Privacy Policy
Purpose
To provide the Customers with their products and services and administer their account in relation to such products and services, in particular to process their transaction, subscriptions and registration for our products and services – in accordance with your agreements with us.
To process the transaction, subscriptions and registration for products and services of third-parties.
To detect, investigate and prevent fraud, to maintain the security of our systems, to protect our property and safety as well as property and safety of our employees.
To conduct research and statistical analysis in order to improve and develop our business, products and services.
To provide you marketing information about our Group products and services as well as relevant third-party products and services:
-by using direct marketing;
-by adapting our websites, offers and advertising to your interests;
-by other means, such as advertising on websites;
From time to time we may also collect personal data from other sources that the data subject – for example when we identify beneficial owners within AML process or if you provide us personal data of other persons. In many cases providing information included in this policy to such persons proves impossible or would involve a disproportionate effort. We appreciate if you may help us to be transparent to such persons on processing of their data. Such data are not used for marketing purposes.
Legal basis
The Company commits to comply with the provisions of General Data Protection Regulation, and all of the other Laws and/or legal acts that are applicable, as well as all of the European Union acts that are applicable in accordance with the Personal data protection regulations that are applicable for the specific country in which the services are provided.
As required by law, and to enforce customers, or the Company’s legal rights, and to comply with local, state, federal and international law, the Company may disclose data to law enforcement agencies.
Consent
By using the Company’s web sites, you acknowledge that you have read this Privacy Policy and you consent to the practices described herein with respect to the Company’s collection, use ,store, share and disclosure the Personal data provided by you to us. We reserve the right to change this Privacy Policy in accordance with the terms herein at any time, which is why we encourage you to visit this page often, review this Privacy Policy frequently, and remain informed about any changes to it.
If, after review, you still have questions about any portion of this Privacy Policy, please contact the Company using the contact information provided at the bottom of this Privacy Policy.
Personal Data Collection and Use Personal data
‘Personal data’ means data that can identify you as a specific individual, such as your name, address, phone number, e-mail address, or other contact information, whether at work or at home.
On all Company web sites that collect Personal data, we specifically describe what information is required in order to provide you with the product, service, or feature you have requested.
We collect Personal data when you contact us, when you register with us, when you use our products and services, when you submit an order with us, when you visit our web sites or the web sites of certain of the Company’s partners, and when you enter promotions and sweepstakes.
We may collect and process your Personal data due to the direct marketing. Direct marketing is the activity that is intended to offer the goods or services to you by post, telephone or other direct way as well as to inquire the opinion of the Customers about the offered goods and services. If you do not agree with the processing of your Personal data for the direct marketing purposes, the Personal data for the direct marketing is not processed. You are granted with the right to withdraw your consent given for the processing of the Personal data for the purposes of the direct marketing. Providing Personal data by you is voluntary, but the lack of some of them may prevent you from registering on the Platform, using certain services, receiving a newsletter, buying products etc. Where you have given your consent and have not subsequently opted out, we may also collect information about what is watched and bought by you, at what price, in what amount or whether did you add specific products to the cart but did not buy them and use it to create a profile of your interests on the basis of content that we think was interesting for you (for example because you added it to the cart) as well as content that other users similar to you have found engaging. By using [this profile of your interests we can adapt our marketing materials by replacing the default content with content more relevant to your interests Your Right Pursuant to the GDPR, you have following rights in relation to the processing of your Personal data: – Right to be informed, which is satisfied through this notice. – Right to erasure. You have the right to have your data erased and no longer processed if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if consent was withdrawn or objection was filed and there are no other legal basis for processing. If we have disclosed the personal data in question to third parties, we will inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so. – Right to restriction on processing. If there are grounds for restriction on processing, for example if you contest the accuracy of your personal data, it will be stored and processed otherwise only if you consent or to exercise legal claims, or for the protection of rights of another natural or legal person. If we have disclosed the personal data in question to third parties, we will inform them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so. We will inform you before the restriction is lifted. – Right to objection to processing. You have the right to object to processing based on legitimate interests (including profiling) and direct marketing (including profiling). We will no longer process you data, unless we have compelling legitimate