Privacy and cookies policy
Formal information to start with: the administrator of your personal data is Łukasz Ciesielski, doing business under the name DLC Łukasz Ciesielski, 2/77 Przasnyska St.; 01-756 Warsaw, NIP: 5311643493 registered in the Central Register and Information on Business Activity (CEiDG).
We process your personal data primarily for purposes related to your use of our website, such as maintaining your user account, placing orders and handling contracts, processing complaints and withdrawals, fulfilling legal tax obligations, sending newsletters, claims cases, analysis, statistics, marketing, etc. We process your personal data for the period of time necessary to fulfill the particular purpose. You have the right to access, rectify, erase or restrict processing of your personal data, object to processing, as well as the right to data portability. In addition, you may file a complaint with the President of the Office for Personal Data Protection.
# 1: Who is the controller of personal data?
The administrator of your personal data is Łukasz Ciesielski, doing business under the name DLC Łukasz Ciesielski, 2/77 Przasnyska St.; 01-756 Warsaw, NIP: 5311643493 registered in the Central Register and Information on Business Activity (CEiDG).
# 2: Who can you contact regarding the processing of personal data?
As part of the implementation of a data protection system in our organization, we decided not to appoint a data protection officer due to the fact that it is not mandatory in our situation.
For matters related to data protection and privacy more broadly, you can contact us by email at firstname.lastname@example.org. In terms of social media, you can additionally contact directly the administrators of the social networks where we maintain our profiles.
# 3: For what purposes do we process personal data?
These targets are more than one. Below is a list of them, along with a more detailed discussion. We have also assigned to each purpose the corresponding legal basis for processing:
|Purpose of processing||Discuss the purpose of processing||Legal basis|
|User account maintenance||When you create a user account, you must provide the data necessary to create an account specified in the registration form.
Providing data is a condition for creating an account.
As part of editing your account details, you can enter your further details, according to the available options within your account.
In addition, our system used for user accounts records your IP number, which you used when registering a user account.
The data is processed for the purpose of providing the user account service to you. After deletion of the user account, the data goes into an archive for the possible establishment, investigation or defense of claims related to the user account service.
|Article 6(1)(b) of the RODO|
|Order processing and contract handling||When placing an order, you must provide the data necessary for its execution specified in the order form.
Providing data is a condition for placing an order.
In addition, the system used to handle the order process records your IP number, which you used to place the order.
In connection with the conclusion of a contract, it may also process your other personal data in order to perform the services provided for in the contract that has been concluded. The extent of this data depends on which personal data is needed to perform the contract.
In a situation where we receive your data in the performance of a contract, e.g. from an entity that employs you, we base such processing on our legitimate interest, which in this case is to ensure efficient and effective service of the concluded contract. In this case, we may process your identifying and contact data.
The data is processed for the purpose of entering into and performing the contract. Once the contract has been executed, the data goes into the archive for the purpose of possibly establishing, asserting or defending claims related to the contract. Data also goes into accounting records for the purpose of meeting tax obligations.
|Article 6(1)(b) RODO, Article 6(1)(f) RODO|
|Actions taken to complete orders by customers||Due to the fact that some customers start placing an order but do not finalize it (do not approve the order and do not conclude a contract with us), we may take measures to ensure that our customers complete the purchase process.
For this purpose, we can, for example, send emails containing information about an unfinished order and an incentive to complete the transaction.
For the purposes of the activities described above, we may process such personal data as the information provided during the ordering process, in particular your name and e-mail address, as well as information about the contents of your shopping cart, the date the transaction began, and other data left in connection with the purchase process you initiated.
The legal basis for the processing of your personal data is Article 6(1)(b) of the RODO, as these activities are aimed at entering into a contract. In addition, we see the basis for processing as our legitimate interest, which in this case is to increase sales.
|Article 6(1)(b) RODO, Article 6(1)(f) RODO|
|Handling complaints or withdrawals||If you make a complaint or withdraw from the contract, you will provide personal information contained in the body of the complaint or withdrawal statement.
Provision of data is a condition for submitting a statement of withdrawal or complaint.
The data is processed for the purpose of handling the withdrawal or complaint process. Once such a process has been carried out, the data goes into an archive for the purpose of possibly establishing, asserting or defending claims related to the handling of the withdrawal process or the complaint process. Data also goes into accounting records for the purpose of meeting tax obligations.
|Article 6(1)(c) of the RODO in connection with the relevant provisions on the right of withdrawal and liability for compliance with the contract, Article 6(1)(b) of the RODO|
|Newsletter handling||When signing up for the newsletter, you must provide the data necessary to receive it as specified in the subscription form.
