The personal data administrator responsible for their processing is:
Bolo Iwona Sikora
Kołłątaja 12/9
Kielce 25-715
kontakt@bolo.pl
Thank you for your interest in our online store. The protection of your privacy is very important to us. Below you will find detailed information on the handling of your data.
1. Access data and hosting
You can visit our websites without the provision of personal data. Each time a website is accessed, the server automatically saves only so-called server logs, e.g. the name of the requested file, your IP address, date and time of the request, the amount of data transferred and the Internet service provider submitting the request (so-called access logs), as well as records the page access. This data is analysed explicitly to ensure the proper functioning of our website and to improve our offer. In accordance with art. 6(1)(f) of the GDPR, the above serves to secure our legitimate interest, which is based on the optimal and correct presentation of our websites and offers.
Hosting
All access data will be deleted at the latest one month after the end of your visit to our website.
Website hosting and display services are partly provided on our request by our service providers. as part of the entrusted data processing. Unless otherwise indicated in this privacy policy, all access data and data collected in the forms provided for this purpose on our website will be processed on their servers. If you have any questions about our service providers and the basics of cooperation with them, please contact us. Our contact details can be found in the section “Our contact details and your rights”.
2. Collecting and processing data for the purposes of performance of the contract and contractual obligations
2.1 Data processing for the purposes of the contract
We process the personal data, which is provided by you voluntarily when submitting the order, for the purpose of implementation of the contract (including any requests for solving the claims pursuant to the warranty for defects or guarantee, and in the field of informing about necessary updates). The legal basis in this regard is art. 6(1)(b) of the GDPR. Mandatory fields are marked as such because they concern data that is necessary to complete the order, and without providing them we are unable to complete such order. The type of collected data results directly from the forms into which the data is entered.
Further information on the processing of your data, in particular regarding the transfer of data to our service providers for processing of the orders, payment and shipping, can be found in the following sections of this privacy policy. After the contract is completed, the processing of your data will be limited, and after the expiry of the storage periods required under tax regulations and the Accounting Act, these data will be deleted (art. 6 (1)(c) of the GDPR), unless you give your express consent (art. 6(1)(a) of the GDPR) for further use of this data for other purposes, or we reserve the right to further use of such data in the cases permitted by law, about which you will be informed in accordance with this privacy policy.
2.2 Customer account
Pursuant to art. 6(1)(a) of the GDPR, if you give your consent to set up a customer account, we will process your personal data which is necessary for this purpose.
Such data will also be used for future orders on our website. Your customer account may be deleted at any time. For this purpose, please send a message to our contact address indicated in the section “Our contact details and your rights” or use the appropriate functionality in the customer account settings. After deleting your customer account, the processing of your data will be limited, and after the expiry of the storage periods specified in tax regulations and the Accounting Act, these data will be deleted (art. 6(1)(c) of the GDPR), unless you expressly give consent (art. 6 (1)(a) of the GDPR) for further use of this data, or we reserve the right to further use of such data, in accordance with applicable law, for other purposes, about which you will be informed in such event pursuant to this privacy policy.
2.3 Data processing for contact purposes
As part of communication with the customer, we process personal data in order to process your inquires (art. 6(1)(b) of the GDPR). You provide us with this data voluntarily when contacting us (e.g. via the contact form or e-mail). Mandatory fields are marked as such because they relate to data that is necessary to process the inquiry. The type of collected data results directly from the forms into which the data is entered. After your inquiry has been fully processed, your data will be deleted, unless you give an express consent (Art. 6(1)(a) of the GDPR) to further use of this data for other purposes, or we reserve the right to further use it in the cases permitted by law, about which you will be informed in such a situation, in accordance with this privacy policy.
3. Data processing for the purpose of delivery
In order to perform the contract (art. 6(1)(b) of the GDPR), we transfer your data to the shipping company selected by you in the ordering process, which is commissioned for the delivery of the ordered products.
4. Data processing for payment processing purposes
In order to process payments in our online store, we cooperate with external service providers that support electronic online payments and transfer your data to the payment service provider which is selected by you in the ordering process. The purpose of the above is to perform the contract (art. 6(1)(b) of the GDPR).
Data processing to prevent fraud and optimize payments
In some situations, we may provide our service providers with additional information that may be used by them along with the information necessary to complete the payment. Thereafter, these service providers act on our behalf as processing entities and provide us with services in the field of fraud prevention and optimization of payment processes (e.g. invoicing, analysis of rejected payments, accounting support). According to art. 6(1)(f) of the GDPR, this serves our legitimate interests in protection against abuse and fraud and in the effective management of payments.
