Privacy policy

§ 1 General provisions

1. The administrator of the personal data of the users of the website located at the domain www.icea-group.com is ICEA S.A. with its registered seat at ul. Polska 114, 60-401 Poznań, (hereinafter: “Administrator”).
2. Contact with the Administrator is possible:
   (1) at e-mail address: office@icea-group.com,
   
   (2) in writing, to the Administrator’s address: ul. Polska 114, 60-401 Poznań.

3. The purpose of the Policy is to define the actions taken with respect to personal data collected through the Administrator’s website and related services and tools used by its users, as well as in the activity of entering into and performing contracts in contact outside the website.
4. If necessary, the provisions of this Policy may be amended. The change will be communicated to users by announcing the new content of the Policy, and in the case of the base of persons who have consented to the processing of data by e-mail or have provided e-mail data in the performance of contracts, they will also be notified of the change by e-mail.

§ 2 Basis for processing, purposes and storage of personal data

1. We process your personal information in accordance with the laws and regulations under both the United States as a whole and individual state privacy laws, including the U.S. Privacy Act of 1974 (and its subsequent amendments), the Children’s Online Privacy Protection Act (COPPA), the Gramm- Leach-Bliley Act (to the extent it allows entities the right to opt-out of data transfers to third parties), the Federal Trade Commission Act of 1914 (to the extent judgments under it affect users’ right to online privacy under Section 5), California Consumer Privacy Act of 2018 (to the extent it covers users originating in the State of California), Massachusetts Data Privacy Law (S-120) (to the extent it covers users originating in the State of Massachusetts), New York Privacy Act (S5642) (to the extent it covers users originating in the State of New York), Hawaii Consumer Privacy Protection Act (SB 418) (to the extent it covers users originating in the State of Hawaii), Maryland Online Consumer Protection Act (SB 613) (to the extent it covers users originating in the State of Maryland), North Dakota (HB 1485) Act (to the extent it covers users originating in the State of North Dakota).
2. In the case of processing of personal data on the basis of an e-mail or a complaint sent by the user, such processing shall be carried out in accordance with which processing is necessary in order to take action at the request of the data subject.
3. In the case of obtaining a separate consent of the user, his personal data can be processed by the administrator also for marketing purposes, including in order to send commercial information electronically to the e-mail address specified by the user.
4. In the case of conclusion and performance by the Administrator of a sales contract or a contract for the provision of services, the other party shall be obliged to provide the data necessary for the conclusion of the contract (which is a contractual requirement, and in terms of tax numbers also a statutory requirement) and for this purpose the Administrator processes personal data.
5. In the case of research and analysis for the purpose of improving the performance of available services (e.g. tracking tools), the user’s consent is indicated as the basis for data processing.
6. Users’ personal data are stored no longer than necessary to achieve the purpose of processing, i.e. until the withdrawal of consent if the processing is based on such consent, until the statute of limitations of claims of the Administrator and the other party for the execution of concluded agreements (in the case of sales contracts/service contracts, 2 years, counting from the end of the year) and until the execution of the inquiry directed by e-mail or the completion of complaint handling.
7. To the extent necessary for the proper functioning of the website, its functionality and the proper performance of the payment operation (if such is carried out by the website), the website uses the User’s metadata. Metadata means the process of reading and recognizing by the website’s IT system the configuration and components of the computer used by the user in order to adjust the website to its capabilities and to establish a secure connection between the user’s computer and the website. It is important to note that this metadata cannot identify you personally and is not harmful to any data stored on your computer. Nevertheless, the User is entitled to withdraw his or her consent to the processing of metadata at any time by configuring his or her browser accordingly or by downloading the relevant plug-in provided by the browser’s manufacturer. To do so, please consult the software manufacturer and its recommendations.
8. The Administrator may use profiling for direct marketing purposes, but the decisions made on its basis by the Administrator do not concern conclusion or refusal of a contract or the possibility of using electronic services. The use of profiling may result, for example, in a person being granted a discount, being sent a discount code, being reminded of unfinished purchases, being offered a product that may match the person’s interests or preferences, or being offered better terms than the standard offer. Despite the profiling, it is up to the individual to decide whether they want to take advantage of the discount or better terms and make a purchase. Profiling consists in automatic analysis or prediction of a given person’s behavior on the Administrator’s website, e.g. by adding a particular product to the shopping cart, browsing a particular product page or analysis of the previous activity history on the website. Such profiling is conditioned by the fact that the Administrator has the personal data of a given person in order to be able to send him/her e.g. a discount code.
9. To the extent necessary for the proper functioning of the website, its functionality, the website may, when used by the User, collect other information, including but not limited to:
   1. IP address;
   2. device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising [“IDFA”] or advertising identifier on an Android device [“AAID”]),
   3. platform type,
   4. settings and components,
   5. installed software
   6. presence of necessary plug-ins;
   7. approximate geolocation data (compiled from IP address or device settings);
   8. browser data, including browser type and preferred language;