Providing data is a condition for receiving the newsletter.
In addition, the mailing system records your IP number you used when signing up for the newsletter, determines your approximate location, the mail client you use for email, and tracks your actions taken in connection with messages sent to you. As a result, we also have information about which messages you opened, within which messages you clicked on links, etc.
In the mailing system, we may also define, based on various criteria related to your activity, interests or other preferences, specific groups or segments of newsletter recipients that influence what kind of messages you receive in the newsletter.
The data provided by you in connection with subscribing to the newsletter is used for the purpose of sending you the newsletter, and the legal basis for its processing is the performance of the contract for the provision of electronic services, as well as our legitimate interest, which in this case is the fulfillment of marketing purposes.
As for the processing of information that does not come from you, but is collected automatically by the mailing system, we rely in this regard on our legitimate interest to analyze the behavior of newsletter subscribers in order to optimize mailing activities.
You can unsubscribe from the newsletter at any time by clicking on the dedicated link included in each message sent as part of the newsletter, or by simply contacting us.
Opting out of the newsletter does not lead to the deletion of your data from the mailing system. The data is archived for the purpose of possibly establishing, asserting or defending claims related to the newsletter, as well as to ensure that it can be shown that the newsletter activities were conducted in accordance with the law.
|Article 6(1)(b) RODO, Article 6(1)(f) RODO|
|Handling comments/feedback||When adding a comment / opinion, you must provide the data necessary to publish the comment / opinion of receipt specified in the form intended for comment / opinion.
Provision of data is a condition for publication of comments / opinions.
In addition, the comment/feedback system records your IP number that you used when submitting a comment/feedback.
The data is processed for the purpose of publishing a comment / opinion, which is our legitimate interest.
The comment or opinion you add, along with your data made public within the settings, will be visible on the site. You can modify and delete your comment or opinion at any time. Deleted comment / opinion along with your data goes to the archive for the purpose of possible establishment, investigation or defense of claims related to the comment / opinion.
|Article 6(1)(f) RODO|
|Contact and correspondence handling||When you contact us through available means of communication, such as e-mail, social messaging, chat rooms, etc., you naturally provide your personal information contained in the content of your correspondence.
Provision of data is a condition for making contact.
In addition, the communication system records your IP number, which you used when sending the message.
Data is processed for the purpose of conducting communications, which is our legitimate interest. Once the communication has been completed, the data goes into an archive for the possible establishment, investigation or defense of claims related to the communication.
|Article 6(1)(f) RODO|
|Implementation of tax and accounting obligations||In connection with the performance of the contract, we also carry out various tax and accounting obligations, particularly in the form of issuing an invoice, incorporating the invoice into our accounting records, keeping records, etc.
In order to issue an invoice, we process such data as name, company, business address, TIN, among others.
Provision of data required by tax law is necessary for the fulfillment of the obligations indicated.
|Article 6(1)(c) of the RODO in connection with the relevant provisions of tax law|
|Creating an archive||For the purposes of our business, we may create archives: both in traditional and digital form. The archives include personal data that we have processed in connection with you, and the scope of the archives may vary depending on what data has come to us and the scope of the data justified in terms of archiving. In this case, we rely on our legitimate interest in organizing and arranging personal data carriers.||Article 6(1)(f) RODO|
|Defense, establishment or enforcement of claims||The use of our website, as well as the conclusion of a contract with us, may give rise to certain claims in the future on our side or yours. Accordingly, we are entitled to process personal data for the purpose of defending, establishing or asserting claims. For this purpose, we may process any personal data that is related to the claim in question, so the scope may vary depending on what the claim is about. In this case, we rely on our legitimate interest to protect our interests in this regard.||Article 6(1)(f) RODO|
|Social media handling||If you follow our social media profiles or interact with content we publish on social media, we naturally see your data, which is publicly available in your social media profile. We process this data only within the respective social network and only for the purpose of operating the respective social network, which is our legitimate interest.
If you contact us via private message, you naturally provide us with your personal data contained in the body of the correspondence, in particular your image and name. Your data is processed in this case for the purpose of contacting you, and the basis for processing is our legitimate interest.
It may be that we are the party initiating contact with you via social media to offer cooperation, in which case your data will be processed for the purpose of searching for potential contractors, offering and establishing cooperation, which is our legitimate interest.
Messages sent to us via social media are subject to automatic archiving through tools available within each social network and are available to us until you delete them. You have access to all messages exchanged with us in the private messages tab.