5. Marketing activity channels: e-mail
If you subscribe to our newsletter, then based on your consent (art. 6(1)(a) of the GDPR), we will use the data you provide to us in order to regularly send our newsletter by e-mail.
Withdrawal from the newsletter is possible at any time. For this purpose, please send a message to our contact address indicated in the section “Our contact details and your rights”, or use the unsubscribe link in the newsletter. After unsubscribing from the list of newsletter recipients, we will delete your e-mail address, unless you expressly consent (art. 6(1)(a) of the GDPR) to further use of this data for other purposes or, in accordance with applicable law, we reserve the right to further use of such data, about which in such a situation you will be informed in this privacy policy.
5.1 Sending a newsletter
The newsletter is sent as part of entrusting data processing, which is ordered by us, by an external service provider. If you have questions about our service providers and the basis of our cooperation with them, please contact us. Contact details can be found in the section “Our contact details and your rights”.
Our service providers have main offices and/or use servers in the following countries: USA
In relation to these countries, the European Commission has not issued decisions stating an adequate level of data protection. The transfer of data as part of our cooperation with service providers from these countries is based on the following safeguards:
5.2 Sending an invitation to review a purchase
If you have consented to this during or after placing an order (art. 6(1)(a) of the GDPR), then we will use your e-mail address to send you an electronic invitation to review the purchase, which was made in our store.
Giving an review/rating takes place through the review system which is used by us. You can withdraw your consent at any time by sending a message with information about the withdrawal of consent, to our contact address indicated in the section “Our contact details and your rights”. Alternatively, you can also use the link to unsubscribe from the list of newsletter recipients, which is included in the message with invitation to write a review.
Invitations to write reviews are sent by our service provider, Trusted Shops AG Subbelrather Str. 15C, 50823 Cologne, Germany (“Trusted Shops”). As part of sending invitations, we receive status information from Trusted Shops (e.g. whether the respective invitation to write a review has been sent and whether it has reached the addressee).
This is done in accordance with Art. 6(1)(f) of the GDPR for the purposes of our legitimate interest in receiving information on invitations to write a review, in order to make optimization feasible according to this basis, if necessary, as well as for the legitimate interest of Trusted Shops, in order facilitate offering this service.
We share responsibility with Trusted Shops for sending invitations for reviews and for collecting and displaying feedback and rating, or status information.
As part of this shared responsibility between us and Trusted Shops, if you have any questions about the protection of your data or wish to assert your rights, please contact Trusted Shops. Contact details are available at
this page. There you will also find further information on Trusted Shops data protection. Regardless of this, you can always contact us directly. If necessary, your inquiry will be forwarded to Trusted Shops, which is jointly responsible for data processing.
6. Cookies and similar technologies
General Information
In order to make your visit to our website more attractive and to enable you to use its key functionalities, we use technological tools for this purpose, including the so-called cookies. Cookies are small text files that are automatically saved on your end device. Some of the cookies we use are deleted after the end of the web browser session, i.e. after it is closed (so-called session cookies). Other cookies are stored on your end device and enable us to recognize your browser the next time you visit the website (so-called persistent cookies).
End device privacy protection
When using our Internet offer, we use technologies that are absolutely necessary to ensure the correct and optimal use of the necessary functionalities of our website. In this respect, the storage of information on the user’s end device or access to information already stored on this end device does not require the user’s consent.
For functionalities that are not strictly necessary, the storage of information on the user’s end device or access to information already stored on this end device requires the user’s consent. It should be considered that in the absence of consent, some functionalities or website components may not be available in full extent. Any consents granted by the user remain valid until the consent is withdrawn, the settings are reconfigured or the relevant settings are reset on the end device.
Other cases of data processing with means of cookies and other technologies
We use technologies that are absolutely necessary to ensure the correct and optimal use of the necessary functionalities of our website (e.g. shopping cart function). These technologies process data such as your IP address, time of visit to the website, information about the device and browser, as well as information about the use of our website (e.g. about the contents of the shopping cart). In accordance with art. 6(1)(f) of the GDPR, this serves our legitimate interest in the optimal presentation of our offer.
In addition, we also use technological tools to comply with legal obligations requested from us (e.g. to have a prove of a consent granted for the processing of your personal data), as well as for web analytics and internet marketing. Further information on this, including the relevant legal bases for data processing, can be found in the following sections of this privacy policy.
