Privacy and Cookies Policy

Privacy Policy

Effective: 26 October 2021

Please review our Privacy Policy which, along with the Terms of Service, constitutes the Agreement between You and SLF24 (SMART LINE FURNITURE 24 Limited Liability Company) hereinafter referred to as “Company” or “SLF24”. This Privacy Policy describes how SLF24 processes, collects, and uses the personal information (including Personal Data) You provide via our Website (“Online Store”), Blog, and during order placement or direct contact with us via any accessible means.

By accessing, using, or placing an order via our communication channels you agree to the processing as described in this Privacy Policy.

All capitalized terms used but not defined herein shall have the respective meanings given to them in the Terms of Service.

All definitions, such as "Personal Data", "processing", "Data Controller", "Data Processor", used in this Privacy Policy shall have the meaning as set forth by the GDPR.

General Statement

  1. The Controller of personal data collected by the Online store slf24.co.uk is SMART LINE FURNITURE 24 limited liability company. You can contact us via email [email protected] or contact form available via https://slf24.co.uk/contact.
  2. Personal data in the Online Store are processed by the Controller in accordance with applicable laws, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation".
  3. The use of the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the Customer using the Online Store is voluntary, but it may be a necessary condition if any of the following situations occur:
    1. entering into agreements with the Controller - failure to provide personal data necessary for the conclusion and performance of a Sales Agreement or an agreement for the provision of an Electronic Service with the Controller in the cases and within the scope specified on the website of the Online Shop, in the Terms and Conditions of the Online Shop and in this Privacy Policy, results in the impossibility to conclude that agreement. Providing personal data in such a case is a contractual requirement and if the data subject wishes to conclude a given agreement with the Administrator, he/she is obliged to provide the required data. Each time the scope of data required to conclude a contract is indicated beforehand on the website of the Online Shop and in the Terms and Conditions of the Online Shop;
    2. the Controller's statutory obligation - providing the personal data is a legal requirement stemming from generally applicable laws that impose an obligation to process personal data on the Controller (e.g. processing of data for the purpose of keeping tax or accounting books), and failing to provide such data will prevent the Controller from performing those obligations.
  4. The controller shall take special care to protect the interests of the persons whose personal data it processes, and in particular shall be responsible for and ensure that the data it collects are:
    1. processed lawfully;
    2. collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes;
    3. are substantively correct and adequate to the purposes for which they are processed;
    4. kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing; and
    5. processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by means of appropriate technical or organizational measures.
  5. Having regard to the nature, scope, context, and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Controller shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to be able to demonstrate it. The Controller shall apply technical measures to prevent the acquisition and modification by unauthorized persons, of personal data transmitted electronically.

Information collected by SLF24

  1. SLF24 may collect two categories of data:
    1. Personal Data including but not limited to name, last name, email address, contact details, delivery address;
    2. Non-Personal Data such as browser type, the web page visited before or after You came to Our Website, information You search for on the Website and interactions with the Service.
  2. If You wish to remain anonymous during our Website or Blog access, use Incognito mode in Your browser. Please be aware that using some features of our Online Store will require sharing your personal data with us.
  3. If you communicate with us regarding products or purchase issues (e.g. product, opinions, product details, or delivery) and other topics by phone, post, social media, contact forms, email, or any other medium, we collect the content of your messages.

Purpose, legal basis, retention of personal data, and scope of processing of personal data by SLF24

  1. SLF24 may process personal data for the following purposes, on the following grounds, during the following periods and to the following extent:
    1. Performance of the Terms of Service (sale agreement), an agreement for the provision of Electronic Services or taking action at the request of the data subject prior to entering into the above-mentioned agreements. The legal basis for data processing for this purpose is Article 6(1)(b) of the GDPR Regulation (performance of a contract). The data shall be stored for the period necessary to execute, terminate, or otherwise expire the concluded agreement. The scope of data processing is as follows: first and last name; e-mail address; contact telephone number; delivery address (street, house number, apartment number, postal code, city, country), address of residence/business/office (if different from the delivery address). For Service Customers who are not consumers, the Controller may additionally process the company name and tax identification number of the non-consumer party to the agreement. The purposes of the necessary data processing, therefore, depend on the purpose of the contract agreed with you (including our Terms of Service and any service-specific terms and conditions) or services requested by you. The most important purposes are:
      1. the provision of messages, reports, newsletters, and other direct communication, insofar as these are an integral component of our contractual services or the services requested by you.
      2. The guarantee of the general security, operability, and stability of our service including defense from attacks. Non-promotional communication with you on technical, security-related and contractually relevant subjects (e.g. fraud warnings or account blocking).
    2. Marketing purposes. The legal basis for processing data for this purpose is Article 6(1)(a) of the GDPR Regulation (consent). The data are stored until the data subject withdraws consent to further processing of their data for this purpose. The scope of data processing: first name, e-mail address.
    3. Direct marketing. The legal basis for data processing for this purpose is Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller). The data shall be stored for the period of existence of the legally justified interest pursued by the Controller, however, no longer than the below-included limitation: period for claims related to business activities in three years, and for a sales contract - two years. Scope of data processing: e-mail address, name, and surname.
    4. Customer's reviews about the purchase. The legal basis for data processing for this purpose is Article 6(1)(a) of the GDPR Regulation (consent). The data is stored until the data subject withdraws his consent to further processing of his data for this purpose. Scope of data processing: e-mail address, name, and surname.

