PRIVACY POLICY OF THE 1HUNDRED WEBSITE. ME

The online store 1hundred.me operating at https://1hundred.me/ is a website operated by 1hundred Sp. z o.o. with its registered office in Lublin, 3 Frezerów Street, 20-209 Lublin, Poland, NIP: 9462733902, REGON: 526845032, entered into the register of entrepreneurs of the National Court Register, kept by the District Court Lublin East in Lublin with its registered office in Świdnik, VI Commercial Division of the National Court Register under KRS number:  0001067592, with a share capital of PLN 10,000. 

This Policy sets out the terms and conditions of personal data processing, fulfils the information obligations incumbent on the personal data controller and sets out the principles of data security. 

The obligation to include information on the processing of personal data on the website results from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the so-called “GDPR”.

§1 DEFINITIONS

1. The definitions used in the Privacy Policy  of the https://1hundred.me/ website
2. ADMINISTRATOR – 1hundred Sp. z o.o. with its registered office in Lublin, 3 Frezerów Street, 20-209 Lublin, Poland. Contact with the Administrator is possible via the following e-mail address: support@1hundred.me
3. AFILIANT  – a natural person or an Entrepreneur with the rights of a consumer with full legal capacity, as well as on the terms and within the limits provided for by generally applicable laws, also a natural person with limited legal capacity, who is a Consumer or an Entrepreneur with Consumer Rights, who participates in or joins the Affiliate Program.
4. PERSONAL DATA – information about a natural person identified or identifiable by one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, the online identifier and information collected through cookies and other similar technology.
5. BUYER –  a natural person visiting the Website or using one or more services or functionalities described in the Policy. A consumer, entrepreneur or entrepreneur with the rights of a Consumer who concludes a sales contract in the Online Shop 1hundred.me/Kana 1hundered Online Stores; The Buyer is also the SERVICE RECIPIENT;
6. ENTREPRENEUR – Frezerów 3, 20-209 Lublin, Poland, NIP: 9462733902, REGON: 526845032, entered into the Register of Entrepreneurs of the National Court Register, kept by the District Court Lublin East in Lublin with its registered office in Świdnik, VI Commercial Division of the National Court Register under KRS number: 0001067592, with a share capital of PLN 10,000. The ENTREPRENEUR is at the same time a SERVICE PROVIDER or a SELLER;
7. POLICY –  this Privacy Policy – a document containing information addressed to Buyers about the scope of personal data collected and their use and processing in connection with the use by Buyers of the 1hundred.me Online Store and 1hundred Internet Channels, including in connection with concluding  and performing Contracts for the Sale and Delivery of Products. The document is available on the website of the Online Shop 1hundred.me operating at https://1hundred.me/
8. 1HUNDRED AFFILIATE PROGRAM – a loyalty program whose terms of participation are included in the Terms and Conditions of the 1HUNDRED Loyalty Program available on the website of the Online Store 1hundred.me operating at https://1hundred.me/;
9. 1HUNDRED LOYALTY PROGRAM – a loyalty program whose terms and conditions of participation are included in the Terms and Conditions of the 1hundred Loyalty Program available on the website of the Online Store 1hundred.me operating at https://1hundred.me/
10. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
11. WEBSITE – a website run by the Administrator at the address https://1hundred.me/
12. SELLER Frezerów 3, 20-209 Lublin, Poland, NIP: 9462733902, REGON: 526845032, entered into the Register of Entrepreneurs of the National Court Register, kept by the District Court Lublin East in Lublin with its registered office in Świdnik, VI Commercial Division of the National Court Register under KRS number: 0001067592, with a share capital of PLN 10,000. The Seller is also a SERVICE PROVIDER;
13. PARTICIPANT  – a natural person with full legal capacity, as well as a natural person with limited legal capacity, who is a Consumer or an Entrepreneur with Consumer Rights, who participates in or joins the Loyalty Program, on the terms and within the limits provided for by generally applicable law.
14. USER – a natural person who is a Consumer or an Entrepreneur with Consumer Rights, who uses the Administrator’s Website. 

