Privacy Policy of the HomeNeo.eu Website

1. This document constitutes an annex to the Terms and Conditions. By using our services, you entrust us with your information. This Privacy Policy serves only to assist you in understanding what information and data are collected and for what purposes we use them. This data is very important to us, so please read this document carefully, as it defines the principles and methods of processing and protecting personal data. This document also defines the principles of using cookies.

2. We hereby declare that we comply with the principles of personal data protection and all legal regulations provided for in the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

3. Any person whose personal data is processed has the right to contact us to obtain comprehensive information on how we use their personal data. We always strive to provide clear information about the data we collect, how we use it, the purposes for which it is to be used, and to whom it is transferred. We also provide information about the protection we provide for this data when transferred to other entities. We also provide information about the institutions you should contact in case of any doubts.

4. The Website uses technical measures such as: physical protection measures for personal data, hardware measures for IT and telecommunications infrastructure, security measures within software tools and databases, and organizational measures to ensure adequate protection of processed personal data. In particular, they protect personal data against unauthorized disclosure to third parties, unauthorized acquisition and use for unknown purposes, as well as accidental or intentional alteration, loss, damage, or destruction of such data.

5. Under the terms set forth in the Terms and Conditions and in this document, we have exclusive access to the data. Access to personal data may also be entrusted to other entities through which payments are made, which collect, process, and store personal data in accordance with their Terms and Conditions, and entities tasked with fulfilling orders. Access to personal data is granted to the above-mentioned entities to the extent necessary and only to the extent necessary to ensure the provision of services.

6. Personal data is processed only for the purposes for which you have consented by clicking on the appropriate fields in the form provided on the Website or in another explicit manner. The legal basis for the processing of your personal data is consent to data processing or a requirement to provide a service (e.g., ordering a product or service), pursuant to Article 6(1)(a) and (b) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – GDPR.

1. We take privacy seriously. We are committed to respecting privacy and ensuring the fullest possible and guaranteed convenience in using our services.

2. We value the trust that Users place in us by entrusting us with their personal data to fulfill orders. We always use personal data fairly and in a way that does not violate this trust, only to the extent necessary to fulfill the order, including its processing.

3. Users have the right to obtain clear and complete information about how we use their personal data and the purposes for which it is required. We always clearly inform them about the data we collect, how and to whom we transfer it, and provide information about the entities to contact in case of doubts, questions, or comments.

4. If you have any concerns regarding our use of your personal data, we will promptly take steps to clarify such concerns and answer all related questions fully and exhaustively.

5. We will take all reasonable steps to protect User data against improper and uncontrolled use and to secure it comprehensively.

6. The details of the Data Controller for your personal data can be found in the "Contact" section of the website.

7. The legal basis for processing your personal data is Article 6(1)(b) of the GDPR. Providing data is not mandatory, but necessary to take appropriate steps prior to entering into a contract and its implementation. We will transfer your personal data to other recipients entrusted with the processing of personal data on our behalf and for our benefit. Your data will be transferred pursuant to Article 6(1)(f) of the GDPR, where the legitimate interest is the proper performance of contracts/orders. We will also share your personal data with other business partners. We store the collected personal data within the European Economic Area ("EEA"), but it may also be transferred to a country outside of this area and processed there. Each transfer of personal data is carried out in accordance with applicable law. If data is transferred outside the EEA, we use standard contractual clauses and the Privacy Shield as safeguards in relation to countries for which the European Commission has not determined an adequate level of data protection.

8. Your personal data related to the conclusion and performance of a contract will be processed for the duration of the contract, as well as for a period no longer than required by law, including the provisions of the Civil Code and the Accounting Act, i.e., no longer than 10 years from the end of the calendar year in which the last contract was executed.

9. Your personal data processed for the conclusion and performance of future contracts will be processed until you object.

10. You have the right to: access your personal data and receive a copy of the personal data being processed; rectify inaccurate data; request erasure of data (the right to be forgotten) in the circumstances specified in Article 17 of the GDPR; request restriction of data processing in the cases specified in Article 18 of the GDPR; object to data processing in the cases specified in Article 21 of the GDPR; the portability of data provided, processed by automated means.

11. If you believe that your personal data is being processed unlawfully, you may lodge a complaint with the supervisory authority (Urząd Ochrony Danych Osobowych, ul. Stawki 2, Warsaw). If you require additional information regarding personal data protection or wish to exercise your rights, please contact us by mail at the correspondence address.

