privacy policy
Last updated: February 20, 2023
This Privacy Policy describes one:item policies and procedures on the collection, use and disclosure of your information when you use the service and tells you about your privacy rights and how the law protects you.
We use your personal data to provide and improve the Service. By using the service, you agree to the collection and use of information in accordance with this Privacy Policy.
General provisions
- This Privacy Policy sets out the principles of privacy protection (i.e. the rules for the collection, use, processing, and protection) of personal data of the users („Users”) of the online store available at the URL https://www.oneitem.eu/ (hereinafter referred to as the „Website”), owned by the company one:item sp. z o.o. with its registered office in Warsaw.
- The data controller of the personal data of Website users, within the meaning of art. 4 point 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/WE (General Data Protection Regulation – „GDPR”) is one:item sp. z o.o. with its registered office in Warsaw, address: ul. czardasza 18/11 street, 02-169 , Poland, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, XIV Commercial Division of the National Court Register, under KRS number 0000963067, holding VAT Number (NIP) 5223222094, e-mail address: contact@oneitem.eu, the owner of the Website, hereinafter referred to as the „Data Controller”.
- The Website users are its customers, i.e. persons using the services provided by the Data Controller via the Website, specified in the one:item Terms and Conditions („Terms and Conditions”). This Privacy Policy is an integral part of the Terms and Conditions.
Data colected
- The Data Controller collects Users’ personal data to the extent required to complete the orders made through the Website, complete registration at the Website or render other services specified in the Terms and Conditions.
- The scope of data collected includes: name and surname, e-mail address, phone number, bank account number, delivery address including: street, postal code, city, country. The scope of data processed depends on the type of service chosen by the User.
Purpose and legal basis of data processing
- The Data Controller collects, uses, and processes Users’ personal data only for the following purposes and on the following legal bases:
- for the purpose of registration and maintenance (including technical maintenance) of a User account on the Website pursuant to art. 6 par. 1(a) of GDPR – the data subject has given consent to the processing of their personal data, whereas the personal data shall be processed until the withdrawal of consent (including the case of deleting the User account);
- for the purpose of completing orders placed on the Website and carrying out a possible complaint procedure pursuant to art. 6 par. 1(b) of GDPR – the processing is necessary to perform the contract a party whereto is the data subject or to carry out actions, upon request of the data subject, before the conclusion of the contract, whereas the personal data shall be processed until necessary to complete the order and carry out the possible complaint procedure;
- for the purpose of enforcement of claims and defending against claims pursuant to art. 6 par. 1(f) of GDPR, i.e. processing is necessary for the purposes of the legitimate interest of the Data Controller, which is the defending of the Data Controller’s interests, whereas the personal data shall be processed until the end of the limitation period of the claims;
- for the purpose of complying with the legal obligations to which the Data Controller is subject pursuant to art. 6 par. 1(c) of GDPR in conjunction with art. 74 of the Accounting Act and other tax regulations, whereas the personal data shall be processed over the period of five calendar years counted from the end of the calendar year wherein the order had been placed;
- for the purpose of rendering, via e-mail, of the Newsletter service pursuant to art. 6 par. 1(a) of GDPR, i.e. the consent, in conjunction with art. 10 of the Act on Providing Services by Electronic Means and art. 172 of Telecommunications Act, whereas the personal data shall be processed until the withdrawal of consent.
- The Data Controller processes Users’ personal data only for the purposes indicated above.
- Users’ personal data will not be transferred to countries outside the European Economic Area (to countries other than European Union countries and Iceland, Norway, UK and Liechtenstein).
- The Data Controller shall not conduct processes that consist of automated decision-making, including profiling.
- Providing data is voluntary, but necessary in order for the Data Controller to render services through the Website.
User’s rights
- Users’ personal data is collected at the Data Controller’s registered office, i.e. at the following address: one:item, Warsaw, czardasza 18/11 street, 02-169, Poland.
- The User has the right to:
- access their personal data stored by the Data Controller;
- obtain the rectification of their personal data if the User suspects that the personal data stored by the Data Controller is out of date, incomplete or untrue;
- obtain the restriction of processing their personal data;
- obtain the erasure of their personal data;
- object to the processing of their personal data in cases specified in art. 21 of GDPR;
- obtain the transfer of their personal data to another data controller, if it is technically possible;
- withdraw the consent at any time if the personal data is processed on the basis of consent (without affecting the legality of the processing which was carried out on the basis of the consent before the withdrawal thereof).
- Execution of the rights referred to in section 4.2. above may be conducted by the User through submitting to the Data Controller the appropriate statement of will:
- by e-mail to the following address: contact@oneitem.eu
- in person at the Data Controller’s registered office in Warsaw, czardasza 18/11 street, 02-169, Poland
- The User is also entitled to file a complaint to the supervisory body for personal data protection, i.e. the President of the Office for Personal Data Protection (PUODO).
IP address
- The Data Controller reserves the right to collect the IP addresses visiting the Website, which may be helpful in diagnosing technical problems with the server, creating statistical analyses (e.g. determining from which regions the most visits are recorded).
- In addition, they can be useful when administering and improving the Website.
Access to the database by third parties
- Users’ personal data will not be made available by the Data Controller to other entities or third parties, except when:
- the User consents to this;
- it is necessary for the purpose of rendering services by the Data Controller through the Website. More information on the manner in which these entities use the Users’ personal data can be found in their privacy and cookies policies;
- it is necessary to detect and prevent fraud, as well as to resolve other problems related to fraud, security, and technical issues.
- it is required by applicable laws or legitimate requests of state institutions and judicial authorities.
- In addition, the Data Controller may make Users’ personal data available to entities that were authorized or entrusted by the Data Controller with the processing of personal data, i.e.:
- providers of legal and advisory services in the event of pursuing by the Data Controller of claims arising from its business activity;
- providers of technical and organizational services enabling the Data Controller to render services through the Website;
- employees and associates.
Security of personal data
- The Data Controller declares that it processes Users’ personal data in accordance with the requirements of GDPR, the Act of 10 May 2018 on the Protection of Personal Data (i.e. Journal of Laws of 2019, item 1781), and other applicable provisions on the protection of personal data that complement and/or implement GDPR, including primarily that the Data Controller applies technical and organizational measures to ensure data protection appropriate to the threats and categories of data protected, in particular, protects Users’ personal data against making them available to unauthorized persons, loss or damage.
Contact Us
If you have any questions about this Terms and Conditions, you can contact us:
- by email: hello@oneitem.eu