Save to shopping list
Create a new shopping list

Privacy policy

§ 1. Content of this document

  1. This document constitutes a set of information concerning the processing of personal data and other information related to the use of the Online Shop available at www.esus-it.ro
  2. This document includes in particular the information which the Personal Data Controller is obliged to make available to the data subjects in connection with the processing of personal data. The Administrator, through the Website and other forms of communication, collects and processes the following specified personal data of Users provided during the registration processes on the Website: first and last name, residential address, e-mail address, telephone number, ... etc.".
  3. Detailed information on the use of cookies or other similar technologies can also be found in the Cookie Policy available at www.esus-it.ro/Cookies-policy-cterms-eng-316.html

§ 2. Definitions

Whenever the Privacy Policy refers to:

  1. Controller – it shall mean the Personal Data Controller;
  2. Online Shop – it shall mean the online shop available at www.esus-it.ro
  3. Customer – it shall mean:
    1. a natural person with full legal capacity, and in the cases provided for by generally applicable laws, a natural person with limited capacity to perform acts in law, or,
    2. a legal person, or,
  4. Person Visiting the Online Shop – it shall mean any person who uses the Online Shop;
  5. Account – it shall mean the Service consisting in providing individually personalised Client’s administrative panel available after registration and logging in the Online Shop, where the data provided by the Customer, information about the Orders placed by him or her and the concluded Sales Agreements are collected;
  6. Seller – it shall mean ESUS IT sp. z o.o., entered into the Central Register and Information on Economic Activity, Tax Identification Number (NIP): PL8522690002, Business Identification Number (REGON): 524134686, ul. Somosierry 30A, 71-181 Szczecin, Poland;
  7. Product – it shall mean a movable property available in the Online Shop which is the subject of the sale agreement between the Customer and the Seller;
  8. Service – it shall mean a service provided by electronic means to the Customer by the Seller on the terms specified in the Terms and Conditions;
  9. User – it shall mean a person logged in the Online Shop to the Account.

§ 3. Personal Data Controller

  1. The Controller of the Personal Data of the Persons Visiting the Online Shop and the Customers is ESUS IT sp. z o.o., entered into the Central Register and Information on Economic Activity, with Tax Identification Number (NIP): PL8522690002, Business Identification Number (REGON): 524134686, ul. Somosierry 30a, 71-181 Szczecin, Poland.
  2. The Controller can be contacted:
    1. by e-mail to the following address: admin@esus-it.com
    2. by phone under the telephone number: +48 530 453 637, +48 692 874 210, +48 507 472 637.
    3. in writing, to the address of the Seller, i.e. ESUS IT sp. z o.o., ul. Somosierry 30A, 71-181 Szczecin, Poland.
  3. The costs of using the means of remote communication referred to in section 3 shall be borne by the Customer. Such fees shall be charged according to the rates of the telecommunications operator whose services are used,
  4. The Administrator undertakes to make every effort to maintain proper security of the Customer's personal data.

§ 4. Type, purposes, legal bases for personal data processing

  1. Processing of your personal data allows us to provide services such as maintaining your account, processing orders, contact related to the execution of the contract, and sending marketing information (including newsletters).
  2. In order to ensure proper operation of the Website, personal data of the Persons Visiting the Online Shop and Users are processed, including:
    1. information contained in cookies or other similar technologies, sessions data,
    2. system logs that contain the data are used exclusively to administer the service and to ensure the most efficient operation of the services provided. The viewed resources are identified through URLs. In addition, the following may be subject to recording: the time of the request, the time of sending the response, the name of the Customer's station – identification by HTTP protocol, information on errors that occurred during the implementation of HTTP transactions, the URL of the previous page visited by the user (referrer link) – if coming to the Website was via a link, information about the browser, information about IP address, information on the end device.
  3. The data referred to in section 1(b) shall not be associated with specific persons browsing the Website or the Users, but when combined with other information, they may constitute personal data and, therefore, the Controller covers them with full protection to be granted under the GDPR;
  4. The information contained in cookies defined as Necessary is processed on the basis of Article 6(1)(f) of the GDPR, within the scope of legitimate interest of the Controller consisting in ensuring the proper functioning of the Website, i.e. ensuring such functions as navigation on the Website and access to its secured areas. Without the cookies, the Website cannot function properly;
  5. The information contained in cookies defined as Functional, Statistical and Marketing is processed on the basis of Article 6(1)(a) of the GDPR, i.e. on the basis of the granted consent;
  6. The information contained in cookies defined as Functional is processed for the purpose of recording information that changes the appearance or functioning of the Website;
  7. The information contained in cookies defined as Statistical cookies is processed in order to determine the behaviour of the Persons Visiting the Online Shop and the Users;
  8. The information contained in cookies defined as Marketing cookies is processed in order to display advertisements that are relevant and interesting for individual Persons Visiting the Online Shop and Users, in particular corresponding to their preferences.
  9. In order to properly provide services through the Website, in particular to register and maintain the Account, personal data of the Users are processed, including:
    1. in the case of the Customer being a natural person: the first name, surname, street name and number, postal code, city, phone, e-mail address, country, login,
    2. in the case of the Customer who is a natural person conducting business activity or the Customer not being a natural person: the company name, Tax Identification Number (NIP), first name, surname, street name and number, postal code, city, phone, e-mail address, country, login, password.
  10. If the sale agreement is concluded without creating an Account or logging into the Account, it is necessary to provide the data referred to in section 8.
  11. The data referred to in sections 8 and 9 shall be processed on the basis of Article 6(1)(b) of the GDPR, as they are necessary for concluding and performing the agreement with the Customer.
  12. In connection with performing he agreement for the sale of the Products, there are tax and settlement related data covering:
    1. the Customer’s business name,
    2. e-mail address,
    3. full name,
    4. name of the company, in the case of Users who are natural persons conducting business activity,
    5. Tax Identification Number (NIP), in the case of Customers who are natural persons conducting business activity,
    6. the business address, in the case of Customers who are natural persons conducting business activity,
    7. settlement data.
    8. processed on the basis of Article 6(1)(c) of the GDPR, as they are necessary for performing legal obligations imposed on the Controller.

