Privacy Policy of the MOONCE.SPACE Platform
TABLE OF CONTENTS:
1. GENERAL PROVISIONS
2. BASIS FOR PROCESSING DATA
3. PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING
4. DATA RECIPIENTS
5. PROFILING
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES AND ANALYTICS
8. FINAL PROVISIONS
1. GENERAL PROVISIONS
1.1. This privacy policy of the platform is informative in nature, which means that it is not a source of obligations for the Service Recipients or Customers of the Platform. The privacy policy primarily contains rules regarding the processing of personal data by the Administrator on the Platform, including the grounds, purposes, and duration of processing personal data as well as the rights of individuals whose data is processed, along with information regarding the use of Cookies and analytical tools on the Platform.
1.2. The administrator of personal data collected through the Platform is the company PRO START TECHNOLOGY sp. z o.o. – hereinafter referred to as the “Administrator,” which is also the Service Provider of the Internet Platform and the Seller.
1.3. Personal data on the Platform are processed by the Administrator in accordance with the applicable legal regulations, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR.” The official text of the GDPR can be found at: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4. Using the Platform, including making purchases, is voluntary. Similarly, providing personal data by the User or Customer using the Platform is voluntary, with two exceptions: (1) entering into agreements with the Administrator – failure to provide, in cases and to the extent specified on the Platform’s website and in the Platform’s Terms of Service and this privacy policy, the necessary personal data for the conclusion and performance of a Sales Agreement or an agreement for the provision of Electronic Services with the Administrator results in the inability to conclude such an agreement. Providing personal data is in such a case a contractual requirement, and if the person whose data it concerns wants to conclude a specific agreement with the Administrator, they are obliged to provide the required data. Each time, the scope of data required to conclude an agreement is indicated in advance on the Platform’s website and in the Platform’s Terms of Service; (2) the statutory obligations of the Administrator – providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing on the Administrator the obligation to process personal data (e.g., processing data for tax or accounting purposes), and failure to provide them will prevent the Administrator from performing these obligations.
1.5. The Administrator takes special care to protect the interests of individuals whose personal data it processes, and in particular is responsible and ensures that the data collected by it are: (1) processed lawfully; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) accurate and adequate in relation to the purposes for which they are processed; (4) kept in a form that permits identification of the individuals concerned for no longer than is necessary for the purposes of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
1.6. Taking into account the nature, scope, context, and purposes of processing as well as the risk of infringement of the rights or freedoms of individuals with varying likelihood and severity of the risk, the Administrator implements appropriate technical and organizational measures to ensure that the processing complies with this regulation and to be able to demonstrate this compliance. These measures are subject to review and updating as necessary. The Administrator applies technical measures to prevent unauthorized access to and modification of personal data transmitted electronically.
1.7. All words, phrases, and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Seller, Platform, Electronic Service, Internet Platform) should be understood according to their definitions available on the Platform’s pages accessible on the Platform.
2. BASES FOR DATA PROCESSING
2.1. The Administrator is authorized to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require protection of personal data, especially when the data subject is a child.
2.2. The processing of personal data by the Administrator requires the occurrence of at least one of the grounds specified in point 2.1 of the privacy policy. The specific grounds for processing the personal data of Platform Users and Customers by the Administrator are indicated in the subsequent point of the privacy policy – in relation to the specific purpose of processing personal data by the Administrator.
3. THE PURPOSE, BASIS, AND DURATION OF DATA PROCESSING ON THE PLATFORM
3.1. Each time the purpose, basis, duration, and recipients of personal data processed by the Administrator result from actions taken by the respective Service Recipient or Customer on the Platform or by the Administrator.
