GENERAL TERMS AND CONDITIONS OF THE ONLINE STORE

I. GENERAL INFORMATION

What is the privacy policy?

website, whose resources you are currently using, operates. This document also includes

information on how your personal data will be handled, as well as instructions on your rights

related to your personal data.

Is the privacy policy a contract or regulations?

No. The privacy policy is intended to be a resource for you only, and its purpose is to ensure

that you can exercise your rights smoothly.

Where is the privacy policy available?

The privacy policy is always available on the website and can be read by you at any time.

The content of the privacy policy can also be downloaded and recorded by you, in particular

by printing it out or saving it to a medium.

Is the privacy policy subject to change?

The dynamic development of technology and standards for creating and running websites

may make it necessary to update the privacy policy. Changes may also be forced by new

laws or additional requirements expected to be met by external service providers used by

this website.

When there is a need to update the privacy policy, we will inform you well in advance and

provide a rationale for the changes.

When is the privacy policy effective?

The privacy policy is effective when it is published on our website. We make the utmost effort

to ensure that this document is always up-to-date and contains comprehensive information

and instructions. The header of the privacy policy also indicates the date when the current

version was posted on our website.

What if I do not accept the privacy policy in whole or in part?

In this case, you should immediately stop using the website.

II. ADMINISTRATOR

Who owns and manages the website?

The website is operated by the Administrator, i.e. the entity indicated in the Information

Sheet.

Where can I verify the accuracy or validity of the Administrator’s data?

You can verify the Administrator’s data in the National Court Register available online at

https://ekrs.ms.gov.pl/web/wyszukiwarka-krs/strona-glowna/index.html or in the Central

https://aplikacja.ceidg.gov.pl/ceidg/ceidg.public.ui/search.aspx.

How can I contact the Administrator?

For all matters, you can contact the Administrator via e-mail, by calling our telephone

number or by sending us a letter to our delivery address. You will find all contact details in

the Information Sheet. The cost of your use of means of remote communication corresponds

to the usual ones and depends on the operator’s price list. The regulations and other

documents available on the website may also provide for additional ways to contact the

Administrator on particular issues.

What should I do if I have questions about the privacy policy?

Just contact us via the address indicated in the Information Sheet, and we will promptly

answer your questions or provide you with the necessary instructions.

What legal obligations does the Administrator have?

The Administrator performs all obligations that arise under the law, in particular those arising

from:

● the Act of April 23, 1964. – Civil Code (i.e. Journal of Laws of 2022, item 1360, as

amended);

● the Act of July 18, 2002 on the provision of services by electronic means (i.e. Journal

of Laws of 2020, item 344);

● the Act of May 30, 2014 on consumer rights (i.e., Journal of Laws of 2020, item 287,

as amended);

● Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27,

2016 on the protection of natural persons in connection with the processing of

personal data and on the free flow of such data and repealing Directive 95/46/EC

(General Data Protection Regulation) (OJ EU. L. 2016, No. 119, p. 1, as amended)

(hereinafter “RODO”).

Has the Administrator established a Data Protection Officer?

Information about the establishment or non-establishment of a Data Protection Officer can

be found in the Information Sheet.

Who on behalf of the Administrator has access to my personal data?

Only authorized persons and entities that process your personal data as our processors

under separate agreements have access to your personal data.

III. PERSONAL DATA

What is personal data?

According to Art. 4 para. 1 RODO, “personal data” means any information about an identified

or identifiable natural person (“data subject”); an identifiable natural person is one who can

be identified, directly or indirectly, in particular by reference to an identifier such as a name,

an identification number, location data, an online identifier or to one or more factors specific

to the physical, physiological, genetic, mental, economic, cultural or social identity of the

natural person.

What laws govern the handling of my personal data?

These are the RODO, the Act of May 10, 2018 on the Protection of Personal Data (i.e.

Journal of Laws of 2019, item 1781) and other legal acts.

What principles does the Administrator follow when collecting and processing my

personal data?

Here is a list of the principles we follow, along with the legal basis from which they derive

and a description of how we apply these principles in practice:

● Lawfulness, fairness and transparency (Art. 5(1)(a) RODO) – we take the utmost care

to ensure that the processing of your personal data is carried out lawfully, fairly and in

a manner that is transparent to you.

● Purpose limitation (Art. 5(1)(b) RODO) – we take the utmost care to ensure that the

processing of your personal data occurs for specific, explicit, legally legitimate

purposes that you understand.

