Our overriding objective is to ensure that the Service Users' privacy is protected at a level that is at least equivalent to the standards set out in the applicable legislation, in particular the Act of 18 July 2002 on the provision of electronic services, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.
Anyone who uses the Website remains anonymous until they decide to reveal their identity. The Data Controller processes personal data on the basis of, inter alia, consent, where consent should also be understood as the ticking of the relevant box or any other behaviour that clearly indicates acceptance of the proposed processing.
The Administrator's website and services are not intended for or directed at children under the age of 18.
If you do not accept the contents of this Policy immediately cease using the Service.
- Website - the website on the domain warsawsaints.com, made available by the Service Provider to provide certain services, content or functions to Users;
- Administrator - the administrator of the personal data, i.e. Andriy Grinchak conducting business activity under the name Warsaw Saints Andriy Grinchak, Adama Branickiego 9 lok 73, 02-972 Warsaw, registered in the Central Register and Information on Business Activity conducted in the information and communication system by the minister responsible for economy, under the number NIP: 1230849981, REGON: 142496229;
- User - a natural person with full legal capacity who uses the Website Services;
- GDPR- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;
- Personal data (or "data") - any information relating to an identified or identifiable natural person;
- President of the Office for the Protection of Personal Data ("PUODO") - the data protection authority overseeing compliance with data protection legislation;
- Identifiable natural person - a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social characteristics; information shall not be considered to identify a person if this would involve unreasonable expense, time or effort;
- Data processing - any operation performed on personal data, such as collection, recording, storage, elaboration, alteration, sharing and deletion, and in particular those operations performed in computer systems,
- Purpose of processing - to determine for what purpose personal data is collected and processed;
- Consent - The User's voluntary, informed and unambiguous consent to the processing of his/her personal data for a specific purpose;
- Right of access - the User's right to obtain information about the personal data processed and its source;
- Right to rectification - the User's right to correct inaccurate or outdated personal data;
- Right to erasure (right to be forgotten) - the User's right to request the erasure of his/her personal data, subject to certain conditions;
- Right to data portability - the User's right to receive their personal data in a transferable form to another service provider.
For definitions not covered above, the definitions and terms set out in the Shop Rules shall apply accordingly.
II. Who is the Controller of my personal data?
The administrator of your personal data is Andriy Grinchak conducting business activity under the name Warsaw Saints Andriy Grinchak, ul. Adama Branickiego 9 lok 73, 02-972 Warsaw, entered into the Central Register and Information on Business Activity conducted in the ICT system by the minister responsible for economy, under the number NIP: 1230849981, REGON: 142496229;
You can contact us about your personal data at e-mail: email@example.com or telephone number: +48 793 615 617.
III. The legal basis and purposes of data processing depend on the type of Services you use:
Purpose of processing
Data retention period
Purchase of Goods
Article 6(1)(b) GDPR i.e. the processing is necessary for the performance of the Contract for the sale of Goods to which the data subject is a party.
Article 6(1)(c) GDPR (i.e. performance of a legal obligation under Article 18 of the Act of 18 July 2002 on the provision of electronic services and the Civil Code).
The provision of data is necessary for the performance of the Sales Contract. The consequence of failing to provide data is that the Contract cannot be fulfilled.
Performance of the sales contract
The data will be processed for a period of 3 years from the date of conclusion of the contract.
Complaint and withdrawal procedure
Article 6(1)(c) of the GDPR (i.e. performance of a legal obligation under the provisions of the Consumer Rights Act of 30 May 2014.)
The provision of personal data is necessary in order to process a complaint or withdraw from a contract. The consequence of failing to provide data is that the complaint cannot be processed.
Handling consumer complaints and carrying out the withdrawal procedure.
Once we have dealt with an enquiry or complaint, we will retain the data for a period not exceeding three years, unless the nature of the enquiry requires a longer retention period.
Article 6(1)(f) GDPR i.e. the legitimate interest of maintaining contact with a potential customer and answering questions.
