Privacy Policy

§ 1 General provisions

  1. The controller of personal data for users of the website available at www.seysso.pl is Wojciech Madej, conducting business under the company Shop Dent sp. z o.o., entered in the Central Registration and Information on Business (CEIDG) of the Republic of Poland kept by the minister competent for economic affairs, with its registered office at ul. Dziupli 12, 02-454 Warsaw, NIP (VAT-ID): 5223280401, REGON: 527150533 (hereinafter: the “Controller”).
  2. You can contact the Controller:
    1. by e-mail: seysso@seysso.com
    2. in writing, at the Controller’s address: ul. Dziupli 12, 02-454 Warsaw
  3. The purpose of this Policy is to set out the actions undertaken with respect to personal data collected via the Controller’s website and the related services and tools used by its users, as well as in connection with concluding and performing contracts when contact takes place outside the website.
  4. Where necessary, the provisions of this Policy may be amended. Any change will be communicated to users by publishing the new Policy text, and—if we hold a database of persons who have consented to data processing by e-mail or provided an e-mail address when concluding contracts—those persons will also be notified of the change by e-mail.

§ 2 Bases, purposes and storage of personal data

  1. Users’ personal data are processed in accordance with the General Data Protection Regulation (GDPR), the Polish Personal Data Protection Act of 10 May 2018, and the Act on the Provision of Electronic Services of 18 July 2002, together with subsequent amendments.
  2. The Controller may collect the following data for the following purposes:
Purpose of data processing Legal basis & storage period Scope of data processed
Performance of a contract with the Client or taking steps at the Client’s request before entering into a contract Art. 6 (1)(b) GDPR (performance of a contract). Data are stored for the time necessary to perform, terminate or otherwise expire the contract.,
Direct marketing Art. 6 (1)(f) GDPR (legitimate interest of the Controller). Data are stored while the Controller’s legitimate interest continues, but no longer than until relevant claims become time-barred. The Controller may carry out direct marketing only after obtaining consent and provided the data subject has not objected. • e-mail address
• telephone number
Marketing Art. 6 (1)(a) GDPR (consent). Data are stored until the data subject withdraws consent to further processing for this purpose. <ul><li>first name and surname </li><li>e-mail address </li><li> telephone number </li><li>address (street, building no., unit no., postal code, city, country);</li></ul>
Expression of a Client opinion/review Art. 6 (1)(a) GDPR. Data are stored until the data subject withdraws consent to further processing for this purpose. <ul><li>first name and surname </li><li> e-mail address </li><li>telephone number</li></ul>
Keeping accounting records Art. 6 (1)(c) GDPR in conjunction with Art. 86 §1 of the Tax Ordinance Act (17 Jan 2017, Dz.U. 2017 pos. 201) and Art. 74 (2) of the Accounting Act (30 Jan 2018, Dz.U. 2018 pos. 395). Data are stored for the period required by law: tax books—until expiry of the statute of limitations for tax liabilities (unless tax laws state otherwise); accounting books—5 years from the beginning of the year following the financial year to which the data relate. <ul><li>• first name and surname </li><li> e-mail address </li><li> telephone number </li><li> address (street, building no., unit no., postal code, city, country) </li><li> VAT ID (NIP) </li><li>company name</li></ul>
Establishment, exercise or defence of claims that the Controller may assert or that may be asserted against the Controller Art. 6 (1)(f) GDPR. Data are stored while the Controller’s legitimate interest exists, but no longer than until relevant claims become time-barred. <ul><li>first name and surname </li><li> e-mail address </li><li> telephone number </li><li>address (street, building no., unit no., postal code, city, country) </li><li> VAT ID (NIP) • company name</li></ul>
Conducting research and analyses to improve the services provided Art. 6 (1)(f) GDPR. Data are stored while the Controller’s legitimate interest exists, but no longer than until relevant claims become time-barred. <ul><li>• e-mail address </li><li> telephone number </li><li> address (street, building no., unit no., postal code, city, country) </li><li>computer hardware details </li><li> settings </li><li>installed software</li></ul>
  1. If the user gives separate consent, the Controller may also process their personal data to send notifications about the availability of a given product in the assortment and commercial information reminding them of items waiting in the shopping cart (Article 6(1)(a) GDPR).
  2. User personal data will be stored for no longer than necessary to achieve the purpose of processing, i.e., until the consent is withdrawn if processing is based on such consent, until the statute of limitations for claims of the Administrator and the other party regarding the execution of concluded agreements (for sales agreements/service agreements 2 years, counting to the end of the year) and until the query submitted via email is resolved or until the complaint is resolved.
  3. Personal data of users obtained for the purpose of performing a user account contract will be stored for a period of 2 years from the last purchase made using it and no longer than 3 years from that activity.
  4. The Administrator may use profiling for direct marketing purposes, but decisions made on the basis of profiling by the Administrator do not concern the conclusion or refusal to conclude a contract or the possibility of using electronic services. Profiling can result in granting the person a discount, sending them a discount code, reminding them of unfinished purchases, sending a product suggestion that may meet their interests or preferences, or offering better conditions compared to the standard offer. Despite profiling, the person freely decides whether they want to use the received discount or better conditions and make the purchase. Profiling consists of automatic analysis or prediction of the person's behavior on the Administrator's website, e.g., by adding a specific product to the cart, browsing a specific product page, or by analyzing the history of their activity on the site. For such profiling, the Administrator must have the user's personal data to be able to send them, for example, a discount code.
  5. Considering the nature, scope, context, and purposes of processing and the risk of violation of the rights or freedoms of individuals with varying probabilities and impact, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the regulation and to be able to demonstrate this. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.

