Shopping Cart (0)
Shopping cart is empty

For free delivery are missing -,--

Free delivery!

Sum 0,00 zł

Price includes discounts

M4 Design
M4 Design

Privacy Policy

PRIVACY POLICY

ONLINE STORE m4.design

TABLE OF CONTENTS:

  1. GENERAL PROVISIONS
  2. BASIS FOR DATA PROCESSING
  3. PURPOSE, BASIS, AND DURATION OF DATA PROCESSING IN THE ONLINE STORE
  4. DATA RECIPIENTS IN THE ONLINE STORE
  5. PROFILING IN THE ONLINE STORE
  6. RIGHTS OF THE DATA SUBJECT
  7. COOKIES IN THE ONLINE STORE AND ANALYTICS
  8. FINAL PROVISIONS

2.2.GENERAL PROVISIONS

  1. This Privacy Policy of the Online Store is for informational purposes only, which means it does not create any obligations for the Service Users or Customers of the Online Store. The Privacy Policy primarily outlines the principles regarding the processing of personal data by the Controller within the Online Store, including the legal bases, purposes, and scope of data processing, as well as the rights of the data subjects. It also provides information about the use of cookies and analytical tools in the Online Store.
  2. The Controller of personal data collected via the Online Store is Artur Polakowski, conducting business under the company CANEA Sp. z o.o., entered in the National Court Register (KRS) under number: 0000047370, with the following details: business address and correspondence address: al. Legionów 3/4, 25-035 Kielce, Poland, Tax Identification Number (NIP): 9591493469, Business Registry Number (REGON): 292432612, email address: sklep@m4.design, phone number: +48 507 820 784 — hereinafter referred to as the "Controller", who is also the Service Provider of the Online Store and the Seller.
  3. Personal data in the Online Store is processed by the Controller in accordance with applicable laws, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) — hereinafter referred to as “GDPR” or the “GDPR Regulation”.The official text of the GDPR Regulation is available at: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

  4. Use of the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the User or Customer of the Online Store is voluntary, subject to two exceptions: (1) Entering into agreements with the Controller — failure to provide, in the cases and to the extent indicated on the Online Store website, in the Terms and Conditions of the Online Store, and in this Privacy Policy, the personal data necessary to conclude and perform the Sales Agreement or the agreement for the provision of Electronic Services with the Administrator will result in the inability to enter into such an agreement. Providing personal data in this case is a contractual requirement, and if the data subject wishes to enter into an agreement with the Controllerr, they are obliged to provide the required data. The scope of data required for concluding the agreement is always indicated in advance on the Online Store website and in the Terms and Conditions of the Online Store. (2) Legal obligations of the Controller — providing personal data is a statutory requirement resulting from generally applicable laws that impose an obligation on the Controller to process personal data (e.g., processing data for tax or accounting records), and failure to provide such data will prevent the Controller from fulfilling these obligations.

  5. The Controller exercises particular care to protect the interests of individuals whose personal data are being processed and is specifically responsible for ensuring that the data collected are: (1) processed lawfully; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) accurate and adequate in relation to the purposes for which they are processed; (4) stored in a form which permits the identification of data subjects for no longer than is necessary to achieve the purposes of processing; and (5) processed in a way that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
  6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of violating the rights or freedoms of natural persons of varying likelihood and severity, the Controller implements appropriate technical and organisational measures to ensure that processing is carried out in accordance with this Regulation and to be able to demonstrate such compliance. These measures are reviewed and updated as necessary. The Controller applies technical measures to prevent unauthorised persons from accessing or modifying personal data transmitted electronically.
  7. All words, expressions, and acronyms used in this Privacy Policy that begin with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definitions provided in the Terms and Conditions of the Online Store available on the Online Store’s website.

2.3.LEGAL BASES FOR DATA PROCESSING

  1. The Controller is authorised to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) the processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract; (3) the processing is necessary for compliance with a legal obligation to which the Controller is subject; or (4) the processing is necessary for the purposes of legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
  2. The processing of personal data by the Controller requires, in each case, the existence of at least one of the legal bases indicated in point 2.1 of this Privacy Policy. The specific legal bases for the processing of the personal data of Service Users and Customers of the Online Store by the Controller are indicated in the following section of the Privacy Policy — in relation to each specific purpose for which the Controller processes personal data.

2.4.PURPOSE, LEGAL BASIS AND DURATION OF DATA PROCESSING IN THE ONLINE STORE

1. In each case, the purpose, legal basis, duration, and recipients of the personal data processed by the Administrator arise from the actions undertaken by the given Service User or Customer within the Online Store, or by the Controller For example, if a Customer chooses to make a purchase in the Online Store and selects personal collection of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of fulfilling the concluded Sales Agreement, but will not be shared with the carrier handling shipments on behalf of the Controller.