● Data minimization (Art. 5(1)(c) RODO) – we take the utmost care to ensure that the

processing of your personal data occurs only to the extent necessary.

● Correctness (Art. 5(1)(d) RODO) – we take the utmost care to ensure that the

personal data we collect about you is correct and relevant to the purposes of its

processing. We promptly correct our errors, if any, by deleting your personal data or

correcting them.

● Retention limitation (Art. 5(1)(e) RODO) – we take the utmost care to ensure that your

personal data collected by us is not processed for longer than absolutely necessary.

● Integrity and confidentiality (Art. 5(1)(f) RODO) – we use appropriate technical and

organizational measures to ensure that your personal data we collect is secure and

processed only in a lawful manner.

● Accountability (Art. 5(2) RODO) – we use appropriate technical and organizational

measures to be able to demonstrate our compliance with the above principles, if

necessary.

What personal data will be processed by the Administrator in connection with my

activity on the website?

Depending on your activities (e.g.: sending an inquiry, signing up for a newsletter, making a

purchase), the Administrator may ask you to consent to the processing of personal data

specified in the Information Sheet.

I want to withdraw my consent to process my personal data, but I don’t know what

consequences this will have.

You can withdraw the consent you have given us to process your personal data at any time,

and this will not have any negative consequences for you, especially financially. However,

the exercise of this right by you will not affect the legality of our actions, which concerned

your personal data, taken before you withdrew the said consent. You must also remember

that when you withdraw your consent, you will lose the ability to access certain functionalities

of the website, the use of which is possible only on the basis of your previously expressed

consent to the processing of your personal data.

Will filing an objection by me always cause the Administrator to stop processing my

personal data?

Yes, if your personal data is processed by us for direct marketing purposes, including

profiling.

However, if your objection is related to your particular situation, we may continue to process

your personal data in certain cases if we demonstrate the existence of grounds for

establishing, asserting or defending claims.

Is my personal data secure?

Yes. We use appropriate technical and organizational measures to ensure the security of

your personal data. A list of these measures can be found in the Information Sheet.

When can the Administrator collect and process my personal data?

The RODO provides for a number of cases when it is lawful to process personal data, but we

use your personal data in the following situations and with reference to the legal basis

indicated below:

● You have consented to the processing of your personal data for one or more

specified purposes (Art. 6(1)(a) of the RODO), which is necessary to provide you with

a discount or send you a promotional code, solicit commercial information, contact

you by phone for commercial purposes, undertake other direct marketing activities,

use cookies by us on the website, allow you to leave an opinion or comment on the

website, use chat, contact form and other tools to communicate with the

Administrator;

● The processing of your personal data is necessary for the performance of a contract

to which you are a party or to take steps at your request prior to the conclusion of a

contract (Art. 6(1)(b) RODO), which is necessary for the performance of the contract

you have concluded, the processing of your complaint or other claims, the

establishment of telephone contact with you for purposes related to the contract you

have concluded or claims you have made;

● The processing of your personal data is necessary for the performance of a legal

obligation incumbent on us as the Administrator (Art. 6(1)(c) of the RODO), which is

necessary for the processing of your complaint or other claims, the creation of

databases and collections related to obligations under the RODO or other laws, the

issuance of an invoice/bill to you, the performance by the Administrator of other

obligations under tax law, the Accounting Act and the like;

● The processing of your personal data is necessary for purposes arising from the

legitimate purposes pursued by us as the Administrator (Art. 6(1)(f) RODO), which

we will indicate to you each time we process your personal data in this manner.

What rights do I have related to my personal data?

The RODO contains a great many provisions that are designed to guarantee the protection

of your rights. Below we present to you your most important rights, their legal basis and

instructions on how to practice exercising them:

● The right to withdraw consent to the processing of your personal data (Article 7(3) of

the RODO) can be exercised by using the functionality of the website and, if

necessary, by contacting the Administrator;

● You can exercise the right to obtain transparent information about your personal data

(Art. 12 (1) RODO) by reviewing the privacy policy and, if necessary, also by

contacting the Administrator;

● The right to have transparent communications with the Administrator regarding, in

particular, your rights and data protection violations (Art. 12(1) RODO) you can

exercise by reviewing the privacy policy and, if necessary, also by contacting the

Administrator;

● The right to receive the information specified in Article 13 of the DPA that is provided

in the collection of your personal data (Article 13 of the DPA) you can exercise by

reviewing the privacy policy and, if necessary, also by contacting the Administrator;

