Privacy policy

1. Personal Data Controller

The controller of personal data is Cocomero, with its registered office at Skorupki 102/30, 85-156 Bydgoszcz, Poland, NIP: 5542877883, REGON: 529823048, e-mail address: info@sportalab.com.

2. Legal basis and purposes of data processing

Personal data is processed in accordance with:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”),
  • the Personal Data Protection Act and other applicable legal provisions.

Purposes of processing:

  1. order processing and transaction handling,
  2. creation and management of a customer account,
  3. handling complaints and returns,
  4. contact with the customer (e-mail, telephone, contact form),
  5. marketing activities (newsletter, promotional offers) – only based on the user’s consent,
  6. fulfilment of legal obligations (tax and accounting requirements).

3. Scope of collected data

We may process, among others:

  • first and last name,
  • e-mail address,
  • telephone number,
  • delivery address / billing address,
  • company details (VAT number, company name),
  • IP address (for security purposes and confirmation of consent).

4. Data recipients

Personal data may be shared with:

  • payment operators (e.g. Stripe),
  • courier and postal service providers,
  • the e-commerce platform provider (Shopify),
  • entities providing accounting, legal, marketing and analytical services (e.g. analytics or advertising tools providers) – solely on the basis of appropriate data processing agreements.

5. Data storage location

The store operates on the Shopify platform. The infrastructure of this platform may include servers located in various countries, including outside the European Economic Area (EEA).

In cases where data is transferred outside the EEA, appropriate safeguards compliant with GDPR are applied, in particular standard contractual clauses approved by the European Commission.

6. Data retention period

Personal data is stored:

  • for the duration of the contract and for the time necessary to pursue or defend legal claims,
  • for tax and accounting purposes – for the period required by applicable law,
  • for marketing purposes – until the user withdraws their consent.

7. User rights

The user has the right to:

  1. access their personal data,
  2. rectify, delete or restrict the processing of their data,
  3. object to the processing of their data,
  4. data portability,
  5. withdraw consent at any time,
  6. lodge a complaint with the President of the Personal Data Protection Office.

8. Voluntary provision of data

Providing personal data is voluntary; however, failure to provide data necessary to process an order may prevent its completion.

9. Cookies and tracking technologies

The store uses cookies and similar technologies in order to:

  • ensure the proper functioning of the website,
  • analyse traffic and statistics,
  • conduct marketing activities (e.g. remarketing and ad personalisation).

Detailed information regarding the use of cookies can be found in the separate Cookies Policy.

10. Transfer of data outside the European Economic Area

Due to the use of technological service providers, payment operators and marketing tools, personal data may be transferred to countries located outside the European Economic Area.

In such cases, the controller ensures an appropriate level of data protection by applying mechanisms compliant with GDPR, such as standard contractual clauses of the European Commission or adequacy decisions.

11. Profiling and automated decision-making

Personal data may be used for profiling for marketing purposes, such as tailoring advertising content or offers to the user’s interests.

Profiling does not produce legal effects concerning the user or similarly significantly affect them.