PRIVACY POLICY SWAPIPHONE.COM PLATFORM
(effective from September 1, 2025)
I. INTRODUCTORY PROVISIONS
1.This document (hereinafter referred to as the ‘Privacy Policy’ or “Policy”) sets out the privacy policy applicable to the online platform swapiphone.com (marketplace) – hereinafter referred to as the ‘Platform’, and in particular the rules for the processing of personal data, information on the processing of personal data in cookies and other similar internet technologies.
2. This Privacy Policy has been prepared on the basis of the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119/1, 4/05/2016) – hereinafter referred to as the ‘Regulation’ or ‘GDPR’ and the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000, as amended) – hereinafter referred to as the ‘Act’, as well as other applicable provisions of law.
3. Capitalised terms used in this Policy shall have the meanings given to them in the overriding document, i.e. the Terms and Conditions of Use of the swapiphone.com platform for Buyers (hereinafter referred to as the ‘Terms and Conditions’)
4. This Policy is available continuously and free of charge via the website https://swapiphone.com/de-en/data-protection-and-cookies, in a manner that allows users to obtain, reproduce and record its content.
II. CONTACT DETAILS OF THE CONTROLLER
1.Who manages your data?
The controller of your personal data is EGIDA ECO Solutions limited liability company with its registered office in Warsaw – address: ul. Gen. Józefa Zajączka 32, 01-510 Warsaw (Poland), entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 14th Commercial Division of the National Court Register, under number 0001133818, REGON: 529970909, NIP: 5253021377, share capital PLN 50,000.00 (hereinafter referred to as the ‘Controller’).
In addition, the Controller's affiliated companies may be data controllers and entities responsible for the User's personal data. For the purposes of this Policy, ‘affiliated company’ means an entity that directly or indirectly owns or controls, is owned or controlled by the Administrator (or the owners of the Administrator) or is jointly owned or controlled with another entity or brand or products. In turn, ‘control’ means the right to direct the management or affairs of an entity, and ‘ownership’ means the actual ownership of fifty percent (50%) or more of the voting securities or other equivalent voting interests of an entity.
2. How can you contact the Administrator?
Each User may contact the Administrator regarding their personal data by:
2.1 email address: [email protected], or
2.2 by post to the following address: EGIDA ECO Solutions sp. z o.o., ul. Gen. Józefa Zajączka 32, 01-510 Warsaw (Poland), or
2.3 by telephone at the number provided on the website https://swapiphone.com between 9.00 a.m. and 5.00 p.m. (call charges according to the service provider's rates), or
2.4 via the Helpdesk contact form (only for logged in Users).
III. GENERAL INFORMATION ON PRIVACY
1.By making the Platform (swapiphone.com) available, the Administrator assumes that the User:
1.1 has all the necessary rights to use this website;
1.2 acknowledges that by publishing their personal data, they have made it public and that this information may become available to the Administrator or the Seller;
1.3 will provide true information about themselves to the extent necessary to use the Platform's services;
1.4 understands that certain types of information provided by them to other Users of the Platform cannot be deleted by either the User or the Administrator;
1.5 understands and accepts the provisions of this Policy,
1.6 and the User (being a natural person) is at least 18 years of age.
2. The Administrator does not review information about the User that it receives from the User, unless such review is necessary for the Administrator to fulfil its obligations towards the User.
3. All data collected and stored by the Administrator should be accurate. Therefore, each User is requested to immediately inform the Administrator if anything changes with regard to the User's personal data during the relationship with the Administrator.
4. Please note that if you withdraw your consent to processing or do not provide the data we require to maintain and administer the Platform, you may not be able to access the Platform or register on it.
5. The User should not provide the Administrator with personal data of third parties. If, however, the User provides such data, they declare each time that they have the appropriate consent of third parties to transfer the data to the Administrator.
6. This Policy applies only to EU citizens.
IV. SOURCES AND PURPOSES OF PERSONAL DATA PROCESSING
1.Personal data is provided to the Administrator by the Platform user (customers) – personal data collected from the data subject.
