PRIVACY POLICY

PRIVACY POLICY INTERNET STORE

CONTENTS:

1. OVERALL TERMS
2. DATA PROCESSING JUSTIFICATIONS
3. OBJECTIVE, GROUNDS, AND DURATION OF DATA HANDLING IN THE ONLINE SHOP
4. DATA RECIPIENTS IN THE ONLINE SHOP
5. PROFILING PRACTICES IN THE ONLINE SHOP
6. RIGHTS OF THE INDIVIDUAL
7. COOKIES AND ANALYTICS IN THE ONLINE SHOP
8. CLOSING TERMS

1. OVERALL TERMS

1.1. This privacy policy for the online store is informational and does not obligate customers or users. It explains how personal data is processed within the store, including the legal basis, purpose, and extent of processing. It also outlines user rights and the use of cookies and analytics tools in the online store.

1.2. The controller of personal data collected through the online store is FRANCE AUTO SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ SPÓŁKA KOMANDYTOWA, located at Karniszewicka St. 79/83, 95-200 Pabianice, Poland. The delivery address is Wspólna St. 5, 95-200 Pabianice, Poland. The company is registered under KRS 0000720891, with documents kept by the District Court for Łódź-Śródmieście. Their Tax Identification Number is PL7312049830, and their REGON for contacting purposes is 362610235. Contact mail: contact@france-auto.eu; the phone number is +49 32221095519. Hereinafter referred to as "Administrator" or "Responsible Person," this entity is the service provider and seller of this online store.

1.3. Personal data collected through the online store is controlled by the Controller in accordance with applicable law, including the Regulation of the European Parliament and of the Council from April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC ("GDPR"). The text of GDPR can be found at: lex.europa.eu/legal-content/PL/TXT/?uri=CELEX:32016R0679.

1.4. Engaging with the online store, including making purchases, is entirely optional. Additionally, the management of personal data by the online store user or customer is voluntary, with two exceptions:

1.4.1. When entering into a contract with the responsible entity - if the necessary personal data required for the formation and execution of a sales contract or an electronic service agreement are not provided as outlined on the online store's website, within its regulations, and this privacy policy, the contract cannot be fulfilled. In this scenario, providing personal data is a contractual requirement. If the individual wishes to enter into a specific contract with the responsible entity, they must furnish the required data. The necessary data for contract formation is specified on the online store's website and within its regulations each time.

1.4.2. Legal obligations of the responsible entity - providing personal data is mandatory due to legal provisions that require the responsible entity to process personal data (for example, for tax or accounting purposes). Failure to comply with these requirements prevents the responsible entity from fulfilling these legal obligations.

1.5. The responsible entity prioritizes the protection of the interests of individuals whose personal data it handles, ensuring that the data is (1) processed legally; (2) gathered for specific, lawful reasons and not used for purposes beyond those stated; (3) accurate and relevant to the processing objectives; (4) retained only as long as necessary to fulfill the processing purposes; and (5) handled in a manner that ensures proper security, guarding against unauthorized or unlawful access, accidental loss, destruction, or damage, through suitable technical and organizational measures.

1.6. Given the nature, scope, context, and goals of data processing, as well as the potential risks to the rights and freedoms of individuals, the administrator adopts appropriate technical and organizational safeguards to ensure compliance with GDPR and to be able to demonstrate such compliance. These measures are regularly reviewed and updated. The administrator employs technical means to prevent unauthorized access or alterations to personal data transmitted electronically.

1.7. All terms, phrases, and abbreviations included in this privacy policy and starting with a capital letter (e.g., Seller, Online Store, Electronic Service) should be interpreted according to their meanings as defined in the online store's regulations, which are accessible on the online store's website.

2. DATA PROCESSING JUSTIFICATIONS

2.1. The responsible entity has the right to process personal data under the following circumstances:

2.1.1. The individual has provided consent for their personal data to be processed for one or more specific purposes;

2.1.2. Processing is required to fulfill a contract to which the individual is a party or to take steps at the individual's request before entering into a contract;

2.1.3. Processing is necessary to comply with a legal obligation that the responsible party is subject to;

2.1.4. Processing is necessary to serve the legitimate interests of the responsible party or a third party, as long as these interests do not outweigh the fundamental rights and freedoms of the individual, particularly if the individual is a child.