The provision of personal data is voluntary, but necessary in order to make contact. Failure to provide data will make it impossible to respond.
Consideration of enquiry and response.
Data will be processed for a period of two years.
Direct marketing and sending of commercial information
Article 6(1)(f) GDPR i.e. legitimate interest to send commercial information and direct marketing with the User's prior consent.
The provision of personal data is voluntary, but necessary for the Newsletter service. Failure to provide data will prevent the Newsletter from being sent.
Sending information on current products, offers via email.
We will continue to send commercial communications until you opt out of receiving it. Each commercial communication includes a link where you can opt out of receiving commercial communications
Statistical and analytical analyses of website traffic (Google Analytics, Facebook Pixel, Google Tag Manager, DoubleClick, Google Ads, Hotjar, Merchant Google Center)
Article 6(1)(f) GDPR i.e. the administrator's legitimate interest in analysing the activity of Website Users, improving the functionality of the website and determining User preferences and Article 6(1)(a) GDPR i.e. User consent
Consent is voluntary (except for cookies, which are necessary for the proper functioning of the Website).
Analyse the activity of Website users, improve the functionality of the website and identify user preferences
Until you successfully object or withdraw your consent to cookies (you can modify your consent by managing cookies in your browser)
The periods indicated in the table above are counted from the end of the year in which the Administrator started the data processing in order to facilitate the technical process of controlling these periods. After this time, the personal data shall be permanently destroyed or deleted, unless the obligation to continue storing them arises from applicable legislation.
IV. With whom do we share your personal data?
The controller may transfer your personal data to the following categories of recipients:
- payment service providers depending on the selected payment method (AutoPay S.A. with its registered office in Sopot (online transfer and payment card), Apple Inc. (Apple Pay), Google LLC (Google Pay), Polski Standard Płatności sp. z o.o. with its registered office in Warsaw (BLIK), PayPo Sp. z o.o. with its registered office in Warsaw (PayPo), PayPal (Europe) S.à r.l.et Cie, S.C.A. (PayPal), the bank chosen by the Buyer (traditional transfer);
- the company providing technical and IT support, including website and email hosting (Google LLC, Shoper S.A. based in Krakow);
- the company providing the newsletter dispatch system (GetResponse S.A.based in Gdansk);
- company providing accounting support;
- a company providing tools for the analysis of statistics and analytical tools tracking traffic on the Website - Google Analytics Google Ads, Google Tag Manager, Merchant Google Center, DoubleClick (Google LLC), Facebook Pixel (Meta Platform Inc.), Hotjar (Hotjar Ltd.), Shoper (Shoper S.A. based in Krakow);
All external parties may only use your data for the purpose of providing the service in question. All persons who have access to your data must process it with care and comply with applicable laws and regulations. We do not pass on your data to third parties for commercial purposes and we do not sell your data to other companies.
The Service may provide personal data to authorised authorities, tax authorities and/or law enforcement agencies if required by law.
V. Transfer of data to third countries
The controller transfers your personal data outside the EEA only when necessary and resulting from the use of international companies. Service providers are obliged to provide the same level of protection and use appropriate legal mechanisms to ensure the protection of personal data, such as, for example, binding corporate rules adopted by the competent supervisory authority or other international certification standards or standard contractual clauses defined by the European Commission.
The aforementioned companies guarantee compliance with data protection standards analogous to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. The Service's use of their technology in processing personal data remains lawful.
For more information on the transfer of data outside the EEA, see: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_pl
VI. User rights
- The user has the right to request from the Administrator:
- access to his or her personal data - any person exercising this right has the right to be informed whether and what information is processed about him or her by the Administrator and to obtain a free copy of the data,
- rectification of data - any person exercising this right has the right to request the rectification of his or her data or their completion,
- restriction of processing - any person exercising this right has the right to restrict the processing of their data where the accuracy of the data and the lawfulness or necessity of the processing is contested and to object.
- withdrawal of consent to data processing - any person exercising this right has the right to withdraw previously given consent to the processing of data for the purposes specified in the consent. Consent is not retroactive which means that the processing of data prior to the withdrawal of consent remains legal. Please note that the above entitlement only applies to data processing based on the User's consent.
