1. The Privacy Policy explains the rules related to the processing of Personal Data of persons using the online store available at: https://shop.supersuper.pl, Customers and visitors to the Store’s website and the rights and obligations of the Data Controller.
2. The Data Controller is: Hanna Kokczyńska, conducting business under the name SUPERSUPER Hanna Kokczyńska, with registered office in Warsaw, ul. Puławska 24 lok. 4, 02-512 Warszawa, registered in the Central Registration and Information on Business Activity under VAT ID (NIP): 5211238853, e-mail: shop@supersuper.pl telephone: +48 602134516 Calling is possible on business days at 10AM-5PM CET (Appears hereafter in the privacy policy as: “Controller”).

1. Scope of personal data processed and purpose of processing

1. Users’ Personal Data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, in order to enable the execution of services and orders through the online store available at: https://shop.supersuper.pl (hereinafter referred to as: Store) and other direct communication between the Controller and Customers.
2. The Controller processes the following Personal Data of the Customers, the provision of which is necessary to use the services of the Controller, i.e.:
   1. name and surname, 
   1. e-mail address,
   1. delivery address, 
   1. telephone number,
3. Processed Customer Data does not constitute Special Category Personal Data as defined in Section 9 of the GDPR, nor does it constitute data relating to convictions and criminal acts as defined in Section 10 of the GDPR.
4. Customers’ Personal Data is processed with their exclusive consent and to the extent covered by such consent. 
5. Giving your consent to the processing of Personal Data is completely voluntary, but failure to give your consent will prevent you from ordering a Preorder, purchasing products offered by the Controller and using other services available in the Store.
6. Consent is given at the time of submitting the Preorder form through the Store, in accordance with the Terms and Conditions available at: https://shop.supersuper.pl/terms (appearing hereafter as: Terms and Conditions);
7. Personal Data of Customers are processed only for the purpose for which they were made available to the Controller, i.e. for the purpose of submitting and accepting or rejecting the Customer’s offer, and subsequently concluding a sales agreement for the indicated products and the execution of the Order and the rights of Customers related to the concluded agreement, including those related to withdrawal therefrom, its termination and recognition of complaints, as well as to enable communication between the Store and the Customer. 
8. Customers’ Personal Data is transferred within the Controller’s company only to authorized employees and associates, solely to the extent necessary for the execution of the purposes specified in the paragraph above. 
9. Personal Data of Customers in the form of e-mail addresses and names indicated thereby may be processed for marketing purposes only after obtaining separate consent of the Customer. Similarly, only with the separate consent of the Customer, the Controller may process the data provided thereto for the purpose of sending commercial information. Marketing consent does not condition the ability to use the services of the Site and to place or execute Orders. 
10. Personal Data of Customers, except for the purposes indicated in this Privacy Policy, will not be shared with third parties in any way, including, in particular, will not be transferred to other entities for the purpose of sending third-party marketing materials. 
11. Personal Data of the Online Store’s Customers is transferred to third countries, outside the European Economic Area only for the purpose for which it was made available to: Google LLC, headquartered in Mountain View, United States, under the so-called EU-U.S. Privacy Shield (hereinafter: Agreement) i.e. in accordance with the European Commission’s decision of July 12, 2016 number IP/16/216, the transfer of Personal Data to entities based in the United States that have joined the Agreement provides an adequate degree of protection for Personal Data, in accordance with Section 45 of the Regulation.

II. Managing data processing consent

1. The Customer is entitled to withdraw the consent given for the processing of the Personal Data provided thereby at any time.
2. Withdrawal of the consent does not affect the lawfulness of the processing of Personal Data performed before the withdrawal. 
3. Consent can be withdrawn by sending an email to: shop@supersuper.pl

III. Time of Personal Data processing

1. Customers’ Personal Data is retained for as long as it is useful for the purposes for which it was provided. Storage lasts no less than:
   1. until the expiration of the statute of limitations for mutual claims of the Controller and Customers, including, in particular, claims related to payment and warranty and guarantee for the goods sold,
   1. for the period during which the Controller is obliged to process the data under applicable law, 

depending on which period lasts longer. However, in the case of data processed on the basis of consent, its processing lasts no longer than until it is revoked.

