Privacy Policy

PRIVACY POLICY

§ 1 General provisions

The controller of personal data of users of the website located under the domain www.e-doggy.pl is MATHILDE SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office in Kołobrzeg, at ul. Witkowice 1, 78-100 Kołobrzeg, entered into the National Register of Entrepreneurs maintained by the District Court in Koszalin, 9th Commercial Division of the National Court Register under the KRS number: 0001182819, Tax Identification Number (NIP): 6711867819, National Business Registry Number (REGON): 542199358 (hereinafter referred to as the "Controller").

  1. Contact with the Administrator is possible:

  • to the e-mail address: contact@e-doggy.eu,

  • in writing, to the Administrator's address: ul. Witkowice 1, 78-100 Kołobrzeg.

  1. The purpose of the Policy is to define the actions taken in the scope of personal data collected via the Controller's website and related services and tools used by its users, as well as within the scope of activities related to concluding and implementing contracts in contacts outside the website.

  2. If necessary, the provisions of this Policy may be changed. Any changes will be communicated to users through the announcement of the new Policy text. In the case of database users who have consented to data processing via email or provided email data in the performance of contracts, they will also be notified of the change via email.

§ 2 Basis for processing, purposes and storage of personal data

  1. Users' personal data are processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act, the Personal Data Protection Act of 10 May 2018 and the Act on the provision of electronic services of 18 July 2002.

  2. In the event of personal data being processed on the basis of an e-mail or complaint sent by a user, such processing is based on Article 6(1)(b) of the General Data Protection Regulation, according to which data processing is necessary in order to take action at the request of the data subject.

  3. If the user obtains separate consent, his or her personal data may also be processed by the controller for marketing purposes, including for sending commercial information electronically to the e-mail address provided by the user (Article 6 paragraph 1 letter a of the General Data Protection Regulation).

  4. In the event of the conclusion and performance by the Controller of a sales contract or contracts for the provision of services, the other party is obliged to provide the data necessary to conclude the contract (which is a contractual requirement and, in the case of tax numbers, also a statutory requirement) and for this purpose the Controller processes personal data (Article 6 paragraph 1 letter b of the General Data Protection Regulation).

  5. In the case of conducting research and analyses in order to improve the performance of available services (e.g. tracking tools), Article 6(1)(f) of the General Data Protection Regulation is indicated as the basis for data processing.

  6. Additionally, the Administrator may collect the following data for the following purposes:

Purpose of data processing

Legal basis

processing and data storage period

Scope of processed data

Execution of the contract with the Client or taking action at the request of the data subject before concluding the above-mentioned contracts

Article 6(1)(b) of the GDPR (performance of a contract)

  • The data is stored for the period necessary to perform, terminate or otherwise expire the concluded contract.

  • name and surname;

  • e-mail address;

  • phone number;

  • address (street, house number, apartment number, postal code, city, country),

  • company name,

  • Tax Identification Number

Direct marketing

Article 6(1)(f) of the GDPR (legitimate interest of the controller)

The data is stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims against the data subject arising from the business activity conducted by the Controller.

  • The Controller may process data for direct marketing purposes only after obtaining the consent and in the absence of objection from the data subject.

  • e-mail address;

  • phone number;

Marketing

Article 6(1)(a) of the GDPR (consent)

The data is stored until the data subject withdraws consent to further processing of his or her data for this purpose.

  • name and surname;

  • e-mail address;

  • phone number;

  • address (street, house number, apartment number, postal code, city, country),

Customer expressing opinion

Article 6(1)(a) of the GDPR Regulation

The data is stored until the data subject withdraws consent to further processing of his or her data for this purpose.

  • name and surname;

  • e-mail address;

  • phone number;

Bookkeeping

Article 6 section 1 letter c) of the GDPR Regulation in connection with Article 86 § 1 of the Tax Ordinance Act, i.e. of 17 January 2017 (Journal of Laws of 2017, item 201) or Article 74 section 2 of the Accounting Act, i.e. of 30 January 2018 (Journal of Laws of 2018, item 395)

  • The data is stored for the period required by law requiring the Controller to store tax books (until the expiry of the limitation period for tax liabilities, unless tax laws provide otherwise) or accounting books (5 years, counted from the beginning of the year following the financial year to which the data relate).

