Privacy Policy

PRIVACY POLICY OF THE ONLINE STORE
WWW.ONE-SLEEVE.COM

§ 1
GENERAL PROVISIONS

  1. The controller of personal data collected via the online store www.one-sleeve.com is Christian Ferdouël conducting business under the name Christian Ferdouël Collections, registered in the Central Registration and Information on Business of the Republic of Poland, maintained by the minister competent for economic affairs, with the place of business and correspondence address: ul. Wadowicka 7, 30-347 Kraków, NIP: 6772529577, REGON: 542514759, email: kontakt@one-sleeve.com, telephone: +48 517 355 576, hereinafter referred to as the “Administrator” and simultaneously the “Service Provider.”
  2. Personal data collected by the Administrator through the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR).
  3. Any terms written with capital letters in this Privacy Policy shall be understood according to the definitions contained in the Store’s Terms and Conditions.
  1. § 2
    TYPES OF PERSONAL DATA PROCESSED, PURPOSE, AND SCOPE OF DATA COLLECTION
  1. Purpose of Processing and Legal Basis
    The Administrator processes personal data of Users of the Store www.one-sleeve.com in the following cases:
    1. Account registration in the Store, for the purpose of creating an individual account and managing it, based on Article 6(1)(b) GDPR (performance of an electronic service contract according to the Store’s Terms and Conditions).
    2. Placing an Order in the Store, for the purpose of executing a Sales Agreement, based on Article 6(1)(b) GDPR (performance of a sales contract).
    3. Subscribing to the Newsletter, for the purpose of sending commercial information electronically, based on the user’s separate consent, under Article 6(1)(a) GDPR.
    4. Using the Opinion System, for the purpose of obtaining feedback on the Sales Agreement concluded with the Administrator, based on Article 6(1)(f) GDPR (legitimate interest of the business).
  2. Types of Personal Data Processed
    The User provides the following data depending on the service:
    1. Account: email address.
    2. Order: first name and last name, date of birth, residential address, NIP (tax ID), email address, telephone number.
    3. Newsletter: first name and last name, email address.
    4. Opinion System: first name and last name, email address.
  3. Data Retention Period
    1. If the basis for data processing is the performance of a contract, data shall be stored as long as necessary to execute the contract, and afterward for the period corresponding to the limitation period of claims. Unless a specific provision states otherwise, the limitation period is six years, and for periodic performance claims or claims related to business activity – three years.
    2. If the basis for processing is consent, data will be stored until consent is withdrawn, and after withdrawal, for the period corresponding to the limitation of claims that the Administrator may raise or that may be raised against it. Unless a specific provision states otherwise, the limitation period is six years, and for periodic performance claims or claims related to business activity – three years.
  4. During the use of the Store, additional information may be collected, in particular: IP address assigned to the User’s computer or external IP address of the Internet provider, domain name, browser type, access time, operating system type.
  5. Upon separate consent under Article 6(1)(a) GDPR, data may also be processed for sending commercial information electronically or making telephone calls for direct marketing – including profiling, if the User has given the appropriate consent.
  6. Profiling may occur in connection with the User’s activity in the Store, aimed at selecting appropriate advertising content to be directed to the User.
  7. Profiling means any form of automated processing of personal data used to evaluate certain personal aspects of a natural person, particularly to analyze or predict aspects concerning the person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. Profiling does not create legal effects for the User or otherwise significantly affect their situation. Its purpose is solely to better tailor marketing content and offers.
  8. Navigation data may also be collected, including information about links and references clicked by the User or other actions taken in the Store. The legal basis is the legitimate interest of the Administrator (Article 6(1)(f) GDPR) aimed at facilitating the use of electronic services and improving their functionality.
  9. Providing personal data by the User is voluntary.
  10. The Administrator takes particular care to protect the interests of data subjects and ensures that the collected data is:
    1. Processed lawfully,
    2. Collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
    3. Accurate and adequate for the purposes for which it is processed and stored in a form that allows identification of the data subjects, no longer than necessary to achieve the purpose of processing.

§ 3
DISCLOSURE OF PERSONAL DATA

  1. Personal data of Users may be shared with service providers used by the Administrator in operating the Store, including:
    1. Entities providing product delivery,
    2. Payment system providers,
    3. Opinion survey system providers,
    4. Accounting offices,
    5. Hosting providers,
    6. Software providers enabling the operation of the business,
    7. Mailing system providers,
    8. Software providers necessary for running the online store.
  2. Depending on contractual arrangements and circumstances, service providers to whom personal data are transferred either act according to the Administrator’s instructions regarding purposes and methods of processing (processors) or independently determine the purposes and methods of processing (independent controllers).
  3. Personal data of Users are stored exclusively within the European Economic Area (EEA), except as provided in § 5(5) and § 6 of this Privacy Policy.
  4. Data may be transferred outside the EEA, in particular to the United States, in connection with the use of analytics and marketing service providers (e.g., Google LLC, Meta Platforms Inc.). Such transfer is based on Standard Contractual Clauses (SCC) approved by the European Commission pursuant to Article 46(2)(c) GDPR.

