ACCORDING TO THE LAWS OF PROTECTION OF PERSONAL DATA:

• the administrator of your personal data is: Polanik, ul. Życzliwa 11, 97-300 Piotrków Trybunalski, e-mail: info@polanik.com,
• the legal basis for the processing of your personal data is your consent, which you expressed when subscribing to the newsletter or registering in the store,
• we will process your data in order to send you a newsletter,
• we will not share your data with third parties,
• Your data will be stored on a server located in the European Union with our service provider, which ensures an adequate level of protection of personal data,
• The data will be processed until you have the consent given, unless you decide to resign from receiving the newsletter in advance, which will result in the removal of data from the database,
• you have the right to request access to your personal data and to rectify, delete or limit processing or the right to object to processing, as well as the right to data portability - in accordance with Articles 16 - 21 of the GDPR,
• you can lodge a complaint with the supervisory authority at any time if you believe that your data is processed unlawfully,
• Providing personal data is voluntary, but necessary to receive our newsletter.

Privacy Policy

1. This Privacy Policy defines the rules for the processing of personal data obtained through the online store www.polanik.com hereinafter referred to as "the store."
2. The owner of the Store and at the same time the data controller is Polanik Sp. z o.o. - Sp. K., ul. Życzliwa 11, 97-300 Piotrków Trybunalski VAT 7712875632, REGON 101339536, hereinafter referred to as Polanik.
3. Personal data collected by Polanik through the Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), also known as the GDPR.
4. Polanik takes special care to respect the privacy of Customers visiting the Store.

§ 1 Type of data processed, purposes and legal basis

1. Polanik collects information on natural persons performing a legal act not directly related to their activities, natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organizational units that are not legal persons, to whom the Act grants legal capacity, conducting business or professional activity on their own behalf, hereinafter collectively referred to as Clients.
2. Customers' personal data is collected in the case of:
   a) registering an account in the Store, in order to create an individual account and manage this account. Legal basis: necessity to perform the contract for the provision of the Account service (Article 6 (1) (b) of the GDPR),
   b) placing an order in the Store, in order to perform the sales contract. Legal basis: necessity to perform the sales contract (Article 6 (1) (b) of the GDPR),
   c) subscription to the newsletter (Newsletter), in order to perform the contract provided electronically. Legal basis - consent of the data subject to the performance of the contract for the provision of the Newsletter service (Article 6 (1) (a) of the GDPR).
3. In the case of registration of an account in the Store, the Customer provides:
   a) e-mail address,
   b) name and surname.
4. When registering an account in the Store, the Customer independently determines the individual password of access to his account. The Customer may change the password at a later time, on the terms described in § 5.
5. In the case of placing an order in the Store, the Customer provides the following data:
   a) e-mail address,
   b) address data,
   c) name and surname,
   d) phone number.
6. In the case of Entrepreneurs, the above scope of data is additionally extended by:
   a) Company of the entrepreneur,
   b) VAT number.
7. If you use the Newsletter service, the Customer only provides his e-mail address.
8. When using the Store's website, additional information may be collected, in particular: IP address assigned to the Customer's computer or external IP address of the Internet provider, domain name, browser type, access time, operating system type.
9. Navigation data may also be collected from Customers, including information about links and links in which they decide to click or other activities undertaken in our Store. Legal basis - a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
10. In order to determine, pursue and enforce claims, some personal data provided by the Customer may be processed as part of the use of functionality in the Store, such as: name, surname, data on the use of services, if the claims result from the way the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in establishing, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
11. Polanik processes personal data including: name, surname, e-mail address, as well as answers to prepared questions as part of the satisfaction survey and forms used for the satisfaction survey. Participation in such actions is voluntary. If the Customer does not agree to participate in them, he can inform the Polanik at any time to the address in accordance with Article 6, and then Polanik will block the relevant data. Legal basis - a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in improving the functionality of services provided electronically and assessing satisfaction with the services we provide.
12. Personal data provided to Polanik are provided to him voluntarily, in connection with the concluded sales contracts or the provision of services via the Store's website, with the reservation that failure to provide the data specified in the forms in the Registration process prevents Registration and creation of the Customer Account in the case of placing an order without the Customer Account Registration will prevent the submission and execution of the Customer's order.