2. The purpose of personal data processing is the performance by the Administrator of all services, agreements and commercial contracts (including Product Sales Agreements for products offered exclusively by the Administrator or the provision of electronic services), handling requests and responding to them, handling complaints, marketing and promotion – carried out via the Platform. Placing an Order by the User as part of the marketplace service results in the User's personal data necessary for the execution of the Order being made available to the Seller for the purpose of performing the Sales Agreement.
3. If the Administrator becomes aware that the User is using the electronic service in a manner inconsistent with the Terms and Conditions or applicable law (unauthorised use), the Administrator may process the User's personal datato the extent necessary to determine the User's liability.
4. The Administrator may also ask the User for consent to process their personal data for a specific purpose, of which they will be informed. If consent is given to the processing of personal data for a specific purpose, the User may withdraw their consent at any time by contacting us, and we will cease processing their data for that purpose.
5. The Administrator may process personal data to ensure compliance with the law or to prevent and detect fraud and abuse in order to protect its security or the security of its customers and other persons.
6. We describe in more detail and in addition to the above-mentioned purposes the information we collect when you use the Platform, why we collect and process it, and the basis for processing:
| Purpose/activity | Type of data | Basis for processing |
| We use this data when you fill out a form (Helpdesk) to contact us in order to handle your requests and enquiries. |
(a) Identification data (b) Contact details |
Consent |
| We use this data when you exercise your rights under a complaint or warranty or when you check your device. | (a) Device data | Consent |
| We use this data for internal review to continuously improve the content of the Platform, understand any errors you may encounter while using the Platform, notify you of changes, and personalise your use of the Platform. | (a) Technical data | Legitimate interest |
| We use this information to administer the Platform, including providing electronic services to you. We use this information to ensure the quality of our services and to display information on the Platform. We may also use this data to investigate any complaints you make and to provide you with a more efficient service. | Information obtained as a result of the User's activities on the Platform (activity history) | Legitimate interest |
V. CATEGORIES OF PERSONAL DATA COLLECTED BY THE CONTROLLER
1.The Controller processes ordinary personal data to the extent necessary to achieve the purpose of processing. Personal data should be understood as information that relates to the User and allows them to be identified, directly or in combination with other information that we may hold. The Controller collects, uses, stores and transfers various types of personal data grouped as follows:
| Identification data | Includes: first name, last name or similar identifiers, company name |
| Contact details | Includes: email address, telephone number, contact person and shipping details (delivery address) |
| Order processing data | Includes: data relating to Orders and data relating to complaints, claims and requests |
| Device data | Includes: Serial number or IMEI of the device |
| Technical data | Includes: information about the User's technical devices, technical interaction with the website (IP address of the host computer's operating system, browser type, geographical location, User behaviour while browsing and further actions on the website). |
| Marketing and communication data | Includes: your preferences for receiving marketing information from us, preferences of third parties associated with us, and communication preferences. |
| Usage data | Includes: information about how you use the Platform, Products or services. |
| Aggregated data | We collect, use and share aggregated data. This type of data results from the processing of personal data for statistical purposes (output data). Aggregated data comes from your personal data, but is not considered personal data because it does not directly or indirectly reveal your identity. Aggregated data is used exclusively by the Administrator. |
2. The Platform and the Products available on the Platform are not intended for children or persons under the age of 18. The Administrator does not intend to collect data relating to children or persons under the age of 18.
3. The Administrator does not collect any special categories of personal data or data concerning personal preferences and interests.
4. The scope of personal data processed by the Administrator may vary depending on which services or functionalities the User uses.
VI. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
1.Personal data collected by the Platform Administrator is processed in accordance with the provisions of the Regulation, the Act and other applicable laws.
