Privacy and cookies policy

TABLE OF CONTENTS:

1. Privacy policy for the USA
2. Privacy policy for the UE

Privacy policy for the USA

TABLE OF CONTENTS:

1. 1. 1. INTRODUCTION
      2. CHILDREN UNDER AGE OF 18
      3. INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
      4. HOW DO WE USE YOUR INFORMATION
      5. DISCLOSURE OF YOUR INFORMATION
      6. CHOICES ABOUT HOW WE USE AND DISCLOSE YOUR INFORMATION
      7. YOUR STATE PRIVACY RIGHTS
      8. DATA SECURITY
      9. CHANGES TO OUR PRIVACY POLICY
      10. CONTACT INFORMATION

§ 1. Introduction

Terra Sp. z o.o. (“Company”, “Personal Data Controller”, “our”, or “we”), as well as TerGo LLC (“Personal Data Processor”) respect your privacy and are committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit the website https://tergo.io/privacy-and-cookies-policy/ (our “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

• On this Website.
• In email, text, and other electronic messages between you and this Website.
• Through mobile and desktop applications you download from this Website or from dedicated app stores, which provide dedicated non-browser-based interaction between you and this Website.

It does not apply to information collected by:

• Us offline or through any other means, including on any other website operated by Company or any third party; or
• Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time (see Changes to our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

§ 2. Children Under the Age of 18

Our Website is not intended for children under 18 years of age. No one under age 18 may provide any information to or on the Website. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Website or through any of its features, register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].

§ 3. Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, including information:

• By which you may be personally identified, such as name, postal address, email address, telephone number, or any other identifier by which you may be contacted online or offline (“personal information“);
• That is about you but individually does not identify you, such as age, gender, birthday, automatically recorded dates and times of visits to the Website, or other information that we may collect to assess demographic engagement; and/or
• About your internet connection, the equipment you use to access our Website, and usage details.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
• From third parties, for example, our business partners.

Information You Provide to Us

The information we collect on or through our Website may include:

• Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, purchasing products or services, or requesting further services. We may also ask you for information when you enter a contest or promotion sponsored by us, and when you report a problem with our Website.
• Records and copies of your correspondence (including email addresses), if you contact us.
• Your responses to surveys that we might ask you to complete for research purposes.
• Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.

You also may provide information to be published or displayed (hereinafter, “posted“) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions“), such as reviews or user experiences. Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Website according to your individual interests.
• Speed up your purchases or interactions.
• Recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
• Web Beacons. Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

§ 4. How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

• To present our Website and its contents to you.
• To provide you with information, products, or services that you request from us.
• To fulfill any other purpose for which you provide it.
• To provide you with notices about your account or subscription, including expiration and renewal notices.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To notify you about changes to our Website or any products or services we offer or provide though it.
• To allow you to participate in interactive features on our Website.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

§ 5. Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.
• To contractors, service providers, and other third parties we use to support our business[ and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Terra Sp. z o.o. or Tergo LLC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Terra Sp. z o.o. or TerGo LLC about our Website users is among the assets transferred.
• To fulfill the purpose for which you provide it. For example, if you give us an email address to make a purchase through our Website, we will transmit the a confirmation of that purchase to the email address.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your personal information:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our terms of use https://tergo.io/terms-of-use/ or terms of sale https://tergo.io/terms-and-conditions/ and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Terra Sp. z o.o. or Tergo, LLC customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

§ 6. Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
• Promotional Offers from the Company. If you do not wish to have your contact information used by the Company to promote our own or third parties’ products or services, you can opt-out by logging into the Website and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes. This opt out does not apply to information provided to the Company as a result of a product purchase, product service experience, or other transactions.

We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI“) on the NAI’s website.

§ 7. Your State Privacy Rights

Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:

• Confirm whether we process their personal information.
• Access and delete certain personal information.
• Data portability.
• Opt-out of personal data processing for targeted advertising and sales.

