CUSTOMER DATA PROTECTION POLICY
1. Our obligations regarding the protection of personal data
With a view to enabling customers to make purchases in a sense of security, one document was developed containing clear, simple and honest information about data processing operations by HAKKA-SKI. This document allows you to better understand what information and personal data (hereinafter referred to as "personal data") we collect and how we use this data to provide new services on a daily basis, while respecting all customer and user rights to their personal data.
Regardless of the sales or contact channel, HAKKA-SKI undertakes to protect the privacy of customers and users by ensuring the protection, confidentiality and security of personal data entrusted to us, in accordance with applicable law.
The most important rules
HAKKA-SKI undertakes to comply with the essential principles of respect for fundamental rights and all applicable laws and regulations:
• transparency: we provide all relevant information about the purposes of collecting data and the recipients of the data collected;
• compliance and legitimacy: we collect and process only data that is necessary to achieve the declared purposes;
• confidentiality and integrity: we implement all reasonable technical and organizational measures to protect personal data against disclosure, loss, alteration or access of unauthorized third parties;
• storage: we only store personal data for as long as is necessary for the purposes of data processing or the provision of certain services;
• right of access: we offer clients and users the ability to directly access, modify and correct their personal data through personal accounts on our websites. If the user or customer wants to exercise the right to delete their data, we remain at your disposal.

2. Ways of using our clients' personal data
2.1. In what situations do we collect clients' personal data?

Customers' personal data is collected in connection with:
• participation in our loyalty programs;
• visiting our online services;
• our trade relationship;
• buying our products and using our services or the services of our partners;
• customer contacts with our customer service department.

2.2. What type of data is collected?

Declarative personal data is data that the customer provides as part of a business relationship with our company or with its partners, e.g .:
• creating a customer account and joining the loyalty program;
• order management;
• tracking commercial or promotional information of our brands or websites;
• all contact with HAKKA-SKI, eg with customer service;
• participation in competitions.
These data are collected using forms, regardless of whether they are virtual (forms posted on our websites or in mobile applications) or in paper form or answers to questions asked, for example, by our customer service department.
Mandatory declarative data is marked with an asterisk in the appropriate form.
In order for the user to use our websites and services, it is necessary, except in exceptional cases, to collect data such as:

• surname, first name, correspondence address, e-mail address, landline or mobile phone number; tax identification number,
• loyalty card numbers.
Personal data related to HAKKA-SKI products and services.
These data result from the use of our company's products and services or the purchase of such products and services as part of our business relationship.
We also collect on this site
• information on the amount and nature of purchases, as well as customer personal data related to the use of our online services;
• orders, invoices and follow-up; receipts.
• information on customer activities on our online services.

Exclusion of specific categories of personal data
Under the law, under no circumstances do we collect a specific category of personal data, such as data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic personal data, biometric personal data for the purpose of uniquely identifying a natural person, data personal health or personal data regarding the sexual life or sexual orientation of a natural person.
HAKKA-SKI never collects or processes data from the above specific categories of personal data.

2.3. How do we use customer and user data?

We use customer and user data in accordance with the terms of this Policy, the general conditions for the sale or use of our products or services, constantly ensuring the transparency and security of such data.
Data use cases:
• when, after obtaining clear, obvious and accurate information about the processing operation carried out for one or more purposes, the user has agreed in the form of a written declaration, including by electronic means, or in the form of no objection or oral declaration;
• when the data is necessary for the implementation of the sales contract, general conditions of sale or use or for the implementation of measures taken at the user's request before the conclusion of the contract;
• to comply with HAKKA-SKI legal or regulatory obligations (eg warranty, invoicing, fight against fraud);
• when the legitimate interests of HAKKA-SKI or recipients may justify the processing of your personal data by HAKKA-SKI (e.g. insurance).
Such data processing operations are carried out taking into account the interests and fundamental rights of users as customers. Therefore, they are accompanied by measures and guarantees designed to ensure the protection of users' interests and rights, while ensuring an appropriate balance between them and the legitimate interests we seek.

