PRIVACY POLICY
www.ceramiq.pro

§ 1 General provisions

 1. The controller of personal data of users of the website located under the domain www.ceramiq.pro is CERAMIQ.PL SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, with its registered office at: ul. Czyżewska 5, 02-908 Warsaw, entered into the National Register of Entrepreneurs maintained by the District Court for the capital city of Warsaw in Warsaw, 13th Commercial Division of the National Court Register under the KRS number: 0001144557, Tax Identification Number (NIP): 5214099429, National Business Registry Number (REGON): 54048845, share capital: PLN 50,000.00, fully paid up (hereinafter referred to as the "Controller").
2. The Controller has provided an electronic contact point for direct communication with Member State authorities, the Commission, and the Digital Services Council, available at: info@ceramiq.pro. This same channel may also be used by Customers to quickly and directly contact the Controller.
3. It is also possible to contact us in writing at the address given above or by telephone at the following numbers: 222 501 777 or 451 540 920 (calls are accepted on business days during the hours depending on the selected branch and day of the week - current information on the hours of accepting calls for a given branch is always available on the Store's website; the cost of the call is in accordance with the tariff of the Customer's operator).
4. Communication may take place in Polish.
5. The purpose of the Policy is to define the actions taken in the scope of personal data collected via the Administrator's website and related services and tools used by its users, as well as within the scope of concluding and implementing contracts in contact outside the website.
6. If necessary, the provisions of this Policy may be changed. Any changes will be communicated to users by announcing the new Policy text, and in the case of databases of individuals who have consented to data processing via email or provided email data in the performance of contracts, they will also be notified of the change via email.

§ 2 Basis for processing, purposes and storage of personal data
1. Users' personal data are processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act, the Personal Data Protection Act of 10/05/2018 and the Act on the provision of services by electronic means of 18/07/2002, as amended, and for the purposes of making a notification under Article 16(1) of Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act) (OJ EU.L.2022.277.1, as amended; "DSA") also under Article 3(h) of the DSA.
2. The Administrator may collect the following data for the following purposes – see the table – full version in .pdf format at the bottom of the page.
3. The Controller may use profiling for direct marketing purposes, but the decisions made based on it by the Controller do not concern the conclusion or refusal of a contract or the ability to use electronic services. Profiling may result in, for example, granting a discount, sending a discount code, reminding about unfinished purchases, sending a product suggestion that may suit the individual's interests or preferences, or offering better terms compared to the standard offer. Despite profiling, the individual freely decides whether to use the discount or better terms and make a purchase. Profiling involves the automatic analysis or forecast of a given individual's behavior on the Controller's website, e.g., by adding a specific product to the cart, browsing a specific product page, or analyzing previous activity history on the website. The condition for such profiling is that the Controller possesses the individual's personal data so that it can then send them, for example, a discount code.
4. To the extent necessary for the proper functioning of the website and its functionality, the website may, when the User uses it, collect other information, including, among others:
a) IP address;
b) device, hardware and software information, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising ["IDFA"] or Android Advertising Identifier ["AAID"]),
c) type of platform,
d) settings and components,
e) data about your internet browser, including browser type and preferred language;
5. Taking into account the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity of violations of the rights and freedoms of natural persons, the Controller implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the Regulation and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Controller employs technical measures to prevent unauthorized access and modification of personal data transmitted electronically.

