Polityka prywatności

PRIVACY POLICY OF THE STORE GEMKIBO.PL

(HEREINAFTER: “POLICY”)

GENERAL PROVISIONS
1. The present document constitutes an annex to the Terms and Conditions of the online store GEMKIBO.PL (hereinafter: the “Online Store”). By using the services of the Online Store, the Customer entrusts the Seller with their personal data. This Policy serves solely as an aid to understanding what information and data are collected, for what purpose, and how they are used. Customers’ personal data are important, which is why this document should be read carefully, as it defines the principles and methods of processing and protecting the customers’ personal data in the store.
2. The service collects personal data necessary for the provision and development of the services offered therein.
3. The personal data collected via the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR), the Personal Data Protection Act of 10 May 2018, as well as other currently applicable data protection regulations.
PERSONAL DATA CONTROLLER
1. The controller of the personal data collected via the Online Store is the Seller, i.e. Gemkibo Sp. z o.o., registered in Warsaw (00-363 Warsaw), at Nowy Świat Street 54/56, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court in Warsaw, 12th Commercial Division of the National Court Register, under the number KRS 0001173836, NIP 5253046986, REGON 541772560 (hereinafter: the “Controller”).
2. Contact with the Controller is possible via the Online Store’s e-mail address: sklep@gemkibo.pl
3. For all matters concerning the protection of your personal data and the exercise of rights arising from the obligation to protect them, contact can be made using the following details:
  1. Email address: sklep@gemkibo.pl
  2. Correspondence address: Data Protection Officer Gemkibo Sp. z o.o., ul. Nowy Świat 54/56, 00-363 Warsaw.
  3. Address for product returns / exchanges / withdrawal from the contract: Gemkibo Sp. z o.o., ul. Piasta 13/4, 15-044 Białystok (unit E-paka).
PERSONAL DATA COLLECTED, PROCESSED, AND STORED BY THE CONTROLLER
1. Personal data means any information relating to an identified or identifiable living individual. Individual pieces of information that, when combined, may lead to the identification of a person’s identity also constitute personal data (hereinafter: „Personal Data“).
2. Depending on which functionality of the Online Store the User or Customer uses, the Controller collects, processes, and stores, among others, the following personal data of Users and Customers:
  - First and last name,
  - Residential address,
  - Delivery address (if different from the residential address),
  - Tax identification number (NIP),
  - Email address,
  - Phone number (mobile, landline),
  - Date of birth,
  - PESEL,
  - Bank account number
  - Information about the web browser used,
  - Location data (e.g., location settings on a mobile phone),
  - IP address,
  - Cookie identifier,
  - Other personal data voluntarily provided by the User or Customer.
PURPOSE AND LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
The personal data of the Online Store Customer (as specified in points 1–10 below) are processed for various purposes, depending on which functionalities of the Online Store are used by the User or Customer, in particular for the purpose of providing the services available in the Online Store and for accounting purposes, such as for the purpose of:
1. REGISTRATION OF AN ACCOUNT IN THE ONLINE STORE
  Both the personal data provided by the Customer during the registration of an account in the Online Store, as well as other data obtained by the Controller in connection with the Customer’s activity in the Online Store and use of the Online Store services (in particular: first and last name; email address; contact phone number; address [street, house number, apartment number, postal code, city, country], residential/business/registered office address [if different from the delivery address], bank account number, and in the case of non-consumer Customers additionally company name and tax identification number [NIP]) are processed for the following purposes:
  1. Management of the Customer’s account in the Online Store, so that they can: place subsequent orders without having to fill out the form containing their personal data again, view their order history, modify consents given in the Online Store, and access other services available in the Online Store [legal basis: Art. 6(1)(b) GDPR, i.e., necessity for the performance of a contract];
  2. Marketing activities of the Controller as well as the analysis of the Customer’s activity in the Online Store through actions that do not significantly affect the Customer’s decisions regarding placing an order for Online Store services, such as presenting advertisements or offers—taking into account their preferences—based on the aforementioned analysis [legal basis: Art. 6(1)(f) GDPR], i.e., legitimate interest of the Controller or a third party];
  3. Protection and enforcement of claims that may arise within the relationship between the Customer and the Controller, as well as other purposes necessary for the pursuit of the legitimate interests of the Controller or a third party [legal basis: Art. 6(1)(f) GDPR, i.e., legitimate interest pursued by the Controller or a third party].
    The Controller of the Customer’s personal data is the entity indicated in point II of this Policy.
    The Controller of the Customer’s personal data is the entity indicated in point II of this Policy.
    If the Customer does not provide the required personal data during registration, it prevents the registration of an account in the Online Store.
    As a rule, the Customer’s personal data will be processed by the Controller for the period during which the Customer uses the account (however, they may be deleted three years after the Customer’s last activity in the Online Store), and in the case of marketing activities—until an objection is raised, unless legal regulations require the Controller to process these data for a longer period, or they are retained longer to cover potential claims, for the period of their statute of limitations as specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of the Controller’s legitimate interests (in any case, the longer retention period for personal data applies).
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
2. PLACING AN ORDER IN THE ONLINE STORE
  
