Privacy policy

This Privacy Policy sets out the rules for processing personal data obtained through the online store shielddefencesolution.com (hereinafter referred to as the “Online Store”).

The owner of the Online Store and at the same time the data controller is:

Milestone Technology Limited
Flat C, 6/F., The Aegean, 2 Tsing Fat Street
Hong Kong SAR, New Territories

Personal data collected by Shield Defence Solutions through the Online Store is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR).

Shield Defence Solutions takes special care to respect the privacy of Clients visiting the Online Store.

§1 Type of Processed Data, Purposes, and Legal Basis

Shield Defence Solutions collects information regarding:

  • natural persons performing a legal act not directly related to their professional activity,
  • natural persons conducting business or professional activities on their own behalf, and
  • natural persons representing legal entities or organizational units that are not legal persons but are granted legal capacity by law,

hereinafter collectively referred to as “Clients.”

Personal data of Clients is collected in the following cases:

  1. Using the chat service – for the purpose of performing a contract under which an electronic service is provided.
    Legal basis: Necessity for the performance of the contract for the provision of the chat service (Art. 6(1)(b) GDPR);
  2. Registering an account in the Online Store – for the purpose of creating and managing an individual account.
    Legal basis: Necessity for the performance of the contract for the provision of the Account service (Art. 6(1)(b) GDPR);
  3. Placing an order in the Online Store – for the purpose of performing the sales contract.
    Legal basis: Necessity for the performance of the sales contract (Art. 6(1)(b) GDPR);
  4. Subscribing to the newsletter (Newsletter) – for the purpose of performing the contract under which the Newsletter service is provided.
    Legal basis: Consent of the data subject for the performance of the contract for the provision of the Newsletter service (Art. 6(1)(a) GDPR);
  5. Using the “post a review” service – for the purpose of performing the contract under which the review service is provided.
    Legal basis: Necessity for the performance of the contract for the provision of the review service (Art. 6(1)(b) GDPR);
  6. Using the “ask about a product” service – for the purpose of performing the contract under which the service is provided.
    Legal basis: Necessity for the performance of the contract for the provision of the “ask about a product” service (Art. 6(1)(b) GDPR);
  7. Conducting customer satisfaction surveys.
    Legal basis: Necessity of processing for the legitimate interest of Shield Defence Solutions, which consists of ensuring and maintaining a high level of service and customer satisfaction with the products and services (Art. 6(1)(f) GDPR).

In the case of using the chat service, the Client may provide the following data:

  1. e-mail address;
  2. first name.

In the case of registering an account in the Online Store, the Client provides:

  1. e-mail address;
  2. first and last name.

During the account registration process, the Client independently sets an individual password for accessing their account. The Client may change the password later under the conditions described in §6.

When placing an order in the Online Store, the Client provides the following data:

  1. e-mail address;
  2. address details:
    1. postal code and city;
    2. country;
    3. street with house/apartment number;
  3. first and last name;
  4. phone number.

In the case of Entrepreneurs, the above data is additionally extended to include:

  1. the Entrepreneur’s company name;
  2. tax identification number (NIP).

When subscribing to the Newsletter service, the Client provides either their e-mail address or phone number – according to the Client’s choice.

When using the “post a review” service, the Client provides the following data:

  1. e-mail address;
  2. first name.

When using the “ask about a product” service, the Client provides only their e-mail address.

In the case of customer satisfaction surveys, Shield Defence Solutions processes the following data:

  1. e-mail address;
  2. order number.

While using the Online Store’s website, additional information may be collected, in particular: the IP address assigned to the Client’s computer or the external IP address of the Internet Service Provider, domain name, type of browser, access time, and type of operating system.

Navigation data may also be collected from Clients, including information about the links and references they choose to click or other actions taken in the Online Store.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR), aimed at facilitating the use of electronic services and improving their functionality.

In order to establish, pursue, and enforce claims, some personal data provided by the Client through the functionalities of the Online Store may be processed, such as: first name, last name, and data related to the use of services, if the claims arise from the manner in which the Client uses the services, as well as other data necessary to prove the existence of the claim, including the extent of the damage incurred.

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR), aimed at establishing, pursuing, and enforcing claims and defending against claims in court proceedings and other governmental actions.

Providing personal data to Shield Defence Solutions is voluntary; however, in connection with concluded sales contracts or the provision of services via the Online Store’s website, failure to provide certain data specified in the forms during Registration will prevent the registration and creation of the Client’s Account, and in the case of placing an order without registering an Account, will prevent the order from being placed and executed.