  13. In order to examine complaints the Controller processes personal data of the Customers filing complaints, in particular:
    1. the e-mail address,
    2. first and last name of the Customer,
    3. the Customer’s business name,
    4. content of the complaint,
    5. circumstances of the event giving rise to the complaint,
    6. information obtained in the course of processing the complaint, including explaining the event being the cause of the complaint.

    In the course of processing the complaint, the Controller may process other information, including:

    1. information on the use of the Services by the Customer,
    2. cookies or other similar technologies, information about devices,
    3. system logs.
  14. The data referred to in section 12 are processed on the basis of Article 6(1)(b) of the GDPR, as they are necessary for performing the agreement with the Customer.
  15. If the Customer uses the following services:
    1. Availability Notifications,

    the Customer’s personal data, including e-mail address, are processed. The data are processed on the basis of Article 6(1)(f) of the GDPR as part of the Controller’s legitimate interest consisting in ensuring the Website functionality availability.

  16. If the Customer uses the following services:
    1. Newsletter.

    the Customer’s personal data, including the Customer’s name and e-mail address, are processed. The data are processed on the basis of the granted consent, i.e. Article 6(1)(a) of the GDPR.

  17. In the event of investigation proceedings concerning a possible violation of the provisions of the Terms and Conditions of Electronic Service Provision or the provisions of law, rules of social co-existence or good practice, proceedings for the purpose of pursuing claims by the Controller or third parties, as well as defending against claims of such entities, the Controller may process personal data of specific Customers or Users, in particular those referred to in sections 1, 8-9, 11-12, on the basis of the Controller’s legitimate interest consisting in pursuing or defending against claims.
  18. If it is necessary to communicate with the Customers or the Users, the Controller may process the personal data including:
    1. e-mail address,
    2. telephone number.

    on the basis of the Controller’s legitimate interest consisting in conducting communication for purposes related to the functioning of the Website.

  19. In the case of processing personal data on the basis of a consent, it is possible to withdraw it at any time. The withdrawal of the consent shall not affect the lawfulness of the processing based on the consent before its withdrawal.
  20. The withdrawal of the consent is possible by contacting the Controller in the manner specified in § 3 section 2 or by writing e-mail to the following address: admin@esus-it.com

§ 5. Duration of the personal data processing

  1. Personal data processed on the basis of the granted consent (Article 6(1)(a)) shall be processed until the consent is revoked or the purpose of processing ceases to exist.
  2. Personal data processed for the purpose of concluding or performing the agreement (Article 6(1)(b) of the GDPR)) will be processed until the limitation period for the claims arising from the agreement has expired.
  3. Personal data processed on the basis of the legal obligation imposed on the Controller shall be processed for the period specified in the provisions of law.
  4. Personal data will be stored for the duration of the contract and for a period in accordance with the applicable legislation taking into account the statute of limitations for claims and tax obligations. Personal data for the processing of which you have given your consent will be stored until you withdraw your consent.
  5. In any case, the period of personal data processing may be postponed until the limitation period for the claims has expired.

