Privacy Policy

PRIVACY POLICY

1. General information

This Policy is issued by Root7 s.c. and is addressed to all users (hereinafter: "Users") of the website www.root7.pl (hereinafter: "Site"). Definitions used in this Policy are provided in Section XII below.

The Controller of the Personal Data obtained through the Site is LazyStore s.c. with its registered office at ul. Gminna 43/7, 05-506 Lesznowola. The contact details of the Data Controller are given in Section XII below.

This Policy may be amended and updated to reflect changes in practices related to the processing of personal data by the Controller or amendments to generally applicable laws. We encourage you to read this Policy carefully and to regularly monitor the changes introduced by the Administrator.

II. Processing of Users' Personal Data




Collection of Personal Data: The Controller may acquire Personal Data pertaining to Users, such as: identification data (name, surname, posting address), contact details (telephone number, e-mail address), business data (position, company details).

The Controller may obtain Users' Personal Data, in particular, in the following cases:


- providing Personal Data by Users (e.g. through a contact form, e-mail or telephone contact);


- acquiring Personal Data from third parties (e.g., contractors, financial intermediaries, law enforcement entities, including government agencies or courts);


- acquiring or asking Users to provide Users' Personal Data when they visit the Controller's website or use any features or resources available on or through the Site. When Users visit the Site, their devices and browsers may automatically provide certain information (such as device type, operating system, browser type, browser settings, IP address, language settings, dates and times of connection to the Site, and other technical information regarding the communication), some of which may constitute Personal Data. When visiting the Site, no Personal Data of the Users will be stored by the Controller, without the Users' prior express consent. The temporary storage of log files and cookies facilitates the use of our Site. For this reason, Users are requested to give their respective consent on the Site. The granting of such consent is optional and does not affect the ability to use the Site. In some cases, without such consent, your experience on the Site may be limited to a certain extent.


Personal Data Processed: The categories of Users' Personal Data processed by the Controller may, in particular, include:

Identification Data: first name(s), last name(s), first name used, gender, date of birth/age;

Contact Details: residential address, company (employer) address, telephone number, fax number, e-mail address;

Communication Content: all communications, enquiries, statements, views and opinions about us sent by Users or published on social media or through the Site.


Legal Basis for the Processing of Personal Data: When Processing Users' Personal Data for the purposes indicated in this Policy, the Controller may invoke one or more than one legal basis, as applicable:

 the processing is based on the User's prior, freely-given, specific, informed and unambiguous consent to the Processing;

the processing is necessary for the performance of a contract which the User has concluded or intends to conclude with the Administrator;

the processing is necessary for compliance with a legal obligation to which the Controller is subject;

the processing is necessary to protect the vital interests of any natural person;

the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller

the processing is necessary for the purposes of managing, operating and promoting the activities of the Controller and does not prejudice the interests or fundamental rights and freedoms of the User.



Purposes for Processing Personal Data: The purposes for which the Controller may process Users' Personal Data are as follows:

The Controller's Site: running and managing the Site, presenting its content; publishing information, communicating and contacting Users, employees and contractors, as well as potential employees or collaborators, through the Site.

Offering the Controller's products and services to Users: presentation of the Site and other services; communication related to the Controller's services.

Communication and IT operations: managing communication systems, IT security activities, and IT security audits.

3. Sharing Personal Data with third parties                                                The Controller may provide Users' Personal Data to:
   
   

• to administrative or judicial authorities, at their request, in order to inform them of actual or suspected infringements of applicable law;
  
  
• to persons carrying out audits, lawyers, PR agencies, contractors performing service activities, taking into account the confidentiality obligations resulting from the contract or imposed on these entities by law;
  
  
• third parties processing the entrusted data on behalf of the Controller, irrespective of their place of establishment, in accordance with the requirements under Section III below;
  
  
• to any entity competent for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal measures, including the prevention and combating of threats to public security;
  
  
  Notwithstanding the above, the Site may use plugins or content presented by third parties. If Users choose to use them, Users' Personal Data may be shared with third parties or social media platforms. The Controller hereby recommends reading the Privacy Policy of the third party before using its plugins or content.
  
  If we engage a third party to Process Users' Personal Data, pursuant to the processing entrustment agreement entered into with such third party, the Processor will be required to: (i) process the Personal Data indicated in the Controller's prior written instructions; and (ii) apply all measures to protect the confidentiality and security of the Personal Data and ensure compliance with all other generally applicable law requirements.
  