§2 To Whom the Data is Disclosed or Entrusted and How Long It is Stored

The Client’s personal data is transferred to service providers used by Shield Defence Solutions in operating the Online Store. Depending on contractual agreements and circumstances, these service providers either process the personal data solely on Shield Defence Solutions’s instructions (processors) or determine the purposes and means of processing the personal data independently (controllers).

  1. Processors:
    Shield Defence Solutions uses service providers who process personal data solely on Shield Defence Solutions’s instructions. These include, among others, providers of hosting services, accounting services, marketing systems, customer satisfaction survey systems, traffic analysis systems for the Online Store, and systems for analyzing the effectiveness of marketing campaigns.
  2. Controllers:
    Shield Defence Solutions uses service providers who do not act solely on Shield Defence Solutions’s instructions and determine the purposes and means of processing the Client’s personal data independently. These include providers of electronic payment and banking services.

Location:
Service providers are located in Poland and other countries within the European Economic Area (EEA).

Personal data of Clients is stored:

  1. When the legal basis for processing is consent:
    Personal data is processed by Shield Defence Solutions for as long as the consent is not withdrawn, and after withdrawal, for a period corresponding to the limitation period of any claims that Shield Defence Solutions may assert or that may be asserted against it. Unless specified otherwise by a particular provision, the limitation period is six years, and for periodic services or claims related to conducting business – three years.
  2. When the legal basis for processing is the performance of a contract:
    Personal data is processed by Shield Defence Solutions for as long as it is necessary to perform the contract, and thereafter for a period corresponding to the limitation period of claims. Unless specified otherwise by a particular provision, the limitation period is six years, and for periodic services or claims related to conducting business – three years.

In the case of a purchase in the Online Store, the personal data may be transferred, depending on the Client’s choice, to the following entities in order to deliver the ordered goods:

  1. courier companies;
  2. InPost Paczkomaty Sp. z o.o. based in Kraków, providing parcel locker delivery and service;
  3. Poczta Polska S.A. based in Warsaw;
  4. Ruch S.A. based in Warsaw, providing delivery services through sales points.

If the Client chooses to pay via the system przelewy24.pl, their personal data is transferred, to the extent necessary for processing the payment, to the company PayPro S.A. based in Poznań (60-327 Poznań, ul. Kanclerska 15), registered in the register of entrepreneurs maintained by the District Court in Poznań – Nowe Miasto i Wilda, Commercial Division VIII of the National Court Register under KRS No. 0000347935, NIP 7792369887, Regon 301345068.

Navigation data may be used to provide Clients with better service, conduct statistical analysis, tailor the Online Store to Clients’ preferences, and to manage the Online Store.

In the event that a Client subscribes to the newsletter, Shield Defence Solutions will send electronic messages containing promotional information and details about new products available in the Online Store.

In response to a request, Shield Defence Solutions may disclose personal data to authorized governmental bodies, in particular to the Public Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.

§3 Cookies Mechanism, IP Address

The Online Store uses small files known as cookies. These are stored by Shield Defence Solutions on the device of the visitor to the Online Store, provided that the web browser allows it. A cookie usually contains the name of its originating domain, its “expiration time,” and an individual, randomly generated number that identifies the cookie. Information collected via these files helps tailor the products offered by Shield Defence Solutions to the individual preferences and actual needs of visitors to the Online Store, as well as to compile general statistics on visits to the products showcased in the Online Store.

Shield Defence Solutions uses two types of cookies:

  1. Session Cookies:
    These are deleted from the Client’s device after the browser session ends or the computer is turned off. The session cookies mechanism does not allow the collection of any personal data or any confidential information from the Client’s computers.
  2. Persistent Cookies:
    These are stored in the Client’s device memory and remain until they are deleted or expire. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from the Client’s computers.

Shield Defence Solutions uses its own cookies for the following purposes:

  1. to authenticate the Client in the Online Store and maintain the Client’s session (after logging in), so that the Client does not have to re-enter their login credentials on every page of the Online Store;
  2. for analysis, research, and auditing viewership, in particular to create anonymous statistics that help understand how Clients use the Online Store, which in turn enables improvements to its structure and content.

Shield Defence Solutions uses third-party cookies for the following purposes:

  1. to display the “Rzetelny Regulamin” Certificate via the website rzetelnyregulamin.pl (the third-party cookie administrator: Rzetelna Grupa sp. z o.o. based in Warsaw);
  2. to display a map on the Online Store’s website showing the location of Shield Defence Solutions’s office, via the website maps.google.com (the third-party cookie administrator: Google Inc. based in the USA);
  3. to collect general and anonymous statistical data using Google Analytics (the third-party cookie administrator: Google Inc. based in the USA);
  4. to present advertisements tailored to the Client’s preferences using Google AdSense (the third-party cookie administrator: Google Inc. based in the USA);

The cookies mechanism is safe for the Client’s devices. In particular, it is not possible for viruses or any unwanted or malicious software to be transferred to the Client’s computers through cookies. Nevertheless, Clients can limit or disable access to cookies in their browsers. If this option is used, some functionalities of the Online Store that require cookies may not work.

