PRIVACY POLICY

In accordance with the Articles 13 and 14 of the Regulation 2016/679 of the European Union (“EU”) Parliament and the EU Council of 27 April 2016 on the protection of individuals with regard to processing of their personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR“), we are obliged to provide information to individuals whose personal data we process.

This below policy covers the main aspects related to the processing of personal data by the Administrator, including users of the website https://branchestore.com/ (hereinafter referred to as the “Website“) and the Clients of the Branché online shop operating under this address (hereinafter referred to as the “Online Store“).

I. General Information

  • The Personal Data Controller in accordance with the GDPR is Kamila Szamot, ul. Pańska 73/104, 00-834 Warsaw, VAT ID: 527-277-98-62, REGON: 365390449, hereinafter referred to as the Administrator.
  • You can contact the Administrator via email at customercare@branchestore.com

II. What Are Personal Data and What Is Their Processing?

  • Under the provisions of the GDPR, “personal data” refers to any information relating to an identified or identifiable individual.
  • An identifiable individual is the one who can be directly or indirectly identified, in particular by name, identification number, location data, online identifier, or one or more specific descriptions defining the physical, physiological, genetic, mental, economic, cultural, or social identity of the individual.
  • The processing of personal data is understood as an operation performed on personal data, whether automated or not, such as collecting, recording, organising, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination, or otherwise making available, aligning or combining, restricting, erasing, or destroying.
  • Providing personal data is, in most cases, voluntary. However, failure to provide certain data specified in the Privacy Policy will result in the inability to use the services and benefits offered by the Administrator.

