We adhere to our policies.

Privacy policy

Privacy Policy - Headwear Professionals

1
General provisions

  1. This Privacy Policy explains how we collect and use personal data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR).
  2. We describe the purpose and basis for processing your personal data, as well as your rights in relation to our processing of your data.
  3. Personal data is any information that can identify you, i.e. your name, telephone number, email address and delivery address for purchases.
  4. The administrator of your personal data is Headwear PL Sp. z o.o. Sp. j., ul. Słoneczna 4, 06-100 Pułtusk, which operates the online store headwear.com.pl at www.headwear.com.pl.
  5. We collect personal data to the minimum extent possible. When collecting this data, we strive to ensure that it is accurate and up to date. If the personal data collected is no longer necessary for a given purpose and there is no legal obligation to store it, we endeavour to delete, destroy or permanently prevent its association with a specific individual, where possible.

2
What personal information do we collect?

We collect the following types of personal data directly from you:

    • Via the contact form (in the "Contact" or "Enquire about a product" tab) : name and surname, e-mail address, telephone number. We use them solely for the purpose of contacting you and responding to your enquiry.
    • Through the registration form : name and surname, e-mail address, telephone number, IP address, as well as address details for the delivery of goods (recipient's name, street, house number, flat number, postcode, town, country). This data is necessary to create an account and process your orders, as well as for sales records.
    • Through the newsletter subscription form : e-mail address. The data obtained in this way is used only for the purpose of sending commercial information (e.g. about new products or promotional campaigns).
    • Through the shopping basket (placing an order/reservation) : name and surname; e-mail address, telephone number and delivery address (recipient's name, street, house number, flat number, postcode, town, country), solely in connection with the conclusion of a purchase agreement with our shop. In this case, personal data is processed solely for the purpose of fulfilling the order/reservation and only to the extent necessary for the proper performance of the contract of sale of goods.

3
What are your rights under the GDPR?

In connection with the processing of your personal data by Headwear Professionals, you have a number of rights under "GDPR", in particular:

  1. Right of access – in accordance with this right, you have the right to obtain confirmation as to whether your data is actually being processed by the Shop. If the data is actually being processed, you have the right to obtain the following information from us:
    • the purpose for which personal data is processed (e.g. performance of a contract, etc.),
    • categories of personal data that are subject to processing (e.g. first name, surname, address details);
    • information about recipients or categories of recipients to whom personal data have been or will be disclosed, in particular recipients who are located outside the EU (so-called third countries);
    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    • information about your rights, i.e. the right to request the controller to rectify, erase or restrict the processing of data and to object to such processing (provided, of course, that these specific rights apply in a given case);
    • information on the right to lodge a complaint with a supervisory authority;
    • information about automated decision-making, including profiling, and relevant information about the rules for making such decisions, as well as the significance and anticipated consequences of such processing for the data subject.
  2. The right to erasure, known as the "right to be forgotten" – you have the right to request the Shop to immediately delete your personal data if one of the following circumstances applies:
    • personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    • you withdraw your consent on which the processing was based and there is no other legal basis for the processing;
    • you object to the processing and there are no overriding legitimate grounds for the processing. At that point, your personal data will be deleted from our records;
    • personal data has been processed unlawfully;
    • the deletion of personal data is required to comply with a legal obligation.
  3. Right to restriction of processing – if such a request is made, the processing of personal data will be limited to storage only in the following cases:
    • you dispute the accuracy of your personal data – for a period enabling the controller to verify the accuracy of the data;
    • the processing is unlawful and you request the restriction of the use of personal data instead of its deletion;
    • the controller no longer needs the personal data for the purposes for which it was processed, but the data subject needs it to establish, exercise or defend legal claims;
    • you have objected to the processing, which will be effective once it has been clarified whether the objection is justified.
  4. Right to rectification – You have the right to request that we immediately rectify any inaccurate personal data concerning you. In addition, taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed.
  5. Right to lodge a complaint – You also have the right to lodge a complaint with the competent supervisory authority responsible for data protection. The competent supervisory authority in Poland is the Personal Data Protection Office. Headwear Professionals, as the data controller, is responsible for the implementation of these rights in accordance with applicable law. If you have any questions or requests regarding the scope and exercise of your rights, or if you need to exercise a specific right in relation to the protection of personal data, please contact us at contact the Data Protection Officer at hpl@headwear.com.pl

4
Scope of data processing

We only process personal data when:

    • You are requested to consent to the processing of your data for the specified purpose (Article 6(1)(a) of the GDPR), e.g. to respond to your enquiry.
    • processing is necessary for the performance of obligations towards you (Article 6(1)(b) of the GDPR), if you are or will be a party to a contract in connection with the purchase of goods in our shop and the taking of action at the request of the data subject.
    • processing is necessary for compliance with a legal obligation or is expressly required by law (Article 6(1)(c) of the GDPR), e.g. when it is necessary to disclose personal data to state authorities and to keep tax records.
    • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by your fundamental rights and freedoms (Article 6(1)(f) of the GDPR), e.g. pursuing or defending claims that may be raised by the controller or against the controller, and, inter alia, for statistical purposes (including data analysis and profiling).

