Privacy policy

1. GENERAL PROVISIONS

1.1. This privacy policy of the Online Store is for informational purposes only, which means that it does not impose any obligations on the Service Users or Customers of the Online Store. The privacy policy primarily contains rules regarding the processing of personal data by the Administrator in the Online Store, including the basis, purposes, and period of personal data processing, as well as the rights of data subjects and information on the use of cookies and analytical tools in the Online Store.

1.2. The administrator of personal data collected through the Online Store is 1240.DESIGN SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw (address of the registered office: Al. Wyścigowa 14a/204, 02-681 Warsaw, and address for service: ul. Kolneńska 4, 02-242 Warsaw); entered in the Register of Entrepreneurs of the National Court Register under KRS number 0000937609; the registry court where the company's documentation is stored: District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register; share capital: PLN 5,000; NIP (Tax Identification Number): 5213948702; REGON (National Business Registry Number): 520643860; e-mail address: contact@1240.design, contact telephone number: +48 723 284 777 – hereinafter referred to as the "Administrator" and also being the Online Store Service Provider and Seller.

1.3. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as "GDPR" or "GDPR Regulation". Official text of the GDPR: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679

1.4. The use of the Online Store, including making purchases, is voluntary. Similarly, the provision of personal data by the Service Recipient or Customer using the Online Store is voluntary, with two exceptions: (1) concluding contracts with the Administrator – failure to provide, in the cases and to the extent indicated on the Online Store website and in the Online Store Regulations and this privacy policy, the personal data necessary to conclude and perform a Sales Contract or a contract for the provision of Electronic Services with the Administrator results in the inability to conclude such a contract. In such a case, the provision of personal data is a contractual requirement and if the data subject wishes to conclude a given agreement with the Administrator, they are obliged to provide the required data. Each time, the scope of data required to conclude an agreement is indicated in advance on the Online Store website and in the Online Store Regulations; (2) the Administrator's statutory obligations – the provision of personal data is a statutory requirement resulting from generally applicable laws imposing on the Administrator the obligation to process personal data (e.g., processing data for the purpose of keeping tax or accounting records), and failure to provide such data will prevent the Administrator from performing these obligations.

1.5. The Administrator takes special care to protect the interests of the persons whose personal data it processes, and in particular is responsible for and ensures that the data it collects is: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity of the rights and freedoms of natural persons, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the GDPR and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Administrator shall use technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.

1.7. All words, expressions, and acronyms appearing in this privacy policy and beginning with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Online Store Regulations available on the Online Store's website.

2. BASIS FOR DATA PROCESSING

2.1. The controller is authorized to process personal data in cases where, and to the extent that, at least one of the following conditions is met: (1) the data subject has given consent to the processing of his or her personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2. The processing of personal data by the Administrator requires at least one of the grounds specified in section 2.1 of the privacy policy to be present in each case. The specific grounds for the processing of personal data of Service Users and Customers of the Online Store by the Administrator are indicated in the next section of the privacy policy – in relation to the specific purpose of the processing of personal data by the Administrator.

3. PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE

3.1. Each time, the purpose, basis, period, and recipients of personal data processed by the Administrator result from actions taken by a given Service Recipient or Customer in the Online Store or by the Administrator. For example, if a Customer decides to make purchases in the Online Store and chooses to collect the purchased Product in person instead of having it delivered by courier, their personal data will be processed for the purpose of performing the concluded Sales Agreement, but will not be made available to the carrier delivering the shipment on behalf of the Administrator.

3.2. The Administrator may process personal data within the Online Store for the following purposes, on the grounds and for the periods indicated in the table below:

Purpose of data processing

Legal basis for data processing

Data retention period

Performance of a Sales Agreement or an agreement for the provision of Electronic Services, or taking action at the request of the data subject prior to the conclusion of the aforementioned agreements.

Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

The data is stored for the period necessary to perform, terminate, or otherwise expire the concluded Sales Agreement or agreement for the provision of Electronic Services.

Sending commercial information, including direct marketing, using telecommunications terminal equipment (e.g., email, telephone) or automatic calling systems

Article 6(1)(f) of the GDPR (legitimate interests pursued by the controller) – processing is necessary for the purposes of the legitimate interests pursued by the controller, which include direct marketing – consisting in caring for the interests and good image of the controller, its online store, and striving to sell products – for example, in connection with the prior consent of the data subject (e.g., when subscribing to the newsletter), to send commercial information using telecommunications terminal equipment, such as e-mail or telephone, depending on the scope of the consent given

The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for the Administrator's claims against the data subject in relation to the Administrator's business activities. The limitation period is specified by law, in particular the Polish Civil Code (the basic limitation period for claims related to business activities is three years, and for Sales Agreements two years).