§ 3 Data Sharing

 1. The Administrator ensures that all personal data collected is used to fulfill obligations towards users. This information will not be shared with third parties, except when:
a) the persons concerned have given their prior express consent to such action, or
b) if the obligation to provide such data results or will result from applicable legal provisions, e.g. to law enforcement authorities.
2. Additionally, personal data of service recipients and customers may be transferred to the following recipients or categories of recipients:
a) service providers supplying the Controller with technical, IT and organizational solutions enabling the Controller to conduct business activities, including the website and electronic services provided via it (in particular computer software providers, marketing agencies, e-mail and hosting providers, providers of software for company management and providing technical support to the Controller and the product delivery operator) - the Controller makes the collected personal data of the Customer available to a selected supplier acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
b) providers of accounting, legal and advisory services providing the Controller with accounting, legal or advisory support (in particular an accounting office, law firm or debt collection company) - the Controller makes the collected personal data of the Client available to a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given purpose of data processing in accordance with this privacy policy.
c) providers of payment gateways and website payment solutions – the Administrator shares the collected personal data of the Customer with a selected provider acting on its behalf only in the case and to the extent necessary to achieve a given data processing purpose consistent with this privacy policy. In the case of the Administrator's activities, such a service is provided by:
• PayPro Spółka Akcyjna with its registered office in Poznań at ul. Pastelowa 8, 60-198 Poznań, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for Poznań Nowe Miasto and Wilda, 8th Commercial Division of the National Court Register under the KRS number 0000347935, Tax Identification Number (NIP) 7792369887, with the share capital of PLN 5,476,300.00, fully paid up, entered into the register of national payment institutions maintained by the Polish Financial Supervision Authority under the number UKNF IP24/2014.
• PayU SA with its registered office in Poznań, 60-166 Poznań, at ul. Grunwaldzka 186, entered into the register of entrepreneurs maintained by the District Court in Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the KRS number 0000274399, and the Tax Identification Number (NIP) 779-23-08-495, with the share capital of PLN 6,474,300.00, fully paid up; a national payment institution supervised by the Polish Financial Supervision Authority, entered into the Register of Payment Services under the number IP1/2012.
d) carriers / forwarders / courier brokers - in the case of a Customer who uses the Online Store to deliver the Product by post or courier, the Administrator makes the collected personal data of the Customer available to the selected carrier, forwarder or intermediary carrying out shipments on behalf of the Administrator to the extent necessary to complete the delivery of the Product to the Customer.
3. The Controller may share anonymized data (i.e., data that does not identify specific Users) with external service providers in order to better understand the attractiveness of advertisements and services for users. In this respect, due to the location of the software providers, data may be transferred – while maintaining the principles of data protection – to third countries that provide standard contractual provisions approved by the European Commission regarding the processing of personal data or have appropriate authorizations to do so based on bilateral data processing agreements between the European Union and a given third country, provided that it is not a member of the European Economic Area. In the case of the Controller, these entities are:
• Google LLC. (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for Google Analytics tools used to analyze website statistics, Google Tag Manager: used to manage scripts by easily adding code snippets to a website or application and tracking actions performed by users on a website, Google Ads used to display sponsored links in Google search results and on websites cooperating under the Google AdSense program, Google Workspace allowing for comprehensive editing of the website and coordination of the work of people working on it (including Google Drive, Gmail, Google Sheets, Google Forms, Google Looker studio);
• Microsoft Corporation (headquarters: One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland) for analytical tools to analyze website statistics and track user actions on the website.
4. The Controller conducts ongoing risk analysis to ensure that personal data is processed securely – ensuring, above all, that only authorized individuals have access to the data and only to the extent necessary for the tasks they perform. The Controller ensures that all operations on personal data are recorded and performed only by authorized employees and associates.
5. The Controller shall take all necessary measures to ensure that its subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Controller.
6. The Controller's website may use the functionality of Google Analytics, a web analytics service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the website. The information generated by the cookie about visitors' use of the website is generally transmitted to and stored by Google on servers in the United States. In accordance with current IT standards, the IP addresses of users visiting the Controller's website are shortened. Only in exceptional cases is the full IP address transferred to a Google server in the United States and shortened there. On behalf of the Controller, Google will use this information to evaluate the website for its users, compile reports on website activity, and provide other services related to website activity and internet usage for website operators. Google will not associate the IP address transmitted via Google Analytics with any other data held by Google. More information about how Google Analytics collects and uses data can be found on Google's official website at: www.google.com/policies/privacy/partners. Furthermore, you can prevent Google from collecting and processing data about your use of the website by downloading and installing the browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout.
7. When sharing data with third parties, the Controller makes every effort to ensure that this is done only to entities that meet the criteria and requirements specified in Articles 46 or 49 of the GDPR. Where appropriate, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In accordance with the decision of the Court of Justice of the European Union of July 16, 2020, the Controller continues to assess the legal systems of the countries to which data are transferred and, where necessary, updates measures to ensure adequate levels of protection.
8. With respect to data transferred to the United States, the Controller, when sharing data with third parties, makes every effort to ensure that, in accordance with the European Commission's decision of July 10, 2023, this is done only to entities and organizations in the US that ensure compliance with the new "EU-US Data Privacy Framework." The list of these organizations has been published by the US Department of Commerce. Transfers of personal data from the EEA to organizations that have joined the "EU-US Data Privacy Framework" and are on this list are possible without the need to obtain additional consents or use legal instruments such as standard contractual clauses or binding corporate rules. However, if a given data importer in the US has not joined the "EU-US Data Privacy Framework," transfers of personal data to them are possible and will take place after meeting the conditions specified in Articles 46 or 49 of the GDPR. In such cases, the Controller will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA.

