PRIVACY POLICY

1. The Data Controller of the website www.waldin.eu exercises the utmost care to ensure the protection of the personal data of Users visiting this website. It ensures that data processing is carried out in accordance with applicable legal regulations, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council (“GDPR”), respecting the principles of transparency, fairness, and security.

2. A User is a natural person using the website, including someone acting on behalf of and for the benefit of a legal entity or an organizational unit without legal personality.

3. This privacy policy explains the principles and scope of processing the User’s personal data, the rights to which the User is entitled, as well as the obligations of the Data Controller, and also provides information on the use of cookies.

4. The Data Controller applies appropriate technical and organizational measures, including solutions ensuring a high level of personal data security, adequate to the risk of infringement of the rights and freedoms of data subjects. These measures are intended to protect data against unauthorized access, loss, destruction, modification, or unlawful disclosure.

I. DATA CONTROLLER

The Data Controller of your personal data is WALDIN sp. z o.o., with its registered office in Rozbórz Długi at ul. Rozbórz Długi 66B, 37-560 Pruchnik, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court in Rzeszów, 12th Commercial Division of the National Court Register, under KRS number: 0000990054, NIP: 7922317140, REGON: 522971538, share capital: PLN 10,000.00 (hereinafter referred to as the “Data Controller”).


You can contact the Data Controller regarding any matter related to the processing of personal data via the contact form available on the website: https://waldin.eu/contact/, by phone: +48 668 892 335, or by email: info@waldin.eu


II. PURPOSES AND LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA


The Data Controller processes Users’ personal data for the following purposes:

1. Website operation and use of its functionalities

Users’ personal data, including data collected automatically (IP address, identifiers, data obtained through cookies or similar technologies), are processed:

a) for the purpose of providing electronic services, including displaying content and providing forms — Article 6(1)(b) GDPR;

b) for the purpose of handling orders placed without registration — Article 6(1)(b) GDPR;

c) for the purpose of handling complaints and User submissions — Article 6(1)(b) GDPR;

d) for statistical, analytical, and reporting purposes — Article 6(1)(f) GDPR (legitimate interest of the Data Controller: improving service quality and tailoring services to Users’ needs);

e) for the purpose of establishing, pursuing, or defending against claims — Article 6(1)(f) GDPR;

f) for the marketing purposes of the Data Controller or third parties (including contextual advertising) — Article 6(1)(f) GDPR;

g) for conducting direct marketing activities or behavioral (profiled) advertising — Article 6(1)(a) GDPR (User’s consent).

2. Account Registration on the Website

Personal data of Users who create an account on the Website are processed:

a) for the purpose of creating and managing the account — Article 6(1)(b) GDPR;

b) regarding additional data provided voluntarily — Article 6(1)(a) GDPR (consent);

c) for statistical and analytical purposes — Article 6(1)(f) GDPR;

d) for marketing purposes (e.g., contextual advertising, newsletter) — Article 6(1)(f) or (a) GDPR, depending on the nature of the activities;

e) for the purpose of pursuing or defending against claims — Article 6(1)(f) GDPR.

3. Order Fulfillment

Personal data are processed:

a) for the purpose of accepting and fulfilling the order — Article 6(1)(b) GDPR;

b) for the purpose of fulfilling legal obligations, in particular related to taxes and accounting — Article 6(1)(c) GDPR in connection with the Accounting Act and tax regulations;

c) for analytical, statistical, and purchasing purposes — Article 6(1)(f) GDPR;

d) for conducting customer satisfaction surveys — Article 6(1)(f) GDPR;

e) for the purpose of establishing, pursuing, or defending against claims — Article 6(1)(f) GDPR.

4. Newsletter and Electronic Marketing Communication

Personal data (in particular, the email address) are processed:

a) for the purpose of sending commercial and marketing information regarding products, services, promotions, or news — based on the User’s consent, i.e., Article 6(1)(a) GDPR;

b) for the purpose of analyzing the effectiveness of marketing campaigns — Article 6(1)(f) GDPR.