10. Having regard to the nature, scope, context and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Administrator shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with the Regulation and to be able to demonstrate it. These measures shall be reviewed and updated as necessary. The Administrator shall apply technical measures to prevent the acquisition and modification by unauthorized persons, of personal data transmitted electronically.

§ 3 Data sharing

1. The Administrator shall ensure that any personal information collected is used to fulfill obligations to users. This information will not be shared with third parties except where:
   1. the explicit consent of the data subjects to do so is given beforehand, or
   2. if an obligation to provide such data is or will be imposed by applicable law, such as law enforcement agencies
2. In addition, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
   • service providers supplying the Administrator with technical, IT and organisational solutions enabling the Administrator to carry out its business activities, including the website and the electronic services provided through it (in particular, computer software providers, marketing agencies, email and hosting providers, business management and technical support software providers to the Administrator and the product delivery operator) – the Administrator shall make the collected personal data of the Customer available to the selected provider acting on its behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.
   • accounting, legal and advisory service providers providing the Administrator with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection agency) – the Administrator shares the collected personal data of the Client with a selected provider acting on its behalf only if and to the extent necessary to realize a given purpose of data processing in accordance with this privacy policy.
3. The Administrator may share anonymized data (i.e. data that does not identify specific Users) with external service providers in order to better identify the attractiveness of advertisements and services for Users, and in this regard, due to the location of the software providers, the data may be transferred – subject to protection – to third countries. These entities in the case of the Administrator are:
   • Google LLC. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyse web site statistics, Google Tag manager: used to manage scripts by easily adding code fragments to a website or application and track users’ actions on the website, Google Ads: used to display sponsored links in the Google search engine results and on the websites cooperating within the Google AdSense programme,
   • Facebook Inc. (registered office address: Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA) for the Facebook pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build an audience list targeted for future ads.
4. Third-party analytics technologies integrated into Administrator services (including SDKs [Software Development Kits] and APIs [Application Program Interfaces]) may combine data collected in connection with your use of Administrator websites with information they have collected separately over time and/or across platforms. Many of these companies collect and use information under their own data protection policies, which can be found on their websites. The Administrator encourages you to review these policies.
5. The Administrator’s website may use the functionality of Google Analytics, a website audience analysis service provided by Google, LLC. (“Google”). Google Analytics uses cookies to help website operators analyze how visitors use the website. The information generated by the cookie about your use of the website is generally transmitted to and stored by Google on servers in the United States. According to current IT standards, the IP addresses of users visiting the Administrator’s website are shortened. On behalf of the Administrator, Google will use this information for the purpose of evaluating the website for its users, compiling reports on website activity and providing other services relating to website activity and internet usage to website operators. Google will not associate the IP address transmitted as part of Google Analytics with any other data held by Google. For more information on how Google Analytics collects and uses data, please visit Google’s official website at www.google.com/policies/privacy/partners. In addition, each User can prevent Google from collecting and processing data about their use of the website by downloading and installing a browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.

