Privacy Policy

§1. Personal Data Controller

1. The personal data controller in accordance with Art. 4 paragraph 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR) ) is Aquamonkey Limited Liability Company, located at ul. Palisadowa 20/22, 01-940 Warszawa, NIP: 5272981871, REGON: 520744494, entered in the Register of Entrepreneurs of the National Court Register under the number KRS: 0000939843, registry court: District Court for the Capital City of Warsaw in Warsaw, XIII Economic Department of the National Court Register, share capital: 50.000.00 PLN.

2. Data controller email address: [email protected].

3. Controller according to Art. 32 paragraph 1 GDPR is obliged to comply with the rules for the protection of personal data and take appropriate technical and organizational measures to prevent accidental or illegal destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data processed in connection with its activities.

4. The provision of personal data by the client is voluntary, but necessary for concluding an agreement with the data controller.

5. The data controller processes personal data to the extent necessary for the performance of the contract or the provision of services in favor of the data subject.

§2. Purpose and grounds for the processing of personal data

The controller processes personal data for the following purposes:

a) preparation of a commercial offer in response to the interest of the client, which is the legitimate interest of the data controller (Art. 6 para. 1 (f) GDPR);

b) the conclusion and execution of sales contracts with customers, on the basis of the concluded contract (art. 6 par. 1 (b) GDPR);

c) the provision of services by electronic means through the online store, on the basis of a concluded contract (art. 6 par. 1 (b) GDPR);

d) consideration of complaints based on obligations incumbent on the controller in accordance with the applicable legal provisions (art. 6 para. 1 (c) GDPR);

e) for accounting purposes related to the issuance and acceptance of settlement documents in accordance with tax legislation (Art. 6 para. 1 (c) GDPR);

f) archiving data for the possible establishment, exercise or defense of legal claims or the need to provide facts, which is the legitimate interest of the data controller (art. 6 para. 1 (f) GDPR);

g) contact by telephone or e-mail, in particular in response to a request addressed to the data controller, which is the legitimate interest of the data controller (Art. 6 par. 1 (f) GDPR);

h) sending technical information regarding the operation of the Online Store and the services provided to the customer, which is the legitimate interest of the data controller (Art. 6 para. 1 (f) GDPR);

i) marketing that is in the legitimate interest of the data controller (Art. 6 para. 1(f) GDPR) or is based on previously granted consent (Art. 6 para. 1(a) GDPR).

§3. Data recipients. Data transfer to third countries

1. The recipients of personal data processed by the controller may be subjects cooperating with the controller, if this is necessary for the performance of the contract concluded with the data subject.

2. Recipients of personal data processed by the controller may also be subcontractors - entities whose services are used by the data controller during data processing, such as accounting offices, law firms, IT service providers (including hosting services).

3. The data controller may be required to provide personal data on the basis of applicable law, in particular to provide personal data to authorized public authorities or institutions.

4. Personal data in connection with the controller's use of tools to analyze and track traffic on its websites may be transferred to an entity located outside the European Economic Area, such as Google LLC or Meta Platforms Inc. As an appropriate data protection measure, the controller has agreed to standard contractual clauses in accordance with Art. 46 GDPR with providers of these services. More information can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en.

§4. Period of storage of personal data

1. The data controller is obliged to store personal data during the term of the contract concluded with the data subject, and after its termination, for the purposes of exercising legal requirements related to the contract, fulfilling obligations arising from applicable legal provisions, but for a period not exceeding the limitation period in accordance with the provisions of the Civil Code.

2. The data controller is obliged to store personal data contained in payment documents for the period established by the provisions of the Law on Value Added Tax and the Law on Accounting.

3. The data controller is obliged to store personal data processed for marketing purposes for 10 years, but no longer than until the withdrawal of consent to data processing or objection to data processing.

4. The data controller is obliged to store personal data for purposes other than those specified in paragraphs 1-3 for one year, unless consent to data processing has been previously withdrawn, and data processing cannot be continued on any other basis than the consent of the data subject.

§5. Rights of the data subject

1. Each data subject has the right to:
a) access – to obtain confirmation from the controller whether his personal data is being processed or not. If data about the subject is processed, he has the right to receive

access to them and obtain the following information: purposes of processing, categories of personal data, information about the recipients or categories of recipients to whom the data has been or will be disclosed, the period for which the data is stored, or the criteria for determining it, the right of the data subject to demand rectification, deletion or restriction of the processing of personal data and object to such processing (art. 15 GDPR);

b) to receive a copy of the data being processed, the first copy being free of charge and for subsequent copies the controller may charge a reasonable fee based on administrative costs (art. 15 para. 3 GDPR);

c) for correction - to demand the correction of inaccurate personal data concerning him, the addition of incomplete data (art. 16 GDPR);

d) for deletion - to demand the deletion of his personal data if the controller no longer has legal grounds for their processing or the data is no longer needed for the purposes of processing (Article 17 GDPR);

