The terms used herein shall mean:
The Company – SONDA SPORTS (owner of https://www.sondasports.com), a limited liability company based in Wroclaw, ul. Wagonowa 2C, 53-609 Wroclaw, Poland, entered into the Register of Entrepreneurs kept by the District Court for Wroclaw-Fabryczna in Wroclaw, 6th Commercial Division of the National Court Register, under KRS number: 0000506708, NIP (tax identification number): PL 8971798074, REGON (state statistical number): 022392201, which sells specific products in the Store.
Store – a collection of web pages managed by the Company, allowing the Buyer to purchase equipment offered for sale by the Company on https://www.sondasports.com.
Consumer – a consumer within the meaning of the Act of 23 April 1964 – Civil Code (consolidated text: Journal of Laws of 2014, item 121) i.e. a natural person performing a legal transaction with the Company that is not directly related to his/her business or professional activity.
The Buyer – a person or entity using the GPSVESTS Store who is an Entrepreneur or a Consumer.
Entrepreneur – an entrepreneur within the meaning of the Act of 23 April 1964 – Civil Code (consolidated text: Journal of Laws of 2014, item 121), i.e. a natural person, a legal person or an organisational unit conducting business or professional activity on its own behalf.
User – person visiting website https://www.sondasports.com and it’s subdomains
The administrator of my Personal data is SONDA SPORTS, a limited liability company based in Wroclaw, ul. Wagonowa 2C, 53-609 Wroclaw, entered into the Register of Entrepreneurs kept by the District Court for Wroclaw-Fabryczna in Wroclaw, 6th Commercial Division of the National Court Register, under KRS number: 0000506708, NIP (tax identification number): 8971798074.
The collected data is processed in accordance with the provisions of the REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46 / EC (general regulation on data protection) – hereinafter referred to as the GDPR of the Act of May 10, 2018 on the Protection of Personal Data (i.e. Journal of Laws of 2019, item 1781, as amended) and the Act of July 18, 2002 on the provision of electronic services (i.e. Journal of Laws of 2020, item 344 as amended).
The personal data of Buyers / Users will be processed by the Company, as the administrator of personal data, in order to provide services to the Buyer by the Company, and with the consent of Buyers / Users, for marketing purposes related to the Company’s operations. i.e. based on:
1. Article 6 (1) (a) of the GDPR – when consent is required;
2. Article 6 (1) (b) of the GDPR – when processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract;
3. Article 6 (1) (c) of the GDPR – when processing is necessary to fulfill the legal obligation incumbent on the administrator.
The data may also be processed irrespective of the consent granted or the services provided in connection with the investigation / defense of claims (Article 6 (1) (f) of the GDPR).
Providing personal data by the Buyer / User is optional. However, the lack of consent to the processing of personal data by the Company may prevent the Company from providing services electronically, and the Buyer / User from making online purchases.
The personal data of the Buyer / User may be made available to entities authorized to obtain them, on the basis of applicable law, including, for example:
– relevant judicial authorities;
– persons authorized by the Administrator of personal data to process personal data (employees / associates), entities processing personal data on behalf of the Data Administrator on the basis of contracts concluded with the Data Administrator, in particular in the necessary and required scope, third parties, performing activities on behalf of the Company related to the concluded contract with the Buyer, e.g. delivery of products ordered by the Buyer.
The Buyer / User has the right to:
– request the administrator to access his personal data, rectify it, delete it or limit its processing;
– to object to the processing, as well as the right to transfer data and the right to submit a statement on the withdrawal of any consent given at any time. Withdrawal of consent does not affect the lawfulness of the processing which was carried out on the basis of consent before its withdrawal.
Personal data will be processed:
1. for the period of providing services, and after its completion, at the time appropriate for tax or customs inspections;
2. until the consent is withdrawn;
3. for the limitation period or to enforce claims related to the processing of my personal data.
Personal data may be profiled to define the Buyer’s / User’s preferences and to present an adequate offer of products and services via SalesManago.
The request and objection may be submitted by the Buyer / User via e-mail sent to the following address:
The Company uses all appropriate technical security measures to maintain the confidentiality of data.
Confidential information regarding Buyers / Users, including Buyers’ personal data, is protected by the Company against disclosure to third parties and unauthorized persons.
The company protects data against unauthorized access, processing in violation of the law, alteration, damage or destruction.