grounds for processing or we need to process the data for the establishment, exercise or defense of legal claims. – Right to portability. You have the right to receive personal data that you provided to us in a structured, commonly used and machine-readable format and to transmit those data to another data controller.You may contact us to exercise your rights through “Contact Information” section below. – Right to lodge a complaint with a supervisory authority. If you are unhappy about the way we process personal data you may contact us and, if you are unsatisfied with our answer, file a complaint to data protection authority in [Poland] or in your country, – Right to verify whether we hold your personal data, to obtain a copy of the data, and to correct any data that is inaccurate; – Right to request us to inform you of the type of personal data held by us. All data access requests shall be made using the form prescribed by the Privacy Commissioner for Personal Data (“Privacy Commissioner”) , -Right to requests for access and correction of personal data or for information regarding policies and practices and the kinds of data held by us should be addressed in writing and sent by post to us (see the “Contact Us” section below) . Registration When you register with us on this site, you first complete the on-line registration form, which requires you to create a username and password. During registration, you are also required to provide Personal data, which may include name, billing address, shipping address, telephone number, e-mail address. We use this personal data so that we may contact you about the services and products on the site(s) in which you have expressed interest or requested and to facilitate the completion of an order. Promotions, Contests and Sweepstakes From time-to-time, the Company may provide you the opportunity to participate in promotions, contests or sweepstakes on its web site(s). Such promotions, contests and sweepstakes will also be governed by the rules and regulations posted with such promotions, contests and sweepstakes. If you participate, you will be required to register with the Company, which will require you to provide certain Personal data. Participation in these promotions, contests and sweepstakes is completely voluntary and you therefore have a choice whether or not to register and provide your Personal data. The requested data typically includes contact information, such as name, shipping address, e-mail address, and telephone number. We will use this information to notify winners and award prizes. Additionally, during your registration process you may opt-in to receiving additional related communications us. If you decide to opt-in, we will use the information provided to send you communications described throughout this Privacy Policy. Newsletters If you wish to subscribe to the Company’s newsletter(s), we will use your name and e-mail address to send the newsletters to you. Other Information Collected Some data may be collected automatically every time you visit the Company’s web sites, such as cookies and computer data. In addition, data may be collected other independent, third-party sources. We also collect information about which pages you visit within this site. This site visitation data is identified only by a unique URL. Cookies The Company uses both session ID cookies and persistent cookies as part of its interaction with your browser. A cookie is an alphanumeric identifier (a file) that the Company’s web sites transfer to your computer’s hard drive through a web browser to enable its systems to recognize your browser for record-keeping purposes. A session ID cookie expires when you close your browser, while a persistent cookie remains on your hard drive for an extended period of time. We use session ID cookies to make it easier for you to navigate the our web sites. We use persistent cookies to identify and track which sections of its web site you most often visit. We also use persistent cookies in areas of its web site you must register, and you are able to customize the information you see, so that you don’t have to enter your preferences more than once. By configuring the options in your browser, you may control how cookies are processed by your system. However, if you decline the use of cookies you may not be able to use certain features on this site and you may be required to reenter the information required to complete an order during new or interrupted browser sessions. Some of the Company’s business partners (e.g., advertisers) use cookies on the site. We have no access to or control over these cookies (see ‘Third Party Advertising’ and ‘Third Party Cookies’ below). Accordingly, this Privacy Policy covers the use of cookies by the Company only and does not cover the use of cookies by any advertisers. Log Files As is true of most web sites, the Company gathers certain information automatically and stores it in log files. This information includes internet protocol (IP) addresses, browser type, internet services provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. The Company uses this information to analyze trends, to screen for fraud, to administer the Company’s sites, to track users’ movements around the web sites and to gather demographic information about the Company’s user base as a whole. Clear Gifs (Web Beacons/Web Bugs) The Company employs a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that helps it better manage content on its web sites by informing the Company what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. The Company uses clear gifs in its HTML-based e-mails to inform itself of which e-mails have been opened by you. This allows the Company to gauge the effectiveness of certain communications and the effectiveness of the Company’s marketing campaigns. If you would like to opt-out of these e-mails, please see ‘Choice and Opt-Out’ section of this Privacy Policy. Special Offers and Updates The Company collects data about which sections of its web site you visit most often, so that it can send you our newsletter and data about relevant offers, promotions, contests, and