I. CONTROLLER AND CONTACT: Controller of Your personal data (hereinafter referred to as the “Data”) is: Tedee spółka z ograniczoną odpowiedzialnością, a limited liability company with its registered office in Warsaw at Karola Bohdanowicza 21/57, entered into the register of entrepreneurs of the National Court Register under the number KRS 0000712451, register files of which are kept by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, NIP (tax identity number) 7010795542, REGON (statistical number): 369188621, with share capital amounting to PLN 2,400,000 (hereinafter referred to as the “Controller”) Contact: Should you have any doubts regarding the processing of your Data, please contact us by sending an email to: [email protected] II. SCOPE OF DATA : We can obtain your Data directly from You, including contact information obtained through the electronic ordering procedure. Especially, but not always, these Data may include: User ID, name, surname, correspondence address, e-mail address, phone number (legal ground: Article 6 point 1 letter b of GDPR) and information provided while using the Service, including information collected by cookies such as e.g. User ID, name, surname, address, e-mail address, phone number (legal ground: Article 6 point 1 letter f of GDPR). III. PURPOSE AND LEGAL GROUNDS OF DATA PROCESSING : Purpose of Data processingLegal grounds of Data processingExecution of Agreement, including the use of the e-store, entering into and executing Transactions, and security, especially - preventing hacking attacksArticle 6 point 1 letter b of GDPR (processing for the purpose of performance of a contract)Statistical measurementsArticle 6 point 1 letter b of GDPR (processing for the purpose of performance of a contract) or, if such measurements are not necessary for the purpose of agreement performance - Article 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)Own marketingArticle 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)NewslettersArticle 6 point 1 letter f of GDPR (legitimate interests pursued by the Controller)External marketing (third party marketing), especially retargeting and marketing statistics and analytics Article 6 point 1 letter a of GDPR (consent of the Data subject)Tax, accounting and other purposes resulting from Controller’s legal obligationsArticle 6 point 1 letter c of GDPR (processing necessary to fulfill legal obligations of the Controller) IV. RETENTION PERIOD : We only process the Data for as long as it is necessary. When the purpose of the Data processing has been fulfilled, the Data will be deleted in accordance with our data retention policy, unless we are legally obliged to keep such Data. Depending on the legal grounds of processing, the Data may be processed for the following periods of time:

if they are processed based of a ground of necessity to execute the Agreement - for the term of the Agreement and until expiry of claim limitation period related thereto (the Controller may decide to anonymise or delete the Data beforehand);
if they are processed based on a ground of a legitimate interest of the Controller - until a successful objection is filed (the Controller may decide to anonymise or delete the Data beforehand);
if they are processed based on a consent - until withdrawal thereof (the Controller may decide to anonymise or delete the Data beforehand);
if they are processed based on a ground of fulfilling a legal obligation of the Controller - in the scope and for a period necessary to fulfil such obligations in compliance with binding laws.

V. VOLUNTARY PROVISION OF DATA : The provision of the Data is voluntary. VI. DATA RECIPIENTS : Recipients of the given Data categories may be: a) Our service providers such as e.g. IT or accounting services, b) authorities entitled to receive the Data in compliance with binding provisions of law. Any transfer of the Data to the recipient takes place only on a valid and legally binding ground. VII. YOUR RIGHTS : At any time You are granted the right to withdraw your consent - to the extent that your Data are processed based on your consent. Remember that withdrawal of your consent does not impact lawfulness of processing before such withdrawal. Moreover, at any time You are granted right to object against processing of your Data - to the extent that your Data are processed based on legitimate interests pursued by the Controller. Your rights include also: right to access your Data, including receiving a copy thereof; right of rectification of your Data; right of erasure of your Data (only in cases foreseen by GDPR); right to restrict processing of your Data; right to Data portability; right to file a complaint to the President of the Personal Data Protection Authority (www.uodo.gov.pl). VIII. TRANSFER THE DATA TO THIRD COUNTRIES : For the moment, we do not plan to transfer the Data to third countries (i.e. the countries outside the EEA (European Economic Area)). Should it, however, happen, it will be executed in compliance with all requirements resulting from the binding provisions of law. Should a transfer take place to an entity located in a third country that does not provide an appropriate level of protection, we will apply security measures such as standard contractual clauses approved by the European Commission. IX. NO AUTOMATED DECISION MAKING : As part of our marketing and Service improvement activities, we analyse the Data in IT systems, using various filters and tools. We perform these activities based on our legitimate interest (legal ground: Article 6 point 1 letter f of GDPR), which consists in searching and grouping categories of persons in order to determine which advertising messages may be of their interest, as well as to improve our Services. We do not make any automatic decisions towards You based on the results of the activities described above. X. INFORMATION ABOUT COOKIES : In scope of the e-store, cookies are placed by Us and - potentially - by third parties. Depending on cookies and other technologies lifetime, We use two main types of these files: (a) session cookies - temporary files stored on the end device until logging out, leaving the application or turning off the software (web browser); (b) persistent - stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User. If, You do not use cookies, the websites will treat You as a new User each time You visit. For instance, if You are redirected from one site to another and then return to the original site, You will not be recognized and You will have to log in again. You can manage and delete cookies at your own discretion. You can delete all the cookies stored on your device, and most web browsers allow You to block cookies. However, if You do so, You will have to change Your user settings each time You visit the site or application. You will learn how to manage cookies in your browser settings or on its dedicated website. XI. UPDATING INFORMATION : As the Privacy Policy is an up-to-date information about processing of the Data, its content may change so that it is consistent with the actual processing of your Data. Current Privacy Policy version together with an information about the date of the last update will always be available in the Service.