  Personal data provided by the Customer in connection with placing an order, as well as other data collected in connection with their activity in the Online Store and use of our services (in particular: first and last name; email address; contact phone number; address [street, house number, apartment number, postal code, city, country], residential/business/registered office address [if different from the delivery address], bank account number, and in the case of non-consumer Customers additionally company name and tax identification number [NIP]) are or may be processed for the following purposes:
  1. Fulfillment of the Customer’s orders and performance of the contract concluded with them – in particular, confirming the order and reservation (if such an option is available and chosen by the Customer) or delivery to the address provided by the Customer or to the pickup point of the selected product, as well as contacting the Customer if necessary regarding this matter [legal basis: Art. 6(1)(b) GDPR, i.e., necessity for the performance of the sales contract concluded by the Customer when placing the order, or the reservation contract (if such an option is available and chosen)];
  2. Marketing, analytical, and statistical activities of the Controller or its partners (third parties listed in point 11 of the Cookie Policy) or other so-called third parties we cooperate with, e.g., presenting advertisements and offers (discounts) to the Customer, also tailored to their interests based on profiling through analysis of the Customer’s activity, including purchase history, which allows the Controller to better adjust to certain general groups of our Customers, but also to the preferences of the specific Customer placing the order. However, the Controller’s actions do not significantly influence the Customer’s purchasing decisions [legal basis: Art. 6(1)(f) GDPR, i.e., legitimate interest of the Controller or a third party];
  3. Pursuit and defense of claims that may arise within the relationship between the Customer and the Controller, as well as other purposes necessary for the protection of the legitimate interests of the Controller or a third party [legal basis: Art. 6(1)(c) GDPR, i.e., legitimate interest pursued by the Controller or a third party];
  4. Issuing and storing invoices and other accounting documents, as well as handling complaints and returns within the deadlines and forms specified by law [legal basis: Art. 6(1)(c) GDPR, i.e., necessity for compliance with a legal obligation of the Controller].
    
    The Controller of the Customer’s personal data is the entity indicated in point II of this Policy.
    Providing personal data is voluntary, but necessary to place an order.
    The Customer’s personal data will be processed by the Controller for the purpose of fulfilling the order for the duration of the contract, as well as for the period required by law (e.g., tax, accounting). In the case of marketing activities—until the Customer objects—unless a longer period is necessary to cover potential claims, for the statute of limitations as specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In any case, the longer retention period for personal data applies.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
3. FILING A COMPLAINT
  
  Personal data provided by the Customer in connection with filing a complaint in the Complaint Form (first and last name, address, contact phone number, email address, bank account number), as well as other data collected during any further communication, are or may be processed for the following purposes:
  1. Processing the Customer’s complaint, maintaining accounting records, and settlement related to processed complaints [legal basis: Art. 6(1)(c) GDPR, i.e., necessity for compliance with a legal obligation of the Controller];
  2. Pursuit and defense of claims that may arise within the relationship between the Customer and the Controller, as well as other purposes necessary for the protection of the legitimate interests of the Controller or a third party [legal basis: Art. 6(1)(f) GDPR, i.e., legitimate interest pursued by the Controller or a third party].
    