e) restriction of processing – request restriction of the processing of personal data (Article 18 GDPR) if:
– the data subject disputes the accuracy of the personal data, within a period allowing the controller to verify the accuracy of the data;
– the processing is unlawful and the data subject opposes their deletion, demanding restriction of their use;
– the controller no longer needs the data, but they are necessary for the data subject to establish, exercise or defend legal claims;
– the data subject has raised an objection to processing, until it has been established whether the legitimate grounds on the part of the controller outweigh the grounds for objection of the data subject;

f) data portability - to receive in a structured, commonly used and machine-readable format the personal data that he has provided to the controller, as well as to demand that this data be sent to another controller if the data is processed on the basis of the consent of the data subject or a contract concluded with him, and if the data is processed by automated means (art. 20 GDPR);

g) object to the processing of his personal data for the legitimate purposes of the controller on grounds relating to his particular situation, including profiling. The controller is then obliged to assess whether there are valid legitimate grounds for processing that override the interests, rights and freedoms of the data subjects, or grounds for establishing, exercising or defending legal claims. If, according to the assessment, the interests of the data subject are more important than the interests of the controller, the controller will be obliged to stop processing data for these purposes (art. 21 GDPR).

2. In order to exercise the aforementioned rights, the data subject must contact the controller using the contact details provided and inform him which right and to what extent he wishes to exercise.

3. The data subject has the right to lodge a complaint with the supervisory authority, which is the chairman of the Office for Data Protection in Warsaw.

§6. Profiling

1. The personal data received by the controller may be processed by automated means - including profiling. The profiling of personal data carried out by the controller consists in the evaluation of selected information about the data subject in order to analyze and predict personal preferences and interests, in particular in order to be able to provide the data subject with a personalized offer.

2. The automated processing carried out by the controller does not entail any legal consequences for the data subject. The data subject may object to the automated processing of his or her data at any time.

§7. Google Analytics

1. The controller uses Google Analytics, a web analytics service provided by Google Inc., located in the USA.

2. Google Analytics uses cookies to analyze the user's use of the website. The information generated by the cookie about the use of the website is transmitted to and stored on a Google server. At the request of the Controller, Google will use this information to analyze the use of the website by users in order to prepare reports on the activity on the website and to provide other services related to the use of the website and the Internet by the requesting entity.

3. The data will not be used for personal identification.

4. The user can prevent the storage of cookies by using the appropriate settings of the web browser; however, in this case, the user will not be able to use the full functionality of the website. In addition, users can prevent the collection by Google of the data generated by cookies and related to their use of the website (including their IP address) and the processing of this data by Google by downloading and installing the web browser plug-in available at the following link: https://tools.google.com/dlpage /gaoptout?hl=pl.

5. The user can object to the collection and processing of data related to the use of the Google website at any time by downloading and installing the plug-in for the web browser, which is available at the following address: https://tools.google.com/dlpage/gaoptout?hl=en.

§8. Facebook Pixel

1. The controller uses Facebook Pixel, an analytics tool that helps measure the effectiveness of ads based on the analysis of user actions on the website.

2. The Controller uses the Facebook Pixel tool to deliver personalized Facebook ads to the Client. This involves the use of Facebook cookies. The legal basis for the Controller's use of the Facebook Pixel tool is Art. 6 para. 1(f) GDPR.

COOKIE POLICY

1. The online store does not collect any information through automated means, other than that contained in cookies.

2. Cookies (so-called "cookies") are IT data, in particular text files, which are stored on the Customer's end device and are intended for the use of the pages of the Online Store. Cookies usually contain the name of the website from which they originate, the duration of storage on the end device and a unique number.

3. The entity placing cookies on the Client's end device and accessing them is the Seller in accordance with the rules of the online store.

4. Cookies are used to:

a) adapting the content of the pages of the Online Store to the preferences of the Customer and to optimize the use of websites; in particular, these files make it possible to recognize the Client's device and display the website accordingly, adapted to his individual needs;

b) creating statistics that help understand how customers use websites, thus improving their structure and content;

c) maintaining the Client's session in order to return to the contents of the basket.

5. The Online Store uses the following types of cookies:

a) session and persistent cookies. Session cookies are temporary files that are stored on the Client's end device until the Client logs out, leaves the website or closes the software (web browser). Persistent cookies are stored on the Client's end device for the period specified in the cookie settings or until they are deleted by the Client;

b) Necessary cookies designed to enable the use of services available within the Online Store, such as authentication cookies used for services requiring authentication within the Online Store;

c) cookies used for security purposes, for example, to detect abuse of authentication within the Online Store;

d) performance cookies that allow the collection of information about the use of the websites of the online store;

e) functional cookies that allow "remembering" the settings chosen by the Client and personalizing the Client's interface, for example, in relation to the Client's chosen language or region of origin, font size, website appearance, etc.;

f) advertising cookies that enable us to provide Clients with advertising content more relevant to their interests.

6. In many cases, the web browsing software (web browser) by default allows cookies to be stored on the Client's end device. Customers can change their cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic processing of cookies in the web browser settings or to inform each time they are placed on the Client's device. Detailed information about the possibilities and methods of processing cookies is available in the software (web browser) settings.

7. The seller informs that restrictions on the use of cookies may affect some of the functionality available in the online store.