The Administrator may not process data for direct marketing purposes if the data subject has effectively objected to this.

Additionally, if the basis for processing is consent, the data is stored until the data subject withdraws their consent to further processing of their data for the purpose specified in the consent, but without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.

The Customer's opinion on the concluded Sales Agreement

Article 6(1)(a) of the GDPR – the data subject has given consent to the processing of his or her personal data for the purpose of expressing an opinion

The data is stored until the data subject withdraws their consent to further processing of their data for this purpose.

Bookkeeping

Article 6(1)(c) of the GDPR in conjunction with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395, as amended) – processing is necessary for compliance with a legal obligation to which the Controller is subject.

The data is stored for the period required by law, which requires the Administrator to store accounting records (5 years from the beginning of the year following the financial year to which the data relates).

Determining, investigating, or defending claims that may be raised by the Administrator or that may be raised against the Administrator

Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the controller – consisting in establishing, exercising, or defending claims that the controller may raise or that may be raised against the controller.

The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims that may be brought against the Administrator (the basic limitation period for claims against the Administrator is six years).

Using the Online Store website and ensuring its proper functioning

Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting in the operation and maintenance of the Online Store website.

The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for the Administrator's claims against the data subject in connection with the Administrator's business activities. The limitation period is specified by law, in particular the Polish Civil Code (the basic limitation period for claims related to business activities is three years, and for Sales Agreements two years).

Keeping statistics and analyzing traffic in the Online Store

Article 6(1)(f) of the GDPR (legitimate interests of the controller) – processing is necessary for the purposes of the legitimate interests pursued by the Controller – consisting in maintaining statistics and analyzing traffic in the Online Store in order to improve the functioning of the Online Store and increase sales of Products.

4. DATA RECIPIENTS IN THE ONLINE STORE

4.1. For the proper functioning of the Online Store, including the performance of Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as a software provider, courier, or payment processor). The Administrator uses only the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing meets the requirements of the GDPR and protects the rights of data subjects.

4.2. Personal data may be transferred by the Administrator to a third country, but the Administrator ensures that in such a case it will be done in relation to a country that provides an adequate level of protection - in accordance with the GDPR, and in the case of other countries, that the transfer will be based on standard data protection clauses. The Administrator ensures that the data subject has the possibility to obtain a copy of their data. The Administrator transfers the collected personal data only in the case and to the extent necessary to achieve the purpose of data processing in accordance with this privacy policy.

4.3. The transfer of data by the Administrator does not take place in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator transfers data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it. For example, if the Customer uses personal collection, their data will not be transferred to the carrier cooperating with the Administrator.

4.4. The personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:

4.4.1. carriers / forwarders / courier brokers / entities handling the warehouse and/or shipping process – in the case of a Customer who uses the Online Store to have the Product delivered by postal or courier service, the Administrator shall disclose the collected personal data of the Customer to the selected carrier, forwarder, or intermediary performing shipments on behalf of the Administrator, and if the shipment is made from an external warehouse – to the entity handling the warehouse and/or shipping process – to the extent necessary to deliver the Product to the Customer.

4.4.2. entities handling electronic or card payments – in the case of a Customer who uses electronic or card payment methods in the Online Store, the Administrator shall make the collected personal data of the Customer available to the selected entity handling the above payments in the Online Store on behalf of the Administrator to the extent necessary to process the payment made by the Customer.

4.4.3. credit providers/lessors – in the case of a Customer who uses the installment payment method or lease payment in the Online Store, the Administrator shall make the collected personal data of the Customer available to the selected credit provider or lessor handling the above payments in the Online Store at the request of the Administrator to the extent necessary to process the payment made by the Customer.

4.4.4. survey system providers – in the case of a Customer who has agreed to express their opinion on the concluded Sales Agreement, the Administrator shall make the collected personal data of the Customer available to the selected entity providing the survey system for Sales Agreements concluded in the Online Store at the request of the Administrator to the extent necessary for the Customer to express their opinion using the survey system.

4.4.5. service providers supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business activity, including the Online Store and the Electronic Services provided through it (in particular, suppliers of computer software for running the Online Store, e-mail and hosting providers, and providers of software for company management and technical support to the Administrator) – the Administrator makes the collected personal data of the Customer available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

4.4.6. accounting, legal, and consulting service providers providing the Administrator with accounting, legal, or consulting support (in particular, an accounting office, law firm, or debt collection company) – The Administrator shall make the collected personal data of the Customer available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve the specific purpose of data processing in accordance with this privacy policy.

5. PROFILING IN THE ONLINE STORE

5.1. The GDPR imposes on the Controller the obligation to provide information about automated decision-making, including profiling referred to in Article 22(1) and (4) of the GDPR, and – at least in those cases – relevant information about the rules for making such decisions, as well as the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides information on possible profiling in this section of the privacy policy.

