Privacy policy and cookies

PRIVACY POLICY OF THE FAT-DP.COM ONLINE STORE

Table of contents

1. GENERAL PROVISIONS
2. BASIS FOR DATA PROCESSING
3. PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
4. DATA RECIPIENTS IN THE ONLINE STORE
5. PROFILING IN THE ONLINE STORE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE STORE AND ANALYTICS
8. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. This privacy policy of the Online Store is for informational purposes only, which means that it does not impose any obligations on the Service Users or Customers of the Online Store. The privacy policy primarily contains rules regarding the processing of personal data by the Administrator in the Online Store, including the basis, purposes, and period of personal data processing, as well as the rights of data subjects and information on the use of cookies and analytical tools in the Online Store.

1.2. The administrator of personal data collected through the Online Store is Maciej Pręt, conducting business activity under the name EMPE MACIEJ PRĘT, entered in the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister responsible for the economy, with: business address and address for service: ul. Marszałkowska 25/1, 66-530 Drezdenko, NIP (Tax Identification Number): PL2810097995, REGON (National Business Registry Number): 389007331, e-mail address: contact@fat-dp.com and telephone number: +48 660 521 139 – hereinafter referred to as the “Administrator” and also being the Online Store Service Provider and Seller.

1.3. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR” or “GDPR Regulation.”

1.4. The use of the Online Store, including making purchases, is voluntary. Similarly, the provision of personal data by the Service Recipient or Customer using the Online Store is voluntary, with two exceptions: (1) concluding contracts with the Administrator – failure to provide, in the cases and to the extent indicated on the Online Store website and in the Online Store Regulations and this privacy policy, the personal data necessary to conclude and perform a Sales Contract or a contract for the provision of Electronic Services with the Administrator results in the inability to conclude such a contract. In such a case, the provision of personal data is a contractual requirement and if the data subject wishes to conclude a given agreement with the Administrator, they are obliged to provide the required data. Each time, the scope of data required to conclude an agreement is indicated in advance on the Online Store website and in the Online Store Regulations; (2) the Administrator’s statutory obligations – the provision of personal data is a statutory requirement resulting from generally applicable laws imposing on the Administrator the obligation to process personal data (e.g., processing data for the purpose of keeping tax or accounting records), and failure to provide such data will prevent the Administrator from performing these obligations.

1.5. The Administrator takes special care to protect the interests of the persons whose personal data it processes, and in particular is responsible for and ensures that the data it collects is: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not further processed in a manner incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which it is processed; (4) stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and (5) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity of the rights and freedoms of natural persons, the Controller shall implement appropriate technical and organizational measures to ensure that processing is performed in accordance with the GDPR and to be able to demonstrate this. These measures shall be reviewed and updated as necessary. The Administrator shall use technical measures to prevent unauthorized persons from obtaining and modifying personal data sent electronically.

1.7. All words, expressions, and acronyms appearing in this privacy policy and beginning with a capital letter (e.g., Seller, Online Store, Electronic Service) shall be understood in accordance with their definition contained in the Online Store Regulations available on the Online Store’s website.

2. BASIS FOR DATA PROCESSING

2.1. The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has consented to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

2.2. The processing of personal data by the Administrator requires at least one of the grounds specified in section 2.1 of the privacy policy to be present in each case. The specific grounds for the processing of personal data of Service Users and Customers of the Online Store by the Administrator are specified in the next section of the privacy policy – in relation to the specific purpose of the processing of personal data by the Administrator.

3. PURPOSE, BASIS, AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE

3.1. In each case, the purpose, basis, period, and recipients of personal data processed by the Administrator result from actions taken by a given Service Recipient or Customer in the Online Store or by the Administrator.

3.2. The Administrator may process personal data within the Online Store for the following purposes, on the grounds and for the periods indicated below:

4. DATA RECIPIENTS IN THE ONLINE STORE

4.1. For the proper functioning of the Online Store, including the performance of Sales Agreements, it is necessary for the Administrator to use the services of external entities that provide sufficient guarantees to implement appropriate technical and organizational measures so that processing meets GDPR requirements and protects data subjects.

4.2. Personal data may be transferred to a third country with adequate level of protection or based on standard data protection clauses, with the possibility for the data subject to obtain a copy; transfers occur only when necessary and to the extent required to achieve the processing purpose.