  • name and surname;

  • e-mail address;

  • phone number;

  • address (street, house number, apartment number, postal code, city, country),

  • Tax Identification Number;

  • company name;

Determining, pursuing or defending claims that may be raised by the Administrator or that may be raised against the Administrator

Article 6(1)(f) of the GDPR Regulation

  • The data is stored for the duration of the legitimate interest pursued by the Controller, but no longer than the limitation period for claims against the data subject arising from the business activity conducted by the Controller.

  • name and surname;

  • e-mail address;

  • phone number;

  • address (street, house number, apartment number, postal code, city, country),

  • Tax Identification Number;

  • company name;

  1. Users’ personal data are stored no longer than necessary to achieve the purpose of processing, i.e. until the consent is withdrawn if the processing is based on such consent, until the limitation period for the claims of the Controller and the other party regarding the performance of concluded contracts expires (in the case of sales contracts/service contracts, 2 years, counting from the end of the year) and until the inquiry sent via e-mail is fulfilled or until the complaint is resolved.

  2. The Controller may use profiling for direct marketing purposes, but the decisions made based on it by the Controller do not concern the conclusion or refusal of a contract or the ability to use electronic services. Profiling may result in, for example, granting a discount, sending a discount code, reminding about unfinished purchases, sending a product suggestion that may suit the individual's interests or preferences, or offering better terms compared to the standard offer. Despite profiling, the individual freely decides whether to use the discount or better terms and make a purchase. Profiling involves the automatic analysis or forecasting of a given individual's behavior on the Controller's website, for example, by adding a specific product to the cart, browsing a specific product page, or analyzing previous activity history on the website. The condition for such profiling is that the Controller possesses the individual's personal data so that it can then send them, for example, a discount code.

  3. To the extent necessary for the proper functioning of the website and its functionality, the website may, when the User uses it, collect other information, including, but not limited to:

    1. IP address;

    2. device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising ["IDFA"] or Android Advertising Identifier ["AAID"]),

    3. type of platform,

    4. approximate geolocation data (based on your IP address or device settings);

    5. data about your web browser, including browser type and preferred language

  4. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity of violations of the rights and freedoms of natural persons, the Controller implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the Regulation and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Controller employs technical measures to prevent unauthorized access and modification of personal data transmitted electronically.

§ 3 Data Sharing

  1. The Administrator ensures that all personal data collected is used to fulfill obligations to users. This information will not be shared with third parties, except in the following circumstances:

    1. the persons concerned have given their prior express consent to such action, or

    2. if the obligation to provide such data results or will result from applicable legal provisions, e.g. to law enforcement authorities.

  2. Additionally, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:

    1. About service providers supplying the Controller with technical, IT and organizational solutions enabling the Controller to conduct business activities, including the website and electronic services provided via it (in particular computer software providers, marketing agencies, e-mail and hosting providers, providers of software for company management and providing technical support to the Controller and the product delivery operator) - the Controller makes the collected personal data of the Customer available to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

    2. About providers of accounting, legal and advisory services providing the Controller with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) - the Controller makes the collected personal data of the Client available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.

  3. The Controller may share anonymized data (i.e., data that does not identify specific Users) with external service providers to better understand the attractiveness of advertisements and services for users. In this respect, due to the location of the software providers, data may be transferred – while maintaining the principles of data protection – to third countries that provide standard contractual provisions approved by the European Commission regarding the processing of personal data or have appropriate authorizations to do so based on bilateral data processing agreements between the European Union and a given third country that is not a member of the European Economic Area. In the case of the Controller, these entities are:

    1. Google LLC. (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze website statistics, Google Tag Manager: used to manage scripts by easily adding code snippets to a website or application and tracking user actions on a website, Google Ads used to display sponsored links in Google search results and on websites cooperating with the Google AdSense program,

    2. Meta Platforms, Inc. (headquarters: 1601 Willow Road Menlo Park, CA 94025, USA) for the Facebook pixel used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build a targeted audience list for future ads.