    The Controller of the Customer’s personal data is the entity indicated in point II of this Policy.
    Providing personal data is voluntary, but necessary to submit a complaint.
    The Customer’s personal data will be processed by the Controller for the purpose of handling the complaint, unless legal provisions (e.g., accounting) require the Controller to process these data for a longer period, or the Controller retains them longer in case the Customer has any claims against the Controller, for the statute of limitations period as specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of the Controller’s legitimate interests. In any case, the longer retention period for personal data applies.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
4. EXERCISING THE RIGHT OF WITHDRAWAL FROM THE CONTRACT
  
  Personal data provided by the Customer in connection with exercising the right of withdrawal in the Withdrawal Form (first and last name, address, bank account number) are or may be processed for the following purposes:
  1. Assessment of the Customer’s entitlement to exercise the right of withdrawal by the Controller (verification whether the goods returned with the form show no signs of use, are in the original packaging, and contain all original labels), maintaining accounting records, and settlement related to processed complaints [legal basis: Art. 6(1)(c) GDPR, i.e., necessity for compliance with a legal obligation of the Controller];
  2. Pursuit and defense of claims that may arise within the relationship between the Customer and the Controller, as well as other purposes necessary for the protection of the legitimate interests of the Controller or a third party [legal basis: Art. 6(1)(f) GDPR, i.e., legitimate interest pursued by the Controller or a third party].
    The Controller of the Customer’s personal data is the entity indicated in point II of this Policy.
    Providing personal data is voluntary, but necessary to exercise the right of withdrawal from the contract.
    The Customer’s personal data will be processed by the Controller for the purpose of assessing the Customer’s entitlement to exercise the right of withdrawal from the contract, unless legal provisions (e.g., accounting) require the Controller to process these data for a longer period, or the Controller retains them longer in case the Customer has any claims against the Controller, for the statute of limitations period as specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of the Controller’s legitimate interests. In any case, the longer retention period for personal data applies.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
5. EXERCISING THE OPTION TO EXCHANGE GOODS
  
  Personal data provided by the Customer in connection with exercising the option to exchange goods (first and last name, address, email address) are or may be processed for the following purposes:
  1. Assessment of the Customer’s entitlement to exercise the option to exchange goods (verification whether the exchanged goods show no signs of use, are in the original packaging, and contain all original labels), maintaining accounting records, and settlement related to the exchange of goods [legal basis: Art. 6(1)(c) GDPR, i.e., necessity for compliance with a legal obligation of the Controller];
  2. Pursuit and defense of claims that may arise within the relationship between the Customer and the Controller, as well as other purposes necessary for the protection of the legitimate interests of the Controller or a third party [legal basis: Art. 6(1)(f) GDPR, i.e., legitimate interest pursued by the Controller or a third party].
    
    The Controller of the Customer’s personal data is the entity indicated in point II of this Policy.
    Providing personal data is voluntary, but necessary to exercise the right of withdrawal from the contract.
    The Customer’s personal data will be processed by the Controller for the purpose of assessing the Customer’s entitlement to exercise the option to exchange goods, unless legal provisions (e.g., accounting) require the Controller to process these data for a longer period, or the Controller retains them longer in case the Customer has any claims against the Controller, for the statute of limitations period as specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of the Controller’s legitimate interests. In any case, the longer retention period for personal data applies.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
6. CONTACT FORM
  
