I. GENERAL PROVISIONS

  1. The administrator of personal data is TREC NUTRITION Spółka z o.o. st. Śmidowicza 48, Gdynia, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court Gdańsk-Północ in Gdańsk, 8th Commercial Division of the National Court Register under KRS number 0000315748, NIP: 9581602454, REGON: 220696468, e-mail address: [email protected], contact phone number : +48 58 622 59 62 (on Business Days from 08:00 to 16:00; charge as for a standard connection - according to the price list of the relevant operator) - hereinafter referred to as the "Administrator" and being at the same time the Online Store Service Provider and the Seller. The Administrator has appointed the Personal Data Protection Inspector, in all matters related to the protection of personal data, you can contact us at the email address: [email protected] or at the address of the Administrator's registered office.

  2. The personal data of the Service Recipient (Client) are processed in accordance with the Personal Data Protection Act of May 10, 2018 (Journal of Laws of 2018, item 1000), in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (hereinafter referred to as the "Regulation") and the Act on the provision of electronic services of July 18, 2002 (Journal of Laws No. 144, item 1204, as amended).

  3. The administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected by him are processed in accordance with the law; collected for specified, lawful purposes and not subjected to further processing inconsistent with these purposes; factually correct and adequate in relation to the purposes for which they are processed and stored in a form that allows the identification of the persons they concern, no longer than it is necessary to achieve the purpose of processing.

  4. All words, expressions and acronyms appearing on this website and starting with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definition contained in the Regulations of the Online Store available at: terms-and-conditions

  5. Upon setting up an Account and/or placing an Order, the Service Recipient (Customer) consents to the processing by the Service Provider/Seller of the personal data provided by the Service Recipient/Customer listed in this Privacy Policy.

  6. Regarding their personal data, the Service Recipient (Client) may contact the Administrator at the telephone number (32) 308 00 02 or via e-mail at [email protected]

II. BASIS, PURPOSE, SCOPE AND PERIOD OF COLLECTING AND PROCESSING DATA, SHARING DATA TO THIRD PARTIES

  1. The personal data of the Service Recipient (Customer) will be processed only for the purposes necessary for the purposes set out below, providing this data is voluntary, but necessary for the implementation of the contract concluded with the Service Provider (Seller).

  2. The purpose of collecting personal data by the Administrator is:

    - establishing, shaping the content, changing, performing or terminating the contractual relationship between the Service Provider (Seller) and the Service Recipient (Client) consisting in the provision of Electronic Services via the Online Store or the conclusion and performance of the Product Sales Agreement and their delivery to the Customer (Article 6(1)(f) b) Regulations)

    - consideration of complaints and claims related to the concluded contract (Article 6(1)(c) of the Regulation);

    - pursuing claims related to the concluded contract (Article 6(1)(f) of the Regulation);

    - archiving documentation, i.e. contracts and billing documents (Article 6(1)(c) of the Regulation),

    - implementation of obligations imposed on the Service Provider (Seller) under the law, in particular tax law (Article 6(1)(c) of the Regulation);

    - conducting marketing activities and sending commercial information by electronic means (newsletter) (Article 6(1)(a) of the Regulation);

    - conducting administrative activities by the Service Provider (Seller), including analysis, statistics, internal reporting (Article 6(1)(a) and (f) of the Regulation);

    - transfer of personal data of the Service Recipient (Client) to ING Bank Śląski S.A. ("Bank") in connection with:

    provision by the Bank to the Online Store of the service of providing access to infrastructure for handling payments via the Internet (legal basis: Article 6(1)(f) of the Regulation).

    handling and settling by the Bank of payments made by customers of the Online Store via the Internet using payment instruments (legal basis: Article 6(1)(f) of the Regulation).

    in order for the Bank to verify the proper performance of contracts concluded with the Online Store, in particular to ensure the protection of payers' interests in connection with their complaints (legal basis: Article 6(1)(f) of the Regulation).

    - transfer of personal data of the Service Recipient (Client) to Twisto Polska sp. z o.o. in connection with the possibility of proposing payment for the purchased goods or services by Twisto Polska sp. z o.o. under the contract of mandate covering the purchase formula "Buy with Twisto" and making this purchase formula available through the Online Store, as well as for the purpose of verification by Twisto Polska Sp. z o. o. proper performance of such mandate contracts (legal basis: Article 6(1)(f) of the Regulation).

  3. The Service Provider (Seller) as the Administrator of the personal data of the Service Recipient (Client) informs that the data processed for the purposes indicated in point 2 above may be made available to other entities, i.e.:

    - entities with which the Service Provider (Seller) has concluded agreements entrusting the processing of personal data, i.e. entities providing services such as: IT, accounting, banking, legal, administrative, postal, courier, to the extent and no longer than it is necessary to perform e.g. handling the purchase, delivery, payment, pursuing claims related to the concluded contract, accounting;

    - employees or associates of the Service Provider/Seller as well as entities providing support to the Service Provider/Seller on the basis of outsourced services and in accordance with concluded data processing entrustment agreements;

    - state authorities or other entities authorized under the law, in order to perform the obligations incumbent on the Service Provider / Seller (Tax Office, Social Insurance Institution, National Labor Inspectorate).

  4. The Administrator processes the following personal data of Service Recipients (Clients): name and surname; e-mail address; contact phone number; address (street, house number, apartment number, postal code, city, country) and delivery address and to the sales document, if different from the above. In the case of Customers who are also entrepreneurs, the Administrator additionally processes the company name and NIP.

  5. Providing personal data referred to in point 2.3. is necessary for the Service Provider to provide Electronic Services as part of the Online Store or to conclude a Sales Agreement. Each time, the scope of the required data is indicated before the commencement of the provision of a specific Electronic Service or the conclusion of the Sales Agreement.

  6. If the Customer provides personal data in order to conclude an agreement with the Online Store, providing personal data by the Customer is a condition for concluding this Agreement. Providing personal data in this situation is voluntary, but the consequence of not providing this data will be the inability to conclude a contract with the Online Store.

    If the Customer provides personal data in order to transfer your personal data to Twisto Polska sp. z o.o. before concluding a contract for the sale of goods (or services) purchased in the Online Store, the provision of this data is a condition for concluding a sales contract in connection with the business model adopted by the Online Store.

    In the case of transferring the Customer's personal data to the Bank in connection with the handling and settlement of payments made by the Customer to the Online Store via the Internet using payment instruments, providing the data is required in order to make the payment and provide confirmation of its execution by the Bank to the Online Store.

    In the case of transferring the Customer's personal data to the Bank in order for the Bank to verify the proper performance of contracts concluded with the Online Store, in particular to ensure the protection of payers' interests in connection with their complaints, providing this data is required to enable the performance of the contract concluded between the Online Store and the Bank.

    In the case of transferring the Customer's personal data to Twisto Polska sp. z o.o. in connection with the possibility of offering the Customer to pay the price for the goods or services purchased by the Customer by Twisto Polska sp. z o.o. under the contract of mandate covering the purchase formula "Buy with Twisto" and making this formula available by the Online Store, providing this data and processing it for this purpose is required in connection with the business model adopted by the Online Store and in order to perform the contract concluded between the Online Store and Twisto Polska Sp. z o. o.

  7. he Administrator automatically collects data contained in Cookies when using the Online Store website. These are text files saved on the Customer's computer when using the Online Store (they enable, among others, remembering the contents of the basket). The Cookies mechanism is not used to obtain any information about the Service Recipients of the Online Store. It is possible to prevent the collection of data contained in Cookies by using the appropriate functions of the web browser (in this regard, we refer to the help file of a given browser or we recommend contacting its producer).

  8. The Administrator may process the following data characterizing the way the Customer uses the Electronic Services (operational data):

    - Markings identifying the end of the telecommunications network or the ICT system used by the Service Recipient.

    - Information about the start, end and scope of each use by the Customer of the Electronic Service.

    - Information about the use of Electronic Services by the Customer.

  9. Personal data of the Service Recipient (Client) will not be processed in an automated manner, including in the form of profiling.


Transferring data to Trusted Partners

Based on your voluntary consent, for the processing (and in some cases based on the legitimate interest of the administrator) by Trusted Partners of the Administrator, your personal data, stored in cookies on your devices and its cache (including data made available in the browsing history and data collected during your activity on the services) and location data generated by your device - for marketing purposes (including automated analysis of your activity on websites, cookies, etc.) on your devices and reading such tags, the above-mentioned the data may be made available to the Administrator's Trusted Partners. The above paragraph concerns the processing of your personal data for marketing purposes of Trusted Partners. Trusted Partners are e-commerce companies and advertisers as well as media houses and similar organizations acting on their behalf with whom the Administrator cooperates. The list of trusted Partners can be found below.


Data transfer outside the EEA

Our partners are based mainly in the countries of the European Economic Area (EEA) or in Switzerland, recognized as a country that meets an adequate level of personal data protection. Some of our Trusted Partners, e.g. Google or Facebook, are based outside the EEA, therefore we transfer personal data outside the EEA only when necessary, ensuring an appropriate level of protection, primarily through:

- cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the determination of an adequate level of protection of Personal Data;

- the use of standard contractual clauses issued by the European Commission;

- application of binding corporate rules approved by the competent supervisory authority.


Trusted Partners:

- Oktawave

- FreshMail Sp. z o.o.

- Google

- Cloudflare

- Facebook

- Criteo

- HotJar

- Disqus

- TVN

- Wirtualna Polska

- Quarticon

- Tribe 47 sp. z o.o.

- Benhauer Sp. z o.o.

- HF Media Sp. z o.o. 

- AleRabat.com Spółka z o.o.

- TradeDoubler Sp. z o.o.

- Samito S.A.

- Trusted Shops AG

If you want information or want to exercise your rights, please contact the relevant operator directly. This is because only the relevant operators have access to your personal data and can provide you with the relevant information and take further action if necessary. If you need assistance in exercising your rights, you can contact us at any time.

A description of data processing by the relevant operator, as well as the requirements for objections (opt-out) can be found in the information provided by the relevant operator. Below is information on some of them:

Service Provider: Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Irlandia
Privacy policy: https://www.facebook.com/about/privacy/
Website data: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-out: https://www.facebook.com/settings?tab=ads

Service Provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, Stany Zjednoczone
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Service Provider: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, Stany Zjednoczone
Polityka prywatności:  https://policies.google.com/privacy?hl=de

Usługodawca: (Instagram) Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Irlandia.
Privacy policy: https://help.instagram.com/519522125107875


Social Media:

The administrator has public profiles on social networks Facebook, Youtube, Instagram and LinkedIn. Therefore, it processes data left by visitors to these profiles (e.g. comments, likes, online identifiers). Personal data of such persons are processed in order to enable them to be active on their profiles, to effectively run profiles, by presenting portal users with information about initiatives and other activities, in connection with the promotion of various types of events, services and products, for statistical and analytical purposes and in for the purpose of pursuing claims and defending against claims. The legal basis for the processing of personal data in social media is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in promoting its own brand and improving the quality of services provided, in effective information and presentation of results and direct communication in connection with our online offer, and if necessary - on pursuing claims and defending against claims.

We use links to social networks on our websites, which prevents our users' personal data from being transferred to social networks without their knowledge when they visit our websites. The links are intended to establish a connection with our online presence in the respective social network only upon request - that is, only after the user clicks on the link. When you click on the link IP address, general information from the user's browser header is sent to the respective social network. The respective social network may collect further personal data as soon as you use its offers. For example, if you are logged into your account, Facebook can associate your visit with your account. Please note that we do not know the content of the personal data provided in the further course of the process or their use by social networks.

III. PERIOD OF STORAGE, THE RIGHT OF CONTROL, ACCESS TO THE CONTENT OF YOUR DATA, THEIR CORRECTION

  1. The Service Provider (Seller) as the Administrator of the personal data of the Service Recipient (Client) informs that personal data will be stored for the period necessary to achieve the goals indicated in point II. 2. above, where:

    - data contained in forms and contracts - until the statute of limitations for claims under contracts;

    - settlement documents - until the expiry of the statute of limitations for tax liabilities, unless the relevant provisions provide otherwise;

    - documents related to claims and complaints - until the expiry of the limitation period for related claims;

    - in order to carry out the activities indicated in point II 2.6) above, the data will be processed until the Service Recipient (Client) withdraws the previously expressed consent;

    - in order to carry out the activities indicated in point II 2.7) above, the data will be processed until the legally justified interests of the Service Provider / Seller are fulfilled or until the Service Recipient (Client) objects to data processing;

  2. The Service Provider/Seller as the Administrator of personal data informs that the Service Recipient/Client has the following rights to:

    - access to the content of your data and rectification pursuant to art. 15 and 16 of the Regulation;

    - deletion, limitation of data processing pursuant to art. 17 and 18 of the Regulation;

    - transfer of data pursuant to art. 20 of the Regulation;

    - object to data processing pursuant to art. 21 of the Regulation;

    - withdrawal of consent at any time without affecting the lawfulness of the processing, which was made on the basis of consent before its withdrawal, if the processing of your data is carried out on the basis of art. 6 sec. 1 lit. a) or Art. 9 sec. 2 lit. and);

  3. The Service Recipient (Customer) has the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO) when he considers that the processing of his personal data violates the provisions of the Regulation.

IV. FINAL PROVISIONS

  1. The Online Store may contain links to other websites. The administrator is not responsible for the privacy rules applicable on these websites. The administrator encourages you to read the privacy policy set out there after going to other websites. This privacy policy applies only to the Online Store.

  2. The administrator uses technical and organizational measures to ensure the protection of processed personal data appropriate to the threats and categories of data protected, and in particular protects data against unauthorized access, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.

  3. The Service Provider provides the following technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically:

    - Personal data is sent via a secure SSL protocol,

    - Personal data stored on the Administrator's servers are encrypted, protection against physical access to servers where personal data is stored is provided by the server provider.

    - Encryption of data used to authorize the Service Recipient.

    - Protection of the data set against unauthorized access.

    - Access to the Account only after providing an individual login and password created by the Service Recipient.

