1. This Privacy Policy sets out the rules for the processing of personal data obtained through the online store shop.bregus.pl (hereinafter: the “Online Store”).

2. The owner of the Store and the data administrator at the same time is Bregus Sp. z o.o. Sp.K. with headquarters in Warsaw (02-684), ul. Puławska 284, entered into the National Court Register at the District Court for the Capital City of Warszawy, XIII Commercial Division, hereinafter referred to as Bregus.

3.Personal data collected by Bregus via the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), also known as GDPR.

4. Bregus takes special care to respect the privacy of customers visiting the Online Store.

§ 1 Type of data processed, purposes and legal basis

1. Bregus collects information on natural persons performing legal transactions not directly related to their business, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to which the law grants legal capacity, hereinafter jointly referred to as Clients. .

2. Customers’ personal data is collected in the case of:

a) using the chat service in order to perform a contract the subject of which is a service provided electronically. Legal basis: necessity to perform the chat service agreement (Article 6 (1) (b) of the GDPR);

b) registering an account in the Online Store in order to create an individual account and manage this account. Legal basis: necessity to perform the contract for the provision of the Account service (Article 6 (1) (b) of the GDPR);

c) placing an order in the Online Store in order to perform the sales contract. Legal basis: necessity to perform the sales contract (Article 6 (1) (b) of the GDPR);

d) subscribing to the newsletter (Newsletter) in order to perform the contract the subject of which is the service provided electronically. Legal basis – consent of the data subject to perform the contract for the provision of the Newsletter service (Article 6 (1) (A) of the GDPR);

e) using the service, submit an opinion in order to perform the contract the subject of which is a service provided electronically. Legal basis – necessity to perform the service contract, submit your opinion (Article 6 (1) (b) of the GDPR).

f) using the service, ask about the product in order to perform the contract the subject of which is a service provided electronically. Legal basis: necessity to perform the service contract ask about the product (Article 6 (1) (b) of the GDPR);

g) customer satisfaction surveys. Legal basis: the necessity of processing to implement the legally justified interest of Bregus, consisting in providing and maintaining high-quality service and the level of customer satisfaction with products and services (Article 6 (1) (f) of the GDPR).

3. In the case of using the chat, the Customer may provide the following data:

a) e-mail address;

b) first name.

4. In the case of registering an account in the Online Store, the Customer provides:

a) e-mail address;

b) name and surname.

5. When registering an account in the Online Store, the Customer independently sets an individual password to access his account. The customer may change the password at a later time, on the terms described in §6.

6. When placing an order in the Online Store, the Customer provides the following data:

a) e-mail address;

b) address details:

a. zip code and city;

b. country (state);

c. street with house / flat number.

c) name and surname;

d) telephone number.

7. In the case of Entrepreneurs, the above scope of data is additionally extended by:

a) the Entrepreneur’s company;

b) tax identification number.

8. In the case of using the Newsletter service, the Customer provides his e-mail address or telephone number – according to the Customer’s choice.

9. If you use the service to post your opinion, the Customer provides the following data:

a) e-mail address;

b) first name.

10. When using the service, ask about the product, the customer only provides his e-mail address.

11. In the case of customer satisfaction surveys, Bregus processes the following data:

a) e-mail address;

b) the order number.

12. When using the Store’s Website, additional information may be downloaded, in particular: the IP address assigned to the Customer’s computer or the external IP address of the Internet provider, domain name, browser type, access time, type of operating system.

13. Navigational data may also be collected from customers, including information about links and references in which they decide to click or other activities undertaken in the Online Store. Legal basis – a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in facilitating the use of electronic services and improving the functionality of these services.

14. In order to determine, investigate and enforce claims, some personal data provided by the Customer may be processed as part of using the functionality in the Online Store, such as: name, surname, data regarding the use of services, if the claims result from the manner in which the Customer uses services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in establishing, investigating and enforcing claims and defending against claims in proceedings before courts and other state authorities.

15. The transfer of personal data to Bregus is voluntary, in connection with the concluded sales contracts or the provision of services via the Store’s Website, with the reservation, however, that failure to provide the data specified in the forms in the Registration process prevents Registration and setting up a Customer Account, and in in the case of placing an order without registering the Customer Account, it will prevent the submission and implementation of the Customer’s order.

