Privacy & Cookies Policy

We pay great attention to protecting Personal Data and complying with the law when it collects, Processes and uses such data. We want you to feel safe when you visit our Website and that is why we are providing you with this Privacy and Cookies Policy. Here you can find out about our data collection and use of data policy.

This Privacy and Cookies Policy sets forth our current privacy practices with regard to the information we collect when you interact with our Website. 

1. Definitions

“Applicable laws” means all the laws and regulations relevant to the collection, processing and storage of data, especially all data protection laws, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).

“CentralNic Poland sp. z o.o.” or “We”, “Us” means CentralNic Poland sp. z o.o., with a registered office at ul. Lubicz 17G, 31-503 Kraków, Poland incorporated under the laws of Poland and registered in the companies register of the National Court Register held by District Court Krakow – Srodmiescie in Cracow XI Commercial Division (Sąd Rejonowy dla Krakowa – Śródmieścia w Krakowie XI Wydział Gospodarczy) under (KRS) no. 0000830352, having EU VAT ID: PL5272922087 and the share capital in the amount of 5 000 PLN.

“Cookies” means small text files stored in a web browser by a website or by an ad server. By storing certain information in a cookie, those web browsers, websites and ad servers are able to remember your preferences and recognize websites visited and/or web browsers used from one visit to another.

“Log Data” means information that is automatically reported by the browser each time you access the Website and which is sent by your web browser and then automatically recorded by our servers. Log Data may include information such as your browser type, web requests, domain names or pages viewed.

“Personal Data” or “Personal Information” or “Data” means any information relating to an identified or identifiable person as defined in Article 4.1 of the GDPR.  

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (“Process”, “Processes” and “Processed” shall have the same meaning). 

“Website” – site at the following address: commerce-review.com.

“User”, “You” or “Your” – the visitor of the Website.

2. Introduction

This Privacy and Cookies Policy applies to the processing of your Personal Information carried out by us when you use the Website. 

The data controller of your Personal Information is CentralNic Poland sp. z o.o.

When you visit the Website we collect information about you through the usage of Cookies and Log Data.

3. Purposes of Personal Data processing
   1. Remarketing, retargeting and advertising services 

Your Data is collected through the Website and processed by us for performing our services for clients and business partners e.g. remarketing and retargeting of their services and products. 

The processing of the Personal Data is based on your voluntary consent (article 6.1 (a) of the GDPR) that you can withdraw at any time without reason by changing your privacy preferences or contacting us (see Section 13). However, the withdrawal of that consent does not affect the compliance of the processing which was priorly made on its basis.

1. Performing analytics and adjusting the content of the Website

Your Data is also collected through the Website and processed by us for performing analytics and adjusting the content of the Website which is our legitimate interest (article 6.1 (f) of the GDPR). For that purpose, we only process your anonymous data. At any moment you can object against the processing of your Personal Data by contacting us (see Section 13) or changing your browser’s options.

4. Cookies, Log Data and similar technologies

When you interact with the Website, we collect information from your activities on the Website through the usage of Cookies, Log Data and other similar technologies.

By using those technologies we aim to use this information for the purpose of analytics and monitoring of the effectiveness of our performance, including the collection of the aggregate Website usage data (such as the overall number of the Website’s visitors or pages viewed).

The information mentioned above may include:

1. information about your interactions with the Website;
2. technical information about your device hardware and software that may include the types of devices you use in order to access the Website, device IDs or identifiers, device attributes, network connection type, browser type, language, internet service provider, access times, the files viewed in the Website.

Cookies. We may collect Personal Data from other sources, through the use of ”cookies”. A cookie is a small text file stored on your computer that contains information that helps the Website identify and track the visitor. Cookies do not contain viruses nor occupy space on the hard drive. 