Your use of social networking sites is subject to the rules and privacy policies of the administrators of these sites, and these administrators provide electronic services to you, fully independently and autonomously of us.
|Article 6(1)(f) RODO|
|Analysis and statistics using only Anonymous Information||We conduct analytical and statistical activities using tools provided by third-party providers. Within the analytical tools, we only have access to Anonymous Information. We base the processing of Anonymous Information on our legitimate interest in creating, reviewing and analyzing statistics related to user activity on the site in order to draw conclusions that allow us to optimize our operations later.
From within the tools, we can only see a set of statistics and information not assigned to specific individuals.
For details on third-party vendor tools, see the section on the tools we use.
|Article 6(1)(f) RODO|
|Self-marketing using only Anonymous Information||We conduct marketing activities using tools provided by third-party vendors. Within the marketing tools, we only have access to Anonymous Information. We base the processing of Anonymous Information on our legitimate interest in creating marketing leads based on Anonymous Information and targeting ads within external systems based on Anonymous Information for the purpose of marketing our own products and services. From within the tools, we only have access to a set of statistics and information not assigned to specific individuals.
For details on third-party vendor tools, see the section on the tools we use.
|Article 6(1)(f) RODO|
|Organization of promotional activities||In order to increase sales of products / services, we may conduct various promotional actions, including in cooperation with external partners. The rules related to the organization of promotional actions are defined in separate regulations. The scope of personal data we will process in connection with the organization of a promotional action may vary depending on the type of promotional action.
The legal basis for processing your personal data is our legitimate interest, which in this case is marketing and increasing sales of our own products.
|Article 6(1)(b) RODO, Article 6(1)(f) RODO|
|Provide additional functions using only Anonymous Information||We may embed video or audio players, social widgets, comment module, chat, newsletter forms or other tools provided by third parties on our pages. All of these tools process Anonymous Information. We base the processing of Anonymous Information on our legitimate interest, which in this case is to provide you with the ability to use additional features on the site. We do not have access to other information from the tools, moreover, we do not need this information for anything - Anonymous Information is processed only so that additional functions can work. For detailed information on the tools of third-party providers, please see the section on the tools we use.||Article 6(1)(f) RODO|
|Implementation of obligations related to the protection of personal data||As a data controller, we are obligated to fulfill our data protection obligations. Accordingly, we may process your personal data insofar as it is necessary to fulfill these obligations (e.g., when processing your request for your personal data). The extent of the data depends on what data we need to perform the obligation and prove compliance with the RODO. In addition, in this case we also rely on our legitimate interest in securing the data necessary to demonstrate accountability.||Article 6(1)(c) RODO, Article 6(1)(f) RODO|
# 4: What information do we have about you?
- email address,
- phone number,
- IP address,
- delivery address,
- invoice details,
- details of the order placed,
- data collected in the mailing system,
- data related to the added comment / opinion,
- information visible in social media profiles,
- information contained in the correspondence,
# 5: Where do we get your personal information from?
In most cases, you provide them to us yourself. For example, this happens when you register a user account, place an order, send a complaint or withdraw from a contract, contact us via email or chat, and use the functionalities available on our Site or external services (e.g. social networks).
In addition, some information about you may be automatically collected by tools we use. For details on third-party vendor tools, please see the section on the tools we use.
In exceptional cases, we may also obtain your personal data from other sources, such as when the entity that employs you indicates your data to us as contact persons for contractual matters, or when you represent an entity that enters into a contract with us.
# 6: Is the data safe?
We care about the security of your personal data. We have analyzed the risks involved in the various processes of processing your data, and then implement appropriate security and personal data protection measures. We constantly monitor the state of the technical infrastructure, train our staff, look at the procedures in place, and make the necessary improvements.
# 7: How long will we keep personal information?
We process your personal data for as long as it is reasonable within the framework of a given purpose for processing your personal data, and therefore the processing periods vary depending on the purpose. Please note that the termination of the processing of your data for one purpose does not necessarily lead to the complete deletion or destruction of your personal data, as the same set of data may be processed for another purpose for the period indicated for it. Complete deletion or destruction of data occurs when we have completed all purposes and in other cases indicated in the RODO.