Consent to receive the newsletter can be withdrawn at any time, without affecting the lawfulness of the processing carried out prior to its withdrawal.

5. Managing Social Media Profiles

The Data Controller manages social media profiles, including on Facebook, Instagram, TikTok, and YouTube. Data of individuals visiting these profiles (e.g., account name, comments, likes) are processed:

a) to enable User activity on the profiles and to conduct communication — Article 6(1)(f) GDPR;

b) to promote the services, products, and brand of the Data Controller — Article 6(1)(f) GDPR;

c) for statistical and analytical purposes — Article 6(1)(f) GDPR;

d) for the purpose of pursuing or defending against claims — Article 6(1)(f) GDPR.

In the case of Facebook, data are also processed under the joint controllership arrangement with Meta Platforms Ireland Ltd. Details: https://www.facebook.com/priva...

6. Contact with the User

Personal data are processed:

a) for the purpose of conducting communication and responding to inquiries — Article 6(1)(f) GDPR (legitimate interest of the Data Controller);

b) if the contact concerns actions aimed at concluding a contract — Article 6(1)(b) GDPR.

7. Conclusion and Performance of Contracts with Contractors/Institutions

The Data Controller processes personal data of individuals representing contractors for the purpose of:

a) concluding and performing the contract — Article 6(1)(f) GDPR, and for verifying authorization to represent — Article 6(1)(c) GDPR;

b) handling complaints and submissions — Article 6(1)(b) and (f) GDPR;

c) fulfilling tax and accounting obligations — Article 6(1)(c) GDPR.

8. Data of Contractor’s Personnel

Data of individuals acting on behalf of the contractor (e.g., contact persons, individuals carrying out the order) are processed:

a) for the proper performance of the contract — Article 6(1)(f) GDPR;

b) for complaint handling and pursuing claims — Article 6(1)(f) GDPR;

c) for tax and accounting purposes — Article 6(1)(c) GDPR.

III. TYPES OF DATA

1. The Data Controller processes the following personal data, the provision of which is necessary for:

a. registration:

- first name and last name;

- email address;

b. making purchases via the website:

- first name and last name;

- gender;

- delivery address;

- phone number;

- email address;

c. Data optionally provided by the User:

- date of birth;

- National ID number (in case of requesting an invoice);

- TAX ID number (in case of requesting an invoice for a business entity).

2. In the event of withdrawal from the contract or acceptance of a complaint, when the refund is made directly to the User’s bank account, we also process information regarding the bank account number in order to make the refund.

IV. USER RIGHTS

  1. Right of access to data — The User has the right at any time to request from the Data Controller information on the scope of processing of their personal data, including access to such data and information on, among other things, the purposes of processing, categories of data, data recipients, and the planned period of their storage.
  2. Right to rectify data — The User has the right to request the correction or rectification of their personal data if it is incorrect or incomplete. The User may also make changes themselves by logging into their account on the Website.
  3. Right to withdraw consent — If personal data is processed based on consent, the User has the right to withdraw it at any time, without providing a reason. Withdrawal of consent may relate to a specific processing purpose (e.g., consent to receive commercial information) or to all purposes for which consent was given. Withdrawal of consent for all processing purposes will result in the deletion of the User’s account on the Website along with all their personal data. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  4. Right to erasure of data (“right to be forgotten”) — The User has the right to request the deletion of their personal data without providing a reason. Upon exercising this right, the User’s account and all stored and processed personal data will be deleted. The deletion of data does not affect the legality of processing that took place before the request was fulfilled.
  5. Right to object to data processing — The User has the right at any time to object to the processing of their personal data, either entirely or only for a specified purpose. A valid objection may result in the deletion of the User’s account and all stored personal data if further processing would not be possible without violating the law or the interests of the Data Controller. The objection does not affect the legality of prior processing.
  6. Right to restrict data processing — The User has the right to request the restriction of the processing of personal data, for a specified time or scope. The Data Controller is obliged to fulfill such a request, subject to exceptions provided by law. Restriction of processing does not affect the compliance of earlier actions with applicable law.
  7. Right to data portability — The User has the right to request that the Data Controller transfers their processed personal data to another controller. For this purpose, the User should submit an appropriate request, indicating the entity (name and address) to which the data should be transferred, and the scope of the data to be transferred. The Data Controller may require identity confirmation to ensure the security and authenticity of the request. The data will be transferred in electronic format, provided this is technically feasible.
  8. Right to information about actions taken in connection with requests — The Data Controller informs the User about actions taken in connection with the exercise of the above rights no later than within 1 month of receiving the request. In justified cases, this period may be extended by another 2 months, of which the User will be informed.
  9. Right to lodge a complaint with a supervisory authority — The User has the right to lodge a complaint with a supervisory authority if they believe that the processing of their personal data violates GDPR provisions.