§ 2 Who is the data shared or entrusted to and how long is it stored?

1. The Customer’s personal data is provided to service providers that Bregus uses to run the Online Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, either are subject to Bregus’ instructions as to the purposes and methods of processing such data (processors) or independently define the purposes and methods of their processing (administrators).

a) Processors. Bregus uses suppliers who process personal data only on the instructions of Bregus. They include, among others providers providing hosting services, accounting services, providing marketing systems, systems for testing customer satisfaction, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns;

b) Administrators. Bregus uses suppliers who do not act solely on the instructions and set the goals and methods of using Customers’ personal data themselves. They provide electronic payment and banking services.

2. Location. Service providers are based in Poland and other countries of the European Economic Area (EEA).

3. Customers’ personal data are stored:

a) If the basis for the processing of personal data is consent, the Customer’s personal data are processed by Bregus until the consent is revoked, and after the consent is revoked for a period of time corresponding to the period of limitation of claims that may be raised by Bregus and which may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.

b) If the basis for data processing is the performance of the contract, then the Customer’s personal data is processed by Bregus as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.

4. If a purchase is made in the Online Store, personal data may be transferred, depending on the Customer’s choice, to the following entities in order to deliver the ordered goods:

a) a courier company;

b) InPost Paczkomaty Sp. z o.o. based in Kraków, providing delivery and service of the post office box system (Paczkomaty);

c) Poczta Polska S.A. based in Warsaw;

d) Ruch S.A. based in Warsaw, providing delivery services at points of sale.

5. If the Customer selects payment via the Przelewy24.pl system, his personal data is transferred to the extent necessary for the payment to PayPro S.A. with its registered office in Poznań (60-327 Poznań, ul. Kanclerska 15), entered into the register of entrepreneurs kept by the District Court Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the number KRS 0000347935, NIP 7792369887, Regon 301345068.

6. The navigation data may be used to provide customers with better service, statistical data analysis and adaptation of the Online Store to Customer preferences, as well as to administer the Online Store.

7. If the Customer subscribes to the newsletter, Bregus will send electronic messages to his e-mail address containing commercial information about promotions and new products available in the Online Store.

8. In the event of a request, Bregus provides personal data to authorized state authorities, in particular to organizational units of the prosecutor’s office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Cookies mechanism, IP address

1. The Online Store uses small files called cookies. They are saved by Bregus on the end device of the person visiting the Online Store, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its “expiry time” and an individual, randomly selected number identifying this file. Information collected by means of this type of files helps to adjust the products offered by Bregus to the individual preferences and real needs of visitors to the Online Store. They also enable the development of general statistics of visits to the presented products in the Online Store.

2. Bregus uses two types of cookies:

a) Session cookies: after the end of the browser session or the computer is turned off, the saved information is deleted from the device’s memory. The mechanism of session cookies does not allow the collection of any personal data or any confidential information from clients’ computers.

b) Permanent cookies: they are stored in the memory of the Customer’s end device and remain there until they are deleted or expired. The persistent cookie mechanism does not allow the collection of any personal data or any confidential information from the clients’ computer.

3. Bregus uses own cookies for the purpose of:

a) authenticating the Customer in the Online Store and ensuring the Customer’s session in the Online Store (after logging in), thanks to which the Customer does not have to re-enter the login and password on each subpage of the Online Store;

b) analysis and research as well as audience audit, in particular to create anonymous statistics that help to understand how Customers use the Store’s Website, which allows improving its structure and content.

4. Bregus uses external cookies for the purpose of:

a) the presentation of the Reliable Certificate Regulations via the reliableregulamin.pl website (administrator of external cookies: Rzetelna Grupa sp.z o.o.with its registered office in Warsaw);

b) presentation on the Website of a map showing the location of the Bregus office, using the maps.google.com website (external cookie administrator: Google Inc. based in the USA);

c) collecting general and anonymous static data via Google Analytics analytical tools (external cookie administrator: Google Inc., based in the USA);

d) presenting advertisements tailored to the Customer’s preferences using the Google AdSense online advertising tool (external cookie administrator: Google Inc. based in the USA);

e) collecting general and anonymous static data via IdoSell analytical tools (administrator of external cookies: IAI SP. Z O.O. based in Szczecin).

