This Privacy Policy sets out the rules for collecting and processing personal data of current and potential Clients of the business activity conducted by LEO Sp. z o.o. (hereinafter referred to as: “LEO Sp. z o.o.“, “LEO Store“, “we“, “us” and “our“), including visitors to any of the www.leo-art.com websites (collectively, ‘Users’). LEO Sp. z o.o. respects your privacy. Regardless of whether you are a customer, a consumer, a person interested in our services and products, you have the right to the protection of your Personal Data. This data can refer to your name, phone number, email address, but also other data, including geolocation data, etc.
In this General Privacy and Data Protection Policy (hereinafter referred to as the “Policy“) we describe how we collect your Personal Data and why we collect it, what we do with your Personal Data, who we share it with, how we protect it, and the choices you can make regarding your Personal Data.
This Policy applies to the processing of Personal Data as part of various services, tools, applications, websites, portals, (online) sales promotions, marketing campaigns, sponsored social media platforms, etc., which are provided or operated by us or on our behalf. This Policy contains general principles and explanations. It is supplemented by separate information obligation clauses concerning the above-mentioned specific services, tools, applications, websites, portals, (online) sales promotions, marketing activities, sponsored social media platforms, etc. These information obligation clauses will be communicated to you when your Personal Data is processed as part of the above-mentioned activities (for example, via websites, portals, individual communication services, newsletters, reminders, surveys, offers, events, etc.).
This Policy applies to all Personal Data collected and used by (or on behalf of) LEO Sp. z o.o.
If you accept the provisions of this Policy, you also agree to the processing of your Personal Data in the manner set out in this Policy.
At the end of this Policy, you will find capitalized definitions of key terms used in this Policy (e.g. Personal Data, Processing, Data Controller).
The entity responsible for the Processing of your Personal Data (Data Controller) is:
38-100 Strzyżów
Poland
LEO Sp. z o.o. has established a Data Protection Contact Point, whose task is to answer your questions and requests related to this Policy, information obligation clauses, your Personal Data (and their Processing).
If you have any questions, complaints related to the application of this Policy and the Processing of Personal Data, or requests related to your rights, you can contact us through the Data Protection Contact Point:
as well as by post using the following address:
38-100 Strzyżów
Poland
We care about the Personal Data entrusted to us and are committed to processing it in a fair, transparent and secure manner. To this end, LEO Sp. z o.o. applies the following principles:
Lawfulness: We will only collect and process your Personal Data in a lawful, fair and transparent manner. All personal data is collected, stored and processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR) and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Data Minimization: We will limit the collection of your Personal Data to what is adequate and necessary to achieve the purposes for which it was collected.
Purpose Limitation: We only collect your Personal Data for specified, explicit and legitimate purposes and we will not process your Personal Data in a way that is incompatible with those purposes.
Accuracy: We make sure that the Personal Data we hold is accurate and up to date.
Security and data protection: In order to ensure that data security and data protection is at an appropriate level, we implement technical and organizational measures, taking into account, among other things, the nature of the Personal Data to be protected. Such measures are designed to prevent unauthorized disclosure or access, unlawful destruction or accidental loss of data, alteration, or any other unlawful form of Processing.
Access and rectification: we will process your Personal Data in a manner that ensures that we can confirm that your Personal Data is being processed, and that we can access and obtain the information you have requested, together with a request for rectification of your Personal Data in accordance with your rights.
Limited Data Retention Period: We will retain your Personal Data in a manner consistent with applicable data protection laws and regulations and for no longer than is necessary to achieve the purposes for which it was collected or as required by law.
Protection in the event of international transfers: We will ensure that your Personal Data is adequately protected when it is transferred, in particular to countries outside the EEA.
Safeguards Regarding Third Parties: We will ensure that access to (and transfer of) Personal Data by third parties is in accordance with applicable law and appropriate contractual safeguards.
Compliance with the law of direct marketing and the use of cookies: we ensure that the sending of promotional materials and the placement of cookies on your computer is carried out in accordance with applicable law.
Whenever you are asked to provide your Personal Data, you will be clearly informed about which of your Personal Data is being collected. This information will be provided to you in the form of an appropriate information obligation clause included in certain services (including communication services), web portals, electronic newsletters, reminders, surveys, offers, invitations to events, etc.
