PRIVACY POLICY

1. INTRODUCTION

This Privacy Policy sets out the rules for collecting and processing the personal data of current and potential customers of the business operated by LEO Sp. z o.o. (hereinafter: “LEO Sp. z o.o.”, “LEO Store”, “we”, “us” and “our”), including persons visiting any of the websites at www.leo‑art.com (collectively, “Users”). LEO Sp. z o.o. respects your privacy. Whether you deal with us as a customer, consumer or person interested in our services and products, you have the right to the protection of your Personal Data. Such data may relate to your name, telephone number, e‑mail address and other data, including geolocation data, etc.

In this General Privacy and Data Protection Policy (the “Policy”) we describe how we collect your Personal Data and why we collect it, what we do with your Personal Data, to whom we disclose it, how we protect it and what choices you can make regarding your Personal Data.

This Policy applies to the processing of Personal Data in connection with various services, tools, applications, websites, portals, (online) sales promotions, marketing activities, sponsored social media platforms, etc. that are provided or operated by us or on our behalf. This Policy contains general rules and explanations. It is supplemented by separate information clauses relating to the specific services, tools, applications, websites, portals, (online) sales promotions, marketing activities, sponsored social media platforms, etc. These information clauses will be provided to you when your Personal Data are processed in connection with the above‑mentioned activities (for example via websites, portals, individual communication services, newsletters, reminders, surveys, offers, events, etc.).

This Policy applies to all Personal Data collected and used by (or on behalf of) LEO Sp. z o.o.

If you accept the provisions of this Policy, you confirm that you have read its content and acknowledge that your Personal Data will be processed in the manner described herein.

Definitions of the key terms used in this Policy, written with capital initials (e.g. Personal Data, Processing, Data Controller), are provided at the end of this Policy.

The policy is available for download and printing in PDF format.

2. WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?

The entity responsible for Processing your Personal Data (the Data Controller) is:

LEO Sp. z o.o.
Dobrzechów 446B
38‑100 Strzyżów, Poland

iod@drone-voyagers.com 

3. WHO TO CONTACT IN CASE OF QUESTIONS OR REQUESTS? DATA PROTECTION CONTACT POINT

LEO Sp. z o.o. has established a Data Protection Contact Point responsible for responding to your questions and requests related to this Policy, information clauses, your Personal Data (and their Processing).

For any questions or complaints regarding this Policy and the Processing of Personal Data, or requests concerning your rights, you can contact the Data Protection Contact Point:

iod@drone-voyagers.com   

or by post at:

LEO Sp. z o.o.
Dobrzechów 446B
38‑100 Strzyżów, Poland

4. KEY PRINCIPLES

We care about the Personal Data entrusted to us and undertake to process them fairly, transparently and securely. To this end LEO Sp. z o.o. applies the following principles:

• Lawfulness – We will collect and process your Personal Data only in a legal, fair and transparent manner. All Personal Data are collected, stored and processed in accordance with Regulation (EU) 2016/679 (GDPR), UK GDPR, Brazil’s LGPD, the California Consumer Privacy Act (CCPA) and other applicable data‑protection regulations in the jurisdictions in which we operate. Where local law offers higher protection, it prevails.

• Data minimisation – We limit the collection of your Personal Data to what is adequate and necessary for the purposes for which they are collected.

• Purpose limitation – We collect your Personal Data only for specified, explicit and legitimate purposes and do not process them in any manner incompatible with those purposes.

• Accuracy – We take reasonable steps to ensure that Personal Data are accurate and up to date.

• Security and data protection – We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, preventing unauthorised disclosure or access, unlawful destruction or accidental loss, alteration or any other unlawful form of Processing.

• Access and rectification – We process your Personal Data in a manner that ensures you can confirm whether your Personal Data are being processed, access such data and request the rectification of inaccurate data.

• Limited storage period – We store your Personal Data in compliance with applicable data‑protection laws and no longer than necessary for the purposes for which they were collected or as required by law.

• International transfers – We ensure appropriate protection when your Personal Data are transferred, in particular to countries outside the EEA.

• Third‑party safeguards – We ensure that access to Personal Data by third parties (and their transfer) occurs in accordance with the law and with appropriate contractual safeguards.

• Compliance with direct‑marketing and cookie laws – We ensure that sending promotional materials and placing cookies on your device complies with applicable laws.

• Child protection – We do not knowingly collect data from persons under 13 years of age. If you believe that a child has provided us with data, please contact the DPO – we will delete them without delay.

5. PROCESSING YOUR PERSONAL DATA: WHAT DATA WE COLLECT AND ON WHAT LEGAL BASIS

Whenever you are asked to provide your Personal Data, you will be clearly informed which data are being collected. This information will be provided in the relevant information clause associated with a specific service (including communication services), website, newsletter, reminders, surveys, offers, event invitations, etc.