- to object - any person exercising this right will be able to object to the processing of his/her data based on the legitimate interest of the Controller,
- data portability-any person exercising this right will be able to request the transfer of his/her data in pdf format to the designated Controller.
- In addition to the rights indicated above, any person whose data is being processed has the right to lodge a complaint with the President of the Office for Personal Data Protection if he/she considers that his/her data is being processed contrary to the applicable regulations. The complaint shall be submitted to the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw, or using the form on the website: https://uodo.gov.pl/.
- The rights set out in para. 1 can be exercised by contacting us using the contact details, i.e. e.g. email: firstname.lastname@example.org The Administrator will exercise the rights by contacting the Administrator's e-mail address within a maximum of 30 days of receiving the request. If, due to the special nature or complexity of the case, it will not be possible to do it within 30 days, the Administrator will execute the rights within the following month and will immediately inform the entitled person about the extension of the deadline.
- In order to ensure security, we reserve the right to provide certain information known to us. By using such a process, we can verify that it is indeed the data subject.
- The Administrator shall be entitled to refuse to exercise the rights indicated above only if it is in accordance with the law and on grounds overriding the interests of the right holder. The Administrator shall each time inform the authorised person of the reasons for refusal to execute the request.
VII. Automated decision-making, profiling
The Administrator analyses Users' personal data by analysing traffic on the Website, history of activity on the Website. The analysis of the data does not cause any legal effects or influence the rights and freedoms of the User in any way, and the data are processed only for the purpose of establishing the Users' preferences and adjusting the content and offers created by the Administrator to the Users' preferences.
2. The administrator may use the following types of cookies:
- Temporary cookies exist on your computer only while you are on a particular website - to be more precise, until you close your browser. They allow the Website to remember what customers have chosen on the previous page and are designed to optimise navigation on the Website, e.g. by remembering the settings of a logged-in User, so that the user does not have to re-enter his/her login and password on each sub-page of the Website (no password or login are stored in the "cookie" - only the customer session number, which does not identify the customer's personal data).
- statistical cookies - this type of cookie is used to provide important information about site traffic and how visitors use the site. Google Analytics, Hotjar, among others, are used to collect this data. These cookies are only used to collect statistics on website traffic and to profile the user in order to display tailored material to him/her on advertising networks, in particular the Google network,
- Functional cookies exist on your computer only while you are on a particular website - to be more precise, until you close your browser. They allow the Website to remember what customers have chosen on the previous page, and are designed to optimise navigation on the Website, e.g. by remembering the settings of a user logged into the Website - so that the user does not have to re-enter data on each sub-page of the Website (only the customer session number is stored in the "cookie", which does not identify the customer's personal data),
- essential cookies - installed by the Administrator through the Website in order to provide the Users with the services offered on the Website and to function correctly,
- analytical cookies - this type of cookie is used to provide important information about site traffic and how visitors use the site. These cookies are only used to collect statistics on site traffic and to profile the user in order to display tailored material to them on advertising networks, in particular the Google network,
- marketing cookies - installed by the Administrator or third parties whose services are used by the Administrator in order to adapt the marketing content displayed to the Users' preferences (Facebook Pixel),
- other cookies - other cookies which do not remain essential for the functioning of the Website and which are used by social media.
3. The aforementioned companies guarantee compliance with data protection standards analogous to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. The Service's use of their technology in processing personal data remains lawful.
5. Cookies are used on the Website with the User's consent.
6. Cookies placed on a Service User's terminal equipment may also be used by advertisers and partners cooperating with the Administrator, and may also be used by advertising networks, in particular the Google network, to display advertisements tailored to the manner in which a user uses the Service. For this purpose, they may retain information about the User's navigation path or the time spent on a particular page.
7. The Administrator analyses the browsing history of the Website and website traffic in an automated manner. The analysis of the data does not have any legal effect on the Users and is only intended to adapt the content presented by the Administrator to the Users' preferences.