  
  The entity that processes Users' Personal Data obtained via the Site is Root7 s.c., which is the developer of this Site and which provides the Controller with technical support services related to the use of the Site. This entity stores and processes Users' Personal Data obtained during the use of the Site by Users. The Processor shall ensure full security of Users' Personal Data by using innovative and adequate technical and organisational measures. The Processor may not use Users' Personal Data provided to it for purposes other than those for which it was entrusted by the Controller. The Controller concluded a personal data processing outsourcing agreement with the Processor under which the Processor is obliged to comply with the requirements concerning the protection of the Users' Personal Data.

4. International transfer of Personal Data

The Controller does not and does not intend to transfer any Users' Personal Data to third countries that are not members of the European Union or to international organisations. Should the need arise, this Policy will be modified and the transfer of Users' Personal Data may only take place on the basis of standard contractual provisions that the Controller will implement prior to the transfer of such Personal Data. In this case, Users will be entitled to request a copy of the standard contractual provisions applied by the Controller, using the contact details indicated in Section XII below.

       V. Data protection

The Controller informs that it has implemented appropriate technical and organisational protection measures in order to protect the Personal Data, in particular including safeguards against accidental or unlawful destruction, loss, alteration, unauthorised publication, unauthorised access and other unlawful and unauthorised forms of Processing, in accordance with the applicable law.
The Controller is not responsible for the actions or omissions of the Users. Users are responsible for ensuring that all Personal Data is transmitted to the Controller in a secure manner.

6. Data Accuracy                                                                                                 The Controller shall take all appropriate measures to ensure that:
   
   

• the Users' personal data processed by the Controller are accurate and, if necessary, up-to-date;
• all Users' personal data processed by the Controller that are erroneous (having regard to the purpose for which they are processed) are deleted or corrected without undue delay.
  
  The Controller, at any time, may ask the Users about the accuracy of the Personal Data Processed.
  
  

7. Data Minimisation
   

The Controller shall take all appropriate measures to ensure that the scope of Users' Personal Data that it Processes is limited to the Personal Data that are adequately required for the purposes indicated in this Policy.

8. Data Storage
   

The criteria determining the duration of the period during which the Controller stores Users' Personal Data are as follows: the Controller shall keep copies of the Users' Personal Data in an identifiable form for no longer than is necessary for the purposes indicated in this Policy, unless a longer retention period is required under generally applicable provisions of law. The Controller may, in particular, store Users' Personal Data for the entire period necessary to establish, exercise or defend its claims.

9. Users' rights

In accordance with the provisions of the General Data Protection Regulation, with regard to the Users' Personal Data that is processed by the Controller, the Users have the following rights:

• the right of access to personal data;
  
  
• the right to rectification of personal data;
  
  
• the right to erasure of personal data;
  
  
• the right to restrict the processing of personal data;
  
  
• the right to personal data portability;
  
  
• the right to object to the processing of personal data;
  
  
• the right not to be subject to a decision based on automated processing.
  
  Where the Processing of Personal Data is carried out on the basis of consent given by Users, Users have the right to withdraw their consent at any time without affecting the lawfulness of the Processing carried out on the basis of consent before its withdrawal. To do so, contact the designated person at e-mail address: sklep@root7.pl or via phone number: +48 537 868 759
  In case of improper Processing of Personal Data, Users have the right to lodge a complaint to the state supervisory body for data protection, i.e. the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw).
  
  
  
  The foregoing provisions do not affect the Users' rights under statutes or other generally applicable laws.
  
  To exercise one or more of your rights or to enquire about these rights or any other provision of this Policy or about the Processing of Users' Personal Data, please contact us using the contact details set out in Section XII below.

10. Cookies
    

A cookie is a small file stored on the User's device when visiting a website (including our Site). It records information about the device, the browser and, in some cases, also about the preferences and typical activities that Users perform when browsing the website. The Controller
 may process the Users' Personal Data through Cookie technology, in accordance with the Controller's Cookies Policy.

11. Contact detalils
    

In case of any questions, doubts or comments regarding the information contained in this Policy or other issues related to the Controller's Processing of Users' Personal Data, including in order to exercise the rights referred to in Section IX hereof , please contact:

Personal Data Controller:

Root7 s.c.; e-mail: sklep@root7.pl phone number: +48 537 868 759

12. Definitions

• Controller means the entity that decides how and for what purposes Personal Data is Processed. The Controller is responsible for the compliance of the Processing with applicable data protection law.
  
  
  
• Personal Data means any information about any identified natural person or a natural person who is identifiable. Examples of Personal Data that the Controller may process are listed in Section II above.
  
  
  
  
• Process, Processing or Processed means any action in relation to Personal Data, whether or not carried out by automated means, such as acquiring, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, making available by transmission, disseminating or sharing otherwise, arranging or combining, restricting, erasing or destroying.
  
  
  
  
• Processor means any person or entity that Processes Personal Data on behalf of the Controller (other than an employee of the Controller).