Privacy Policy and Cookies Policy
Attachment No. 1
to the Online Store Regulations
Privacy Policy and Cookies Policy
1.Data Controller and Definitions
- The data controller for the personal data of Clients/Users of the Online Store, also referred to as the Seller, is: OSF Invest sp. z o.o., VAT ID: PL8992982481, KRS: 0001080763
- The Data Controller can be contacted at:
a) Mailing address: ul. Wawrzyniaka 3, 53-022 Wrocław, Poland
b) Email address: contact@oldschool-fishing.com - User - an individual visiting the Online Store's website or using the services or functionalities described in this Privacy Policy and Cookies Policy.
- Client - an individual with full legal capacity, a consumer, a legal person, or an organizational unit without legal personality to which the law grants legal capacity, who enters into a distance sales contract with the Seller.
- Online Store - an internet service run by the Seller, available at this address, through which the Client/User can obtain information about products and their availability and purchase products.
- Commercial Information and Newsletter - information, including commercial information (such as Newsletter) as defined by the Act of July 18, 2002, on providing services by electronic means (Journal of Laws 2020, item 344), sent by the Seller to the Client/User electronically; receiving such information is voluntary and requires prior consent from the Client/User.
- Account - a set of data stored in the Online Store and in the Seller's IT system related to a specific Client/User and their orders and agreements, used to place orders and enter into agreements.
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).c
2. Purposes, Legal Bases, and Duration of Data Processing
- To fulfill the distance sales contract, the Seller processes:
a) Information about the User's device to ensure the proper functioning of services: IP address, information contained in cookies or other similar technologies, session data, browser data, device data, and activity data on the Website, including individual subpages;
b) Geolocation information, if the User has consented to the service provider's access to geolocation. Geolocation information is used to provide more tailored product offers;
c) Personal data of Users: first name, last name, address, email address, phone number, or other personal data necessary to complete the purchase, which the Administrator requires during the purchasing process. - This information does not contain User identity data, but in conjunction with other information, it may constitute personal data and, therefore, is protected under GDPR.
- Data is processed in accordance with Art. 6(1)(b) GDPR, for the purpose of providing the service, i.e., the contract for electronic services in accordance with the Regulations, and in accordance with Art. 6(1)(a) GDPR, in connection with consent for the use of specific cookies or other similar technologies, expressed by the relevant settings of the web browser in accordance with the Telecommunications Law, or in connection with consent for geolocation. Data is processed until the Client/User stops using the Online Store.
- The Administrator undertakes to take all measures required under Art. 32 GDPR, taking into account the state of technical knowledge, implementation costs, the nature, scope, and purposes of processing, and the risk of violating the rights or freedoms of individuals of varying likelihood and severity. The Administrator implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
3. Administrator’s Marketing Activities
- On the Online Store's website, the Data Controller may post marketing information about its products or services. The display of these contents is carried out by the Data Controller in accordance with Art. 6(1)(f) GDPR, i.e., in accordance with the legitimate interest of the Data Controller in publishing content related to the services provided and promotional content for actions in which the Data Controller is involved. This action does not infringe on the rights and freedoms of Clients/Users, who expect to receive similar content, and may even anticipate it or consider it the purpose of their visit to the Online Store's website.
- The Client can consent to receive commercial information electronically by selecting the appropriate option in the registration form or later in the relevant tab. With such consent, the Client/User will receive the Online Store's information (Newsletter) and other commercial information sent by the Seller.
- The Client can withdraw consent to receive commercial information or the Newsletter at any time by unchecking the relevant box on their Account page or by using the form available here, or by clicking the appropriate link in each commercial information or Newsletter.
4. Recipients of User Data
The Data Controller discloses Users' personal data only to entities processing data under data processing agreements for the purpose of providing services to the Data Controller, e.g., hosting and website maintenance, IT services, marketing, and PR services.
5. Transfer of Personal Data to Third Countries
Personal data will not be processed in third countries.