  Personal data provided by the Customer via the Contact Form (in particular: first name and email address), as well as other data collected during any further communication, are or may be processed for the following purposes:
  1. Communication with the Customer and responding to their message [legal basis: Art. 6(1)(f) GDPR, i.e., legitimate interest pursued by the Controller];
  2. Depending on the content of the message addressed to the Administrator:
    ➝ Taking action at the Client’s request prior to the conclusion of the contract [legal basis: Art. 6(1)(b) GDPR, i.e. necessity to take steps prior to concluding a contract];
    ➝ Marketing, analytical and statistical activities of the Administrator or partners (third parties listed in section 11 of the Cookie Policy) or other so-called third parties we cooperate with [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest of the Administrator or a third party];
    ➝ Defense and pursuit of claims that may arise in the relationship between the Client and the Administrator, as well as other purposes necessary to safeguard the legitimate interests of the Administrator or a third party [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator or by a third party].
    The Controller of the Customer’s personal data is the entity indicated in point II of this Policy.
    The provision of Personal Data is voluntary, however necessary in order to communicate effectively with the Administrator.
    As a rule, the Client’s Personal Data will be processed by the Administrator until the communication with the Client is concluded, and in the case of marketing activities – until the Client raises an objection, unless legal provisions (e.g. accounting) oblige the Administrator to process such data for a longer period, or the Administrator stores them longer in the event that the Client may have any claims against the Administrator, for the period of their limitation specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of the Administrator’s legitimate interests. In all cases, the longer retention period for Personal Data shall apply.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
7. NEWSLETTER
  
  The Personal Data provided by the Client in connection with subscribing to the Newsletter are or may be processed for the following purposes:
  1. Performance of the Newsletter service agreement [legal basis: Art. 6(1)(b) GDPR, i.e. necessity for the performance of the concluded contract (in order to send the Client, e.g. by e-mail, attractive advertisements and offers (discounts))];
  2. Marketing, analytical and statistical activities of the Administrator or partners (third parties listed in section 11 of the Cookie Policy) or other so-called third parties cooperating with the Administrator, e.g. presenting advertisements and offers (discounts), also tailored to interests based on profiling through actions that do not have a significant impact on the Client’s decisions regarding placing an order for Online Store services, in the form of presenting advertisements or offers – taking into account the Client’s preferences – on the basis of the aforementioned analysis [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest of the Administrator or a third party];
  3. Defense and pursuit of claims that may arise in the relationship between the Client and the Administrator, as well as other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator or by a third party].
    The Controller of the Customer’s personal data is the entity indicated in point II of this Policy.
    The provision of Personal Data is voluntary, however necessary in order to subscribe to the Newsletter.
    As a rule, the Client’s Personal Data will be processed by the Administrator until unsubscribing from the Newsletter, and in the case of marketing activities – until the Client raises an objection, unless legal provisions (e.g. accounting) oblige the Administrator to process such data for a longer period, or the Administrator stores them longer in the event that the Client may have any claims against the Administrator, for the period of their limitation specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of the Administrator’s legitimate interests. In all cases, the longer retention period for Personal Data shall apply.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
8. PROFILES IN SOCIAL MEDIA
  
  Personal Data left by the Client when visiting social media profiles (including comments, likes, online identifiers) are or may be processed for the following purposes:
  1. Marketing and analytical activities of the Administrator in the form of enabling activity on the profile, effectively managing the profile by presenting information about initiatives and other activities, as well as in connection with the promotion of various types of events, services and products, including partners, i.e. third parties listed in section 11 of the Cookie Policy [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator];
  2. Defense and pursuit of claims that may arise in the relationship between the Client and the Administrator, as well as other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator or by a third party].
    The Administrator of the Client’s Personal Data is the entity indicated in section II of this Policy.
    The provision of Personal Data is voluntary, however necessary to fully use the functionalities of social media profiles. Personal Data will be processed for the period necessary to achieve the above-mentioned purposes or until a valid objection is raised, as well as for the time required by legal provisions (e.g. tax, accounting), unless a longer period results from storing them for the purpose of potential claims, for the limitation period specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In all cases, the longer retention period for Personal Data shall apply.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Client in connection with the processing of his Personal Data are described in detail in section X of this Policy.
9. NOTIFICATION OF PRODUCT AVAILABILITY
  