In the auxiliary menu of the web browser you will find explanations on changing the cookies settings. They are available at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
When you have given us your consent to use certain technological tools (art. 6(1)(a) of the GDPR), you may withdraw such consent at any time. In order to withdraw your consent, please contact us via the contact address indicated in the section “Our contact details and your rights”.
7. Use of cookies and similar technological tools
If you have given your consent for this (art. 6(1)(a) of the GDPR), we use the following cookies and other similar technological tools from external service providers on our website. When the purpose of the processing is achieved and the use of a given technological tool is completed, the data collected as part of the use of these tools will be deleted. The consent given may be withdrawn by you at any time. Detailed information on the possibility of withdrawing consent and your right to object can be found in the section “Cookies and similar technologies”. Further information can be found on the websites of the respective service providers. If you have questions about our service providers and the basis of our cooperation with them, please contact us.
Contact details can be found in the section “Our contact details and your rights”.
7.1 Use of Google Services
Google Analytics
For optimization purposes and to make our website offer more attractive, we have also activated data sharing settings for “Google products and services”. This allows Google to access the data collected and processed as part of the Google Analytics service and use them to improve products and services provided by Google. The provision of data to Google for this purpose takes place on the basis of an additional agreement concluded between data administrators. We have no influence on the subsequent data processing by Google.
We also use the Google Signals tool for web analytics purposes, which is an extension of Google Analytics services and enables the so-called “cross-device tracking” (identifying users using multiple devices). This means that if your devices with Internet access are connected to your Google account and you have activated the “personalized advertising” option on your Google account, then Google may generate reports on the methods of using our website (in particular, on the number of users using different devices), even if you change devices. We do not process your personal data in this regard, we only receive statistics based on the functionalities and technologies of Google Signals.
Google Ads
With the help of Google Ads, we promote our website in search results and on third-party websites. For this purpose, a Google’s cookie remarketing file will be automatically saved on your device when you visit our website, which based on the websites you visit, allows to display advertisements consistent with your interests, by processing your data with means of a pseudonymous identifier (ID) for this purpose (IP address, time of visit to the website, information about the device and browser, as well as information about the use of our website). Further data processing only takes place if you have activated the option to personalize ads in your Google account settings. In this case – if you are logged in to Google while visiting our website, Google will use your data together with the data collected as part of the Google Analytics service in order to create and define the so-called lists of target groups for remarketing purposes at various devices.
We use the following technology tools from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The information collected automatically by Google technologies regarding the use of our website is usually transferred to a server of Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA and stored there. The European Commission has not issued a decision for the US on the adequate data protection level. Our cooperation is based on standard data protection clauses adopted by the European Commission. Unless otherwise specified for individual Google technologies described in this privacy policy, data processing is carried out on the basis of an agreement concluded with Google for the co-administration of personal data, in accordance with art. 26 of the GDPR. Further information on data processing by Google can be found in privacy policy on Google’s website.
For the purpose of our website use analysis, we use Google Analytics – a web analytics tool from Google, which automatically processes your data for this purpose (IP address, time of visit to the website, information about the device and browser, as well as information about the use of our website) and creates pseudonymous user profiles on their basis. Cookies may be used for this purpose. When you visit our website from within the EU, your IP address is stored on a server located in the EU, in order to obtain the location data, and then it is immediately deleted before traffic is redirected to further Google servers.
Data processing as part of the Google Analytics service takes place on the basis of a data entrustment agreement concluded with Google.
Google Maps
For the visual presentation of geographical information, Google Maps will store and process information about your method of use of the maps and individual functionalities, including, for example, your IP address and location data. We have no influence on the above data processing by Google.
Google reCAPTCHA
In order to protect against spam and prevent abuse and incorrect use of our web forms (e.g. using harmful bots), the Google reCAPTCHA tool has been integrated with our website, which processes your data for this purpose (IP address, time of visit to the website, information about the device and browser, as well as information about the use of our website) and based on this it analyses your use of our website with means of JavaScript and cookies. Personal data entered by you in individual fields of the forms on our websites will not be read or saved.
Google Fonts
In order to ensure a consistent presentation of content on our websites, the “Google Fonts” script is integrated into our website, which processes your data (IP address, time of visit, information about the device and browser, as well as information about the use of our website). We have no influence on the above data processing by Google.
7.2 Use of Facebook Services
Facebook Pixel
We use the Facebook Pixel tool provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). The scope of the functionalities of the Facebook Pixel tool we use is indicated below. The Facebook pixel automatically collects and stores data (your IP address, time of visit, device and browser information, as well as information about the use of our website, e.g. website visit or subscription to the newsletter). Pseudonymized user profiles are then created from this data.