Colorado, Connecticut, and Virginia also provide their state residents with rights to:

• Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any of these rights please send an email to [email protected].

§ 8. Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures of the Website.

§ 9. Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you by email to the email address specified in your account or through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

§ 10. Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at: [email protected].

Privacy policy for the UE

TABLE OF CONTENTS:

1. GENERAL PROVISIONS
2. BASIS FOR THE PROCESSING OF DATA
3. PURPOSE, BASIS AND PERIOD OF PROCESSING DATA IN THE ONLINE SHOP
4. DATA RECIPIENTS IN THE ONLINE SHOP
5. PROFILING IN THE ONLINE SHOP
6. THE RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE SHOP AND ANALYTICS
8. FINAL PROVISIONS

§ 1. GENERAL PROVISIONS

• 1.1. This Privacy Policy of the website and the Online Shop is of informative nature, which means that it is not a source of obligations for Service Recipients or Customers of the Online Shop. The Privacy Policy contains, above all, the principles concerning the processing of data by the Controller and its Processor on the website and in the Online Shop, including the basis, purpose and period of personal data processing and the rights of data subjects as well as information regarding the use of cookies and analytical tools in the Online Shop.
• 1.2. The Controller of the personal data collected via the websites: tergo.io and pl.tergo.io and the Online Shop shall be the limited liability company TERRA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ based in Poland (the office address and correspondence address: Piastowska 7/120, 80-332 Gdańsk, Poland), registered in the register of entrepreneurs of National Court Registry under the number: 0000857732; register court which holds the company’s documentation: District Court Gdańsk – Północ in Gdańsk, VIII Commercial Department of National Court Registry; share capital in the amount of: 500 000,00 PLN; tax ID no. NIP: 5862359150, National Economy Register No. REGON 386466110, e-mail address: [email protected] – here in after referred to as “Controller”. TerGo LLC is a Personal Data Processor of company Terra and being simultaneously the Service Provider of the Online Shop and the Seller. In any matters related to the processing of personal data, you can contact the Administrator by writing to the following address: [email protected].
• 1.3. Personal data on the website and in the Online Shop shall be processed by the Controller in accordance with the binding legal regulations, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) hereinafter referred to as “GDPR” or “GDPR Regulation”. The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
• 1.4. Using the website and the Online Shop, including shopping, is voluntary. Similarly, providing personal data by the Service Recipient or the Customer using the website and the Online Shop is voluntary, subject to two exceptions: (1) into contracts with the Controller – failure to provide the personal data necessary for the conclusion and performance of the Sales Contract or a contract for the provision of an Electronic Service with the Controller in the cases and within the scope indicated on the website of the Online Shop and the Regulations of the Online Shop and this Privacy Policy shall result in no possibility to enter into the contract. Providing personal data is a contractual requirement in such a case and if the data subject is willing to enter into the contract with the Controller, they shall be obligated to provide the required data. The scope of the data required to enter into the contract is each time specified in advance on the website of the Online Shop and in the Regulations of the Online Shop; (2) statutory obligations of the Controller – specifying the personal data is a statutory requirement resulting from the commonly binding legal regulations obligating the Controller to process the personal data (e.g. processing data to keep ledgers) and failure to specify the data will render it impossible for the Controller to perform the obligations.
• 1.5. The Controller assures due diligence to protect the interest of persons being data subjects, in particular being responsible and liable for and assuring that the data collected are: (1) processed in accordance with the Act; (2) collected for specific, legal purposes and not subject to further processing inconsistent with the purposes; (3) correct as regards the subject matter and adequate as regards the purpose of the processing; (4) stored in a form making it possible to identify the people they apply to, no longer than it proves necessary to attain the purpose of processing and (5) processed in a manner ensuring security of the personal data, including the protection against illicit or illegal processing or accidental loss, damage or destruction, with the use of appropriate technical and organisational measures.
• 1.6. Taking into account the nature, scope, context and purpose of processing as well as the risk of breaching the rights or freedoms of natural persons with varied likelihood and degree of threat, the Controller is implementing appropriate technical and organisational measures so that the processing takes place pursuant to the GDPR Regulation and it is possible to show it. The measures are reviewed and updated, as necessary. The Controller applies technical measures preventing the acquisition and modification of personal data sent electronically by unauthorised persons.
• Any words, phrases and acronyms used in this privacy policy starting with a capital letter (e.g. Seller, Online Shop, Electronic Service) shall be understood in accordance with the definition contained in the Regulations of the Online Shop available on the websites of the Online Shop.