IV. Personal Data Management by the Customer 

1. Customers have rights to:
2. access their Personal Data and receive a copy of it,
3. rectify (correct) their Personal Data,
4. delete Personal Data,
5. Customers also have the right to request restriction of the processing of the provided Personal Data only to their storage or performance of separately agreed activities, if:
   1. in the opinion of the Customer, the processed data is incorrect or processed unfoundedly; 
   1. The Customer does not want their Personal Data to be deleted because they need it to establish, assert or defend their claims; 
   1. The Customer has objected to the processing of their data – for the duration of the processing of the objection.
6. Customers also have the right to transfer Personal Data. Customers have the right to request to receive their Personal Data from the Controller in a structured, commonly used machine-readable format (e.g., in .csv format) that pertains to them or that they themselves have provided. The Customer may instruct the Controller to transfer this data directly to another entity,
7. Customers may file a complaint with the supervisory authority whenever they come to a belief or doubt that the processing of Personal Data is unlawful, they may file a complaint to the President of the Personal Data Protection Authority on this matter. 
8. Exercising the Customer’s rights requires directing a specific request to the Administrator – for example, in the form of an e-mail to the address indicated above. The demand does not require justification, but it should be formulated in a clear and specific manner.
9. At the same time, the Administrator instructs Customers that before the execution of their rights, the Administrator will be required to ascertain and verify that the User is entitled to the formulated requests.

V. Newsletter

• Users may provide and consent to process their data: e-mail address, name and surname for the purpose of receiving a Newsletter from the Administrator. The Newsletter includes the Administrator’s commercial information.
• Providing the above enumerated Customer data is voluntary, but necessary in order to receive and use the Newsletter.
• The Newsletter will be sent and the above-mentioned data processed until:
  • the User resigns from the Newsletter,
  • the User raises an objection.
• The data provided by the User will be processed for the purposes of:
  • implementation of the Newsletter service,
  • marketing of the Administrator’s products and services within the scope of his legitimate interest,
  • data archiving pursuant to Art. 6 section 1 letter f GDPR.
• The Newsletter service provider is Mailer Lite.
• The data provided by the Customer will not be transferred by the Administrator outside the European Economic Area.
• The User may unsubscribe from the Newsletter at any time by clicking the unsubscribe link located in the footer of each campaign.

VI. Validity and change of privacy policy

1. Privacy policy is effective as of 1^st of July 2024.
2. Customers who have provided their data to the Administrator prior to the publication of the new privacy policy on the website will be informed of the changes by e-mail, to the e-mail address indicated so far, and if they do not accept the changes, they may resign from further use of the Store and request deletion of their data. The revised Privacy Policy will also be made available on the Controller’s website.
3. The amendment to the Privacy Policy shall not affect the rights and obligations of the parties, or other circumstances, occurring before the amendment came into force, unless otherwise provided by generally applicable law.

VII. “Cookies” Policy

1. The store uses “Cookies”, which are necessary for its operation, as well as statistical and functional cookies. 
2. “Cookies” are IT data, in particular short text files, stored by the web browser or directly in the users’ terminal equipment intended for use of the websites. These cookies allow us to recognize the user’s device and appropriately display a website tailored to the user’s individual preferences. Cookies usually contain the name of website of their origin, time of storing them on the end device and unique number.
3. Cookies are used for the following purposes: to create statistics, to maintain the session of the Customer and visitors to the Store, to determine their profile in order to display tailored materials in advertising networks.
4. The Store uses two main types of cookies: session cookies and persistent cookies. Session files are temporary files that are stored on the user’s terminal device until the user logs out, leaves the Store or shuts down the software (web browser). Persistent files are stored in the user’s terminal device for the time specified in the parameters of cookies or until they are manually deleted by the user.

• Customers and visitors to the Online Store can change the settings for storing cookies in the web browser they use. Web browsers allow Users to delete cookies. For details, please refer to the help or documentation of your web browser.

• In accordance with the applicable provisions of the Act of July 16, 2004. Telecommunications Law (JoL 2004 No. 171 item 1800, as amended), in particular Section 173(2), a user has the right to decide on the access of cookies to their end device by setting the appropriate settings (rights) for these files in the settings window of their web browser.

VIII. Final provisions

A change in the privacy policy or cookie policy shall not affect the rights and obligations of the parties, or other circumstances, occurring prior to the entry into force of the change, unless otherwise provided by generally applicable law. The revised Privacy Policy will also be made available on the Controller’s website.