§ 3 Data Sharing

  1. The Administrator ensures that all collected personal data is used to fulfill obligations to users. This information will not be shared with third parties, except when:
    1. Explicit consent has been given by the individuals to such actions, or
    2. If the obligation to provide this data arises or will arise from applicable law, e.g., to law enforcement authorities.
  2. Additionally, personal data of service recipients and customers may be shared with the following recipients or categories of recipients:
    • Service providers supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business, including the website and services provided through it (in particular, software providers, marketing agencies, such as WM Brands sp. z o.o., based in Warsaw at ul. Dziupli 12, 02-454 Warsaw, KRS: 0000691342, NIP: 5223098659), email and hosting providers, software providers for managing the company and providing technical support to the Administrator, and product delivery operators). The Administrator shares collected personal data with selected service providers acting on its behalf only if necessary to fulfill the data processing purpose in accordance with this privacy policy.
    • Providers of accounting, legal, and advisory services providing the Administrator with accounting, legal, or advisory support (in particular, accounting offices, law firms, or debt collection agencies). The Administrator shares collected personal data with selected service providers acting on its behalf only if necessary to fulfill the data processing purpose in accordance with this privacy policy.
  3. The Administrator may share anonymized data (i.e., data that does not identify specific users) with external service providers to better recognize the attractiveness of ads and services for users, and in this regard, due to the location of the software providers, data may be transferred—ensuring the protection standards—to third countries, provided that they ensure the standard contractual clauses approved by the European Commission regarding the processing of personal data or have appropriate authorizations for such actions based on bilateral data processing agreements between the European Union and a given third country, which is not a member of the European Economic Area. These entities in the Administrator's case are:
    • Google LLC. (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for tools like Google Analytics for analyzing web service statistics, Google Tag Manager for managing scripts by easily adding code fragments to the website or app, and tracking actions taken by users on the website, Google Ads for displaying sponsored links in Google search results and on websites cooperating within the Google AdSense program.
    • Meta Platforms, Inc. (headquarters: 1601 Willow Road Menlo Park, CA 94025, USA) for Facebook Pixel for tracking conversions from Facebook ads, optimizing them based on collected data and statistics, and building a targeted audience for future ads.
    • TikTok Technology Limited (headquarters: 10 Earlsfort Terrace, Dublin, D02 T380, Ireland) for tracking conversions from TikTok ads, optimizing them based on collected data and statistics, and building a targeted audience for future ads.
  4. The Administrator's website may use Google Analytics, a web page viewing analysis service provided by Google, LLC. ("Google"). Google Analytics uses cookies to help website operators analyze how visitors use the site. Information generated by the cookie about website usage by visitors is usually transferred to and stored by Google on servers in the United States. According to current IT standards, users' IP addresses visiting the Administrator's site are truncated. Only in exceptional cases, the full IP address is sent to Google's server in the United States and truncated there. At the Administrator's request, Google will use this information to evaluate the website for its users, prepare reports on site traffic, and provide other services related to website traffic and internet usage for website operators. Google will not associate the IP address provided through Google Analytics with any other data in its possession. More information on how Google Analytics collects and uses data can be found on Google's official website at: www.google.com/policies/privacy/partners. Additionally, any user can prevent Google from collecting and processing data about their website usage by downloading and installing the browser plugin at the following link: http://tools.google.com/dlpage/gaoptout.
  5. When sharing data with third parties, the Administrator takes all necessary steps to ensure it is done only with entities possessing certificates under the (former) EU–USA and Switzerland–USA Privacy Shield programs, available at www.privacyshield.gov. These entities, in the case of the Administrator, will process data originating from the European Economic Area (EEA) in accordance with the "accountability for onward transfer" principle of the Privacy Shield program. In appropriate cases, the Administrator will rely on standard EU contractual clauses and other safeguards to enable transfers outside the EEA. According to the European Court of Justice's decision of July 16, 2020, regarding the EU–USA Privacy Shield and the guidelines of the European Data Protection Board, the Administrator continues to evaluate the legal system of the countries to which data is transferred and, as necessary, updates measures to ensure adequate protection levels.