3.2. The Administrator may process personal data within the Internet Platform for the following purposes, on the bases, and within the periods indicated in the table below:
Purpose of data processing |
Legal basis for data processing |
Data retention period |
Execution of the Sales Agreement or agreement for the provision of Electronic Services or taking actions at the request of the data subject before concluding the above-mentioned agreements |
Article 6(1)(b) of the GDPR (Execution of a contract) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. |
The data is stored for the period necessary for the performance, termination, or expiry of the Sales Agreement or Electronic Services Agreement concluded in another manner. |
Direct marketing |
Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – involving safeguarding the interests and good reputation of the Controller, its Platform, and striving to sell Products. |
The data is stored for the period of the legitimate interest pursued by the Controller, but no longer than the statute of limitations for the Controller’s claims against the data subject arising from the Controller’s business activities. The statute of limitations is determined by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for Sales Agreements, two years). The Controller cannot process data for direct marketing purposes if an effective objection in this regard is expressed by the data subject. |
Marketing |
Article 6(1)(a) of the GDPR (consent) – the data subject has given consent to the processing of their personal data for marketing purposes by the Controller. |
The data is stored until the data subject withdraws their consent for further processing of their data for this purpose. |
Customer’s expression of opinion about the concluded Sales Agreement |
Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of their personal data for the purpose of expressing an opinion. |
The data is stored until the data subject withdraws their consent for further processing of their data for this purpose. |
Maintaining tax records |
Article 6(1)(c) of the GDPR in conjunction with Article 86 § 1 of the Tax Ordinance Act dated January 17, 2017 (Journal of Laws of 2017, item 201 as amended) – processing is necessary for compliance with a legal obligation to which the Controller is subject. |
The data is stored for the period required by the laws obliging the Controller to retain tax records (until the expiry of the limitation period for the tax liability, unless tax laws provide otherwise). |
Establishing, investigating, or defending claims that the Controller may raise or that may be raised against the Controller. |
Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting of establishing, investigating, or defending claims that the Controller may raise or that may be raised against the Controller. |
The data is stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims that may be raised against the Controller (the basic limitation period for claims against the Controller is six years). |
Using the Platform’s website and ensuring its proper functioning. |
Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting of operating and maintaining the Platform’s website. |
The data is stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims of the Controller against the data subject arising from the Controller’s business activity. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to business activity is three years, and for Sales Agreements, two years). |
Conducting statistics and analyzing traffic on the Platform. |
Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting of conducting statistics and analyzing traffic on the Platform to improve its functioning and increase the sales of Products. |
The data is stored for the period of existence of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims of the Controller against the data subject arising from the Controller’s business activity. The limitation period is determined by law, particularly the Civil Code (the basic limitation period for claims related to business activity is three years, and for Sales Agreements, two years). |
4. RECIPMENTS OF DATA ON THE INTERNET PLATFORM.
4.1. For the proper functioning of the Platform, including the execution of concluded Sales Agreements, it is necessary for the Controller to use the services of external entities (such as software providers, web3 wallets, or payment processors). The Controller exclusively utilizes services of such processing entities that provide sufficient guarantees of implementing appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR and protects the rights of the individuals whose data is processed.
4.2. Personal data may be transferred by the Controller to a third country, provided that the Controller ensures that such transfer will take place to a country providing an adequate level of protection – in accordance with the GDPR. In the case of other countries, the transfer will be carried out based on standard data protection clauses. The Controller ensures that the data subject has the possibility to obtain a copy of their data. The Controller transfers the collected personal data only when necessary and to the extent required to achieve the specific purpose of data processing in accordance with this privacy policy.
4.3. The Controller does not transfer data in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Controller transfers data only when necessary to achieve the specific purpose of personal data processing and only to the extent necessary for its implementation.
4.4. Personal data of Service Recipients and Platform Customers may be transferred to the following recipients or categories of recipients:
4.4.1. Entities handling electronic payments or credit/debit card payments – in the case of a Customer using electronic payment methods or a payment card on the Platform, the Controller provides the collected personal data of the Customer to the selected entity handling such payments on the Platform, upon the Controller’s instruction, to the extent necessary to process the payment made by the Customer.
4.4.2. Providers supplying the Controller with technical, IT, and organizational solutions enabling the Controller to conduct business activities, including the Platform and Electronic Services provided through it (especially software providers for the operation of the Platform, email and hosting service providers, as well as software providers for business management and technical support to the Controller) – the Controller provides the collected personal data of the Customer to the selected provider acting on its behalf only when necessary and to the extent required to achieve the specific purpose of data processing in accordance with this privacy policy.
4.4.3. Providers of accounting, legal, and advisory services providing support to the Controller in accounting, legal, or advisory matters (especially accounting firms, law firms, or debt collection companies) – the Controller provides the collected personal data of the Customer to the selected provider acting on its behalf only when necessary and to the extent required to achieve the specific purpose of data processing in accordance with this privacy policy.
4.4.4. Providers of social media plugins, scripts, and other similar tools placed on the Platform’s website enabling the visitor’s browser to download content from providers of such plugins (e.g., logging in using social media credentials) and for this purpose transmitting the visitor’s personal data to these providers, including:
4.4.4.1. Alphabet Inc. – The Controller uses social media plugins from the YouTube service on the Platform’s website and therefore collects and shares the personal data of Service Recipients using the Platform’s website with Alphabet Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, United States of America) to the extent and in accordance with the privacy principles available here: [YouTube Privacy Settings](https://www.youtube.com/intl/ALL_pl/howyoutubeworks/user-settings/privacy/) (this data includes information about activities on the Platform’s website – including information about the device, visited websites, purchases, displayed ads, and how the services are used – regardless of whether the Service Recipient has a YouTube account and whether they are logged into YouTube).
