+48 5 3008 3000
Sklep

Privacy Policy

§1 General Information

  1. The administrator of personal data is S-Lion spółka z ograniczoną odpowiedzialnością, located in Wrocław, Tarnopolska 14/2, 54-616 Wrocław, NIP 8943242784 KRS 0001124407 REGON 529504225.
  2. Contact regarding data protection:
    • Email: info@s-lion.eu
    • Phone: +48 5 3008 3000.
  3. Personal data is processed in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the Polish Data Protection Act, and other applicable laws.

§2 Scope and Purpose of Data Processing

  1. Scope of processed personal data:
    • Name and surname,
    • Residential or delivery address,
    • Email address,
    • Phone number,
    • Invoice details (e.g., NIP for companies).
  2. Purpose of personal data processing:
    • Fulfillment of orders in the online store,
    • Handling complaints and returns,
    • Contacting the buyer regarding orders,
    • Compliance with legal obligations (e.g., issuing invoices),
    • Providing data to couriers for delivery purposes.

§3 Legal Basis for Processing

  1. The legal basis for personal data processing includes:
    • Art. 6(1)(b) GDPR – processing necessary for contract execution,
    • Art. 6(1)(c) GDPR – legal obligations (e.g., issuing invoices),
    • Art. 6(1)(f) GDPR – legitimate interests of the administrator (e.g., claims handling).

§4 Sharing Personal Data

  1. Personal data may be shared with:
    • Courier companies for delivery purposes,
    • Accounting service providers (e.g., Starlit Accounting Sp. z o.o.),
    • Platforms like ifirma.pl for issuing invoices.
  2. Data is not transferred outside the European Economic Area (EEA).

§5 Data Retention Period

  1. Personal data is retained for the following periods:
    • As long as necessary for order fulfillment and after-sales service,
    • As required by law (e.g., retaining invoices for 5 years),
    • Until consent is withdrawn (if processing is based on consent).
  2. Data of users who did not complete their orders is retained for up to 90 days from the last activity.
  3. Data of customers who made purchases is retained for the duration of the warranty period or 5 years after the order’s completion.
  4. After the retention period, personal data is permanently deleted or anonymized.

§6 Marketing and Consent

  1. Data may be used for marketing purposes only with the user’s consent.
  2. The user has the right to withdraw consent at any time.

§7 Rights of Data Subjects
Users (data subjects) have the following rights regarding the processing of their personal data:

  1. Right of access to data:
    • Users have the right to confirm whether their data is being processed and to access this data along with detailed information about processing purposes, data categories, and recipients.
  2. Right to rectify data:
    • Users have the right to request correction of inaccurate data or completion of incomplete data.
  3. Right to erasure of data (“right to be forgotten”):
    • Users have the right to request deletion of their personal data under conditions specified in Art. 17 GDPR, e.g., when the data is no longer necessary.
  4. Right to restrict processing:
    • Users have the right to request restriction of processing in certain situations, e.g., when contesting data accuracy.
  5. Right to data portability:
    • Users have the right to receive their data in a structured, commonly used, machine-readable format and transmit it to another controller.
  6. Right to object:
    • Users have the right to object to the processing of their personal data for marketing purposes or other legitimate interests of the controller.
  7. Right to withdraw consent:
    • Where data processing is based on consent, users can withdraw it at any time without affecting the lawfulness of prior processing.
  8. Right to lodge a complaint:
    • Users can lodge complaints with the Personal Data Protection Office (UODO) in case of a breach of data protection laws.

§8 Protection of Children’s Data

  1. The administrator takes special precautions when processing personal data of children under 16.
  2. Parental or legal guardian consent is required for processing children’s data based on consent.

§9 Security of Personal Data

  1. The administrator implements appropriate technical and organizational measures to ensure the security of personal data, such as:
    • Encryption of data transmitted between the user and the server,
    • Restricting data access to authorized personnel only,
    • Regular testing and auditing of IT security systems.
  2. In the event of a personal data breach posing a high risk to users’ rights or freedoms, the administrator will notify affected users and the supervisory authority within 72 hours of detection.

§10 Procedure for Submitting Data Requests

  1. Users may submit requests regarding their rights by email to info@s-lion.eu or by letter to the company’s registered address.
  2. Requests should include:
    • User’s name and surname,
    • Description of the request (e.g., correction, deletion of data),
    • Preferred contact method (email, phone, letter).
  3. The administrator will respond within 30 days of receiving the request. For complex cases, the response time may be extended by an additional 60 days, with prior notification.

§11 Cookies and Personal Data

Detailed information about cookies used is provided in the Cookies Policy.

If cookies used on the site allow identification of a user as a natural person, they are treated as personal data.

Users have the right to manage their cookie preferences via a banner on the site or their browser settings.