Privacy Policy

Privacy Policy
1. GENERAL PROVISIONS
1.1. The administrator of personal data is TOJS SP. Z OO ul. Pana Tadeusza 42, 80-123
Gdańsk entered into the National Court Register, DISTRICT COURT GDAŃSK-PÓŁNOC
IN GDAŃSK, 7th COMMERCIAL DIVISION OF THE NATIONAL REGISTER
COURT REGISTER, NIP: 5833290183, share capital of PLN 5,000 paid in full, REGON: 369655554, KRS 0000722197; hereinafter referred to as
"Administrator" and being at the same time the Service Provider of the Online Store and the Seller.
1.2. The personal data of the Service Recipient (Customer) are processed in accordance with the Personal Data Protection Act.
personal data of 29 August 1997 (Journal of Laws No. 133, item 883, as amended), the Act on
provision of services by electronic means of 18 July 2002 (Journal of Laws No. 144, item 1204,
amended) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27
April 2016 (GDPR).
1.2.1 For the purpose of providing services electronically and concluding sales contracts
the legal basis for the processing of personal data is Article 6(1)(a) and (b) of the GDPR.
1.2.2 For the purposes of fulfilling the legal obligations incumbent on the Administrator,
based on generally applicable legal provisions, including tax regulations
and in the field of accounting - the legal basis for the processing of personal data is Article 6
section 1 letter c GDPR
1.2.3 For analytical and statistical purposes – the legal basis for data processing
the legitimate interest of the Administrator (Article 6, paragraph 1, letter f) of the GDPR,
the legitimate interest of the Administrator is to conduct the analysis of the results of the
economic activity.
1.2.4 In order to implement the legitimate interest of the Administrator consisting in
possible determination or pursuit of claims or defense against claims - the basis
the legitimate interest of the Administrator is the legal basis for processing personal data
(Article 6 (1) (f) of the GDPR).
1.3. The Administrator takes special care to protect the interests of persons whose
data concerns, and in particular ensures that the data collected by him are processed
in accordance with the law; collected for specified, lawful purposes and not subject to
further processing incompatible with these purposes; factually correct and adequate in
in relation to the purposes for which they are processed and stored in a form that allows
identification of the persons concerned, no longer than is necessary to achieve the purpose
processing.
1.4. All words, expressions and acronyms appearing on this website and beginning
with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood
in accordance with their definition contained in the Regulations of the Online Store available at
address:
Privacy.

1.5 The provision of personal data by the Service Recipient/Customer is voluntary, however
failure to provide personal data specified in the Regulations, which are necessary to conclude the Agreement
sale or contract for the provision of Electronic Services results in the refusal to conclude the same
contracts. Data necessary to conclude a Sales Agreement or a Service Provision Agreement
Electronic means are also indicated each time on the website of the Online Store.
1.6. The basis for processing the personal data of the Service Recipient/Customer is the necessity
performance of a contract to which the Service Recipient/Client is a party or taking action at his request
before its conclusion.
2. PURPOSE AND SCOPE OF DATA COLLECTION
2.1. The purpose of collecting personal data by the Administrator is:
2.1.1. establishing, shaping the content, changing, performing or terminating a relationship
a contractual agreement between the Service Provider (Seller) and the Service Recipient (Client) consisting in
provision of Electronic Services via the Online Store or conclusion and performance of an agreement
Agreements for the Sale of Products and their delivery to the Customer.
2.2. In the case of Customers who use the Product delivery service to the Customer
The Administrator transfers the collected personal data of Customers to the extent necessary for
make delivery to the selected carrier:
2.2.1. General Logistics Systems Poland Sp. z o. o., ul. Tęczowa 10, Gluchowo, 62-052
Bailiffs. KRS 0000005009, NIP: PL-785-15-61-831
2.2.2. Inpost SA, Malborska 130, 30-624 Kraków, KRS 0000536554
2.2.3. Poczta Polska SA, 8 Rodziny Hiszpańskich Street, 00-940 Warsaw, KRS
0000334972
2.2.4. Furgonetka Limited Liability Company Sp. k., ul. Inżynierska 8, 03-422
Warsaw, KRS 0000694708
2.2.5. INPOST EXPRESS SPÓŁKA Z OO, ul. Malborska 130, 30-624 KRAKOW, KRS
0000543759
2.2.6. INPOST PACZKOMATY SP. Z OO, ul. ,KRS 0000418380
2.2.7. "RUCH" SA, ul. Chłodna 52, 00-872 Warsaw; KRS 0000020446
2.3. In the case of Customers who use electronic payments or payment cards
The Administrator transfers the collected personal data of Customers only to the selected intermediary
by the Client and only to the extent necessary for the Client to make
payments through them. The intermediary available in the Online Store is:
2.3.1. DialCom24 Group - operator of the online payment system PRZELEWY24.Agent
Settlement - runs the authorization and settlement system based on the decision of the President
National Bank of Poland No. 1/2011 of 1 April 2011 and provides payment services in
as a national payment institution based on the decision of the Supervisory Commission