§ 4 User Rights

  1. A user whose personal data is being processed has the right to:
    1. Access, rectify, restrict, delete, or transfer their data — the person whose data is being processed has the right to request from the Administrator access to their personal data, rectification, deletion ("right to be forgotten"), or restriction of processing, as well as the right to object to processing, and the right to transfer their data. Detailed conditions for exercising the rights above are specified in Articles 15-21 of the GDPR.
    2. Withdraw consent at any time — a person whose data is processed by the Administrator based on consent (according to Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
    3. File a complaint with the supervisory authority — a person whose data is processed by the Administrator has the right to file a complaint with the supervisory authority in the manner and procedure specified in the GDPR and Polish data protection laws. In Poland, the supervisory authority is the President of the Personal Data Protection Office in Warsaw.
    4. Object — a person whose data is being processed has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the administrator), including profiling based on these provisions. The Administrator may no longer process that personal data unless it demonstrates that there are legitimate grounds for processing, overriding the interests, rights, and freedoms of the person concerned, or for establishing, exercising, or defending legal claims.
    5. Objection to direct marketing — if personal data is processed for direct marketing purposes (based on the legitimate interest of the Administrator, not consent of the data subject), the person whose data is being processed has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that processing is related to such direct marketing.
  2. The exercise of the above rights is based on a request from the user sent to the email address seysso@seysso.pl. Such a request should include the user's name.
  3. The user ensures that the data provided or published by them on the website is accurate.

§ 5 Cookies

  1. Cookies are defined as computer data, especially text files, stored on users' end devices (usually on the hard disk of a computer or a mobile device) to save the user's browser settings and data for the purpose of using websites. These files allow the user's device to be recognized and the website to be displayed accordingly, ensuring comfort during its use. The storage of cookies allows the website and its offer to be appropriately adjusted to the user's preferences — the server recognizes the user and remembers, for example, preferences such as visits, clicks, and previous actions.

  2. Cookies specifically contain the domain name of the internet service from which they come, the time they are stored on the end device, and a unique number used to identify the browser from which the connection to the website occurs.