2.4. For what purposes do we collect customer data?

• managing our trade relationship;
• management of our loyalty program;
• proposing our services, handling purchases and orders of users and our partners;
• providing products and services;
• contact with the customer in relation to his orders, invoices, products, services and promotional offers;
• storing and updating customer dossiers;
• informing and providing all explanations regarding our relationship, in particular through our consumer service department;
• offering tailored and personalized services, especially in the context of the development of our products and services;
• improving customer service by expanding our knowledge about customers;
• thanks to data analysis, we can adapt our products and services to the needs of our clients;
• research and development of our activities;
• for technical purposes (eg access to the customer's account, remembering personal data to avoid having to re-enter it during a given visit or subsequent visits to the website);
2.5. What analyzes are subject to customer and user data?

HAKKA-SKI on the website uses cookies, which during use by the client / user are saved by the HAKKA-SKI service on the hard disk of the client / user end device. The use of "cookies" is aimed at the correct operation of the website on the client / user end devices. This mechanism does not damage the client / user end device and does not change the configuration of the client / user end devices or software installed on these devices. Each customer / user can disable the "cookies" mechanism in the web browser of his terminal device. HAKKA-SKI indicates that disabling "cookies" may, however, cause difficulties or prevent you from using the website. Cookies collect data on the use of the website by the user / client, and their main purpose is to facilitate the use of the website for the user / client, adapting the website to the needs and expectations of the given user / client, researching users' movement within the website.

2.6. Who is the recipient of personal data of customers and users?

We make sure that only authorized persons from HAKKA-SKI have access to personal data and when it is necessary for the implementation of our business relationship.
Our service providers may also be recipients of personal data necessary to perform the services entrusted to them (e.g. delivery address).
Some personal data may also be sent to external entities to fulfill legal, regulatory or contractual obligations or legally authorized bodies.

2.7. Where is the personal data of customers stored?

The data is stored by the HAKKA-SKI company, which collects it in accordance with Polish and European legislation.
We may need to provide other companies with personal data necessary to perform the services ordered or subscribed (e.g. home delivery, collection point, notification of product availability).
Operations in cooperation with an external recipient of such data are the subject of a contract to ensure data protection and respect for the rights of customers and users.
In the event of transferring information to a country outside the European Union, there are rules to ensure the protection and security of such information.

2.8. How much time do we store clients' personal data?

Categories of personal data
Rules for active storage

Customer account details
3 years from the last contact with the client

Loyalty program details
3 years from the last contact with the client

Personal data regarding login to websites
1 year

Cookies
Maximum validity period: 13 months

Purchase details
Invoice: 10 years

Behavioral data
Data stored as long as the customer remains active and does not request the deletion of his data.

Data of potential customers
Data stored as long as the customer remains active and does not request the deletion of his data.

Segmentation Data stored as long as the customer remains active and does not request the deletion of his data. No restrictions for anonymized data

Identification data Data stored as long as the customer remains active and does not request the deletion of his data.


3. How to exercise the right of access to data?
Right of access
The customer or user of the website is entitled to obtain confirmation from HAKKA-SKI whether personal data concerning him are being processed, and if this is the case, he is entitled to access them and the following information: processing purposes, categories of relevant personal data, information about recipients or categories of recipients to whom personal data have been or will be disclosed, if possible, the planned period of storage of personal data, and if this is not possible, criteria for determining this period, information about the right to request from HAKKA-SKI to rectify, delete or limit the processing of personal data regarding the client or user and to object to such processing, information about the right to lodge a complaint to the supervisory body, if personal data have not been collected from the client / user - all available information about their source, information on automated decision making, including profile and important information about the rules for their taking, as well as about the significance and anticipated consequences of such processing for the customer / user. HAKKA-SKI provides the customer / user with a copy of the personal data being processed.
The right to rectify data
The customer or user of the website has the right to request from HAKKA-SKI immediate correction of his personal data that is incorrect. Taking into account the purposes of processing, the customer / user to whom the data relate has the right to request the completion of incomplete personal data, including by providing an additional statement.

