Privacy Policy

THE PROCESSING OF PERSONAL DATA AND COOKIES BY XPLX 

 

1. General Information 

a) This policy applies to the XPLX online store website, available at https://xplx.pl/
b) The operator of the store is XPLX Sp. z o.o., ul. Władysława Pytlasińskiego 16/13, 00-777 Warsaw, Poland, NIP: 5214097011, REGON: 54034372700000, KRS: 0001141784
c) The contact email address for the operator is: support@xplx.pl
d) The operator is the Data Controller for your personal data provided through the XPLX store website.
e) The store collects information about users and their behavior in the following ways:

  • By entering data in forms: creating a customer account, placing an order, and subscribing to the newsletter, which are then entered into the store's online system.

  • By saving cookies (so-called "cookies") on the user’s devices.


2. Selected Data Protection Methods Used by the Operator

a) Your login and personal data entry points are protected in transmission by an SSL certificate. This ensures that personal and login data entered on the site are encrypted on your computer or phone and can only be read by the target server.
b) Personal data stored in the database is encrypted so that only the operator with the key can read it. This ensures your data is protected in case of attempted database theft from the server.
c) The operator periodically changes administrative passwords.
d) To protect your data, the operator regularly performs backups.
Regular software updates are also crucial to ensuring the protection of personal data processing.

 

3. Hosting

The store is hosted (technically maintained) on servers provided by Shopify International Limited, located at Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. As part of these services, data may be transferred to Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada.
The email inbox is hosted on a server provided by Zoho Corporation, Estancia IT Park, Plot No. 140 & 151, GST Road, Vallancheri Village, Chengalpattu Taluk, Kanchipuram District 603 202, India.


4. Information About the Processing of Your Personal Data in the XPLX Store

a) The Data Controller of your personal data is XPLX Sp. z o.o., ul. Władysława Pytlasińskiego 16/13, 00-777 Warsaw, Poland; contact email for personal data inquiries: support@xplx.pl
b) The controller collects and processes your personal data provided on the website for the purposes outlined in point 4 (c) of this Privacy Policy, such as:

  • Full name,

  • Residential address,

  • Email address,

  • Phone number.
    c) Your data will be processed for the following purposes:

  • To conclude and perform the sales agreement and fulfill the parties' rights and obligations under Article 6(1)(b) and (c) of the GDPR,

  • To create a customer account on the online store, based on Article 6(1)(b) of the GDPR,

  • To send newsletters, based on Article 6(1)(a) of the GDPR (your voluntary consent). You can withdraw your consent at any time by sending an email to support@xplx.pl.
    d) Your data will be shared with: courier companies, banks, payment service providers, IT or legal service providers to the controller, and entities entitled to access personal data under applicable law.
    e) Your data will be stored (depending on the purpose of processing):

  • In the case of concluding and executing a sales contract – until the expiration of the retention periods for sales-related documents, i.e., for a period of 5 years, starting from the beginning of the year following the year the documents pertain to.

  • In the case of creating a customer account – until its closure,

  • In the case of sending newsletters – until you withdraw your consent.
    f) You have the right to access your data, correct it, delete it ("right to be forgotten"), restrict processing, transfer data, and object to its processing.
    To exercise these rights, you can submit a request by emailing the Data Controller at xplx.pl@outlook.pl
    g) You have the right to lodge a complaint with the supervisory authority responsible for personal data protection, the President of the Personal Data Protection Office.
    h) Processing your personal data is voluntary; however, failure to provide the data may prevent:

  • Conclusion of the sales agreement, including delivery of goods to the specified address,

  • Creation of a customer account,

  • Receipt of newsletters.

 

5. Information on the Processing of Your Data if You Are a User of the XPLX Fanpage on Social Media Platforms (Facebook, Instagram, TikTok):

a) The Data Controller of your personal data is XPLX Sp. z o.o., ul. Władysława Pytlasińskiego 16/13, 00-777 Warsaw, Poland, email: support@xplx.pl
b) Joint controllers of your data are:

  • On Facebook: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland

  • On Instagram: Meta Platforms, Inc. (company number C2711108), 1601 Willow Road, Menlo Park, California, 94025 USA

  • On TikTok: Beijing ByteDance Technology Co. Ltd, Room 10A Building 2 No. 48 Zhichun Road, Haidian District, Beijing, China

  • On Twitter: Twitter, Inc., Attn: Copyright Agent, 1355 Market Street, Suite 900, San Francisco, CA 94103 USA