§ 2. BASIS FOR THE PROCESSING OF DATA

• 2.1. The Controller is authorised to process the personal data in cases, and to the extent, when at least one of the following conditions is met: (1) the data subject consented to the processing of their data to one or more specified ends; (2) processing is necessary for contract performance the data subject is a party to, or to take actions to the request of the data subject, prior to contract conclusion; (3) processing is necessary to meet the legal obligation of the Controller; or (4) processing is necessary for the needs resulting from the legally justified interests of the Controller or third party, except for situations when the interests or basic rights and freedoms of the data subject override such interests and they require personal data protection, especially when the data subject is a child.
• 2.2. The processing of personal data by the Controller each time requires having at least one basis indicated in item 2.1 of the privacy policy. Specific bases for processing personal data of the Service Recipients or the Customers of the website and the Online Shop by the Controller are specified in the following point of the privacy policy – as regards the specific goal of processing personal data by the Controller.

§ 3. PURPOSE, BASIS AND PERIOD OF PROCESSING DATA IN THE ONLINE SHOP

• 3.1. Each time, the purpose, basis and period as well as the recipients of personal data being processed by the Controller result from actions undertaken by a given Service Recipient or Customer on the website and in the Online Shop.
• 3.2. The Controller may process the personal data in the Online Shop for the purposes, on the bases and within the periods as follows:
  

  Purpose of data processing	Legal basis for processing data	Period of data storage
  The performance of the Sales Contract or a contract for the provision of an Electronic Service, or taking actions to the request of the data subject, prior to entering into the above contracts, including sending offers and analytical data, e.g. information on the carbon footprint	Article 6, par. 1, point b) of the GDPR Regulation (contract performance) – the processing is required to perform the Sales Contract of which the data subject is party or to take action to the request of the data subject, prior to entering into the contract.	The data shall be stored for the period necessary for the performance, termination or expiry of a contract entered into in a different manner, or in the event of an objection to the processing of data from their owner.
  Direct marketing	Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the controller) – the processing is required for achieving the goals based on the legitimate interest of the Controller which includes upholding interests and strengthening reputation of the Controller and the website and the Online Shop as well as his commitment for increasing sales of Products	The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity amounts to three years, and for a Sales Contract two years). The Controller may not process the data for the needs of direct marketing in the case of expressing clear objection in this field by the data subject.
  Sending Newsletter	Article 6, par. 1, point a) of the GDPR Regulation (consent) – the data subject expressed the consent to process its personal data for receiving marketing information from the Controller Article 6 (1) 1 lit. f) GDPR Regulations (legitimate interest of the Administrator) – a person who is interested in testing the TERbit application and receiving marketing information confirms that he has read the Privacy Policy	The data are stored until the data subject withdraws the consent to further process their data to that end, or – in the case of processing personal data on the basis of Article 6 para. 1 lit. f) GDPR Regulations – receipt of an objection to further data processing.
  Expressing an opinion on the concluded Sales Contract by the Customer	Article 6, par. 1, point a) of the GDPR Regulation (consent) – the data subject expressed the consent to process its personal data for purpose of expressing an opinion	The data are stored until the data subject withdraws the consent to further process their data to that end.
  Recruiting a new employee	Article 6 (1) 1 lit. a) GDPR Regulations (consent) – the data subject has consented to the processing of his personal data for the indicated purpose	The data is processed for the duration of the current recruitment. It can also be stored for the purposes of future recruitments, but not longer than for 1 year
  Keeping ledgers	Article 6, par. 1, point c) of the GDPR Regulation in relation with Article 74 part 2 of the Accounting Act consolidated text of 30 January 2018 (Journal of Laws of 2018 item 395, as amended) – the processing is required for the Controller due to their statutory obligations	The data shall be stored for the legally required period, requesting the Controller to store ledgers (5 years from the beginning of the year following the financial year to which the data relate).
  Determining, pursuing or defence of claims on the side of the Controller, or ones that may arise as regards the Controller	Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the controller) – the processing is required for the purposes resulting from the legitimate interests of the Controller which includes determining, pursuing or defence of claims on the side of the Controller, or ones that may arise as regards the Controller	The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims against the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims against the Controller amounts to six years).
  Use of the website and the Online Shop website and ensuring their proper functioning including leaving personal data in the contact form	Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the controller) – the processing is required for the purposes resulting from the legitimate interests of the Controller which includes operating and maintenance of the Online Shop	The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity amounts to three years, and for a Sales Contract two years).
  Preparing statistics and analysing the manner of the data subject conduct on the website of the Online Shop	Article 6, par. 1, point f) of the GDPR Regulation (legitimate interest of the controller) – the processing is required for the purposes resulting from the legitimate interests of the Controller which includes preparing statistics and analysing the manner of the data subject conduct on the website of the Online Shop in order to improve the functioning of the Online Shop and increase sales of Products	The data shall be stored for the period of the legitimate interest of the Controller, however no longer than the period of limitation of claims as regards the data subject under the business activity of the Controller. The period of limitation shall be specified by legal provisions, in particular the Civil Code (the basic period of limitation in the case of claims related to business activity amounts to three years, and for a Sales Contract two years).