Financial dated 10 June 2014, entered into the register of payment services together with DialCom24
Sp. z o. o. - Payment Agent - under number IP24/2014 (available on
https://erup.knf.gov.pl/View/). Address: ul. Kanclerska 15, 60-327 Poznań. NIP 781-173-38-52,
REGON 634509164. District Court Poznań, 8th Commercial Division of the National Register
Court KRS No. 0000306513, share capital: PLN 1,697,000
2.4. The Administrator processes the following personal data of Service Recipients (Customers): name and
name; e-mail address; contact telephone number; address (street, number
house, apartment number, postal code, city). In the case of Service Recipients (Customers)
who are not consumers at the same time, the Administrator additionally processes the company name
and Tax Identification Number (NIP).
2.5. Providing personal data referred to in point 2.4 is necessary for the provision of
by the Electronic Services Provider within the Online Store or by concluding an agreement
Product Sales Agreements. The scope of required data is indicated each time
also in the Regulations of the Online Shop and before the commencement of the provision of a specific service
Electronic Services or concluding a Sales Agreement on the Online Store website.
2.6 In addition, the recipients of personal data may be:
2.6.1. Suppliers of IT systems and IT services.
2.6.2. Based on relevant data processing agreements
entities providing accounting services to the Administrator, service quality research,
debt collection, legal, analytical and marketing services.
2.6.3. Bodies entitled to receive your personal data on the basis of
provisions of law.
2.7. The Administrator processes personal data of people who liked our profiles
social media conducted within popular social networking sites. The data is
processed in order to enable the maintenance and ongoing management of our profiles,
including for the purpose of communicating with the community and organizing events or
competitions, based on the principles defined by the functionalities of individual media
social media and their regulations. The data of community members are processed
also for statistical and analytical purposes and may be processed for the purpose of
pursuing claims and defending against claims. The legal basis for the processing of your personal data
our legitimate interest in processing personal data (Article 6 (1) (f) of the GDPR).
2.8. In case of contacting the Administrator by telephone, in matters
unrelated to the concluded contract or services provided, we may request the provision of data
personal data only when it is necessary to handle the case to which it relates
contact. The legal basis in such a case is the legitimate interest of the Administrator (Article 6
section 1 letter f of the GDPR), consisting in the necessity to settle a reported matter related to
conducted business activities.
2.9. In the event of sending e-mail or postal correspondence to the Administrator,
traditional, unrelated to the services provided to the Service Recipient or another agreement concluded with
the contract, personal data contained in this correspondence are processed solely for the purpose
communication and handling of the matter to which this correspondence relates.

2.10. In matters not regulated by these regulations, the provisions of
The Civil Code and relevant acts of Polish law, as well as European Union law,
in particular the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of
on 27 April 2016 on the protection of natural persons with regard to the processing
personal data and on the free movement of such data and the repeal
Directive 95/46/EC).
2.11. The online store also processes your personal data for the following purposes:
purposes:
a) transfer of your personal data to Santander Bank Polska SA ("Bank") in
in connection with:
a. the provision by the Bank to the Online Store of the service of making available
infrastructure for handling payments via the Internet (legal basis: Article 6 (1) (f))
Regulations).
b. handling and settling payments made by the Store's customers by the Bank
via the Internet using payment instruments (legal basis: Article 6
paragraph 1 letter f) of the Regulation).
c. for the Bank to verify the proper performance of contracts concluded with the Store
online, in particular ensuring the protection of payers' interests in connection with
complaints submitted by them (legal basis: Article 6 (1) (f) of the Regulation).
b) transfer your personal data to Twisto Polska sp. z o. o. in connection with
the possibility of proposing payment for the purchased goods or services via Twisto
Polska sp. z o. o. under a contract of mandate covering the purchasing formula "Buy with Twisto" and
making this purchasing formula available through the Online Store, as well as for the purpose of verification
by Twisto Polska Sp. z o. o. for the proper performance of such contracts of mandate (basis
legal: Article 6 (1) (f) of the Regulation).
2.12. In connection with the processing of personal data for the purposes specified in paragraphs 3 and 4,
Your personal data may be made available by the Online Store to others.
recipients or categories of recipients of personal data, which may be:
a) Santander Bank Polska S.A.
b) Twisto Polska sp. z o. o.
2.13. If you provide your personal data for the purpose of
concluding a contract with the Online Store, providing your personal data
is a condition for concluding this Agreement. Providing personal data in this situation is
voluntary, however, failure to provide this data will result in the inability to conclude a contract
agreements with the Online Store.
If you provide your personal data for the purpose of:
transfer of your personal data to Twisto Polska sp. z o. o. before concluding the contract
contracts for the sale of goods (or services) purchased in the Online Store, the transfer of these
data is a condition for concluding a sales contract in connection with the business model
conducting business activities adopted by the Online Store.

