Privacy Policy
(in force from 12.08.2021)
This Privacy Policy applies to the website at www.rebelhorn.com (hereinafter referred to as the “Website”) run by “Powerbike” Spółka Akcyjna (joint-stock company) with their registered office in Dąbrowa /address: Batorowska 20, 62-070 Dopiewo/ entered into the register of entrepreneurs of the National Court Register by the District Court for Poznań-Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number: 0000398622, NIP (Tax Identification Number): 7811756729 and REGON (Polish Business Registry Number): 634638849 with share capital PLN 1,737,500.00 paid in full, contact e-mail address support@rebelhorn.com (hereinafter referred to as the “Administrator”).
Administrator
- The Administrator of personal data collected on the Website is “Powerbike” Spółka Akcyjna with their registered office in Dąbrowa /address: Batorowska 20, 62-070 Dopiewo/ entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Poznań-Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under KRS number: 0000398622, NIP (Tax Identification Number): 7811756729 and REGON (Polish Business Registry Number): 634638849 with share capital of PLN 1,737,500.00 paid in full.
- The Administrator attaches particular importance to respecting the privacy of both visitors to the Website and those with whom they correspond, as well as employees and persons representing their customers (hereinafter referred to as “Users”).
- Personal data collected via the Website is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing the Directive 95/46/EC (hereinafter referred to as “GDPR”).
- In matters relating to personal data, please contact the Administrator by e-mail at the following e-mail address: support@rebelhorn.com. All inquiries, complaints and requests regarding personal data processing and the rights of data subjects should be directed through the above-mentioned means of communication.
Purposes and grounds for personal data processing
- Users’ personal data will be used by the Administrator only for the following purposes:
a. ensuring the functioning of the online store run as part of the Website (“Online Store”), including for the purpose of sharing content posted in the Online Store as well as sales and after-sales service (Article 6 (1) (a) and (b) of the GDPR);
b. responding to inquiries submitted using the contact details available on the Website and further related correspondence, by e-mail or other forms of communication (Article 6 (1) (a) and (b) of the GDPR);
c. communication by exchanging electronic correspondence with the mail server on the Website (Article 6 (1) (a) and (b) of the GDPR);
d. communication by exchanging electronic correspondence using other communication platforms (Article 6 (1) (a) and (b) of the GDPR);
e. concluding and executing concluded agreements (Article 6 (1) (b) of the GDPR);
f. fulfilment of the Administrator’s obligations towards state institutions resulting from legal provisions, such as tax offices, Social Insurance Company, etc. (Article 6 (1) (c) of the GDPR);
g. the Administrator’s implementation of internal analytics and reporting for their own needs, related to the improvement of the Administrator’s and website’s operations (Article 6 (1) (f) of the GDPR);
h. direct marketing of the Administrator’s products or services (Article 6 (1) (f) of the GDPR);
i. asserting rights or protection against claims (Article 6 (1) (f) of the GDPR).
Categories of relevant personal data
- The Administrator may collect the following personal data:
a. from data subjects:
– full name;
– e-mail address;
– address of residence/registered office/delivery address;
– Tax Identification Number;
– company name;
– device IP address;
– analytical data such as purchase history or purchase preferences,
b. from employees and persons representing our customers/potential customers:
– full name;
– e-mail address;
– position/function performed at the customer’s;
– Customer data, their address details and identification numbers;
– device IP address,
– analytical data such as purchase history or purchase preferences of the Customer.
- For statistical purposes, the Administrator may also collect analytical data (including geolocation data) using tools such as Google Analytics, which, however, will not be assigned to a specific user.
- The Administrator may also collect and process other personal data if it is necessary to achieve their purposes.
- Providing the above-mentioned data is voluntary, but it may be necessary to achieve the above-mentioned purposes or to conclude an agreement. Failure to provide it may result in failure to conclude an agreement or failure to obtain information on submitted inquiries.
Source of personal data
- The source of personal data processed by the Administrator is:|
a. if the data is obtained directly from the data subject – the data subject;
b. in the case of processing data of persons representing customers/potential customers - the customer/potential customer or publicly available registers.
Recipients of personal data
- Recipients of Users’ personal data will be employees and persons cooperating with the Administrator. Personal data may be transferred to the necessary extent also to entities cooperating with the Administrator as part of the implementation of the above-mentioned purposes (such as courier companies, entities providing accounting services, personal pick-up points, IT service providers, hosting service providers, e-mail providers, etc.) and it may be transferred to third parties in connection with the Administrator’s implementation of their rights and obligations (tax offices, courts, bailiffs, etc.).
Period of personal data storage
- Users’ personal data will be stored for:
a. the period of cooperation between the User and the Administrator or
b. the period of cooperation between the Administrator and the entity represented by the User or
c. time necessary to achieve other purposes.
- Personal data will also be stored after the above-mentioned periods for the period required by applicable law or the period needed by the Administrator to protect or assert their rights.