2.2. The responsible entity must fulfill at least one of the criteria outlined in point 2.1 of this privacy policy for every instance of personal data processing. Detailed justifications for processing the personal data of online store users and customers by the responsible entity are provided in the subsequent section of this privacy policy, which addresses the specific purposes for which personal data is processed.

3. PURPOSE AND BASIS, SCOPE, AND DURATION OF PROCESSING IN THE ONLINE STORE

3.1. The grounds, period and recipients of personal data processed, depends on the specific actions performed by any Service User or Customer within the Online Store or by the Administrator.

3.2. The Controller may process personal data in the online store for the following purposes, on the following grounds, and for the following periods of time:

3.2.1. Purpose of Processing Personal Data: Personal data processing is necessary for the performance of obligations under the sales contract or electronic service agreement, with a description specifying the case, or for taking steps at the request of the data subject before entering into a contract.

3.2.2. Art. 6 of the GDPR: Processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. Duration: Data will be stored for the duration necessary to perform, end, or terminate the contract.

3.2.3. Direct Marketing: Under Article 6, paragraph 1, letter f) of the GDPR, direct marketing is allowed, which entails data processing based on the legitimate interests of the controller. This covers protection of the controller's interest and reputation, sales in an online shop, and product sales support. Data is stored for as long as legitimate interest exists but not longer than legally allowed by the statute of limitations concerning claims against data subjects relating to the business activities of the controller. Under provisions of the Civil Code, such duration is three years in the case of business-related claims and two years in connection with a sales contract. Processing for direct marketing will have to be discontinued if there is a justified objection by the data subject.

3.2.4. Marketing Consent: Art. 6, para. 1, letter a) of the GDPR incorporates the marketing consent. The data subject gives consent to the processing of personal data by the data controller for marketing purposes. The recorded data may be kept until the data subject withdraws their consent, after which they will not be contacted again for marketing-related purposes.

3.2.5. Customer Feedback: Customer Feedback on Sales Contract (Article 6(1)(a) GDPR): The individual has agreed to the use of their personal data to provide feedback on a sales contract. This data will be maintained until the individual withdraws their consent, after which it will cease to be used for this purpose.

3.2.6. Tax Records: Maintaining tax records falls under Article 6(1)(c) GDPR in conjunction with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws 2018, item 395 as amended). This processing is essential to fulfill a legal obligation imposed on the responsible party. The data must be kept for the legally required duration, which is five years from the start of the year following the fiscal year to which the data pertains.

3.2.7. Claims: Establishment, Investigation, or Defense of Claims. In accordance with Article 6, paragraph 1, lit. f) of the GDPR, processing data is justified by the legitimate interests of the responsible party. This includes establishing, investigating, or defending claims that the responsible party may assert or that may be asserted against them. Data is kept as long as these legitimate interests exist, but not beyond the limitation period for claims, which is generally six years.

3.2.8. Website Operation: Utilization of the Online Store Website and Ensuring Proper Operation. The processing is necessary for the purposes of the legitimate interests pursued by the controller, as a consequence of Article 6, paragraph 1, lit. f) of the GDPR. This is about managing and maintaining the website of the online store. Data will be stored for the entire duration when these legitimate interests are pursued but no longer than within the statutory limitation period of claims - it will be related to activities conducted within the statutory limitation period of the controller's business activity. This statutory limitation is generally three years for business operation activities and two years for sales contracts.

3.2.9. Traffic Data: Traffic data are also collected on such an online shop according to Art. 6, para. 1, lit. f) GDPR, which refers to protection of the legitimate interests of the controller. This processing is necessary for the legitimate interests pursued by the controller, in particular for the purpose of conducting statistics and analyzing traffic data to improve the online store's performance and ultimately boost sales volumes. Data will be stored for as long as the legitimate interest lasts, but not longer than the legal limitation period within which claims against the data subject can be asserted by the responsible party for its business activities. According to the law-in particular clauses under the Civil Code-the limitation period amounts usually to three years regarding business-related claims and two years concerning sales contracts.