6.Rights of Data Subjects
1. Each data subject has the right to:
- Access (Art. 15 GDPR) - obtain confirmation from the Data Controller as to whether their personal data is being processed. If data about the person is being processed, they are entitled to access it and obtain the following information: the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, the period for which the data will be stored or the criteria used to determine that period, the right to request rectification, erasure, or restriction of processing of their personal data, and to object to such processing;
- Obtain a copy of data (Art. 15(3) GDPR) - obtain a copy of the data being processed, with the first copy being free of charge, and for additional copies, the Data Controller may charge a reasonable fee based on administrative costs;
- Rectification (Art. 16 GDPR) - request rectification of their personal data if it is inaccurate or completion of incomplete data;
- Erasure of data (Art. 17 GDPR) - request erasure of their personal data if the Data Controller no longer has a legal basis for processing or if the data is no longer necessary for the purposes of processing;
- Restriction of processing (Art. 18 GDPR) - request restriction of the processing of personal data when:
a) The data subject contests the accuracy of the personal data – for a period enabling the Data Controller to verify the accuracy of the data;
b) Processing is unlawful and the data subject opposes the erasure of the data, requesting restriction of its use;
c) The Data Controller no longer needs the data, but the data is needed by the data subject to establish, exercise, or defend claims;
d) The data subject has objected to processing – until it is determined whether the legitimate grounds of the Data Controller override those of the data subject; - Data portability (Art. 20 GDPR) - receive their personal data in a structured, commonly used, and machine-readable format, and request the transfer of this data to another Data Controller if the data is processed based on the consent of the data subject or a contract and is processed in an automated manner;
- Object (Art. 21 GDPR) - object to the processing of their personal data for legitimate interests of the Data Controller, for reasons related to their particular situation, including profiling. The Data Controller will then assess whether there are any valid legal grounds for processing that override the interests, rights, and freedoms of the data subject or grounds for establishing, exercising, or defending claims. If, based on the assessment, the interests of the data subject outweigh those of the Data Controller, the Data Controller will be required to cease processing data for those purposes;
- Withdraw consent at any time and without providing a reason, but processing carried out before the withdrawal remains lawful. Withdrawal of consent will result in the cessation of processing of personal data by the Data Controller for the purpose for which the consent was given.
2. To exercise the above rights, the data subject should contact the Data Controller using the provided contact details and inform them which right and to what extent they wish to exercise.
7. President of the Personal Data Protection Office
- The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office located in Warsaw, ul. Stawki 2, with whom contact can be made in the following ways:
a) By mail: ul. Stawki 2, 00-193 Warsaw, Poland
b) Via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;
c) Hotline: 606-950-000.
8. Data Protection Officer
In any case, the data subject can also contact the Data Protection Officer directly via email or in writing at the address of the Data Controller provided in section 1 point 2 of this Privacy Policy and Cookies Policy.
9. Cookies
- The online store collects information about Customers, Users, and their behavior in the following ways:
a) through voluntarily provided information in forms for purposes related to the specific form's functions
b) by storing cookies on end devices
c) by collecting server logs by the online store's hosting operator (necessary for the proper functioning of the service) - Cookies are IT data, in particular text files, stored on the end device of the Customer/User and are intended for use with the online store's website. Cookies usually contain the name of the website from which they originate, the time of their storage on the end device, and a unique number.
- The online store uses cookies only after obtaining prior consent from the Customer/User in this regard. Consent to the online store's use of all cookies is given by clicking the "Close" button when the cookie consent message appears or by closing the message.
- If the Customer/User does not consent to the online store's use of cookies, they may opt for "I do not consent," also available in the cookie consent message, or make changes in the settings of the currently used web browser (this may cause the online store's website to function incorrectly).
- To manage cookie settings, select from the list of browsers/systems and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
- The legal basis for processing personal data obtained from cookies is the legitimate interests of the Data Administrator, which involve ensuring high-quality services and ensuring the security of services.