9. Consent may be given by the User through the appropriate settings of the software, in particular the Internet browser, installed on the telecommunications device used by the User to view the content of the
10. The User may also restrict or disable cookies in his/her browser at any time by setting it in such a way that it blocks cookies or warns the User before a cookie is stored on the device he/she is using to view the content of the Website.
IX. Analytical and marketing tools, social media plug-ins
- Google Analytics
The website uses an analytics tool known as "Google Analytics," provided by Google LLC. Google Analytics allows us to collect data on the use of the website and to analyse user behaviour. Below you will find relevant information on this subject:
- Purpose of data collection: Google Analytics helps us to understand what pages you visit, how long you stay on our website and what actions you take. This data is used to analyse and improve our website.
- Data processing: Google Analytics may collect information about your device, browser, geographical location and interactions with our website. All data is anonymous and does not identify specific users.
- Data management: If you do not want your data to be collected by Google Analytics, you can use your browser's privacy settings management tools or install a browser add-on to disable Google Analytics.
Google Analytics stores usage data on servers located in the United States. This is important because the US is treated as a third country in the context of European data protection regulations such as the GDPR (the GDPR was in force until my knowledge cut-off date, which is September 2021).
IP address anonymisation: One of the key steps Google Analytics takes to protect user privacy is to anonymise IP addresses. This means that the last octet of the user's IP address is removed or replaced with a random identifier. This keeps the user relatively anonymous and makes it much more difficult to accurately identify the user by IP address.
Google provides mechanisms that allow data, including IP addresses, to be transferred from member states of the European Union and other EEA countries to Google's servers in those same countries, which may help to maintain some consistency with European data protection regulations
- Facebook Pixel
The service provider uses a tool known as the "Facebook Pixel," which is provided by Facebook, Inc. (now Meta Platforms, Inc.). Facebook Pixel is an analytics tool that helps us understand what actions you take on our website and what content you are most interested in. This allows us to tailor our website and offerings to your needs and provide a better user experience.
We would like to inform you of a few rules regarding the processing of data via Facebook Pixel:
- Type of data collected by Facebook Pixel: Facebook Pixel may collect different types of data, such as information about the pages you view, your activity on our site, your interactions with content, as well as information about the devices you use.
- Purpose of data collection: The data collected through Facebook Pixel are used for analytical, marketing and advertising purposes. They allow us to tailor content and advertising to your preferences and to analyse the effectiveness of our campaigns.
- Data sharing: Data collected by Facebook Pixel may be shared with Facebook, Inc. and its partners. We do not share any personal data, such as your name or email address, without your express consent.
- Managing and disabling Facebook Pixel: If you do not want your data to be collected via Facebook Pixel, you can use the privacy settings management tools in your browser settings or visit the Facebook privacy settings link to disable Pixel.
Data collected via Facebook Pixel may be stored on Meta's (Facebook) servers in the United States. Facebook Pixel also supports data anonymisation to protect user privacy
- Google Tag Manager
Google Tag Manager is a tool for managing tags and scripts on a website. It facilitates the management and implementation of various analytics and tracking tools on the website.
Google Tag Manager allows site owners the flexibility to manage scripts and tools without having to interfere with the site's source code. It facilitates the integration of tools such as Google Analytics, Facebook Pixel or other analytics tools. Google Tag Manager is provided by Google LLC.
- Types of data collected by Google Tag Manager: Google Tag Manager does not collect personal data directly, but manages other tools and scripts that may collect different types of data, such as those mentioned for Google Analytics and Google Ads.
- Purpose of data collection by Google Tag Manager: Google Tag Manager allows us to manage and implement analytics and tracking tools on our website in a more efficient way.
- Data storage: Google Tag Manager does not store data. It acts as a manager for other tools. Data collected by tools managed by Google Tag Manager may be stored and processed by the providers of these tools.
- Sharing data with Google Tag Manager: Google Tag Manager does not collect or store data. It acts as a management tool for other tools, so the sharing of data depends on those tools.
