The data controller responsible for processing your personal data is:

Sansei Ltd. ul. Św. Rocha 39a/14 35-330 Rzeszów Tax Identification Number (NIP): 8133886455, National Business Registry Number (REGON): 52333398100000, registered by the District Court in Rzeszów, XII Commercial Division of the National Court Register under KRS number: 0000995652 with a share capital of 15,000 PLN shop@sansei.eu

Thank you for your interest in our online store. Protecting your privacy is very important to us. Below you will find detailed information on how we handle your data.

Access Data and Hosting

You can visit our websites without providing any personal data. Each time a webpage is called up, the server automatically saves only so-called server logs, such as the name of the requested file, your IP address, date and time of access, amount of data transferred and the internet service provider making the request (so-called access logs), and documents the page access. This data is analyzed exclusively to ensure the proper functioning of our website and to improve our offer. In accordance with Art. 6 Para. 1(f) GDPR, this serves to safeguard our legitimate interest in an optimal and correct presentation of our website and our offers.

Hosting

The services for hosting and displaying the website are partially provided on our behalf by our service providers within the framework of data processing on our behalf. Unless otherwise stated in this privacy policy, all access data and data collected in forms provided for this purpose on our website will be processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please contact us. You can find our contact details in the section “Our contact details and your rights”.

Collection and Processing of Data for Contract Performance and Contact Purposes

2.1 Data Processing for Contract Performance

Processing your personal data enables us to provide services including maintaining your account, fulfilling orders, contact related to contract performance, and sending marketing information (including newsletters). Personal data will be stored for the duration of the contract and for a period consistent with applicable regulations, taking into account the statute of limitations for claims and tax obligations. Personal data, for the processing of which you have given your consent, will be stored until you withdraw your consent.

We process personal data voluntarily provided by you during the ordering process to fulfill the contract (including inquiries regarding warranty claims, guarantees, and the obligation to inform about necessary updates). The legal basis for this is Art. 6 Para. 1(b) GDPR. Mandatory fields are marked as such because they involve data that is necessary to fulfill the order, and without this data, we cannot complete the order. What data is collected directly results from the forms into which data is entered.

Further information on the processing of your data, in particular regarding the transfer of data to our service providers for order fulfillment, payments, and shipping, can be found in the subsequent parts of this privacy policy. After the contract is completed, the processing of your data will be restricted, and after the storage periods required by tax laws and accounting regulations have expired, the data will be deleted (Art. 6 Para. 1(c) GDPR), unless you have expressly consented (Art. 6 Para. 1(a) GDPR) to further use of this data for other purposes or we reserve the right to further use the data in legally permitted cases, about which we inform you in this privacy policy. The administrator commits to making every effort to ensure the proper security of the customer’s personal data.

Inventory Management System

To handle orders and fulfill contracts, we also use an external inventory management system. In this regard, our service providers provide services for us within the framework of a data processing agreement. If you have any questions about our service providers and the basis of our cooperation with them, please contact us. You can find our contact details in the section “Our contact details and your rights”.

2.2 Customer Account

If you give your consent in accordance with Art. 6 Para. 1(a) GDPR to create a customer account, we will process your personal data necessary for this purpose. They will also be used for future orders on our website. Your customer account can be deleted at any time. To do this, please send a message to our contact address provided in the section “Our contact details and your rights” or use the appropriate function in the customer account settings. After the deletion of your customer account, the processing of your data will be restricted, and after the expiration of the storage periods specified in tax regulations and accounting laws, the data will be deleted (Art. 6 Para. 1(c) GDPR), unless you have expressly consented (Art. 6 Para. 1(a) GDPR) to further use of this data or we reserve the right to further use the data in other legally permitted cases, about which we will inform you in this privacy policy.