5. The cookie mechanism is safe for the computers of the Online Store Customers. In particular, it is not possible for viruses or other unwanted software or malicious software to enter the Customers’ computers in this way. However, in their browsers, customers have the option to limit or disable the access of cookies to computers. If you use this option, the use of the Online Store will be possible, except for functions that, by their nature, require cookies.

6. Below we present how you can change the settings of popular web browsers in the use of cookies:

a)  Internet Explorer browser;

b) Microsoft EDGE browser;

c) Microsoft EDGE browser;

d) Chrome browser;

e) Safar browser;

f) Opera browser.

7. Bregus may collect Clients’ IP addresses. An IP address is a number assigned to the computer of a visitor to the Online Store by an internet service provider. The IP number allows you to access the Internet. In most cases, it is assigned dynamically to the computer, i.e. it changes every time you connect to the Internet. The IP address is used by Bregus when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we receive the most visits), as information useful in administering and improving the Online Store, as well as for security purposes and possible identification of server loads, unwanted automatic programs for viewing the content of the Online Store.

8. The Online Store contains links and references to other websites. Bregus is not responsible for the privacy practices applicable to them.

§ 4 Rights of data subjects

1. The right to withdraw consent – legal basis: art. 7 sec. 3 GDPR.

a) The customer has the right to withdraw any consent given by Bregus.

b) Withdrawal of consent is effective from the moment of withdrawal of consent.

c) Withdrawal of consent does not affect the processing carried out by Bregus in accordance with the law before its withdrawal.

d) Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of services or functionalities that, according to the law, Bregus may only provide with consent.

2. The right to object to data processing – legal basis: art. 21 GDPR.

a) The customer has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data, including profiling, if Bregus processes his data based on a legitimate interest, e.g. marketing of Bregus products and services, statistics on the use of individual functionalities of the Online Store and facilitating the use of the Online Store, as well as a satisfaction survey.

b) Resignation in the form of an e-mail from receiving marketing messages regarding products or services will mean the Customer’s objection to the processing of his personal data, including profiling for these purposes.

If the Customer’s objection turns out to be justified and Bregus has no other legal basis to process personal data, the Customer’s personal data will be deleted, the processing of which has been objected by the Customer.

3. The right to delete data (“the right to be forgotten”) – legal basis: art. 17 GDPR.

a) The customer has the right to request the deletion of all or some personal data.

b) The customer has the right to request the deletion of personal data if:

a. personal data are no longer necessary for the purposes for which they were collected or processed;

b. withdrew a specific consent to the extent to which personal data were processed based on his consent;

c. he objected to the use of his data for marketing purposes;

personal data is processed unlawfully;

d. personal data are processed unlawfully;

e. personal data must be deleted in order to comply with a legal obligation provided for in the law of the Union or the law of the Member State to which Bregus is subject;

f. personal data has been collected in relation to the offering of information society services.

4. The right to limit data processing – legal basis: art. 18 GDPR.

a) The customer has the right to request the restriction of the processing of his personal data. Submitting a request, pending its consideration, prevents the use of certain functionalities or services, the use of which will involve the processing of data covered by the request. Bregus will also not send any messages, including marketing messages.

b) The customer has the right to request the restriction of the use of personal data in the following cases:

a.when he questions the correctness of his personal data – then Bregus limits their use for the time needed to verify the correctness of the data, but no longer than for 7 days;

b.when the processing of data is unlawful, and instead of deleting the data, the Customer will request the restriction of their use;

c. when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Customer to establish, assert or defend claims;

d. when he has objected to the use of his data – then the restriction takes place for the time needed to consider whether – due to the special situation – the protection of the client’s interests, rights and freedoms outweighs the interests that the Administrator performs when processing the client’s personal data.