12. We make every effort to protect against unauthorized access, unauthorized modification, disclosure, and destruction of the information in our possession. In particular:

• We monitor the methods of collecting, storing, and processing information, including physical security measures, to protect against unauthorized system access. We grant access to personal data only to employees, contractors, and representatives who need it.
• Furthermore, they are contractually obligated to maintain strict confidentiality, to allow us to monitor and verify their compliance with their obligations, and may face consequences if they fail to meet these obligations.

13. We will comply with all applicable data protection laws and regulations and cooperate with data protection authorities and authorized law enforcement agencies. In the absence of data protection regulations, we will act in accordance with generally accepted data protection principles, principles of social coexistence, and established customs.

14. The detailed method of personal data protection is set out in the personal data protection policy (DPA: security policy, personal data protection regulations, IT system management instructions). For security reasons, due to the procedures described therein, it is available only to state inspection authorities.

15. If you have any questions about how we handle personal data, please contact us via the website from which you were redirected to this Privacy Policy. Your contact request will be immediately forwarded to the appropriate designated person.

16. You always have the right to notify us if:

• you no longer wish to receive information or communications from us in any form;
• you wish to receive a copy of your personal data held by us;
• you wish to correct, update, or delete your personal data held in our records;
• you wish to report violations, improper use, or processing of your personal data.

17. To help us respond to your information, please provide your name and other relevant details.

1. We process the necessary personal data to provide services and for accounting purposes only, i.e.:

• to place an order,
• to conclude a contract, handle complaints and withdrawals,
• to issue a VAT invoice or other receipt.
• monitoring traffic on our websites;
• collecting anonymous statistics to determine how users use our website;
• determining the number of anonymous users of our websites;
• monitoring how often selected content is displayed to users and what content is most frequently displayed;
• monitoring how often users select a given service or which service is most frequently contacted;
• analyzing newsletter subscriptions and contact options;
• using a personalized recommendation system for e-commerce;
• using a communication tool for both email and, subsequently, telephone;
• integration with social media;
• possibly making online payments.

2. We collect, process, and store the following user data:

• name and surname,
• home address,
• delivery address (if different from home address),
• tax identification number (NIP),
• e-mail address,
• telephone number (mobile, landline),
• date of birth,
• PESEL number,
• information about the web browser used,
• other personal data voluntarily provided to us.

3. Providing the above data is completely voluntary but also necessary for the full provision of services.

4. Purpose of data collection and processing or use:

• direct marketing, archival purposes of advertising campaigns;
• fulfillment of obligations imposed by law by collecting information about undesirable activities;

5. We may transfer personal data to servers located outside your country of residence or to affiliated entities, third parties based in other countries, including countries within the EEA (European Economic Area, EEA – a free trade area and the Common Market, encompassing the European Union and the European Free Trade Association (EFTA)), for the purpose of processing personal data by such entities on our behalf in accordance with the provisions of this Privacy Policy and applicable laws, customs, and data protection regulations.

6. We store your personal data for no longer than necessary to ensure the proper quality of service. Depending on the method and purpose of collection, we store it for the duration of the service and after its termination for the following purposes:

• fulfillment of obligations arising from legal, tax, and accounting regulations;
• prevention of fraud or crime;
• statistical and archiving purposes.
• Marketing activities – for the duration of the contract; unless you provide separate consent to the processing of such data – until the transaction is completed, you object to such processing, or you withdraw your consent.
• Sales-related and promotional activities – e.g., contests, promotional campaigns – for the duration and settlement of such campaigns.
• Operational activities – until the statute of limitations for the obligations imposed by the GDPR and relevant national laws expire, in order to demonstrate the reliability of personal data processing.
• Pursuing any claims related to the completed contract;

7. Bearing in mind that many countries to which this personal data is transferred do not have the same level of legal protection for personal data as that in force in the user's country. For example, courts, law enforcement authorities, and national security authorities may have access to your personal data stored in another country in accordance with the laws of that country. Subject to lawful requests for disclosure, we undertake to require entities processing personal data outside your country to take measures to protect your data in a manner adequate to the provisions of their national law.

1. We automatically collect information contained in cookies to collect User data. Cookies are small pieces of text that are sent to the User's browser and sent back upon subsequent visits to the website. They are primarily used to maintain a session, for example, by generating and returning a temporary identifier after logging in. We use "session" cookies, which are stored on the User's end device until they log out, exit the website, or close the web browser. We also use "persistent" cookies, which are stored on the User's end device for the period specified in the cookie parameters or until they are deleted by the User.

2. Cookies customize and optimize the website and its offerings to meet Users' needs through activities such as generating page view statistics and ensuring security. Cookies are also necessary to maintain a session after leaving the website.