In the event of your personal data being transferred to the Bank in connection with the service and
settling payments made by you to the Store
via the Internet using payment instruments, providing data is
required to make the payment and provide confirmation of its execution by the Bank
for the Online Store.
In the event that your personal data is transferred to the Bank for verification purposes,
Bank for the proper performance of contracts concluded with the Online Store, in particular
ensuring the protection of payers' interests in connection with the complaints they submit
providing this data is required to enable the execution of the concluded contract
between the Online Store and the Bank.
In the event of transferring your personal data to Twisto Polska sp. z o. o.
in connection with the possibility of proposing to you to pay the price for the purchased
Your goods or services by Twisto Polska sp. z o. o. under a contract for services
including the "Buy with Twisto" shopping formula and making this formula available through the Store
the Internet, the provision of this data and its processing for this purpose is required in connection with
the business model of running the business adopted by the Online Store and for the purpose
performance of the contract concluded between the Online Store and Twisto Polska Sp. z o. o.
The legal basis for processing is the legitimate interest of the Administrator (Article 6 paragraph 1 letter f)
GDPR), consisting in conducting correspondence addressed to him in connection with
conducted business activities.
The administrator only processes personal data relevant to the case in question.
correspondence. All correspondence is stored in a manner that ensures
the security of personal data and other information contained therein and disclosed
only authorized persons.
3. OPERATING DATA
3.1. The Service Provider also collects operational data (so-called logs – IP address, domain), which
are stored for an indefinite period of time and used to generate statistics
helpful in administering the Online Store. This data is of aggregate nature and
anonymous, i.e. they do not contain any features that identify people visiting the Store website
Internet. Logs are not disclosed to third parties.
The online store does not automatically collect any data, except for the data
contained in cookies when you use the Website. Cookies are small
text files sent by the online store and stored on your computer
containing certain information related to your use of the Website and the Store
The cookies used by the online store may be of a
temporary or permanent. Temporary cookies are deleted when you close
browser, while permanent cookies are also stored after the end of the session.
your use of the Website and are used to store information such as
Your password or login, which makes using the Website faster and easier. Online store
uses the cookies listed below for the following purposes:

In any case, you can block the installation of cookies or delete permanent cookies.
cookies, using the appropriate options of your web browser. If
If you have any problems, we recommend that you use your browser's help file or contact
manufacturer of the browser you are using.
4. DATA PROCESSING TIME
4.1. In the case of personal data processed for the purpose of concluding and performing contracts
sales – for the time necessary to perform all obligations arising from
sales contracts.
4.2 In the case of personal data processed for the purpose of providing the Service Recipient
electronic services – for the duration of the provision of services to the Service Recipient via electronic means
electronic.
4.3. In the case of personal data processed for the purpose of sending to the Service Recipient
by the Administrator of marketing content - until the Service Recipient submits
object to the processing of personal data in this respect.
4.4. In the case of data processing for analytical and statistical purposes – for the time
providing services to the Service User by electronic means.
4.5. In the case of data processing for the purpose of pursuing a legitimate interest
The Administrator, consisting in the possible determination, pursuit of claims or defense
before claims - until the claims limitation period has elapsed. After this period, the data
personal data will be processed only to the extent and for the time required by law,
these accounting regulations..
5. RIGHTS RELATED TO PERSONAL DATA PROCESSING
5.1. The Service Recipient has the right to access the content of their personal data and to
correcting.
5.2. Every person has the right to control the processing of data concerning them,
contained in the data set
Administrator.
5.2.1 You may obtain information on how and to what extent we process your personal data.
data.
5.2.2 You may obtain a copy of Your personal data.
5.2.2.1 If the request includes copies of data, please indicate which copies
data you would like to receive.
5.2.2.2.The Administrator may charge a fee for the second and subsequent copies, as
you will be notified.

5.2.2.3 The amount of the fee will correspond to the costs of preparing another copy of the data
personal preparation;
5.2.3 You may request the rectification of your data (if it has been incorrectly recorded or if
changed)
5.2.4 You may request the deletion of your personal data (if there is no basis for this)
The administrator processed them) 5.2.5. You can request the restriction of processing (if you want
The administrator processed your data only to a limited extent, pending consideration
your objection or request for rectification of data, and if you want the data to be
have been stored in connection with your claims);
5.2.5. You may request the transfer of your data that you have provided to the Administrator,
structured, commonly used, human-readable format
machine. You can pass on the received data to your chosen
to the administrator. Furthermore, if technically possible, while maintaining
appropriate security standards, we can transfer data on your behalf
another Administrator.
5.3.6. If the processing of your data by the Administrator takes place on
you may object to such processing on the basis of legitimate interest;
5.3.7. Every person also has the right to lodge a complaint with the supervisory authority [in
In Poland – the President of the Personal Data Protection Office (until 25 May 2018 referred to as the
Inspector General for Personal Data Protection)].
If you believe that our processing of your personal data violates
Your rights - please inform us about this fact at the following e-mail address:
mysmell.berlin@gmail.com .We try to respond to the comments and suggestions of our
Users and, above all, respect their rights.
5.3. In order to exercise the rights referred to above, you can use the options within
Accounts (this option applies only to Service Users who have an account). or via
sending an appropriate message by e-mail to: mysmell.berlin@gmail.com
or in writing to the Administrator’s address.
5.3.1 A request for the exercise of data subjects' rights may be submitted to the following address:
form:
- in writing to the following address: Tojs Spółka z o. o. ul. Pana Tadeusza 42, 80-123 Gdańsk
- by e-mail to: mysmell.berlin@gmail.com
The application should, to the extent possible, precisely indicate what the request concerns, i.e.
in particular:
- what right the person submitting the application wants to exercise (e.g. the right to receive
copy of data, right to delete data, etc.);

- what processing the request concerns (e.g. use of a specific service,
receiving a newsletter containing commercial information to a specified email address,
e.t.c.);
- what processing purposes the request relates to (e.g. marketing purposes, analytical purposes, etc.).
5.3.2. A response to notifications will be provided within one month of receipt.
If it is necessary to extend this deadline, the Administrator will inform the applicant
reasons for such extension.
5.3.3. The response will be sent to the e-mail address from which the request was sent, and
in the case of applications sent by post, by regular mail to the address indicated by
the applicant, unless the content of the letter indicates a desire to receive feedback on
e-mail address (in this case, provide an e-mail address).
5.4. The Service Recipient has the right to lodge a complaint with the supervisory authority [in Poland –
The President of the Personal Data Protection Office (until May 25, 2018 referred to as the General
Personal Data Protection Inspector)].
6. PERSONAL DATA SECURITY
6.1. The Online Store may contain links to other websites.
The Administrator encourages you to read the privacy policy after visiting other websites.
established there. This privacy policy applies only to this Store
Internet.
6.2. The Administrator uses technical and organizational measures to ensure protection
processed personal data
appropriate to the threats and categories of data being protected, in particular
protects data from being
making it available to unauthorized persons, taking it away by an unauthorized person,
processing in breach of
applicable regulations and alteration, loss, damage or destruction.
6.3. The Administrator provides the following technical measures to prevent the acquisition and
modification by people
unauthorized personal data sent electronically:
6.3.1. Securing the data set against unauthorized access.
6.3.2. SSL Certificate.
6.3.3. Access to the Account only after providing an individual login and password.

6.3.4. In order to ensure data integrity and confidentiality, the Administrator has implemented
procedures that allow only authorized persons to access personal data and
only to the extent necessary for the tasks they perform.
6.3.5. The Administrator applies organizational and technical solutions to ensure that
all operations on personal data are recorded and performed only by persons
entitled.
6.3.6. The Administrator shall also take all necessary measures to ensure that his
subcontractors and other cooperating entities ensured that appropriate
security measures whenever they process personal data on behalf of
Administrator.
6.3.6. The Administrator conducts ongoing risk analysis and monitors the adequacy
data security measures applied to identified threats. If necessary,
The Administrator implements additional measures to increase data security.
6.4. The Administrator will not transfer the personal data of the Service Recipient to third countries.
third.

Cookie Policy:
1. The Administrator uses cookies, i.e. small text information,
stored on the User's end device (e.g. computer, tablet, smartphone). Cookies
can be read by the Administrator's IT system.
2. The Administrator stores cookies on the User's end device and then
obtains access to the information contained therein for the purposes of:
1. creating statistics that help understand how Users use the websites
websites, which enables the improvement of their structure and content;
2. marketing (remarketing)
3.defining the User's profile in order to display tailored materials in social networks
advertising, in particular the Google network,
4. ensuring the proper operation of the Store.
3. It is possible for the User to configure the web browser in such a way that
prevents cookies from being stored on the end device. However, in such a situation,
the User's use of the website may be difficult.
4. Cookies can be deleted by the User after they have been saved using the appropriate functions.
Internet browsers, programs for this purpose or using appropriate tools
available within the operating system used by the User.
5. Information on how to delete cookies is provided under these links.
most popular web browsers:
 Firefox: http://support.mozilla.org/pl/kb/usuwanie-ciasteczek,
 Opera: http://help.opera.com/Linux/9.60/pl/cookies.html,
 Internet Explorer: http://support.microsoft.com/kb/278835/pl,
 Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647
 Safari: http://support.apple.com/kb/HT1677?viewlocale=pl_PL