§ 4 User Privileges

1. The user whose personal data is processed has the right to:
   1. access, rectification, restriction, erasure or portability – The data subject has the right to request from the Administrator access to his or her personal data, rectification, erasure (“right to be forgotten”) or restriction of processing and has the right to object to processing, and has the right to data portability.
   2. withdrawal of the consent at any time – the person whose data are processed by the Administrator on the basis of an expressed consent has the right to withdraw the consent at any time without affecting the legality of the processing performed on the basis of the consent before its withdrawal.
   3. lodge a complaint with a supervisory authority – the person whose data is processed by the Administrator has the right to lodge a complaint with the relevant supervisory authority in the manner and procedure prescribed by federal or state law. In addition to the above, if interested parties have any questions or concerns regarding this Privacy Policy, they are invited to contact the our Privacy Department.
      iCEA GROUP INTERNATIONAL
      19 W 34TH SUITE 1018
      NEW YORK, NY 10001

      If you have further questions or concerns about this policy, or if you believe that this policy or applicable data protection laws have not been followed, you may submit a complaint to our Privacy Department listed above and the Administrator will respond promptly with information about who will handle the matter and when to expect a further response. The Administrator reserves the right to ask the user for additional information regarding the inquiry or complaint referred, and to keep a record of the inquiry and all actions taken regarding it. In the event that the Administrator’s investigation or any resulting remedies are unsatisfactory, you have the right to make a written complaint to the relevant state or federal authorities;

   4. objection – The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her, including profiling pursuant to these provisions. The Administrator shall in that case no longer be permitted to process such personal data unless the Administrator demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of claims.
   5. objection to direct marketing – if personal data are processed for the purposes of direct marketing (based on the legitimate interest of the Administrator, not on the basis of the data subject’s consent), the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling, to the extent that the processing is related to such direct marketing.
2. Exercise of the above rights is based on the request of the user sent to the e-mail address office@icea-group.com. Such a request should contain the name and surname of the user.
3. The user ensures that the data provided or published by him in the service is correct.

§ 5 Cookies

1. Cookies are understood to be computer data, in particular text files, stored on the end user’s device (usually on the computer’s hard drive or mobile device) used to store certain settings and data by the user’s browser in order to use websites. These files allow for recognition of the user’s device and appropriate display of the website, ensuring comfort during its use. The storage of cookies enables the website and the offer to be tailored to your preferences. The server recognises and remembers your preferences, such as visits, clicks and previous actions.
2. Cookies include, in particular, the domain name of the website from which they originate, the time of storage on the terminal device and a unique number used to identify the browser from which you connect to the website.
3. Cookies are used for:
   1. adjusting the content of websites to user preferences and optimize the use of websites,
   2. creating anonymous statistics, which by helping to determine how a user uses websites allow for improving their structure and content,
   3. providing website users with advertising content tailored to their interests.

      Cookies are not used to identify users and their identity is not determined on their basis.

4. The basic division of Cookies is their distinction into:
   1. Essential cookies – these are absolutely necessary for the proper functioning of the website or the functionality you wish to use, as without them we would not be able to provide many of the services we offer. Some of them also ensure the security of the services we provide electronically.
   2. Functional cookies – are important for the functioning of the website due to the fact that:

      – they serve to enrich the functionality of websites; without them a website will work correctly, but will not be adapted to the user’s preferences,

      – they serve to ensure a high level of functionality of the website; without them the level of functionality of the website may decrease, but their absence should not prevent the complete use of the website

      – serve the majority of website functionality; their blocking will cause that some functions will not work properly.