Please note that, under data‑protection law, your Personal Data may be processed if:

• you have given your consent for Processing (as described in the relevant information clause). You may withdraw your consent at any time; or
• it is necessary for the performance of a contract to which you are a party; or
• we process the data on the basis of our legitimate interest, provided that your interests or fundamental rights and freedoms do not override it; or
• it is required by law; or
• it is necessary to comply with a legal obligation incumbent on the Controller or to perform a task carried out in the public interest.

Please also note that providing Personal Data may in some cases be a statutory requirement or a condition for concluding a contract. In such cases failure to provide the required data may prevent the contract from being concluded or the service from being provided. Otherwise providing data is voluntary.

6. FOR WHAT PURPOSES WE PROCESS YOUR PERSONAL DATA

We will process your Personal Data only for specific, explicit and lawful purposes and will not further process them in a manner incompatible with those purposes.

Such a purpose may be to fulfil your order, perform a contract, improve the quality of our services based on your feedback, generally improve our products or services, offer services or applications, communication and marketing activities, profiling for marketing purposes, etc. The purpose of each Processing operation is indicated in the specific information clause. Information clauses are provided e.g. via websites or portals, in applications, newsletters, etc.

In California we do not sell or share Personal Data within the meaning of the CCPA; if we ever intend to do so, we will offer Users the right to “Do Not Sell or Share My Personal Information”.

7. PROCESSING PERSONAL DATA IN A WAY THAT ENSURES THEIR ACCURACY AND CURRENCY

Maintaining data accuracy and currency is very important to us. Please inform us of any changes or errors in your Personal Data as soon as possible by contacting us via the Data Protection Contact Point. We will take appropriate steps to ensure that any incorrect or outdated Personal Data are deleted or properly corrected.

8. ACCESS TO YOUR PERSONAL DATA

You have the right to access your Personal Data that we process and, if your Personal Data are inaccurate or incomplete, to request their correction or deletion. If you need additional information about your privacy rights or wish to exercise them, please contact us via the Data Protection Contact Point. You also have the right to data portability (to receive a copy in JSON/CSV format or have it transferred directly to another entity).

9. HOW LONG WE STORE YOUR PERSONAL DATA

We store your Personal Data in compliance with data‑protection regulations. We keep your Personal Data only as long as necessary for the purposes for which we process them, for legal compliance or where retention is required by law. For information on the specific retention periods, please contact us via the Contact Point. Relevant information is also provided in the specific information clauses.

10. PROTECTING YOUR PERSONAL DATA

To protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, we have implemented appropriate technical and organisational measures, designed with regard to our IT infrastructure, potential impact on your privacy, related costs and industry standards.

Your Personal Data may be processed by a third‑party Processor only if that Processor commits to implementing these technical and organisational data‑security measures. Data transmission is secured using the TLS 1.3 / HTTPS protocol.

Data‑security procedures include: access security, backup systems, monitoring, review and maintenance of systems, incident management and business‑continuity assurance.

11. USE OF COOKIES OR SIMILAR TOOLS

We use cookies on our website to enhance your browsing experience and improve our site. Cookies are small text files sent by a server and stored on your device. Under applicable law, during your first visit we ask for your consent to use cookies (except essential ones). You can withdraw consent at any time.

1. Types of cookies

By provider:

  1. first‑party (created by the site visited);
  2. third‑party (created by entities other than the Controller).

By storage period:

  1. session cookies (stored until logout or browser close);
  2. persistent cookies (stored for a predefined period or until manually deleted).

By purpose:

  1. essential;
  2. functional/preferences;
  3. analytical/performance;
  4. marketing, advertising and social.

2. Purposes of processing data in cookies

  1. identifying logged‑in Users (essential);
  2. remembering Products added to cart (essential);
  3. storing form data (essential / functional);
  4. customising site content to preferences (functional);
  5. compiling anonymous usage statistics (analytical/performance);
  6. remarketing (marketing/advertising/social).

3. Managing cookies

Most browsers accept cookies by default. You can set conditions for cookie use in your browser settings – e.g. limit or disable cookies – but this may affect some website functions. Detailed browser‑specific instructions are available in the browser help section.

We use a Consent Management Platform (CMP) compliant with IAB TCF v2.2 to allow granular control of your preferences.

12. DISCLOSURE OF PERSONAL DATA

Depending on the purposes for which we collect your Personal Data, we may disclose them to the following categories of recipients who will process them only for the indicated purposes:

1. Within our organisation: our authorised employees.

2. External business partners:
• Advertising, marketing and promotion agencies acting on our behalf;
• Business partners, e.g. trusted companies providing products/services you request or delivering marketing materials (with your consent);
• Service providers to LEO Sp. z o.o. (e.g. IT service providers).

