Facebook Pixel
Close

                                                                                       PRIVACY POLICY OF AN WEBSITE OFFANDOFF.COM

 

Please get carefully acquainted with this privacy policy. Privacy policy specifies the principles concerning processing of personal data collected and processed during the use of the Website.


1)     GENERAL PROVISIONS

  1. This policy is informative in nature, which implies that it is not the source of obligations for the Website Users. Privacy policy contains first of all the principles concerning processing personal data by the Website Administrator, in this the foundations, purposes and period of processing personal data and the rights of persons the data concern, as well as the information within the scope of using Cookies and analytical tools on the Website.

  2. The Administrator of personal data collected through the Website is ONE STOP SHOP SOLUTIONS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA  (address of the seat: ul. Gromadzka 5, 05-806 Sokołów and the address for the service of process: ul. Gromadzka 5, 05-806 Sokołów); entered into the Register of Entrepreneurs of the National Court Register under KRS no. 0000838140; the registry court where the company’s documentation is kept: The district Court for the capital city of Warsaw in Warsaw, 8th Commercial Division of the National Court Register; Tax Identification Number (NIP): PL5213895176; Statistical Identification Number (REGON): 385927098, email address: [email protected] – hereinafter referred to as the „Administrator” i being at the same time a Website Provider.

  3. The contact data of the personal data inspector assigned by the Administrator: [email protected].

  4. Personal data in the Website are processed by the Administrator in compliance with the binding regulations of the law, in particular in compliance with the ordinance of the EU Parliament and Council 2016/679 of April 27, 2016 on natural persons protection in relation to the processing of personal data and on free flow of such data and repeal of directive 95/46/WE (general regulation on the protection of personal data) – hereinafter referred to as the „GDPR” or „GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

  5. The use of the Website is non mandatory. Similarly, disclosing personal data by the user of the Website is also non mandatory, with the provision of two exceptions: (1) conclusion of agreements with the Administrator – failure to disclose, in the cases and in the scope indicated on the Website and in the Regulation of the Website and this privacy policy, personal data necessary to conclude and execute the agreement on the provision of Electronic Services or another agreement with the Administrator results in the impossibility of concluding this agreement. Disclosing personal data is in such case a contractual requirement and if a person whom personal data concern wishes to conclude an agreement with the Administrator, he/she is obligated to indicate the required data. Each time the scope of data required to conclude the agreement is indicated beforehand on the Website and in the Regulation of the Website; (2) statutory duties of the Administrator – disclosure of personal data is the requirement resulting from the commonly binding regulations of the law imposing on the Administrator the obligation of processing personal data (eg. in order to conduct accounting obligations) and failure to disclose them will make it impossible for the Administrator to fulfill these duties.

  6. The Administrator applies particular diligence in order to protect the interests of persons subject to the processing of personal data, and in particular he is responsible for and assures that the data collected by him are: (1) processed in compliance with the law; (2) collected for defined, compliant with the law and not subject to further processing which is not compliant with these goals; (3) correct with regards to their essence and adequate with regards to the goals of processing them; (4) stored in the form enabling identification of persons they concern, no longer than it is necessary to reach the goal of their processing and (5) processed in the manner ensuring proper safety of personal data, in this protection against unauthorized or illegal processing and accidental loss, damage or destruction, by means of relevant technical or organizational means.

  7. Considering the nature, scope, context and purposes of processing and the risk of violating the rights or freedoms of natural persons of various probability and importance of the threat, the Administrator implements relevant technical and organizational measures in order to ensure that the processing is conducted in compliance with the GDPR Regulation and in order to be able to prove it. If necessary, these measures are subject to reviews and updated. The Administrator applies technical measures preventing collection and modification of personal data sent via electronic mail by unauthorized persons.

  8. All words, expressions and acronyms which are found in this privacy policy and which start with a capital letter (e.g. Service Provider, Website, Electronic Service) should be understood in compliance with their definitions included in the Regulations of the Website available on the pages of the Website.