For complete security, the data is stored on Amazon Web Services servers located in Ireland and Germany.
The Buyer / User has the right to lodge a complaint with the President of the Office for Personal Data Protection.
III. AGREEMENT ON OUTSOURCING PROCESSING OF PERSONAL DATA
Concluded on 29.04.2020 in Wrocław between:
1. SONDA SPORTS SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered seat in Wrocław, postcode: 53-609, address: ul. Wagonowa 2C, with documentation stored at the District Court Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, KRS number: 0000506708, with share capital amounting to: PLN 75,000.00, with NIP tax identification number: 8971798074, represented by: Wojciech Ganczarski – President of the Management Board and Emilia Pobiedzińska – Vice-President of the Management Board, hereinafter referred to as the “Personal data administrator”
2. SALESMANAGO (https://www.salesmanago.com/), hereinafter referred to as the “Processing entity”
1. The Parties declare that, as at 29.04.2020, they concluded an agreement on CRM and marketing automation services, which might lead to the need to process personal data.
2. The Administrator outsources processing of personal data to the Processing entity pursuant to art. 28 of GDPR, solely for the purposes of the concluded agreement.
3. This agreement should be deemed as a documented personal data processing order.
4. The Processing entity undertakes to process personal data pursuant to GDPR, other applicable laws and this agreement.
5. The Processing entity declares that it possesses appropriate technical and organisational resources to ensure the required degree of security during the data processing procedure.
(PROCESSING OF PERSONAL DATA)
1. The Processing entity is authorised to process the following categories of personal data: full name, e-mail address, telephone number, data collected by the application, cookies and other related information.
2. The Processing entity is authorised to process data of the following categories of individuals: clients, subscribers, employees, associates, website visitors.
3. The Processing entity is not authorised to process special categories of data within the meaning of art. 9 section 1 of GDPR (racial or ethnic origin, political opinions, religious or philosophical beliefs, affiliation with trade unions and processing genetic or biometric data to identify unambiguously the given natural person, or data concerning the health, sexuality or sexual orientation of such person) as well as data concerning convictions or infringements of law within the meaning of art. 10 of GDPR.
4. Personal data are processed for the purpose of correct performance of the main agreement.
5. The administrator might give its general consent to the Processing entity’s use of the services of another processing entity.
6. In case of a general written consent the processing entity informs the administrator about any planned changes regarding adding or replacing processing entities so that the administrator might object to such changes.
7. If the Processing entity uses services of other processing entity to perform specific processing activities on behalf of the administrator, that other processing entity shall have the same data protection obligations as the obligations that apply in the agreement between the administrator and the Processing entity, in particular the obligation to ensure sufficient guarantees of implementing appropriate technical and organisational measures – if the other processing entity does not meet its data protection obligations, the full responsibility towards the administrator for meeting this other processing entity’s obligations shall lie with the original Processing entity.
(OBLIGATION OF SECRECY)
1. The Processing entity undertakes permanently to keep the personal data entrusted to it confidential.
2. The Processing entity declares that every individual who is authorised to process the entrusted personal data shall be obligated to keep these data confidential permanently.
3. The confidentiality obligation also applies to all information on the methods of securing the personal data subjected to processing.
(RIGHTS AND OBLIGATIONS OF THE PROCESSING ENTITY)
1. The Processing entity cooperates with the Personal data administrator in ensuring security of personal data.
2. The Processing entity takes all measures required pursuant o art. 32 of GDPR (security of processing), and in particular it implements appropriate technical and organisational measures in order to ensure the degree of security corresponding to risk related to the processing of data.
3. The Processing entity uses the appropriate technical and organisational measures to assist the administrator in meeting the obligation of responding to requirements of the given data subject regarding performance of their rights, listed in chapter III of GDPR.
4. The Processing entity assists the Administrator in meeting the obligations listed in art. 32 of GDPR (security of processing), art. 33 of GDPR (reporting violations of personal data protection to a supervisory authority), art. 34 of GDPR (informing the data subject about violations of personal data protection), art. 35 of GDPR (assessment of consequences to data protection), art. 36 of GDPR (consultations with a supervisory authority).
5. After the termination or expiry of this agreement the Processing entity shall be obliged to immediately return the data entrusted to it and to remove all existing copies made for the purposes of day-to-day operations, unless the law requires that it stores such personal data.