● The right to receive confirmation as to whether your personal data is being processed

by us (Art. 15 (1) RODO) you can exercise by contacting the Administrator;

● The right to obtain access to your personal data and the information relating to them

as specified in Article 15 of the RODO (Art. 15(1) of the RODO) you can exercise by

contacting the Administrator;

● The right to rectify your personal data (Art. 16 RODO) you can exercise by contacting

the Administrator;

● The right to request the erasure of your personal data (Art. 17 RODO) you can

exercise by contacting the Administrator;

● The right to request restriction of the processing of your personal data (Art. 18

RODO) you can exercise by contacting the Administrator;

● The right to data portability (Art. 20 RODO) you can exercise by contacting the

Administrator;

● The right to object to the processing of your personal data, including profiling (Art. 21

RODO) you can exercise by contacting the Administrator;

● The right to lodge a complaint with a supervisory authority (Art. 77 RODO) you can

exercise by using the information available at https://uodo.gov.pl/83.

To whom does the Administrator entrust the processing of my personal data?

In order to ensure the availability of the website and your ability to use its

of its functionality, as well as to provide you with service, it is necessary for us to reinforce

the services and products of many entities. Whenever we enter into a relationship with such

an entity, we verify that it provides a guarantee for the correct and secure processing of your

personal data, and that your data is transferred outside the European Economic Area (EEA).

Effective implementation of the purposes listed above may require us to entrust your

personal data to the entities indicated in the Information Sheet.

What does the distinction “EEA only / outside the EEA” mean in the context of

transferring my personal data?

The DPA applies within the European Economic Area (the “EEA” for short), which includes

all countries of the European Union plus Iceland, Norway and Liechtenstein. If your personal

data is transferred to a country other than those listed above, it is assumed to go to a third

country (and therefore “outside the EEA”). The RODO permits this, but under certain

conditions set forth in Chapter V of the act. We ensure that all recipients of your data outside

the EEA provide guarantees that your personal data is processed lawfully and that adequate

technical and organizational measures are applied to ensure its security.

Can my personal data be released at the request of state authorities?

Your data will be released if such a request is made by an authorized entity (Prosecutor’s

Office, Police, President of the Office for Personal Data Protection, etc.). However, in each

case we examine the legal basis and scope of such a request.

IV. INTERNET SERVICE

What technical requirements must I meet in order to use the website?

In order to use the website, you must use an ICT system that meets the following minimum

technical requirements:

● computer or mobile device (terminal device);

● access to the Internet;

● Internet browser (we make the utmost effort to ensure that the website is properly

supported by Microsoft Edge, Mozilla Firefox, Google Chrome, Opera and Apple

Safari browsers).

Is it safe to use the website?

Yes, we use appropriate technical and organizational measures to ensure the security of

your personal information, and in particular we have an up-to-date SSL certificate.

Notwithstanding the above, you should use your own technical measures (anti-virus

programs, firewalls, etc.) to minimize the risk of threats related to the use of the Internet

(e.g.: malicious/malware).

Does the website use the cache (memory) of my device?

In order to provide you with the highest quality service, we may use your device’s cache.

This ensures that when you visit the website again, the same data is no longer downloaded,

which significantly improves the speed and user experience of the website.

What data about me is collected on the server where the website is located?

Your use of the website involves your browser sending requests to the server, which in turn

records them in so-called logs.

The aforementioned logs contain information about the device you are using, its operating

system and the associated IP address, the date and time of your visit to the website, the

length of time you spent there and the type of web browser you used. The data collected in

the server logs are anonymous and do not allow you to establish your identity, and only

authorized persons have access to them.

V. COOKIES

What are cookies?

Cookies are text-number information sent to your browser by the server operating our

website. Thanks to cookies, our website can recognize your preferred content and, among

other things, store the data you have saved (e.g.: the contents of a shopping cart in an

online store).

You can learn more about cookies on the Wikipedia page dedicated to them.

Do cookies fall into any categories?

Yes. As a rule, cookies are divided into own cookies and third-party cookies.

Proprietary cookies are related to our website and are used to verify that you are currently

logged in, improve the operation of our online store and the ordering process

therein, as well as record such important events as your acceptance of rules and

regulations, policies or the expression of marketing consents. Third-party cookies, on the

other hand, allow you to use the content or functionality provided by these entities. For

example, playing videos embedded in our website involves accepting the cookie policy of the

entity that stores and makes the video available (e.g.: Vimeo, Youtube, etc.). Similarly, any

plugins work by allowing you to share content from our website directly on your social media

profile (e.g.: Facebook, Twitter, Linkedin etc.).