2. The Administrator processes your personal data in the following scope and on the following legal basis:
2.1 provision of electronic services that do not require the creation of an Account and the purchase of Products, i.e. browsing the Platform's pages and subpages, searching for Products, sharing offers of other Sellers (as part of the marketplace service) – we process personal data relating to your activity on the Platform, i.e. data relating to the Products you view, data relating to your device session, operating system, browser, location and unique ID, IP address, including information collected through cookies or other similar technologies – Article 6(1)(f) of the Regulation;
2.2 taking action at your request – such as creating an Account, i.e. data provided in the registration form available on the Platform (i.e. email address and password) – we process your data provided in your Account and when purchasing Products – Article 6(1)(b) of the Regulation;
2.3 performance of the Contract for the Sale of Products available exclusively from the Administrator (e.g. delivery of the ordered Products), we process the personal data provided by you when purchasing the Products, such as your first and last name or company/entity name, e-mail address, tax identification number and data provided for shipping purposes, such as shipping address and telephone number, payment details, as well as for the purpose of handling Orders: maintaining Order history, informing about the status of Order fulfilment – Article 6(1)(b) of the Regulation;
2.4 statistics on the use of individual functionalities available on the Platform, facilitating the use of the Platform and ensuring the IT security of the Platform – we process personal data relating to your activity and the amount of time spent on each subpage, location, IP address, device ID, data about your web browser and operating system – Article 6(1)(f) of the Regulation;
2.5 handling complaints, claims and requests and responding to Users' questions – we process the personal data you provide in the contact form, complaints, claims and requests, or in order to respond to questions submitted in other forms, and certain personal data provided by you in your Account, as well as data relating to the Order and other Services provided by us that are the subject of the complaint, complaint or request, and data contained in documents attached to complaints, complaints and requests – Article 6(1)(b), (c) f) of the Regulation;
2.6 performance of activities related to the protection of the Buyer in respect of transactions via the Platform, including the payment of compensation – Article 6(1)(b) of the Regulation;
2.7 marketing of Products and services, including the delivery of newsletters based on your consent, as well as for marketing purposes of other entities, in particular Sellers using the marketplace service – Article 6(1)(a) of the Regulation;
2.8 with regard to data provided on an optional basis, the legal basis for processing is consent – Article 6(1)(a) of the Regulation;
2.9 organisation of promotions. Detailed information about promotions, including the scope of data collected (other than standard data related to the Order or the provision of the service) will be provided each time in the terms and conditions of participation in the promotion – Article 6(1)(a), (b), (c) and (f) of the Regulation;
2.10 market and opinion research by the Controller, i.e. information about the Order, your data provided during the purchase of Products. Data collected as part of market and opinion research is not used by us for advertising purposes. Detailed instructions are provided in the information about the survey or in the place where you enter your data – Article 6(1)(f) of the Regulation;
2.11 responses to enquiries about Products or services offered by the Administrator or in the scope of assistance in relations with the Seller (Helpdesk form). Personal data in the scope of contact details necessary to respond – Article 6(1)(f) of the Regulation;
2.12 for the purpose of identifying persons who are authorised to represent the User and incur obligations on their behalf (applies to entrepreneurs or customers who are not natural persons) – pursuant to Article 6(1)(b) and (f) of the Regulation;
2.13 for the establishment, investigation and enforcement of claims and defence against claims, we may process your personal data provided when purchasing Products or creating an Account or during the placement of an Order, as well as other data necessary to prove the existence of a claim or resulting from a legal requirement, court order or other legal procedure – Article 6(1)(f) of the Regulation;
2.14 personal data of Users visiting the Administrator's profiles on social media (such as Facebook and similar) are processed solely in connection with the maintenance of the profile, including for the purpose of informing Users about the Administrator's activities and promoting various events, services and Products, as well as for the purpose of communicating with Users through the functionalities available in social media. The legal basis for the processing of personal data by the Administrator for this purpose is its legitimate interest in promoting its own brand and building and maintaining a community associated with the brand – Article 6(1)(f) of the Regulation;
2.15 to comply with the requirements of the General Product Safety Regulation (GPSR) – this may include activities such as identifying or reporting potential product hazards, ensuring product compliance with safety requirements and informing the competent authorities or Users of the need to take safety measures. The scope of data processed for this purpose may include: User identification data, information about purchased Products, contact details for notifications if required by law, and details of reported Product safety issues. The legal basis for processing is the necessity to fulfil the legal obligation incumbent on the Controller – Article 6(1)(c) of the Regulation;
2.16 to fulfil the legal obligations incumbent on the Controller, resulting from tax and accounting regulations – pursuant to Article 6(1)(c) of the Regulation.