4. DATA RECIPIENTS IN THE ONLINE SHOP

4.1. To ensure smooth operations and fulfill sales agreements in the online store, the responsible entity engages external service providers, such as software vendors, couriers, or payment processors. The responsible entity collaborates exclusively with processors who guarantee the implementation of suitable technical and organizational measures, ensuring compliance with Data Protection Regulation and the protection of data subjects' rights.

4.2. The responsible entity may transfer personal data to countries outside the EU, provided these countries ensure an adequate level of data protection according to the GDPR. Such transfers are based on standard contractual clauses. The responsible entity guarantees that data subjects can obtain a copy of their data. Personal data is transferred only when necessary and solely for the purposes stated in this privacy policy.

4.3. The responsible party does not transfer data in every situation or to all possible recipients. Data is only shared when necessary for processing personal data and only to the degree needed to fulfill the intended purpose. For instance, if a customer collects a product in person, their information is not shared with the supplier working with the responsible party.

4.4. Customer and online store customer data may be shared with the following recipients or categories of recipients:

4.4.1. Carriers, transport companies, courier brokers, or individuals involved in warehousing and delivery processes. When a customer chooses to have a product delivered via mail or courier through the online store, the responsible party shares the customer's personal data with the chosen carrier, transport company, or intermediary handling the delivery on behalf of the responsible party. If the delivery involves an external warehouse, data is shared with the individual managing the warehousing and/or delivery process, strictly to the extent necessary to deliver the product to the customer.

4.4.2. Handling electronic payments and credit cards. When a customer uses electronic payment or a credit card in the online store, the person responsible will share the customer's personal data with the chosen provider of electronic payment or credit card services. This data sharing is limited to what is necessary for the provider to process the payment.

4.4.3. Lenders and leasing companies. If a customer opts for installment payments or leasing in the online store, the responsible person will transfer the customer's personal data to the selected lender or leasing company. This transfer is strictly to the extent required for the lender or leasing company to process the payment on behalf of the responsible person.

4.4.4. Customer feedback system providers. When a customer consents to provide feedback on their completed sales contract, the responsible party transfers the necessary personal data to the chosen customer feedback system provider. This transfer is limited to the data required for the customer to share their opinion on the sales contract concluded through the online store.

4.4.5. Providers of technical, IT, and organizational solutions. The responsible party may transfer collected customer personal data to selected providers of technical, IT, and organizational solutions that support the business operations, including the online store and associated electronic services. These providers may include software vendors for the online store, email and hosting services, and management software. The transfer of data is conducted only when necessary and strictly to the extent required to fulfill the specific purpose of data processing, as outlined in this privacy policy.

4.4.6. Companies offering accounting, legal, and consultancy services. These companies may receive the customer's personal data from the responsible entity for the purpose of providing necessary support. This includes firms specializing in accounting, law, or debt collection. The transfer of data is conducted strictly when required and only to the extent needed to fulfill the data processing objectives outlined in this privacy policy.

4.4.7. Integration of Social Plugins, Scripts, and Other The website of the online store uses social plugins, scripts, and similar tools, which set visitors' browsers to load content from providers. As a result of such configuration, personal data might be transferred from the visitor to those third-party providers, including:

4.4.7.1. Meta Platforms Ireland Ltd. The administrator incorporates Facebook social plugins, like the login option with Facebook credentials, into the website of the online store. This is done by the fact that the personal data is being collected and transferred to Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The exact data protection guideline can be found under: Facebook Privacy Policy. The collected data entails details of activities on the online store's website, like the device used, pages viewed, purchases made, ads viewed, and services used, with or without a Facebook account or whether logged in or out.

4.4.7.2. Google Ireland Limited. The administrator uses Google social plugins to the online store's website (e.g., "comments with Google+"), collecting and transmitting to Google Ireland Ltd. The data to the address: Gordon House, Barrow Street, Dublin 4, Ireland. The privacy policy of that service can be found at: Google Privacy Policy. This data encompasses details that relate to your use of the online store website, details of a device, varied websites visited, purchases placed, advertisements viewed, and services used on the website, regardless of whether or not you have a Google account or are signed in.