What do cookies and Internet marketing have in common?

Cookies allow us to use so-called remarketing. This means that we can display

advertisements to you on other sites encouraging you to take certain actions on our website

(e.g.: purchase a product, take advantage of a promotion, etc.). Cookies also allow us to

display ads to you on social networks such as Facebook. However, such cookies are

collected anonymously and do not identify you.

Why do you ask me if I consent to the use of cookies?

You probably noticed that the first time you visited our website, you were shown a pop-up

box with information about our use of cookies. We are obliged to inform you about the use of

cookies and ask your consent. This follows from Article 173 of the Act

of July 16, 2004. – Telecommunications Law (i.e. Journal of Laws of 2022, item 1648). If you

have given your consent, we will use cookies in accordance with the terms of this privacy

policy.

What do you use cookies for?

Cookies allow us to, among other things:

● provide you with a smooth and fast functioning of the website;

● enable you to save any settings you have made on the website;

● enable you to share content from our website directly on your social media profile;

● enable you to play content from external services that have been embedded on our

website;

● use marketing tools;

● ensure that you are targeted with personalized advertising that is as tailored to your

consumer preferences as possible.

Can I withdraw my consent to the use of cookies?

Yes. This will happen automatically when you delete our cookies from your device,

and then change your browser settings. You will learn how to do this later in the privacy

policy.

I want to change my browser settings regarding the use of cookies, but I don’t know

how to do it.

There are many browsers on the market and there can be significant differences in their

support.

To find the most up-to-date information on cookie settings, visit your browser publisher’s site.

1. Chrome – https://www.google.pl/chrome/

2. Safari – https://support.apple.com/pl-pl/safari

3. Opera – https://www.opera.com/pl

4. Edge – https://www.microsoft.com/pl-pl/edge

5. Firefox – https://www.mozilla.org/pl/firefox/new/

Does accepting cookies change anything on my device?

Cookies are stored on your device, but they do not modify its settings in any way, nor do

they interfere with its existing functioning.

Are there any risks for me in accepting the use of cookies?

The use of cookie technology does not carry any risks for your device. In particular,

accepting the use of cookies will not make your device more vulnerable to virus infection or

installation of unwanted, harmful or malicious software.

Does not accepting cookies affect how I use the website?

Unfortunately, most likely your use of the website will no longer be as fast and convenient

and convenient as it could be. In addition, the content displayed to you will not be

personalized, and may be very generic and in no way tailored to your preferences.

VI. PROFILING

What is profiling?

Profiling is another way of analyzing your consumer habits. Based on it, content that is most

likely to be of interest to you or otherwise suitable for you is provided to you in an automated

manner. The profiling process is always conducted on the basis of your consent.

Can the profiling process affect my legal situation in any way?

No. No automated decisions are made as a result of the profiling process that would have

any legal effect on you, especially those that could in any way violate your rights or

freedoms.

Can the profiling process affect my factual situation in any way?

Yes. As a result of the profiling process, automated decisions may be made, such as:

granting you a discount or offering you other preferential purchase conditions.

However, in each case it is up to you to decide whether to take advantage of our offer.

What data are used in the profiling process?

These are:

● information about the operating system your device uses to browse our website;

● information about the browser you use to read content posted on our website;

● information about the subpages of our website that you consulted and the time you

spent on those particular subpages,

● information about the source of your access to our website;

● information about the age range you are currently in;

● information about your gender;

● information about your approximate location narrowed only to the locality in which

you are located at the time you use the website.

In no case can the above analytical data be used to identify you as a user of our website,

and in particular, we do not match this data with your personal information.

VII. COMMUNICATION

How long will my personal data be stored?

In any case, however, the period of storage of your data will not be longer than the legal

limitation period for possible claims of the parties, which is currently the most

6 years (Article 118 of the Civil Code).

When using the communication channels available on the website (form, e-mail

address, chat, leaving feedback, etc.), do I have to agree to the processing of my

personal data?

You do not have to agree to the processing of your personal data, but this is equivalent to

with the inability to respond to your inquiry. In this case, the Administrator will delete your

message and the personal data contained in it.

Can I delete content published by me on the website, such as opinions?

Yes. You can remove the content you have published at any time using the functionality of

the website or request the Administrator to remove it. However, in this case, personal data

provided to the Administrator at the time of publication of the content will continue to be

processed due to the Administrator’s legitimate interest (investigation or defense against

claims).