3. The personal data of the User (Buyer) is made available to another User (Seller) – i.e. the other party to the Sales Agreement concluded via the Platform. After obtaining the personal data of the Buyer purchasing the Product using the Platform, the Seller is obliged to fulfil all obligations towards the Buyer arising from the Regulation, the Act and other applicable legal provisions, including ensuring that the Buyer's rights under the above legal acts are exercised.
VII. PERIOD OF STORAGE OF PERSONAL DATA
1.Users' personal data will be processed for the duration of the Orders, the Sales Agreement or the agreement for the provision of electronic services, or for the duration of the provision of other services by the Administrator, and until the end of the limitation period for potential claims arising from the above-mentioned agreements, unless a longer processing period is necessary, for example due to archiving or fiscal obligations, including those resulting from tax or accounting regulations or regulations related to product safety or their withdrawal from the market.
2. Users' personal data will be processed until consent to data processing is withdrawn. Personal data will be deleted in the following cases:
2.1 when the data subject requests their deletion, withdraws their consent or objects to their processing;
2.2 when the data subject does not take any action for more than 6 years (inactive account);
2.3 upon obtaining information that the stored data is outdated or inaccurate.
3. Some data (such as email address, first and last name or company/entity name) may be stored for a further period of 3 years for the purposes of evidence, handling complaints, claims and disputes related to the services provided by the Platform – this data will not be used for marketing purposes.
4. We store data relating to non-logged-in customers (including Platform users who do not make purchases) for a period corresponding to the lifetime of the cookies stored on their devices or until they are deleted from the customer's device by the customer.
5. If you send us correspondence (including emails), we store such information in electronic form in your Account records. We will also store customer service correspondence and other correspondence from us to you electronically. We store these records to measure and improve our customer service and to investigate potential fraud and violations. We may delete these records over time in accordance with the law.
VIII. DATA RECIPIENTS
1.In connection with the provision of services, personal data will be disclosed to external entities and entities related to the Administrator, including companies from its capital group and business partners.
2. The Controller only uses the services of processors who provide sufficient guarantees to implement appropriate technical and organisational measures (provided that these entities undertake to maintain confidentiality with regard to the User's personal data collected by the Platform) so that the processing meets the requirements of the Regulation and protects the rights of data subjects. The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the Privacy Policy – the Administrator transfers data only when it is necessary for the purpose of personal data processing and only to the extent necessary to achieve it.
3. Your personal data may be transferred in particular to the following categories of recipients:
3.1 state authorities, e.g. the public prosecutor's office, the Police, the PUODO, the President of the Office of Competition and Consumer Protection, if they request this from us and provide a valid basis for such disclosure,
3.2 service providers we use in the operation of the Platform (e.g. entities providing consulting, accounting, legal assistance, postal, delivery or IT system maintenance services to the Controller, software providers, payment service providers or marketing agencies in the field of marketing services). Depending on contractual arrangements and circumstances, these entities act on behalf of the Administrator or independently determine the purposes and means of processing. In particular, Users' personal data may be transferred to the following recipients or categories of recipients:
3.2.1 carriers, freight forwarders, courier brokers, entities handling warehousing or shipping – the Administrator makes the collected personal data of the User available to a selected carrier, forwarder or intermediary performing shipments on behalf of the Administrator, and if the shipment is made from an external warehouse – to the entity handling the warehouse or shipping process – to the extent necessary to deliver the Product.
3.2.2 entities handling electronic or card payments – in the case of a User who uses electronic or card payment methods, the Administrator makes the collected personal data of the User available to the selected entity handling the above payments on the Platform at the request of the Administrator to the extent necessary to process the payment made by the User.
