All capitalized terms used but not defined herein shall have the respective meanings given to them in the Terms of Service.
The Controller of personal data collected by the Online store slf24.co.uk is SMART LINE FURNITURE 24 limited liability company. You can contact us via email [email protected] or contact form available via https://slf24.co.uk/contact.
Personal data in the Online Store are processed by the Controller in accordance with applicable laws, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation".
The use of the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the Customer using the Online Store is voluntary, but it may be a necessary condition if any of the following situations occur:
the Controller's statutory obligation - providing the personal data is a legal requirement stemming from generally applicable laws that impose an obligation to process personal data on the Controller (e.g. processing of data for the purpose of keeping tax or accounting books), and failing to provide such data will prevent the Controller from performing those obligations.
The controller shall take special care to protect the interests of the persons whose personal data it processes, and in particular shall be responsible for and ensure that the data it collects are:
collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes;
are substantively correct and adequate to the purposes for which they are processed;
kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing; and
processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by means of appropriate technical or organizational measures.
Having regard to the nature, scope, context, and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Controller shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to be able to demonstrate it. The Controller shall apply technical measures to prevent the acquisition and modification by unauthorized persons, of personal data transmitted electronically.
Information collected by SLF24
SLF24 may collect two categories of data:
Personal Data including but not limited to name, last name, email address, contact details, delivery address;
Non-Personal Data such as browser type, the web page visited before or after You came to Our Website, information You search for on the Website and interactions with the Service.
If You wish to remain anonymous during our Website or Blog access, use Incognito mode in Your browser. Please be aware that using some features of our Online Store will require sharing your personal data with us.
If you communicate with us regarding products or purchase issues (e.g. product, opinions, product details, or delivery) and other topics by phone, post, social media, contact forms, email, or any other medium, we collect the content of your messages.
Purpose, legal basis, retention of personal data, and scope of processing of personal data by SLF24
SLF24 may process personal data for the following purposes, on the following grounds, during the following periods and to the following extent:
Performance of the Terms of Service (sale agreement), an agreement for the provision of Electronic Services or taking action at the request of the data subject prior to entering into the above-mentioned agreements. The legal basis for data processing for this purpose is Article 6(1)(b) of the GDPR Regulation (performance of a contract). The data shall be stored for the period necessary to execute, terminate, or otherwise expire the concluded agreement. The scope of data processing is as follows: first and last name; e-mail address; contact telephone number; delivery address (street, house number, apartment number, postal code, city, country), address of residence/business/office (if different from the delivery address). For Service Customers who are not consumers, the Controller may additionally process the company name and tax identification number of the non-consumer party to the agreement. The purposes of the necessary data processing, therefore, depend on the purpose of the contract agreed with you (including our Terms of Service and any service-specific terms and conditions) or services requested by you. The most important purposes are:
the provision of messages, reports, newsletters, and other direct communication, insofar as these are an integral component of our contractual services or the services requested by you.
The guarantee of the general security, operability, and stability of our service including defense from attacks. Non-promotional communication with you on technical, security-related and contractually relevant subjects (e.g. fraud warnings or account blocking).
Marketing purposes. The legal basis for processing data for this purpose is Article 6(1)(a) of the GDPR Regulation (consent). The data are stored until the data subject withdraws consent to further processing of their data for this purpose. The scope of data processing: first name, e-mail address.
Direct marketing. The legal basis for data processing for this purpose is Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller). The data shall be stored for the period of existence of the legally justified interest pursued by the Controller, however, no longer than the below-included limitation: period for claims related to business activities in three years, and for a sales contract - two years. Scope of data processing: e-mail address, name, and surname.
Customer's reviews about the purchase. The legal basis for data processing for this purpose is Article 6(1)(a) of the GDPR Regulation (consent). The data is stored until the data subject withdraws his consent to further processing of his data for this purpose. Scope of data processing: e-mail address, name, and surname.