4.4.5.2. Meta Platforms Ireland Ltd. – The Controller utilizes social media plugins from the Facebook service (e.g., Like button, Share button, or logging in using Facebook credentials) as well as Instagram on the Platform, and as a result, collects and shares the personal data of the Service Recipient using the Platform’s website with Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy policies available – for Facebook – here: [Facebook Privacy Policy](https://www.facebook.com/about/privacy/) and – for Instagram – here: [Instagram Privacy Policy](https://help.instagram.com/519522125107875/?helpref=hc_fnav) (this data includes information about activities on the Platform’s website – including details about the device, visited websites, purchases, displayed ads, and usage patterns – regardless of whether the Service Recipient has an account on Facebook or Instagram and whether they are logged into Facebook or Instagram).
4.4.5.3. TikTok Technology Limited – The Controller uses social media plugins from the TikTok service on the Platform’s website, and consequently, collects and shares the personal data of the Service Recipient using the Platform’s website with TikTok Technology Limited (10 Earlsfort Terrace, Dublin, D02 T380, Ireland) to the extent and in accordance with the privacy policies available here: [TikTok Privacy Policy](https://www.tiktok.com/legal/privacy-policy?lang=pl) (this data includes information about activities on the Platform’s website – including details about the device, visited websites, purchases, displayed ads, and usage patterns – regardless of whether the Service Recipient has an account on TikTok and whether they are logged into TikTok).
4.4.5.4. Twitter International Unlimited Company – The Controller utilizes social media plugins from the Twitter service on the Platform’s website (e.g., sharing content from the Platform on their Twitter profile), and consequently, collects and shares the personal data of the Service Recipient using the Platform’s website with Twitter International Unlimited Company (One Cumberland Place, Fenian Street Dublin 2, D02 AX07, Ireland) to the extent and in accordance with the privacy policies available here: [Twitter Privacy Policy](https://twitter.com/privacy).
5. PROFILING ON THE PLATFORM
5.1. The GDPR imposes an obligation on the Controller to inform about automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and – at least in those cases – provide relevant information about the rules for such decision-making, as well as the significance and expected consequences of such processing for the data subject. Bearing this in mind, the Controller provides information regarding possible profiling in this section of the privacy policy.
5.2. The Controller may use profiling on the Platform for the purposes of direct marketing, but the decisions made by the Controller based on it do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services on the Platform. The result of using profiling on the Platform may include, for example, granting a discount to a specific individual, sending them a discount code, reminding them about unfinished purchases, sending proposals for Products that may correspond to the interests or preferences of the individual, or offering better conditions compared to the standard Platform offer. Despite profiling, the individual freely decides whether they want to take advantage of the discount received in this way or better conditions and make a purchase on the Platform.
5.3. Profiling on the Platform involves automatic analysis or prediction of an individual’s behavior on the Platform, such as adding a specific Product to the cart, browsing a specific Product page on the Platform, or analyzing the individual’s past purchase history on the Platform. The condition for such profiling is the Controller’s possession of the individual’s personal data, in order to subsequently send them, for example, a discount code.
5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
6. RIGHTS OF THE DATA SUBJECT
6.1. Right of access, rectification, restriction, erasure, or portability – the data subject has the right to request from the Controller access to their personal data, their rectification, erasure (“right to be forgotten”), or restriction of processing, and has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the aforementioned rights are specified in Articles 15-21 of the GDPR.
6.2. Right to withdraw consent at any time – the data subject, whose data is processed by the Controller based on the consent provided (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR), has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
6.3. Right to lodge a complaint with a supervisory authority – the data subject, whose data is processed by the Controller, has the right to lodge a complaint with the supervisory authority in the manner and under the procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
6.4. Right to object – the data subject has the right to object, at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or official authority) or (f) (legitimate interests pursued by the Controller), including profiling based on these provisions. In such cases, the Controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
6.5. Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling to the extent that it is related to such direct marketing.
6.6. In order to exercise the rights referred to in this section of the privacy policy, you can contact the Controller by sending a relevant message in writing or by email to the Controller’s address provided at the beginning of the privacy policy, or by using the contact form available on the Platform.
7. COOKIES ON THE PLATFORM AND ANALYTICS
7.1. Cookies (ciasteczka) are small text information files sent by a server and stored on the visitor’s side of the Platform (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on the device used by the visitor to access our Platform). Detailed information about cookies, as well as their history, can be found, among other places, here: https://pl.wikipedia.org/wiki/HTTP_cookie.