§ 4. Personal data recipients on the website and in the online store

• 4.1. For the needs of proper website and the Online Shop functioning, inclusive of the performance of the Contracts of Sale entered into, it shall be necessary for the Controller to make use of external companies’ services (e.g. software provider, courier, or payment system provider). The Controller uses solely the services of such processing entities which ensure sufficient guarantee to implement appropriate technical and organisational measures so that the processing meets the requirements set out in the GDPR Regulation and protects the rights of data subjects.
• 4.2. The Controller may provide personal data to a third country, while the Controller ensures that it shall only be a third country which is considered to provide adequate level of protection – in accordance with the GDPR Regulation, and in the case of other countries, the data transfer will occur on the basis of the standard contractual clauses. The Controller ensures that the data subject has a right to get a copy of their data. The Controller provides personal data to a third country only in case and scope necessary to execute a certain purpose of data processing consistent with this privacy policy.
• 4.3. Providing data by the Controller does not take place in every case and not to all the recipients or categories of recipients defined in the privacy policy – the Controller provides the data only in the case it proves necessary to attain a given purpose of personal data processing and solely within the necessary scope.
• 4.4. Personal data of the Online Shop Service Recipients or Customers may be provided to the following recipients or categories of recipients:
  • 4.4.1. e-payments or payment card service providers – in the case of a Customer who uses in the Online Shop the option of e-payment or payment card, the Controller makes the collected Customer’s personal data available to the selected payment service provider in the Online Shop for the Controller to the extent necessary to perform the payment of the Customer.
  • 4.4.2. opinion poll system providers – in the case of a Customer who consented to express their opinion on the Sales Contract concluded, the Controller makes the collected personal data of the Customer available to the selected entity providing the system of opinion polls on Contracts of Sale concluded in the Online Store to the order of the Controller within a scope necessary for the Customer to present their opinion by means of an opinion poll system.
  • 4.4.3. service providers rendering for the Controller technical, IT or organisational solutions, making it possible for the Controller to conduct a business, inclusive of the Online Shop and Electronic Services provided via it (in particular computer software providers for the Online Shop, e-mail companies and hosting providers as well as software providers for company management and technical aid for the Controller) – the Controller makes the collected personal data of the Customer available to the selected provider operating to their order only in the case and to the extent necessary for attaining a given purpose of data processing in accordance herewith.
  • 4.4.4. accounting, legal and counselling services providers rendering for the Controller accounting, legal or counselling services (in particular an accounting agency, law firm or debt collection company) – the Controller makes the collected personal data of the Customer available to the selected provider operating to their order only in the case and to the extent necessary for attaining a given purpose of data processing in accordance herewith.
  • 4.4.5. providers of social plugins implemented in the Online Shop, of scripts and other similar tools enabling a person using the Online Shop to download content from the providers of the said plugins (i.e. logging in via social media profile) and for this purpose providing the providers with the personal data of the visitor, including also:
  • 4.4.5.1. Facebook Ireland Ltd. – the Controller uses Facebook social plugins in the Online Shop (e.g. “Like it” or “Share” button, logging in via Facebook profile) and therefore collects and discloses personal data of the Service Recipient using the Online Shop to Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy principles available here: https://www.facebook.com/about/privacy/ (this data may include information about activities in the Online Shop – including information about the device, the visited websites, purchases, displayed ads and how to use the services – regardless of whether the Service Recipient has a Facebook account and is logged in to Facebook).