   3. Business cookies – make it possible to implement the business model on the basis of which the website is made available; their blocking will not make the entire functionality unavailable, but may lower the level of service provision due to the website owner’s inability to realise revenues subsidising its operation. Advertising cookies, for example, fall into this category.
   4. Cookies for website configuration – they allow setting functions and services on websites.
   5. Cookies for website security and reliability – to verify the authenticity and optimize website performance.
   6. Authentication cookies – allow you to be notified when you are logged in so that the website can show you relevant information and features.
   7. Session status cookies – these cookies enable us to record information about how users use a website. They may relate to the most frequently visited pages or possible error messages displayed on some pages. Session state cookies help to improve our services and make browsing more comfortable.
   8. Cookies for website processes – they allow efficient operation of the website and its functions.
   9. Ad serving cookies – allow ads to be displayed that are more interesting to users and more valuable to publishers and advertisers; cookies may also be used to personalize advertising, and to display ads outside of websites.
   10. Location-aware cookies – Allows you to customize the information displayed to your location.
   11. Cookies for analysis, research or audience auditing – allow the owner of websites to better understand the preferences of their users and through analysis improve and develop products and services. Usually the website owner or research company collects information anonymously and processes data on trends without identifying the personal data of individual users.
   12. Harmless cookies – includes cookies necessary for the proper functioning of the website and needed to enable the functionality of the website, but their action has nothing to do with tracking the user.
   13. Research cookies – used to track users, but do not include information that allows (without other data) to identify a specific user.

5. The use of cookies to adapt the content of websites to user preferences does not, in principle, mean the collection of any information to identify the user, although this information may sometimes have the nature of personal data, i.e. data allowing the attribution of certain behaviors to a particular user. Personal data collected using Cookies may only be collected in order to perform specific functions for the user. Such data is encrypted in a manner that prevents unauthorized access.
6. Cookies used by this website are not harmful to the user or the terminal device used by him, so in order for the website to function properly it is recommended not to disable their use in browsers. In many cases, software used to browse the Internet (web browser) by default allows to store information in the form of “cookies” and other similar technologies on the user’s terminal device. The user can change the way the browser uses cookies at any time. In order to do so, the browser settings must be changed. The method of changing the settings varies depending on the software (web browser) used. Relevant instructions can be found on the subpages, depending on the browser you use.
7. Cookies are also used to facilitate logging into a user’s account, including via social media, and to enable switching between subpages on websites without having to log in again on each subpage. At the same time, Cookies are used to secure websites, e.g. to prevent access by unauthorized persons.
8. As part of its cookie technology, Administrator may use tracking pixels or clear GIF files to collect information about how users use its services and how they respond to marketing messages sent by email. A pixel is a piece of software code that allows an object, usually a pixel-sized image, to be embedded on a page, which provides the ability to track user behavior on the web pages on which it is deployed. When the appropriate consent is given, the browser automatically establishes a direct connection with the server that stores the pixel, so the processing of data collected by the pixel is done within the framework of the data protection policy of the partner who administers the aforementioned server.
9. Administrator may use Internet log files (which contain technical data such as your IP address) to monitor traffic on its services, troubleshoot technical problems, detect and prevent fraud, and enforce the User Agreement.
10. The Administrator informs you that the site does not respond to Do Not Track (DNT) signals; however, you may disable certain forms of online tracking, including certain analytics and personalized advertising, by changing the cookie settings in your browser or using our cookie consent tools (if applicable).
11. Detailed information on changing the settings for cookies and their independent deletion in the most popular web browsers are available in the help section of your browser and on the following pages (just click on the link):

    Chrome

    Firefox

    Opera 

    Safari

    Microsoft Edge

12. Please refer to the user guide for your mobile device for details on how to manage cookies on your cell phone or other mobile device.

Appendix to the Privacy Policy applicable only to users from the State of California.

1. Supplemental privacy notice for California residents

This Supplemental Privacy Notice supplements the information in our Privacy Policy and applies only to California residents. It applies to personal information we collect (e.g., information collected offline, in person, and by phone). However, it does not apply to personal information we collect from our employees or job applicants.

California law, including the California Consumer Privacy Act of 2018 and related regulations (“CCPA”), requires us to disclose information regarding the categories of personal information we have collected about California consumers, the categories of sources from which the information was collected, the business or commercial purposes (as those terms are defined in applicable law) for which the information was collected, and the categories of parties with whom we share personal information.