§ 4 User Rights

 1. The user whose personal data is processed has the right to:
a) access, rectification, restriction, erasure, or transfer - the data subject has the right to request from the Controller access to their personal data, rectification, erasure ("right to be forgotten"), or restriction of processing, and has the right to object to processing, as well as the right to transfer their data. Detailed conditions for exercising the above-mentioned rights are set out in Articles 15-21 of the GDPR.
b) withdrawal of consent at any time – a person whose data is processed by the Controller on the basis of expressed consent (pursuant to Article 6 paragraph 1 letter a) or Article 9 paragraph 2 letter a) of the GDPR Regulation), has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
c) lodge a complaint with a supervisory authority – the person whose data is processed by the Controller has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR Regulation and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office in Warsaw.
d) objection - the data subject has the right to object at any time – on grounds relating to their particular situation – to the processing of personal data concerning them based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the controller), including profiling based on these provisions. In such a case, the controller is no longer permitted to process the personal data, unless they demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defense of legal claims.
e) objection to direct marketing - if personal data are processed for the purposes of direct marketing (based on the legitimate interest of the Controller, not on the basis of the consent of the data subject), the data subject has the right to object at any time to the processing of his or her personal data for the purposes of such marketing, including profiling, to the extent that the processing is related to such direct marketing.
2. The above rights are exercised upon a user request sent to the Administrator's email address. Such a request should include the user's first and last name.
3. The User guarantees that the data provided or published by him on the website is correct.

§ 5 Cookies
1. "Cookies" are IT data, particularly text files, stored on end-user devices (typically on a computer's hard drive or mobile device) used by the user's browser to save specific settings and data for the use of websites. These files allow the user's device to be recognized and the website to be displayed appropriately, ensuring comfortable use. Storing "cookies" therefore enables the website and its offerings to be tailored to user preferences – the server recognizes the user and remembers preferences such as visits, clicks, and previous actions.
2. "Cookies" contain, in particular, the domain name of the website from which they originate, the time of their storage on the end device and a unique number used to identify the browser from which the website is connected.
3. Cookies are used for the following purposes:
a) adapting the content of websites to user preferences and optimizing the use of websites,
b) creating anonymous statistics that help determine how users use websites and enable the improvement of their structure and content,
c) providing website users with advertising content tailored to their interests.
Cookies are not used to identify the user and their identity is not determined on their basis.
4. The basic division of "cookies" is their distinction into:
a) Essential cookies – these are absolutely essential for the proper functioning of the website or the functionality you wish to use. Without them, we would not be able to provide many of the services we offer. Some of them also ensure the security of the services we provide electronically.
b) Functional cookies - they are important for the operation of the website due to the fact that:
- they serve to enhance the functionality of websites; without them the website will function properly, but will not be adapted to the user's preferences,
- they are used to ensure a high level of functionality of websites; without them, the functionality of the website may be reduced, but their absence should not prevent you from using it completely,
- they serve most of the functionalities of websites; blocking them will result in selected functions not working properly.
c) Business cookies – these enable the business model underlying the website; blocking them will not result in the unavailability of all functionality, but may reduce the level of service provided due to the website owner's inability to generate revenue to subsidize its operation. This category includes, for example, advertising cookies.
d) Cookies used to configure websites - they enable the setting of functions and services on websites.
e) Cookies used for the security and reliability of websites - they enable verification of authenticity and optimization of website performance.
f) Authentication cookies - they enable information when a user is logged in, so that the website can display appropriate information and functions.
g) Session status cookies – these enable the recording of information about how users use the website. These cookies may include the most frequently visited pages or any error messages displayed on certain pages. Session status cookies help improve services and enhance the browsing experience.
h) Cookies that monitor the processes taking place on the website - they enable the efficient operation of the website and the functions available on it.
5. Using cookies to customize website content to user preferences generally does not involve collecting any information that identifies the user, although this information may sometimes constitute personal data, meaning data that allows for attributing certain behaviors to a specific user. Personal data collected using cookies may be collected solely to perform specific functions for the user. Such data is encrypted to prevent unauthorized access.
6. Cookies used by this website are not harmful to the user or their end device. Therefore, for the website to function properly, it is recommended that they not be disabled in browsers. In many cases, web browsing software (web browser) allows the storage of information in the form of "cookies" and other similar technologies on the user's end device by default. The user can change the browser's use of "cookies" at any time. To do this, change the browser settings. The method for changing settings varies depending on the software (web browser) used. You will find appropriate instructions on the subpages, depending on the browser you are using.
7. Detailed information on how to change cookie settings and how to delete them yourself in the most popular web browsers is available in the help section of your web browser and on the following websites (just click on the link):
a) Google Chrome
b) Mozilla Firefox
c) Microsoft Edge
d) Opera
e) Safari macOS
f) Safari iOS/iPad OS
8. Detailed information on managing cookies on a mobile phone or other mobile device should be included in the user manual of the given mobile device.

Download the full privacy policy (PDF)