Privacy Policy of the Online Store Wibako

This document is a translation of the Privacy Policy of the online store provided for informational purposes only. In case of any discrepancies, the original Polish version shall prevail.
  1. This Privacy Policy defines the principles of processing and protection of personal data provided by Customers using the online store through the websites wibako.pl, wibako.com, wibako.de (hereinafter: “Online Store”).
  2. This Privacy Policy fulfills the information obligation imposed on the Administrator in accordance with Article 13 of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”).
  3. The administrator of the personal data of Customers using the services available on the Online Store is Wibako sp. z o.o. based in Kojszówka 254, 34-231 Juszczyn, registered by the District Court for Kraków - Śródmieście in Kraków, XII Economic Department of the National Court Register, NIP: 5521666508, REGON: 120576320, KRS: 0000293931.
  4. The Administrator can be contacted via email: biuro@wibako.pl. This email address is protected from spam. To view it, JavaScript must be enabled in your browser., or in writing at: Wibako sp. z o.o., Kojszówka 254, 34-231 Juszczyn with the note “Personal Data”;
  5. The Administrator processes the personal data of Customers in accordance with the provisions of GDPR. The Administrator applies the technical and organizational measures required by EU law to ensure the protection of processed personal data and to secure personal data against disclosure to unauthorized persons, seizure by unauthorized persons, processing in violation of regulations, as well as alteration, loss, or destruction.
  6. The Administrator states that providing data marked in the Online Store as required is voluntary but necessary for using the functionalities, including creating and managing a Customer account and placing and fulfilling an order.
  7. Customer personal data will be processed for the following purposes:
    • managing the Customer account in the Online Store (Article 6(1)(b) GDPR),
    • fulfilling orders in the Online Store (Article 6(1)(b) GDPR),
    • providing a service related to product valuation in the Online Store (Article 6(1)(b) GDPR),
    • providing a service related to individual transport valuation in the Online Store (Article 6(1)(b) GDPR),
    • providing services related to individual contact with the Seller (Article 6(1)(b) GDPR),
    • direct marketing of own services and products, which is a legitimate interest of the Administrator (Article 6(1)(f) GDPR),
    • responding to email or phone contact, which constitutes a legitimate interest of the Administrator (Article 6(1)(f) GDPR),
    • analytical research, particularly examining and analyzing traffic on our website for statistical purposes, which is a legitimate interest of the Administrator (Article 6(1)(f) GDPR),
    • archival (evidential) purposes in case of a legal need to demonstrate facts, which is a legitimate interest of the Administrator (Article 6(1)(f) GDPR),
    • potential determination, pursuit, or defense against claims, which is the realization of the legitimate interest of the Administrator (Article 6(1)(f) GDPR),
    • surveying opinions and customer satisfaction, which is a legitimate interest of the Administrator (Article 6(1)(f) GDPR).
  8. Customer data will be stored for the following periods:
    • data related to managing the Customer account - for the duration of its maintenance in the Online Store and no longer than until the Customer requests its deletion,
    • data related to order fulfillment - for a period of 6 years from the end of the year in which the sale was made, unless further storage is justified by the limitation period for claims, or the necessity for further storage arises from legal regulations (e.g., tax regulations, accounting regulations, regulations concerning liability for compliance of goods with the contract),
    • data related to marketing activities - until an objection is raised,
    • data related to responding to email or phone contact - until correspondence is conducted or consent is withdrawn, unless further storage of data is justified by the overriding interest of the Administrator, such as defense against potential claims,
    • conducting statistics - until an objection is raised,
    • archival purposes - for the period necessary to achieve this purpose,
    • determining, pursuing, or defending against claims - for the period necessary to achieve this purpose,
    • surveying opinions - for the period necessary to achieve this purpose,
  9. The Administrator collects, processes, and stores the following Customer data:
    • in connection with creating a Customer account: email address, first and last name, address, phone number, and in the case of entrepreneurs, also the company and NIP,
    • in connection with placing an order: email address, first and last name, address, phone number, and in the case of entrepreneurs, also the company and NIP,
    • in connection with providing services available on the site: email address, first and last name;
    • in connection with responding to an email or phone inquiry: first and last name, email address, and phone number,
    • in connection with handling complaints: email address, first and last name, address, phone number, and in the case of entrepreneurs, also the company,
    • in connection with issuing invoices/VAT invoices/accounting documents: first and last name, address, and in the case of entrepreneurs, also the company and NIP
    • in connection with surveying opinions: email address, first and last name, order information.