We use two types of cookies: “session cookies” and cookies that are saved permanently on your device i.e. “persistent cookies”. Session cookies are never stored permanently on your computer and disappear when you close the session. When you visit the Website, the web server assigns your browser a unique identifier string so as not to confuse you with another visitor. The second type of cookies save file permanently on your device and this is used to track how visitors move around on the Website. This is only used to offer visitors better services and support. The text files can be deleted. The information stored on your device is only a unique number, without any connection to Personal Information.

To opt out of cookies, you can alter the settings on your internet browser to accept or reject the Website from using cookies. However, in some cases, this may affect the functionality of the Website.

We use a tracking software system to monitor your patterns and Website usage to help us develop the design and layout of the Website. Such software does not enable us to capture any of your Personal Data. Other types of software that would enable us to collect your Personal Data and share them with our clients and business partners are used only if you previously grant us your consent for such collecting and sharing.

Your Personal Data will not be shared, sold, rented or disclosed other than as described in this Privacy and Cookies Policy.

Google Analytics. Our Website uses those cookies that are small text information stored on your end device (e.g. tablet, smartphone) that can be read by Google LLC’s IT system (third-party cookies) in connection with our use of Google Analytics software. Google Analytics is an online tool for analyzing websites and mobile applications that automatically collects information about your use of the Website. We do not identify users with this software, and use of it is for statistical purposes only. Detailed information on how Google uses user data is available at: https://policies.google.com/technologies/partner-sites. 

We have activated IP anonymization. Your IP address is shortened before forwarding. Only in exceptional cases is the full IP address transferred to a Google LLC server in the United States and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is generally not combined with other Google LLC’s data. The legal basis for processing those Data by us is article 6.1 (f) of the GDPR, i.e. our legitimate interest consisting in conducting statistics and analysis of your operation on the Website.

Log Data. Using the Website involves sending queries to the server on which the Website is stored. Each query directed to the server is saved in the server’s logs. Logs include, among others, server date and time, information on the web browser and operating system used by you. Logs are saved and stored on the server. The data saved in the server logs is not associated with a specific person using the Website and is not used by us to identify you. Server logs are only additionally used to operate the Website, and their content is not disclosed to anyone except those authorized to operate the server.

5. The consent and the opt-out. 

During the first visit to the Website, the information on the use of cookies is displayed. You can set your privacy preferences there as well as you can prevent the recording of Personal Data collected by cookies regarding their use of the Website as well as the Processing of this Personal Data by installing the browser plug-in located at the following address: https://tools.google.com/dlpage/gaoptout. Details related to Personal Data processing within Google Analytics and explanations prepared by Google can be found at: https://support.google.com/analytics/answer/6004245.

Your browser may also offer tools to enable or disable cookies by modifying the settings in a browser. However, it should be noted that certain features of the Website may not work if some types of cookies are deleted or disabled. Some third parties may use cookies and other technologies. We recommend reading their privacy policies.

Some browsers provide helpful cookie guides:

Chrome:	https://support.google.com/chrome/bin/answer.py?hl=en&answer=95647&p=cpn_cookies
Firefox:	http://support.mozilla.org/en-US/kb/Cookies
Internet Explorer:	http://support.microsoft.com/kb/278835
Safari 5 for Mac:	https://support.apple.com/en-us/HT201265
Opera:	http://help.opera.com/Linux/10.50/en/cookies.html
Alternatively:	http://www.allaboutcookies.org provides advice on how to opt out as well as further information on cookies and how to manage them.

6. The User’s rights

You have the right to access your Personal Information and manage it by contacting us via email address: dpo.pl@centralnic.com.

You have the following rights provided by the Applicable laws:

1. The right to be informed 

We have published this Privacy and Cookies Policy to keep you informed of what we do with your Personal Information. 

2. The right of access 

You have the right to access your Personal Information and to request a copy of it.

3. The right to rectification

You have a right to rectify your Personal Information by contacting us through the use of the contact details provided above.