5.2. The Administrator may use profiling in the Online Store for direct marketing purposes, but the decisions made by the Administrator on this basis do not concern the conclusion or refusal to conclude a Sales Agreement or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, granting a discount to a given person, sending them a discount code, reminding them about unfinished purchases, sending a proposal for a Product that may correspond to the interests or preferences of a given person, or offering better conditions compared to the standard offer of the Online Store. Despite profiling, the person is free to decide whether they want to take advantage of the discount or better terms and conditions received in this way and make a purchase in the Online Store.

5.3. Profiling in the Online Store consists of the automatic analysis or prediction of a person's behavior on the Online Store website, e.g., by adding a specific Product to the shopping cart, viewing the page of a specific Product in the Online Store, or by analyzing the history of previous purchases made in the Online Store. The condition for such profiling is that the Administrator has the personal data of a given person in order to be able to send them, for example, a discount code.

5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

6. RIGHTS OF THE DATA SUBJECT

6.1. Right of access, rectification, restriction, erasure, or portability – the data subject has the right to request from the Controller access to their personal data, rectification, erasure ("right to be forgotten") or restriction of processing, and has the right to object to processing, as well as the right to transfer their data. The detailed conditions for exercising the above rights are set out in Articles 15-21 of the GDPR.

6.2. Right to withdraw consent at any time – a person whose data is processed by the Controller on the basis of consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.

6.3. Right to lodge a complaint with a supervisory authority – a person whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.

6.4. Right to object – the data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or public tasks) or (f) (legitimate interest of the controller), including profiling based on these provisions. In such a case, the controller may no longer process such personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or grounds for the establishment, exercise, or defense of legal claims.

6.5. Right to object to direct marketing – if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.

6.6. In order to exercise the rights referred to in this section of the privacy policy, you can contact the Administrator by sending a relevant message in writing or by e-mail to the Administrator's address indicated at the beginning of the privacy policy or by using the contact form available on the Online Store website.

7. COOKIES IN THE ONLINE STORE AND ANALYTICS

7.1. Cookies are small pieces of text information in the form of text files sent by the server and stored on the side of the person visiting the Online Store (e.g., on the hard drive of a computer, laptop, or smartphone memory card, depending on the device used by the visitor to our Online Store). Detailed information about cookies and their history can be found, among others, here: https://en.wikipedia.org/wiki/HTTP_cookie.

7.2. Cookies that may be sent by the Online Store website can be divided into different types according to the following criteria:

Due to their supplier

1) own (created by the Administrator's Online Store website) and

2) belonging to third parties (other than the Administrator)

Due to their storage period on the device of visitors to the Online Store website

1) session cookies (stored until you log out of the Online Store or close your web browser) and

2) persistent cookies (stored for a specified period of time, defined by the parameters of each file, or until manually deleted).

Due to the purpose of their use

1) necessary (enabling the proper functioning of the Online Store website),

2) functional/preferential (enabling the adaptation of the Online Store website to the preferences of the person visiting the website),

3) analytical and performance (collecting information about how the Online Store website is used),

4) marketing, advertising, and social media (collecting information about the visitor to the Online Store website in order to display advertisements to that person, personalize them, measure their effectiveness, and conduct other marketing activities, including on websites separate from the Online Store website, such as social media portals or other websites belonging to the same advertising networks as the Online Store)

7.3. The Administrator may process data contained in Cookies when visitors use the Online Store website for the following specific purposes:

Purposes of using cookies in the Administrator's Online Store

identifying Service Users as logged in to the Online Store and showing that they are logged in (necessary cookies)
remembering Products added to the basket in order to place an Order (necessary cookies) remembering data from completed Order Forms, surveys, or login details for the Online Store (necessary and/or functional/preference cookies)
ustomizing the content of the Online Store website to the individual preferences of the Service Recipient (e.g., regarding colors, font size, page layout) and optimizing the use of the Online Store website (functional/preference cookies)
keeping anonymous statistics showing how the Online Store website is used (analytical and performance cookies)
displaying and rendering advertisements, limiting the number of ad views and ignoring ads that the Service User does not want to see, measuring the effectiveness of ads, as well as personalizing ads, i.e., studying the behavior of visitors to the Online Store through anonymous analysis of their activities (e.g., repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, including when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook, i.e. Meta Platforms Ireland Ltd. (marketing, advertising, and social media cookies)

7.4. You can check which cookies (including their duration and provider) are currently being sent by the Online Store website in the most popular web browsers as follows:

In the Chrome browser

(1) In the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab.