Below you will find a description of the processing periods:
- User account - data related to the user account is processed for the duration of the user account;
- Fulfillment of orders and the concluded contract - data related to the contract are processed for the time necessary to conclude and perform the contract;
- Actions taken to complete orders by customers - data related to unfinished orders will be processed for a maximum of 6 months from the date you placed the order;
- Complaints and withdrawals - data related to complaints and withdrawals are processed for the time necessary to handle the complaint or withdrawal;
- Newsletter - data related to the newsletter will be processed for the duration of your use of the newsletter;
- Comments / opinions - data related to the posting of comments / opinions will be processed until you delete the comment or opinion;
- Contact and correspondence handling - data related to correspondence handling will be processed for the duration of contact between us;
- Tax and accounting obligations - data related to the performance of tax and accounting obligations will be processed for the time prescribed by tax law, usually 5 years after the end of the fiscal year;
- Archive - data related to the archive will be processed until the information that is in the archive is no longer useful;
- Determination, investigation and defense of claims - data related to claims will be processed until the statute of limitations for claims, whereby the period of limitation for claims may vary in light of applicable laws (e.g. for businesses it may be 3 years, and for consumers 6 years);
- Recipient groups - data related to recipient groups will be processed until they are no longer useful or you successfully object;
- Social media - in general, I have no control over the retention period of your personal data on social media. They are available on Facebook, Instagram, YouTube or LinkedIN under the terms of the rules and privacy policies of those sites. We are not able to remove your data from Facebook, Instagram, YouTube or LinkedIN - only you can do that;
- Analytics and statistics - data related to analytics and statistics will be processed until it is no longer useful or you successfully object;
- Self-marketing - Data related to self-marketing will be processed until it is no longer useful or you successfully object;
- Organization of promotional actions - we process data related to the organization of promotional actions for the time necessary to carry out the promotional action;
- Additional tools - data related to additional tools will be processed until they are no longer useful or you successfully object;
- Data Protection Obligations - Data related to the protection of personal data will be processed until it becomes obsolete, you successfully lodge an objection, or the expiration of the statute of limitations on our liability as data controller.
Where we process your personal data on the basis of consent you have given us, you may withdraw such consent at any time: either by your action or by contacting us at the contact details provided. Remember that withdrawal of consent does not affect the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.
# 8: Who are the recipients of personal data?
We would venture to say that modern business cannot do without services provided by third parties. We also use such services. Some of these services involve the processing of your personal data. Third-party service providers that are involved in the processing of your personal data are:
- Hosting provider - for the purpose of storing data on the server;
- mailing system provider - for the use of the mailing system;
- invoicing system provider - for the purpose of invoicing;
- CRM system provider - for the purpose of streamlining work;
- Pop-up display system provider - for the purpose of displaying pop-ups;
- Customer service system provider - for streamlining the customer service process;
- provider of a landing page management tool - for data collection via landing pages;
- Accounting office - for the use of accounting services;
- Law firm - for the purpose of providing legal services to us;
- Maintenance - for the purpose of conducting technical work on those areas where data is processed;
- order processor, courier company, Poczta Polska - for the purposes of logistical handling of orders, the subject of which is a physical product;
- other subcontractors, in particular IT solution providers - for the purpose of working with various subcontractors who may have access to your personal data if they provide services in connection with such access.
If the need arises, your data may be shared with a legal advisor or attorney bound by professional secrecy. The need may arise from the need for legal assistance requiring access to your personal information.
Your personal data may also be transferred to the tax authorities to the extent necessary for the performance of tax and accounting duties. This includes, in particular, all declarations, reports, statements and other accounting documents containing your personal data.
In addition, if necessary, your personal data may be shared with entities, authorities or institutions entitled to access the data under the law, such as police, security services, courts, prosecutors.
Your data is shared with courier companies to the extent necessary to deliver your order. These companies become independent administrators of your personal data.
# 9: Do we transfer data to third countries or international organizations?
Yes, part of the processing operations of your personal data may involve their transfer to third countries.
We transfer your personal data to third countries in connection with the use of tools using resources located in third countries, in particular in the United States. The providers of these tools guarantee an adequate level of personal data protection through the relevant compliance mechanisms provided by the RODO, in particular through the use of standard contractual clauses.
Currently, your personal data is transferred to third countries in connection with our use of the following solutions:
|Type of solution||Solution provider||Third country|
|Mailing system||MailerLite||Ireland, USA|
|Data backup||Updraft WP Software Ltd.||UK|
|Displaying pop-ups||PopUp Builder, Sygnoos||Armenia|
# 10: Do we use profiling?
We do not make decisions about you based solely on automated processing, including profiling, that would have legal effects on you or similarly materially affect you. Yes, we use tools that may take certain actions depending on the information collected through tracking mechanisms, but we believe that these actions do not materially affect you, as they do not differentiate your situation as a customer, do not affect the terms of the contract you may enter into with us, etc.
Using certain tools, we can, for example, target you with personalized advertisements based on previous actions you have taken on the Site or suggest products that may be of interest to you. We are talking here about so-called behavioral advertising. We encourage you to learn more about behavioral advertising, particularly with regard to privacy issues. You can find detailed information, along with the ability to manage your behavioral advertising settings, here.
