Privacy Policy
1. Data Controller and Definitions
The controller of personal data of Customers / Users of the Online Store, also referred to as the Seller, is:
UPGECO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
Phone: +48 790 301 309
VAT ID (NIP): PL9592077230
REGON: 540005456
The Data Controller can be contacted:
-
by mail: GÓRNIKÓW STASZICOWSKICH 57, loc. 1, 25-808 KIELCE, Poland
-
by email: biuro@upgeco.com
User – a natural person visiting the website(s) of the Online Store or using the services or functionalities described in this Privacy and Cookies Policy.
Customer – a natural person with full legal capacity, a Consumer, a legal person, or an organizational unit without legal personality, which has legal capacity under applicable law, who enters into a Distance Sales Agreement with the Seller.
Online Store – the website operated by the Seller at https://upgeco.com, through which the Customer/User can obtain information about the Products and their availability, purchase Products, or order the provision of services.
Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2020, item 344), sent by the Seller to the Customer/User electronically; receiving the Newsletter is voluntary and requires the consent of the Customer/User.
Account – a collection of data stored in the Online Store and in the Seller’s IT system regarding a particular Customer/User and the orders and agreements concluded by them, which allows the Customer/User to place orders and conclude agreements.
GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
2. Purposes, Legal Basis, and Retention Period of Data Processing
For the purpose of fulfilling a Distance Sales Agreement, the Seller processes:
-
information about the User’s device to ensure correct functioning of services: IP address, information contained in cookies or similar technologies, session data, browser data, device data, activity on the Website, including individual subpages;
-
geolocation information if the User has consented to granting access to geolocation services. Geolocation data is used to provide more tailored offers of products and services;
-
personal data of Users: first name, last name, registered address, correspondence address, email address, phone number, VAT ID, bank account number, or other personal data necessary to complete the purchase as required during the ordering process.
These data do not by themselves reveal the identity of the Users but, in combination with other information, may constitute personal data and are therefore fully protected under GDPR.
Data are processed based on Article 6(1)(b) GDPR for contract performance (provision of services under the Terms and Conditions), and Article 6(1)(a) GDPR in connection with consent given for the use of cookies or other similar technologies, or for geolocation. Data are processed for the duration of the Customer/User’s use of the Online Store.
The Data Controller undertakes to implement appropriate technical and organizational measures pursuant to Article 32 GDPR, considering the state of technical knowledge, implementation costs, the nature, scope, purpose of processing, and risk of infringement on the rights or freedoms of individuals.
3. Marketing Activities of the Controller
On the Online Store, the Data Controller may display marketing information about its products or services. Displaying such content is based on Article 6(1)(f) GDPR, i.e., the legitimate interest of the Data Controller to provide content related to the services offered and promotional campaigns in which the Data Controller is involved. This does not infringe on the rights or freedoms of Customers/Users, as they reasonably expect or intend to receive such content when visiting the Online Store.
4. Recipients of User Data
The Data Controller discloses Users’ personal data only to entities processing data under contracts for data processing services for the Data Controller, e.g., hosting, IT services, marketing, and PR services.
5. Transfer of Personal Data to Third Countries
Personal data will not be processed in third countries.
6. Rights of Data Subjects
Every person whose data is processed has the right to:
-
Access (Art. 15 GDPR): obtain confirmation from the Data Controller whether personal data are being processed, and if so, access the data and information on the purposes, categories of data, recipients, retention period, and rights to rectification, erasure, restriction, or objection;
-
Copy of data (Art. 15(3) GDPR): receive a copy of personal data being processed; the first copy is free, subsequent copies may be subject to a reasonable administrative fee;
-
Rectification (Art. 16 GDPR): request correction of inaccurate or incomplete personal data;
-
Erasure (Art. 17 GDPR): request deletion of personal data if no legal basis for processing exists or data are no longer necessary;
-
Restriction of processing (Art. 18 GDPR): request limitation of processing in certain cases, such as disputed accuracy, unlawful processing, no longer needed data for controller purposes but required for claims, or objection lodged;
-
Data portability (Art. 20 GDPR): receive data in a structured, commonly used, machine-readable format and transfer them to another controller when processing is based on consent or contract and is automated;
-
Objection (Art. 21 GDPR): object to processing for legitimate interests, including profiling, prompting assessment of lawful grounds versus individual interests;
-
Withdrawal of consent: at any time, without affecting lawfulness of prior processing.
To exercise these rights, data subjects should contact the Data Controller using the contact details in Section 1.
7. President of the Personal Data Protection Office
Data subjects may lodge a complaint with the supervisory authority in Poland:
President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, Poland
-
Mail: ul. Stawki 2, 00-193 Warsaw
-
Electronic contact form: https://www.uodo.gov.pl/pl/p/kontakt
-
Hotline: 606-950-000
8. Data Protection Officer
Data subjects may contact the Data Protection Officer of the Data Controller directly by email or in writing at the address provided in Section 1.
9. Changes to the Privacy Policy
The Privacy and Cookies Policy may be updated or amended as necessary to provide current and accurate information to Customers/Users.
10. Cookies
The Online Store collects information about Customers/Users and their behavior via:
-
voluntarily provided information in forms for specific purposes;
-
cookies stored on end-user devices;
-
server logs collected by the hosting operator for proper functioning of the service.
Cookies are text files stored on the end device of the Customer/User, usually containing the site name, storage duration, and a unique identifier.
The Online Store uses cookies only with prior consent of the Customer/User. Consent is given by clicking “Close” on the cookie notice or closing the notice.
Users may refuse cookies via “I do not consent” or browser settings, which may affect some functionality.
Cookies are used for:
-
creating statistics to improve site structure and content;
-
maintaining logged-in sessions;
-
profiling for product recommendations and personalized ads, especially via Google Ads.
Functional cookies include session and persistent cookies (detailed list in original Polish text). Analytical and advertising cookies include Google Ads, Meta (Facebook), PayPal, Photoslurp, reCAPTCHA, IdoAccounts, IdoSell, IAI S.A., Google Maps.
11. Newsletter
Customers can consent to receive commercial information electronically via registration form or later via account settings. Consent can be withdrawn at any time via account settings, newsletter link, or Customer Service.
12. Account
Customers/Users must not post or provide unlawful content in the Online Store, including reviews.
Account registration requires providing name, company, VAT ID, address, email, and password. Registration implies agreement with the Terms and Conditions.
Access to the Account constitutes an indefinite contract for provision of electronic services. Consumers may withdraw according to the Terms and Conditions.
Registration on one site grants access to all Online Store websites.
The Customer/User may terminate the electronic service agreement at any time with immediate effect via email or in writing.
The Seller may terminate the service agreement if services are discontinued, transferred, or if the Customer/User breaches the law or Terms, or after 6 months of inactivity, with seven days’ notice. Re-registration may require the Seller’s consent.