§ 2 To whom is the data made available or entrusted and how long is it stored?

1. The Customer's personal data are transferred to service providers used by Polanik while running the Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are either subject to Polanik's instructions as to the purposes and methods of processing this data (processors) or independently determine the purposes and methods of their processing (administrators):
   a) Processors. Polanik uses suppliers who process personal data only at the request of Polanik. These include, among others, providers providing hosting services, accounting services, providing marketing systems, systems for analyzing traffic in the Store, systems for analyzing the effectiveness of marketing campaigns,
   b) Administrators. Polanik uses suppliers who do not act solely on instructions and determine the purposes and methods of using Customers' personal data. They provide electronic and banking payment services.
2. Location. Service providers are mainly based in Poland and other countries of the European Economic Area (EEA), with the exception of the newsletter, where the data is transferred to a third country.
3. Customers' personal data are stored:
   a) In the event that the basis for the processing of personal data is consent, the Customer's personal data are processed by Polanik until the consent is revoked, and after the withdrawal of consent for a period of time corresponding to the period of limitation of claims that the Polanik may raise and which may be raised against him. Unless otherwise provided for in the special provision, the limitation period is ten years, and for claims for periodic benefits and claims related to running a business - three years.
   b) In the event that the basis for data processing is the performance of the contract, the Customer's personal data are processed by Polanik for as long as it is necessary for the performance of the contract, and after that time for a period corresponding to the limitation period for claims. Unless otherwise provided for in the special provision, the limitation period is ten years, and for claims for periodic benefits and claims related to running a business - three years.
4. In the case of making a purchase in the Store, personal data may be transferred, depending on the Customer's choice, to the following entities in order to deliver the ordered goods:
   a) courier companies,
   b) InPost Paczkomaty Sp. z o.o., providing delivery and service services for the post office box system (Paczkomaty),
   c) transport company Erontrans.
5. In the event that the Customer chooses payment through the Przelewy24 - PayPro S.A. system, his personal data are transferred to the extent necessary for the payment to Przelewy24 - PayPro S.A. with its registered office in Poznań 60-327, ul.
6. Navigation data may be used to provide Customers with better service, analysis of statistical data and adaptation of the Store to the Customers' preferences, as well as administration of the Store.
7. In the event that the Customer subscribes to the Newsletter to his e-mail address Polanik will send electronic messages containing commercial information about promotions and new products available in the Store.
8. Polanik, in the case of a request, makes personal data available to authorized state authorities, in particular to the organizational units of the prosecutor's office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Cookie Mechanism, IP Address, ReCAPTCHA