§ 5. PROFILING IN THE ONLINE SHOP

• 5.1. The GDPR Regulation obligates the Controller to inform about the automated decision-making process, including profiling referred to in Article 22, par. 1 and 4 of the GDPR Regulation, and – at least in those cases – the vital information concerning the decision-making process as well as the meaning and foreseeable consequences of processing for the person being the data subject. Bearing in mind the above, the Controller specifies in this point of the privacy policy the information concerning the possible profiling.
• 5.2. The Controller may use profiling in the Online Shop for direct marketing purposes, yet the decisions made on its basis by the Controller do not concern the conclusion or rejection to conclude the Sales Contract, or the possibility to make use of Electronic Services in the Online Shop. The result of profiling in the Online Shop may be e.g. discount for a given person, sending a discount code, reminding about unfinished purchase process, sending Product offers, which may be related to the interests or preferences of the person, or offering better conditions as compared with the standard offer of the Online Shop. Regardless of profiling, the person makes decisions freely, whether they want to use the discount given, or better conditions and buy a Product in the Online Shop.
• 5.3. Profiling in the Online Shop consists in automatic analysis or forecast of the conduct of a given person on the website of the Online Shop, e.g. by adding a given Product to the cart, browsing the page of a given Product in the Online Shop, or the analysis of the history of purchase in the Online Shop. The condition for such profiling is for the Controller to have the personal data of the person, so that they can later send them e.g. a discount code.
• 5.4. The data subject shall have the right not to depend on the decision which is only based on automated processing, including profiling, and has some legal effects on the person or similarly affects them.

