PRIVACY POLICY OF GREY RABBIT SP. Z O.O.
This Privacy Policy of Grey Rabbit Sp. z o.o. describes how personal data is collected, used and disclosed by GREY RABBIT Sp. z o.o. with headquarters in Krakow, ul. Bojanówka 21/1, 30-381 Kraków, Poland, entered in the register of businesses of the National Court Register under number KRS 0000891036, Tax Identification Number (NIP): 6762593349, Industry Identification Number (REGON): 388260269 (hereinafter referred to as “GREY RABBIT”), during the use of the website www.greyrabbit.pl and its subpages.
I. DEFINITIONS
1. Controller or GREY RABBIT – GREY RABBIT Sp. z o.o. with headquarters in Krakow, ul. Bojanówka 21/1, 30-381 Kraków, Poland, entered in the register of businesses of the National Court Register under number KRS 0000891036, Tax Identification Number (NIP): 6762593349, Industry Identification Number (REGON): 388260269.
2. Terms and Conditions – the Terms and Conditions of the Online Store.
3. Policy – this Privacy Policy of GREY RABBIT. Acceptance of the Policy is a mandatory requirement for using the Online Store.
4. Website – the website with the following address: www.greyrabbit.eu
5. Online Store – a sales platform available at www.greyrabbit.eu
6. User – a person using the Online Store who has accepted its Terms and Conditions and the Privacy Policy.
7. Mobile Payment – online payment systems not operated by Grey Rabbit, but by third-party service providers. Purchases on the Online Store require acceptance of the mobile payment provider’s terms and conditions. Failure to accept or update the terms and conditions will prevent the cashless payment provider from settling fees for purchases in the Online Store. Payment card details are stored only by the mobile payment provider. Grey Rabbit does not keep Users’ payment card details.
II. ACCOUNT REGISTRATION
1. To create an Account, the User must provide their personal data.
2. Registration of a User account requires acceptance of the Terms and Conditions and the Privacy Policy.
3. During the account registration procedure, the User is required to provide the following personal data:
4. Grey Rabbit does not request Users to provide any identification documents.
5. Registration of a User is conditional on the provision of correct and accurate personal data (first name, surname), address and contact details, i.e. e-mail address and mobile phone number, and granting consent to the processing of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive
95/46/WE.
6. Users have the right to access their personal data and may complete and rectify them. In the event of any change in personal/contact details, Users agree to update them immediately.
7. Users are should not share their login credentials with any third parties.
8. At the stage of payment, Users may be redirected to external mobile payment services. Grey Rabbit processes Users’ personal data related to bank account information for the purpose of handling complaints and refunds.
9. When Users use the Store, through the User’s mobile device Grey Rabbit may collect data, such as date stamp, name and version of the operating system, version of application, and device ID. This information is used to provide sales and transport services and deliver notifications to Users.
III. USE OF WEBSITE
1. The Website may include or contain references or links to other websites which are not controlled by Grey Rabbit. The placement of links to other websites does not mean that Grey Rabbit endorses or controls the services provided by third parties.
2. It is possible to browse the Website without registering and creating a User account.
3. Grey Rabbit’s servers automatically record certain information related to the use of the Website, such as IP address, browser type, operating system, browser language, and Internet service provider.
4. Grey Rabbit also collects data on the Website activity of visitors. Upon the first visit to the Website, the visitor is assigned a number, which is stored in one or more cookies on the hard drive of the visitor’s computer. Those cookies allow us to distinguish between new visitors to the Website from visitors who have entered the Website in the past. In the case of Users, the cookie ID may be directly linked to the User.
IV. PRINCIPLES OF PERSONAL DATA PROCESSING:
Pursuant to Art. 13 1. of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”), we inform you that:
1. The Controller of personal data is GREY RABBIT z o.o. with headquarters in Krakow, ul. Bojanówka 21/1, 30-381 Kraków, Poland, entered in the register of businesses of the National Court Register under number KRS 0000891036, Tax Identification Number (NIP): 6762593349, Industry Identification Number (REGON): 388260269.
2. Personal data are processed on the basis of point of Art. 6.1 of the GDPR for the purpose of execution of an agreement and performance of a concluded agreement, enabling e-mail contact, including receipt of letters, requests and submissions in electronic form, document findings, as well as fulfilment of legal obligations of the Controller, establishment, exercise and defence of claims, handling complaints and submissions, financial settlements, including issuing accounting documents, fulfilment of tax obligations and for marketing purposes.
3. In particular, personal data collected through the Website are processed:
3.1.1. for the purpose of provision of services electronically in the scope of making available to the Users of content collected in the Online Store, performance of an executed agreement on sales and delivery of goods – the legal basis for the processing is the necessity of processing to perform the agreement (point (b) of Art. 6.1 of the GDPR);
3.1.2. 3.1.2. for analytical and statistical purposes – the legal basis for the processing is the legitimate interest of the Controller (point (f) of Art. 6.1 of the GDPR) consisting in analysing activity, users and their preferences in order to improve the functionality of the solutions used and services provided;
3.1.3. for the purpose of establishment, exercise or defence of claims, if any – the legal basis for the fulfilment of a legal obligation of the Controller and the legitimate interest of the Controller (point (c) and (f) of Art. 6.1 of the GDPR) consisting in protection of its rights,
3.2. the contact form are processed:
3.2.1. for the purpose of identifying the sender and processing a request or answering a question sent via the contact form – the legal basis for the processing is the legitimate interest of the Controller (point (f) of Art. 6.1 of the GDPR) consisting in enabling the processing of requests and answering questions asked in particular by persons interested in the Controller’s services;
3.2.2. for the purpose of monitoring and improving the quality of services, including customer service – the legal basis for the processing is the legitimate interest of the Controller (point (f) of Art. 6.1 of the GDPR) consisting in enabling the improvement of the quality of services provided by the Controller,
3.3. e-mail and postal correspondence are processed for the purpose of communication and answering questions to which the correspondence relates – the legal basis for the processing is the legitimate interest of the Controller (Art.