For this purpose, the Facebook pixel stores a cookie on your device when you visit our website, which enables your browser to be automatically recognized, by using a pseudonymous cookie ID when you visit other websites. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to your use of websites, in particular for the purpose of personalized advertising. Information automatically collected by Facebook technologies about the usage methods of our website is usually transmitted to the server of Facebook, Inc. 1601 Willow Road, Menlo Park, California 94025, USA and stored there. In relation to USA, the European Commission has not issued decisions stating the adequate level of data protection. To the extent of data transfer to the USA being in our responsibility, our cooperation is based on the standard data protection clauses of the European Commission. Further information on data processing by Facebook can be found in Facebook’s privacy policy.
Facebook Ads (management of advertisements)
Facebook Ads enables us to advertise our website on Facebook and other platforms. We determine the parameters of a given advertising campaign. Facebook is responsible for its exact implementation and in particular for the decision to display the respective advertisement to individual users. Unless otherwise specified for individual functionalities and tools, data processing is carried out on the basis of an agreement for co-administration of personal data, in accordance with art. 26 of the GDPR. The joint responsibility is limited to data collection and transmission to Facebook Ireland. This does not include subsequent data processing by Facebook Ireland.
8. Integration with Trusted Shops Trustbadge and other widgets
Trusted Shops widgets are integrated into our website to display Trusted Shops services (e.g. quality stamp, collected reviews) and to offer Trusted Shops products to buyers after placing an order.
In accordance with art. 6(1)(f) of the GDPR, the above serves our legitimate interest for the optimal marketing of our offer, by enabling safe online shopping. The Trustbadge and the services advertised with it are offered by Trusted Shops AG, Subbelrather Str. 15c, 50823 Cologne, Germany (hereinafter “Trusted Shops”) with whom we are jointly responsible for the protection of co-administered data, in accordance with art. 26 of the GDPR. We hereby inform you about the essential content of the joint arrangements of the co-administrators (art. 26(2) of the GDPR).
As part of the joint responsibility between us and Trusted Shops AG, if you have any questions about data protection and would like to assert your rights, please contact Trusted Shops using the contact details provided in Trusted Shops privacy policy. However, regardless of this, you can always contact the data co-administrator of your choice.
Then your inquiry or request will be forwarded to the other co-administrator, if necessary, in order to process/answer it.
8.1 Data processing as part of the integration of Trustbadge and other widgets
The Trustbadge is provided by the US content provider CDN (Content-Delivery-Network). An adequate level of data protection is ensured by standard data protection clauses and additional contractual agreements.
When the Trustbadge is triggered, the web server automatically saves a so-called log file (server logs), which also contains your IP address, date and time of the request, the amount of data transferred and the requesting operator (access data) and such triggering is documented. The IP address is anonymized immediately after collection, so that the saved data cannot be assigned to a specific person. The anonymized data is used in particular for statistical and error analysis purposes.
8.2 Data processing after placing an order
After placing an order, the Trustbadge gains access to the information about the order stored in the end device used by you (total amount of the order, order number, possibly purchased product) and your e-mail address. This is necessary in order enable presentation of the offer of Trusted Shops services to you and, if necessary, to automatically protect your order with means of buyer protection. For this purpose, your e-mail address, which is hashed with means of a cryptographic one-way function, is transmitted to Trusted Shops. The legal basis in this regard is art. 6(1)(b) of the GDPR.
This is to verify whether you are already registered for the purposes of using the Trusted Shops services and it is necessary to pursue our and Trusted Shops’ general legitimate interests in providing buyer protection, which is related in each case with every specific order, and to pursue purchase evaluation services (art. 6(1)(f) of the GDPR). If you are already registered, further data processing will take place in accordance with the contract between you and Trusted Shops. However, if you are not registered, you will be given the opportunity to do so. Further data processing after registration will also depend on the type of contract concluded with Trusted Shops. If you do not register, all data provided will be automatically deleted by Trusted Shops and its linking with a specific person will not be possible.
Trusted Shops uses service providers for hosting and log monitoring.
The legal basis in this regard is art. 6(1)(f) of the GDPR, and the legitimate interest is to ensure the trouble-free operation of our websites.
The related data processing may also take place in third countries (USA and Israel). The respective data protection level has been ensured for the US by implementing the obligation of standard data protection clauses and further contractual measures, and in the event of Israel there is a decision implemented for the adequate data protection level. You will find further information here.