3.2.3 service providers supplying the Administrator with technical, IT and organisational solutions enabling the Administrator to conduct business activity, including the Platform and electronic services provided through it (in particular, suppliers of computer software for operating the Platform, e-mail and hosting providers, and providers of business management and technical support software for the Administrator) – the Administrator shall make the collected personal data of the User available to a selected provider acting on its behalf only in the event and to the extent necessary to achieve the specific purpose of data processing in accordance with this Privacy Policy.
3.2.4 accounting, auditing, legal, advisory or consulting service providers providing the Administrator with accounting, legal or advisory support (including in particular an accounting office, law firm or debt collection company) – The Controller shall make the collected personal data available to a selected provider acting on its behalf only in the event and to the extent necessary to achieve the specific purpose of data processing in accordance with this Privacy Policy.
4. If required by law or necessary to pursue or defend against claims, we will also disclose personal data to public authorities, including courts and professional representatives (in such cases, these entities will become separate data controllers).
5. In the case of a purchase made on the Platform from an entity other than the Controller, the User's data will be disclosed to the Seller for the purpose of concluding and performing the Sales Agreement. Information on the processing of personal data by the Seller will be provided separately by that Seller.
6. In the event of a complaint or warranty claim, the User's data may be transferred to the Seller or to the distributor of the Product, the manufacturer or the guarantor, depending on the specific Product covered by the warranty.
7. The Administrator may share data with providers of social plugins, scripts and other similar tools (such as Facebook, Google+, Twitter/X, Instagram, TikTok, LinkedIn) that enable the browser of a person visiting the Platform to download content from the providers of the aforementioned plugins or to transfer the personal data of the visitor to these providers for this purpose, including to the extent and in accordance with their privacy policies applicable on the websites of the entities managing the above-mentioned services. Detailed information on this subject can be found at the following links:
7.1 Facebook – https://www.facebook.com/about/privacy/
7.2 Google – https://privacy.google.com/take-control.html?categories_activeEl=sign-in
7.3 Twitter (X) – https://x.com/de/privacy
7.4 Instagram – https://privacycenter.instagram.com/policy
7.5 TikTok – https://www.tiktok.com/legal/page/eea/privacy-policy/de
7.6 LinkedIn – https://linkedin.com/legal/privacy-policy?_l=de_DE
8. The following services are used as advertising management systems: Google Ads, Google Analytics, Facebook Ads, TikTok Ads Manager and similar services, which are designed in such a way that information about the User is not shared directly with external advertisers. The advertiser or creator of the suggestion may choose to target ads only to groups of users who meet criteria such as age, gender or location, or target ads to communities by type. If you belong to one of the target groups, you will receive an ad or recommendation.
9. Please note that clicking on links or enabling connections to third-party websites, plugins and applications allows third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We have no knowledge of the purpose and scope of data collection by these third parties. When you leave our Platform, we encourage you to review the privacy policy of each website you visit. The Administrator is also not responsible for the actions of these third parties.
10. By using VPN services, ‘Private Tab’ mode, Tor Browser or similar tools, you can specify the confidentiality mode and conditions of access to the information listed for the purposes indicated in Chapter IV above. In such a case, however, we cannot guarantee the quality of the services provided. We take technical and organisational measures to ensure the functionality of the relevant website and application tools.
11. Your personal data will not be transferred abroad or to third countries or international organisations, subject to paragraph 12 below.
12. When operating the Platform, the Controller may cooperate with external entities based in other countries (such as Facebook, Google or TikTok). As a result, personal data may be transferred outside the territory of the countries where the Controller is based. Therefore, personal data may be transferred to a third country (i.e. outside the EU or EEA) or to an international organisation if this is necessary and required or related to the services you use on the Platform (third parties based outside the EU). If, in the course of processing, personal data is transferred to recipients in third countries, such transfer will take place on the basis of a decision on the adequate level of protection taken by the European Commission, or on the basis of standard contractual clauses in accordance with the decision of the European Commission, or on another legal basis (e.g. the consent of the data subject).