6.1 of the GDPR) consisting in handling correspondence addressed to the Controller in connection with its business activity,
3.4. contact by phone are processed:
3.4.1. for the purpose of enabling the processing of the matter for which the contact was made and answering the question asked – the legal basis for the processing is the legitimate interest of the Controller (point (f) of Art. 6.1 of the GDPR);
3.4.2. for the purpose of improving the quality of services provided by the Controller – the legal basis for the processing is the legitimate interest of the Controller (point (f) of Art. 6.1 of the GDPR),
3.5. social networking sites are processed for the purpose of informing Users of the Controller’s activities and promoting various events, services and products – the legal basis for the processing of personal data by the Controller is the Users’ consent (point (a) of Art. 6.1 of the GDPR).
4. Personal data will be stored for the duration of the agreement executed by the User, in connection with which the personal data are processed, as well as until claims under the executed agreement become time-barred. The Controller will store personal data as needed to comply with legal obligations, resolve disputes or enforce the provisions of the executed agreement. Personal data kept in the accounting records will be stored for the period indicated in the applicable laws, including tax laws, i.e. for six years
5. We disclose personal data to entities supporting the Controller in the provision of electronic services, i.e. those that provide courier, payment, credit, insurance, call centre, consulting, legal, accounting or auditing services, assist in website customer service, support the promotion of offers, cooperate in marketing campaigns, and to public authorities.
6. The Controller may disclose Users’ personal data as part of court proceedings (e.g. pursuant to a court order, due to a search warrant or subpoena) or at the request of law enforcement agencies (e.g. the Police, the Public Prosecutor’s Office), or in other exceptional circumstances that allow us to suspect that the Website is or has been used in breach of applicable law or to commit a crime, as well as when there is a reasonable suspicion that critical circumstances may occur that would threaten the safety of the User or another person, or when it is necessary to protect the rights or property of the Controller, Users or other third parties.
7. The Controller may disclose Users’ personal data in connection with a corporate transaction, process or restructuring relating to business activity for the purpose of which such data is kept (e.g. following a merger, acquisition or transfer of the Controller to another company). If this results in a change in the use of Users’ personal data, they will receive a relevant notification along with information about their rights.
8. The Controller warrants that all its employees, associates and advisors who process Users’ personal data have been duly authorised to do so, and are obliged to keep such data confidential.
9. Provision of personal data and making them available by Users during registration is voluntary, however, it is necessary to conclude a sales agreement through the Online Store.
10. To the extent necessary to perform the contract concluded with Users, and to the extent necessary for the Controller to take action at the request of Users, and to the extent necessary for the Controller to fulfil its legal obligation – the processing of the provided personal data, such as first name, surname, address, phone number, and e-mail address, is carried out based on a legal regulation, i.e. Art. 6. 1 lit. b), lit. (c) and (f) of Art. 6.1 of the GDPR, without the need for Users to consent to the processing of personal data.
11. Provision of personal data for marketing purposes is voluntary and is not required for using the Online Store.
12. It is possible to opt out of receiving promotional information from the Controller at any time by sending such a request to: rodo@greyrabbit.pl.
13. It is not possible to completely opt out of receiving e-mails from the Controller, as they are necessary for the management of the User’s account (unless the User decides to close the account).
14. Each User has the right of access to the content of their data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object to processing, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
15. Any person whose personal data is collected and processed also has the right to lodge a complaint with the President of the Personal Data Protection Office, if they consider that the processing of personal data violates the provisions of the GDPR.
16. In general, personal data will not be transferred outside the European Economic Area (hereinafter: “EEA”). However, personal data may be transferred outside the EEA, if it is necessary for the performance of the Agreement, including where the execution of a transaction requires the participation of the Controller’s subcontractors based outside the EEA. In such a case, your personal data will be transferred outside the EEA based on appropriate legal safeguards, that is standard contractual clauses for the protection of personal data, approved by the European Commission.
17. Users are aware that their personal data may be transferred to other countries within the European Union.
18. The collected personal data will not be subject to decision-making based solely on automated processing of personal data, including profiling.
19. Except as indicated in this Policy, the Controller does not rent, sell or share personal data collected through the Website and the Online Store to or with other persons or entities, unless it is necessary for provision of services by the Controller or in other circumstances, subject to the User’s consent.
V. CHANGES
We reserve the right to change this Privacy Policy. Any change shall become effective 14 days after its publication on www.greyrabbit.eu.
If the User does not accept the new wording of the Privacy Policy, they may delete their User account within the time limit indicated above.
VI. CONTACT
Should you have any questions or suggestions regarding this Privacy Policy, please e-mail us at: rodo@greyrabbit.pl.