In the Firefox browser

(1) In the address bar, click on the shield icon on the left, (2) go to the "Allowed" or "Blocked" tab, (3) click on the "Cross-site tracking cookies," "Social media tracking elements," or "Content with tracking elements" field.

In Internet Explorer

(1) click on the "Tools" menu, (2) go to the "Internet Options" tab, (3) go to the "General" tab, (4) go to the "Settings" tab, (5) click on the "Display files" field.

In the Opera browser

(1) In the address bar, click on the padlock icon on the left, (2) go to the "Cookies" tab.

In the Safari browser

(1) click on the "Preferences" menu, (2) go to the "Privacy" tab, (3) click on the "Manage website data" field.

Regardless of the browser, using the tools available, for example, on the website

https://www.cookiemetrix.com/ or https://www.cookie-checker.com/

7.5. By default, most web browsers available on the market accept cookies by default. Everyone has the option to specify the conditions for using cookies using their own web browser settings. This means that you can, for example, partially restrict (e.g., temporarily) or completely disable the ability to save cookies—in the latter case, however, this may affect some of the functionality of the Online Store (for example, it may not be possible to complete the Order process via the Order Form because the Products in the basket are not remembered during the subsequent steps of placing the Order).

7.6. Your web browser settings regarding cookies are important in terms of consenting to the use of cookies by our Online Store – in accordance with the regulations, such consent may also be expressed through your web browser settings. Detailed information on changing cookie settings and deleting cookies yourself in the most popular web browsers is available in the help section of your web browser.

7.7. The Administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) in the Online Store. These services help the Administrator to compile statistics and analyze traffic in the Online Store. The collected data is processed as part of the above services to generate statistics helpful in administering the Online Store and analyzing traffic in the Online Store. This data is aggregate in nature. Using the above services in the Online Store, the Administrator collects data such as the sources and medium of acquisition of visitors to the Online Store and their behavior on the Online Store website, information about the devices and browsers they use to visit the website, IP and domain, geographic data, demographic data (age, gender), and interests.

7.8. It is possible for a person to easily block the sharing of information about their activity on the Online Store website with Google Analytics – for this purpose, for example, you can install a browser add-on provided by Google Ireland Ltd. available here: https://tools.google.com/dlpage/gaoptout?hl=pl.

7.9. In connection with the Administrator's use of advertising and analytical services provided by Google Ireland Ltd. in the Online Store, the Administrator indicates that full information on the rules for processing data of visitors to the Online Store (including information stored in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services available at: https://policies.google.com/technologies/partner-sites.

7.10 The Administrator may use the Meta Pixel service provided by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) in the Online Store. This service helps the Administrator measure the effectiveness of advertisements and find out what actions visitors to the Online Store take, as well as display tailored advertisements to those persons. Detailed information about how Meta Pixel works can be found at the following web address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

7.11. You can manage the operation of Meta Pixel through the ad settings in your Facebook.com account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Administrator urges you to read the privacy policies of those websites after clicking on the links. This privacy policy applies only to the Administrator's Online Store.

Cookie name	Provider	Purpose	Expiry
cookiesplus	http://new.1240.design	Remembers cookie preferences.	1 year
PrestaShop-#	http://new.1240.design	This cookie helps keep user sessions open while visiting the website and assists them with placing orders and many other operations, such as: cookie addition date, selected language, used currency, last visited product category, recently viewed products, customer identification, first name, encrypted password, email address linked to the account, cart identification.	480 hours

Cookie name	Provider	Purpose	Expiry
collect	Google	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Session
r/collect	Google	Used to send data to Google Analytics about the visitor's device and behavior. Tracks the visitor across devices and marketing channels.	Session
_ga	Google	Registers a unique identifier that is used to generate statistical data on how the visitor uses the website.	2 years
_gat	Google	Used by Google Analytics to limit the number of requests.	1 day
_ga_#	Google	Used by Google Analytics to collect data on how many times a user has visited the site as well as dates of the first and last visit.	2 years
_gd#	Google	This is a session cookie for Google Analytics used to generate statistical data on how the visitor uses the website, which is deleted when the browser is closed.	Session
_gid	Google	Registers a unique identifier that is used to generate statistical data on how the visitor uses the website.	1 day

Cookie name	Provider	Purpose	Expiry
ads/ga-audiences	Google	These cookies are used by Google AdWords to re-engage users who are likely to convert to customers based on the user's online behavior across websites.	Session
fr	Facebook	Used by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.	3 months
NID	Google	Registers a unique identifier that identifies the device of a returning user. The identifier is used for targeted advertising.	6 months
tr	Facebook	Used by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.	Session
_fbp	Facebook	Used by Facebook to deliver a series of advertisement products such as real-time bidding from third-party advertisers.	3 months