sweepstakes which may interest you. Accordingly, the Company will occasionally send you information on products, services, special deals, promotions and sweepstakes. Service-related Announcements The Company may, but is not obligated, to send you strictly service-related announcements or rare occasions when it is necessary to do so. For example, if our service is temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of these communications since they are not promotional in nature. If you do not wish to receive them, you may have the option to deactivate your account. Research We also collect data for research purposes and to provide anonymous reporting for internal and external clients. The Company uses the data collected for its own internal marketing and demographic studies to improve customer service and product offerings. Customer Service We will communicate with you in response to your inquiries, to provide the products and services you request, and to manage your account. We will communicate with you by e-mail, live chat or telephone, in accordance with your wishes. Preferences The Company stores data that it collects through cookies, log files, and third party sources to create a profile of your preferences, in order to improve the content of the Company’s web site for you. Service Providers The Company discloses the data collected to external service providers necessary to facilitate the following outsourced operations: address verification, fraud screening and order shipping. Third Parties We may transfer your personal data to the following categories of recipients: -other users of our products and services where this is necessary to perform our agreements with you; -other members of the Group; -agents, contractors, advisors or third parties who provide administrative, telecommunications, computer, payment, debt collection, data processing, legal or other services to surrbox.com; -financial institutions, payment service providers (such as banks, payment institutions or electronic money institutions) as well as card organizations (such as VISA or MasterCard) which in connection with our payment services; -persons and institutions that are allowed to request your personal data under applicable laws and regulations through a court order, subpoena or other legal process, such as supervisory bodies, regulators or law enforcement bodies; -other parties as notified to you at the time of collection. we is an international company. If personal data is transferred from European Union outside European Economic Area, we make sure that adequate level of personal data protection is assured, for example by signing standard contractual clauses for transfer of data. . Links to Other Web Sites Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies. Storage and Security of Personal data Storage We will store your personal data for as long as we have lawful grounds to do so. Specific retention periods depend on the purpose and legal base of processing, for example: – personal data required to provide services, for the time of providing such services and after that, for the time required by legal provisions (e.g. on accountancy) or to handle possible claims – personal data that must have been collected for anti-money laundering legislation requirements, including for identification, screening and reporting, as a rule for 5 years after the termination of our relationship, unless we are required to retain this information for the purposes of court or administrative proceedings, or 8 years to handle possible claims – personal data processed on the basis of your consent, as a rule until such consent is withdrawn – personal data processed on the basis of a legitimate interest, as a rule until you file an effective objection. Security The Company protects the privacy and integrity of the data it collects by employing appropriate administrative protocols, technical safeguards, and physical security controls designed to limit access, detect and prevent the unauthorized access, improper disclosure, alteration, or destruction of the data under its control. The Company transmits the data used by its external service providers for the specific outsourced operations listed above across public and private networks via recognized encryption technologies, such as by using Secure Sockets layer (SSL) software, which encrypts the data you input. Although the Company follows the procedures set forth above to protect the Personal data submitted to the Company, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Thus, while the Company strives to use commercially acceptable means to protect your Personal data, the Company cannot guarantee its absolute security. If you have any questions about the Company’s security on the its web sites, please feel free to send us an e-mail at service@surrbox.com. Internet Fraud The Company has a ZERO TOLERANCE policy for Internet fraud or any attempt to access or acquire customer or other information on its web sites via illegal or surreptitious means. The Company works with local, national, and international fraud investigation agencies and employs a variety of electronic and other means to discourage, detect, and intercept fraudulent activities. The Company aggressively prosecutes, to the fullest extent of the law, those perpetrators apprehended conducting fraudulent activities on its web site. Children The Company’s sites are not intended for or directed to persons under the age of 18. The Company does not buy or sell products or services or to children. Any person who provides their information to the Company through the Company’s web sites represents to the Company that they are 18 years of age or older. Changes to this Statement The Company will time-to-time update this Privacy Policy, each time revising the last updated date at the top of the Privacy Policy and indicate the nature of the revisions within the statement. The Company will notify customers of material changes to this statement by placing prominent notice on the its web site. Contact Information You may contact the Company by e-mail at: service@surrbox.com.