§ 6. THE RIGHTS OF THE DATA SUBJECT

• 6.1. The right to access, rectify, restrict, erase or transmit – the data subject shall have the right to demand the Controller to have access to their personal data, rectify, erase (“the right to be forgotten”) or restrict the processing and shall have the right to object to the processing and transmit their data. Detailed conditions of the above rights shall be indicated in Articles 1522 of the GDPR Regulation.
• 6.2. The right to withdraw the consent at any time – the person whose data are being processed by the Controller on the basis of the consent given (pursuant to Article 6, par. 1, point a) or Article 9, par. 2, point a) of the GDPR Regulation), they shall have the right to withdraw their consent at any time without any impact on the compatibility with the right to process made based on the consent prior to the withdrawal.
• 6.3. The right to lodge a complaint with a supervisory body – the person whose data are being processed by the Controller shall have the right to lodge a complaint with a supervisory body in a manner and mode specified in the provisions of the GDPR Regulation and the Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland shall be the President of the Office for Personal Data Protection.
• 6.4. The right to object – the data subject shall have the right, at any time, to lodge a complaint – for reasons related to their particular situation – as regards the processing of their personal data based on Article 6, par. 1, point e) (public interest or official authority) or f) (legitimate interest of the controller) in the case of profiling based on the provisions. The Controller in such a case must stop processing the personal data, unless they show the existence of legally significant and justified bases for the processing, overriding the interests, rights and freedoms of the data subject, or the bases for determining, pursuing or defending the claims.
• 6.5. The right to object as regards direct marketing – in the case the personal data are being processed for the needs of direct marketing, the data subject shall have the right, at any time, to lodge a complaint as regards the processing of their personal data for the needs of such marketing, including profiling, to the extent to which the processing is related to direct marketing.
• 6.6. The right to lodge a complaint to the supervisory body – if the owner of personal data or a third party decides that the method of processing personal data by the Administrator is not compliant with the provisions of the GDPR, he has the right to lodge a complaint with the Office for Personal Data Protection, based in Warsaw, at ul. Rates 2.
• 6.7. To perform the rights mentioned in this point of the privacy policy, one may contact the Controller by sending them an appropriate message in writing or via e-mail to the address of the Controller indicated at the beginning of the privacy policy or via contact form available on the Online Shop website.
• 6.8. Each person who leaves his data in order to make contact, receive an offer or analytical information / data, i.e. his carbon footprint, accepts receiving a reply to the e-mail address provided earlier, which does not contradict art. 172 of the Telecommunications Law.

§ 7. COOKIES IN THE ONLINE SHOP AND ANALYTICS

• 7.1. Cookies are small pieces of text files sent by the server and saved at the visitor’s of the Online Shop (e.g. on the hard disk of a computer, laptop, or smartphone’s memory card – depending on the type of device used by the Online Shop’s visitor). Detailed information on Cookies as well as the history of their origin can be found e.g. at: https://en.wikipedia.org/wiki/HTTP_cookie
• 7.2. Cookies, which can be sent via the Online Shop website, can be divided into various types, according to the following criteria:
  

  With regard to the provider:   own (created by the Controller’s Online Shop website) and belonging to other persons/third parties (other than the Controller)

  With regard to the period of their retention on the appliance of the Online Shop’s visitor: session cookies (stored till the moment of logging out or closing of the website or a browser) and persistent cookies (having some expiration period, defined by parameters of each file or until they are removed by hand)

  With regard to the purpose of their usage:   strictly necessary cookies (enabling proper functioning of the Online Shop website), functional/preferential cookies (enabling adjustment of the Online Shop website to the visitor’s preferences), analytical and performance cookies (collecting information on the use of the Online Shop website), targeting, advertising or social cookies (collecting information on the visitor of the Online Shop website in order to display advertisements, personalization and measuring the effectiveness of advertisements and for other marketing activities, including those performed on sites different from the Online Shop website, such as social medias and other websites belonging to the same advertising networks as the Online Shop).

• 7.3. The Controller may process information contained in Cookies during visiting of the Online Shop website for the following particular reasons:

  Purposes of using Cookies on the Controller’s Online Shop website	Identification of the Service Recipients as logged in to the Online Shop and showing them that they are actually logged in (strictly necessary Cookies)
  	Saving Products added to the cart to place an Order (strictly necessary Cookies)
  	Saving data from the filled-in forms, questionnaires or login data for the Online Shop (strictly necessary Cookies and/or functional/preferential Cookies)
  	Adjustment of the Online Shop website contents to individual preferences of the Service Recipient (e.g. colours, font size, layout) and optimisation of the use of the website (functional/preferential Cookies)
  	Keeping anonymous statistics presenting the visitor’s behaviours on the Online Shop website (analytical and performance Cookies)
  	Displaying and rendering the advertisements, limiting the number of ads display, ignoring ads which the Service Recipient wish not to see, measuring their effectiveness and also ads personalization, namely evaluating the conduct of visitors of the Online Shop through anonymous analysis of their activities (e.g. repeated visits on particular pages, key words etc.) to create their profile and provide them with adverts matching their interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd. (marketing, advertising and social Cookies)

