Privacy Policy

Privacy Policy

  • 1. Data Controller
  • The Data Controller, as defined by Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (GDPR), is Anetta Majchrzak, conducting business under the name PROGRESS Sports & Entertainment Anetta Majchrzak, located at ul. Malinowa 40, 97-330 Barkowice, NIP: 7711264518, REGON: 590573730.
  • Contact details of the Data Controller: Email address: sklep@football-mat.com
  • The Data Controller, in accordance with Article 32(1) of the GDPR, adheres to the principles of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data processed in connection with business activities.
  • Providing personal data by the client is voluntary but necessary for entering into an agreement with the Data Controller. 
  • The Data Controller processes personal data to the extent necessary for the execution of the agreement or the provision of services to the data subject.
  • 2. Purpose and Legal Basis for Processing Personal Data

The Data Controller processes personal data for the following purposes: 

  1. a) Preparing a commercial offer in response to client inquiries, which is a legitimate interest of the Data Controller (Article 6(1)(f) GDPR). 
  2. b) Entering into and executing sales agreements with clients based on the concluded contract (Article 6(1)(b) GDPR). 
  3. c) Providing electronic services via the Online Store based on the concluded contract (Article 6(1)(b) GDPR). 
  4. d) Handling complaints, based on the obligations imposed on the Data Controller by applicable laws (Article 6(1)(c) GDPR). 
  5. e) Accounting, related to issuing and receiving financial documents, based on tax law regulations (Article 6(1)(c) GDPR). 
  6. f) Archiving data for potential establishment, exercise, or defense of legal claims or for the need to demonstrate facts, which is a legitimate interest of the Data Controller (Article 6(1)(f) GDPR). 
  7. g) Contacting via phone or email, especially in response to inquiries directed to the Data Controller, which is a legitimate interest of the Data Controller (Article 6(1)(f) GDPR). 
  8. h) Sending technical information regarding the operation of the Online Store and the services used by the client, which is a legitimate interest of the Data Controller (Article 6(1)(f) GDPR). 
  9. i) Marketing, which is a legitimate interest of the Data Controller (Article 6(1)(f) GDPR) or is based on prior consent (Article 6(1)(a) GDPR).
  • 3. Data Recipients and Transfers to Third Countries
  • Recipients of personal data processed by the Data Controller may include entities cooperating with the Data Controller when necessary for the execution of the agreement with the data subject.
  • Recipients of personal data processed by the Data Controller may also include subcontractors—entities whose services the Data Controller uses for processing data, such as accounting firms, law firms, IT service providers (including hosting services).
  • The Data Controller may be required to disclose personal data based on applicable laws, particularly to authorized government bodies or institutions.
  • Personal data may be transferred outside the European Economic Area (EEA) in connection with the use of tools by the Data Controller for analyzing and tracking website traffic, e.g., to Google LLC. As an appropriate data protection measure, the Data Controller has agreed to standard contractual clauses under Article 46 GDPR with these service providers. More information is available here: European Commission Data Protection.
  • 4. Period of Storage of Personal Data
  • The Data Controller stores personal data for the duration of the contract with the data subject and after its expiration for purposes related to asserting claims under the contract, fulfilling obligations arising from applicable laws, but no longer than the statute of limitations as per the provisions of the Civil Code.
  • The Data Controller stores personal data contained in accounting documents for the period specified by the Act on Goods and Services Tax and the Accounting Act.
  • The Data Controller stores personal data processed for marketing purposes for a period of 10 years, but no longer than until the consent for data processing is withdrawn or an objection to data processing is made.
  • The Data Controller stores personal data for purposes other than those specified in points 1-3 for a period of one year, unless consent for data processing is withdrawn earlier, and the processing cannot continue on a basis other than the data subject’s consent.
  • 5. Rights of the Data Subject
  • Every data subject has the right to: 
  1. a) Access – obtain confirmation from the Data Controller as to whether personal data concerning them is being processed. If such data is being processed, they have the right to access it and obtain the following information: the purposes of processing, categories of personal data, information about recipients or categories of recipients to whom the data has been or will be disclosed, the period of data storage or the criteria for determining this period, the right to request rectification, erasure, or restriction of processing of personal data to the data subject, and to object to such processing (Article 15 GDPR). 
  2. b) Obtain a copy of the data – obtain a copy of the data being processed, with the first copy being free of charge, and for additional copies, the Data Controller may charge a reasonable fee based on administrative costs (Article 15(3) GDPR). 
  3. c) Rectification – request rectification of inaccurate personal data concerning them or completion of incomplete data (Article 16 GDPR). 
  4. d) Erasure – request the erasure of personal data if the Data Controller no longer has a legal basis for processing it or the data is no longer necessary for the purposes of processing (Article 17 GDPR). 
  5. e) Restriction of processing – request the restriction of personal data processing (Article 18 GDPR) when:
  • the data subject contests the accuracy of the personal data – for a period enabling the Data Controller to verify the accuracy of the data,
  • the processing is unlawful, and the data subject opposes the erasure of the data and requests the restriction of its use instead,
  • the Data Controller no longer needs the data, but they are required by the data subject to establish, exercise, or defend legal claims,
  • the data subject has objected to processing – pending verification of whether the legitimate grounds of the Data Controller override those of the data subject. 
  1. f) Data portability – receive in a structured, commonly used, and machine-readable format the personal data concerning them that they have provided to the Data Controller, and request that the Data Controller transmits this data to another controller, where technically feasible, provided the processing is based on consent or a contract and is carried out by automated means (Article 20 GDPR). 
  2. g) Object – object to the processing of their personal data on grounds relating to their particular situation, including profiling. The Data Controller will then assess whether there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. If the interests of the data subject outweigh those of the Data Controller, the Data Controller will be obliged to cease processing the data for those purposes (Article 21 GDPR).
  • To exercise these rights, the data subject should contact the Data Controller using the provided contact details and specify which right they wish to exercise and to what extent.
  • The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection in Warsaw.
  • 6. Profiling
  • Personal data obtained by the Data Controller may be processed automatically, including through profiling. Profiling of personal data by the Data Controller involves assessing selected information about the data subject for the purpose of analyzing and forecasting personal preferences and interests, particularly for the purpose of providing the data subject with personalized offers.
  • Automated processing of data by the Data Controller does not have any legal effects on the data subject. The data subject may object to the automated processing of their data at any time.
  • 7. Google Analytics
  • The Administrator uses Google Analytics, a web analytics service provided by Google Inc., based in the USA. 
  • Google Analytics uses cookies, which enable the analysis of how users utilize the website. The information generated by the cookie regarding the use of the website is transmitted to and stored on a Google server. On behalf of the Administrator, Google will use this information to analyze website usage, compile reports on website activity, and provide other services related to website and internet usage for the entity that commissioned it.
  • The data will not be used to identify any individual.
  • Users can prevent the storage of cookies by adjusting their browser settings; however, in this case, they may not be able to use the full functionality of the website. Additionally, users can prevent Google from collecting data generated by cookies and related to their use of the website (including their IP address) as well as the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
  • At any time, users can object to the collection and processing of data related to their use of the website by Google by downloading and installing the browser plugin available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en.