§ 6. Data Recipients

  1. The Controller may transfer personal data of the Persons Visiting the Online Shop or the Users, to recipients operating outside the Controller’s structure for the purposes specified in § 4, to the extent necessary for their performance. Data recipients are:
    1. entities to which personal data must be made available under the provisions of law, in particular public administration bodies such as fiscal administration authorities. Data may also be made available to the authorities of other Member States of the EU and to courts to the extent resulting from the Community or national law,
    2. entities with which the Controller cooperates in order to perform its tasks, execute rights or perform obligations, in particular providing IT, debt collection, HR, accounting, transport, marketing, archiving or destruction services,
    3. entities that are independent data controllers, in particular such as:
      1. entities providing legal, auditing, tax advisory services;
      2. certification bodies, i.e. granting and verifying the accreditations held;
      3. entities conducting activity related to payments (banks, payment institutions);
      4. entities providing courier or postal services;
    4. entities providing training services.
  2. In particular, data may be made available to the following entities:
  3. Sale:

    1. IAI S.A. with its registered office in Szczecin – in order to use the sales system,
    2. InsERT S.A. with its registered office in Wrocław – in order to use the invoicing system,
    3. Google LTD with its registered office in Ireland (Dublin) – in order to use the sales/analytic system.

    Delivery:

    1. FEDEX Frederick W.Smith with its registered office in Memphis, Tennessee (USA) for transport services, i.e. dispatching shipments,
    2. Sendit S.A. with its registered office in Wrocław – for transport services, i.e. dispatching shipments,
    3. InPost S.A. with its registered office in Cracow – for transport services, i.e. dispatching shipments,
    4. Poczta Polska with its registered office in Warsaw – for transport services, i.e. dispatching shipments,
    5. DHL Express (Poland) Sp. z o.o. with its registered office in Warsaw – for transport services, i.e. dispatching shipments,
    6. DHL Express (Poland) Sp. z o.o. z siedzibą w Warszawie - w celu obsługi transportowej tj. wysyłki przesyłek,
    7. UPS Europe SPRL/BVBA with its registered office in Brussels (Belgium) – for transport services, i.e. dispatching shipments,
    8. DPD Polska Sp. z o.o. with its registered office in Warsaw – for transport services, i.e. dispatching shipments,
    9. General Logistics Systems Poland Sp. z o.o. in Głuchowo – for transport services, i.e. dispatching shipments.

    Finance:

    1. Biuro Rachunkowe Magdalena Żabska with its registered office in Szczecin – to use the services of an external accounting office,
    2. Biuro Rachunkowe Andrzej Siegień with its registered office in Połczyn Zdrój – to use the services of an external accounting office,
    3. Przelewy24 PayPro S.A. with its registered office in Poznań – to handle online payments,
    4. Krajowy Integrator Płatności S.A. in Poznań (Tpay.pl) – to handle online payments,
    5. PayPal (Europe) S.à.r.l. & Cie, S.C.A with its registered office in Luxembourg – to handle online payments,
    6. PayU S.A. with its registered office in Poznań – to handle online payments,
    7. Klarna Poland SP. Z O.O – to handle online payments,
    8. Elavon Financial Services with its registered office in Warsaw – to handle online payments,

    Data storage:

    1. IAI S.A. with its registered office in Szczecin – for the purpose of storing data on the server,
    2. IQ PL Sp. z o.o. in Gdańsk – for storing data on the server,
    3. Krajowy Rejestr Długów Biuro Informacji Gospodarczej S.A. in Wrocław – for data verification,
    4. Towarzystwo Ubezpieczeń Euler Hermes S.A. with its registered office in Warsaw – for data verification.

    Marketing:

    1. Edrone sp. z o.o., ul. Lekarska 1, 31-203 Kraków - for marketing purposes,
    2. Trusted Shops with its registered office in Cologne, Germany – for marketing purposes,
  4. When cooperating with the entities referred to in section 1(b), the Controller entrusts them with personal data to the extent necessary to perform the tasks and duties. Due to concluding appropriate contractual provisions and applying other measures, such as inspections, the entrusted personal data are processed in a way that protects privacy.
  5. The Controller does not have any influence on the manner and scope of personal data processing by the entities referred to in section 1(c).

§ 7. Data transfer to third countries

Personal data of the Persons Visiting the Online Shop or Customers shall be processed in a country located in the European Economic Area, hereinafter referred to as the EEA.

If information is to be provided outside the European Economic Area, this will only take place under the procedures required by the provisions on the protection of personal data.