2)     DATA PROCESSING BASES

1.         The Administrator is authorized to process personal data in the cases when and to such extent to which at least one of the following conditions is met: (1) the data subject expressed his/her consent to the processing of his/her personal data for one or more specified goals; (2) the processing is necessary to execute the agreement to which the person is a party or to undertake activities at the request of the data subject, prior to the conclusion of the agreement; (3) the processing is necessary to fulfill the legal duty resting on the Administrator; or (4) the processing is necessary for purposes resulting from the legally justified interests executed by the Administrator or by a third party, with the exception of situations in which interests or basic rights and freedoms of the data subject, which require protection of personal data, in particular, if the person they concern is a child, are superior to the above-mentioned interests.

2.         Processing of personal data by the Administrator requires each time the existence of at least one of the bases indicated in point 2.1. of the privacy policy. Specific bases for the processing of personal data of the Website  Users by the Administrator are indicated in the subsequent point of the privacy policy – in relations to a given goal of personal data processing by the Administrator.

3)     THE GOAL, BASIS AND PERIOD OF DATA PROCESSING IN THE WEBSITE

1.         Each time, the goal, basis and period, as well as the recipients of personal data processed by the Administrator results from the activities undertaken by a given Client on the Website. 

2.         The Administrator may process personal data on the Website for the following goals, based on the following bases and within the following period:


Goal of data processing

Legal basis for data processing

Period of data processing

The execution of the agreement for the provision of an Electronic Service or another agreement or undertaking activities at the request of a person prior to the conclusion of the above-mentioned agreements

Article 6 clause 1 letter b) of the DGPR Regulation (execution of the agreement) – the processing is necessary for the execution of the agreement to which a person concerned is a party or to undertake activities at the request of the data subject, prior to the conclusion of the agreement.

The data are stored for the period necessary for the execution, termination or other expiration of the concluded agreement.

Direct marketing

Article 6 clause 1 point f) of the GDPR Regulation (legally justified interest of the Administrator) – the processing is necessary for the purposes resulting from the legally justified interests of the Administrator – consisting in caring for the interest and good image of the  Administrator.

The data are kept for the period of existence of the legally justified interest realized by the Administrator, no longer, however, than the period of limitation of the claims of the Administrator toward the data subject, on account of the business activity conducted by the Administrator. The limitation period is specified by the legal regulations (the basic limitation period for claims related to conducting business activity is  three years).The Administrator may not process the data for the purposes of direct marketing in the case of expressing an effective objection within this scope by the data subject.

Marketing

Article 6 clause 1 point a) of the GDPR Regulation (consent) – a data subject expressed his/her consent to the processing of his/her personal data for marketing purposes by the Administrator

The data are stored until the moment of withdrawing consent by the data subject to further processing of his/her data for such purpose.

Expressing an opinion on the concluded Sales Agreement by the Client

Article 6 clause 1 point a) of the GDPR Regulation – the data subject expressed his/her consent to the processing of his/her personal data for the purpose of expressing opinion

The data are stored until the time of withdrawing consent by the data subject for further processing of his/her data for this purpose.

Bookkeeping

Article 6 clause 1 point c) of the GDPR Regulation in conjunction with Article 74 clause 2 of the Accounting Act, i.e. of January 30, 2018 (Journal of Laws of  2018 item 395) – the processing is necessary for the fulfillment of the legal obligation resting on the Administrator.

The data are stored for the period required by the regulations of the law obliging the Administrator to store the accounting books (5 years, counting from the beginning of the year the accounting year to which the data pertain).

Establishing, investigating or defending claims which the Administrator may file or which may be filed against the Administrator

Article 6 clause 1 point f) of the GDPR Regulation (legally justified interest of the Administrator) – the processing is necessary for the purposes resulting from the legally justified interests of the Administrator  – consisting in establishing, investigating or defending the claims which the Administrator may file or which may be filed against the Administrator.