IX. USER RIGHTS
1.You have the following rights:
1.1 the right to access your personal data and obtain a copy thereof pursuant to Article 15 of the Regulation;
1.2 the right to rectify and supplement your personal data pursuant to Article 16 of the Regulation;
1.3 the right to erase your personal data pursuant to Article 17 of the Regulation;
1.4 to request the controller to restrict the processing of data pursuant to Article 18 of the Regulation, subject to the cases referred to in Article 18(2) of the Regulation;
1.5 to transfer personal data pursuant to Article 20 of the Regulation, where the processing is based on consent pursuant to Article 6(1)(b) of the GDPR;
1.6 to object to the processing of personal data pursuant to Article 21 of the Regulation;
1.7 the right to erasure, where the conditions set out in Article 20 of the Regulation are met.
2. If you believe that we have violated your privacy rights, please contact us so that we can attempt to resolve any issues to your satisfaction.
3. Requests regarding the exercise of data subjects' rights may be submitted in writing or by email (contact details provided in Chapter II of the Policy).
4. The request should, as far as possible, specify the subject matter of the request, i.e. in particular: (i) which right the person making the request wishes to exercise; (ii) which processing operation the request relates to; (iii) which processing purposes the request relates to.
5. The Controller shall, without undue delay, and in any event within one month of receipt of the request, inform you of the actions taken in response to your request. If necessary, the one-month period may be extended by a further two months due to the complexity of the request or the number of requests.
6. In any case, the Controller shall inform you of such an extension within one month of receiving the request, stating the reasons for the delay.
7. You have the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office (address: ul. Stawki 2, 00-193 Warsaw), regarding the unlawful processing of personal data by the Administrator.
X. INFORMATION ON THE OPTIONAL OR MANDATORY NATURE OF PROVIDING DATA AND. POSSIBLE CONSEQUENCES OF NOT PROVIDING DATA
1.Placing an Order (purchasing a Product) or using a service by a Platform User involves the processing of their personal data. Providing data marked as mandatory is required in order to accept and process the Order, and failure to provide such data will result in the Order not being processed. Providing other data is optional.
2. The provision of the required personal data by you is voluntary and constitutes a condition for the provision of services by the Administrator via the Platform.
3. Where the legal basis for the processing of personal data is consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing carried out prior to the withdrawal of consent.
4. Failure to provide certain personal data (identification data or address data) may prevent us from providing services to you, from making purchases through the Platform, from responding to correspondence and handling matters you refer to us, or from fulfilling our legal obligations, in particular:
4.1 providing basic data (customer identification data, e-mail address, telephone number, and in the case of placing an Order – also the delivery address) is necessary to make a purchase on the Platform;
4.2 failure to provide the required data for the purpose of receiving commercial information (Newsletter) will prevent its transmission;
4.3 failure to provide the data required at the Account registration stage will prevent the registration of a User Account.
5. Each time, the data necessary for the performance of the Sales Agreement or electronic services, response to a request or fulfilment of a legal obligation on our part are marked as ‘mandatory’, and failure to provide them will prevent the performance of the above-mentioned activities. Providing data not marked as ‘mandatory’ is voluntary, and failure to provide such data does not entail any negative consequences.
6. We assume that any person who contacts us in commercial matters and provides their personal data consents to its processing for the purposes of providing the services offered by the Administrator.
XI. INFORMATION ON AUTOMATED DECISION-MAKING
- The Administrator may process personal data in an automated manner, however, automated processing will not lead to decisions that have legal effects or similarly significantly affect the situation of Users. Such processing may affect the selection of advertisements displayed or the selection of Products or services offered. You may receive special offers through personalised e-mail (Newsletter) or online advertising.
- When you interact with our Platform, we automatically collect technical data. We collect this personal data using cookies and other similar technologies. We also collect personal data from Users who visit other websites that use our cookies.
- The Controller does not process personal data in a manner that would involve making solely automated decisions about the User.
