Privacy Policy

    I. Identity of the personal data administrator

The administrator of your personal data is Shopinbit sp. z o.o. with its registered office in Kraków (KRS: 0000932953), which manages the shopinbit.com website.

    II. Contact details

Contact with the Administrator in matters related to personal data protection is possible through:

    1) correspondence address: al. Powstania Warszawskiego 15, 31-539, Kraków
    2) e-mail address: info@shopinbit.com.

    III. Purposes of processing and legal basis of personal data processing

Your personal data will be processed in order to:

    1) the performance of the contract for the provision of services by electronic means, which enable you to:
        ◦ making purchases on the shopinbit.com website and ordering the shipment of purchased goods through carriers cooperating with the Administrator under the terms and conditions specified in the regulations;
        ◦ maintaining an account on the website, which enables you to use the services offered by the Administrator (Article 6(1)(b) of the RODO). Thanks to your personal data, we can provide services to you, which would not be possible without the processing of personal data.

    2) to contact you on matters related to the Administrator's business and to answer your questions when you contact us, which is the fulfilment of the Administrator's legitimate interest in being able to communicate on matters related to the Administrator's business (Article 6(1)(f) RODO). As a general rule, correspondence on general matters and not directly related to the services provided to a specific service recipient may be conducted anonymously. However, if the contact relates to services provided to a specific service recipient - then we will need to know the identity of the person contacting us so that we can verify that the information is provided to an authorised person.

    3) to perform legal obligations related to the performance and settlement of the contract (e.g. issuing and recording invoices) - (Article 6(1)(c) RODO in connection with the Value Added Tax Act (in particular Article 112) and in connection with the Tax Ordinance, in particular Article 86). Generally applicable regulations imply the obligation to keep records related to the performance of the contract also after the end of the contract, so you must be aware that your personal data will not be deleted immediately after the performance of the contract.

    4) To comply with legal obligations relating to the provision of personal data at the request of authorised state authorities (Article 6(1)(c) RODO in conjunction with Article 18(5) of the Act on Provision of Electronic Services in conjunction with the relevant provision of national law, which allows state authorities to obtain personal data for the purposes of their investigations). Generally applicable regulations oblige us to make data on our service recipients available if requested by an authorised authority. As a matter of principle, however, we do not make such personal data available to entities other than state authorities (e.g. for the purposes of private prosecution).

    5) to carry out analyses of users' activities, as well as of their preferences in order to improve the functionalities used, if the user agrees to this by means of a cookie management tool (Article 6(1)(a) RODO), as well as to carry out marketing activities based on information from cookies, if the user agrees to this (Article 6(1)(a) RODO). The fulfilment of these purposes is made possible by cookies, which we may collect on our website, but only with your consent expressed by adjusting your selection via the cookie management tool. For the sake of readability, we have prepared a separate document describing how cookies work (Cookie Policy).

    6) Satisfaction surveys and improving the quality of the services provided, which is the Administrator's legitimate interest in being able to improve the quality of the services provided (Article 6(1)(f) RODO). We want our services to meet the expectations of our customers, so from time to time we may ask for your opinion on our services - however, if you choose not to share your opinion on our services, it is possible to object to the processing of your personal data for this purpose.

    7) to provide network security, including preventing unauthorised access to electronic communications and preventing damage to computer systems, which is our legitimate interest in being able to provide our services in a secure manner (Article 6(1)(f) of the DPA).

    8) the establishment, investigation or defence of claims, which is our legitimate interest in protecting our case in the event of a potential dispute at a judicial or pre-court stage (Article 6(1)(f) RODO). For this purpose, we may retain, among other things, information from correspondence carried out, information about services provided and other information that we consider useful in the event of a potential dispute.

    9) to send you marketing information about the Administrator's services and activities via email, but only if you have consented to the marketing contact (Article 6(1)(a) RODO):
        ◦ Newsletter - these will be messages that are not directly related to the service provided to you, but messages containing information that includes selected offers that we have prepared during a given period. Your consent for such contact is completely voluntary and entirely at your discretion. When you register for the newsletter, we save your email address and the IP address entered by your internet service provider, as well as the date and time of registration, in order to be able to trace any abuse or errors later. We will ask you to confirm your subscription to the Newsletter service in a special email.
        ◦ Notification of availability of goods - we offer the possibility to inform you by e-mail about the availability of items temporarily out of stock in our webshop.  To do so, you must provide your email address. If you use the product availability email notification service, we will send you a one-time email about the renewed availability of the product(s) of your choice in the webshop. By activating the confirmation link, you consent to the use of When you register for our product availability email notification service, we store your IP address entered by your Internet Service Provider (ISP) and the date and time of registration. To increase the security of the service, we use a double opt-in procedure. We will ask you to confirm your subscription to the Newsletter service in a special email.