  Personal Data—such as an e-mail address—provided in connection with the intention to use the service in the form of a product-availability notification are or may be processed for the following purposes:
  1. Sending a notification about the product’s availability [legal basis: Art. 6(1)(b) GDPR, i.e. necessity for the performance of the service agreement in the form of a product-availability notification];
  2. Marketing and analytical activities of the Administrator [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator];
  3. Defense and pursuit of claims that may arise in the relationship between the Client and the Administrator, as well as other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator or by a third party].
    The Administrator of Personal Data is the entity indicated in section II of this Policy.
    The provision of Personal Data is voluntary, however necessary in order to receive a notification about the product’s availability.
    Personal Data will be processed for the period necessary to notify about the availability of the product (this period may vary depending on the selected item), and in the case of marketing activities – until the Client raises an objection, unless legal provisions require longer processing of such data or they are stored longer in the event of potential claims, for the limitation period specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In all cases, the longer retention period for Personal Data shall apply.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
10. ORGANIZATION OF CONTESTS
  
  In the event of deciding to participate in a contest organized by the Administrator, Personal Data are or may be processed for the following purposes:
  1. Carrying out the contest, selecting the winners and awarding the prizes [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator];
  2. Fulfilment of the legal obligations incumbent on the Administrator, in particular those arising from provisions regulating tax obligations [legal basis: Art. 6(1)(c) GDPR, i.e. necessity for compliance with a legal obligation to which the Administrator is subject];
  3. Marketing and analytical activities of the Administrator or partners (third parties listed in section 11 of the Cookie Policy) or other so-called third parties cooperating with the Administrator, e.g. presenting advertisements and offers (discounts), tailored to interests based on profiling through actions that do not have a significant impact on decisions regarding placing an order for Online Store services, in the form of presenting advertisements or offers – taking into account the Client’s preferences – on the basis of the aforementioned analysis [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest of the Administrator or a third party];
  4. Defense and pursuit of claims that may arise in the relationship between contest participants and the Administrator, as well as other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator or by a third party].
    The Administrator of the Personal Data of contest participants is the entity indicated in section II of this Policy.
    The provision of Personal Data is voluntary, however necessary in order to participate in the organized contest.
    The Personal Data of contest participants will be processed for the period necessary to carry out the contest, select the winners and award the prizes, and in the case of marketing activities – until they raise an objection, unless legal provisions require longer processing of such data or they are stored longer in the event of potential claims, for the limitation period specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In all cases, the longer retention period for Personal Data shall apply.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information about any potential transfer of Customer personal data to third countries (outside the European Economic Area) is described in detail in point IX of this Policy.
    The rights granted to the Customer in connection with the processing of their personal data are described in detail in point X of this Policy.
11. CUSTOMER SATISFACTION SURVEY
  
  The Personal Data provided to the Administrator in connection with the satisfaction survey regarding the services provided are or may be processed by us for the following purposes:
  1. Conducting customer satisfaction surveys (e.g. through the use of various types of questionnaires), improving the Online Store or the Application and the quality of services offered by the Administrator [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator or by a third party];
  2. Defense and pursuit of claims that may arise in the relationship between the persons providing their Personal Data to the Administrator and the Administrator, as well as other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator or by a third party].
    