1. The store uses small files, called cookies. They are saved by Polanik on the end device of the person visiting the Store, if the web browser allows it. A cookie usually contains the domain name from which it originated, its "expiration time" and the individual randomly selected number identifying that file. Information collected using files of this type helps to adapt the products offered by Polanik to individual preferences and real needs of visitors to the Store. It also gives the opportunity to develop general statistics of visits to the presented products in the Store.
2. Polanik uses two types of cookies:
   a) session cookies: After the session of a given browser or disables the computer, the saved information is deleted from the device's memory. The session cookies mechanism does not allow the collection of any personal data or any confidential information from Customers' computers,
   b) persistent cookies: they are stored in the memory of the Customer's terminal device and remain there until they are deleted or expired. The permanent cookies mechanism does not allow the collection of any personal data or any confidential information from the Customers' computer.
3. Polanik uses its own cookies to:
   a) authentication of the Customer in the Store and providing the Customer's session in the Store (after logging in), thanks to which the Customer does not have to re-enter the login and password on every subpage of the Store,
   b) analysis and research and audience audit, and in particular to create anonymous statistics that help to understand how Customers use the Store's website, which allows to improve its structure and content.
4. Polanik uses external cookies to:
   a) popularization of the Store using the social network facebook.com (external cookie administrator: Facebook Inc. based in the USA or Facebook Ireland based in Ireland),
   b) authentication of the Customer in the Store and providing the Customer's session in the Store (after logging in), thanks to which the Customer does not have to re-enter the login and password on every subpage of the Store, using the social network Facebook.com (external cookie administrator: Facebook Inc. based in the USA or Facebook Ireland based in Ireland).
5. The cookie mechanism is safe for the computers of the Store's customers. In particular, it is not possible to enter the computers of customers of viruses or other unwanted software or malware. However, in their browsers, customers have the option to limit or disable the access of cookies to computers. If you use this option, you will be able to use the Store, in addition to the functions that by their nature require cookies.
6. Below we present how you can change the settings of popular web browsers in the use of cookies:
   a) Browser: Internet Explorer,
   b) Browser: Microsoft EDGE,
   c) Browser: Mozilla Firefox,
   d) Browser: Chrome,
   e) Browser: Safari,
   f) Browser: Opera.
7. Polanik may collect IP addresses of Customers. The IP address is the number assigned to the computer of the person visiting the Store by the Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes with each connection to the Internet and for this reason is treated as non-personal identifying information. The IP address is used by Polanik in diagnosing technical problems with the server, creating statistical analyses (e.g. determining which regions we record the most visits), as information useful in administering and improving the Store, as well as for security purposes and possible identification of server-bearing, undesirable automated programs for viewing the Store's content.
8. The store contains links and links to other websites. Polanik is not responsible for the privacy protection rules applicable to them. It is recommended to read the privacy policies in force there.
9. To ensure sufficient data security when submitting forms, we use the reCAPTCHA service provided by Google Inc. in certain cases. This primarily serves to distinguish whether the entry was made by a natural person or whether there was abuse by machine and automated processing. The service includes sending the IP address and, if applicable, other data required by Google Inc. for the operation of the reCaptcha service. In this respect, there are different data protection regulations of Google Inc. More information from Google Inc. regarding data protection can be found on the website http://www.google.de/intl/pl/privacy or https://policies.google.com/privacy?hl=pl.