2.3 Processing Data for Contact Purposes

In the course of communicating with customers, we process personal data to handle your inquiries (Art. 6 Para. 1(b) GDPR). You voluntarily provide us with this data when contacting us (e.g., via the contact form, newsletter, or email). Required fields are marked as such because they relate to data that is necessary to process the inquiry. The specific data collected is directly evident from the forms into which the data is entered. Once your inquiry has been fully processed, your data will be deleted, unless you have expressly consented (Art. 6 Para. 1(a) GDPR) to further use of this data for other purposes or we reserve the right to further use the data in other legally permitted cases, about which we will inform you in this privacy policy.

3 Processing Data for Delivery Purposes

To fulfill the contract (Art. 6 Para. 1(b) GDPR), we pass on your data to the shipping company selected during the order process, which has been commissioned to deliver the ordered products.

4 Processing Data for Payment Purposes

To process payments in our online store, we cooperate with external service providers handling online electronic payments and pass on your data to the payment processing company selected during the order process. This is for the purpose of contract execution (Art. 6 Para. 1(b) GDPR). Through our store, customers can choose the following payment methods for the ordered goods: BLIK payments, credit card, electronic transfer via the external payment system imoje, operated by ING Bank Śląski S.A. based in Katowice.

Processing Data to Prevent Abuse and Optimize Payments

In some situations, we may provide our service providers with additional information that they can use in conjunction with the information necessary to process the payment. These service providers then act on our behalf as data processors and provide us with services to prevent abuse and optimize payment processes (e.g., invoicing, analysis of rejected payments, accounting support). In accordance with Art. 6 Para. 1(f) GDPR, this serves to realize our legitimate interests in protection against abuse and fraud as well as in efficient payment management.

5 Marketing Channels: Email

If you subscribe to our newsletter, we will use the data you provide to send our newsletter electronically on a regular basis, based on the consent you have given (Art. 6 Para. 1(a) GDPR).

You can unsubscribe from the newsletter at any time. To do this, you can send a message to our contact address listed in the “Our Contact Details and Your Rights” section or use the unsubscribe link provided in the newsletter. After unsubscribing from the newsletter, we will delete your email address unless you have expressly consented (Art. 6 Para. 1(a) GDPR) to further use of this data for other purposes, or we reserve the right to further use the data in other legally permitted cases, about which we will inform you in this privacy policy.

5.1 Sending the Newsletter

5.2 Sending Invitations to Submit Purchase Reviews

If you have given your consent during or after placing an order (Art. 6 Para. 1(a) GDPR), we will use your email address to send you an electronic invitation to review the purchase made in our store. The submission of reviews/ratings is carried out via the review system we use. You can withdraw your consent at any time by sending a message to our contact address listed in the “Our Contact Details and Your Rights” section. Alternatively, you can also use the unsubscribe link provided in the review invitation message.

The invitations to submit reviews are sent by our service provider WP Desk Ltd, Unit 4e Enterprise Court, Farfield Park Rotherham, England, S63 5DB, Company number: 09710381. In the course of sending invitations, we receive information about the status from the ShopMagic application (e.g. whether a particular invitation to submit a review has been sent and whether it has reached the recipient). This is done in accordance with Art. 6 Para. 1(f) GDPR to realize our legitimate interest, which is to receive information about the status of review invitations in order to be able to optimize based on this information if necessary, as well as to realize the legitimate interest of the application, which is to offer this service.

We are responsible for sending the invitations to submit reviews, as well as for collecting and displaying information related to reviews, ratings, or status.

6 Cookies and Similar Technologies General Information

To enhance your visit to our website and to enable you to use its key features, we employ technological tools, including so-called cookies. Cookies are small text files that are automatically saved on your end device. Some of the cookies we use are deleted at the end of the internet browser session, i.e., when it is closed (so-called session cookies). Other cookies are stored on your end device and allow us to recognize your browser the next time you visit the site (so-called persistent cookies).