    The Administrator of the Personal Data of persons participating in the Customer Satisfaction Survey is the entity indicated in section II of this Policy.
    The provision of Personal Data by the above-mentioned persons is voluntary, however necessary in order to participate in the satisfaction survey. Providing them makes it possible to learn opinions about the services provided, thereby enabling improvements to the Online Store or the Application.
    The Personal Data of persons participating in the Customer Satisfaction Survey will be processed for the period necessary to conduct the survey and to develop and implement solutions aimed at improving the Online Store or the Application and the quality of services provided, unless legal provisions oblige the Administrator to process such data for a longer period, or the Administrator stores them longer in the event of potential claims, for the limitation period specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In all cases, the longer retention period for Personal Data shall apply.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information on the possible transfer of the Personal Data of persons participating in the Customer Satisfaction Survey to third countries (outside the European Economic Area) is described in detail in section IX of this Policy.
    The rights of persons participating in the Customer Satisfaction Survey in connection with the processing of their Personal Data are described in detail in section X of this Policy.
12. LIVECHAT
  
  The Personal Data of persons using LiveChat, e.g. Messenger, an online communicator founded by Facebook, are or may be processed for the following purposes:
  1. Handling inquiries via chat [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator];
  2. Taking action at the request of persons using LiveChat prior to the conclusion of the relevant contract – depending on the content of the message provided [legal basis: Art. 6(1)(b) GDPR, i.e. necessity to take steps prior to concluding a contract];
  3. Marketing and analytical activities of the Administrator or partners (third parties listed in section 11 of the Cookie Policy) or other so-called third parties [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest of the Administrator or a third party];
  4. Defense and pursuit of claims that may arise in the relationship between persons using LiveChat who provide their Personal Data to the Administrator and the Administrator, as well as other purposes necessary for the realization of the legitimate interests of the Administrator or a third party [legal basis: Art. 6(1)(f) GDPR, i.e. the legitimate interest pursued by the Administrator or by a third party].
    