Please note that in accordance with data protection laws, your Personal Data may be processed if:
We will only process your Personal Data for specified, explicit and lawful purposes and we will not continue to process your Personal Data in a way that is incompatible with those purposes.
Such purposes may be the performance of an order you have placed, the performance of a contract, the improvement of the quality of our services based on your opinion of your visit to one of our websites or portals, the general improvement of the quality of our products or services, the offering of services or applications, communications and marketing activities, profiling as part of marketing, etc. The purpose of each Processing of your Personal Data is set out in a specific information obligation clause relating to that specific Processing. Information on specific information obligation clauses is made available, for example, by websites or portals, in applications, electronic newsletters, etc.
It is very important to us to store data in a way that ensures it is accurate and up to date. Please inform us of any changes or errors in your Personal Data as soon as possible by contacting us via the Data Protection Contact Point (see section 3 “Who can you contact if you have questions or requests?”). We will take reasonable steps to ensure that any incorrect or outdated Personal Data is deleted or adjusted accordingly.
You have the right to access the Personal Data we process about you and, if your Personal Data is inaccurate or incomplete, to request that your Personal Data be corrected or deleted. If you require further information about your privacy rights or would like to exercise these rights, please contact us via the Data Protection Contact Point (see section 3 “Who can you contact if you have questions or requests?”).
We will retain your Personal Data in a manner that complies with data protection laws. We will only retain your Personal Data for as long as necessary for the purposes for which we process your Personal Data or for compliance with the law, or where we are required by law to retain your data for a certain period of time. If you would like information about how long certain Personal Data will be kept before it is deleted from our systems and databases, please contact us via the Data Protection Contact Point (see section 3 “Who can you contact if you have questions or requests?”). Relevant information will also be provided in the specific information obligation clauses that will be provided to you when your Personal Data is processed.
In order to ensure the protection of your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access to Personal Data, we have implemented an appropriate set of technical and organisational measures. They have been specifically designed considering our IT infrastructure, the potential impact on your privacy and the associated costs, and in accordance with current industry standards and practice.
Your Personal Data may be processed by a third-party Data Processor only if that Data Processor undertakes to apply these technical and organizational data security measures.
Maintaining data security means protecting the confidentiality, fairness, and availability of personal data:
1. Confidentiality: We will protect your Personal Data from unwanted disclosure to third parties.
2. Fairness: We will protect your Personal Data from being modified by unauthorized third parties.
3. Availability: We will ensure that authorized parties are able to access Personal Data when necessary.
Our data security procedures include: access security, backup systems, monitoring, reviewing and maintaining systems, managing security incidents and ensuring business continuity, etc.
We use cookies on our website. This allows us to provide you with a better experience when browsing the website and enables us to make improvements to our website. Cookies are small pieces of information in the form of text files, sent by the server and saved on the side of the website visitor on a given end device (hard drive, smartphone memory). Detailed information on cookies can be found at https://pl.wikipedia.org/wiki/HTTP_cookie
1. Cookies that can be sent by the website can be divided according to the following criteria:
By provider:
1) our own (created by the website you are visiting), and
2) belonging to third parties or entities that are not the Administrator
Due to the storage period on the device in question:
1) session cookies (stored until you log out of the website or turn off your browser) and
2) permanent (stored for a defined period of time, or until manually deleted)
Due to the purpose of their use:
1) necessary (enabling the proper functioning of the website),
2) functional/preferential (allowing the website to be adapted to the preferences of the visitor),
3) analytical and performance (gathering information about how the website is used),
4) marketing, advertising, and social media (collecting information about the person visiting the website in order to display personalized advertisements and other marketing activities, including on other websites, such as social networks).
2. The Administrator may process the data contained in cookies during the use of the website by visitors for the following specific purposes:
1) identify Service Recipients as logged in to the website and show that they are logged in (necessary cookies),
2) remembering the Products added to the cart in order to place an Order (necessary cookies),
3) remembering data from completed Order Forms, surveys or website login details (necessary and/or functional/preferential cookies),
4) adapting the content of the website to the individual preferences of the Service Recipient (e.g. regarding colours, font size, page layout) and optimising the use of websites (functional/preference cookies),
5) keeping anonymous statistics showing how the website is used (analytical and performance cookies),
6) remarketing, i.e. researching the behaviour of website visitors through anonymous analysis of their activities (e.g. repeated visits to specific websites, keywords) in order to create their profile and provide them with advertisements tailored to their interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social media cookies).