III. Purposes of Personal Data Processing

  • The Administrator collects and processes personal data in particular in relation to:
    • Providing services electronically, including enabling account registration in the Online Store
    • Entering into and executing distance contracts
    • Sending newsletters
    • Undertaking marketing activities
    • Archiving documents containing personal data
    • Managing profiles and accounts on social media.
  • Your personal data may also be processed for other purposes. In such cases, you will receive information from the Administrator in compliance with the information obligation as required by the GDPR (Articles 13 and 14 GDPR).
  • For certain personal data (listed below), due to the potential for claims against the Administrator concerning the services provided, the Administrator will process the data until the expiration of the limitation period for potential claims.
  • The detailed purposes for processing personal data, along with the legal basis and processing periods, are outlined below:
    • Managing and Operating the Customer Account in the Online Store – processing is necessary for realization of the electronic service agreement of which the Customer is a party (Art. 6(1)(b) GDPR). The data is processed for as long as the Customer account is active, until its deletion or the Administrator’s business ceases.
    • Entering into Agreements via the Online Store – processing is necessary for realization of the contract (i.e., the sales agreement) of which the Customer is a party (Art. 6(1)(b) GDPR). The data is processed for the legally required documentation retention period or for the period of limitation on claims related to the contract, whichever is longer.
    • Executing Agreements – processing is necessary for realization of the contract of which the Customer is a party (Art. 6(1)(b) GDPR). The data is processed for the legally required documentation retention period or for the period of limitation on claims related to the contract, whichever is longer.
    • Handling Complaints Related to the Agreements – the basis for processing is (i) realization of the contract of which the Customer is a party, within the scope of responsibility for the conformity of the Goods with the contract (Art. 6(1)(b) GDPR), and (ii) the Administrator’s legitimate interest in defending against unjustified claims and ensuring high-quality customer service (Art. 6(1)(f) GDPR). The data is processed for the legally required documentation retention period or for the period of limitation on claims related to the contract, whichever is longer.
    • Enabling the Right to Withdraw from the Contract – processing is necessary for realization of the contract of which the Customer is a party, within the scope of responsibility for the conformity of the Goods with the contract (Art. 6(1)(b) GDPR). Data is processed for the legally required documentation retention period or for the period of limitation on claims related to the contract, whichever is longer.
    • Issuing Accounting Documents, Carrying Out Tax-Accounting Settlements, Maintaining and Archiving Tax and Accounting Records – processing is necessary to fulfill the Administrator’s legal obligations arising from tax and accounting regulations (Art. 6(1)(c) GDPR). Data is processed for the legally required period of retention of tax and accounting documentation related to the contract.
    • Managing the Loyalty Programme – processing is necessary for realization of the electronic service agreement of which the Customer is a party (Art. 6(1)(b) GDPR). Data is processed for as long as the Customer account is active, until its deletion or the Administrator’s business ceases.
    • Monitoring Customer Activities on the Store’s Website and Conducting Customer Preference Analyses and Statistics – processing is necessary for purposes arising from the Administrator’s legitimate interests, including, but not limited to: improving Store operations, enhancing service functionality, and optimizing the customer service process (Art. 6(1)(f) GDPR). The data is processed for the duration of the Administrator’s legitimate interest, but not beyond the submission of an objection to data processing for the above purpose.
    • Responding to Inquiries or Requests Made by Contact Form and Archiving Such Correspondence – during the contact, processing is necessary for realization of the electronic service agreement of which the Customer is a party (Art. 6(1)(b) GDPR). After  the cooperation ends, processing is necessary for the Administrator’s legitimate interests, namely, archiving correspondence to demonstrate its course in the future (Art. 6(1)(f) GDPR). Data is processed until an objection to processing is raised.
    • Sending a Newsletter Containing Commercial Information – processing is based on consent (Art. 6(1)(a) GDPR). The data is processed until the consent is withdrawn or the Administrator ceases sending the newsletter.
    • Managing the Administrator’s Profiles on Facebook and Instagram – the basis for processing is the Administrator’s legitimate interest in collecting data on activities on the Administrator’s profiles via Facebook and Instagram, enabling anonymous user analysis and interactions, and sharing information about the Administrator’s activities (Art. 6(1)(f) GDPR). The basis for processing also includes user consent arising from activities on the Administrator’s profiles on these platforms (Art. 6(1)(a) GDPR). The data is processed for as long as the Administrator’s legitimate interest continues, but no longer than until the following actions are taken: (i) unliking the Administrator’s profile on the platforms, or (ii) deleting all user activity on those profiles. The data processing will also stop if the user’s account is deleted, or if the Administrator removes their profiles from the platforms. These actions do not erase archived data related to portal activity.
    • Archiving Documents Produced by the Administrator as Part of Business Operations – processing is necessary to fulfill the Administrator’s legal obligations (Art. 6(1)(c) GDPR). Additionally, the basis for processing is the Administrator’s legitimate interest in securing evidence for demonstrating facts (Art. 6(1)(f) GDPR). Data is processed until a valid objection to processing is raised.
    • Establishing or Pursuing Claims, or Defending Against Claims or Allegations – the basis for processing is the Administrator’s legitimate interest in establishing or pursuing claims, as well as defending against claims or allegations (Art. 6(1)(f) GDPR). The data is processed until the limitation period for claims expires in accordance with applicable law.
    • Creating Records of Processing Activities and Registers Required by GDPR – processing is necessary to fulfill the Administrator’s legal obligations (Art. 6(1)(c) GDPR in conjunction with Art. 30(1) and (2) GDPR). Data is processed for the duration of the Administrator’s business operations.
  • In relation to the management of the Administrator’s profiles on Facebook and Instagram, the following detailed rules apply:
  • User data may be processed by the Administrator in reference with all activities on the Administrator’s profile on Facebook and Instagram (including liking the profile, posting a comment, liking a post, etc.).
  • From Facebook or Instagram, the Administrator may receive personal data divided into user categories, such as: total number of visits, reactions to posts, comments, gender distribution of visitors, visit sources, information regarding clicks on specific content on the page (e.g., maps or contact information), and post reach.
  • User activity on the Administrator’s profile on Facebook and Instagram is entirely voluntary, but such activity is equivalent to the processing of personal data. We have no control over the creation and display of analytics, nor can we stop the collection or processing of data for this purpose. If you wish to limit your connection with the Administrator’s profile on Facebook or Instagram, you can use the platform’s available features to unfollow or unsubscribe from the Administrator’s profile.
  • Regardless of the above, Facebook and Instagram may use your data for their own purposes, particularly for market research and advertising. Cookies may be stored on your computer, which analyze your usage behaviour. Other information, including data about your devices and the internet connection, may be collected and linked to your account. Facebook and Instagram may create your profile even if you are not logged in or do not have a registered account on the platform. These profiles may be used to display targeted advertisements on their platforms.
  • The provider of Facebook and Instagram is Meta Platforms Ireland Limited, with its registered office at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 
  • Details on personal data processing on Facebook are regulated in the privacy documents available at https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
  • Details on personal data processing on Instagram are regulated in the privacy documents available at https://help.instagram.com/196883487377501?ref=dp
  • The Administrator uses Google Analytics tools (web analytics tools from Google Inc.) on the Website. The following rules apply:
    • Google Analytics uses methods that allow for the analysis of your usage of the Website – such as cookies. Details of the service are available at: https://analytics.google.com/analytics/web/provision/?hl=pl#/provision
    • As part of the analysis, personal data such as the IP address of the devices you use to access the Website and data on your activity on the Website are processed. However, the personal data processed in this way are not saved or archived anywhere.
    • According to Google’s assurances, with respect to users in the European Economic Area and Switzerland, the responsible entity is Google Ireland Limited, based in Dublin, Ireland (Gordon House, Barrow Street, Dublin 4, Ireland).
    • Automatically collected information about the use of the Website may be transferred to and stored on a Google server. Google ensures that it uses data protection mechanisms compliant with European regulations. Details are available at: https://policies.google.com/privacy?hl=pl 
    • You can prevent Google from recording data collected by cookies regarding your use of the Website (including your IP address), as well as prevent the processing of such data, by downloading and installing the browser plug-in available at: https://tools.google.com/dlpage/gaoptout?hl=pl