Recipients of personal data - data processors

  1. For the proper functioning of the Online Store, including the purchase performed by the Customer, it is necessary for the Controller to use the services of third parties (e.g. software provider, courier, or payment processor). The Controller shall only use the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing complies with the requirements of the GDPR Regulation and protects the rights of data subjects. Furthermore, the Controller secures the transfer of personal data by means of adequate contracts and/or other security measures depending on the nature of the data and the processing.
  2. The Controller shall engage processors of data only if it is necessary for the fulfillment of a given purpose and only to the extent necessary for its fulfillment.
  3. Personal data may be transferred by the Controller to Third Countries, whereby the Controller undertakes to provide appropriate security measures for such transfer in order to ensure compliance with the GDPR. The Controller shall transfer the collected personal data only if and to the extent necessary to carry out the given purpose of the data processing in accordance with this Privacy Policy.
  4. Personal data of Customers of the Internet Shop may be transferred to the following third party subjects or categories of third party subjects:
    1. Carriers/forwarders/courier brokers - in case of a Customer who uses the courier method of Product delivery in the Online Store, the Controller shares the collected personal data of the Customer with a selected carrier, forwarder, or broker executing the shipment to the order of the Controller to the extent necessary to execute the delivery of the Product to the Customer.
    2. Third-party subjects responsible for handling electronic or credit card payments - in case of a Customer who uses the electronic or credit card payment method in the Online Store, the Controller shall make available the collected personal data of the Customer to a selected entity handling the aforementioned payments in the Online Store at the request of the Controller to the extent necessary to handle the payment executed by the Customer.
    3. Crediting entities - in case of a Customer who uses the installment payment method in the Internet Shop, the Controller makes available the collected personal data of the Customer to a chosen creditor servicing the aforementioned payments in the Internet Shop by order of the Controller to the extent necessary to service the payment made by the Customer.
    4. Entities enabling management and operation of the Online Store - in the case of a Customer who uses the Internet Shop and/or Blog, the Controller makes personal data available to third parties responsible for supporting the Controller's processes regarding the aforementioned websites. The scope of processing involves the need to handle direct requests from customers and potential customers, to operate the online store in terms of maintenance and development, as well as processing for analytical purposes.

Profiling

  1. The GDPR Regulation imposes an obligation on the Controller to provide information on automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR Regulation, and - at least in those cases - relevant information on the modalities of such decision-making, as well as on the significance and the envisaged consequences of such processing for the data subject. With this in mind, the Controller provides information on possible profiling in this section of the privacy policy.
  2. Profiling in the Online Store consists in automatic analysis or forecast of a given person's behavior on the website of the Online Shop, e.g. by adding a particular Product to the shopping basket, browsing the website of a particular Product in the Online Shop, or analysis of the past history of purchases made in the Online Shop. The condition of such profiling is that the Controller has the given person's personal data.
  3. The Controller can use profiling in the Online Store for direct marketing purposes, however, the Controller declares that decisions made on its basis by the Controller do not concern concluding or refusing to conclude an Agreement or the possibility of using Electronic Services in the Online Store. Consequently, profiling by the Controller shall have no influence on the offer the Customer receives or on its terms and conditions.

Data Subject’s rights

  1. Right of access, rectification, restriction, erasure or portability - the data subject has the right to request from the Controller access to his/her personal data, their rectification, erasure ("right to be forgotten") or restriction of processing and has the right to object to the processing, as well as has the right to data portability. Detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the GDPR Regulation.
  2. Right to withdraw consent at any time - a person whose data are processed by the Controller on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the legality of the processing that was performed on the basis of consent before its withdrawal.
  3. Right to file a complaint to the supervisory authority - the person whose data is processed by the Controller has the right to lodge a complaint to the supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation or applicable national law.
  4. Right to object - The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under those provisions. In that case, the controller shall no longer be permitted to process such personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
  5. Right to object to direct marketing - where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
  6. In order to exercise the rights referred to in this section of the Privacy Policy, you can contact the Controller by sending a proper message in writing or by e-mail to the Controller's address indicated at the beginning of the privacy policy or by using the contact form available at the Online Store website.

Cookies, operational data, and analytics

  1. Cookies are text files sent by a server and saved on the side of the person visiting the Online Store by means of a browser (the way the cookies are saved depends on the device used by the Customer).
  2. The Controller can process the data contained in the Cookies when the visitors use the website of the Online Shop for the following purposes:
    1. Identify Customers as logged in to the Online Store and show that they are logged in;
    2. Remembering the Products added to the basket in order to place an Order;
    3. Remembering data from completed Order Forms, surveys or login data to the Online Shop;
    4. Collecting anonymous statistics presenting the manner of use of the Online Shop website;
  3. The settings of the Internet browser regarding cookies are important from the point of view of Your consent to the use of cookies by our Online Store - according to the regulations, such consent can also be expressed through the settings of your Internet browser. If you do not agree to this, you should change your Internet browser's cookie settings accordingly.

Final Statement

The continued development of our websites including the Online Store and the implementation of new technologies to improve our service to you and your visitors to our websites and/or the Online Store may require changes to this Privacy Policy. We, therefore, recommend that you re-read this Privacy Policy from time to time to familiarize yourself with the current terms and conditions.