  2. The Controller's website may use the functionality of Google Analytics, a web analytics service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the website. The information generated by the cookie about visitors' use of the website is generally transmitted to and stored by Google on servers in the United States. In accordance with current information technology standards, the IP addresses of users visiting the Controller's website are shortened. Only in exceptional cases is the full IP address transferred to a Google server in the United States and shortened there. On behalf of the Controller, Google will use this information to evaluate the website for its users, compile reports on website activity, and provide other services related to website activity and internet usage for website operators. Google will not associate the IP address transmitted through Google Analytics with any other data held by Google. More information on how Google Analytics collects and uses data can be found on Google's official website at: www.google.com/policies/privacy/partners . Furthermore, every User can prevent Google from collecting and processing data relating to his/her use of the website by downloading and installing the browser plug-in under the following link: http://tools.google.com/dlpage/gaoptout .

  3. When sharing data with third parties, the Controller makes every effort to do so only with entities certified under the (former) EU-US and Swiss-US Privacy Shield frameworks, which are available at www.privacyshield.gov . When handling information from the European Economic Area (EEA), such entities will do so in accordance with the "Accountability for Onward Transfer" principle of the Privacy Shield framework. Where appropriate, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of 16 July 2020 regarding the EU-US Privacy Shield and the guidelines of the European Data Protection Board, the Controller continues to assess the legal systems of the countries to which data are transferred and, where necessary, updates measures to ensure adequate levels of protection.

  4. The Administrator may, after obtaining the user's prior consent, expressed by selecting the appropriate icon during the ordering process, transfer the user's data (in particular, email address and order information) to an external portal to obtain the user's opinion on the order. This data will only be transferred after obtaining the user's consent and may be published by the Administrator, including on the portal.

§ 4 User Rights

The user whose personal data is processed has the right to:

    1. Access, rectification, restriction, erasure, or transfer – the data subject has the right to request from the Controller access to their personal data, rectification, erasure ("right to be forgotten"), or restriction of processing, and has the right to object to processing, as well as the right to transfer their data. Detailed conditions for exercising the above-mentioned rights are set out in Articles 15-21 of the GDPR.

    2. withdrawal of consent at any time – the person whose data is processed by the Controller on the basis of expressed consent (pursuant to Article 6 paragraph 1 letter a) or Article 9 paragraph 2 letter a) of the GDPR Regulation), has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

    3. File a complaint with a supervisory authority – the person whose data is processed by the Controller has the right to file a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office in Warsaw.

    4. Objection - the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of personal data concerning them based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling based on these provisions. In such a case, the controller is no longer permitted to process the personal data, unless they demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims.

    5. objection to direct marketing - if personal data are processed for the purposes of direct marketing (based on the legitimate interest of the Controller, not on the basis of the consent of the data subject), the data subject has the right to object at any time to the processing of their personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.

§ 5 Cookies

  1. Cookies are IT data, particularly text files, stored on end-user devices (typically on a computer's hard drive or mobile device) used by the user's browser to save specific settings and data for use with websites. These files allow the user's device to be recognized and the website to be displayed appropriately, ensuring comfortable use. Storing cookies enables the website and its offerings to be tailored to user preferences – the server recognizes the user and remembers preferences such as visits, clicks, and previous actions.

  2. Cookies contain, in particular, the domain name of the website from which they originate, their storage time on the end device and a unique number used to identify the browser from which the website is connected.

  3. Cookies are used for the following purposes:

    1. adapting the content of websites to user preferences and optimizing the use of websites,

    2. creating anonymous statistics that help determine how users use websites and enable the improvement of their structure and content,

    3. providing website users with advertising content tailored to their interests.