5. The right to access data – legal basis: art. 15 GDPR.

a) The Customer has the right to obtain confirmation from the Administrator whether he processes personal data, and if this is the case, the Customer has the right to:

a. obtain access to your personal data;

b. obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of these data, the planned period of storage of the Customer’s data or the criteria for determining this period (when it is not possible to specify the planned period of data processing), about the rights of the Customer under GDPR and the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision making, including profiling, and about the security measures applied in connection with the transfer of this data outside the European Union;

c. obtain a copy of your personal data.

6. The right to rectify data – legal basis: art. 16 GDPR.

a) The customer has the right to request the Administrator to immediately correct his personal data that is incorrect. Taking into account the purposes of processing, the data subject has the right to request supplementing incomplete personal data, including by submitting an additional statement, directing the request to the e-mail address in accordance with §7 of the Privacy Policy.

7. The right to data portability – legal basis: art. 20 GDPR.

a) The customer has the right to receive his personal data, which he provided to the Administrator, and then send them to another personal data administrator of his choice. The customer also has the right to request that personal data be sent by the Administrator directly to such an administrator, if technically possible. In this case, the Administrator will send the Customer’s personal data in the form of a csv file, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data administrator.

8. In the event that the Customer exercises the right resulting from the above rights, Bregus fulfills the request or refuses to comply with it immediately, but not later than within one month after receiving it. However, if – due to the complexity of the request or the number of requests – Bregus will not be able to meet the request within one month, it will comply with it within the next two months, informing the Customer within one month of receiving the request – about the intended extension and its reasons.

9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.

10. The Customer has the right to request Bregus to provide copies of standard contractual clauses by directing the inquiry in the manner indicated in §7 of the Privacy Policy.

11. The customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding the violation of his rights to the protection of personal data or other rights granted under the GDPR.

§ 5 Services tailored to preferences and interests (profiling)

1. Profiling means any form of automated Personal Data Processing, which consists in the use of Personal Data to evaluate certain personal factors of a Natural Person, in particular to analyze or forecast aspects related to the effects of work of that Natural Person, its economic situation, health, personal preferences, interests, reliability, behavior, location or movement.

2. Customers’ personal data may be processed in an automated manner (profiling), however, it will not have any legal effects on them or similarly significantly affect the situation of customers.

3. Profiling of personal data by Bregus consists in the processing of customer data in an automated and manual manner, by using them to evaluate certain information about the customer, in particular to analyze or forecast his personal preferences and interests.

4. In order to reach the Customer with marketing messages outside the Online Store Website, Bregus uses the services of external suppliers. These services consist in displaying marketing messages on websites other than the Online Store Website. For this purpose, external suppliers install, for example, an appropriate code or pixel to download information about the Customer’s activity on the Online Store Website. Details on the cookies used can be found in §3. Legal basis – a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in adjusting marketing messages to preferences and interests.

5. In order to reach the Customer with marketing messages via the Online Store Website, Bregus uses the services of external suppliers. These services consist in displaying marketing messages on the Online Store Pages. For this purpose, external suppliers install, for example, an appropriate code or pixel to download information about the Customer’s activity on the Online Store Website. Details on the cookies used can be found in §3. Legal basis – a legitimate interest (Article 6 (1) (f) of the GDPR), consisting in adjusting marketing messages to preferences and interests.

§ 6 Security management – password

1. Bregus provides the Customers with a secure and encrypted connection during the transfer of personal data and when logging in to the Customer Account on the Website. Bregus uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data sent over the Internet.

2. In the event that the Customer who has an account in the Online Store has lost the access password in any way, the Online Store allows you to generate a new password. Bregus does not send a password reminder. The password is stored in an encrypted form in a way that prevents its reading. In order to generate a new password, please provide your e-mail address in the form available under the link “I forgot my login or password”, provided next to the account login form in the Online Store. To the e-mail address provided during registration or saved in the last change of the account profile, the Customer will receive an e-mail containing a redirection to a dedicated form available on the Store’s Website, where the Customer will be able to set a new password.

3. Bregus never sends any correspondence, including e-mails asking for login details, in particular the access password to the Client’s account.

§ 7 Changes to the Privacy Policy

1. The Privacy Policy may change, of which Bregus will inform Clients 7 days in advance.

2. Please send any questions related to the Privacy Policy to the following address: biuro@bregus.pl

3. Date of the last modification: 09/02/2021.