5. PROFILING PRACTICES IN THE ONLINE SHOP

5.1. Automated decision-making and profiling disclosure. In this regard, according to the General Data Protection Regulation (GDPR) of the EU, the controller needs to provide information regarding the automated decision-making processes, including profiling, if required under the application of Article 22, paragraphs 1 and 4, of the GDPR.

5.2. The responsible entity may utilize profiling for direct marketing within the online store. However, any decisions made through this profiling will not affect the conclusion or refusal of sales contracts or the ability to use electronic services. Profiling in the online store might be used to provide personalized discounts, send discount codes, remind users of incomplete purchases, suggest products that align with a user's interests or preferences, or offer enhanced terms compared to the store's standard offerings. Regardless of profiling activities, customers retain full discretion over whether to use the discounts or improved terms and proceed with their purchases.

5.3. Profiling in the online store involves the automated analysis or prediction of an individual's behavior on the store's website. This could include actions such as adding a specific product to the cart, viewing a particular product page, or reviewing past purchase history. Profiling is possible only if the responsible party possesses the individual's personal data to send targeted offers, such as discount codes.

5.4. Right to object to automated decision-making. Everybody has the right to protection from decisions made solely on the basis of automated processing, including profiling, which produce legal effects concerning them or affect them significantly in a similar way.

6. INDIVIDUAL RIGHTS

6.1. Access, rectification, erasure, and data portability rights. Individuals have the following rights under GDPR Articles 15-21:

• Access personal data about them,
• Correct inaccuracies,
• Delete data (right to be forgotten),
• Restrict processing,
• Transfer their data.

6.2. Consent withdrawal rights. When data processing is based on consent as per Article 6(1)(a) or Article 9(2)(a), individuals can withdraw their consent at any time. This does not affect the legality of processing based on consent before its withdrawal.

6.3. Complaint filing rights. Individuals have the right to file a complaint with the relevant supervisory authority, such as the President of the Personal Data Protection Office, under GDPR and Polish law.

6.4. Right to object to data processing. Individuals can object to the processing of their personal data at any time for reasons related to their specific situation, as per Articles 6(1)(e) and 6(1)(f). The data controller must cease processing unless there are compelling legitimate grounds that override the individual's rights and interests or for legal claims.

6.5. Right to object to direct marketing. Individuals have the right to object at any time to the processing of their personal data for direct marketing purposes, including profiling related to direct marketing.

6.6. Exercising your rights. To exercise the rights outlined in this privacy policy, you can reach out to the designated contact person. You may do so by sending a written message or an email to the address provided at the beginning of this policy, or by using the contact form available on the online store's website.

7. COOKIES AND ANALYTICS IN THE ONLINE SHOP

7.1. Cookies are tiny text files transmitted by a server and saved on the device of the individual accessing the online store's website (such as the hard drive of a computer, laptop, or on a smartphone's memory card - depending on the visitor's device). For more comprehensive details about cookies and their development history, you can visit this link: https://de.wikipedia.org/wiki/HTTP-Cookie.

7.2. Types of cookies utilized by the online store website. Cookies utilized by our online store website can be categorized based on various criteria:

Based on the Provider:

• First-party cookies - These are created and managed directly by our online store's website.
• Third-party cookies - These are provided by external entities other than our online store.

Based on Storage Duration:

• Session cookies - These are temporarily stored and are erased when you log out or close your web browser.
• Persistent cookies - These remain on your device for a predetermined period specified by the cookie’s parameters or until you manually delete them.

Based on Purpose:

• Essential cookies - These are crucial for the basic functioning of our online store.
• Functional/preference cookies - These allow the website to remember your preferences and customize your experience.
• Analytical and performance cookies - These collect data on how visitors use our website, helping us improve its performance.
• Marketing, advertising, and social media cookies - These gather information about your browsing habits to display targeted advertisements and perform marketing activities, both on our website and across other platforms, including social networks and other sites within the same advertising network.