7.2. Cookies sent by the Platform’s website can be divided into different types according to the following criteria:
Due to their provider:
|
Due to their storage period on the device of the Platform visitor:
|
Due to the purpose of their application:
|
7.3. The Administrator may process data contained in cookies when visitors use the Platform’s website for the following specific purposes:
The purposes of using Cookies on the Administrator’s Platform |
Identification of Users as logged in to the Platform and showing that they are logged in (essential Cookies) |
Remembering Products added to the cart in order to place an Order (essential Cookies) |
|
Remembering data from filled Order Forms, surveys, or login data for the Platform (essential and/or functional/preference Cookies) |
|
Customizing the content of the Platform’s pages to the individual preferences of the Service Recipient (e.g., regarding colors, font size, page layout), as well as optimizing the use of the Platform’s pages (functional/preference Cookies) |
|
conducting anonymous statistics depicting the usage patterns of the Platform’s website (analytical and performance Cookies) |
|
Displaying and rendering ads, limiting the number of ad views, and ignoring ads that the Service Recipient does not wish to see, measuring the effectiveness of ads, as well as personalizing ads, which involves analyzing the behavior characteristics of visitors to the Platform through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) to create their profile and deliver ads tailored to their anticipated interests, even when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook, i.e., Meta Platforms Ireland Ltd. (marketing, advertising, and social media Cookies) |
7.4. Checking in the most popular internet browsers which cookies (including their expiration period and provider) are currently being sent by the Platform’s website can be done as follows:
In the Chrome browser: |
In the Firefox browser: |
In the Internet Explorer browser: |
In the Opera browser: |
In the Safari browser: |
Regardless of the browser, using tools available, for example, on the website: https://www.cookiemetrix.com/ lub: https://www.cookie-checker.com/ |
7.5. Most internet browsers available on the market typically accept the storage of Cookies by default. Everyone has the possibility to determine the conditions of using Cookies through the settings of their own internet browser. This means that you can, for example, partially limit (e.g., temporarily) or completely disable the ability to store Cookies – however, in the latter case, it may affect some functionalities of the Platform (for example, it may not be possible to proceed with the Order process through the Order Form due to not remembering Products in the cart during subsequent steps of placing the Order).
7.6. Internet browser settings regarding Cookies are important in terms of consenting to the use of Cookies by our Platform – according to regulations, such consent can also be expressed through internet browser settings. Detailed information on changing settings related to Cookies and deleting them independently in the most popular internet browsers is available in the browser’s help section and on the following pages (simply click on the respective link):
in the Internet Explorer browser
7.7. The Administrator may use the following services on the Platform:
7.7.1. Google Analytics and Universal Analytics provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services help the Controller to compile statistics and analyze traffic on the Platform. The collected data processed within these services are used to generate statistics useful for administering the Platform and analyzing traffic on the Platform. This data is aggregated in nature. By using these services on the Platform, the Controller collects data such as the sources and mediums of the individuals visiting the Platform, their behavior on the Platform’s website, information about the devices and browsers they use to visit the site, IP addresses and domains, geographic data, as well as demographic data (age, gender), and interests.
7.7.1.1. It is possible for an individual to easily block the sharing of their activity on the Platform’s website to Google Analytics. To do this, they can, for example, install a browser add-on provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=pl.
7.7.1.2. Due to the possibility of the Controller using advertising and analytical services provided by Google Ireland Ltd. on the Platform, the Controller specifies that the full information about the processing of data of individuals visiting the Platform (including information stored in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services available at the following internet address: https://policies.google.com/technologies/partner-sites.
7.7.2. The Meta Pixel provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This service helps the Controller measure the effectiveness of advertisements and learn about the actions taken by visitors on the Platform, as well as display tailored ads to these individuals.
7.7.2.1. Management of Meta Pixel’s operation is possible through the advertising settings in your account on the Facebook.com portal: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
7.7.2.2. Due to the possibility of the Controller using advertising and analytical services provided by Meta Platforms Ireland Limited on the Platform, the Controller specifies that the full information about the processing of data of individuals visiting the Platform (including information stored in cookies) by Meta Platforms Ireland Limited can be found in the privacy policy of Meta services available at the following internet address: [link to the privacy policy of Meta services]. https://www.facebook.com/privacy/policy/?entry_point=facebook_help_center_ig_data_policy_redirect
8. FINAL PROVISIONS
8.1.The Platform may contain links to other websites. The Controller encourages users to review the privacy policy established on those other websites after navigating to them. This privacy policy applies only to the Controller’s Platform.