End Device Privacy Protection

While using our online services, we utilize technologies that are absolutely essential for proper and optimal use of the necessary functions of our website. In this context, storing information on the user’s end device or accessing information already stored on it does not require the user’s consent.

For functions that are not absolutely necessary, storing information on the user’s end device or accessing information already saved on it requires the user’s consent. Please note that if consent is not given, some functions or elements of the site may not be fully available. Any consents given by the user remain valid until they are withdrawn, settings are configured, or relevant settings on the end device are reset.

Further Processing of Data Using Cookies and Other Technologies

We use technologies that are absolutely essential for proper and optimal use of the necessary functions of our website (e.g., the shopping cart function). These technologies process data such as your IP address, time of visit to the site, information about the device and browser, as well as information about the use of our website (e.g., content of the shopping cart). This serves to realize our legally justified interest in optimal presentation of our offer in accordance with Article 6(1)(f) of the GDPR.

In addition, we also use technological tools to fulfill legal obligations we are subject to (e.g., to prove consent to process your personal data), as well as for web analytics and internet marketing. Further information on this, including the relevant legal bases for data processing, can be found in the following sections of this privacy policy.

If we have received your consent (Article 6(1)(a) of the GDPR) to use specific technological tools, you can withdraw it at any time. To withdraw consent, please contact us using the contact details provided in the “Our Contact Details and Your Rights” section.

7 Use of Cookies and Similar Technological Tools

If you have given your consent (Article 6(1)(a) GDPR), we use the cookies and other similar technological tools from external service providers listed below on our website. Once the processing purpose is achieved and the use of a specific technological tool ends, the data collected through these tools will be deleted. Your consent can be withdrawn at any time. Further information can be found on the individual service providers’ pages. If you have any questions about our service providers and the basis of our cooperation with them, please contact us. Contact details can be found in the “Our Contact Details and Your Rights” section.

7.1 Use of Google Services

We use the technological tools from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) as listed below. Information automatically collected by Google technology regarding the use of our website is usually transmitted to and stored on Google LLC servers at 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The European Commission has not issued a decision on an adequate level of data protection for the USA. Our cooperation is based on the standard data protection clauses adopted by the European Commission. If, in the course of using Google technological tools, your IP address is processed, it is shortened before being saved on Google’s servers thanks to the enabled IP anonymization. Only in exceptional cases is the full IP address transmitted to Google’s server and shortened there. Unless specified otherwise for the individual Google technologies described in this privacy policy, data processing is carried out based on the agreement for joint administration of personal data concluded with Google in accordance with Article 26 of the GDPR. Further information on data processing by Google can be found in Google’s privacy policy.

Google Analytics

For the purpose of analyzing the use of our website, we employ Google Analytics – a web analytics tool provided by Google that automatically processes your data (IP address, time spent on the site, device and browser information, as well as information on how you use our website) and creates pseudonymized user profiles based on this data. Cookies may be used for this purpose. As a general rule, your IP address is not merged with other data collected by Google. Data processing within the Google Analytics service is based on a data processing agreement concluded with Google.

To optimize and enhance our website’s offerings, we have also activated data sharing settings for “Google products and services”. This allows Google to access data collected and processed within the Google Analytics service and use it to improve Google’s products and services. Sharing data with Google for this purpose is based on an additional agreement between data controllers. We have no control over Google’s subsequent data processing.

Google Ads

With the help of Google Ads, we promote our website in search results and on third-party sites. To this end, when you visit our website, a remarketing cookie from Google is automatically stored on your device, which allows for the display of interest-based ads based on the pages you visit by processing your data (IP address, time spent on the site, device and browser information, as well as information on how you use our website) using a pseudonymous identifier (ID). Further data processing only occurs if you have activated the option for personalized ads in your Google account settings. In this case – if you are simultaneously logged into Google during your visit to our website – Google will use your data together with data collected as part of the Google Analytics service to create and define so-called target group lists for remarketing purposes across different devices.