  • On LinkedIn: LinkedIn Corporation, 880 W Maude Ave, Sunnyvale, California, CA 94085 USA

  • On Pinterest: Pinterest, Inc., 505 Brannan St, San Francisco, CA, USA

c) The contact point for data protection inquiries is: XPLX Sp. z o.o., ul. Władysława Pytlasińskiego 16/13, 00-777 Warsaw, Poland, email: support@xplx.pl
d) The controller collects and processes your personal data provided via the company’s fanpage for the purposes stated in point 5(e) of this Privacy Policy, such as:

  • Full name,

  • Email address.
    e) Your personal data will be processed based on Article 6(1)(f) of the GDPR for the following purposes:

  • Managing the fanpage on the mentioned social media platforms, including posting entries, photos, videos, and responding to comments,

  • Contacting you via the fanpage (including sending information and "likes"),

  • Managing "likes," events, and comments on the platform.
    f) Your data will be shared with:

  • IT or legal service providers,

  • Entities authorized to obtain personal data under applicable law.
    g) Personal data will be processed until the closure of the company’s fanpage on the platform.
    h) You have the right to access your data, rectify it, delete it, limit processing, transfer data, and object to its processing.
    i) Requests regarding the processing of personal data can be submitted by email to the Data Controller at support@xplx.pl
    j) You have the right to lodge a complaint with the supervisory authority responsible for personal data protection, which is the President of the Personal Data Protection Office.
    Processing your personal data is necessary for posting information, comments, and "likes" on the XPLX fanpage on social media platforms.

 

6. Information in Forms

a) The store collects information voluntarily provided by users in the client account registration form, product purchase form, and newsletter subscription form.
b) The store may record information about connection parameters (such as time, IP address).
c) In certain cases, the store may save information that helps link the form data with the user's email address. In such cases, the user's email address will appear within the URL of the form page.


7. Administrator Logs

User behavior on the store’s website may be logged. This data is used to administer the store.


8. Important Marketing Techniques

The operator uses statistical analysis of website traffic through Google Analytics, Google Ads Conversion Tag (Google Inc., USA), Facebook Pixel (Meta Platforms, Inc., USA), and TikTok Pixel (TikTok Information Technologies UK Limited, UK). The operator does not provide personal data to these service providers but only anonymized information. This service uses cookies on the user's device. Users can view and edit information resulting from cookies using the following tools:

 

9. Automated Decision-Making (Including Profiling)

Your personal data will not be used for profiling or automated decision-making.


10. Information About Cookies

a) The store uses cookies.
b) Cookies (so-called "cookies") are IT data, particularly text files, which are stored on the user's device and are used for browsing the store's website. Cookies usually contain the name of the website from which they come, the duration of their storage on the user's device, and a unique number.
c) The entity placing cookies on the user's device and accessing them is the store operator.
d) The cookies used:

  • Help to remember the contents of the shopping cart during the session,

  • Allow for the creation of anonymous website visit statistics,

  • Allow you to stay logged in to the store's website from any available subpage,

  • Notify you about the possibility of completing the order,

  • Secure your web session.

e) There are two main types of cookies used in the store:

  • Session cookies are temporary files stored on the user's device until they log out, leave the website, or close their browser.

  • Persistent cookies are stored on the user's device for a specified period or until the user deletes them.

f) Web browser software typically allows cookies to be stored on the user's device by default. Store users can change their browser settings in this regard. Web browsers also allow users to delete cookies. It is also possible to automatically block cookies. Detailed information on this can be found in the help or documentation of the browser.
g) Restrictions on the use of cookies may affect some functionalities available on the store's website.
h) The website uses a queuing system to distribute user traffic across multiple servers to speed up response times.
i) Cookies placed on the user's device by the store operator may also be used by entities cooperating with the operator, particularly companies such as Google (Google Inc. USA), Facebook (Facebook Inc. USA), Twitter (Twitter Inc. USA), and TikTok (TikTok UK).

 

11. Managing Cookies – How to Express and Withdraw Consent

a) If you do not wish to receive cookies, you can change the settings of your browser. The service reserves the right to disable cookies necessary for authentication, security, or maintaining user preferences, which may hinder the use of the service.
b) The use of cookies to store information and access information stored on the user's telecommunication device is permitted only if you consent to the use of cookies. When you open the first page of the XPLX service, you can express or deny consent for the use of cookies. This consent can be withdrawn at any time, particularly by clearing the cookie history or disabling cookies in the browser settings.
c) Information about how to handle cookies is available in the settings of web browsers: