Privacy Policy

§ 1 GENERAL INFORMATION

1. The Online Store's privacy policy does not constitute a source of obligations for Visitors (including Guests) or Customers of the Online Store. It is for informational purposes only and does not constitute a contract or terms and conditions.
   
   
2. All expressions and words written in capital letters (e.g. Online Store, Customer, etc.) should be understood in accordance with the provisions of the Online Store Regulations.
   
   
3. In the event of any discrepancies between this Privacy Policy and the consents to the processing of personal data granted by a natural person, the legal basis for determining the scope of the Controller's activities shall be the voluntarily expressed consents or legal provisions that are applicable to a given factual situation.

§ 2 PERSONAL DATA CONTROLLER

1. The administrator of your personal data is YZEE Sp. z o. o. based in Krakow at ul. Piłsudskiego 28/6, 31-111 Kraków, KRS: 0000806297, NIP: 6762571856, REGON: 38448280800000 (hereinafter referred to as the Administrator).
   
   
2. In all matters related to the protection of personal data, please contact us at the above address or via e-mail: sklep@ansin.pl .
   
   
3. You can also send a request to the address provided to provide information about what personal data we have about you and for what purposes we process it.
   
   
4. The Administrator informs that correspondence is stored for statistical purposes and to improve the GDPR support system, as well as for complaint resolutions and any administrative intervention decisions made based on reports in the indicated Customer Account. Addresses and data collected in this way will not be used for communication purposes other than fulfilling the request. In particular, they will not be used for marketing purposes or transferred to third parties.
   
   
5. When contacting the Controller to perform specific actions (e.g., filing a complaint, making a return), the Controller may request further data from the individual, including personal data such as name, surname, address, and email address, to confirm their identity and enable return contact regarding the matter and the requested action. Providing this data is not mandatory, but may be necessary to perform the action or obtain information of interest to the individual.
   
   
6. If you have additionally consented to our use of cookies, our trusted partners may also be the controllers of data obtained based on your online activity.

§ 3 DATA COLLECTION AND PURPOSE OF PROCESSING

1. We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR) and other data protection laws currently in force at the time of processing specific data.
   
   
2. According to the aforementioned legal acts, personal data is defined as information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
   
   
3. We ensure that the data we collect from you is confidential, secure, and processed only when necessary. We process data lawfully, fairly, and transparently for the data subject. We only process data and only the content necessary for the legitimate purpose, i.e., the reason for processing. Personal data is collected with due diligence and adequately protected against unauthorized access. We employ appropriate security measures and state-of-the-art technology to protect personal data against accidental loss and unauthorized access, use, alteration, or disclosure. We store personal data in a manner that permits the identification of the data subject for no longer than is necessary for the purposes for which the data is processed.
   
   

4. The Administrator obtains information about personal data in the following manner:

   1. by making a purchase in the Store (online store) by the Customer;
      
      
   2. by registering a Customer Account;
      
      
   3. through voluntary subscription to the newsletter service or SMS messages;
      
      
   4. through information voluntarily entered in an e-mail message;
      
      
   5. by sending a complaint, request, inquiry or letter of another nature;
      
      
   6. through information entered voluntarily in an e-mail sent in connection with the desire to establish cooperation;
      
      
   7. by posting a review of the product;
      
      
   8. via cookies, pixels or similar internet technologies.
      
      
5. We hereby inform you that the purpose and scope of data processed by the Controller results from the consent of the Website Visitor or the Customer or legal provisions and, in selected cases, is further specified as a result of actions taken by these persons in the Online Store or through other communication channels.
   
   
6. The provision of personal data by a Visitor or Customer of the Online Store is voluntary, but necessary in order to use certain functionalities of the Online Store (e.g. placing an Order by the Customer and settling it, registering a Customer Account or using contact forms).
   
   
7. The scope of data required to conclude a specific contract is always indicated in advance in the Online Store (we indicate the data required to conclude a contract/use a specific functionality), through other communication channels with the Visitor or Customer, or in the Terms and Conditions. Failure to provide personal data may result in the inability to effectively use the Website's functionality, for example, the inability to place an order.
   