  3. Cookies are used for:

    • Adapting the content of websites to the user's preferences and optimizing the use of websites.
    • Creating anonymous statistics that help in determining how the user uses the websites and improving their structure and content.
    • Delivering users tailored advertising content.

    Cookies do not serve to identify the user, and based on them, the user's identity is not determined.

  4. The primary division of cookies distinguishes them into:

    1. Essential cookies — These are absolutely necessary for the proper functioning of the website or functionalities that the user wants to use, as without them, many services we offer could not be provided. Some of them also ensure the security of the electronic services we provide.
    2. Functional cookies — These are important for the website's functioning because they enrich the website's features. Without them, the website will work properly, but it will not be adjusted to the user's preferences.
    3. Business cookies — These enable the realization of a business model for which the website is provided. Blocking them will not make the entire functionality unavailable, but it may lower the level of service delivery, as the website will no longer generate revenue from its operation. These include, for example, advertising cookies.
    4. Configuration cookies — These allow for settings of functions and services on the website.
    5. Security and reliability cookies — These allow the website's authenticity to be verified and its performance optimized.
    6. Authentication cookies — These allow for notifying when a user is logged in, so the website can display the relevant information and features.
    7. Session state cookies — These allow information about how users use the website to be saved. They may relate to the most visited pages or error messages displayed on certain pages. Session cookies help improve services and increase comfort when browsing pages.
    8. Cookies analyzing website activities — These ensure smooth website operation and the availability of its features.
    9. Advertising cookies — These enable the display of ads that are more interesting to users and more valuable to publishers and advertisers. These cookies may also be used for personalizing advertisements and displaying them outside of websites.
    10. Location access cookies — These enable the adaptation of displayed information to the user's location.
    11. Analytics cookies — These help the website owner better understand the preferences of their users and improve and develop products and services by collecting anonymous data on trends without identifying the individual users.

  5. Using cookies to adjust website content to user preferences does not generally involve collecting information that would allow identifying the user, although these may sometimes be personal data allowing the assignment of certain behaviors to a particular user. Data collected through cookies can only be collected for the purpose of performing certain functions for the user. Such data is encrypted in a way that prevents unauthorized access.

  6. The cookies used by this website are not harmful to the user or the end device they use, so it is recommended not to disable their handling in browsers for proper website functioning. In most cases, software used to browse websites (web browsers) allows the storage of information in the form of cookies and similar technologies on the user's end device by default. Users can change how cookies are used by their browser at any time. To do so, the browser settings must be adjusted. The way to adjust the settings differs depending on the software (browser) being used. Detailed instructions can be found on the support pages, depending on the browser used.

  7. Cookies are also used to facilitate logging into the user account, including via social media, and to allow for moving between subpages on the website without having to log in again on each subpage. Cookies are also used to secure the website, e.g., preventing unauthorized access.

  8. As part of cookie technology, the Administrator may use tracking pixels or clear GIF files to collect information about how the user uses its services and reacts to marketing messages sent via email. A pixel is a piece of software code that allows the embedding of an object, typically a pixel-sized image, on a page, which makes it possible to track user behavior on websites where it has been placed. Upon granting appropriate consent, the browser automatically establishes a direct connection with the server storing the pixel, and the processing of data collected through the pixel occurs in accordance with the data protection policy of the partner administering that server.

  9. The Administrator may also use web log files (which contain technical data such as the user's IP address) to monitor traffic within its services, resolve technical issues, detect fraud, and counteract them, as well as enforce the terms of the User Agreement.

  10. The Administrator informs that the website does not respond to "Do Not Track" (DNT) signals; however, users can disable specific forms of tracking online, including certain analytical data and personalized ads, by changing cookie settings in their browser or using our tools to express consent for the use of cookies (if applicable).

  11. Detailed information on changing cookie settings and self-removal in the most popular web browsers is available in the browser's help section and on the following pages (just click the appropriate link):

  12. Detailed information on managing cookies on mobile phones or other mobile devices should be found in the user manual of the respective mobile device.

pixel