  4. Cookies are not used to identify the user and their identity is not determined on their basis.

  5. The basic division of cookies is their distinction into:

    1. Essential cookies are absolutely essential for the proper functioning of the website or the functionality you wish to use. Without them, we would not be able to provide many of the services we offer. Some of them also ensure the security of the services we provide electronically.

    2. Functional cookies are important for the operation of the website due to the fact that:

      • they serve to enhance the functionality of websites; without them the website will function properly, but will not be adapted to the user's preferences,

      • they are used to ensure a high level of functionality of websites; without them, the functionality of the website may be reduced, but their absence should not prevent you from using it completely,

      • they serve most of the functionalities of websites; blocking them will result in selected functions not working properly.

    1. Business cookies enable the business model underlying the website; blocking them will not result in the unavailability of all functionality, but may reduce the level of service provided due to the website owner's inability to generate revenue to subsidize its operation. Advertising cookies, for example, fall into this category.

    2. Cookies used to configure websites - they enable the setting of functions and services on websites.

    3. Cookies used to ensure the security and reliability of websites - they enable authenticity verification and optimization of website performance.

    4. Authentication cookies - these cookies allow us to be informed when a user is logged in, so that the website can display the appropriate information and features.

    5. Session state cookies enable the recording of information about how users use the website. These cookies may include the most frequently visited pages or any error messages displayed on certain pages. Session state cookies help improve services and enhance the browsing experience.

    6. Cookies that monitor the processes taking place on the website enable the efficient operation of the website and the functions available on it.

    7. Advertising cookies - enable the display of advertisements that are more relevant to users and more valuable to publishers and advertisers; cookies can also be used to personalize advertising and to display advertisements outside of websites.

    8. Cookies that access location - enable the adjustment of displayed information to the user's location.

    9. Cookies used for analysis, research, or audience auditing enable website owners to better understand their users' preferences and, through analysis, improve and develop their products and services. Typically, the website owner or research firm collects information anonymously and processes trend data without identifying individual users' personal data.

  1. Using cookies to tailor website content to user preferences generally does not involve collecting any information that identifies the user, although this information may sometimes constitute personal data, meaning data that allows for attributing certain behaviors to a specific user. Personal data collected using cookies may be collected solely to perform specific functions for the user. Such data is encrypted to prevent unauthorized access.

  2. Cookies used by this website are not harmful to the user or their end device. Therefore, for the website to function properly, it is recommended that they not be disabled in browsers. In many cases, web browsing software (web browser) allows the storage of information in the form of "cookies" and other similar technologies on the user's end device by default. Users can change their browser's use of "cookies" at any time. To do this, change their browser settings. The method for changing settings varies depending on the software (web browser) used. You will find appropriate instructions on the subpages, depending on the browser you are using.

  3. Cookies are also used to facilitate logging into a user's account, including through social media, and to enable navigation between subpages on websites without having to log in again on each subpage. Cookies are also used to secure websites, for example, to prevent unauthorized access.

  4. As part of cookie technology, the Administrator may use tracking pixels or clear GIF files to collect information about how users use its services and respond to marketing messages sent via email. A pixel is software code that allows an object, typically a pixel-sized image, to be embedded on a website, enabling the tracking of user behavior across websites where it is placed. After consent is granted, the browser automatically establishes a direct connection to the server storing the pixel. Therefore, the processing of data collected by the pixel is carried out in accordance with the data protection policy of the partner administering the aforementioned server.

  5. The Controller may use internet log files (which contain technical data such as your IP address) to monitor traffic on its services, troubleshoot technical issues, detect and prevent fraud, and enforce the User Agreement.

  6. The Administrator informs that the website does not respond to DNT (Do Not Track) signals, but users can disable certain forms of online tracking, including some analytics and personalized ads, by changing the cookie settings on their browser or using our cookie consent tools (where applicable).

  7. Detailed information on changing cookie settings and deleting them yourself in the most popular web browsers is available in the help section of your web browser and on the following websites (just click on the link):

  1. Detailed information about managing cookies on a mobile phone or other mobile device should be included in the user manual of the mobile device.