§2 PROCESSING OF PERSONAL DATA

1. In connection with the use of the Website by natural persons, the Administrator collects data to the extent necessary to provide individual services offered. The detailed rules and purposes of the processing of Personal Data collected during the use of the Website by the User are described below.
2. Personal data of all persons using the Website are processed by the Administrator:
   1. in order to provide services by electronic means in the scope of making the content collected on the Website available to Users, selling products to Buyers and implementing the Affiliate Program and the Loyalty Program – then the legal basis for processing is the necessity of processing for the performance of the contract (Article 6(1)(b) of the GDPR);
   2. in order to establish and pursue claims or defend against claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in the protection of its rights.
   3. The Administrator provides the possibility to contact him using the electronic contact form. The use of the form requires the provision of Personal Data necessary to contact the User and respond to the inquiry. You may also provide other data in order to facilitate contact or handling your inquiry. Providing data marked as mandatory is required in order to accept and handle the inquiry, and failure to provide it will result in the inability to handle it. Providing other data is voluntary.
   4. Placing an order for products in the assortment of the Online Store 1hundred.me requires registration in accordance with the provisions of these Terms and Conditions. For this purpose, the Buyer/Service Recipient fills in the on-line registration form, providing their e-mail address, a password of their choice consisting of eight characters and a telephone number (voluntarily), and is also obliged to accept the terms and conditions of the Online Store. 
   5. In order to register in the Affiliate Program, the Organizer requires the following information: name, surname, e-mail address and mobile phone number. Optionally, you can enter your date of birth. 
   6. In order to register in the Loyalty Program, the Organizer requires the following to provide: name, surname, e-mail address and mobile phone number. Optionally, you can enter your date of birth. 
   7. The Service Provider uses cookies to collect information related to the use of the Online Shop by the Service Recipient in order to maintain the session of the logged-in Service Recipient and to keep viewing statistics of the Online Shop’s subpages. The Service Recipient can delete the cookies placed or block the placement of cookies at any time using the options available in their web browser.  
   8. The Buyer/Service Recipient is obliged, in the process of registering the Account, i.e. in the registration form, to provide only truthful and up-to-date data. The Participant is obliged to update the data provided each time they change.
3. Personal data is processed for the purpose of identifying the sender and handling their inquiry sent via the form provided – the legal basis for the processing is the necessity of processing for the performance of the contract for the provision of services (Article 6(1)(b) of the GDPR); in the case of the data provided optionally, the legal basis for the processing is consent (Article 6(1)(a) of the GDPR).
4. The User’s personal data may also be used by the Controller to direct marketing content to the User through various channels, i.e. via e-mail, MMS/SMS. Such actions are taken by the Administrator only if the User has given their consent, which may be withdrawn at any time.
5. Personal data is processed:
   1. in order to send the ordered commercial information – the legal basis for processing, including with the use of profiling, is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) in connection with the consent;
   2. for analytical and statistical purposes – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses of the Users’ activity on the Website in order to improve the functionalities used.

§3 COOKIES

1. The Administrator uses cookies as part of the Website. The purposes and rules for the use of cookies can be found in the Cookies Policy.

§4 PERIOD OF PERSONAL DATA PROCESSING

1. The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service, until the consent is withdrawn or an effective objection to the processing of data is submitted in cases where the legal basis for data processing is the legitimate interest of the Administrator.
2. The period of data processing may be extended if the processing is necessary to establish and pursue possible claims or defend against claims, and after this time only in the case and to the extent that it is required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymised.

§5 USER RIGHTS

1. The User has the right to access the content of the data and request their rectification, deletion, restriction of processing, the right to transfer data and the right to lodge a complaint with the supervisory authority dealing with the protection of Personal Data.
2. The User also has the right to object to the processing of data, which is based on the legitimate interest of the Administrator.
3. To the extent that the User’s data is processed on the basis of consent, this consent may be withdrawn at any time by contacting the Administrator via e-mail.

§6 RECIPIENTS OF PERSONAL DATA

1. In connection with the provision of services, Personal Data will be disclosed to external entities, including in particular IT service providers allowing for the proper use of the Website.
2. If the User’s consent is obtained, his/her data may also be made available to other entities for their own purposes, including purposes necessary for marketing activities on social media channels, including, but not limited to: Facebook, Pinterest, LinkedIn, YouTube, Instagram, TikTok, redirecting to the Online Store’s website or collecting information about Users (names, surnames, image) following the Website’s profiles and commenting on entries.
3. As part of the service of delivering e-mails with notifications and messages informing about new products, personal data will be made available to the e-mail operator providing the marketing automation service. 
4. As part of customer service, the Administrator uses DHL and InPost courier companies or other service and trade outlets where it is possible to collect Products purchased by Buyers.
5. The recipients of the data may be the operators of the PayU or Stripe payment systems acting as intermediaries in the settlements. By agreeing to make an online payment, the User gives consent to the selected operator to process their data related to the execution of the transaction. 
6. The Administrator reserves the right to disclose selected information concerning the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with the provisions of applicable law.

§7 TRANSFER OF PERSONAL DATA OUTSIDE THE EEA

1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only when it is necessary and with an adequate level of protection, primarily by: 
   1. cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the adequacy of Personal Data protection;
   2. the use of standard contractual clauses issued by the European Commission;
   3. application of binding corporate rules approved by the competent supervisory authority.
   4. The Controller shall always inform about the intention to transfer Personal Data outside the EEA at the stage of collection.

§8 SECURITY OF PERSONAL DATA

1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller transfers Personal Data outside the EEA only if:
   1. The Controller applies technical and organizational data protection measures that are adequate to the purposes and methods of data processing, resulting from the profile of activity and the category of processed data.
   2. The Controller conducts a risk analysis on an ongoing basis in order to ensure that Personal Data is processed by the Controller in a secure manner – ensuring, first of all, that only authorized persons have access to the data and only to the extent that it is necessary due to the tasks performed by them.
   3. The Administrator shall ensure that all operations on Personal Data are registered and performed only by authorized employees and associates.
   4. The Controller shall take all necessary measures to ensure that its subcontractors and other cooperating entities guarantee the application of appropriate security measures in each case when they process Personal Data on behalf of the Controller.
2. The Administrator applies cybersecurity protection measures, ensures regular updates of the system used in the operation of the https://1hundred.me/ Website,  and examines the resistance of security against cyber threats.

§9 CHANGES TO THE PRIVACY POLICY

1. The scope and compliance of the Policy with the law and the actual state of affairs is verified on an ongoing basis.
2. The current version of the Policy is effective as of 15 December 2023.