- The online store uses two main types of cookies: "session" cookies and "persistent" cookies. "Session" cookies are temporary files stored on the User's end device until logout, leaving the online store, or closing the software (web browser). "Persistent" cookies are stored on the Customer/User's end device for the time specified in the cookie parameters or until deleted by the Customer/User.
- Cookies are used for the following purposes:
Functional cookies (required)
client39281.idosell.com
monit_token: 365 days, cookie
Identifies the store's customer.
shop_monit_token: 30 minutes, cookie
Identifies the store's customer.
client: 1 day, cookie
Identifies logged-in customers / shopping cart of an unlogged-in customer.
affiliate: 90 days, cookie
Stores information about the partner ID from which the store was accessed.
ordersDocuments: cookie
Stores information about the document print status.
__idsui: 1095 days, cookie
Necessary for the functioning of the so-called light login on the page.
_idsual: 1095 days, cookie
Necessary for the functioning of the so-called light login on the page.
IAI_SRC: 90 days, cookie
Stores only the source from which the site was accessed.
login: cookie
Stores information about whether the user has logged in to the page.
CPA: 28 days, cookie
Contains information about variables for CPA/CPS programs in which the site participates.
IAIRSABTVARIANT: 30 days, cookie
Variant ID for A/B test and IdoSell RS engine configuration.
basket_id: 365 days, cookie
User's shopping cart ID, assigned for the duration of the session.
page_counter: 1 day, cookie
Page visit counter.
LANGID: 180 days, cookie
Stores information about the language selected by the page user.
REGID: 180 days, cookie
Stores information about the user's region.
CURRID: 180 days, cookie
Stores information about the currency selected by the page user.
IAIABT: 30 days, cookie
Stores the A/B test ID for testing and improving store functionality.
IAIABTSHOP: 30 days, cookie
Stores the ID of the shop participating in the A/B test.
IAIABTVARIANT: 30 days, cookie
Stores the variant ID drawn in the current A/B test.
toplayerwidgetcounter[]: cookie
Stores the number of pop-up message views.
samedayZipcode: 90 days, cookie
Stores the user's postal code needed to offer SameDay courier delivery.
applePayAvailability: 30 days, cookie
Stores information about whether ApplePay payment is available for the user.
paypalMerchant: 1 day, cookie
PayPal account ID.
toplayerNextShowTime: cookie
Stores information about when the next pop-up message should be displayed.
rabateCode_clicked: 1 day, cookie
Stores information about closing the active discount banner.
freeeshipping_clicked: 1 day, cookie
Stores information about closing the free shipping banner.
redirection: cookie
Stores information about closing the pop-up message suggesting the store language.
filterHidden: 365 days, cookie
After clicking the filter collapse option for goods, stores information about which filter should be collapsed after refreshing the goods list.
toplayerwidgetcounterclosedX: cookie
Stores information about closing the pop-up message.
cpa_currency: 60 minutes, cookie
Contains information about the currency for CPA/CPS programs in which the site participates.
basket_products_count: cookie
Stores information about the number of items in the cart.
wishes_products_count: cookie
Stores information about the number of items in the wish list.
remembered_mfa: 365 days, cookie
Stores information about the remembered user for multi-factor authentication (MFA).
IAI S.A.
iai_accounts_toplayer: 30 days, cookie
Ensures correct display of the pop-up message informing about the IdoAccounts login service (https://www.idosell.com/pl/tysiace-gotowych-do-uzycia-funkcji/logowanie-do-sklepu-z-konta-w-innym-serwisie/).
IdoSell
platform_id: cookie
Stores information about whether the site is displayed in the mobile app.
paypalAvailability: 1 day, cookie
Stores information about whether PayPal payment is available for the user.
ck_cook: 3 days, cookie
Stores information about whether the website user has consented to cookies.