V. PERIOD OF PERSONAL DATA STORAGE

  1. Personal data are stored for the period necessary to achieve the purposes for which they were collected, including to perform the contract, fulfill the legal obligations incumbent on the Data Controller, and for archival and evidentiary purposes arising from civil and tax law regulations.
  2. In particular:
    a) data processed for the purpose of performing a contract with the User will be stored for the duration of the contract and for the period of limitation of claims arising from that contract, i.e., generally for 3 years from the end of the calendar year in which the business relationship was concluded;
    b) data related to the fulfillment of accounting and tax obligations will be stored for the period required by law (e.g., 5 years from the end of the fiscal year in which the tax obligation arose)
    c) data processed based on consent will be stored until the consent is withdrawn, whereby withdrawal of consent may also result in the deletion of the User’s account and the personal data linked to it;
    d) User account data are stored until the account is deleted — either at the User’s initiative (by request, objection, or withdrawal of consent) or at the Data Controller’s initiative (e.g., due to lack of activity);
    e) data processed for marketing purposes (e.g., newsletter) will be stored until the consent is withdrawn or an objection is raised against processing for this purpose.
  3. The Data Controller may store data for a longer period if it is necessary for the defense against claims or for pursuing claims — until the limitation of potential claims.
  4. After the indicated periods have expired, the personal data will be deleted or anonymized, unless their further storage is justified by another legal basis.

VI. DISCLOSURE OF PERSONAL DATA

1. The Data Controller may disclose Users’ personal data to external entities cooperating with the Data Controller, solely to the extent necessary to achieve the purposes specified in this Privacy Policy and in connection with the provision of services through the Website.

2. Personal data may in particular be disclosed to the following categories of recipients:
a) courier and logistics companies, for the delivery of ordered goods,
b) entities providing accounting and bookkeeping services,
c) law firms, for pursuing or defending against claims,
d) providers of IT services, hosting, and technical infrastructure,
e) operators of mailing and marketing systems — in the case of Users who have consented to receive commercial information.

3. The User may use online payments made through external payment service providers. To enable the transaction, the Data Controller may provide these entities with the necessary User personal data. The currently available payment operators are:
a) Klarna (Klarna Bank AB),
b) iDEAL,
c) payment cards (Visa, MasterCard, Maestro),
d) Apple Pay (Apple Inc.),
e) PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A.).

The selection of a specific provider is possible when placing the order. Each operator acts as an independent data controller and processes data in accordance with its own privacy policy.

4. Users’ personal data are, as a rule, not shared with third parties for those parties’ marketing purposes unless the User has given explicit and separate consent.

5. Users’ personal data are generally not transferred outside the European Economic Area (EEA). If the transfer of data outside the EEA becomes necessary (e.g., in connection with the use of services provided by suppliers based outside the EEA), the Data Controller will ensure that such transfer takes place in accordance with applicable regulations, in particular based on appropriate safeguards such as the standard contractual clauses adopted by the European Commission.