6. The Processing entity informs the Personal data administrator if it finds that it receives an order that infringes GDPR or other provisions of law.
7. The Processing entity informs the Personal data administrator about any suspected infringement of data protection within 24 hours from the moment of infringement.
(RIGHTS AND OBLIGATIONS OF THE PERSONAL DATA ADMINISTRATOR)
1. The Personal data administrator undertakes to cooperate with the Processing entity in performance of this agreement in order to ensure protection and security of personal data.
2. The Personal data administrator makes explanations in case of the Processing entity’s doubts as to the lawfulness of the orders or instructions given to it.
3. The Personal data administrator updates transferred personal data so that they are correct.
(CONTROL OF DATA PROCESSING)
1. The Personal data administrator reserves the right to control the method of implementation of this Agreement.
2. The Processing entity shall provide all information necessary to evidence its compliance with its contractual obligations.
3. The Processing entity shall enable an inspection of its data processing procedure.
(TERM AND TERMINATION)
1. This Agreement is concluded for the term of one year.
2. Each of the Parties might terminate this agreement with 1 month’s notice if processing of the personal data entrusted by the Administrator to the Processing entity is no longer necessary.
3. The Personal data administrator reserves the right to terminate this agreement with immediate effect if the Processing entity processes the personal data in violation of this agreement, GDPR or other generally applicable provisions of law.
1. This agreement has been drawn up in two identical copies, one for each of the Parties.
2. The provisions of GDPR and other generally applicable provisions of law, in particular the personal data protection act of May 10th 2018 (Journal of Laws of 2019, item 1781, as amended) shall apply to any matters not covered by this Agreement.
Cookies are computer data, in particular, text files, sent by a web server, which are stored on the Buyer’s/User’s end device and used by the website. Cookies contain the name of the originating website, their storage time on the end device, and a unique number. The default parameters of the cookies allow reading the information contained in them only by the server that has created them.
Cookies are used:
a) to adapt the content of the website to Buyer’s/User’s preferences and to optimise the use of websites; in particular, these files allow to recognise the Buyer’s/User’s device and properly display the web page tailored to his individual needs;
b) for analytical and statistical purposes (analysis of Buyers’/User’s behaviour on the Store website, marketing preferences and for adjusting the content to the individual needs of Buyers);
In many cases, the software used to browse the Internet (web browser) allows by default to store cookies on the Buyer’s/User’s end device.
The Buyer/User can at any time change his cookies settings by specifying the conditions for their storage or cookies’ access to the Buyer’s/User’s device. The Buyer/User can change the settings referred to in the previous sentence by changing the settings of the software installed on his telecommunications end device or by service configuration. The settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the web browser settings or alert the Buyer/User each time cookies are created on his device. Detailed information on the possibilities and ways of handling cookies is available in the software (web browser) settings.
Cookies created on the Buyer’s/User’s end device can also be used by advertisers and partners cooperating with the Seller.
The Buyer/User can always delete the cookies using the features available in the web browser.
TYPES OF COOKIES
Essential: Some cookies are essential for you to be able to experience the full functionality of our site. They allow us to maintain user sessions and prevent any security threats. They do not collect or store any personal information. For example, these cookies allow you to log-in to your account and add products to your basket and checkout securely.
Statistics: These cookies store information like the number of visitors to the website, the number of unique visitors, which pages of the website have been visited, the source of the visit etc. These data help us understand and analyze how well the website performs and where it needs improvement.
Marketing: Our website displays advertisements. These cookies are used to personalize the advertisements that we show to you so that they are meaningful to you. These cookies also help us keep track of the efficiency of these ad campaigns.
The information stored in these cookies may also be used by the third-party ad providers to show you ads on other websites on the browser as well.
Functional: These are the cookies that help certain non-essential functionalities on our website. These functionalities include embedding content like videos or sharing contents on the website on social media platforms.
Preferences: These cookies help us store your settings and browsing preferences like language preferences so that you have a better and efficient experience on future visits to the website.
Buyers/Users can contact the Company as follows:
a) in writing – to the correspondence address: SONDA SPORTS Sp. z o. o., ul. Wagonowa
2C, 53-609 Wrocław (Poland)
b) by telephone: +48 576 988 155
c) electronically – e-mail address: firstname.lastname@example.org or email@example.com
d) on social media platforms: https://www.facebook.com/SondaSports/ or https://twitter.com/sondasports