   
8. Your personal data is obtained by the Administrator for the following purposes:
   
   
   

   Purpose of processing	Legal basis	Legitimate purpose, if any
   Keeping statistics.	Article 6(1)(f) of the GDPR.	Having information about the statistics of our activities, which allows us to improve our business activities.
   Conducting marketing activities for your own products and services without the use of electronic means of communication.	Article 6(1)(f) of the GDPR.	Conducting marketing activities to promote the business.
   Conducting marketing activities for own products and services using electronic means of communication, including profiling.	Article 6 paragraph 1 letter f of the GDPR, however, due to other applicable provisions, in particular the Telecommunications Law and the Act on the provision of services by electronic means, these activities are carried out only on the basis of consents (Article 6 paragraph 1 letter a of the GDPR).	Conducting marketing activities to promote your business using email addresses. Presenting advertisements, customizing discounts and promotions.
   Posting an opinion in the Online Store.	Article 6(1)(a) of the GDPR.	Product satisfaction survey.
   Handling requests submitted via the contact form, e-mail, complaints, and other requests.	art. 6 section 1 letter a GDPR; art. 6 section 1 letter c GDPR.	Responding to requests and inquiries submitted via the contact form or otherwise, including storing sensitive requests and responses to ensure accountability. Handling requests and responding to consumer complaints. Pursuing claims, including those from third parties, and defending against them.
   Customer Account Service.	Article 6(1)(a) of the GDPR.	Conclusion and implementation of the Service Provision Agreement (Account) or taking action at the request of a future Client before its conclusion.
   Conclusion and implementation of the Sales Agreement.	Article 6(1)(b) of the GDPR.	Conclusion and implementation of the Sales Agreement or taking action at the request of a future Customer before its conclusion.
   Archiving of sales documents.	Article 6(1)(c) of the GDPR.	Fulfillment of legal obligations arising from regulations, e.g. tax and accounting, especially in the case of paid contracts.

9. Newsletter. If you would like to subscribe to our newsletter, you must provide us with your email address via the newsletter subscription form. Providing your data is voluntary, but necessary to use the newsletter service. You can also subscribe to the newsletter when creating a Customer Account or placing an Order.
   The data you provide to us when signing up for the newsletter is used to send you a newsletter informing you about company activities, current collections, promotions, and discounts. The legal basis for processing in this situation is your voluntary consent expressed when signing up for the newsletter.
   In this case, your data is processed for the purpose of periodically sending the newsletter, and the basis for processing is Article 6(1)(a) of the GDPR, i.e., your consent resulting from the desire to receive the service. Your data will be processed for the duration of the newsletter, unless you unsubscribe earlier, in which case your data will be permanently deleted from the database. Furthermore, you can rectify your data stored in the newsletter database at any time, as well as request its deletion by unsubscribing from the newsletter. You also have the right to data portability, as set out in Article 20 of the GDPR.
   The newsletter database is appropriately secured by the Administrator. The newsletter database is managed by a third party. Emails sent contain links to hidden images (so-called tracking pixels). In addition to its primary function of counting email opens, it can also be used to identify the customer and conduct marketing activities.
   
   
10. Email contact. When you contact us via email, you provide us with your email address as the sender's address. You may also include other personal information in your message. Providing this information is voluntary, but necessary to contact us.
    In this case, your data is processed for the purpose of contacting you, and the basis for processing is Article 6(1)(a) of the GDPR, i.e., your consent resulting from your wish to contact us. The legal basis for processing after contact is the legitimate purpose of archiving correspondence for internal purposes (Article 6(1)(c) of the GDPR).
    The content of your correspondence may be archived, and we cannot clearly determine when it will be deleted, but this will be no longer than 5 years. You have the right to request a history of your correspondence with us (if it was archived), as well as to request its deletion, unless its archiving is justified by our overriding interests.
    
    
11. Text messages. If you wish to subscribe to the SMS service, you must provide your mobile phone number via the subscription form on our website or via the appropriate checkbox when placing your order. Providing this data is voluntary, but necessary to use the SMS service.
    
    The data provided when signing up for the SMS service is used solely to send you commercial and marketing information related to the products and services offered by us and our partners, including information about current offers, promotions, discounts, and marketing campaigns. The legal basis for data processing is your voluntary consent, in accordance with Article 6(1)(a) of the GDPR, expressed when signing up for the SMS service.
    