The right to delete data

The customer or user of the website has the right to request HAKKA-SKI to immediately delete his personal data, and HAKKA-SKI is obliged to delete personal data without undue delay if personal data are no longer necessary for the purposes for which they were collected or otherwise processed, or when the customer / user of the website to which the data relate withdraws the consent on which the data processing is based, or when the customer / user objects to the processing of his personal data and there are no overriding legitimate grounds for processing, or when the customer / user objects to the processing personal data for the purposes of direct marketing, either when personal data have been processed unlawfully, or when personal data must be deleted in order to comply with a legal obligation under European Union law or the law of the Member State to which HAKKA-SKI is subject.
If HAKKA-SKI has made personal data public and is obliged to delete this personal data, then - taking into account the available technology and cost of implementation - it takes reasonable steps, including technical measures, to inform controllers processing these personal data that the data subject, requests the removal of all links to this data, copies of this personal data or their replication.
Despite the request to delete personal data, withdraw consent to the processing of personal data, object to the processing of personal data, GO Sport will not be required to delete personal data to the extent that the processing is necessary: to exercise the right to freedom of expression and information, or to comply with from a legal obligation requiring processing under Union or Member State law to which HAKKA-SKI is subject, or for carrying out a task carried out in the public interest, or for archiving purposes in the public interest or for statistical purposes, if the deletion of data prevents or seriously impedes achieving the purposes of such processing or to establish, pursue or defend claims.

The right to limit the processing of personal data

The customer or user of the website has the right to request HAKKA-SKI to limit processing in the event that he questions the correctness of personal data - for a period enabling HAKKA-SKI to check the correctness of this data, or if the processing is unlawful, and the customer / user opposes the removal of personal data, demanding instead to limit their use, or when HAKKA-SKI no longer needs personal data for processing purposes, but they are needed by the customer / website user to determine, assert or defend claims, or when the customer / website user has objected to processing - until determining whether legitimate grounds on the part of HAKKA-SKI take precedence over the grounds for objection by the customer / user of the website.
HAKKA-SKI informs about rectification or deletion of personal data or restriction of processing that has been carried out by each recipient to whom personal data has been disclosed, unless this proves impossible or requires disproportionate effort. HAKKA-SKI informs the customer / service user about these recipients, if he has requested it.
The right to transfer personal data
The customer or user of the website has the right to receive in a structured, commonly used machine-readable format personal data concerning him which HAKKA-SKI provided, and has the right to send this personal data to another administrator without any obstacles on the part of HAKKA-SKI to whom this data was provided personal, if the processing takes place on the basis of consent or on the basis of a contract, and the processing is carried out in an automated manner, and also has the right to request that personal data be sent by HAKKA-SKI directly to another administrator, if it is technically possible.

Right to object

The customer or user of the website has the right to object at any time - for reasons related to its particular situation - to the processing of personal data concerning him where it is necessary to perform a task carried out in the public interest or for purposes arising from legitimate interests pursued by HAKKA -SKI or by a third party, except where the interests or fundamental rights and freedoms of the data subject, requiring personal data protection, prevail over these interests, in particular where the data subject is a child, including profiling based on these provisions. HAKKA-SKI may no longer process this personal data, unless it demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the customer / user of the website or grounds for establishing, pursuing or defending claims.
If personal data is processed for the purposes of direct marketing, the client / website user has the right to object at any time to the processing of his personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
Automated decision-making in individual cases, including profiling
The customer or user of the website has the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on the person or similarly significantly affects him, unless that decision is necessary to conclude or the performance of a contract between the customer / user of the website and HAKKA-SKI, or if it is permitted by Union or Member State law to which HAKKA-SKI is subject and which provides for appropriate measures to protect the rights, freedoms and legitimate interests of the customer / user of the website or when it is based on the explicit consent of the customer / user of the website.