- Managing and disabling Google Tag Manager: Google Tag Manager does not collect or process personal data, so disabling it is not necessary. However, you can control which tools and scripts are implemented on your website using Google Tag Manager.
- DoubleClick, Google Ads, Merchant Google Center
These platforms are used to display ads on the website and in Google's search results. DoubleClick allows you to track the effectiveness of your ads, while Google Ads and Merchant Google Center allow you to create and manage advertising campaigns and product listings. The service provider of these tools is Google LLC.
- Types of data collected by DoubleClick, Google Ads and Merchant Google Center: These advertising platforms may collect data on user interactions with ads, such as clicks, ad impressions, conversions and other ad-related activities,
- Purpose of data collection by DoubleClick, Google Ads and Merchant Google Center: The purpose is to measure the effectiveness of advertising campaigns and deliver more relevant ads.
- Data storage: Data collected by these advertising platforms is stored on Google's servers, which may be located outside your jurisdiction, including in the United States. Google is a certified participant in the Privacy Shield programme, which ensures adequate data protection for international transfers.
- Data sharing with DoubleClick, Google Ads and Merchant Google Center: Data may be shared with Google and advertising providers for the purpose of delivering advertising on our website and on other advertising platforms.
- Option to disable DoubleClick, Google Ads and Merchant Google Center: You can adjust your advertising preferences in your browser settings and via the advertising preference management options available on Google's websites.
Hotjar is an analytics tool that helps websites analyse user behaviour on the site. Hotjar offers features such as heat maps, user session recordings and online surveys.
Hotjar helps to understand how users browse the site, what they click on and where they spend the most time. It is an analytics tool that helps to optimise the user experience. Hotjar's service provider is Hotjar Ltd.
- Types of data collected by Hotjar: Hotjar may collect data on user behaviour on our website, such as heat maps, recordings of user sessions and responses to online surveys. This data is usually anonymised or pseudonymised.
- Purpose of Hotjar's data collection: the purpose of Hotjar's data collection is to analyse user behaviour on the website in order to understand how to improve and customise it.
- Sharing of data from Hotjar: Data collected with Hotjar usually remains on Hotjar servers and is not shared with third parties.
Hotjar servers are located in various locations around the world, including Europe. Hotjar uses appropriate security measures to protect data.
X. Social media plug-ins
We would like to inform you that the Service may include links (plug-ins) that allow its Users to reach directly to other websites for which the owner of the Service is not responsible, such as: Facebook, Instagram, Google.
Using social plug-ins:
When using these plug-ins, you consent to the transfer of certain personal data to social media administrators such as Facebook, Instagram, Google. The administrators of these platforms act as joint data controllers with us with regard to the information transmitted through these plugins.
Data provided to social media administrators may include information such as email address, user ID, profile data, preference information and other data necessary for the login process and user authentication.
The data provided to social media administrators is used, among other things, to enable users to log in to our website using their account on social media platforms. Social media administrators may also use this data to adapt content, provide personalised services and analyse user behaviour.
XI. How do we secure your personal data?
The controller does everything possible to keep your data secure. To this end, it implements appropriate technical and organisational measures so that the processing is carried out lawfully and in a manner that ensures security, including, among other things, the use of an encrypted connection - SSL (protocol https://).
The IT systems used by the Administrator have appropriate safeguards in place to guarantee the confidentiality and integrity of the personal data processed.
XII. Where can I raise concerns/comments about what processing of personal data?
We would like to emphasise that your privacy is important to us, and we take all possible steps to protect your data. If you have any questions or concerns about the processing of your data on our Service, please do not hesitate to contact us:
- via e-mail: email@example.com,
- via telephone number: +48 793 615 617.
XIII. Final provisions
The controller shall apply technical and organisational measures to ensure the protection of the processed personal data appropriate to the risks and the category of data protected, and in particular it shall protect the data against their access to unauthorised persons, against their being taken by an unauthorised person, against their being processed in violation of the applicable regulations, and against their alteration, loss, damage or destruction.