§ 4
RIGHT TO ACCESS, CORRECT, AND RECTIFY PERSONAL DATA

  1. A data subject has the right to access their personal data and to request their correction, deletion, restriction of processing, data portability, to object, and to withdraw consent at any time without affecting the lawfulness of processing based on consent prior to its withdrawal.
  2. Legal basis for the User’s rights:
    1. Right of access – Article 15 GDPR,
    2. Right to rectification – Article 16 GDPR,
    3. Right to erasure (“right to be forgotten”) – Article 17 GDPR,
    4. Right to restriction of processing – Article 18 GDPR,
    5. Right to data portability – Article 20 GDPR,
    6. Right to object – Article 21 GDPR,
    7. Right to withdraw consent – Article 7(3) GDPR.
  3. To exercise these rights, a request may be sent via email to: kontakt@one-sleeve.com
  4. The Administrator shall comply with or refuse a request without undue delay, but no later than within one month of receipt. If due to the complexity or number of requests the Administrator cannot comply within one month, the deadline may be extended by two additional months, provided the User is informed within one month of the reasons for the extension.
  5. If a User believes that personal data processing violates GDPR, they have the right to lodge a complaint with the President of the Office for Personal Data Protection.

§ 5
“COOKIES” FILES

  1. The Administrator’s website uses “cookies” files.
  2. The installation of “cookies” is necessary for proper provision of services on the Store website. Cookies contain information essential for the proper functioning of the site and enable the compilation of general statistics on website visits.
  3. Two types of cookies are used: session cookies and persistent cookies.
    1. Session cookies are temporary files stored on the User’s device until logout (leaving the website).
    2. Persistent cookies are stored on the User’s device for the period specified in the cookie parameters or until deleted by the User.
  4. The Administrator uses its own cookies to better understand User interaction with the website content. Cookies gather information about site usage, referring site, number of visits, and duration of visit. These do not register personal data.
  5. External cookies may be used for collecting general and anonymous statistical data via Google Analytics (external cookie administrator: Google LLC, USA).
  6. Cookies may also be used by advertising networks (especially Google) to display ads tailored to the User’s behavior on the Store.
  7. Users may control cookie access:
    1. Choosing the types of cookies they consent to via the consent banner,
    2. Changing browser settings. Detailed guidance is available in the browser software settings.

§ 6
ADDITIONAL SERVICES RELATED TO USER ACTIVITY

  1. Social media plugins (“plugins”) are used on the Store. When visiting www.one-sleeve.com, the User’s browser connects directly to Facebook, TikTok, and Instagram servers.
  2. The plugin content is provided by the service provider directly to the User’s browser and integrated into the page. This allows the service providers to know that the User’s browser has visited the Store, even if the User is not logged into the service or does not have an account.
  3. If the User is logged into the social network, the visit may be linked directly to their profile.
  4. Using the plugin (e.g., clicking “Like” or “Share”) sends information directly to the provider’s server.
  5. Details regarding data collection and processing by the service providers, including contact and privacy settings, are available at:
    1. https://www.facebook.com/policy.php
    2. https://www.tiktok.com/legal/page/us/privacy-policy/en 
    3. https://help.instagram.com/519522125107875?helpref=page_content
  6. To prevent data from being linked to the User’s profile, the User must log out before visiting the site or block plugins via browser extensions (e.g., NoScript).
  7. The Administrator uses remarketing tools (Google Ads) involving Google LLC cookies. Users may control whether Google Ads cookies are used.

§ 7
FINAL PROVISIONS

  1. The Administrator implements technical and organizational measures ensuring the protection of processed personal data, appropriate to the risks and categories of protected data, and in particular safeguards the data against disclosure to unauthorized persons, access by unauthorized individuals, processing in violation of applicable regulations, as well as against alteration, loss, damage, or destruction.
  2. The Administrator provides appropriate technical measures to prevent unauthorized persons from collecting or modifying personal data transmitted electronically.
  3. In matters not regulated by this Privacy Policy, the provisions of GDPR and other applicable provisions of Polish law shall apply accordingly.
  4. The Administrator updates this Privacy Policy in connection with legal changes or the development of its business. Information about modifications will be published at least 7 days before their entry into force on the Store’s website or sent by email to Users of continuous Electronic Services (Account, Newsletter).