Recipients of personal data - data processors
For the proper functioning of the Online Store, including the purchase performed by the Customer, it is necessary for the Controller to use the services of third parties (e.g. software provider, courier, or payment processor). The Controller shall only use the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that the processing complies with the requirements of the GDPR Regulation and protects the rights of data subjects. Furthermore, the Controller secures the transfer of personal data by means of adequate contracts and/or other security measures depending on the nature of the data and the processing.
The Controller shall engage processors of data only if it is necessary for the fulfillment of a given purpose and only to the extent necessary for its fulfillment.
Personal data of Customers of the Internet Shop may be transferred to the following third party subjects or categories of third party subjects:
Carriers/forwarders/courier brokers - in case of a Customer who uses the courier method of Product delivery in the Online Store, the Controller shares the collected personal data of the Customer with a selected carrier, forwarder, or broker executing the shipment to the order of the Controller to the extent necessary to execute the delivery of the Product to the Customer.
Third-party subjects responsible for handling electronic or credit card payments - in case of a Customer who uses the electronic or credit card payment method in the Online Store, the Controller shall make available the collected personal data of the Customer to a selected entity handling the aforementioned payments in the Online Store at the request of the Controller to the extent necessary to handle the payment executed by the Customer.
Crediting entities - in case of a Customer who uses the installment payment method in the Internet Shop, the Controller makes available the collected personal data of the Customer to a chosen creditor servicing the aforementioned payments in the Internet Shop by order of the Controller to the extent necessary to service the payment made by the Customer.
Entities enabling management and operation of the Online Store - in the case of a Customer who uses the Internet Shop and/or Blog, the Controller makes personal data available to third parties responsible for supporting the Controller's processes regarding the aforementioned websites. The scope of processing involves the need to handle direct requests from customers and potential customers, to operate the online store in terms of maintenance and development, as well as processing for analytical purposes.
Profiling in the Online Store consists in automatic analysis or forecast of a given person's behavior on the website of the Online Shop, e.g. by adding a particular Product to the shopping basket, browsing the website of a particular Product in the Online Shop, or analysis of the past history of purchases made in the Online Shop. The condition of such profiling is that the Controller has the given person's personal data.
The Controller can use profiling in the Online Store for direct marketing purposes, however, the Controller declares that decisions made on its basis by the Controller do not concern concluding or refusing to conclude an Agreement or the possibility of using Electronic Services in the Online Store. Consequently, profiling by the Controller shall have no influence on the offer the Customer receives or on its terms and conditions.
Data Subject’s rights
Right of access, rectification, restriction, erasure or portability - the data subject has the right to request from the Controller access to his/her personal data, their rectification, erasure ("right to be forgotten") or restriction of processing and has the right to object to the processing, as well as has the right to data portability. Detailed conditions for exercising the rights indicated above are indicated in Articles 15-21 of the GDPR Regulation.
Right to withdraw consent at any time - a person whose data are processed by the Controller on the basis of expressed consent (pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR Regulation) has the right to withdraw consent at any time without affecting the legality of the processing that was performed on the basis of consent before its withdrawal.
Right to file a complaint to the supervisory authority - the person whose data is processed by the Controller has the right to lodge a complaint to the supervisory authority in the manner and mode specified in the provisions of the GDPR Regulation or applicable national law.
Right to object - The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling under those provisions. In that case, the controller shall no longer be permitted to process such personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
Right to object to direct marketing - where personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
Cookies, operational data, and analytics
Cookies are text files sent by a server and saved on the side of the person visiting the Online Store by means of a browser (the way the cookies are saved depends on the device used by the Customer).
The Controller can process the data contained in the Cookies when the visitors use the website of the Online Shop for the following purposes:
Identify Customers as logged in to the Online Store and show that they are logged in;
Remembering the Products added to the basket in order to place an Order;
Remembering data from completed Order Forms, surveys or login data to the Online Shop;
Collecting anonymous statistics presenting the manner of use of the Online Shop website;