IV. From which sources do we obtain personal data?

  • The personal data held by the Administrator come primarily from you – our website users and Clients.
  • If the data were not provided by you, they come from the following sources:
    • from the Administrator’s Clients, Contractors, and Business Partners
    • from other entities that provide your data, e.g., in correspondence
    • from publicly available sources, particularly from data posted on websites, including publicly accessible records, registers, and databases, such as CEIDG, KRS, the REGON database, the VAT register, etc.

V. Recipients of Personal Data

  • The Administrator does not share your data with third parties unless it is necessary for the proper processing of personal data and the Administrator’s business operations. The data may be shared or entrusted to the following entities:
    • recipients of personal data:
      • banks and entities providing payment intermediary services (for the purpose of financial settlements)
      • entities to which the Administrator is obligated to provide personal data under generally applicable legal provisions
    • data processors (based on agreements for the processing of personal data):
      • entities that may gain access to your personal data when providing services to the Administrator, such as hosting services, email delivery, and other electronic communication tools, as well as entities managing databases and IT systems used by the Administrator
      • entities providing accounting services to the Administrator
      • Google, due to the use of Google tools on the Website.
  • The Administrator may transfer your personal data to third countries only when using IT systems provided by entities based outside the European Union and the European Economic Area (EEA), or when required by generally applicable EU or national legal regulations.

VI. Rights Related to Your Data Processing by the Administrator

  • The GDPR grants you the following rights concerning the processing of personal data:
    • right to request access to your personal data
    • right to request correction of your personal data
    • right to request erasure of personal data (the right to be forgotten)
    • right to request restriction of processing
    • right to data portability
    • right to object to processing of personal data.
  • If the processing is based on consent, you have the right to withdraw your consent at any time, without providing a reason, in any form, particularly by sending an email to the Data Administrator. The withdrawal of consent does not affect the lawfulness of processing carried out based on the consent before its withdrawal.
  • You also have the right to lodge a complaint with Inspector General for Personal Data Protection Office if you believe that the Administrator’s processing of your data violates legal regulations.
  • You will not have all the rights mentioned in section 1 in reference with will every case of personal data processing. This depends on the type of processing and its legal basis. 
  • The Administrator may make decisions in an automated manner, including using profiling; however, this may not have any legal effects on you.

VII. Final Provisions

In the event of changes to the Privacy Policy, the Administrator will inform you on the Website and, thus fulfilling the information obligation.

Shopping Cart