XII. COOKIES
1.When browsing and using the Platform, ‘cookies’ (hereinafter referred to as ‘Cookies’) are used, i.e. small pieces of text information that are stored on the User's end device in connection with the use of the Platform. Their use is intended to ensure the proper functioning of the Platform's websites. These files allow us to identify the software you are using and tailor the Platform to your individual needs. Cookies usually contain the name of the domain from which they originate, their storage time on the device and the assigned value.
2. The law states that we may store Cookies on your device if it is necessary for the functioning of our Platform – in accordance with Article 399(3) of the Act of 12 July 2024 on Electronic Communications (Journal of Laws 2024.0.1221). We require your consent for all other types of cookies.
3. Cookies that are necessary for the use of our Platform help us monitor the performance and traffic on our website, ensuring its stability and improving its functionality and content in accordance with the preferences of visitors. We use these cookies by default, i.e. we store them on your computer or smartphone when you enter our website. We also use cookies for commercial or advertising purposes to provide visitors with content that is more tailored to their interests.
4. Cookies may store personal data. When you decide to provide personal information to the website, this information may be linked to the data stored in the cookie. By saving these files on your device, it is possible, among other things, to remember your login details so that you do not have to enter your login and password each time, or to remember the items you have added to your basket. Cookies also enable the collection of statistical data, which allows the Administrator to develop their offer in line with customer preferences.
5. Your personal data will be processed for the purpose of providing the basic functions of our Platform, such as navigation and access to secure areas of our website. If you have given your (voluntary) consent, your data will also be processed for the purpose of providing you with services, offers and communications tailored to your preferences, as well as for the purpose of analysing website traffic and providing social media features (depending on your preferences).
6. The Administrator collects information obtained automatically – system logs (so-called event logs), containing in particular public IP addresses and MAC identifiers of users visiting the Platform and using the services provided on the Platform. System logs are used by the Administrator for statistical purposes. Aggregate summaries in the form of statistics do not contain any features identifying Users visiting the Platform.
7. The cookies used are safe for end users' devices. In particular, it is not possible for viruses or other unwanted software or malware to enter your devices through these files.
8. Cookies are not harmful to your device in any way and do not change its settings or the settings of the software installed on it. The content of these files can only be read by the Internet service provider who created them.
XIII. BLOCKING COOKIES
1.You have the following options regarding our cookies: you can either (i) accept all cookies and other mechanisms (‘Accept all’), which will allow you to access all features of the website, or (ii) reject unnecessary cookies (‘Reject all’), or (iii) customise your cookie options (‘Cookie preferences’). The latter two options may significantly reduce the comfort of using the Platform.
2. You can choose how your device handles cookies through your web browser settings. You can also block the installation of cookies on your device or the tracking of your online activity by such files by changing your browser settings. If you do not change these settings, you accept the use of cookies. Most browsers offer the option to accept or reject all cookies, accept only certain types, or inform the user each time a website attempts to save them. However, please note that in this case, you may experience limited presentation of online services and limited guidance for the User.
3. You can also easily delete cookies that have already been stored on your device by your browser. In this case, the information contained in them will be deleted from your end device. The management and deletion of cookies varies depending on the browser you are using. You can find detailed information on this in the help function of your browser.
XIV. COOKIES USED BY THE ADMINISTRATOR
2 types of cookies:
1.Session cookies (temporary) – are stored on your device and remain there until the end of the browser session (automatically deleted when you leave the Platform). The stored information is then permanently deleted from your device's memory. The session cookie mechanism does not allow any personal data or confidential information to be downloaded from your device. We use these files to recognise that you have already visited individual pages or subpages of our Platform or that you have already logged into your Account.
2. Persistent cookies – are stored on your device and remain there until they are deleted. Ending your browser session or turning off your device does not delete them from your device. The persistent cookie mechanism does not allow any personal data or confidential information to be downloaded from your device. If you visit our Platform again to use our services, you will be automatically recognised as having already visited us and the entries and settings you have made will be remembered so that you do not have to re-enter them.
XV. THIRD-PARTY COOKIES
Third-party cookies are information originating, for example, from advertising servers, company servers and service providers (e.g. internal search engines) cooperating with the Platform.