3. It is possible to check in browsers what cookies are sent by the website at a given time, what is the period of their operation and who is their provider is in the following way:
1) in the address bar, click on the lock icon on the left,
2) go to the “Cookies” tab.
1) in the address bar, click on the shield icon on the left,
2) go to the “Allowed” or “Blocked” tab,
3) click on the “Cross-Site Tracking Cookies”, “Social Trackers” or “Tracker Content” box.
1) click on the “Tools” menu,
2) go to the “Internet Options” tab,
3) go to the “General” tab,
4) go to the “Settings” tab,
5) Click on the “View Files” box.
1) In the address bar, click on the lock icon on the left,
2) go to the “Cookies” tab.
1) click on the “Preferences” menu,
2) go to the “Privacy” tab,
3) click on the “Manage website data” box
Regardless of the browser, using the tools available on the website: https://www.cookiemetrix.com/ lub: https://www.cookie-checker.com/
1. Most web browsers available on the market accept cookies by default. Each user has the ability to specify the conditions for the use of cookies using the settings of their own web browser. This means that you can, for example, partially or temporarily restrict or completely disable the storage of cookies. However, it may affect some functionalities of the website, e.g. the inability to remember the list of products in the shopping cart when placing an order.
2. Information on how to change cookies settings and delete them in browsers is available in the help section of your browser or on the following websites:
1. The Administrator may use Google Analytics, Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) on the website. These services help the Administrator to keep statistics and analyze network traffic. The data collected is aggregated. By using the above services, the Administrator collects data such as the sources and methods of acquiring website visitors and the way they behave on the website, information about the devices and browsers from which they visit the website, IP and domain, geographical data, demographic data (age, gender) and interests.
2. It is possible for you to block the sharing of information about your activity on the website with Google Analytics. For this purpose, you can install a browser add-on provided by Google Ireland Ltd. https://tools.google.com/dlpage/gaoptout?hl=pl
3. The Administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the website. This service helps the Administrator to measure the effectiveness of advertisements and to find out what actions are taken by website visitors, as well as to display tailored advertisements to these people. Detailed information about how the Facebook Pixel works can be found at: https://www.facebook.com/business/help/742478679120153?helpref=page_content
Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, who will then process your Personal Data only for the purposes indicated:
1. As part of our business:
2. External Business Partners:
Advertising, marketing and promotion agencies acting on our behalf: to help us deliver and analyse the effectiveness of our advertising and promotional campaigns;
Business partners: for example, trusted companies that may use your Personal Data to provide you with services and/or products that you have requested and/or that may provide you with marketing materials (provided that you have consented to receive such marketing materials). We ask such companies to always comply with applicable laws and this Policy and to pay particular attention to the confidentiality of personal information;
Service Providers LEO Sp. z o.o.: companies that provide services to or on behalf of LEO Sp. z o.o., to provide such services (for example, LEO Sp. z o.o. may disclose your Personal Data to third-party providers of IT-related services);
3. Other Third Parties:
Please note that the third-party recipients listed in sections 2 and 3 above – particularly service providers who may offer products and services through services or applications or through their own channels – may collect Personal Data from you separately. In this case, these entities are solely responsible for the processing and control of such Personal Data, and your dealings with them will be subject to their terms and conditions.
If you purchase a product or service from us (LEO Sp. z o.o.) or if you provide us with your Personal Data, you establish an independent relationship with us as the Data Controller.
If you use a specific social media login (for example, a Facebook account) by using a tool of LEO Sp. z o.o. through www.leo-art.com websites, LEO Sp. z o.o. will register your Personal Data available on these social media, and the use of such social media means that you have expressly consented to the transfer of Personal Data registered by LEO Sp. z o.o. through the tools of this social media.
LEO Sp. z o.o. sometimes facilitates the publication of Personal Data via social media such as Facebook, Linkedin. Social media has its own privacy policy, which you must take into account if you use such social media. Please be reminded that posting content on social media may have certain consequences, including for your privacy or the privacy of those whose Personal Data you share, such as not being able to withdraw the content you have posted within a short period of time. You are fully responsible for what you publish. LEO Sp. z o.o. does not bear any responsibility in this regard.