  10. The Online Store uses files called cookies. They are stored on the end device of the person visiting the Online Store if the web browser allows it. Cookies are IT data, in particular text files, that are stored on the Customer's end device and are intended for use in the Online Store. Cookies usually contain the name of the website from which they come, the time they are stored on the end device, and a unique number.
  11. Cookies are used for the following purposes:
    • recognizing the device used by the Customer to appropriately display the content of the page,
    • creating statistics that help understand how Customers use websites, which allows for improving their structure and content,
    • maintaining the session of the Online Store Customer, so that the Customer does not have to re-enter their login and password on each subpage of the Online Store,
    • customizing the content and functioning of the Online Store by matching an anonymous, randomly generated tracking identifier, which allows, among other things, to check where the Customer comes from, which search engine they used, which link they clicked on, what keywords they entered, and at what point they stopped using the Online Store,
    • collecting general and anonymous data for the purpose of conducting advertising campaigns through remarketing lists, allowing for displaying advertising content tailored to the Customer's preferences.
  12. Web browsers usually allow the storage of cookies on the Customer's end device by default. Customers can change the settings in this regard. The web browser allows for deleting stored cookies as well as automatically blocking them. Detailed information on this topic is provided in the help or documentation of the web browser.
  13. When using the Online Store, the Administrator automatically collects and gathers information such as: IP address, request URL, device identifier, amount of time spent on individual pages, browser type, browser language, date and time of using the service, screen resolution, type and version of the operating system, as well as other similar information. Automatic data collection may serve to analyze user behavior on the wibako.pl website, collect demographic data about users, or personalize the content of our website. The above data is collected automatically about each user of the site (e.g., Google Analytics).
  14. Customer personal data may be transferred to entities to whom the Administrator entrusts the processing of personal data based on contracts and to entities authorized to obtain personal data under the provisions of law.
  15. In order to fulfill the contract concluded through the Online Store and ensure the proper functioning of the Store, the Administrator provides Customer personal data, in particular to entities providing services:
    • postal, forwarding, and courier services as well as order handling,
    • electronic payment services,
    • accounting services,
    • hosting services,
    • legal services,
    • IT services,
    • marketing services related to the operation of the Online Store,
  16. Collected personal data is stored within the European Economic Area (EEA), but they may also be transferred to countries outside this area and processed there. Each operation of transferring personal data is carried out in accordance with applicable law, in particular GDPR [Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC]. In such situations, Customer data will be transferred only to countries that provide an adequate level of protection, and to countries that do not provide an adequate level of protection, only if appropriate safeguards are provided, including, among others, based on standard contractual clauses adopted by the European Commission.
  17. Customer rights:
    • The Customer has the right to access their data and the right to request their rectification, deletion, or restriction of processing. To the extent that the basis for processing personal data is the legitimate interest of the administrator, the Customer has the right to object to the processing of their personal data.
    • To the extent that the basis for processing the Customer's personal data is consent, the Customer has the right to withdraw consent. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
    • To the extent that the Customer's data is processed for the purpose of concluding and performing the Agreement or processed based on consent - the Customer also has the right to data portability, i.e., to receive from the data administrator personal data in a structured, commonly used, machine-readable format. The Customer may send this data to another data administrator.
    • The Customer also has the right to lodge a complaint with the supervisory authority responsible for the protection of personal data - the President of the Personal Data Protection Office.
  18. The above rights can be exercised by the Customer by contacting the Administrator at the email address: biuro@wibako.pl. This email address is protected from spam. To view it, JavaScript must be enabled in your browser., or in writing at: Wibako sp. z o.o., Kojszówka 254, 34-231 Juszczyn with the note “Personal Data”;
  19. The Administrator reserves the right to make changes to the privacy policy of the service, which may be influenced by the development of internet technology, potential changes in the law regarding the protection of personal data, and the development of our website.
  20. In case of doubts regarding any provisions of this privacy policy, we are at your disposal - our contact details can be found in the CONTACT tab or by directly writing to the email address: biuro@wibako.pl. This email address is protected from spam. To view it, JavaScript must be enabled in your browser.