2. The Controller may process personal data within the Online Store for the purposes, on the legal bases, and for the periods indicated in the table below:

 

Purpose of data processing

Legal basis for data processing

Period of data storage

Performance of the Sales Agreement or the agreement for the provision of Electronic Services, or taking steps at the request of the data subject prior to entering into the aforementioned agreements

Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.

Data is stored for the period necessary to perform, terminate, or otherwise conclude the concluded Sales Agreement or the agreement for the provision of the Electronic Service.

Direct marketing 

Article 6(1)(f) of the GDPR (the legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting of safeguarding the interests and good reputation of the Controller, its Online Store, and striving to sell Products.

 

Data is stored for the duration of the legally justified interest pursued by the Controller, but no longer than the limitation period for claims of the Controller against the data subject arising from the Controller’s business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for sales agreements, two years).

The Controller cannot process data for direct marketing purposes if the data subject has effectively objected to such processing.

Marketing

Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Controller.

 

Data are stored for the period necessary to perform, terminate, or otherwise expire the concluded Sales Agreement or the agreement for the provision of Electronic Services.

The Customer’s expression of opinion about the concluded Sales Agreement

Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of their personal data for the purpose of expressing an opinion.

 

Data are stored until the data subject withdraws their consent to further processing of their data for this purpose.

Maintaining accounting records

Article 74(2) of the Accounting Act of 30 January 2018 (Journal of Laws 2018, item 395) – processing is necessary to fulfil the legal obligation incumbent upon the Controller;

 

Data are retained for the period required by law obliging the Controller to maintain accounting records (5 years, counted from the beginning of the year following the financial year to which the data relate).

Establishing, pursuing, or defending claims that may be raised by the Controller or against the Controller.

Article 6(1)(f) of the GDPR (the legitimate interests of the Controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting of establishing, pursuing, or defending claims that may be raised by the Controller or against the Controller.

 

Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims that may be brought against the Controller(the standard limitation period for claims against the Controller is six years).

Use of the Online Store website and ensuring its proper functioning

Article 6(1)(f) of the GDPR (the legitimate interests of the Administrator) – processing is necessary for the purposes of the legitimate interests pursued by the Administrator, consisting of operating and maintaining the Online Store website.

Data are stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims the Administrator may bring against the data subject in connection with the Administrator’s business activities. The limitation periods are determined by law, in particular the Civil Code (the standard limitation period for claims related to business activities is three years, and for sales agreements two years).

Conducting statistics and analyzing traffic on the Online Store

Article 6(1)(f) of the GDPR (the legitimate interests of the Controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller, consisting of conducting statistics and analysing traffic on the Online Store in order to improve its operation and increase Product sales.

Data are stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims the Controller may bring against the data subject in connection with the Controller’s business activities. The limitation periods are determined by law, in particular the Civil Code (the standard limitation period for claims related to business activities is three years, and for sales agreements two years).