    Your data will be processed for the purpose of sending SMS messages for the duration of this service or until you withdraw your consent to receive it, which will result in the permanent deletion of your data from the SMS database. At any time, you have the right to rectify your data stored in the SMS database, request its deletion, or opt out of the service by sending a request to discontinue sending SMS messages to the contact details provided in the terms and conditions or via the website: https://ansin.pl/pages/rezygnacja-sms
    
    The Administrator ensures that the SMS service database is properly secured and processed in accordance with applicable regulations. As part of this service, external entities may be used to support the sending of SMS messages.
    
    
12. Customer Account. By creating a Customer Account on our Website, you provide us with your email address, first and last name, and phone number. This is voluntary, but necessary for successful Customer Account registration. You can then provide your address details in the Customer Panel.
    In this case, your data is processed for the purpose of maintaining the Customer Account, and the basis for processing is Article 6(1)(a) of the GDPR, i.e., your consent resulting from your desire to create one. The data will be processed for the duration of your Customer Account, unless you request its deletion beforehand, in which case your data will be deleted from the database. You can correct your data assigned to the Customer Account at any time, as well as request its deletion. You also have the right to data portability, as set out in Article 20 of the GDPR.
    When creating a Customer Account, you may – but are not required to – consent to subscribing to the newsletter service.

§ 4 CATEGORIES OF PERSONAL DATA

1. The personal data controller may process the following categories of personal data:
   
   
   1. personal data provided in the form when registering a Customer Account, placing Orders in the Online Store, in particular: e-mail address, first name and last name, telephone number;
      
      
   2. personal data completed by the user when using the Customer Account, in particular: first name and last name; e-mail address; residential address [street, house number, apartment number, postal code, town, country], and in the case of Customers who are not consumers, additionally the company name and tax identification number [NIP];
      
      
   3. personal data required to place an order, in particular: name and surname; e-mail address; contact telephone number; residential address [street, house number, apartment number, postal code, town, country], and in the case of Customers who are not consumers, additionally the company name and tax identification number [NIP];
      
      
   4. personal data provided for the purpose of using the newsletter, provided when posting opinions and sent via e-mail; or provided when submitting complaints, claims or requests, in particular: first name and last name; e-mail address; contact telephone number; address [street, house number, apartment number, postal code, town, country], bank account number;
      
      
   5. personal data provided for the purpose of participating in competitions/promotional campaigns: name and surname; e-mail address; contact telephone number; residential address [street, house number, apartment number, postal code, city, country];
      
      
   6. other data, in particular obtained based on the Customer's activity on the Internet, including data obtained via the Online Store or other channels of communication with the Customer, using cookies and similar technologies.
      
      

§ 5 RECIPIENTS OF PERSONAL DATA

1. Your personal data may be processed by our partners and subcontractors, i.e., entities whose services we use to process data and provide services to you. To our knowledge, all entities entrusted with the processing of personal data guarantee the use of appropriate personal data protection and security measures required by law.
   
   
2. The Administrator may transfer your personal data to:
   
   
   1. state authorities or other entities authorized under the law, in order to perform our obligations;
      
      
   2. The Controller's partners may participate in the processing of personal data to a limited extent, in particular those who technically help us efficiently run the Online Store (e.g. support us in sending e-mails and, in the case of advertising activities, also in marketing campaigns), providers of hosting or ICT services, carriers or intermediaries carrying out the shipment of Orders, entities handling electronic payments or card payments in the Online Store, companies that service software, support the Controller in marketing campaigns, as well as providers of legal and advisory services and external accounting;
      
      
   3. In addition, we may share fully anonymized data (that cannot identify you) with entities with which we cooperate.
      
      
3. As part of its marketing (advertising) activities, the Administrator utilizes the services of third parties that use cookies, pixels, or marketing functions similar to cookies in the Online Store. A detailed list of these entities is provided in § 8 of this Policy.
   
   
4. Our providers are primarily based in Poland or other European Economic Area (EEA) countries, and, for example, in the case of Google Analytics, also outside the EEA. In accordance with the CJEU Schrems II ruling (C-311/18), we have enabled the anonymization of your IP addresses – we do not transfer this data to the USA. The remaining data transferred to Google does not constitute personal data, meaning it cannot be used to identify a specific individual.

§ 6 ARCHIVING PERSONAL DATA

1. The Controller will retain your personal data only for as long as necessary for the purposes set out in this Privacy Policy and/or to comply with legal and regulatory requirements. After this period, the Controller will securely delete your personal data.
   