    IV. Information for recipients

We will also process the personal data of the recipients of items and services purchased from the service, which we will obtain from the senders at the ordering stage of the service. This includes personal data such as (1) name/company name, (2) address, (3) email address and (4) telephone number. The processing of this personal data is necessary for us to provide our services in accordance with our business objectives, whereby we pursue our legitimate interest (Article 6(1)(f) RODO).

We process the personal data for this purpose for the duration of the performance of the service and thereafter retain the data for the purpose of fulfilling our legal obligations in connection with the performance and settlement of the contract (Art. 6(1)(c) RODO in connection with the Value Added Tax Act (in particular Art. 112) and in connection with the Tax Ordinance, in particular Art. 86).

Recipients' personal data will be processed for the period of the statute of limitations for the tax liability, effective at the end of the calendar year.

    V. Carriers as recipients of personal data

The provision of services within the shopinbit.com website is closely linked to the cooperation of the Administrator with carriers, who are separate controllers of your personal data and process it for the purpose of carrying out the ordered shipment and handling the order.

When we accept a shipment order for a shipment, we obtain the data of the sender and recipient such as (1) name/company name, (2) address, (3) e-mail address and (4) telephone number. We then share this personal data with the carrier who will be responsible for transporting the shipment, as a result of which such carrier becomes the recipient of the personal data and a separate data controller.

We encourage you to read the information on the processing of personal data presented by the carrier who will be responsible for the transport of your shipment. We use the following carriers:
    - Deutsche Post, (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, with which we process your personal data for the purpose of providing the service. You can read about the data processing rules here: https://www.deutschepost.de/en/f/footer/data-protection-and-cookies.html;
    - DHL (DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn; You can read about the principles of data processing by here: https://www.dpdhl.com/en/data-protection.html
    - DHL (DHL Freight GmbH, Godesberger Allee 102-104, 53175 Bonn, Germany; https://www.dpdhl.com/en/data-protection.html
    - DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg) You can read about the data processing principles here: https://www.dpd.com/de/de/datenschutz/
    - FedEx (FedEx Express Germany GmbH, Langer Kornweg 34 k, 65451 Kelsterbach) You can read about the data processing principles here https://www.fedex.com/de-de/privacy-policy.html
    - GLS (General Logistics Systems Germany GmbH & Co. OHG, GLS Germany-Strasse 1 - 7, 36286 Neuenstein) You can read about the data processing principles of GLS here https://gls-group.eu/DE/de/datenschutz-standard#:~:text=GLS%20Germany%20sch%C3%BCtzt%20Ihre%20personenbezogenen,eingegebenen%20Daten%20per%20SSL%2DVerschl%C3%BCsselung.
    - Hermes (Hermes Logistik Gruppe Deutschland GmbH, Essener Straße 89, 22419 Hamburg): You can read about the data processing rules here https://www.myhermes.de/datenschutz/
    - Schenker (Schenker Deutschland AG, Lyoner Straße 15, 60528 Frankfurt am Main): You can read about the data processing principles here https://www.dbschenker.com/de-de/meta/datenschutz.
    - UPS (United Parcel Service Deutschland Inc. & Co. OHG, Görlitzer Straße 1, 41460 Neuss) You can read about the principles of data processing by here: https://www.ups.com/de/de/help-center/legal-terms-conditions/privacy-notice.page?
    - Inpost (Inpost sp. z o.o., ul. Wielicka 28, 30-552 Kraków) You can read about the principles of data processing by Inpost here: https://inpost.pl/polityka-prywatnosci.
    - Poczta Polska (Poczta Polska Spółka Akcyjna, ul. Rodziny Hiszpańskich 8, 00-940 Warsaw) You may read about the principles of data processing by Poczta Polska here http://bip.poczta-polska.pl/iinformacja-o-zbieraniu-danych-osobowych/.

