Dear User!

We are committed to protecting your privacy and want you to feel comfortable while using our services. This is why we would like to present you with the most important information on principles regarding the processing of your personal data and cookies used by our Website. This information was prepared in compliance with the GDPR – the General Data Protection Regulation.

Personal data controler

SHOPLO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered seat at ul. Pawia 9, 31-154 Kraków,

Poland, entered into the National Court Register - register of entrepreneurs by SĄD REJONOWY DLA KRAKOWA ŚRÓDMIEŚCIA W KRAKOWIE, XI WYDZIAŁ GOSPODARCZY KRAJOWEGO REJESTRU SĄDOWEGO, under KRS no.

0000417586, NIP 5213630420, REGON no. 14608785800000, share capital PLN 88300,00.

Remember that in reference to the personal data of your clients, contractors or employees, which can be entered into the Shoplo software, you are the controller – we process the data as a processor, on your documented instructions and on your behalf (including processing under a data processing agreement), or without such instructions only if we are obliged to do so by the law.

If you want to contact us in relation to the processing of your personal data, please send an e-mail to: info@shoplo.com.

Your rights

You have the right to:

  • access your personal data, including the right to receive a copy of your data (Article 15 of the GDPR or – if applicable – Article 13 (1) (f) of the GDPR), 
  • correct them (Article 16 of the GDPR), 
  • delete them (Article 17 of the GDPR), 
  • limit their processing (Article 18 of the GDPR), 
  • transfer data to another controller (Article 20 of the GDPR).

Furthermore, you have the right to:

  • object to the processing of your data at any time:
  • for reasons related to your particular situation – regarding the processing of your personal data in accordance with Article 6 (1) (f) of the GDPR (i.e. based on the legally justified interests realised by us), including profiling (Article 21 (1) of the GDPR); 
  • if the personal data are processed for direct marketing purposes including profiling, within the scope in which the processing is related to such direct marketing (Article 21 (2) of the GDPR).

Please contact us if you want to exercise your rights. Your objection to our use of cookies (about which you can read below) can be expressed, in particular, through the appropriate browser settings.

If you think that your data are processed unlawfully, you can submit a complaint to the President of the Personal Data Protection Office.

Personal data and privacy

You will find detailed information on the processing of your data depending on your activities in the table below.

1. Using free-of-charge services offered on the Website

What for?
performance of the contract for the provision of services within the Website
On what basis?
contract for the provision of services (Article 6 (1) (b) of the GDPR)
How long?
for the duration of the contract
furthermore, your data will be processed until the expiry of the period during which redressing is possible – by you or us (more information on this subject can be found in the last table of this section)
What happens if you do not provide your data?
you will not be able to use our services

2. Using paid services offered on the Website

What for
implementation of the contract for the provision of services within the Website
On what basis?
contract for the provision of services (Article 6 (1) (b) of the GDPR)
our legal obligation to process your personal data (Article 6 (1) (c) of the GDPR)
For how long?
for the duration of the contract
until the legal obligation related to accounting ceases to apply
furthermore, your data will be processed until the expiry of the period during which redressing is possible – by you or us (more information on this subject can be found in the last table of this section)
What happens if you do not provide your data?
you will not be able to use our services

3. Contacting us (e.g. making an inquiry)

What for?
processing of your inquiries or submissions
On what basis?
contract or actions taken at your request to conclude it (Article 6 (1) (b) of the GDPR) – if your inquiry or notification concerns a contract that we are or may be a party to
our legitimate interest in processing your data is to communicate with you (Article 6 (1) (f) of the GDPR) – if your inquiry or notification is not related to the contract
For how long?
for the duration of the contract binding us or - if the contract is not concluded - until the expiry of the redress period – see the last table in this section*
until the expiry of the redress period – see the last table in this section - or until we accept your objection to the processing *
furthermore, your data will be processed until the expiry of the period during which redressing is possible – by you or us (more information on this subject can be found in the last table of this section)
What happens if you do not provide your data?
we will not be able to respond to your inquiry or application

* depending on whichever is applicable in that case and whichever takes place sooner.