• 7.4. Checking in the most popular internet browsers, which Cookie files (including the expiry period of Cookies and their provider) are being sent in a given moment by the Online Shop website can be done, as follows:

  In Chrome browser:  (1) in the address bar, click the ’locked’ icon on the left, (2) go to the benchmark „Cookie files”.	In Firefox browser: (1) in the address bar, click the ’shield’ icon on the left, (2) go to the benchmark „Allowed” or „Blocked”, (3) click the button „Tracking cookies between websites”, „Tracing elements of social networks or „Content with tracing elements”	In Internet Explorer browser: (1) Click „Tools” menu, (2) go to „Internet options” benchmark, (3) go to „General” benchmark, (4) then go to „Settings”, (5) click the button „Display files”
  In Opera browser: (1) in the address bar, click the ’locked’ icon on the left, (2) go to the benchmark „Cookie files”.	In Safari browser: (1) click menu „Preferences”, (2) go to „Privacy” benchmark, (3) click the button „Manage website data”	Independent of the browser used, you can apply tools available e.g. at: https://www.cookiemetrix.com/ lub:     https://www.cookie-checker.com/

• 7.5. As a standard, most internet browsers on the market accept saving Cookies by default. Every person has the possibility to specify the conditions of using Cookies in the browser settings. It means that one may, e.g. partially restrict (e.g. temporarily) or fully disable saving Cookies – in the latter case it may have an impact on some functionalities of the Online Shop (for instance it may prove impossible to go through the Order using the Order Form owing to failure to save the Products in the cart in the course of subsequent stages of Order placement).
• 7.6. The browser settings concerning Cookies are essential as regards the consent to use Cookies by our Online Shop – in accordance with the law, such consent may also be expressed in the browser settings. In view of lack of such consent, change the browser setting accordingly as regards Cookies. Detailed information concerning the change in Cookies settings and their individual removal in the most common browsers is available in the help section of the browser and the following websites (click the link): Chrome Firefox Internet Explorer Opera Safari Microsoft Edge
• 7.7. The Controller may use Google Analytics and Universal Analytics services in the Online Shop, which are provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The services help the Controller to analyse the frequency of visits in the Online Shop. The data collected are processed under the above services to generate statistics helpful while administering the Online Shop and analysing the frequency of visits in the Online Shop. The data are of collective nature. Using the above services in the Online Shop, the Controller collects such data as the sources and medium of acquiring visitors of the Online Shop and the manner of their conduct on the website of the Online Shop, information concerning their devices and browsers used to visit the website, IP and domain, geographical data and demographic data (age, sex) and interests.
• 7.8. It is possible to easily block sharing information with Google Analytics as regards the activity on the website of the Online Shop – install to that end an opt-out add-on made available by Google Ireland Ltd. available at: https://tools.google.com/dlpage/gaoptout?hl=pl.
• 7.9. Due to the use of advertising and analytical services in the Online Shop provided by Google Ireland Ltd., the Administrator indicates that detailed information on the rules of processing the data of visitors to the Online Shop (including information stored in Cookie files) by Google Ireland Ltd. is made available in the privacy policy of Google services available at: https://policies.google.com/technologies/partner-sites.
• 7.10. The Controller may use Facebook Pixel service, which is provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The service helps the Controller to measure an effectiveness of adverts and to find out what actions do users of the Online Shop undertake and to show them matching adverts. Detailed information about Facebook Pixel you can find at: https://www.facebook.com/business/help/742478679120153?helpref=page_content.
• 7.11. Managing Facebook Pixel is possible through ads’ settings on a Facebook user’s account: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

§ 8. FINAL PROVISIONS

• 8.1. The Online Shop may contain links to other websites. The Controller encourages that at the time of being transferred to other websites, become familiar with the privacy policy. This privacy policy shall apply only to the Online Shop of the Controller.