    VI. Payment processors as recipients of personal data
        ◦ PayPal (PayPal Europe, Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg In case of payment by PayPal, credit card by PayPal, direct debit by PayPal or any other form of payment chosen by PayPal, we will transfer your payment data to PayPal. The transfer is carried out in accordance with Article 6(1)(b) RODO and only to the extent that it is necessary for the processing of your payment.
PayPal reserves the right to carry out a credit check for late payment purchase methods. For this purpose, payment data may be passed on to credit agencies in accordance with Article 6(1)(f) RODO on the basis of PayPal's legitimate interest in determining your solvency.  For exact information on how PayPal processes your personal data, please refer to PayPal's Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full;

    VII. Other categories of recipients of your personal data

Your personal data will furthermore be processed by the following entities with whom we cooperate in pursuit of the legitimate interests of the Controller on the basis of Article 6(1)(f) RODO:

hosting provider (dogado GmbH, Antonio-Segni-Straße 11, 44263 Dortmund, Germany) and email provider (STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin);
    1) the service evaluation provider ShopVote (Blickreif GmbH, Schulstraße 46, 80634 Munich), which serves to protect the Administrator's overriding legitimate interests in the optimal marketing of the offer in accordance with Article 6 (1) sentence 1 lit. f RODO. The web server automatically saves a so-called server log file, which contains, for example, your IP address, the date and time of the connection, the amount of data transferred and the source of the connection (access data) and documents the call. This access data is deleted no later than seven days after the end of your visit to the website. The ShopVote plug-in does not record or store any other personal data.
    2) Entities providing legal services, accounting services, tax services and other advisory, analytical and marketing services;
    3) banks and financial services intermediaries.
    4) video plug-in service providers:  Youtube (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This plug-in uses the YouTube embed feature to display and play videos from the provider "Youtube", which is owned by Google Ireland Limited. If you start playing embedded videos from YouTube, the provider "Youtube" uses cookies to collect information about your behaviour. According to "Youtube", they are used to, among other things, collect video statistics, improve user-friendliness and prevent abuse. If you are logged into Google, your data will be assigned directly to your account when you click on a video. If you do not want to be associated with your YouTube profile, you must log out before activating the button. Google stores your data (even if you are not logged in) as user profiles For more information on data protection, see "YouTube" in the YouTube Terms of Use at https://www.youtube.com/static?template=terms. 


    VIII. Period of storage of your personal data

Your personal data processed for:

    1) the performance of the contract for the provision of services by electronic means, will be processed until all services under the contract have been provided and, if you have an account with shopinbit.com, until it is deleted. We would also like to remind you that we may delete your account on our own under the terms and conditions set out in the terms and conditions.

    2) To contact you on matters related to the Administrator's business and to answer questions from customers and potential customers, your personal data will be processed for a period that allows for the continuity of the correspondence. Thereafter, this personal data may be archived and stored in accordance with the retention period for the purpose of establishing, investigating or protecting against claims.

    3) to perform legal obligations related to the performance and settlement of the contract (e.g. issuing and recording invoices), will be processed for the period of the statute of limitations of the tax liability, effective at the end of the calendar year.

    4) to comply with legal obligations related to the provision of personal data at the request of authorized state authorities, will be processed on an ad hoc basis and then in accordance with the purpose in the form of contact in matters related to the activities of the Administrator.

    5) Conducting analyses of users' activities, as well as their preferences in order to improve the functionality used, as well as conducting marketing activities based on information from the so-called cookies, will be processed for the period indicated in the cookie management tool, as a rule not longer than one year. It is also possible to withdraw consent for this purpose of processing in advance, which will result in the discontinuation of the processing of personal data.

    6) Satisfaction surveys and improving the quality of the services provided will be processed on an ad hoc basis and then in accordance with the purpose of contacting you on matters related to the Administrator's activities, unless you object in advance to the processing of your personal data for this purpose.

    7) to ensure network security, including the prevention of unauthorised access to electronic communications and the prevention of damage to computer systems, will be processed on an ad hoc basis, allowing us to ensure an adequate level of security.

    8) establishing, investigating or defending against claims, will be processed until the claims are time-barred or until the possibility of an administrative fine is barred.

    9) to send you information about the Administrator's services and activities via email, will be processed until you withdraw your consent. We may also decide to stop sending this type of information earlier when we consider that this type of communication is not effective. It is also possible to withdraw consent for this purpose of processing earlier, which will result in the cessation of the processing of personal data.

    10) to send information on product availability via email, will be processed until the service is provided. It is also possible to withdraw consent for this purpose of processing in advance, which will result in the cessation of the processing of personal data.

