Privacy PolicyI. DEFINITIONS

Administrator – the organization listed in the Policy; Personal Data – any information about a natural person identified by one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP address, location data, online identifier, and information collected over the internet such as cookies and similar technology; Policy – this privacy policy; GDPR – Regulation (EU) 2016/679 of the European Parliament and Council (April 27, 2016) on the protection of individuals regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC; User – a natural person of legal age using the Website with full capacity to act and with the consent of their legal representative, a minor or a person lacking legal capacity;

II. PURPOSE OF DATA PROCESSING

The data, including Users' personal data, is collected and processed for the following purposes: using the Website; submitting and executing orders; conducting marketing activities, including contextual and behavior-based advertising; direct marketing, if the User has consented. All personal data of individuals using the Website (including IP address and information collected through cookies or similar technologies) are processed by the Administrator: providing electronic services on the Website (GDPR Article 6 (1) point b); managing orders placed on the Website, including for the purpose of transfer to the Seller (GDPR Article 6 (1) point b); handling complaints for the Seller (GDPR Article 6 (1) point b); for analytical and statistical purposes (GDPR Article 6 (1) point f); conducting contextual marketing (GDPR Article 6 (1) point f); for technical purposes (GDPR Article 6 (1) point f). The User's order on the Website involves processing of their personal data. Providing data marked as mandatory is necessary for the acceptance and processing of the order. By placing an order, the User makes their personal data available for the purpose of fulfilling the contract to the seller. Personal data processing: to fulfill the placed order (GDPR Article 6 (1) point b); to fulfill legal obligations of the Administrator and the Seller (GDPR Article 6 (1) point c); for analytical and statistical purposes (GDPR Article 6 (1) point f); for the purpose of asserting claims (GDPR Article 6 (1) point f); for conducting satisfaction surveys (GDPR Article 6 (1) point f). The Administrator processes Users' personal data for the purpose of conducting marketing activities, which may include: displaying marketing content to the User that is not tailored to their preferences (GDPR Article 6 (1) point f); sending notifications via email or SMS about offers or content, which in some cases may contain commercial information, within the limits of consent (GDPR Article 6 (1) point f).

III. COOKIES

Cookies are small text files installed on the User's device browsing the Website. Cookies collect information that facilitates the use of the website – for instance, remembering the User's visits and activities on the Website. The service provider primarily uses so-called service cookies to provide electronic services to the User and to improve the quality of these services. Therefore, the Administrator and other legal entities providing analytical and statistical services use cookies by storing information or accessing information already stored on the User's telecommunication terminal equipment (computer, phone, tablet, etc.). The cookies used for this purpose include: cookies containing data provided by the User (session ID) for the duration of the session (user input cookies); authentication cookies used for services requiring authentication during the session (authentication cookies); cookies used for security purposes, such as detecting fraud in authentication (user-centric security cookies); session cookies for multimedia players (e.g., flash player cookies), for the duration of the session (multimedia player session cookies); cookies used to monitor website traffic. The administrator also uses cookies for marketing purposes. For this, the Administrator stores or accesses information already stored on the User's telecommunication terminal equipment (computer, phone, tablet, etc.). Consent of the User is required for the marketing use of cookies and the personal data collected through them, especially in advertising third-party services and goods. This consent can be expressed through appropriate browser configuration and can be withdrawn at any time, especially by deleting cookie history and disabling cookies in the browser settings.

IV. DURATION OF DATA PROCESSING

Data processing occurs during the duration of service provision or order fulfillment, until the withdrawal of consent or effective objection to data processing in cases where the legal basis for data processing is the Data Controller's legitimate interest. The duration of data processing may be extended if necessary for the submission, assertion, or defense of legal claims, and thereafter only to the extent prescribed by law. After the expiration of the data processing period, the data is irreversibly deleted or anonymized.

V. USER RIGHTS

Right to information about personal data processing – on this basis, the person submitting such a request, the Data Controller provides information about the processing of personal data, including especially the purpose and legal basis of data processing, the scope of data of the processed individuals, the legal entities to whom personal data is disclosed, and the planned date of their removal. Right to obtain a copy of the data - based on this, the Data Controller provides a copy of the processed data concerning the person submitting the request. Right to rectification - based on this, the Data Controller removes any inconsistencies or errors in the processed personal data, and in case of incomplete or altered deficiencies, supplements or updates them. Right to erasure of data – on this basis, one may request the deletion of data whose processing is no longer necessary for the purpose for which they were collected. Right to restriction of data processing - based on this, the Data Controller stops performing operations related to personal data, except for those operations to which the person concerned has consented, and their storage in accordance with the accepted retention rules, or until the reason for the restriction of data processing persists (e.g., a decision of the supervisory authority is issued allowing further processing of the data). Right to data portability - based on this, in connection with data processing related to the concluded contract or consent, the Data Controller provides the data specified by the person concerned in a format that allows for computer reading. There is also the possibility to request the transfer of these data to another organization - provided, however, that both the Administrator and the other entity have technical possibilities in this regard. Right to object to data processing for marketing purposes – the person concerned may object at any time to the processing of their personal data for marketing purposes. Right to object to data processing for satisfaction survey purposes - the person concerned may object at any time to the processing of their personal data for the purposes of a satisfaction survey. Right to object to other purposes of data processing - the person concerned may object at any time to the processing of their personal data based on the legitimate interest of the Data Controller (e.g., for analytical or statistical purposes or for asset protection). Such an objection must be justified and is evaluated by the Administrator. Right to withdraw consent - if data processing is based on consent, the person concerned is entitled to withdraw it at any time, which, however, does not affect the lawfulness of data processing carried out before the withdrawal of consent. Right to lodge a complaint - if it is determined that the processing of personal data violates the provisions of the GDPR or other provisions concerning the protection of personal data, the person concerned may lodge a complaint with the competent national authority. The request to exercise the rights should be submitted to the address indicated in the Administrator's Policy.

VI. DATA PROCESSING AND SECURITY

For the purposes described above, personal data may be transferred to external legal entities, including particularly suppliers to organizations such as banks and payment service providers, accounting, legal, shipping, marketing service providers, and organizations related to the Administrator. In the case of an order, the User's data is made available to the Seller for the purpose of concluding and fulfilling the sales contract. Users' personal data is not transferred outside the EEA. The Data Controller continuously conducts risk analysis to ensure that personal data is processed securely - primarily ensuring that only authorized persons have access to the data, and only to the extent necessary for the secure handling of personal data. tasks are performed. The administrator ensures that all operations related to personal data are recorded and performed only by authorized employees and associates. The Data Controller takes all necessary steps to ensure that its subcontractors and other cooperating parties always guarantee the application of appropriate security measures when processing personal data at the request of the Data Controller.

VII. FINAL PROVISIONS

The Administrator reserves the right to change this Policy. Taking into account the generally applicable legal provisions, the law of the Administrator's seat is applicable to this Policy.