2. California data collection information

We or our service providers may collect the following categories of information for the following business or commercial purposes (as those terms are defined by applicable law):

• to provide the Services (e.g., account operation and maintenance, customer service, analytics and communications about the Services);
• our or our service provider’s operational purposes;
• auditing consumer interactions on our Site;
• detecting, protecting and prosecuting security incidents and fraudulent or illegal activity;
• error detection and error reporting;
• customizing content displayed by us or our service providers on the Services;
• improving existing Services and developing new Services (e.g., by conducting research to develop new products or features);
• other uses that advance our commercial or business interests, such as providing you with information about relevant products and services available to you from third party partners; or
• other uses of which we inform you.

Examples of these types of uses are set forth below and discussed more generally in our Privacy Policy above. We may also use the following categories of personal information to comply with applicable laws and regulations, and we may combine information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent the identification of a particular user or device.

3. “Don’t sell my personal information”

California residents can opt out of having their personal information “sold.” We sell some of your information to third parties to provide you with offers, promotions and opportunities that may be of interest to you.

Under the CCPA, sales are defined to include allowing third parties to receive certain information, such as cookies, your IP address, and/or your browsing behavior, in order to deliver targeted advertisements on the Services or other services. Ads, including targeted ads, enable us to provide you with certain content for free and allow us to make offers relevant to you.

Depending on the Services you use, we may transfer the following categories of Personal Data to third parties for these purposes:

1. For online targeted advertising purposes: demographic and statistical information, user-generated content, device information and identifiers, browser and usage data, geolocation, and social media information.
2. Sharing with third parties to send relevant offers, products, promotions and opportunities: contact and registration information, demographic and statistical information, employment and education data, user-generated content, device information and identifiers, browser and usage data, geolocation.

If you wish to opt out of our use of your information for such purposes, which are considered “sales” under California law, you may do so as described on the following page: Do Not Sell My Personal Information. You may also request to opt out of the sale by emailing us at office@icea-group.com. Please note that we do not knowingly sell personal information of minors under the age of 16 without legally required affirmative consent.

4. Consumer Rights of California

If you are a California resident, you may have certain rights. California law may allow you to request that we:

1. Provided the categories of personal information we have collected or disclosed about you in the past twelve months; the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we have shared your personal information.
2. Provided access to and/or copies of certain information we have about you.
3. Have deleted certain information we hold about you.

Before responding to a request, we will take reasonable steps to verify your identity, which may include, at a minimum, depending on the sensitivity of the information requested and the type of request, verification of your name, email address and physical address.

You also have the right to designate an authorized representative to make certain requests on your behalf. In order for us to verify an authorized representative, you must provide the representative with a signed, written authorization or power of attorney to make such requests. We may also contact you to verify your identity before processing your representative’s request.

If you would like more information about your rights under California law or wish to exercise any of them, please email us at office@icea-group.com.

You may have the right to receive information about financial incentives we offer (if any). You also have the right not to be discriminated against (under applicable law) in connection with the exercise of certain of your rights. Certain information may be exempt from such a request under applicable law. We need certain types of information so that we can provide the Services to you. If you ask us to remove them, you may no longer be able to access or use the Services.

5. California’s Shine the Light law

California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we disclosed their “personal information” (if any and as defined under applicable California law) for direct marketing purposes during the previous calendar year, as well as the type of personal information disclosed to those individuals. If you are a California resident and would like to request this information, please send your request by email to office@icea-group.com.

6. Additional rights applicable in California

If you are a California resident under the age of 18 and are a registered user of our Services, you may have the right to request that content you have posted to our Services be removed from our Services, which may be accessed by any other user (whether registered or not). Please note that any content removed from our Services may still remain on our servers and systems. To request removal of content under this provision, please send an email to office@icea-group.com and provide a description of the content and where it was posted on our Services, as well as any other information we may need to process your request. Please note that removal of content under this provision does not ensure complete or comprehensive removal of the content or information you have posted to the Services.