Below are instructions on how to change the cookie settings for popular web browsers:

  1. Internet Explorer;
  2. Microsoft EDGE;
  3. Mozilla Firefox;
  4. Chrome and Chrome Mobile;
  5. Safari and Safari Mobile;
  6. Opera.

Shield Defence Solutions may collect Clients’ IP addresses. An IP address is a number assigned to the computer of the person visiting the Online Store by the Internet Service Provider. The IP number enables access to the Internet. In most cases, it is dynamically assigned (i.e., it changes with each connection to the Internet). Shield Defence Solutions uses the IP address for diagnosing technical server issues, creating statistical analyses (for example, to determine which regions generate the most visits), for managing and improving the Online Store, as well as for security purposes and the potential identification of servers being overloaded or unwanted automated programs Browse the Online Store’s content.

The Online Store contains links and references to other websites. Shield Defence Solutions is not responsible for the privacy policies in force on those sites.

§4 Rights of the Data Subjects

Right to Withdraw Consent

Legal basis: Art. 7(3) GDPR.

  1. The Client has the right to withdraw any consent given to Shield Defence Solutions.
  2. The withdrawal of consent takes effect from the moment of withdrawal.
  3. Withdrawing consent does not affect processing carried out lawfully before the withdrawal.
  4. Withdrawing consent does not entail any negative consequences for the Client, although it may prevent further use of services or functionalities that Shield Defence Solutions is legally permitted to provide only with consent.

Right to Object to Data Processing

Legal basis: Art. 21 GDPR.

  1. The Client has the right at any time to object – for reasons related to their specific situation – to the processing of their personal data, including profiling, if Shield Defence Solutions processes their data based on its legitimate interest (e.g., marketing Shield Defence Solutions’s products and services, conducting statistics on the use of particular functionalities of the Online Store, facilitating the use of the Online Store, or conducting customer satisfaction surveys).
  2. Sending an e-mail to opt-out of receiving marketing communications regarding products or services will constitute an objection by the Client to the processing of their personal data, including profiling, for those purposes.
  3. If the Client’s objection is deemed justified and Shield Defence Solutions does not have another legal basis for processing the personal data, the Client’s data subject to the objection will be deleted.

Right to Data Erasure (“Right to be Forgotten”)

Legal basis: Art. 17 GDPR.

  1. The Client has the right to request the deletion of all or some of their personal data.
  2. The Client may request the deletion of personal data if:
    1. the personal data is no longer necessary for the purposes for which it was collected or processed;
    2. the Client has withdrawn the specific consent upon which the processing was based;
    3. the Client has objected to the use of their data for marketing purposes;
    4. the personal data is processed unlawfully;
    5. the personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State to which Shield Defence Solutions is subject;
    6. the personal data was collected in connection with the provision of information society services.
  3. Notwithstanding a request for deletion of personal data, in connection with an objection or withdrawal of consent, Shield Defence Solutions may retain certain personal data to the extent that such processing is necessary for establishing, pursuing, or defending claims, or to comply with a legal obligation requiring processing under EU or national law. This specifically applies to personal data including: first name, last name, e-mail address (retained for handling complaints and claims related to Shield Defence Solutions’s services), or additionally, residential/correspondence address and order number (retained for handling complaints and claims related to concluded sales contracts or service provision).

Right to Restrict Data Processing

Legal basis: Art. 18 GDPR.

  1. The Client has the right to request the restriction of processing of their personal data. Until the request is examined, the use of certain functionalities or services that involve processing the data in question may be prevented. Shield Defence Solutions will also refrain from sending any communications, including marketing ones.
  2. The Client has the right to request the restriction of processing in the following cases:
    1. when disputing the accuracy of their personal data – in which case Shield Defence Solutions will restrict its use until the data’s accuracy is verified, but not for more than 7 days;
    2. when the data is processed unlawfully and, instead of deletion, the Client requests its restriction;
    3. when the personal data is no longer necessary for the purposes for which it was collected or used but is needed by the Client for establishing, pursuing, or defending claims;
    4. when the Client has objected to the use of their data – in which case the restriction applies for the time necessary to determine whether, given the Client’s particular situation, the protection of their rights and freedoms outweighs the interests pursued by the Controller in processing the personal data.