The data are stored for the period of existence of a justified interest realized by the Administrator, no longer however than for the period of limitation of claims which may be filed against the Administrator (the basic time limit for the limitation of claims toward the Administrator is six years).

Using the Website and ensuring its proper functioning

Article 6 clause 1 point f) of the GDPR Regulation (legally justified interest of the Administrator) – the processing of data is necessary for the purposes resulting from the legally justified interests of the Administrator consisting in the keeping and maintaining of the Website

The data are stored for the period of existence of the legally justified interest realized by the Administrator, no longer however than for the period of limitation of claims of the Administrator toward the data subject, on account of the business activity conducted by the Administrator. The period of limitation is specified by the regulations of the law (the limitation period for the claims related to conducting business activity is three years).

Keeping statistics and analysis of traffic on the Website

Article 6 clause 1 point f) of the GDPR Regulation (legally justified interest of the Administrator) – the processing is necessary for the purposes resulting from the legally justified interests of the Administrator consisting in the keeping of statistics and the analysis of traffic on the Website for the purpose of improving the functioning of the Website and increasing the scope of the provided Electronic Services and of the sold Products

The data are stored for the period of existence of the legally justified interest realized by the Administrator, no longer however than for the period of limitation of the claims of the Administrator in relation to the data subject, on account of business activity conducted by the Administrator. The limitation period is specified by the regulations of the law (basic limitation period for the claims related to conducting of business activity is three years.




4)     DATA RECIPIENTS ON THE WEBSITE

  1. For the proper functioning of the Website, including the proper provision of Electronic Services by the Administrator, it is necessary for the Administrator to use the services provided by external entities (such as, for example, a payment processor, or software provider). The Administrator uses only the services of such processors who provide sufficient guarantees to implement the appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of the data subjects.

  2. The transfer of data by the Administrator does not take place in each case and not to all recipients or categories of recipients indicated in the privacy policy of – the Administrator provides data only when it is necessary for the purpose of processing personal data and only to the extent necessary to execute it.

  3. Personal data of the Website Users may be transferred by the Administrator to the following recipients or categories of recipients:

    1. entities handling electronic payments or payments made by a payment card - in the case of a Website User who uses electronic payments or makes payments on the Website by a payment card, the Administrator provides the collected personal data of the Website User to the selected entity servicing the above payments at the Website at the request of the Administrator to the extent necessary to handle the payment made by Website User.

    2. service providers providing the Administrator with technical, IT and organizational solutions, enabling the Administrator to conduct business activities, including the Website and Electronic Services provided through it (in particular, computer software providers for running the Website, e-mail and hosting providers and software providers for managing the company and providing technical assistance to the Administrator) - the Administrator may share the collected personal data of the Website User to a selected supplier acting at its commission only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

    3. providers of legal and advisory services providing the Administrator with legal or advisory support (in particular a law firm or a debt collection company) - the Administrator may provide the collected personal data of the Service User to a selected supplier acting on at its commission only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

    4. providers of the opinion poll system - in the case of the Website User who has agreed to express an opinion on the concluded Sales Agreement, the Administrator provides the collected personal data of the Website User to the selected entity providing the system of opinion polls on the concluded Sales Agreements on the Website at the commission of the Administrator to the extent necessary for the Website User to express an opinion through the opinion poll system.

    5. providers of social plug-ins, scripts and other similar tools placed on the Website, allowing the browser of the Website's visitor to download the content from the providers of the said plug-ins (e.g. logging in using by means of the log-in data to the social network) and transferring personal data of the visitor to the suppliers, including: Facebook Ireland Ltd. - The Administrator uses the Facebook social plug-ins on the Website (e.g. the Like! button, Share or log in using Facebook login data) and therefore collects and shares personal data of the Website User to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbor, Dublin 2 Ireland) to the extent and in accordance with the privacy rules available here: https://www.facebook.com/about/privacy/ (these data include information about the activities on the Website - including information about the device, websites visited, purchases, advertisements displayed and the way of using the services - regardless of whether the Website User has a Facebook account and is logged in to Facebook).