4.3. Transfers do not occur in every case nor to all categories of recipients; data is transferred only when necessary and to the extent required for the specific processing purpose.

• 4.4.1. Carriers/forwarders/courier brokers/warehouse and/or shipping handlers – to the extent necessary to deliver the Product.
• 4.4.2. Entities handling electronic or card payments – to the extent necessary to process payments.
• 4.4.3. Service providers supplying technical, IT, organizational solutions (e-mail/hosting, store software, company management, technical support) – only when and to the extent necessary.
• 4.4.4. Accounting, legal, and consulting providers (accounting office, law firm, debt collection company) – only when and to the extent necessary.

5. PROFILING IN THE ONLINE STORE

5.1. The Administrator informs about automated decision-making, including profiling, and provides information about rules, significance, and anticipated consequences under Article 22 GDPR.

5.2. Profiling may be used for direct marketing, without decisions about concluding/refusing agreements or using Electronic Services; effects may include discounts, codes, reminders, or tailored product proposals, with the person freely deciding whether to use them.

5.3. Profiling consists of automatic analysis or prediction of behavior on the website (e.g., adding products to cart, viewing product pages, analyzing purchase history), conditioned on the Administrator holding personal data to send, for example, a discount code.

5.4. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them.

6. RIGHTS OF THE DATA SUBJECT

6.1. Right of access, rectification, restriction, erasure, portability, and objection under Articles 15–21 GDPR.

6.2. Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

6.3. Right to lodge a complaint with a supervisory authority; in Poland, the President of the Personal Data Protection Office.

6.4. Right to object at any time, on grounds relating to the particular situation, to processing based on Article 6(1)(e) or (f) GDPR, including profiling, unless compelling legitimate grounds override interests, rights, and freedoms or for establishment, exercise, or defense of claims.

6.5. Right to object to direct marketing, including profiling to the extent related to such marketing.

6.6. Rights may be exercised by written or e-mail message to the Administrator’s address indicated at the beginning or via the contact form on the Online Store website.

7. COOKIES IN THE ONLINE STORE AND ANALYTICS

7.1. Cookies are small text files sent by the server and stored on the device of the person visiting the Online Store website.

7.2. The website may provide a tool for active cookie management on first visit and later via the lower corner of the site, allowing checking which cookies are stored and adjusting purposes.

7.3. Below is information on cookie use, types, purposes, and managing them via browser and/or on-site tool.

7.4. Types of cookies

• By provider: own (store) and third-party.
• By storage period: session and persistent.
• By purpose: necessary; functional/preference; analytical/performance; marketing/advertising/social media.

7.5. Purposes of processing cookie data

• Identifying logged-in Users (necessary).
• Remembering cart contents (necessary).
• Remembering form/survey/login data (necessary and/or functional).
• Customizing site content to preferences and optimizing use (functional).
• Keeping anonymous usage statistics (analytical/performance).
• Displaying and rendering ads, limiting views, ignoring unwanted ads, measuring effectiveness, and personalizing ads, including on other sites in the same ad networks (marketing/advertising/social media).

7.6. Checking currently sent cookies

It is possible to check which cookies are currently sent by the website using external tools; details depend on selected tool.

7.7. Browser settings

By default, most browsers accept cookies; conditions for use can be specified in browser settings, including partial restriction or full disabling, which may affect some functionalities.

7.8. Consent through browser settings

Browser settings are relevant for consenting to cookie use; detailed instructions are available in the help section of each browser vendor.

7.9–7.11. Analytics (Google services)

The Online Store may use Google Analytics and Universal Analytics provided by Google Ireland Limited to compile statistics and analyze traffic; collected data are aggregated and include source/medium, behavior, device/browser, IP/domain, geographic and demographic data, and interests.

Activity sharing with Google Analytics can be blocked using a browser add-on; details available from Google.

Full information on processing of visitor data by Google services is available in Google’s privacy policy for partner sites.

7.12–7.13. Meta Pixel

The Online Store may use Meta Pixel by Meta Platforms Ireland Limited to measure ad effectiveness, learn actions taken by visitors, and display tailored ads; details are available in Meta’s business help resources.

Meta Pixel operation can be managed via Facebook ad settings in the user account.

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites; reading their privacy policies is recommended. This privacy policy applies only to the Administrator’s Online Store.