   
2. We store data for the periods indicated below:
   
   

   Data related to the sales procedure.	8 years
   Data for marketing purposes.	In the case of data processing based on consent – ​​until its withdrawal. In the case of data processing based on a legitimate purpose – until an objection is raised.
   Data transmitted via the contact form or e-mail.	For a period of 3 years in order to maintain the principle of accountability.
   Data contained in opinions.	In the case of data processing based on consent – ​​until its withdrawal. In the case of data processing based on a legitimate purpose – until an objection is raised.
   Personal data associated with cookies and similar features.	Until these files are deleted using the website/browser/device settings (however, deleting files does not always mean deleting Personal Data obtained through these files – in such case, personal data will be deleted until an objection is raised).
   Data transferred during the complaint procedure and other procedures related to the Customer's claims.	6 years.
   Other categories of data (except for data from cookies, more about which in our Cookies Policy).	5 years.

   
   
   
3. In each case, personal data will also be stored when legal provisions (e.g., accounting or tax regulations) oblige the Controller to process them; we will store personal data longer in the event that the Customer has any claims against the Controller, for the Controller to pursue claims, or for the purpose of pursuing or defending against third-party claims, for the limitation period specified by law, in particular the Civil Code.
   
   
4. Depending on the scope of personal data and the purposes for which it is processed, it may be stored for varying periods. In each case, the longer period will apply.

§ 7 RIGHTS, ACCESS AND UPDATING PERSONAL DATA, COMPLAINTS

Pursuant to Article 15 of the GDPR, you have the right to obtain information from the Personal Data Controller as to whether your personal data is being processed.

If the Administrator processes your personal data, you have the right to:

1. access to personal data;
   
   
2. obtain information on the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of this data, the planned period of storage of your data or the criteria for determining this period, your rights under the GDPR and the right to lodge a complaint with a supervisory authority, the source of these data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of these data outside the European Union;
   
   
3. obtain a copy of your personal data. Furthermore, you may request the correction of your personal data (Article 16 GDPR), the erasure of your personal data (Article 17 GDPR), object to the processing of your personal data (Article 21 GDPR) and, where technically feasible, request the transfer of your personal data to another organization (Article 20 GDPR).
   
   

In connection with the right to be forgotten, the Controller will update or delete your data, unless it has a legal obligation to retain it for business purposes or to comply with the law. In certain cases, you have the right to request the restriction of the processing of your personal data (Article 18 of the GDPR). You can also contact the Controller if you have any concerns about the way your personal data is collected, stored, or used.

The Administrator endeavors to promptly process all requests regarding the above-mentioned operations on your personal data, but no later than 30 days from receipt of the request. Due to the complex nature of the request, the Administrator has the right to process your request beyond 30 days, of which the User will be informed in advance.

The Administrator strives to resolve complaints definitively, but if you remain dissatisfied with the response, you may submit a complaint to your local data protection supervisory authority. In Poland, the supervisory authority under the GDPR is the President of the Personal Data Protection Office.

§ 8 AUTOMATED PROCESSING OF PERSONAL DATA, COOKIE POLICY

1. Our website, like almost all other websites, uses cookies. This cookie policy applies to both Online Store Customers and Online Store Visitors, i.e., users who browse the Store but do not make purchases.
   
   
2. The Cookie Policy is a document that forms an integral part of this Privacy Policy. The Cookie Policy can be found here.

§ 9 CHANGES TO THE PRIVACY POLICY

1. These Privacy Policy 2.0 principles are effective from March 1, 2023.
   
   
2. The Administrator declares that he has the right to make changes to this document for important reasons, including:
   
   
   1. changes in applicable regulations, in particular in the field of GDPR, telecommunications law, services provided electronically and regulating consumer rights, affecting the rights and obligations of the Controller or the rights and obligations of the data subject;
      
      
   2. development of electronic functionalities or services caused by the progress of Internet technology, including the implementation of new IT, technological or technical solutions on the Website, affecting the scope of this Privacy Policy.
      
      
3. The Administrator undertakes to inform Users about any changes in sufficient time to allow them to become familiar with the content of the amended document, e.g. by posting the consolidated text of the Privacy Policy on the main page of the Website.
   
   
4. For users who use the newsletter feature, if the Administrator makes any significant changes to the Privacy Policy, they will notify Users via email. If they have any objections to the Policy changes, the User has the right to discontinue using the newsletter by submitting a request to unsubscribe from the newsletter or by requesting the deletion of their personal data.