IdoAccounts
accounts_terms: 365 days, cookie
Stores information about whether the user has accepted the consent to use the IdoAccounts service.
express_checkout_login: 365 days, cookie
CookieNameExpressCheckoutLogin
NID: 180 days, cookie
These cookies (NID, ENID) are used to remember user preferences and other information, such as preferred language, number of search results displayed (e.g., 10 or 20), and whether the user wants Google SafeSearch filter enabled. This cookie is also necessary for providing Google Pay service.
Google reCAPTCHA
_GRECAPTCHA: 1095 days, cookie
This cookie is set by Google reCAPTCHA, which protects our site from spam requests in contact forms.
PayPal
ts: cookie
This cookie is usually provided by PayPal and supports payment services on the site.
ts_c: 1095 days, cookie
This cookie is usually provided by PayPal and helps prevent fraud.
x-pp-s: cookie
This cookie is usually provided by PayPal and supports payment services on the site.
enforce_policy: 365 days, cookie
This cookie is usually provided by PayPal and supports payment services on the site.
tsrce: 3 days, cookie
This cookie is usually provided by PayPal and supports payment services on the site.
l7_az: 60 minutes, cookie
This cookie is necessary for PayPal login functions on the website.
LANG: 1 day, cookie
This cookie is usually provided by PayPal and supports payment services on the site.
nsid: cookie
Used in the context of transactions on the Website. The cookie is required for secure transactions.
Analytical cookies
IAI S.A.
__IAI_AC2: 45 days, cookie
Conversion tracking identifier (Activity Tracking) for collecting the history of sources preceding the order placement and the source through which the order was placed according to the last click attribution model.
Google Maps
SID: 3650 days, cookie
Contains digitally signed and encrypted records of the Google account identifier and the last login time. Combining these cookies (SID, HSID) allows Google to block various types of attacks, such as attempts to steal contents of forms submitted in Google services.
Advertising cookies
client39281.idosell.com
RSSID: 180 days, cookie
Id of the IdoSell RS user, used for displaying matched product recommendations on the page.
IAIRSUSER: 60 minutes, cookie
Id of the IdoSell RS user, used for displaying matched product recommendations on the page.
8. Cookies are used for the following purposes:
a) creating statistics that help understand how Customers/Users of the online store use the websites, enabling improvements in their structure and content
b) maintaining the Customer/User session (after logging in), so that the Customer/User does not have to re-enter login and password on every page of the online store
c) defining the profile of the Customer/User to display product recommendations and tailored content in advertising networks, especially Google network.
9. Web browsing software (web browser) generally allows cookies to be stored on the end device of the Customer/User by default. Customers/Users can change these settings. The web browser allows for the deletion of cookies. Automatic blocking of cookies is also possible.
10. Restrictions on the use of cookies may affect some functionalities available on the online store's websites.
11. Cookies placed on the Customer/User's end device and used may also be used by advertisers and partners cooperating with the online store.
12. Cookies may be used by the Google network to display ads tailored to how the Customer/User uses the online store. For this purpose, they may store information about user navigation paths or time spent on a specific page: https://policies.google.com/technologies/partner-sites.
13. We recommend that Customers/Users read the privacy policies of these companies to understand how cookies are used in statistics: Google Analytics Privacy Policy.
14. Regarding information about Customer/User preferences collected by the Google advertising network, Customers/Users can view and edit cookie information using the tool: https://www.google.com/ads/preferences/.
15. The online store's page contains plugins that may transfer Customer/User data to Administrators such as: Google Maps, PayPal, Google reCAPTCHA, IdoAccounts, IdoSell, IAI S.A., Google.
16. To properly execute the distance sales agreement, the Data Administrator may provide Customer/User data to courier entities. Currently available delivery methods in the online store can be found at here.
17. To properly execute the distance sales agreement, the Administrator may provide Customer/User data to online payment systems. Currently available prepayment methods in the online store can be found here.
10. Changes to the Privacy and Cookie Policy
- The Privacy and Cookie Policy may be supplemented or updated according to the current needs of the Administrator to provide up-to-date and accurate information to Customers/Users.