4. The right to erasure (“the right to be forgotten”) 

In some circumstances you have the right to erasure of your Personal Data without undue delay. Those circumstances include situations when: the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; your consent withdrawal to consent-based processing; the processing is for direct marketing purposes; and the Data has been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.

5. The right to restriction of processing 

In some circumstances you have the right to restrict the processing of your Personal Data. Those circumstances are the following: your contest of the accuracy of the Personal Data; processing is unlawful but you oppose erasure; We no longer need the Personal Data for the purposes of the processing, but you require Personal Data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your Personal Data. However we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

6. The right to Personal Data portability 

We must allow the User to obtain and reuse their Personal Data for their own purposes across services in a safe and secure way without it affecting the usability of the Users’ Personal Data. This right only applies to Personal Data that the User has provided to us as the Data Controller. The Personal Data must be held by us on the basis of your consent and the processing has to be carried out by automated means.

7. The right to object 

In certain circumstances, the User has the right to object to the processing of their Personal Data where, for example, their Personal Data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your Personal Data, or if the User’s Personal Data is being processed for direct marketing purposes.

8. The right to withdraw consent

If the User has given us consent to process their Personal Data, the User has the right to withdraw their consent at any time, and we have to stop processing the Data unless we have other legal grounds for processing the Personal Data. The withdrawal of consent does not affect the compliance of the processing which was made on its basis before the withdrawal of consent.

9. The right to complain to a Supervisory Authority 

The User has the right to lodge a complaint with the relevant Supervisory Authority in particular if they feel that we have not responded to requests to solve a problem regarding data protection. The competent authority for us is:

Bureau of the President of the Personal Data Protection Office (PUODO)

Address: Stawki 2, 00-193 Warszawa (Poland)

Telephone: (+48 22) 531 03 00

7. Security information

We follow strict procedures in the storage and disclosure of the Users’ Personal Data, and to protect it against accidental loss, destruction or damage. Only qualified and authorized employees are permitted to access Personal Data, and they may do so only for permitted business functions. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of the Users’ Personal Data. Our security procedures mean that we may request proof of your identity before disclosure of Personal Data to you. 

We also rely only on vendors who ensure an appropriate level of security of the User’s Personal Data. In this context, we use only secure cloud servers, including AWS cloud – a secure, private cloud platform. Amazon Web Services is our processor. AWS Amazon cloud platform uses various security technologies and procedures to protect personal data and is compliant with third-party assurance frameworks such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, PCI DSS Level 1, and SOC 1, SOC 2, and SOC 3. For more details please see AWS Amazon security and privacy policy at www.aws.amazon.com. 

The User should note to avoid sending Personal Data through insecure channels or networks. The User shall protect themselves against unauthorized access to their passwords and to their devices and under no circumstances share them with anyone.

8. International transfer of Data

We may transfer Personal Data to a country outside of the European Economic Area (EEA) based on a decision of the European Commission, stating that a third country may be considered as providing an adequate level of data protection or based on Standard Contractual Clauses approved by the European Commission. If the User is located in the EEA, the User may contact us if they require a copy of the safeguards which we have put in place to protect Personal Data transferred outside of the EEA and the User’s privacy rights in these circumstances. The User may also learn more about EU Commission Decision on standard contractual clauses for the transfer of Personal Data to processors established in third countries here https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914 and here https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. 

Please also note that your Personal Data is only shared and displayed to our clients and business partners on the basis of your voluntary consent.

9. Retention of your Information

We store the User’s Personal Information for a period of time required for the purposes for which it was collected using generally accepted security standards and in compliance with the Applicable laws. We will not retain the User’s Personal Information for longer than required.

In particular, we store Personal Information about the User through the period of use of the relevant cookies. Such a period is presented to you next to the consent button for using the specific cookies. 

The User’s Personal Data shall be processed for analytics purposes until the User objects to it. Where the User has consented to specific cookies, the User may withdraw their consent at any time by contacting us. In these circumstances, the User’s Personal Data will be processed until their withdrawal of the consent.