6. This Privacy Policy has been prepared based on Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

VII. COOKIES AND SIMILAR TECHNOLOGIES

  1. The website waldin.eu uses cookies and similar technologies to ensure the proper functioning of the Website, analyze website traffic, and carry out marketing and advertising activities, including direct marketing.
  2. The User can manage cookies using the cookie consent banner, which appears upon the first visit to the Website, as well as by changing the settings in their web browser.
  3. Cookies may be used in particular to remember the User’s preferences, for analytical and statistical purposes, to operate website functionalities, and to conduct marketing and advertising campaigns.
  4. The User has the ability to control and/or delete cookies at their discretion. They can delete all cookies saved on their device, configure the web browser to prevent their automatic saving, as well as withdraw or change their cookie consent using the consent banner visible on the website. However, disabling cookies may cause some functionalities of the Website to stop working properly.

Google Analytics

This Google Inc. service is an analytics tool that stores information in cookies to generate statistics on traffic to our Website. This feature is not essential for browsing and is used to monitor the website’s performance and improve it. By using Google Analytics, we do not process any personal data or other identifiers useful for indirect identification (e.g., IP address) of the data subjects. However, this does not mean that your personal data are not processed by Google Inc., the data controller for Google Analytics. The main cookie used by Google Analytics is the _ga cookie. More information about the types of cookies used by Google Inc. can be found here:

https://policies.google.com/te...

In addition to reporting usage statistics for our Website, Google Analytics, together with certain advertising cookies, may be used to display more relevant ads from Google Inc. (based on your search history and activity on our website) and to measure interactions with display ads from Google Inc. Google Analytics also uses cookies on our website to analyze your behavior, which are stored on the user’s end device (computer, tablet, smartphone). Google anonymizes part of the end user’s IP address as soon as it is collected, thereby increasing your privacy. Google Inc. uses the information collected during the use of the website to evaluate the use of our website, provide us with reports on website activity, and provide other services related to the use of our website and the Internet.

You can prevent data processing by Google Analytics by properly configuring your web browser, where you can install a browser plug-in (available at the following link): https://tools.google.com/dlpag.... Clicking this link will save an opt-out cookie in your browser, which will prevent data access in the future when visiting our Website.

For more information on the processing of personal data by Google Inc. when using Google Analytics, you can review their privacy policy available at:

https://policies.google.com/te...

Below are links to instructions on managing cookies in the most popular browsers:

Google Chrome:

https://support.google.com/chr...

Mozilla Firefox:

https://support.mozilla.org/en...

Safari (macOS):

https://support.apple.com/en-u...

Microsoft Edge:

https://support.microsoft.com/...

Opera:

https://help.opera.com/en/late...

Google Ads (cookies)

Google Ads uses “cookies” technology — text files placed on your device — to enable the evaluation of the accuracy and effectiveness of advertising activities carried out using the AdW network.

Google collects data obtained from placing cookies on devices on its servers and uses this information to create reports and provide other services related to traffic and internet usage.

Google may also transfer this information to third parties if it is required to do so under legal provisions or when such parties process this information on behalf of Google.

These data are never combined with the data provided as mentioned in section III and serve solely as material for statistical analysis and system error correction mechanisms.

If you do not agree to the placement of cookies on your device, you can block their placement by properly configuring your web browser. You can find information on how to do this in your web browser’s help files. Unfortunately, if Google cookies are blocked, we cannot guarantee the proper functioning of the website.

If you agree to the placement of Google cookies on your device but would like to delete them after visiting waldin.eu, you can do so without risk, and you will find information on how to do this in your web browser’s help files.

VIII. FINAL PROVISIONS

  1. This Privacy Policy is for informational purposes and serves to fulfill the obligations arising from Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
  2. The Data Controller reserves the right to introduce changes to the Privacy Policy, in particular in the event of:
    a) changes in the legal provisions regarding personal data protection,
    b) technological changes affecting data processing,
    c) the introduction of new services or functionalities on the Website.
  3. Any changes to the Privacy Policy will be published on the website www.waldin.eu, and in the case of significant changes, Users will be informed about them via the communication channels provided to the Data Controller (e.g., email).
  4. In matters not regulated by this Privacy Policy, the provisions of generally applicable law, in particular the GDPR, shall apply.

This Privacy Policy is effective from May 30, 2025.