§ 4 Rights of data subjects

1. Right to withdraw consent - legal basis: Article 7 (3) of the GDPR.
   a) The Customer has the right to withdraw any consent given by Polanik,
   b) withdrawal of consent has effect from the moment of withdrawal of consent,
   c) withdrawal of consent does not affect the processing carried out by us in accordance with the law before its withdrawal,
   d) withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities, which in accordance with the law the Polisher can provide only with consent.
2. Right to object to the use of data - legal basis: Art. 21 GDPR.
   a) The Customer has the right to object at any time to the use of his personal data, including profiling, if Polanik processes his data based on a legitimate interest, e.g. marketing Polanik products and services, keeping statistics on the use of individual functionalities of the Store and facilitating the use of the Store, as well as satisfaction surveys,
   b) resignation in the form of an e-mail from receiving marketing messages regarding products or services will mean the Customer's objection to the processing of his personal data, including profiling for these purposes,
   c) if the Customer's objection proves to be justified and Polanik will have no other legal basis for the processing of personal data, the Customer's personal data will be deleted, to which the Customer has objected.
3. Right to erase ("right to be forgotten") - legal basis: Art. 17 GDPR.
   a) The customer has the right to request the deletion of all or some personal data.
   b) The customer has the right to request the deletion of personal data if:
        a. personal data are no longer necessary for the purposes for which they were collected or processed,
        b. has withdrawn certain consent to the extent that personal data were processed on the basis of his consent,
        c. objected to the use of his data for marketing purposes,
        d. personal data are processed unlawfully,
        e. personal data must be deleted in order to comply with the legal obligation provided for by Union or the law of the Member State to which the Polish person is subject,
        f. Personal data has been collected in connection with the offering of information society services.
   c) Despite the request to delete personal data, in connection with the submission of an objection or withdrawal of consent, Polanik may retain certain personal data to the extent necessary for the purpose of establishing, pursuing or defending claims. This applies in particular to personal data including: name, surname, e-mail address, which data are stored for the purpose of dealing with complaints and claims related to the use of Polanik services, or additionally the address of residence / correspondence address, order number, which data are stored for the purposes of dealing with complaints and claims related to concluded sales or service agreements.
4. Right to restriction of data processing - legal basis: Art. 18 GDPR.
   a) The customer has the right to request the restriction of the processing of his personal data. Submitting a request, until its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. The Pole will also not send any messages, including marketing.
   b) The customer has the right to request the restriction of the use of personal data in the following cases:
        a. when he disputes the correctness of his personal data - then Polanik limits their use for the time needed to check the correctness of the data, but not longer than for 7 days,
        b. when the processing of data is unlawful, and instead of deleting data, the Customer requests a restriction of their use,
        c. when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Customer to establish, assert or defend claims,
        d. when he objected to the use of his data - then the limitation takes place for the time needed to consider whether - due to a special situation - the protection of the Customer's interests, rights and freedoms prevails over the interests pursued by the Administrator, processing the Customer's personal data.
5. Right of access to data - legal basis: Art. 15 GDPR.
   a) The Customer has the right to obtain confirmation from the Administrator whether he processes personal data, and if this happens, the Customer has the right to:
        a. access to your personal data,
        b. obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of these data, the planned period of storage of Customer's data or the criteria for determining this period, the rights of the Customer under the GDPR and the right to lodge a complaint with the supervisory authority, the source of these data, automated decision-making, including profiling and the safeguards used in connection with the transfer of these data outside the Union European,
        c. Get a copy of your personal data.
6. Right to rectification - legal basis: Art. 16 GDPR.
   a) The Customer has the right to request from the Administrator prompt rectification of personal data concerning him, which are incorrect. Taking into account the purposes of processing, the Customer to whom the data relates has the right to request the completion of incomplete personal data, including by submitting an additional statement, sending a request to the e-mail address in accordance with Section 6 of the Privacy Policy.
7. Right to data portability - legal basis: Art. 20 GDPR.
   a) The Customer has the right to receive his personal data, which he provided to the Administrator, and then send them to another, selected by him, administrator of personal data. You also have the right to request that personal data be sent by us directly to such other controller, where technically feasible. In this case, the Administrator will send the Customer's personal data in the form of a file in the csv format, which is a commonly used format, suitable for machine reading and allowing the received data to be sent to another administrator of personal data.
8. In the event of the Customer's application with the right resulting from the above rights, the Administrator fulfills the request or refuses to fulfill it immediately, but not later than within one month after its receipt. However, if - due to the complicated nature of the request or the number of requests - the Administrator will not be able to meet the request within a month, he will fulfill it within the next two months informing the Customer about the intended extension of the deadline.
9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.
10. The Customer has the right to request from Polanik the transfer of a copy of standard contractual clauses by sending an inquiry in the manner indicated in Article 6 of the Privacy Policy.
11. The Customer has the right to lodge a complaint with the President of the Office for Personal Data Protection, in the scope of violation of his right to the protection of personal data or other rights granted under the GDPR.

§ 5 Security Management - Password 

1. Polanik provides Customers with a secure and encrypted connection during the transfer of personal data and when logging into the Customer Account in the Store. Polanik uses an SSL certificate issued by ESET SSL Filter CA, one of the world's leading companies in the field of security and encryption of transmitted data over the Internet.
2. In the event that the Customer with an account in the Store has lost the password of access in any way, the Store allows to generate a new password. The Pole does not send a password reminder. The password is stored in a database in encrypted form, in a way that prevents it from being read. In order to generate a new password, you must provide an e-mail address in the form available under the link "You do not remember the password," provided next to the login form for the account in the Store. The new password will be automatically sent to the e-mail address provided during registration or saved in the last change of the account profile.
3. Polanik never sends any correspondence, including electronic correspondence with a request for login data, in particular the password access to the Customer's account.

§ 6 Changes to the Privacy Policy

1. The Privacy Policy may change, about which Polanik will inform Customers in advance 7 days.
2. Questions related to the Privacy Policy should be sent to: info@polanik.com.