Right of Access

Legal basis: Art. 15 GDPR.

  1. The Client has the right to obtain confirmation from the Controller as to whether their personal data is being processed and, if so, has the right:
    1. to access their personal data;
    2. to obtain information about the purposes of the processing, the categories of personal data processed, the recipients or categories of recipients of the data, the planned period for which the data will be stored or, if that is not possible, the criteria used to determine that period, the rights available to the Client under the GDPR, and the right to lodge a complaint with a supervisory authority, as well as information about the source of the data, automated decision-making (including profiling) and the safeguards in place in connection with data transfers outside the European Union;
    3. to obtain a copy of their personal data.

Right to Rectification

Legal basis: Art. 16 GDPR.

  1. The Client has the right to request from the Controller the immediate rectification of any inaccurate personal data. Taking into account the purposes of the processing, the Client whose data is concerned has the right to request the completion of incomplete personal data, including by providing an additional statement, by directing the request to the e-mail address specified in §7 of the Privacy Policy.

Right to Data Portability

Legal basis: Art. 20 GDPR.

  1. The Client has the right to receive the personal data provided to the Controller in a structured, commonly used, and machine-readable format and to transmit that data to another data controller of their choice. The Client may also request that the personal data be transmitted directly by the Controller to such a data controller, where technically feasible. In such a case, the Controller will send the Client’s personal data in the form of a CSV file, which is a commonly used machine-readable format and enables the data to be transferred to another data controller.

In the event of a request by the Client based on the above rights, Shield Defence Solutions will either comply with the request or refuse it immediately, but in any event no later than one month after receipt of the request. However, if due to the complex nature of the request or the number of requests Shield Defence Solutions is unable to comply within one month, it will fulfill the request within the following two months, informing the Client at least one month in advance about the intended extension and its reasons.

Clients may submit complaints, inquiries, and requests concerning the processing of their personal data and the exercise of their rights to the Controller.

Clients have the right to request from Shield Defence Solutions a copy of the standard contractual clauses by directing their inquiry as indicated in §7 of the Privacy Policy.

Clients also have the right to lodge a complaint with the President of the Office for Personal Data Protection if they believe that their rights to data protection or other rights provided under the GDPR have been violated.

§5 Services Tailored to Preferences and Interests (Profiling)

Profiling means any form of automated processing of personal data that involves the use of personal data to evaluate certain personal aspects of a natural person, in particular for analyzing or forecasting aspects regarding that person’s work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movement.

The Client’s personal data may be processed in an automated manner (profiling); however, this will not produce any legal effects for the Client or similarly significantly affect their situation.

Shield Defence Solutions’s profiling involves both automated and manual processing of the Client’s data to evaluate certain information about the Client, in particular to analyze or forecast their personal preferences and interests.

To reach the Client with marketing communications outside the Online Store, Shield Defence Solutions uses the services of external providers. These services display marketing communications on websites other than the Online Store. In this case, external providers install, for example, a specific code or pixel to collect information about the Client’s activity on the Online Store. (Details regarding the cookies used are provided in §3.)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) aimed at tailoring marketing communications to the Client’s preferences and interests.

To reach the Client with marketing communications via the Online Store’s website, Shield Defence Solutions uses the services of external providers. These services display marketing communications on the Online Store’s pages. In this case, external providers install, for example, a specific code or pixel to collect information about the Client’s activity on the Online Store. (Details regarding the cookies used are provided in §3.)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) aimed at tailoring marketing communications to the Client’s preferences and interests.

§6 Security Management – Password

Shield Defence Solutions provides Clients with a secure and encrypted connection when transmitting personal data and when logging into their Client Account on the website. Shield Defence Solutions uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data transmitted over the Internet.

In the event that a Client with an account in the Online Store loses their password by any means, the Online Store enables the generation of a new password. Shield Defence Solutions does not send password reminders. Passwords are stored in encrypted form, in a way that prevents them from being read. To generate a new password, the Client must provide their e-mail address in the form available under the “I don’t remember my login or password” link provided on the Online Store’s login page. The Client will receive an e-mail at the address provided during registration or saved in the most recent profile update containing a link to a dedicated form on the Online Store’s website, where the Client can set a new password.

Shield Defence Solutions never sends any correspondence, including e-mails requesting login details or the Client’s password.

§7 Changes to the Privacy Policy

The Privacy Policy may be amended, and Shield Defence Solutions will inform Clients at least 7 days in advance of any changes.

Questions related to the Privacy Policy should be directed to:

contact@shielddefencesolution.com

Date of Last Modification: May 29, 2024