How to use information and access to personal data

The customer or user of the website may exercise the right to information and the right to access personal data via the customer's account in the (My Account and My Data) section, by post to the HAKKA-SKI correspondence address in accordance with the registered office, by writing to the address of the security department or by e -mail: shop@hakka-ski.com
The right to lodge a complaint with a supervisory authority
Without prejudice to other administrative or legal protection measures before the court, the customer / service user from 25/05/2018. i.e. the entry into force of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC, has the right to lodge a complaint with a supervisory authority, in particular in the Member State of its habitual residence, place of work or place of alleged violation, if he thinks that the processing of personal data concerning him violates the abovementioned Regulation.

4. The security measures we use
 
4.1. Our commitment to security and confidentiality

Our priority is to respect our clients 'and users' rights to the protection, security and confidentiality of their data. HAKKA-SKI undertakes to implement security measures tailored to the degree of sensitivity of personal data in order to protect them against malicious data intrusion, loss, alteration or disclosure of data to unauthorized third parties. The development, design, selection and use of our services based on the processing of personal data by HAKKA-SKI takes into account the right to protection of personal data from the moment they are generated. For this reason, for example, we pseudonymize or anonymize personal data as soon as possible or necessary, as the case may be. Because all personal data is confidential, only HAKKA-SKI employees or service providers working for HAKKA-SKI who need data to perform their assigned tasks have access to it. All persons having access to customer and user data are required to maintain confidentiality and are subject to disciplinary or other sanctions if they fail to do so. Operations in cooperation with an external recipient of data are the subject of a contract to ensure the protection of personal data and respect for the rights of customers and users. HAKKA-SKI is fully committed to the protection of personal data entrusted to us by clients and users. In the interests of security and data protection, we encourage customers and users to exercise caution and prevent unauthorized access to personal data and protect end devices (computers, smartphones, tablets) against unwanted or malicious access - a strong password should be used and regularly changed. If more people use the device, we recommend logging out at the end of work with the device.

5. Dictionary of terms

"Anonymisation" means the transformation of personal data after which it can no longer be used to identify a natural person; 1
Based on opinion G29 No. 05/2014 of 10 April 2014 on anonymisation techniques (WP216)

"Collection" refers to the collection of personal data. Data can be collected in particular using questionnaires or online forms;
"Consent" expressed by the user means a voluntary, specific, informed and unambiguous expression of the will to which the data subject permits - by declaration or explicit action - to process personal data concerning him;

"Personal data" means any information relating to an identified or identifiable natural person that can be identified, directly or indirectly, in particular on the basis of an identification data such as name, identification number, location data, login or at least one specific an element specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of the person;

"Right of access" means all fundamental rights as set out in Union Regulations 2 relating to the following rights:

•   right to information;
•.  right of access;
•.  right to rectification;
•.  the right to delete data and the right to be forgotten;
•.  data transfer rights;
•   right to object;
•   the right to limit data processing;
•   the right to draw up instructions for storing, deleting and disclosing personal data in the event of death.

2 Articles 15-21 and Article 23 OF THE REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (EU) 2016/679 of 27 April 2016.

"Restriction of processing" is the marking of stored personal data in order to limit their future processing; 3
3 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, Art. 4

Data-related "minimization" refers to limiting the collection or use of information;

"Data aggregation" means the result of the merging of databases of current or potential clients created by several partners;

"Profiling" 4 "means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal factors of a natural person, in particular to analyze or forecast aspects of the natural person's work effects, economic situation, health, personal preferences, interests, credibility, behavior, location or movement. "
4 Regulation (EU) 2016/679 of 27 April 2016: Official Journal of the European Union 2016 L 119 p. 1 et seq., Art. 4 §4.

"Products or services" means all products and services, including technologies (websites, applications and related services) currently or in the future offered by HAKKA-SKI;