    IX. Rights in relation to the processing of your personal data

In connection with the processing of your personal data, you have the right to:

    1) access to the content of your data (Article 15 RODO)
    2) rectification of your data (art. 16 RODO)
    3) erasure of your data (art. 17 RODO)
    4) restriction of data processing (Art. 18 RODO)
    5) data portability (Art. 20 RODO)
    6) to object to the processing (art. 21 RODO)
    7) not to be subject to decisions taken under automated data processing conditions, including profiling (Article 22 RODO)

Whenever the legal basis for the processing of your personal data is consent, you may withdraw it at any time, but this does not affect the lawfulness of the processing carried out before the withdrawal of consent.

Exercising these rights is possible under the terms of the RODO, after contacting the Administrator in advance.

    X. Transfer of personal data outside the European Economic Area

As a general rule, we do not transfer personal data outside the European Economic Area. Your privacy is our highest priority and we do not transfer data to countries that do not apply the highest privacy rules.

    XI. Right to lodge a complaint

If you consider that the processing of your data is unlawful, you have the right to lodge a complaint with the supervisory authority - the President of the Office for Personal Data Protection. Nevertheless, we would like to inform you that we respect the privacy of our users and it is one of the most important values of our company, so we recommend that you contact us before taking such action - we will certainly find a solution.

COOKIE POLICY

    I. Basic information about cookies

We use cookies on our website. Cookies are small pieces of text which a website sends to your browser and which your browser sends back the next time you visit the website. Cookies do not normally allow direct identification of the user. There are three types of cookies:

    1) Session cookies - temporarily stored in the browser's memory until the browser is closed. These are necessary for the correct functioning of certain applications and functionalities;
    2) Permanent - facilitate the use of websites (they remember the user's preferences). They remain in the browser's memory for a longer period of time;

If the above information is of interest to you and you want to know how cookies work in detail, we encourage you to read the information about cookies on Wikipedia. You can also find information about cookies at wszystkoociasteczkach.pl. You are also welcome to contact us by e-mail.

    II. Purposes for storing and accessing cookies. Information on third party tools.

Purpose
Example use of cookies
Remembering your settings
Store information about the settings selected by the user of the website. For example: "NID" and "cookies_accepted".
Analytics
They help to understand how users use the website by collecting information and generating reports with statistics. These cookies may also, in conjunction with other cookies, allow more relevant advertising to be displayed. For example: "_ga".
Security
Restrict data collection if the website receives too many user requests. In this situation, some user requests are subject to blocking. For example: "SID" and "HSID".
Session status
They store information about how users use the website. They store the session ID and group together the activity of the entire session for the website user. They help to improve services and enhance the website user experience. For example: "PHPSESSID"
Advertising
Allow you to tailor advertising to users and obtain reports on the effectiveness of an advertising campaign. For example: "IDE", "NID", "ANID" and "SID" provided by Google.

The scope and purpose of the cookies we use depends on your consent, which is given via the cookie management tool (Article 6(1)(a) RODO). You can withdraw this consent at any time, but this does not affect the lawfulness of the processing carried out before the withdrawal of consent. Since, within the framework of cookies, part of the information may constitute personal data, we also suggest you read our Privacy Policy, in which we describe the principles on which we process personal data.

As part of the use of cookies, part of the information may be transferred to service providers that are based outside the European Economic Area, i.e. in the United States. The legal basis for the transfer will be the Standard Contractual Clauses. The content of these clauses is publicly available online in the EUR-lex electronic database of European Union legislation. Privacy laws in the United States may not provide the protections of the RODO, so we do not transfer relevant information about you (so-called content) to these entities. Due to potential access to your data by services from the United States, we have safeguards in place to ensure the security of such transfers. If you would like to know more about such a transfer, please contact us. You may also choose not to consent to the use of such tools.

    III. Ability to specify the conditions for storing and accessing cookies through your software settings

It is also possible to determine the conditions for storing and accessing cookies by means of the software settings installed on the device you are using. Please refer to the instructions for the most popular web browsers.

    1) Chrome https://support.google.com/chrome/answer/95647?hl=pl
    2) Firefox:https://support.mozilla.org/pl/kb/wzmocniona-ochrona-przed-sledzeniem-firefox-desktop?redirectlocale=pl&redirectslug=W%C5%82%C4%85czanie+and+you%C5%82%C4%85control+obs%C5%82ug+cookies
    3) Opera https://help.opera.com/pl/latest/web-preferences/#cookies
    4) Safari https://support.apple.com/de-de/guide/safari/sfri11471/mac
    5) Microsoft Edge https://privacy.microsoft.com/pl-pl/privacystatement