User’s and event data associated with cookies is stored by Google Analytics on servers for a period of 2 years. After the end of the period, stored data will be automatically deleted once a month.

When we no longer need your Personal Data, we will securely erase it. We will also consider if and how we can minimize over time the scope of Personal Data that we use, and if we can anonymize your Personal Data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.

10. Disclosures

We may disclose the User’s Personal Data only to the following trusted third parties:

1. Authorized third parties – we may share the Personal Data with parties directly authorized by the User to receive Personal Data, such as our clients and business parties. The use of Personal Data by an authorized third party is subject to the third party’s privacy policy. 
2. Service providers – we also engage third parties that support the operation of the Website (acting on our behalf) such as analytics providers or IT services providers:
   • Google Analytics; analytics (privacy policy: https://policies.google.com/privacy?hl=en-US);
   • Amazon Web Services, Inc. and its affiliates; hosting (privacy policy: https://aws.amazon.com/privacy/?nc1=f_pr).

11. Additional Notice for California residents

If you are a California resident special additional provisions of this section apply to you, in accordance with the Californian law which requires companies that operate websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected, how it is being used and those individuals or companies to whom it is being disclosed. 

The California Privacy Rights Act („CPRA”) is a privacy law which amends and strengthens consumer data privacy rights established initially by the California Consumer Privacy Act (“CCPA”) that was signed into law on June 28, 2018, and came into effect on January 1, 2020.

As the new law, CPRA takes effect from January 1, 2023 and this privacy policy provides for the rights of the Users extended by its provisions.

Please note that in matters not covered in this section, the remaining provisions of this Privacy and Cookies Policy shall apply. If you have any questions regarding this Section 11 Additional Notice for California End users including its content and scope of application you can contact us via email: dpo.pl@centralnic.com.

