Menu
Menu
Your Cart
Notification Module
This is the sticky Notification module. You can use it for any sticky messages such as cookie notices or special promotions, etc.
Cart0 item(s) - 0.00zł 0

  • Your shopping cart is empty!

Privacy Policy

PRIVACY POLICY

I. Personal Data Controller

  1. The Controller of personal data within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR) is PT ATASK TEKNOLOGI INTERNASIONAL, Ruko Golf Island L 16, PIK, Jakarta – NPWP/NIP: 62.626.896.5-047.000.

  2. Contact email address of the Data Controller: biuro@epickicks.net.

  3. In accordance with Article 32(1) GDPR, the Controller adheres to the principles of personal data protection and applies appropriate technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data processed in connection with its business activities.

  4. Providing personal data by the Client is voluntary, however it is necessary for the conclusion of a contract with the Data Controller.

  5. The Data Controller processes personal data to the extent necessary for the performance of a contract or the provision of services to the data subject.

II. Purpose and Legal Basis for Processing Personal Data

The Controller processes personal data for the following purposes:
a. preparing commercial offers in response to customer inquiries, which constitutes the Controller’s legitimate interest (Art. 6(1)(f) GDPR);
b. conclusion and performance of sales contracts with Clients, based on a contract (Art. 6(1)(b) GDPR);
c. provision of electronic services through the Online Store, based on a contract (Art. 6(1)(b) GDPR);
d. handling complaints, based on the Controller’s legal obligations (Art. 6(1)(c) GDPR);
e. accounting obligations related to issuing and receiving settlement documents, based on tax law (Art. 6(1)(c) GDPR);
f. archiving data for the purpose of establishing, pursuing, or defending claims, or for the need to demonstrate facts, which constitutes the Controller’s legitimate interest (Art. 6(1)(f) GDPR);
g. contacting customers by telephone or email, in particular in response to inquiries, which constitutes the Controller’s legitimate interest (Art. 6(1)(f) GDPR);
h. sending technical information regarding the functioning of the Online Store and services used by the Client, which constitutes the Controller’s legitimate interest (Art. 6(1)(f) GDPR);
i. marketing of the Controller’s own products, which constitutes its legitimate interest (Art. 6(1)(f) GDPR), or based on prior consent (Art. 6(1)(a) GDPR).

III. Data Recipients. Transfer of Data to Third Countries

  1. Recipients of personal data processed by the Controller may include entities cooperating with the Controller where necessary to perform a contract concluded with the data subject.

  2. Recipients may also include subcontractors – entities used by the Controller in processing data, such as accounting offices, law firms, or IT service providers (including hosting services).

  3. The Controller may be required to disclose personal data based on applicable legal provisions, in particular to competent public authorities or state institutions.

  4. Personal data will not be transferred to entities established outside the European Economic Area (EEA).

IV. Storage Period of Personal Data

The Data Controller stores personal data for the duration of the contract with the data subject, and after its termination, for purposes related to pursuing claims arising from the contract, fulfilling legal obligations, but no longer than the limitation period under the Civil Code.

  • Data on settlement documents is stored for the period specified by the VAT Act and the Accounting Act.

  • Data processed for marketing purposes is stored for 10 years, but not beyond the moment of withdrawal of consent or objection to processing.

  • Data processed for other purposes is stored for 3 years, unless consent has been withdrawn earlier and processing cannot continue on another legal basis.

V. Rights of the Data Subject

Each data subject has the right to:

  • Access – obtain confirmation whether personal data concerning them is processed, and if so, access to such data along with information about the purposes of processing, categories of data, recipients, storage period, and rights (Art. 15 GDPR).

  • Receive a copy of the data – the first copy is free of charge; subsequent copies may be subject to a reasonable administrative fee (Art. 15(3) GDPR).

  • Rectification – request correction of inaccurate personal data or completion of incomplete data (Art. 16 GDPR).

  • Erasure – request deletion of personal data if there is no longer a legal basis for processing, or the data is no longer necessary (Art. 17 GDPR).

  • Restriction of processing – request restriction of processing in cases set out in Art. 18 GDPR, e.g.:

    • when the accuracy of the data is contested,

    • when processing is unlawful but deletion is opposed,

    • when the Controller no longer needs the data but the data subject requires it for claims,

    • when an objection to processing has been lodged – until it is determined whether the Controller’s legitimate grounds override the data subject’s.

  • Data portability – receive their personal data in a structured, commonly used, machine-readable format and request transfer to another controller, if processing is based on consent or contract and carried out by automated means (Art. 20 GDPR).

  • Objection – object to processing of personal data based on the Controller’s legitimate interests, including profiling, for reasons related to their particular situation (Art. 21 GDPR).

To exercise the above rights, the data subject should contact the Controller using the provided contact details and indicate which right they wish to exercise.

The data subject has the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (PUODO) in Warsaw.

VI. Profiling

Personal data obtained by the Controller shall not be processed in an automated manner, including profiling.