3. Other third parties:
• as required by law or necessary to protect LEO Sp. z o.o.;
• to verify or enforce compliance with LEO Sp. z o.o. policies and agreements;
• to protect the rights, property or safety of LEO Sp. z o.o. and/or our customers;
• in connection with corporate transactions (transfer, merger, change of control, reorganisation or liquidation);
• for compliance with EU and US export‑control regulations (EAR, UK Export Control) and OFAC/EU sanctions.

Please note that the external recipients listed above – especially service providers who may offer products and services via our services or their own channels – may collect Personal Data from you separately. In such case these entities are solely responsible for Processing and controlling such data, and your dealings with them are governed by their policies.

13. PERSONAL DATA PROVIDED WHEN CONTACTING US

If you purchase a product or service from us or otherwise provide us with your Personal Data, you enter into a relationship with us as Data Controller, and the provided data will be processed under this Policy on the basis of contract necessity.

14. USE OF SOCIAL MEDIA

If you use a social‑media login (e.g. Facebook) when using LEO Sp. z o.o. tools via www.leo‑art.com, LEO will record your Personal Data available in that social network, and by using such login you expressly authorise the transfer of Personal Data obtained by LEO via that tool.

LEO Sp. z o.o. sometimes facilitates publication of Personal Data on social media such as Facebook or LinkedIn. Social media have their own privacy policies which you must consider when using them. Publishing content on social media may have consequences, including for your privacy or that of others whose Personal Data you share. You are fully responsible for what you publish. LEO Sp. z o.o. accepts no liability in this respect.

15. TRANSFER TO COUNTRIES OUTSIDE THE EEA

Your Personal Data may be transferred to recipients located outside the EEA and may be processed by us and such recipients. In connection with any transfer outside the EEA, LEO Sp. z o.o. will implement appropriate measures to ensure an adequate level of protection (e.g. Standard Contractual Clauses, Binding Corporate Rules or the EU‑US Data Privacy Framework). For example, using Google Analytics or Facebook Pixel may involve transferring some data to the United States. In such cases we ensure the transfer is based on appropriate legal safeguards.

We will clearly inform you whenever your Personal Data are transferred outside the EEA via the relevant information clause.

16. YOUR CHOICES AND RIGHTS

We aim to be as transparent as possible so that you can make informed choices about how we use your Personal Data.

• Right of access – You may ask what Personal Data we hold and their origin. In certain circumstances you may receive a copy in a commonly used, machine‑readable format or request data portability to another entity.

• Rectification – You may request correction or completion of inaccurate or incomplete data.

• Restriction – You may request restriction of Processing (e.g. if data accuracy is contested).

• Objection – You may object to Processing based on our legitimate interest and to direct marketing.

• Withdrawal of consent – You may withdraw consent at any time.

• Erasure (“right to be forgotten”) – You may request deletion of your Personal Data, subject to legal exceptions.

• Complaint – You have the right to lodge a complaint with the competent supervisory authority (e.g. the Polish President of the Personal Data Protection Office).

• Automated decision‑making – You are not subject to decisions based solely on automated processing that would produce legal effects concerning you or similarly significantly affect you.

Users in the USA may exercise the “do not sell/share” right, and individuals under the LGPD may exercise the right to anonymisation, blocking or deletion of unnecessary data.

17. LEGAL INFORMATION

The requirements of this Policy supplement and do not replace any other requirements that may exist under data‑protection law. In the event of any conflict between this Policy and data‑protection law, the latter shall prevail.

LEO Sp. z o.o. may modify this Policy at any time (e.g. to comply with updated laws, government decisions or to improve our services). Changes will be announced by publishing the updated version on www.leo‑art.com.

Consumers in the UK may lodge complaints with the Information Commissioner’s Office (ICO), and in Brazil with the Autoridade Nacional de Proteção de Dados (ANPD).

In connection with Regulation (EU) 2022/2065 (DSA) this Policy is reviewed every 12 months or whenever intermediary services change substantially.

  1. DEFINITIONS

Data Controller – the organisation that determines the purposes and means of processing your Personal Data. Unless otherwise stated, the Data Controller is LEO Sp. z o.o., Dobrzechów 446B, 38‑100 Strzyżów, Poland, KRS 0001034126, NIP PL8191677828, REGON 525216311.

Processor – a person or organisation that processes your Personal Data on behalf of the Controller.

Data Protection Contact Point – the person designated by LEO Sp. z o.o. to whom you can address questions or requests regarding this Policy and the Processing of your Personal Data (see Section 3).

EEA – the European Economic Area (EU member states with Iceland, Norway and Liechtenstein).

Personal Data – any information relating to an identified or identifiable natural person.

Processing – any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure, deletion or destruction.