California residents’ rights	CPRA provides additional privacy protections for California data subjects including: Right to Access – We are required to also report all Personal Information we have shared with third parties and the third parties with whom we have shared the Personal Information.Right to Correction – You have the right to request your Personal Information to be changed if you discover that it is incorrect.Right to Delete – You can request to direct third-party suppliers, service providers or contractors to erase Personal Information that may have been sold or shared with them.Right to Data Portability – You have the right to request us to send certain pieces of Personal Information to another entity. This transmission, however, must be technically feasible for us.Right to limit the use of sensitive personal information (SPI) – You can request to limit the use of special categories of Personal Data, particularly when it comes to third-party sharing.Right to Opt-Out – You have the option to opt-out of having your Personal Information sold or shared with third parties, including for cross-context behavioural advertising.Right to know about automated decision-making – You can ask for information on how automated decision technologies work and their likely outcomes.Right to opt-out of automated decision-making – You can refuse to have your Personal Information used to make automated conclusions, such as profiling for targeted behavioural advertising.Right of Minors – We are obliged to notify minors if we intend to sell or share their personal information. „Non-discrimination” Right – You have a right not to be discriminated against for exercising any of your Data rights.To submit an access, correction, deletion, data portability as well as non-discrimination request please contact us via e-mail: dpo.pl@centralnic.com or using our contact data provided in Section 13 below. We shall make commercially reasonable efforts to fulfil your request within 45 days.  We do NOT collect User’s Sensitive Personal Information (SPI) hence the right to limit the use of SPI does not apply to you (please check the detailed information below in this section). We also do NOT collect any minors’ Personal Data and do not make automated decisions, therefore, the rights relating to the above activities also do not apply to the Users.  Your request must provide sufficient information that allows us to reasonably verify if you are the person about whom we collected Personal Information or an authorized representative. Therefore please describe your request with sufficient details that allow us to properly understand, evaluate, and respond to it. The disclosure of the required information shall cover the 12-month period preceding our receipt of your verifiable request, provided that you may also request that we disclose the required information beyond the 12-month period but we shall only be required to provide such information unless doing so proves impossible or would involve a disproportionate effort. Please note that if you wish to exercise your rights with any of our clients or business partners, you must make your request directly to them, based on information and procedures that they individually supply.
Categories of Personal Information	We may collect the following categories of Personal information about you:  information about your interactions with the Website;technical information about your device hardware and software that may include the types of devices you use in order to access the Website, device IDs or identifiers, device attributes, network connection type, browser type, language, internet service provider, access times, the files viewed in the Website. When you interact with our Website, we may also automatically collect information from your activities through the usage of Cookies, Log Data and similar technologies therein. Please note that we do NOT collect User’s Sensitive Personal Information (SPI) i.e.: social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, or union membership, consumer’s mail, email, and text messages that are not sent or received through the Website, genetic data, biometric information, information concerning a health, sex life or sexual orientation.
Purposes of use of Personal Information	We may use the categories of Personal Information listed above for the purposes of:  storing data for archiving or statistical purposes,performing advertising of our client’s and business partners’ products and services.
Business purposes of use of Personal Information	In addition, we may use the aforementioned categories of Personal Information for specific business purposes, as specified in the CPRA, in particular as described below: auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards;helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes;debugging to identify and repair errors that impair existing intended functionality;short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business;providing advertising and marketing services, except for cross-context behavioural advertising, to the consumer provided that, for the purpose of advertising and marketing, a service provider or contractor shall not combine the personal information of opted-out consumers that the service provider or contractor receives from, or on behalf of, the business with personal information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with consumers;undertaking internal research for technological development and demonstration;undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
Sale of Personal Information	Please note that we share Personal Information with our clients and business partners, as defined in Section 1798.140 of the Civil Code of California and amended by the CPRA, but only on the basis of your prior consent for such sharing.
Disclosure/Transferring of Personal Information for Business Purposes	If it is necessary to perform our business purposes we may transfer Personal Information, in a manner, however, that does not constitute “sell” or „share” under CPRA, for example to the parties we use to provide our services. Please remember that „sharing” according to CPRA means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s Personal Information by the business to a third party for cross-context behavioural advertising, whether or not for monetary or other valuable consideration, including transactions between a business and a third party for cross-context behavioural advertising for the benefit of a business in which no money is exchanged. Particularly, we may transfer your Personal Information with third parties or allow them to collect Personal Information from our Website if those third parties are authorized service providers or business partners who have agreed to our contractual limitations as to their retention, use, and disclosure of such Personal information, or if you use the Website to interact with third parties or direct us to disclose your Personal information to third parties. For detailed information concerning categories of third parties to whom we may transfer Users’ Personal Information please see section 10. Disclosures of this Privacy Policy.
Retention of Personal Data	To read the information on retention periods of relevant categories of your Personal Data please read Section 9 of this policy.

12. COPPA (Children Online Privacy Protection Act)

Protecting children’s privacy is very important to us. Our Website is not intended for, designed to be used by, or targeted at children as defined in Applicable laws. 

We are in compliance with the requirements of EU General Data Protection Regulation 2016/679, the California Privacy Rights Act (which amended the California Consumer Privacy Act) as well as COPPA (Children’s Online Privacy Protection Act) and we do not knowingly collect any Personal Information from anyone under the age of 13.

If you are a parent or a guardian who knows or has otherwise discovered that your child under the age of 13 has submitted their Personal Information, or other information, to us without your consent, permission or authorization, do not hesitate to contact us using the following email address: dpo.pl@centralnic.com. We will promptly remove your child’s Personal Information or other information from our system, cease the use of such Information and direct any third party with access to it to do the same.

13. General Provisions 

In case of any questions regarding this Privacy and Cookies Policy, the User may contact us using the address of the business seat of CentralNic Poland sp. z o.o.: ul. Lubicz 17G, 31-503 Kraków, Poland; or by email address: dpo.pl@centralnic.com.

We may change this Privacy and Cookies Policy from time to time by updating its provisions.