5
Sharing personal data

  1. Headwear Professionals only shares your personal data with entities and organisations that protect it and comply with applicable data protection laws.
  2. Personal data is only collected when you provide it to us yourself, e.g. by filling in a form or sending an e-mail, when ordering goods or services or making enquiries.
  3. Your data may be transferred to the following recipients:
    • postal operators, couriers and suppliers, where necessary to deliver goods to you;
    • entities providing advisory and auditing services;
    • marketing agencies, if we obtain your consent to use your data for sending commercial information or other marketing communications, or if it is permissible on the basis of the legitimate interest of the controller;
    • entities handling electronic payments or payment cards to the extent necessary to process payments made by the Customer;
    • service providers supplying the administrator with technical and IT solutions enabling the operation of the online shop and the services provided through it (in particular, computer software providers, e-mail and hosting providers);
    • data may also be transferred to entities or institutions authorised to obtain it under applicable law, e.g. law enforcement authorities if they request access to the data on an appropriate legal basis (e.g. for the purposes of ongoing criminal proceedings);
    • other entities, if this results from arrangements made with you.

The entities listed above do not decide independently how to process your personal data. They process personal data only to the extent necessary for the controller to conduct its business and will not exceed the scope of the purposes specified in § 4. Headwear Professionals enters into entrustment agreements with the above-mentioned service providers in order to protect your privacy. In principle, these service providers may process data as processors and only have access to user data to the extent and for the period necessary to perform a specific service.

As part of its Privacy Policy, Headwear Professionals undertakes not to sell Customers' personal data.

6
Automated decision-making and profiling

  1. Your personal data is processed automatically and may be profiled.
  2. You may object to profiling at any time. However, please note that profiling allows us to better tailor search results and advertisements to your preferences.
  3. From the moment the objection is lodged, we are no longer allowed to process this personal data, unless we can demonstrate the existence of valid legal grounds for processing that override the interests, rights and freedoms of the data subject, or grounds for establishing, pursuing or defending claims.

7
Transfer to third countries

  1. If we transfer personal data to recipients outside the European Economic Area (EEA), this only takes place if the European Commission has confirmed an adequate level of data protection for that third country.

8
Protection of personal data

  1. Headwear Professionals uses technical and organisational measures to ensure that personal data is processed in a manner appropriate to the risks and categories of data, and in particular secures personal data.
  2. Access to personal data is restricted to persons authorised to process it and obliged to keep it confidential. All entities entrusted with the processing of personal data on the basis of a contract are obliged to protect it using appropriate security measures and will be obliged not to disclose your data without our consent and knowledge.

9
Storage period

The period for which your personal data is processed depends on the purpose for which it is processed.

  1. Order fulfilment: To the extent that your personal data is processed for the purpose of order fulfilment, we will process it for the duration of the contract relating to the transaction, but we may extend this period by the limitation period for your claims if the processing of this data is necessary to establish or pursue claims and to defend against such claims.
  2. Collecting customer registration dataUntil you expressly request the deletion of your customer account, this data will be processed by our Shop in a limited manner, which boils down to merely storing this data. This data will be stored solely for the purposes of other purchase agreements for products that you may conclude via our online platform.
  3. Storage of documentation for the purpose of demonstrating compliance with legal obligations, in particular the Accounting Act and the Tax Ordinance Act.: The period specified in the relevant legal provisions – as a rule, these are 5-year periods, counted from the end of the calendar year in which, for example, the invoice was issued.
  4. Investigation or defence of claims that may be raised by the administrator or that may be raised against the administrator: The data is stored for the duration of the legitimate interest pursued by the controller, but no longer than the limitation period for claims against the data subject in relation to the controller's business activities. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for sales contracts two years).
  5. Contact form: Until consent is withdrawn
  6. Statistical activities (including data analysis and profiling): Until an objection is lodged

10
Final provisions

  1. If you have any questions, reservations or doubts regarding the content of this Privacy Policy or the manner in which we process personal data, as well as complaints regarding these issues, please send an e-mail to the address specified in § 3 of this Policy.
  2. We encourage you to contact the controller before filing a complaint in order to resolve any issues related to your personal data as quickly and conveniently as possible, and, if possible, to clarify any doubts or resolve the problem in this way.
  3. For our part, we thank you for your trust and will make every effort to ensure that your data is secure and that our processing of it complies with applicable law.
  4. Headwear Professionals reserves the right to make necessary changes and updates to this Privacy Policy by publishing new content on our website. Once a change has been made, the Privacy Policy will be published on the website with a new date.
Up