    The Administrator of the Personal Data of persons using LiveChat is the entity indicated in section II of this Policy.
    The provision of Personal Data by the above-mentioned persons is voluntary, however necessary in order to use the functionality of LiveChat (i.e. to communicate effectively with the Online Store via Messenger).
    The Personal Data of persons using LiveChat will be processed until the communication with those persons is concluded, and in the case of marketing activities – until they raise an objection, unless legal provisions oblige longer processing of such data, or they are stored longer in the event of potential claims, for the limitation period specified by law, in particular the Civil Code, or for other purposes arising from the pursuit of our legitimate interests. In all cases, the longer retention period for Personal Data shall apply.
    Information about recipients of personal data is described in detail in point VIII of this Policy.
    Information on the possible transfer of the Personal Data of persons using LiveChat to third countries (outside the European Economic Area) is described in detail in section IX of this Policy.
    The rights of persons using LiveChat in connection with the processing of their Personal Data are described in detail in section X of this Policy.
13. METHOD OF PROTECTION OF COLLECTED, PROCESSED AND STORED PERSONAL DATA
  1. The Administrator attaches great importance to the security and lawfulness of the personal data processing of both the Clients of the Online Store and the persons visiting the Online Store (hereinafter: “Persons”), while ensuring convenience in using the Online Store. The Personal Data of the above-mentioned persons are processed in accordance with the provisions listed in section I of this Policy.
  2. Additionally, the Administrator also protects persons who have provided their Personal Data to the Administrator using other communication channels, i.e.:
    - the website https://www.facebook.com as well as other sites branded or co-branded with Facebook (including subdomains, international versions, widgets and mobile versions), whose operation is based on the regulations made available, among others, at: https://www.facebook.com/legal/terms , provided respectively by Facebook Inc. or Facebook Ireland Limited (“hereinafter: Facebook Service”), including through the Facebook Lead Ads function aimed at direct marketing of the Administrator’s own products or services. The rules for the protection and use of Personal Data by the Facebook Service are available, for example, at: https://www.facebook.com/policy.php . (The Administrator has no influence on the content of the legal regulations published in the Facebook Service).
    - Applications enabling the Administrator to run advertising campaigns within the Facebook Service, including contests.
  3. The Administrator undertakes all types of measures to protect against the improper and uncontrolled use of Personal Data. In particular, he makes every effort to protect the Personal Data entrusted to him by Persons against unauthorized access, unauthorized modification, disclosure and destruction, in particular through:
    - Compliance with applicable legal provisions, including data protection regulations – and, if necessary, cooperation with data protection authorities and law enforcement authorities authorized to do so. (In the absence of data protection regulations, the Seller is obliged to act in accordance with generally accepted principles of data protection and the principles of social coexistence).
    - Controlling the methods of collecting, storing and processing information, including the use of physical security measures to protect against unauthorized access to the system.
    - Access to the Personal Data entrusted by Persons is restricted, i.e. it is granted only to employees, contractors and representatives who need to have access to them in order to process them for the purpose of fulfilling the order (under the agreement, the above-mentioned entities are obliged to maintain strict confidentiality, which enables the Administrator to control and verify how they perform their assigned duties, and in the event of failure to comply with these obligations, they may face consequences).
    - Securing data sets against unauthorized access.
    - SSL certificate on the Online Store pages where Personal Data is provided.
    - Encryption of the data used to authorize the person using the functionalities of the Online Store.
    - Access to the Account only after entering an individual login and password.
14. IS THE PROVISION OF PERSONAL DATA MANDATORY? WHAT ARE THE POSSIBLE CONSEQUENCES OF NOT PROVIDING IT?
  1. The provision of personal data by visitors to the Online Store or Applications, Live Chats, as well as by customers of the Online Store, is voluntary but necessary in order to use certain functionalities of the Online Store. The consequence of not providing personal data may be the inability to effectively perform the above-mentioned actions.
  2. Detailed information in this regard has been described in Section IV, subsections 1–12 of this Policy.
15. ARE PERSONAL DATA SUBJECT TO PROFILING? AND WHAT DOES THIS MEAN FOR THE PERSON WHOSE DATA IS BEING PROCESSED?
  1. Due to the need to present general advertisements, offers, or promotions (discounts) aimed at all potential customers in a way that is tailored to the preferences of a given customer, the Controller may become acquainted with their preferences through profiling, e.g., by analyzing how often they visit the Online Store, as well as whether and what products they buy or reserve in the Online Store, for example, what clothing size they purchase, and whether it is women’s or men’s clothing. This activity of the Controller allows for a better understanding of the customer’s expectations and an adjustment to their needs in such a way that it does not significantly affect their purchasing decisions. The above-mentioned activities of the Controller are, in most cases, automated, which ensures that the content sent is as up to date and tailored to the customer’s preferences as possible.
  2. The analysis of visits and activities of individuals visiting the Online Store and its customers, as well as the collected information on how the Online Store is used, may also contribute to the detection and identification of abuses such as ad fraud. Information in this regard has also been described in Section IV, subsections 2, 7, and 10 of this Policy.
16. RECIPIENTS OF PERSONAL DATA
  1. The Controller has exclusive access to the personal data of both visitors to the Online Store and its customers.