2.5.RECIPIENTS OF DATA IN THE ONLINE STORE

  1. For the proper functioning of the Online Store, including the fulfilment of concluded Sales Agreements, it is necessary for the Controller to use the services of external entities (such as software providers, couriers, or payment service providers). The Controller uses only such data processors who provide sufficient guarantees of implementing appropriate technical and organisational measures to ensure that the processing complies with the requirements of the GDPR and protects the rights of the data subjects.
  2. The transfer of data by the Controller does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Controller transfers data only when it is necessary to achieve the specific purpose of personal data processing and only to the extent necessary for its fulfilment. For example, if a Client opts for personal collection, their data will not be shared with the carrier cooperating with the Controller.
  3. The personal data of Service Recipients and Clients of the Online Store may be transferred to the following recipients or categories of recipients:
    1. Carriers / freight forwarders / courier brokers / entities handling warehousing and/or the shipping process – in the case of a Customer who uses the Online Store to have the Product delivered by postal or courier service, the Controller provides the collected personal data of the Customer to the selected carrier, freight forwarder, or intermediary responsible for handling shipments on behalf of the Controller. If the shipment is made from an external warehouse, the data is also shared with the entity handling warehousing and/or the shipping process – to the extent necessary for the delivery of the Product to the Customer.
    2. Entities handling electronic or card payments – in the case of a Customer who uses electronic or card payment methods in the Online Store, the Controller provides the collected personal data of the Customer to the selected entity handling such payments in the Online Store on behalf of the Controller, to the extent necessary for processing the payment made by the Customer.
    3. Credit providers / leasing companies in the case of a Customer who uses an installment payment system or leasing payment option in the Online Store, theController provides the collected personal data of the Customer to the selected credit provider or leasing company handling such payments in the Online Store on behalf of the Controller, to the extent necessary for processing the payment made by the Customer.
    4. Suppliers of opinion survey systems in the case of a Customer who has agreed to provide feedback on the concluded Sales Agreement, the Controller provides the collected personal data of the Customer to the selected entity supplying the opinion survey system for Sales Agreements concluded in the Online Store, on behalf of the Controller, to the extent necessary for the Customer to submit their feedback using the survey system.
    5. Service providers supplying the Controller with technical, IT, and organizational solutions that enable the Controller to conduct business activities, including operation of the Online Store and the Electronic Services provided through it (in particular, providers of software for running the Online Store, email and hosting providers, and providers of business management software and technical support services) – the Controller provides the collected personal data of the Customer to a selected provider acting on the Controller’s behalf only when and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.
    6. Providers of accounting, legal, and advisory services who offer the Controller accounting, legal, or consulting support (in particular, an accounting office, law firm, or debt collection agency) – the Controller provides the collected personal data of the Customer to a selected provider acting on the Controller’s behalf only when and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.
    7. Providers of social media plugins, scripts, and other similar tools embedded on the Online Store website, which enable the browser of a person visiting the Online Store to retrieve content from the providers of such plugins (e.g. logging in using social media credentials) and, for this purpose, transmit personal data of the visitor to those providers, including:
      1. Facebook Ireland Ltd. – The Controller uses Facebook social media plugins on the Online Store website (e.g. the Like button, Share button, or login using Facebook credentials) and, in connection with this, collects and shares the personal data of the Service Recipient using the Online Store website with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and in accordance with the privacy rules available here: https://www.facebook.com/about/privacy/ (this data includes information about activity on the Online Store website – including device information, visited websites, purchases, viewed advertisements, and use of services – regardless of whether the Service Recipient has a Facebook account or is logged into Facebook.)

2.6.PROFILING IN THE ONLINE STORE

  1. In accordance with the provisions of the GDPR, the Controller is obliged to inform data subjects about any automated decision-making processes, including profiling, as referred to in Article 22(1) and (4) of the Regulation. This includes providing – at least in such cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. With this in mind, the Controller provides the following information regarding potential profiling within this privacy policy.

  2. The Controller may use profiling within the Online Shop for the purposes of direct marketing. However, decisions made by the Controller based on such profiling do not concern the conclusion or refusal to conclude a Sales Agreement, nor do they affect the ability to use Electronic Services available in the Online Shop.As a result of profiling, a given person may, for example, be granted a discount, receive a discount code, be reminded of unfinished purchases, be presented with a product offer that may match their interests or preferences, or be offered more favourable conditions compared to the standard offer available in the Online Shop. Despite the use of profiling, it is always the individual who freely decides whether they wish to take advantage of the discount, offer, or improved terms received in this way and proceed with a purchase in the Online Shop.

  3. Profiling in the Online Shop involves the automatic analysis or prediction of an individual’s behaviour on the Online Shop website for example, by adding a specific product to the basket, viewing the page of a particular product, or analysing the person’s previous purchase history in the Online Shop. Such profiling requires the Controller to have access to the individual's personal data, in order to, for instance, send them a discount code afterwards.
  4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

2.7. RIGHTS OF THE DATA SUBJECT

  1. The data subject has the right to request from the Controller access to their personal data, its rectification, erasure ("right to be forgotten") or restriction of processing. They also have the right to object to the processing of their data, as well as the right to data portability.The specific conditions for exercising these rights are set out in Articles 15–21 of the GDPR.
  2. Right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR), has the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
  3. Right to lodge a complaint with a supervisory authority – a person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
  4. Right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them based on Article 6(1)(e) (public interest or public tasks) or (f) (legitimate interests of the controller), including profiling based on those provisions. In such a case, the controller shall no longer process that personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.
  5. Right to Object to Direct Marketing – if personal data is processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling to the extent that it is related to direct marketing.
  6. To exercise the rights described in this section of the privacy policy, you can contact the Controller by sending a written message or an email to the Controller’s address provided at the beginning of this privacy policy, or by using the contact form available on the Online Store’s website.