5)     PROFILING ON THE WEBSITE

1.       The GDPR Regulation imposes an obligation on the Administrator to inform about automated decision-making, including profiling referred to in Art. 22 clause 1 and 4 of the GDPR Regulation, and - at least in these cases - relevant information about the rules for their adoption, as well as the significance and anticipated consequences of such processing for the data subject. With this in mind, in this point of the privacy policy the Administrator provides information on possible profiling.

  1. The Administrator may use profiling on the Website for direct marketing purposes, but the decisions made on its basis by the Administrator do not apply to the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services on the Website. The effect of using profiling on the Website may be, for example, granting a given person a discount, sending him/her a rebate code, reminding about unfinished purchases, sending a Product proposal that may correspond to the interests or preferences of a given person or proposing better conditions compared to the standard offer of the Website. Despite profiling, a given person makes a free decision whether he/she will want to use the rebate received in this way or better conditions and make a purchase on the Website.

  2. Profiling on the Website consists in an automatic analysis or forecast of a given person's behavior on the Website, e.g. by adding a specific Product to the basket, browsing the page of a specific Product on the Website, or by analyzing the history of activities undertaken on the Website. The condition for such profiling is the Administrator's having access to the personal data of a given person in order to be able to send him/her, e.g. a rebate code.

  3. The person to whom data relate has the right not to be subject to a decision which is based solely on automated processing, including profiling, and results in legal effects or substantially affects the person.


6)     THE RIGHTS OF THE DATA SUBJECT

1.       The right to access, rectify, limit, delete or transfer - the data subject has the right to request the Administrator to access his/her personal data, rectify or delete the data ("the right to be forgotten") or limit processing and has the right to object the processing, as well as has the right to transfer his/her data. Detailed conditions for the exercise of the above-mentioned rights are set out in Article 15-21 of the GDPR Regulation.

2.       The right to withdraw consent at any time - a person whose data is processed by the Administrator on the basis of the expressed consent (pursuant to Article 6, clause 1 point a) or Article 9 clause 2 point a) of the GDPR Regulation), he/she has the right to withdraw his/her consent at any time without affecting the lawfulness of the processing which was carried out on the basis of his/her consent before its withdrawal.

3.       The right to lodge a complaint to the supervisory body - the person whose data is processed by the Administrator has the right to lodge a complaint with the supervisory body in the manner and mode specified in the provisions of the GDPR Regulation.

4.       The right to object - the data subject has the right to object at any time - for reasons related to his/her particular situation - to the processing of his/her personal data based on Article 6, clause 1 point e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. The Administrator shall no longer process the personal data unless the it demonstrates compelling legitimate grounds for the data processing which override the interests, rights and freedoms of the data subject or for the establishment, investigation or defense of claims.

5.       The right to object direct marketing  - if the personal data are processed for the purpose of direct marketing, a data subject has the right at any time to file an objection against the processing of his/her personal data for the purposes of such marketing, including profiling, to the extent to which the processing is related to such direct marketing.

6.       In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator's address indicated at the beginning of the privacy policy.

7)     COOKIES ON THE WEBSITE AND ANALYTICS

1.       Cookie files (cookies) are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Website (e.g. on the hard drive of the computer, laptop or on the smartphone's memory card - depending on which device is used by the Website visitor). Detailed information on cookies, as well as the history of their creation, can be found, among others, here: https://pl.wikipedia.org/wiki/HTTP_cookie.