Your Personal Data may be transferred to recipients who are located outside the EEA and may be Processed by us and recipients outside the EEA. In connection with any transfer of your Personal Data to countries outside the EEA, LEO Sp. z o.o. will take appropriate measures to ensure an adequate level of protection for your Personal Data. These measures may, for example, consist of agreeing binding contractual clauses with recipients guaranteeing an adequate level of protection.
We will always make it clear to you when your Personal Data is transferred outside the EEA. This information will be provided to you via a separate information obligation clause, which will be included, for example, in certain services (including communication services), electronic newsletters, reminders, surveys, offers, invitations to events, etc.
We want to be as transparent as possible to you so that you can make reasonable choices about how we use your Personal Information.
You can always contact us via the Data Protection Contact Point (see section 3 “Who can you contact if you have questions or requests?”) to find out what Personal Data we have about you and where it comes from. In certain circumstances, you have the right to receive a copy of the Personal Data you have provided to us in a commonly used, structured, machine-readable format or to request the portability of your Personal Data to any third party of your choice.
If you find an error in your Personal Data, or if you believe that it is incomplete, out of date or incorrect, you can request that we correct or complete it.
You have the right to request the restriction of the Processing of your Personal Data (e.g. if the accuracy of your Personal Data is contested when your Personal Data is not needed for the purposes of the processing).
You may object to the use of your Personal Data on the basis of the legitimate interest of the Controller (we will cease to process the data for this purpose, unless there are legitimate grounds for the processing specified in the law, or when the processing is necessary to establish, exercise or defend claims).
You may also object to the use of your Personal Data for direct marketing purposes or the sharing of your Personal Data with third parties for the same purpose.
You have the option to withdraw your consent to the further Processing of Personal Data that you have given us at any time. You can withdraw your consent by contacting the Data Protection Contact Point (see section 3 “Who can you contact if you have questions or requests?”).
In addition, you can ask us to delete your Personal Data (except in certain cases, for example to prove a transaction, exercise or defend legal claims, or where we are required to do so by law).
Please also note that you also have the right to lodge a complaint against LEO Sp. z o.o., as the Data Controller, to the relevant data protection authority (“President of the Data Protection Office”).
The requirements of this Policy are in addition to, and not in lieu of, any other requirements existing under data protection law. In the event of a conflict between the content of this Policy and the requirements of data protection law, the data protection law shall prevail.
LEO Sp. z o.o. may amend this Policy at any time, e.g. in order to adapt to the current provisions of the data protection law, due to decisions or other acts of state authorities or in connection with the need to improve the provision of our services. We will keep you informed of any changes by publishing the current version of this Policy on the www.leo-art.com websites.
In this Policy, the following terms shall have the following meanings:
1. Data Administrator means the organisation that determines the purposes of the processing and the means by which your Personal Data is processed. Unless we inform otherwise, the Data Administrator is: LEO Sp. z o.o. with its registered office in Dobrzechów 446b, 38-100 Strzyżów, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Rzeszów, XII Commercial Division under the following numbers: 0001034126, NIP 8191677828, REGON 525216311. Further information may be provided to you via a separate information obligation clause, which, for example, will be included in certain services (including communication services), electronic newsletters, reminders, surveys, offers, invitations to events, etc.
2. Data Processor means a person or organization that processes your Personal Data on behalf of the Data Controller.
3. Data Protection Contact Point means the person designated by LEO Sp. z o.o. as the Data Controller to whom you have the opportunity to address your questions or requests regarding this Policy and/or the Processing of your Personal Data and who will deal with such questions and requests. Unless otherwise informed, you can contact the Data Protection Contact Point as described in section 3 “Who can you contact if you have questions or requests?”.
4. EEA stands for European Economic Area (= Member States of the European Union + Iceland, Norway, and Liechtenstein).
5. Personal Data is any information relating to an identified or identifiable natural person, e.g. you, or enabling you to be indirectly identified, such as, for example, your name, telephone number, e-mail address.
6. Processing means an operation or set of operations which is performed on your Personal Data or on sets of such Data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, access and any use of Personal Data.