9. Social media
9.1 Social Media plugins: Facebook (Meta), Instagram (Meta)
On our website we use so-called plugins (buttons) of social networking sites. These plugins are available via an HTML link, which ensures that when visiting our website with such plugins (buttons), no automatic direct connection to the servers of the operator of a given social networking site is established. After clicking on one of the buttons (plug-in), a new window will be opened in your browser, displaying the web page of a given social networking site, where you can confirm the use of a given button, e.g. “Like it” or “Share”.
9.2 Our activity on social networks: Facebook,
Instagram
If you have given your consent to a given social networking site in this regard (art. 6(1)(a) of the GDPR), when visiting our account/profile on the above-mentioned social networking sites, your data will be automatically collected and stored for Internet analytics and marketing purposes. Based on this, pseudonymized user profiles are created from such data. They can be used, for example, to place so-called personalized advertisements within and outside social networks, that are likely to match your interests. Cookies are usually used for this purpose.
Detailed information on the processing and use of your data by individual social networking sites, as well as information on your rights and the possibility of configuring privacy settings, as well as contact details for the purposes of submitting an inquiry, are described in the privacy policies of individual social networking sites linked below. If you need assistance in this regard, you can also contact us.
Facebook (by Meta) is a social networking service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Automatically processed information about your activity and the methods of use of our Facebook fan page (by Meta) is usually sent to the server of Meta Platforms Ireland, Inc., 1 Hacker Way, Menlo Park, California 94025 in the USA and stored there. In relation to USA, the European Commission has not issued decisions stating an adequate level of data protection.
Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing when visiting the Facebook fan page (by Meta) is carried out in accordance with art. 26 of the GDPR based on the joint arrangements of the co-administrators, which are available here. Further information on the processing of your personal data when visiting the Facebook fan page (information on the page statistics functionality) is available here.
Instagram (by Meta) is a social networking service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Automatically processed information about your activity and the methods of use of our fan page account in the Instagram service is usually sent to the server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025 in the USA and stored there. In relation to USA, the European Commission has not issued decisions stating an adequate level of data protection. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing when visiting the fan page account of the Instagram service (by Meta) is carried out in accordance with Art. 26 of the GDPR based on the joint arrangements of the co-administrators. Further information on the processing of your personal data when visiting the Facebook fan page (information on the page statistics functionality) is available here.
10. Our contact details and your rights
10.1 Your rights
Persons whose data is processed have the following rights:
• in accordance with art. 15 of the GDPR: the right to obtain information about data processing to the extent specified in this article;
• in accordance with art. 16 of the GDPR: the right to have your inaccurate or incomplete personal data rectified;
• in accordance with art. 17 of the GDPR: the so-called “the right to be forgotten”, i.e. the right to delete your personal data stored with us, unless further processing of such data is necessary:
– to exercise the right to freedom of speech and information;
– to comply with a legal obligation;
– due to reasons of public interest;
– to establish, pursue or defend claims;
• in accordance with art. 18 of the GDPR: the right to limit the processing of personal data, provided that:
– the accuracy of this personal data is contested by you;
– the processing is unlawful and you oppose to deletion of such data;
– we no longer need the personal data, but you need it
to establish, pursue or defend claims;
– you have objected to data processing, pursuant to Art. 21;
• in accordance with art. 20 of the GDPR: the right to receive the data provided to us in a structured, commonly used and machine-readable format and to send it to another administrator;
• in accordance with art. 77 of the GDPR: the right to lodge a complaint with the supervisory body (President of the Personal Data Protection Office (pl. Prezes Urzędu Ochrony Danych Osobowych, UODO)).
Right to object
If we process personal data in the manner described in this privacy policy in order to protect our legitimate interests, then you can object to the processing of your data for this purpose – which is effective for the future.
If the processing takes place for direct marketing purposes, you can exercise your right to object at any time.
If the processing takes place for other purposes, you have the right to object only for reasons arising from your particular situation.
After you have exercised your right to object, we will not continue to process your personal data, unless we explicitly demonstrate the existence of valid, legitimate grounds for processing and they are superior to your interests and rights, or when the data processing is for the purpose of asserting, exercising or defending legal claims.
The previous sentence does not apply when data processing is carried out for direct marketing purposes. In this case, after expressing your objection, we will always stop further processing of your personal data.
10.2 Contacting us
In case of questions regarding the collection, processing and use of your personal data, as well as in the event of a request for information, rectification, limitation of processing or deletion of data and in order to withdraw consents granted or object to the use of specific data, please contact the data administrator, who is directly indicated at the beginning of this privacy policy.