For how long is the correspondence conducted with the Administrator and related

personal data?

The history of your communication conducted with the Administrator may be archived due to

the Administrator’s legitimate interest (investigation or defense against claims). The storage

period for this content depends on its subject matter and evidentiary significance, but

however, in no case will it be longer than the legal limitation period for possible claims of the

parties.

VIII. CONTENTS

To whom does the content published on the website belong?

The content belongs to the Administrator (he is the owner of the author’s economic rights or

has a license), unless we have explicitly stipulated otherwise and indicated its Creator.

Can I use the content published on the website for my own purposes?

No. The Administrator neither explicitly nor implicitly grants you any license to use the

content for any purpose other than reading it in the course of using the website. If particular

content is intended for distribution, the Administrator will explicitly indicate this on the

website.

APPENDIX TO THE PRIVACY POLICY

INFORMATION CARD

I. ADMINISTRATOR

1. The Administrator is FLAT OUT os. Tysiąclecia 1a Krakow.

2. The Administrator independently exercises all rights and obligations related to

collecting, storing, protecting and processing your personal data.

II. ADDRESSES

1. Contact with the Administrator is possible using the following means of remote

communication:

● e-mail: info@flatout.bike

● telephone: +48 794 420 420

2. The address for delivery: woj. MAŁOPOLSKIE, pow. Kraków, gm. Kraków, miejsc.

Kraków, st. Stefana Rogozińskiego, nr 3, lok. 30, 31-559

III. PERSONAL DATA

1. The Administrator collects and processes the following personal data:

● first and last name;

● address for delivery;

● name of the business activity conducted;

● tax identification number;

● e-mail address;

● telephone number;

● bank account number.

2. The administrator uses the following technical and organizational measures to

ensure the security of your personal data

● SSL certificate

3. The Administrator transfers personal data to the following entities:

a. cyber_Folks S.A.- hosting provider (data transfer area: EEA only);

b. cyber_Folks S.A. – email provider (data transfer area: EEA only);

c. Netplace sp. z o.o.- IT service provider (data transfer area: EEA only);

d. PayPal Holdings, Inc.- online payment system provider (data transfer area: EEA

only);

e. UPS Polska Sp. z o.o., InPost sp. z o.o. – courier service provider (data transfer area:

EEA only);

f. BrainSHARE IT sp. z o.o.- provider of accounting applications (data transfer area:

EEA only);

g. Adam Podleśny Coach Partner – provider of accounting services (data transfer area:

EEA only);

h. Rewizja.net Marcin Kopczynski – legal services provider (data transfer area: EEA

only);

i. Meta Platforms Inc. (formerly Facebook Inc.) – provider of fanpages, advertising

campaign tools, analytics tools, social media content sharing functionality (data

transfer area: outside the EEA);

j. Google Llc. – provider of advertising campaign tools, analytics tools, social media

content sharing functionality, and the Google Workspace suite of office tools (data

transfer area: outside the EEA);

k. Twitter Inc. – provider of social media content sharing functionality (data transfer area:

outside the EEA);

l. Linkedin Corp. – provider of social media content sharing functionality (data transfer

area: outside the EEA).

APPENDIX TO PRIVACY POLICY

ONLINE STORE

When placing an order in the store, do I have to provide my personal information?

Yes. Whenever you place an order through the store, you must provide us with your personal

information to the extent necessary to process your order. The basic personal information we

will need from you is your first and last name, email address, phone number, optional

invoicing information (company, tax ID) and possibly the address for delivery of the order

item.

What information is collected about me in connection with my purchases from the

store?

In addition to your personal data, we store in the database information about the date of your

order, its value, the products you purchased and the method of payment and delivery you

chose.

What entity will process my personal data if I choose to pay for my order through a

payment gateway?

Each of our partners processing our transactions is an entity supervised by the Financial

Supervision Commission and entered in the register of national payment institutions. You

can verify the validity of this entry at https://e-rup.knf.gov.pl/.

The terms of use of the payment gateway and the rules under which the entity processes

your personal data are set forth in the terms and conditions and privacy policy, links to which

can be found in the Information Sheet.

How do I make a complaint and what personal information will I need to provide in

connection with it?

A complaint may be addressed to the Administrator and should include:

● the identifying information you provided when placing the order or the number of that

order;

● a concise statement of the subject of the complaint;

● a concise statement of your expectations as to how we will handle the complaint;

● other information that you think will be useful to us in recognizing the

the complaint.