For web analytics purposes, we use the Google Ads Conversion Tracking tool to measure and analyze your behavior when you visit our website via an ad within the Google Ads tool. For this, cookies may be used and data such as IP address, time spent on the site, device and browser information, as well as information on how you use our website (e.g., visiting the website or subscribing to the newsletter) may be processed. Pseudonymized user profiles are then created based on this data.

YouTube Video Plugin

For the purpose of integrating third-party content via the YouTube video plugin – when playing a video, Google processes the following data: IP address, time of visit, and user device and browser information.

7.2 Utilizing Facebook Services Facebook Pixel

We use the Facebook Pixel tool provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). The scope of functionalities of the Facebook Pixel tool utilized by us is specified below. Facebook Pixel automatically collects and stores data (your IP address, time of visit on the website, device and browser information, as well as information regarding your usage of our website, e.g., visiting the website or signing up for the newsletter). Based on this data, pseudonymized user profiles are subsequently created.

Within the so-called Extended Data Matching in Facebook Analytics, hashed information that can identify individuals (e.g., first and last names, email addresses, and phone numbers) is also collected and stored for comparison purposes.

For this purpose, during your visit to our website, the Facebook Pixel saves a cookie on your device, which, using a pseudonymous Cookie-ID, enables automatic recognition of your browser when visiting other websites. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activity and provide other services related to your use of websites, particularly for the purpose of personalized advertising. Information automatically collected by Facebook technologies about how you use our website is usually transmitted to and stored on Facebook, Inc.’s server at 1601 Willow Road, Menlo Park, California 94025, USA. The European Commission has not issued a decision confirming an adequate level of data protection with respect to the USA. To the extent that the transfer of data to the USA is within our responsibility, our cooperation is based on the standard contractual clauses of the European Commission. For further information on data processing by Facebook, please refer to Facebook’s privacy policy.

Facebook Analytical Tools

As part of the Facebook Business tools, based on the data collected via the Facebook Pixel code regarding your use of our website, user activity statistics on our site are created. Data processing by Facebook takes place based on a data processing agreement. The analysis of data (usage statistics) serves to optimize and enhance the appeal of our website.

Facebook Ads (Ad Management)

Facebook Ads allows us to advertise our website on Facebook and other platforms. We set the parameters of a given advertising campaign. Facebook is responsible for its precise implementation, and in particular for the decision to display a given ad to individual users. Unless otherwise specified for individual functions and tools, data processing takes place based on an agreement on joint management of personal data in accordance with Article 26 of the GDPR. Joint responsibility is limited to the collection of data and their transfer to Facebook Ireland. It does not cover subsequent processing of data by Facebook Ireland.

Based on statistics created using the Facebook Pixel tool regarding user activity on our websites, we conduct ad broadcasts to the appropriate audience through the Facebook Custom Audience function, defining the profile/characteristics of the target group. Within the extended data matching function (see above), Facebook acts as a data processor on our behalf.

Based on the pseudonymous Cookie-ID saved by the Facebook Pixel and the collected information about user activity on our website, we create personalized ads via the Facebook Pixel Remarketing function.

For the purposes of web analytics and optimizing our offer – using the Facebook Pixel Conversions function, we analyze the activity of users who visit our website via ads displayed as part of the Facebook Ads service. Data processing by Facebook takes place based on a data processing agreement.

9 Social Media

9.1 Social Media Plugins: Facebook (Meta), Twitter, Instagram (Meta)

On our website, so-called plugins (buttons) of social media services are used. These plugins are available via an HTML link, ensuring that when you visit our page containing such plugins (buttons), an automatic, direct connection to the servers of the operator of the respective social media service is not established. When you click on one of the buttons (plugin), a new window of your browser will open displaying the page of the respective social media service, where you can approve the use of the given button, e.g., “Like” or “Share”.