Rights of data subjects whose personal data is processed by the Administrator
- Within the scope of his/her personal data processed by the Administrator, the User has the following rights:
1.1.Right to withdraw the consent granted (basis: Article 7 (3) of the GDPR):
|The User has the right to withdraw his/her consent (if it constitutes the basis for processing) at any time, as long as the data is processed on the basis of the consent granted. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of consent before its withdrawal. Withdrawal of consent takes effect from the moment the statement on withdrawal of consent is submitted.
It should be noted that withdrawal of consent granted to the processing of personal data may result in the Administrator’s inability to fulfil their obligations, which, in fact, may prevent the Administrator from acting on behalf of the User.
1.2. Right to access personal data (basis: Article 15 of the GDPR):
The User has the right to access the content of all his/her personal data along with the right to access information on such data, including the purposes of processing, categories of data processed, recipients or the period of processing. Upon the User’s request, the Administrator will provide a copy of the personal data subject to processing. If no other form of data transfer is indicated, it will be delivered electronically. The preparation and delivery of the first copy of the data is free of charge. For any subsequent cases, the Administrator may charge a reasonable fee resulting from administrative costs.
1.3. Right to request the rectification of personal data (basis: Article 16 of the GDPR):
The User has the right to rectify his/her data processed by the Administrator if it is incorrect. The User also has the right to supplement incomplete personal data (taking into account the purposes of processing), also by providing an additional statement.
1.4. Right to request the deletion of personal data (basis: Article 17 of the GDPR):
The User has the right to be forgotten, under which he/she may request the Administrator to delete his/her personal data and request the Administrator to inform other administrators to whom the data subject to removal has been made available, about the need to remove links to such data, its copies or replications. The above rights are subject to any of the following situations:
a. personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
b. the consent to the processing of personal data has been withdrawn, which is the only legal basis for data processing;
c. an objection has been raised for reasons related to the User’s particular situation with regard to the processing of personal data in the so-called legitimate interests pursued by the Administrator and there will be no overriding legitimate grounds for processing;
d. an objection to the processing of personal data has been raised as part of direct marketing;
e. personal data has been processed unlawfully;
f. deletion of data is necessary to fulfil the legal obligation provided for in the law of the European Union or the law of the Republic of Poland;
1.5. Right to request the restriction of the processing of personal data (basis: Article 18 of the GDPR):
The User has the right to request the restriction of the processing in the following cases:
a. in the event of questioning the correctness of personal data - for a period allowing the Administrator to check the correctness of such data;
b. when data processing is unlawful and the User objects to the deletion of personal data, requesting restriction of its use instead;
c. when the Administrator no longer needs personal data for processing purposes, but it is needed by the User to establish, assert or defend claims;
d. when the User has raised an objection pursuant to Article 21 (1) against processing - until it is determined whether the legitimate grounds on the part of the Administrator override the grounds of the User’s objection.
It should be noted that the request to limit the processing of personal data may result in the Administrator’s inability to fulfil their obligations, which may, in fact, prevent the Administrator from acting on behalf of the User.
1.6. Right to transfer personal data (basis: Article 20 of the GDPR):
The User has the right to transfer his/her personal data processed by the Administrator in an automated manner or based on consent or an agreement, under which the User may request:
a. to receive his/her personal data provided to the Administrator on the basis of consent or an agreement or in connection with the User’s request to take action before concluding the agreement, and data that the Administrator processes in an automated manner;
b. to receive the above-mentioned data without hindrance;
c. the Administrator to send the above-mentioned data to another administrator, if technically possible;
The above right entitles the User to receive the above-mentioned data in a structured, commonly used and machine-readable format.
1.7. Right to object to the processing of personal data (basis: Article 21 of the GDPR):
The User has the right to object to:
a. the Administrator’s processing of the User’s personal data for marketing purposes,
b. the Administrator’s processing of the User’s personal data for the purposes of the so-called legitimate interest pursued by the Administrator. The objection should result from reasons related to the User’s particular situation. The Administrator will not be allowed to process personal data, unless they demonstrate the existence of legally valid grounds for processing, overriding the User’s interests, rights and freedoms, or grounds for establishing, investigating or defending claims.
It should be noted that objecting to the processing of personal data may result in the Administrator’s inability to fulfil their obligations, which, in fact, may prevent the Administrator from acting on behalf of the User.
Right to lodge a complaint with the supervisory authority
- The User has the right to lodge a complaint with the President of the Personal Data Protection Office, if he/she considers that the processing of his/her personal data violates the provisions of the Regulation.
Data transfer to a third country
- The Administrator does not provide for the transfer of the User’s personal data to a third country. It is possible that personal data will be transferred to third countries by entities such as Facebook Ireland Limited or Google Ireland Limited, the tools of which may be used by the Administrator.
Automated decision making, profiling
- In some cases, the Administrator may use profiling for marketing purposes. However, this will never affect the conclusion or refusal to conclude a Sales Agreement or the possibility of using the services of the Online Store. The data subject always has the right not to be subject to a decision based solely on automated processing, including profiling.
Changes
- The Administrator reserves the right to change the current Privacy Policy by introducing appropriate modifications.