  4. The Administrator reserves the right to update and change the Privacy Policy. This is due to the fact that technologies, standards and requirements related to conducting business on the Internet are changing. This means that in the future the Administrator may, and sometimes will have to, introduce modifications to the Privacy Policy. With each change, a new version of the Privacy Policy will appear on the Online Store website and will be in force in the new wording from the date of its placement, but only for new customers visiting the website, making a purchase and agreeing to the new content.

V. COOKIES

In accordance with the regulation of Art. 173, 174 and Art. 209 of the amended Telecommunications Law (Journal of Laws of 21.12.2012, item 1445), we present information on the use of cookies by the 6PAKNUTRITION.COM Online Store - defines the rules for saving and accessing data on Devices of Users using the Website for the purposes of providing electronic services by the Website Administrator. In addition, the Cookie Policy also serves to indicate the period of operation of these files and to determine whether third parties can access such files.

Cookies are understood as text data collected in the form of files placed on the User's Device.

 

Types of cookies used

The administrator uses own cookies for the correct configuration of the website, in particular to:

- adapting the content of the Website pages to the User's preferences and optimizing the use of the Website pages;

- recognize the Website User's device and its location and properly display the website, tailored to its individual needs;

- remembering the settings selected by the User and personalizing the User's interface, e.g. in terms of the selected language or region from which the User comes;

- remembering the history of visited pages on the website in order to recommend content;

- font size, website appearance, etc.

The administrator uses own cookies to authenticate the user on the website and ensure user sessions on the website, in particular to:

- maintaining the Website User's session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage of the Website;

- correct configuration of selected Website functions, enabling in particular verification of the authenticity of the browser session;

- optimizing and increasing the efficiency of services provided by the Administrator.

The administrator uses own cookies to implement the processes necessary for the full functionality of websites, in particular to:

- adapting the content of the Website pages to the User's preferences and optimizing the use of the Website pages. In particular, these files allow to recognize the basic parameters of the User's Device and properly display the website, tailored to his individual needs;

The Administrator uses own cookies to remember the user's location, and in particular to correctly configure selected Website functions, enabling the adjustment of the information provided to the User, taking into account his location.

The Administrator uses own cookies for analysis and research as well as audience audits, in particular to create anonymous statistics that help to understand how Website Users use the Website's websites, which allows improving their structure and content.

The service administrator uses external cookies to log in to the website using the Google social network (administrator of external cookies: Google Inc. based in the USA).

The service administrator uses external cookies to popularize the website using social networking sites plus.google.com (administrator of external cookies: Google Inc. based in the USA).

 

Possibilities to specify the conditions of storage or access by Cookies

The User may independently and at any time change the settings for Cookies, specifying the conditions for their storage and access by Cookies to the User's Device. Changes to the settings referred to in the previous sentence can be made by the User using the web browser settings or using the service configuration. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or inform about each time they are placed on the User's device. Detailed information on the possibilities and ways of handling cookies are available in the software (web browser) settings.

The user may delete cookies at any time using the functions available in the web browser he uses.

Restricting the use of cookies may affect some of the functionalities available on the Website. The data is processed in order to provide services electronically. The administrator may process the data necessary to provide the service. Data that is not necessary to provide the service may be processed by the Administrator only with the consent of the following personal data: e-mail address.

Each User has the right to inspect their data, as well as the right to correct them and request their removal. For this purpose, please write to the address of TREC NUTRITION Spółka z o.o. st. Śmidowicza 48, Gdynia, or by e-mail to [email protected].

The User may delete his/her Account from the Website at any time. With the deletion of the Account, all User data will be permanently and irretrievably deleted.

Submitting a request by the User to delete personal data provided in the Account registration form makes further provision of the service impossible for technical reasons and therefore equivalent to deleting the User's Account.


The period of operation of Cookies and whether third parties can access such files

If we process personal data in a third country (i.e. outside the European Union (EU) or European Economic Area (EEA)) or if this is done in the context of using third party services or if personal data is disclosed or transferred to third parties, this will only be when it will be for the purpose of: fulfilling our (pre-)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal conditions or contractual provisions, we process or transfer personal data in a third country only if the conditions and level of security specified in art. 44-47 GDPR. This means that processing is carried out, for example, on the basis of special guarantees, such as the officially recognized establishment of an EU-equivalent level of data protection or compliance with officially recognized specific contractual obligations (so-called "standard contractual clauses").

Therefore, the Administrator transfers Personal Data outside the EEA only when necessary, ensuring an appropriate level of protection, primarily through:

- cooperation with entities processing Personal Data in countries for which an appropriate decision of the European Commission has been issued regarding the determination of an adequate level of protection of Personal Data;

- the use of standard contractual clauses issued by the European Commission;

- application of binding corporate rules approved by the competent supervisory authority.

The Administrator always informs about the intention to transfer Personal Data outside the EEA at the stage of their collection.

Only in exceptional cases can your full IP address be transferred to a Google server in the USA.