9.2 Our activity on social media: Facebook, Twitter, Instagram, YouTube

If you have given consent to a specific social media platform (Art. 6 para. 1(a) GDPR), when visiting our account/profile on the aforementioned social media platforms, your data will be automatically collected and stored for web analytics and marketing purposes. Based on this data, pseudonymous user profiles are created. They may be used, for example, to display personalized ads within and outside of the social media platforms, which are likely to match your interests. Cookies are typically used for this purpose.

Detailed information regarding the processing and use of your data by each social media platform, as well as information about your rights and configuration options regarding privacy, and contact details for inquiries, can be found in the privacy policies of the respective social media services linked below. If you need assistance in this regard, you can also contact us.

Facebook (by Meta) is a social media service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Automatically processed information about your activity and how you use our Facebook fan page is typically transmitted to the server of Meta Platforms Ireland, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. The European Commission has not issued a decision affirming an adequate level of data protection in relation to the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing related to visiting the Facebook fan page takes place in accordance with Article 26 GDPR, based on the joint arrangements of co-administrators, which are available here. Further information regarding the processing of your personal data during the visit to the Facebook fan page (information on page statistics features) is available here.

Twitter is a social media service provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”). Automatically processed information about your activity and how you use our Twitter profile is typically transmitted to the server of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, and stored there. The European Commission has not issued a decision affirming an adequate level of data protection in relation to the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission.

Instagram (by Meta) is a social media service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Automatically processed information about your activity and how you use our Instagram fan page is typically transmitted to the server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, and stored there. The European Commission has not issued a decision affirming an adequate level of data protection in relation to the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing related to visiting the Instagram fan page takes place in accordance with Article 26 GDPR, based on the joint arrangements of co-administrators. Further information regarding the processing of your personal data during the visit to the Instagram fan page is available here.

YouTube is a social media service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Automatically processed information about your activity and how you use our YouTube profile is typically transmitted to the server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. The European Commission has not issued a decision affirming an adequate level of data protection in relation to the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission.

10 Our Contact Information and Your Rights 10.1 Your Rights

Individuals whose data is processed have the following rights:

  • pursuant to Art. 15 GDPR: the right to obtain information about data processing to the extent specified in this article;
  • pursuant to Art. 16 GDPR: the right to correct your incorrect or incomplete personal data;
  • pursuant to Art. 17 GDPR: the so-called “right to be forgotten,” meaning the right to delete your personal data stored by us, unless further processing is necessary:
    • to exercise the right to freedom of expression and information;
    • to comply with a legal obligation;
    • for reasons of public interest;
    • to establish, pursue or defend claims;
  • pursuant to Art. 18 GDPR: the right to restrict the processing of personal data if:
    • the accuracy of the personal data is contested by you;
    • the processing is unlawful and you oppose the erasure of the personal data;
    • we no longer need the personal data, but they are required by you for the establishment, exercise or defense of legal claims;
    • you have objected to processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR: the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
  • pursuant to Art. 77 GDPR: the right to lodge a complaint with a supervisory authority (the President of the Office for Personal Data Protection, “UODO”).
Right to Object

If, as described in this privacy policy, we process personal data to protect our legally justified interests, you can object to the processing of your data for this purpose – with effect for the future. If the processing is for direct marketing purposes, you can exercise your right to object at any time. If the processing is for other purposes, you have the right to object only on grounds relating to your particular situation.

After you have exercised your right to object, we will not continue to process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

The preceding sentence does not apply when the processing of data is for direct marketing purposes. In such a case, after you have expressed your objection, we will always cease further processing of your personal data.

10.2 Contacting Us

If you have any questions about the collection, processing, and use of your personal data, as well as for requests for information, correction, restriction of processing, or deletion of data, as well as to revoke consents given or to object to the use of specific data, please contact directly the data administrator indicated at the beginning of this privacy policy.

“In matters not regulated by the regulations, the provisions of the Civil Code and relevant Polish law regulations apply, as well as European Union law, in particular the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).”