3. The Administrator processes the data contained in cookies each time visitors visit the website for the following purposes:

• optimizing the use of the website;
• identifying Service Users as currently logged in;
• adapting graphics, selection options, and any other website content to the Service User's individual preferences;
• remembering data entered automatically and manually from Order Forms or login details provided by the visitor;
• collecting and analyzing anonymous statistics showing how the website is used in the administration panel and Google Analytics;
• creating remarketing lists based on information about preferences, behavior, use of the website, and interests; and collecting demographic data, and then sharing these lists in AdWords and Facebook Ads;
• creating data segments based on demographic information, interests, and preferences in the selection of viewed products/services;
• using demographic and interest data in Analytics reports.

4. Users may completely block and delete the collection of Cookies at any time using their web browser.

5. Blocking the ability to store cookies on your device may hinder or prevent the use of certain website features, which you are fully authorized to do, but must be aware of the functional limitations.

6. Users who do not wish to use cookies for the purposes described above may manually delete them at any time. For detailed instructions, please visit the website of the manufacturer of the web browser you are currently using.

7. More information about cookies is available in the help menu of each web browser. Examples of web browsers that support these cookies:

• Internet Explorer Cookie Settings
• Chrome Cookie Settings
• Firefox Cookie Settings
• Opera Cookie Settings
• Safari Cookie Settings
• Android Cookie Settings
• Blackberry Cookie Settings
• iOS Cookie Settings (Safari)
• Windows Phone Cookie Settings

1. We have the right, and in cases specified by law, also the statutory obligation, to provide selected or all information regarding personal data to public authorities or third parties who submit such a request for information based on applicable Polish law.

2. Users have the right to access the content of their personal data provided, may correct and supplement this data at any time, and also have the right to request that it be deleted from their databases or that processing cease, without providing any reason. To exercise their rights, Users may at any time send an appropriate message to the email address or in another manner that will deliver/transmit such a request.

3. The processing of personal data of individuals who are our customers is based on:

• legitimate interests as a data controller (e.g., in the creation of a database, analytical and profiling activities, including activities related to product usage analysis, direct marketing of our own products, securing documentation for the defense against potential claims or for the pursuit of claims),
• consent (including, in particular, consent to email marketing or telemarketing),
• performance of a concluded contract,
• obligations arising from law (e.g., tax law or accounting regulations).

4. The processing of personal data of individuals who are potential customers is based on:

• legitimate interests of the data controller (e.g., in the creation of a database, direct marketing of our own products),
• consent (including, in particular, consent to email marketing or telemarketing).

5. A request from the User to delete personal data or to cease processing it may result in the complete impossibility of providing the services or their serious limitation.

6. We attach particular importance to profiling and point out that:

• For profiling purposes, we generally process data that was previously SSL-encrypted;
• We use typical data for this purpose: email and IP addresses or cookies.
• We profile to analyze or predict the personal preferences and interests of users of our Websites or products or services and to tailor the content on our Websites or products to these preferences.
• We profile for marketing purposes, i.e., to tailor marketing offers to the aforementioned preferences.

7. We commit to complying with applicable laws and principles of social coexistence.

8. Information on out-of-court consumer dispute resolution. The authorized entity within the meaning of the Act on Out-of-Court Consumer Dispute Resolution is the Financial Ombudsman, whose website address is: www.rf.gov.pl.

1. Every user should take care of their own data security and the security of their devices used to access the internet. Such devices must be equipped with antivirus software with a regularly updated database of definitions, types, and strains of viruses, a secure version of the web browser they use, and an enabled firewall. Users should ensure that their operating system and programs have the latest and compatible updates, as attacks often exploit bugs detected in installed software.

2. Access data to services offered online—e.g., logins, passwords, PINs, electronic certificates, etc.—should be secured in a place that is inaccessible to others and impossible to hack from the internet. They should not be disclosed or stored on the device in a form that allows unauthorized access and reading by unauthorized persons.

3. Be cautious when opening strange attachments or links in emails that you weren't expecting, for example, from unknown senders or from your spam folder.

4. It is recommended to enable anti-phishing filters in your web browser, i.e., tools that check whether the displayed website is authentic and not intended to scam you, for example, by impersonating a person or institution.

5. Files should only be downloaded from trusted sites, services, and websites. We do not recommend installing software from unverified sources, especially from unknown publishers with unverified reputations. This also applies to mobile devices, such as smartphones and tablets.

6. When using your home Wi-Fi network, set a password that is secure and difficult to crack. It should not be any pattern or string of characters that are easy to guess (e.g., street name, host's name, birthday, etc.). It is also recommended to use the highest possible Wi-Fi wireless network encryption standards that can be run on your equipment, e.g. WPA2.