# 11: What are your rights?
The RODO grants you the following potential rights related to the processing of your personal data:
- The right to access your data and receive a copy of it;
- The right to rectify (amend) your data;
- The right to erasure (if, in your opinion, there is no basis for us to process your data, you can request that we erase it);
- The right to restrict data processing (you can request that we restrict the processing of your data only to storing it or performing activities agreed with you, if in your opinion we have incorrect data or are processing it unduly);
- The right to object to processing (you have the right to object to processing on the basis of a legitimate interest; you should indicate the particular situation that you think justifies us stopping the processing covered by the objection; we will stop processing your data for these purposes unless we demonstrate that the grounds for our processing override your rights or that your data are necessary for us to establish, assert or defend claims);
- The right to data portability (you have the right to receive from us in a structured, commonly used machine-readable format the personal data you have provided to us on the basis of a contract or your consent; you can have us send this data directly to another entity);
- The right to withdraw consent to the processing of personal data, if you have previously given such consent;
- The right to lodge a complaint with a supervisory authority (if you find that we are processing your data unlawfully, you can file a complaint about it with the President of the Office for Personal Data Protection or any other competent supervisory authority).
The rules related to the exercise of the rights indicated above are described in detail in Articles 16-21 of the RODO. We encourage you to familiarize yourself with these provisions. For our part, we deem it necessary to explain to you that the rights indicated above are not absolute and you will not be entitled to them in relation to all processing activities of your personal data.
We emphasize that one of the rights indicated above is always available to you: if you consider that we have violated data protection regulations in the processing of your personal data, you have the opportunity to file a complaint with the supervisory authority (President of the Office for Personal Data Protection).
Cookies are small text information stored on your terminal device (e.g. computer, tablet, smartphone), which can be read by our ICT system (our own cookies) or by third-party ICT systems (third-party cookies). Cookies may record and store certain information, which can then be accessed by ICT systems for specific purposes.
Some cookies we use are deleted when your browser session ends, i.e. when you close it (so-called session cookies). Other cookies are retained on your terminal device and allow your browser to be recognized the next time you visit the site (persistent cookies).
If you want to learn more about cookies as such, you can read, for example, this material.
# 14: Can you disable cookies?
Yes, you can manage your cookie settings within your web browser. You can block all or selected cookies. You can also block cookies of specific sites. You can also delete previously saved cookies and other site and plug-in data at any time.
Web browsers also offer the possibility to use incognito mode. You can use it if you don't want information about the pages you visit and the files you download to be saved in your browsing and download history. Cookies created in incognito mode are deleted when you close all windows in this mode.
There are also browser plug-ins available to control cookies, such as Ghostery. The option to control cookies may also be provided by additional software, particularly antivirus packages, etc.
In addition, there are tools on the Internet that allow you to control certain types of cookies, in particular to collectively manage behavioral advertising settings.
# 15: For what purposes do we use our own cookies?
Custom cookies are used to ensure proper functioning of particular mechanisms of our websites, such as remembering the contents of a shopping cart for a certain period of time after adding selected products to it, proper transmission of the form visible on the pages, handling newsletter forms, etc. Custom cookies also store information about the cookie settings you have defined through the cookie management mechanism.
# 16: What third-party cookies are used?
# 17: How can you manage your privacy?
- cookie settings within your web browser;
- Browser plug-ins that support cookie management, e.g. Ghostery;
- Additional software that manages cookies;
- incognito mode in the web browser;
- behavioral advertising settings, such as youronlinechoices.com;
- A mechanism for managing cookies from within our website.
# 18: Is there anything else you should know about?
|Name of the tool||Description of operation and cookies|
|MailerLite||We use the MailerLite mailing system provided by the Irish company MailerLite Limited. Mailing list sign-up forms embedded on our sites may use cookie technology for the purpose of ensuring the proper functioning of these forms and measuring their conversions. We do not have access to the information collected in MailerLite's cookies in order for the forms to function properly - we are only interested in making the form work properly. When it comes to measuring the conversion of sign-up forms, we only have access to anonymous statistical information.
In addition, we use an additional feature of the MailerLite system to control how often pop-ups with mailing list sign-up forms are displayed to you. This uses a MailerLite cookie that stores information when a pop-up is displayed to you with the goal of not displaying it to you again for a specified period of time.
In addition, we use an additional feature of the MailerLite system - a website builder. Web pages created in this way are stored within the MailerLite infrastructure and use MailerLite cookies to ensure their proper operation and to provide insight into anonymous statistics that allow us to evaluate the effectiveness of the pages.
You can download the privacy and cookies policy here.