  2. The catalog of recipients of personal data processed by the Controller depends primarily on the scope of services used by the person visiting the Online Store or its customer. In addition, it also results from the consent of the aforementioned persons or from legal provisions.
  3. Access to the Customer’s personal data may be entrusted to other entities through which the customer makes payments for purchases in the Online Store, which collect, process, and store personal data in accordance with their own Terms and Conditions, as well as entities responsible for delivering the goods to the customer. Access to the Customer’s personal data is granted to the above-mentioned entities only to the necessary extent and solely to the degree that ensures the performance of their services, so that the customer can purchase, receive, and pay for the goods.
  4. The possibility of processing personal data to a limited extent may also be granted to entities that technically help ensure the efficient operation of the Online Store, including communication with customers (e.g., sending emails, including in marketing campaigns), providers of hosting or IT services, companies maintaining software, companies supporting marketing campaigns, as well as providers of legal and advisory services.
  5. The Controller has the right, and in cases specified by law also the legal obligation, to transfer selected or all information concerning the Online Store’s customers to public authorities or third parties that request such information based on the applicable provisions of Polish law.
17. POSSIBLE TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES (OUTSIDE THE EUROPEAN ECONOMIC AREA)
  1. As part of the use of tools provided to the Controller to support its ongoing activities, e.g., by Google, the Customer’s personal data may be transferred to a so-called “third country,” where the cooperating entity maintains tools used for the processing of personal data in cooperation with the Controller.
  2. The Controller ensures the appropriate security of the transferred personal data by applying standard data protection clauses adopted by decision of the European Commission, as well as data processing agreements that meet the requirements of the GDPR.
  3. In the case of transferring data to a country outside the European Economic Area, the Controller makes every effort to ensure that its partners are able to provide an adequate level of protection by implementing additional safeguards for the security of personal data.
  4. The person whose data is transferred to a third country has the right to obtain a copy of the safeguards applied by the Controller regarding the transfer of personal data to a third country by contacting the Controller (contact details in Section II of this Policy).
18. RIGHTS OF INDIVIDUALS REGARDING THE PROTECTION OF THEIR PERSONAL DATA
  1. A person visiting the Online Store, as well as its customer, has the right to obtain clear and complete information about how their personal data is used and for what purposes it is needed.
  2. The aforementioned persons are always clearly and comprehensively informed about the data collected by the Online Store and how and to whom it is transferred (the Controller provides information about the entities to be contacted in case of any doubts or comments, and the Controller will take immediate action to clarify and resolve any concerns).
  3. The customer has the right to access their personal data provided to the Controller, as well as to receive a copy thereof. They may correct it (if it is inaccurate), supplement it at any time, and also have the right to request that the Controller delete it from their databases or cease processing it, without providing any reason, not only in cases where it has been processed unlawfully.
  4. In order to exercise their rights, the customer may at any time send an appropriate message to the Controller’s registered office address or email address, or in another way that delivers/transmits such a request to the Seller.
  5. A customer’s request for the deletion of their personal data or for the Controller to cease processing it may result in the complete inability of the Online Store to provide services or in a serious limitation of such services.
  6. Moreover, the customer has an unlimited right to:
    - Lodging a complaint with the President of the Personal Data Protection Office (mailing address: ul. Stawki 2, 00-193 Warsaw),
    - Portability of the personal data that they have provided to the Controller and that are processed in an automated manner, where the processing is based on consent or on a contract, e.g., to another controller,
    - Withdrawal of any consent given to the Controller at any time, with the withdrawal not affecting the processing of their personal data carried out by the Controller lawfully before its withdrawal,
    - Objecting to the processing of their personal data carried out for the purpose of pursuing the legitimate interests of the Controller or a third party.
    - (In the situation where the customer’s personal data is processed for direct marketing purposes) they have the right to object to the processing of their personal data for such purposes, including profiling, to the extent that the processing is related to direct marketing (in this situation, it is prohibited to process the customer’s personal data for such purposes).
19. PERIOD OF STORAGE OF PERSONAL DATA
  1. Subject to Section IV subsections 1–12 of this Policy and point 2 below, personal data is stored for no longer than is necessary for the proper fulfillment of the order, i.e., the delivery of the goods purchased by the customer to the correspondence address indicated by them, as well as enabling the sending of personalized commercial information. After the expiry of this period, personal data is stored solely for the purpose of securing potential claims.
  2. The customer has the right to delete their personal data at any time, which results in the Controller ceasing to store their data.
20. LINKS TO OTHER WEBSITES
  
  The Online Store may contain links to other websites. The Administrator encourages you to read the terms and privacy policies applied by those other websites. This Policy applies only to the activities of the Administrator specified herein.
21. PERIOD OF VALIDITY OF THIS POLICY
  1. This version of the Policy is effective as of August 1, 2025.
  2. The Controller reserves the right to amend the content of this Policy in the event of changes to the applicable legal provisions, of which notice will be provided on the Online Store’s website.

Privacy Policy