2.8.COOKIES IN THE ONLINE STORE AND ANALYTICS

  1. Cookies are small text files sent by a server and stored on the device of the person visiting the Online Store’s website (for example, on the hard drive of a computer or laptop, or on the memory card of a smartphone—depending on the device used to access our Online Store). Detailed information about cookies, as well as their history, can be found, among other places, here:: https://pl.wikipedia.org/wiki/HTTP_cookie.
  2. Cookies that may be sent by the Online Shop website can be classified into different types based on the following criteria:

Based on their provider:

1.  First-party cookies (created by the Online Store website Controller) and

2.    Third-party cookies (belonging to persons/entities other than the Controller)

Based on their storage duration on the device of the person visiting the Online Store website:

1.    Session cookies (stored until the user logs out of the Online Store or closes the web browser) and

2.    persistent cookies (stored for a specified period defined by each cookie’s parameters or until manually deleted)

Based on their purpose:

1.    Necessary cookies (enabling the proper functioning of the Online Store website

2.    Functional/preference cookies allow the Online Store website to be customised according to the preferences of the visitor.),

3.    Analytical and performance cookies collect information about how the Online Store website is used.

4.    Marketing, advertising, and social cookies collect information about the visitor to the Online Store website in order to show personalised ads and carry out other marketing activities, including on websites separate from the Online Store, such as social media platforms.

 
  1. The Controller may process the data contained in cookies when visitors use the Online Store website for the following specific purposes:

Purposes of using cookies in the Controller’s Online Store

Identification of users as logged in to the Online Store and displaying their logged-in status (necessary cookies).

Remembering products added to the shopping cart for order placement (necessary cookies).

Remembering data from completed order forms, surveys, or login details for the Online Store (necessary and/or functional/preference cookies).

Customising the content of the Online Store website according to the individual preferences of the user (e.g., colours, font size, page layout) and optimising the use of the Online Store’s pages (functional/preference cookies).

Collecting anonymous statistics showing how the Online Store website is used (statistical cookies).

Remarketing, which involves analysing the behaviour of visitors to the Online Store through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) in order to create a profile and deliver ads tailored to their anticipated interests, including when they visit other websites within the advertising networks of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising, and social cookies).
  1. You can check which cookies (including their duration and provider) are currently being sent by the Online Shop website in the most popular web browsers as follows:


In the Chrome browser:
(1) Click the padlock icon on the left side of the address bar,
(2) Go to the “Cookies” tab.

In the Firefox browser:
(1) Click the shield icon on the left side of the address bar,
(2) Go to the “Allowed” or “Blocked” tab,
(3) Click on the section labelled “Cross-site tracking cookies,” “Social media trackers,” or “Content with tracking elements.”

In the Internet Explorer browser: (1) Click the “Tools” menu, (2) Go to the “Internet Options” tab, (3) Go to the “General” tab, (4) Go to the “Settings” tab, (5) Click the “View files” button.

In the Opera browser: (1) Click the padlock icon on the left side of the address bar, (2) Go to the “Cookies” tab.

In the Safari browser: (1) Click the “Preferences” menu, (2) Go to the “Privacy” tab, (3) Click the “Manage Website Data” button.

Regardless of the browser, you can use tools available, for example, on the website: https://www.cookiemetrix.com/ and https://www.cookie-checker.com/
  1. By default, most web browsers available on the market accept cookies by default. Everyone has the option to specify the conditions for using cookies using their own web browser settings. This means that you can, for example, partially restrict (e.g. temporarily) or completely disable the ability to save cookies – in the latter case, however, this may affect some of the functionality of the Online Shop (for example, it may not be possible to complete the Order process via the Order Form because the Products in the basket are not remembered during the subsequent steps of placing the Order).
  2. Browser settings regarding cookies are important in terms of giving consent to the use of cookies by our Online Store – according to regulations, such consent can also be given through browser settings. Detailed information on how to change cookie settings and delete cookies manually in the most popular web browsers is available in the browser’s help section and on the following websites (just click on the relevant link):

in the Chrome browser

in the Firefox browser

in the Internet Explorer browser

in the Opera browser

in the Safari browser

in the Microsoft Edge browser

  1. The Controller may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the Online Store website. These services help the Controller compile statistics and analyse traffic within the Online Store. The data collected through these services is used to generate statistics useful for administering and analysing the performance of the Online Store. This data is aggregated in nature. By using these services, the Controller collects information such as the sources and mediums through which visitors arrive at the Online Store, how they behave on the website, details about the devices and browsers they use to access the site, IP addresses and domains, as well as geographic, demographic (age, gender), and interest data.
  2. It is possible for a user to easily block the sharing of information about their activity on the Online Store website with Google Analytics – for example, by installing a browser add-on provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
  3. The Controller may use the Facebook Pixel service on the Online Store website, provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller measure the effectiveness of advertisements, understand what actions visitors take on the Online Store, and display tailored ads to those users. Detailed information about how the Facebook Pixel works can be found at the following web address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
  4. You can manage how the Facebook Pixel works through the ad settings in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
  1. FINAL PROVISIONS 
    1. The Online Store may contain links to other websites. The Controller encourages users to familiarise themselves with the privacy policy in place on those websites after navigating to them. This privacy policy applies only to the Controller’s Online Store.