  1. Cookies that can be sent through the Website can be divided into various types, according to the following criteria:

With respect to their supplier:1)     own (created by the Administrator's Website) and2)     belonging to third persons/parties (other than the Administrator)

with respect to their storage period on the device of the Website visitor: 1)     session-based (stored until logging out of the Website or turning off the web browser) and2)     permanent (stored for a specified period of time, defined by the parameters of each file or until being manually deleted)

with respect to the purpose of their use:1)  necessary (enabling proper functioning of the Website),2)  functional/preferential (enabling the adjustment of the Website to the preferences of the Website visitor),3)  analytical and performance-based (collecting information on how to use the Website)

 

  1. The Administrator may process the data contained in Cookies when visitors use the Website for the following specific purposes:

Purposes of using cookies on the Website

identifying the Website Users as logged in to the Website and showing that they are logged in (necessary cookies)

remembering Products added to the basket in order to place an Order (necessary cookies)

remembering data from the completed forms, login details and surveys on the Website (necessary and/or functional/preferential cookies)

adjusting the content of the Website to the individual preferences of the Website User (e.g. regarding colors, font size, page layout) and optimizing the use of the Website pages (functional/preferential cookies)

keeping anonymous statistics showing how to use the Website (analytical and performance-based cookies)

remarketing, i.e. research on the behavior of visitors to the Website by anonymous analysis of their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their expected interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social cookies)

 

  1. You can check in the most popular web browsers which cookies (including the period of operation of cookies and their supplier) are currently sent by the Website is possible in the following way:

In the Chrome browser:

(1) in the address bar, click the lock icon on the left, (2) go to the "Cookies" tab.

In the Firefox browser:

(1) in the address bar, click the shield icon on the left, (2) go to the "Allowed" or "Blocked" tab, (3) click "Cross-site tracking cookies", "Social trackers" or "Content with Trackers"

In the Internet Explorer:

(1) click the "Tools" menu, (2) go to the "Internet Options" tab, (3) go to the "General" tab, (4) go to the "Settings" tab, (5) click the box "View files"

In the Chrome browser:

(1) in the address bar, click the lock icon on the left, (2) go to the "Cookies" tab.

in the Safari browser:

(1) click the "Preferences" menu, (2) go to the "Privacy" tab, (3) click the "Manage website data" field

Regardless of the browser, using the tools available, for example, on the website :  https://www.cookiemetrix.com/ or: https://www.cookie-checker.com/

 

  1. By default, most internet browsers available on the market accept cookies by default. Everyone has the option to define the terms of using cookies using the settings of their own web browser. This means that you can, for example, partially limit (e.g. temporarily) or completely disable the option of saving Cookies - in the latter case, however, it may affect some of the Website's functionalities.

  2. The web browser settings in the scope of cookies files are important from the point of view of consent to use cookies by our Website - in accordance with the legal regulations; such consent may also be expressed through the settings of the web browser. Detailed information on changing the settings for cookies and their self-removal in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the link):

in the Chrome browser

in the Firefox browser

in the Internet Explorer browser

in the Opera browser

in the Safari browser

in the Microsoft Edge browser

  1. The Administrator may use Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Website. These services help the Administrator keep statistics and analyze traffic on the Website. The collected data is processed as part of the above services to generate statistics helpful in the administration and analysis of traffic on the Website. These data are the aggregate data. The Administrator, using the above services on the Website, collects such data as the sources and medium of obtaining visitors to the Website and the manner of their behavior on the Website, information on devices and browsers from which they visit the website, IP and domain, geographic data and demographic data (age , gender) and interests.

  2. It is possible for a given person to easily block information about his/her activity on the Website - for this purpose, you can, for example, install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

  3. The Administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) in the Online Store. This service helps the Administrator measure the effectiveness of advertisements and find out what actions are taken by visitors to the online store, as well as display relevant advertisements to them. Detailed information on the operation of Facebook Pixel can be found at the following internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

  4. Managing the operation of Facebook's Pixel is possible through the ad settings in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8)     FINAL PROVISIONS

The Website may contain links to other websites. The Administrator encourages you, once you navigate to other websites, to familiarize yourself with the privacy policies adopted there. This privacy policy applies only to the Administrator's Website.