to analyse your use of the website for the purpose of compiling reports on website activity and providing other services relating to website and Internet usage to the commissioning party.
  3. The data will not be used to identify any individual.
  4. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. Furthermore, users may prevent the collection by Google of the data generated by the cookie and related to their use of the website (including their IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=pl.
  5. You may object at any time to the collection and processing of data relating to your use of the Google website by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.