1.This type of cookie allows you to tailor the website to your preferences and habits. They also allow you to evaluate the effectiveness of advertising activities (e.g. by counting how many people clicked on a given advertisement and went to the advertiser's website).
2. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to your preferences (enabling companies to promote their products and services on Google search results pages, YouTube, and the Google advertising network). For this purpose, information about your browsing behaviour or the time you spent on a website may be stored. To view and edit information about your preferences collected by the Google advertising network, you can use the tool available at the following link: https://www.google.com/ads/preferences/.
3. In addition, the Platform may use third-party cookies related to the promotion of the Platform on social media (such as Facebook, Instagram, or TikTok – along with links to information about these files:
3.1 Facebook – https://www.facebook.com/about/privacy/
3.2 Google – https://privacy.google.com/take-control.html?categories_activeEl=sign-in
3.3 Twitter (X) – https://x.com/de/privacy
3.4 Instagram – https://privacycenter.instagram.com/policy
3.5 TikTok – https://www.tiktok.com/legal/page/eea/privacy-policy/de
3.6 LinkedIn – https://linkedin.com/legal/privacy-policy?_l=de_DE
XVI. SECURITY MEASURES IMPLEMENTED BY THE CONTROLLER
1.The Administrator conducts ongoing risk analysis to ensure that personal data is processed by them in a secure manner – ensuring, above all, that access to the data is only granted to authorised persons and only to the extent necessary for the performance of their tasks. The Administrator ensures that all operations on personal data are recorded and carried out only by authorised employees and associates.
2. The Administrator takes all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
3. The Controller shall make every effort to protect the privacy and information provided to it concerning Users. The Controller shall select and apply appropriate technical measures, including programming and organisational measures, with due care to ensure the protection of the data being processed.
4. The Administrator shall apply technical and organisational measures to ensure the protection of personal data processed as specified in Articles 25-30, 32-34, 35-39 of the Regulation, ensuring increased protection and security of the processing of Users' personal data, appropriate to the risks and categories of data covered by protection, and in particular shall protect the data technically and organisationally against unauthorised access, removal by an unauthorised person, processing in violation of the law, and alteration, loss, damage or destruction, including the use of SSL (Secure Socket Layer) certificates. The collection of personal data of Users is stored on a secure server and the data is also protected by the Administrator's internal procedures for the processing of personal data and information security policy.
XVII. RECOMMENDATIONS FOR PLATFORM USERS
For their own safety, all Platform Users, including Buyers, should remember to:
1.Set up a login and password for their User Account that cannot be easily guessed by third parties. In particular, we recommend using a combination of letters and numbers, upper and lower case letters, and special characters in your password;
1.Log out of the Platform after finishing a session (completed purchases, etc.). Simply closing the browser window is not equivalent to logging out of the website. logging out of the Platform after each session (completed purchases, etc.). Simply closing the browser window does not mean that you have logged out of the website;
2. Keeping your login and password for your Account secret, in particular by not disclosing this information to any third parties;
3. Using up-to-date anti-virus software, including regular scanning of disks for viruses and spyware;
4. Use only current versions of web browsers and updates to the operating system of your computer or mobile device;
5. Use the Platform only through trusted end devices (such as in particular computers and tablets) on which only verified software is installed, as well as from trusted ICT networks. Using other people's end devices and untrusted ICT networks creates the risk of third parties intercepting your login, password or other data you provide;
6. However, if you use the Platform on a third-party device (such as an internet café), remember not to save any data on the computer and to delete your browsing history, which is particularly recommended. The data you save may be accessed by the person who uses the device after you.
7. Immediately change your password if you suspect that it may have been compromised;
8. Report any problems or unusual situations that may threaten the security of information when using the Platform to the Administrator's email address (provided for contact purposes).
XVIII. FINAL PROVISIONS
Due to continuous development and technological progress, the rules set out in this Privacy Policy may change. The Policy is reviewed on an ongoing basis and updated as necessary. The Platform User will be informed of any changes to these rules in advance by posting the new content of this document on the Platform.