4. Browser settings and other similar activity allowing for marketing activities

What for?
direct marketing, which consists of displaying personalised advertisements (for more information on that topic read the "Profiling" and "Cookies" sections of the Privacy Policy)
On what basis?
our legitimate interest consisting in the processing of data for the purpose mentioned above (Article 6 (1) (f) of the GDPR)
For how long?
until you delete the cookies used for marketing purposes or until their validity expires*
What happens if you do not provide your data?
you will not receive suggestions of products or services which you may be interested in

* depending on whichever is applicable in that case and whichever takes place sooner.

5. Browser settings and other similar activity allowing for analytical activities

What for?
analysis of how you use and navigate the Website, to adapt it to the needs and behaviour of Users (for more information on that topic, read the "Analytical Activities" and "Cookies" sections of the Privacy Policy)
On what basis?
our legitimate interest consisting in the processing of data for the purposes mentioned above (Article 6 (1) (f) of the GDPR)
For how long?
until you delete the cookies used for analytical purposes or until their validity expires*
What happens if you do not provide your data?
we will not take your preferences regarding the use of the Website Website into consideration when developing it further

* depending on whichever is applicable in that case and whichever takes place sooner.

6. When you agree to receive marketing content from us (e.g. information on special offers)

What for?
sending of marketing information, especially special offers
On what basis?
Your consent to our marketing activities (Article 6 (1)(a) of the GPDR)
For how long
until you withdraw your consent – remember, you can withdraw your consent at any time. Data processing until you withdraw your consent is compliant with the law.
furthermore, your data will be processed until the expiry of the period during which redressing is possible – by you or us (more information on this subject can be found in the last table of this section)
What happens if you do not provide your data?
you will not be able to receive our marketing materials, including the information on our special offers

7. Taking action or refraining from taking action which may result in claims related to the Website or our services

What for?
determination, investigation or defence of claims related to the concluded contract or services provided
On what basis?
our legitimate interest consisting in the processing of data for the purpose indicated above (Article 6 (1) (f) of the GDPR)
For how long?
until the redress period expires or until we accept your objection to the processing *
What happens if you do not provide your data?
no possibility to determine, assert or defend claims

* depending on whichever is applicable in that case and whichever takes place sooner.

Profiling

As part of the Website, we conduct profiling activities – this takes place only if you allow it. Profiling is based on an automatic evaluation of what products or services you may be interested in, using information about the content displayed by you. Thanks to this, product or service advertisements displayed on the Website will be more suited to you and your needs.

The kind of profiling we carry out does not lead to making decisions which would have legal effects for you or would affect you in any similarly relevant way.

Analytical Activities

As part of the Website operations, we conduct analytical activities aimed at increasing its intuitiveness and accessibility – this takes place if your browser settings allow such activities. As part of the analysis, we will take the way you navigate the Website into consideration, for example, how much time you spend on a given webpage, or which places of the Website you click on. That way, we can customise the layout and appearance of the Website and the content we post on it to suit the needs of Users.

Data safety

While processing your personal data, we use organisational and technical measures which comply with the relevant provisions of law, including encrypting the connection with the use of an SSL certificate.

Cookies

Our Website, like most Internet websites, uses the so-called cookies. These cookies:

  • are stored in the memory of your device (computer, mobile phone, etc.); 
  • do not introduce any changes in the settings of your device.

On this Website, cookies are used for the following purposes:

  • remembering your session
  • collecting marketing data
  • making the functions of the Website available

To learn how to manage cookies and disable them in your browser, you can use your browser's help files. You can get more information about this topic by pressing F1 while using the browser. Additionally, you can find relevant information on the following subpages, depending on the browser you use:

Firefox

Chrome

Safari

Internet Explorer / Microsoft Edge

Below you will find information about the features of the cookie files we process and their period of validity.