7.3. The authorized individual may handle the data stored in cookies when users engage with the online store for the following purposes:

Objectives of utilizing cookies in the online store managed by the authorized individual:

• Recognizing registered users who have logged in and indicating their logged-in status (essential cookies)
• Storing products added to the cart to facilitate order placement (essential cookies)
• Retaining data entered in order forms, surveys, or login credentials for the online store (essential and/or functional/preferential cookies)
• Adapting the online store's content to the specific preferences of the user (e.g., color schemes, font sizes, page layout) and enhancing the user experience on the website (functional/preferential cookies)
• Generating anonymous statistics to analyze the usage of the online store (statistical cookies)
• Displaying and managing advertisements, controlling the frequency of ad appearances, preventing unwanted ads, measuring ad performance, and personalizing ads by analyzing user behavior anonymously (e.g., frequent visits to certain pages, specific keywords) to build user profiles and deliver targeted advertisements, including when users visit other sites within the Google Ireland Ltd. and Meta Platforms Ireland Ltd. advertising network (marketing, advertising, and social network cookies)

7.4. How to check cookies in various web browsers. You can review the cookies being used by an online store, including their duration and provider, in several popular web browsers. Here’s how:

In Chrome:

• Click the padlock icon to the left of the address bar.
• Select the "Cookies" tab.

In Firefox:

• Click the shield icon to the left of the address bar.
• Choose the "Allowed" or "Blocked" tab.
• Click on fields such as "Cross-site tracking cookies," "Social network tracking scripts," or "Content for tracking activity."

In Internet Explorer:

• Open the "Tools" menu.
• Select "Internet Options."
• Navigate to the "General" tab.
• Click on "Settings."
• Click on "View files."

In Opera:

• Click the padlock icon to the left of the address bar.
• Select the "Cookies" tab.

In Safari:

• Go to "Settings" from the menu.
• Select the "Privacy" tab.
• Click "Manage website data."

Regardless of the browser you use, you can also check cookies with online tools such as:

• CookieMetrix
• Cookie Checker

7.5. Cookie Management and Browser Settings. Typically, web browsers are set to accept cookies by default. However, you have the ability to adjust your browser settings to manage cookie usage according to your preferences. This means you can either restrict cookies partially, for instance, on a temporary basis, or disable them entirely. Be aware that disabling cookies may impact certain functionalities of the online store. For example, if cookies are not enabled, you might not be able to complete the order form as the system won't retain the products in your cart for subsequent steps.

7.6. Consent through Browser Settings. Your browser settings play a crucial role in providing consent for the use of cookies on our online store. According to legal guidelines, your consent can be communicated through these settings. To learn how to change your cookie preferences or delete them, please refer to the help section of your browser or visit the following links for detailed instructions:

• Chrome Browser
• Firefox Browser
• Internet Explorer Browser
• Opera Browser
• Safari Browser
• Microsoft Edge Browser

7.7. Utilization of Google Analytics by Responsible Personnel. The designated individual can utilize Google Analytics and Universal Analytics, provided by Google Ireland Limited (located at Gordon House, Barrow Street, Dublin 4, Ireland). These tools aid in analyzing traffic within the online store. The data collected through these services is anonymized (referred to as operational data, which cannot be used to identify individuals) to generate statistics for managing the online store. This data is aggregated and anonymous, meaning it does not include personal characteristics that would identify visitors to the online store. The responsible individual collects information such as the source and medium through which visitors access the online store, their behavior on the website, details about the devices and browsers used, as well as IP domains, geographic data, demographic information (age, gender), and interests.

7.8. Opting Out of Google Analytics. You can easily prevent Google Analytics from collecting information about your activities on the online store's website. To do so, you can install a browser plugin provided by Google Ireland Limited, available at this link: Google Analytics Opt-out.

7.9. Use of Google's Advertising and Analytical Services. Given the potential use of Google's advertising and analytical services by the online store, the responsible individual points out that comprehensive information regarding the data processing principles for online store visitors (including information stored in cookies) by Google Ireland Limited can be found in Google's privacy policy, accessible here: Google Privacy Policy.

8. CLOSING TERMS

8.1. The online store may include links to external websites. It is advised that users review the privacy policies of those sites upon visiting them. This privacy policy is exclusively applicable to the online store managed by the responsible party.