§ 8. Rights of data subjects

  1. Each data subject shall have the right to:
    1. access the data – obtain confirmation from the Controller whether their personal data are processed. If personal data are processed, they are entitled to access them and obtain the following information: the purposes of processing, categories of personal data, data recipients or categories of recipients to whom the data have been or will be disclosed, the period of data storage or the criteria for their determination, the right to request data rectification, erasure or restriction of their processing to which the data subject is entitled and to object to such processing (Article 15 of the GDPR),
    2. receive a copy of the data - You may submit requests regarding the processing of your personal data by e-mail to the data administrator e-mail address,
    3. rectify the data - request rectification of the personal data that are inaccurate, or supplementing incomplete data,
    4. erase the data - The user has the right at any time to inspect and change his/her personal data and to request the Administrator to delete it immediately ("right to be forgotten"),
    5. restrict the processing - request restriction of the processing of personal data when:
      1. the data subject contests the correctness of personal data – for a period enabling the Controller to verify the correctness of such data;
      2. the processing is unlawful and the data subject opposes their erasure, requesting restricting their use;
      3. The Controller no longer needs such data, but they are necessary for the data subject to establish, pursue or defend claims;
      4. the data subject has objected to the processing – until it is established that legitimate grounds on the part of the Controller override the grounds for the objection of the data subject.
    6. transfer the data - receive the personal data concerning him or her which he or she provided to the Controller in a structured, commonly used and machine-readable format, and to request that such data be transmitted to another Controller, if the data are processed on the basis of the data subject’s consent or an agreement concluded with him or her and if the data are processed in an automated manner, e.g. your personal data may be passed on to a payment operator and a courier company.
    7. object - object to the processing of his or her personal data for the Controller’s legitimate purposes, for reasons related to his or her particular situation, including profiling. In such a case, the Controller shall assess the existence of valid legitimate grounds for processing, superior to the interests, rights and freedoms of the data subjects or the grounds for establishing, pursuing or defending claims. If, in accordance with the assessment of the interests of the data subject, the data subject’s interests override the interests of the Controller, the Controller is obliged to cease to process the data for those purposes,
    8. withdraw the consent - at any time and without stating the reason, but the processing of personal data carried out prior to the withdrawal of the consent will continue to be lawful. If the consent is withdrawn, the Controller will cease the processing of personal data for the purpose for which such consent was expressed.
  2. The rights referred to in section 1 may be exercised by contacting the Controller in the manner specified in § 3 section 2;
  3. In order to be sure that the applicant is entitled to exercise the rights referred to in section 1, the Controller may ask the applicant to provide additional information allowing for the identification.

§ 9. President of the Office for Data Protection

You have the right to lodge a complaint with the supervisory authority in charge of personal data protection - the President of the Office for Personal Data Protection., with its registered office in Warsaw, ul. Stawki 2, who can be contacted as follows:

  1. by post: ul. Stawki 2, 00-193 Warsaw;
  2. by the electronic transmission box of the Authority;
  3. by phone: +48 (22) 531 03 00.

§ 10. Obligation to provide data

  1. Providing the data referred to in § 4 sections 8 - 9, 12 is a contractual obligation. If such data are refused, it will not be possible to conclude or perform the agreement with the Controller;
  2. Providing the data referred to in § 4 section 11 is a statutory obligation. The consequence of failure to provide the data is the Controller’s inability to provide services;
  3. In the remaining scope, providing the personal data is voluntary; however, the refusal to provide such data may prevent:
    1. achieving full comfort of using the Website – in the case referred to in § 4 section 5,
    2. keeping statistics on the operation of the Website and the quality of services provided by the Controller – in the case referred to in § 4 section 6,
    3. displaying adjusted marketing content – in the case referred to in § 4 section 7, which will not affect the number of displayed advertisements,
    4. using the Website or Services – in other cases.

§ 11. Amendment of the Privacy Policy

  1. The Privacy Policy may be supplemented or updated in accordance with the Controller’s current needs in order to ensure providing current and reliable information on personal data processing;
  2. If it is necessary to amend the Privacy Policy, the Controller shall inform the Customers of the kind and nature of the changes by sending them electronically, to the e-mail addresses assigned to the Account, the amended version of the Terms and Conditions and providing information on the website of the Online Shop, no later than 14 days before the planned changes are made.
  3. Matters that have not been provided for in the Rules and Regulations shall be governed by the provisions of the Civil Code and relevant Polish acts of law, and also by the European Union laws, especially GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
  4. The privacy policy valid until 01.04.2022 is available at: www.esus-it.ro/privacy-policy-cterms-eng-12.html

    This privacy policy is valid from 02.04.2022.

    Privacy-policy-2022.pdf
pixel