cookie file name cookie validity period cookie file function
test_cookie
15 minutes
(marketing) cookie set by doubleclick.net to check if the user’s browser supports cookies.
_fbp
3 months
(marketing) used by Facebook to display ads on the Facebook platform or other websites using the Facebook ads services after a visit on the website.
fr
3 months
(marketing) Facebook sets this cookie to show users adequate ads, tracking their online activity on the websites that use the Facebook Pixel or Facebook Social Plugin.
_gcl_au
3 months
(analytical) delivered by Google Tag Manager for experimenting with the marketing efficiency across websites that use their services.
_ga
2 years
(analytical) _ga cookie is delivered by Google Analytics, it calculates the data about visitors, sessions and campaigns, follows the use of a website in order to create the website’s analytical report. It stores anonymous data and assigns a randomly generated ID number to distinguish unique users.
_gid
1 day
(analytical) set by Google Analytics the _gid cookie stores data about the way a visitor is using the website and generates an analytical report about the website’s efficiency. Some of the data stored includes the number of visitors, their source and websites they visit anonymously.
_gat_UA-97723904-1
1 minute
(analytical) Set by Google Analytics and Google Tag Manager to allow the website’s owner to track a visitor’s behavior and measure the website’s efficiency. The name of the cookie contains a unique ID number of an account or a site it refers to.
_gat_UA-25363949-8
1 minute
(analytical) A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow the website’s owner to track the visitor’s behavior and measure the website’s efficiency. The pattern element in the name of the cookie contains a unique ID number of an account or a site it refers to.
_hjFirstSeen
30 minutes
(analytical) Hotjar sets this cookie to identify user’s first session. Stores the true/false value, indicating if Hotjar sees this user for the first time.
_hjIncludedInSessionSample
2 minutesy
(analytical) Hotjar sets this cookie to know if a user is included in a data sample defined by the site’s daily session limit.
_hjAbsoluteSessionInProgress
30 minutes
(analytical) Hotjar sets this cookie to detect user’s first session. It is a True/False flag set by the cookie.
__hstc
1 year i 24 days
(analytical) This is the main cookie set by Hubspot to track visitors. It contains a domain, date and time of the first, last and current visit and session number (increments for each session).
hubspotutk
1 year i 24 days
(analytical) Hubspot sets this cookie to track visitors. It is passed to Hubspot when a form is submitted and used while deduplicating contacts.
__hssc
30 minutes
(functional) Hubspot sets this cookie to track sessions and determine if the session number and timestamps in the __hstc cookie should be increased.
__cf_bm
30 minutes
(functional) This cookie is set by Cloudflare. It is used to manage the use of Cloudflare bots.
__hssrc
session
(necessary) Set by Hubspot everytime it changes the session cookie. When the __hssrc cookie’s value is 1, it indicates that the user has restarted his browser, and when the cookie is not set, the session is considered new.
_dc_gtm_UA-25363949-8
1 minute
No description
_hjSessionUser_14719
1 year
(functional) This cookie is set by Hotjar when a user visits the site for the first time with a Hotjar script. It is used to persist the Hotjar user ID, unique to this site on the browser. It ensures that the visitors behaviour during next sessions will be associated with the same user ID.
_hjSession_14719
30 minutes
(functional) This cookie stores the current session data. It ensures that subsequent requests in the session window will be assigned to the same Hotjar session.

By using the appropriate options of your browser, you can, at any time:

  • delete cookies, 
  • block the use of cookies in the future.

In these cases we will no longer process them.

More information on cookies is available on Wikipedia.

External services / data recipients

We use the services of external entities which support us in running our business. We entrust them with the processing of your data – these entities process data only when instructed by us in writing.

Below, you will find a list of recipients of your data:

ACTIVITY DATA RECEIVERS DATA TRANSMISSION OUTSIDE THE EUROPEAN UNION
every activity related to the Website
hosting provider
does not take place
using the Website with settings allowing for conducting analytical activities
entity allowing for conducting analytical activities on the website
yes – the USA **
using paid services offered on the Website
accountancy office
does not take place
payment provider
does not take place
providers of communication systems that allow us to contact you
does not take place
using free services offered on the Website
providers of communication systems that allow us to contact you
does not take place
contacting us (e.g. asking a question)
providers of communication systems that allow us to contact you
does not take place

In addition:

competent public authorities within the scope in which we are obliged to make data available to them.

Transfer of personal data to countries outside the European Union

** For the above reasons, your personal data may also be processed by entities outside the European Union. An adequate level of protection of data processing, including through the use of appropriate security measures, is ensured by the standard data protection clauses adopted by the Commission, referred to in Article 46 (2) (c) of the GDPR.