Privacy Policy

§1 GENERAL PROVISIONS

1. The administrator of personal data collected through the website www.stamply.pl is Damian Kowalski, operating under the name Damian Kowalski, registered in the Central Register and Information on Economic Activity of the Republic of Poland, managed by the Minister responsible for economic affairs, with the business address: Bratkowice 281, 36-055 Bratkowice, NIP: 5170406229, REGON: 385933390, email address: contact@stamply.co, hereinafter referred to as the 'Administrator' and also the 'Service Provider'.

2. The personal data collected by the Administrator via the website are processed in accordance with the Regulation of the European Parliament and Council (EU) 2016/679 of April 27, 2016, on the protection of individuals in relation to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR, and the Consumer Rights Act of May 30, 2014.

3. Any words or expressions written with capital letters in this Privacy Policy should be understood in accordance with their definition in the Terms and Conditions of the website www.stamply.pl.

§2 TYPE OF PERSONAL DATA PROCESSED, PURPOSE, AND SCOPE OF DATA COLLECTION

1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Administrator processes personal data of Service Users of www.stamply.pl in the case of:

1.1. account registration in the Service to create an individual account and manage this account, based on Article 6(1)(b) of the GDPR (performance of a contract for the provision of services electronically in accordance with the Terms and Conditions of the Service),

1.2. placing an order in the Service to fulfill a Contract for the provision of Digital Services, based on Article 6(1)(b) of the GDPR (performance of a contract),

1.3. subscribing to the Newsletter to send commercial information electronically. Personal data is processed after expressing separate consent, based on Article 6(1)(a) of the GDPR,

1.4. using the Opinion System to gather Customer feedback about the contract with the Administrator for the provision of Digital Services, based on Article 6(1)(f) of the GDPR (legitimate interest of the business),

1.5. using the License to send messages to the Administrator, based on Article 6(1)(b) of the GDPR (performance of a contract for the provision of services electronically in accordance with the Terms and Conditions of the Service).

2. TYPE OF PERSONAL DATA PROCESSED. The User provides the following data in the case of:

2.1. Account: email address, first and last name, address, phone number, NIP (Tax Identification Number),

2.2. Order: email address, first and last name, address, phone number, NIP (Tax Identification Number),

2.3. Newsletter: email address, first and last name

2.4. Opinion System: first name

2.5. License: first and last name, email address, address, phone number, NIP (Tax Identification Number).

3. RETENTION PERIOD OF PERSONAL DATA. Personal data of Service Users are stored by the Administrator:

3.1. If the legal basis for processing data is the performance of a contract, as long as necessary to fulfill the contract, and thereafter for the period corresponding to the statute of limitations for claims. Unless a special provision states otherwise, the statute of limitations is six years, and for claims related to periodic services or business activity, it is three years.

3.2. If the legal basis for processing data is consent, as long as the consent is not withdrawn, and after withdrawal, for the period corresponding to the statute of limitations for claims that the Administrator can raise or that can be raised against the Administrator. Unless a special provision states otherwise, the statute of limitations is six years, and for claims related to periodic services or business activity, it is three years.

4. While using the Service, additional information may be collected, such as: the IP address assigned to the User's computer or the external IP address of the Internet service provider, domain name, browser type, access time, and type of operating system.

5. After expressing separate consent, based on Article 6(1)(a) of the GDPR, data may also be processed to send commercial information electronically or to make telephone calls for direct marketing purposes – in accordance with Article 10(2) of the Act of July 18, 2002, on the provision of electronic services or Article 172(1) of the Act of July 16, 2004 – Telecommunications Law, including those directed as a result of profiling, provided that the User has given appropriate consent.

6. Navigation data, including information about links and references the User chooses to click or other actions taken on the Service, may also be collected. The legal basis for such actions is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), aimed at facilitating the use of electronic services and improving the functionality of these services.

7. Providing personal data by the User is voluntary.

8. The Administrator takes particular care to protect the interests of data subjects and ensures that the data it collects is:

8.1. processed lawfully,

8.2. collected for specified, lawful purposes and not processed further in a way incompatible with those purposes,

8.3. accurate and adequate in relation to the purposes for which they are processed and stored in a form that allows the identification of the data subjects no longer than necessary to achieve the purpose of processing.

§3 DISCLOSURE OF PERSONAL DATA

1. Personal data of Service Users are shared with service providers used by the Administrator in the operation of the Service, specifically:

1.1. payment system providers,

1.2. accounting office,

1.3. hosting provider,

1.4. software providers enabling business operations,

1.5. entities providing email marketing systems,

1.6. providers of software necessary for managing the website.

2. The service providers mentioned in point 1 of this paragraph, to whom personal data are disclosed, depending on contractual arrangements and circumstances, either follow the Administrator's instructions regarding the purposes and methods of processing these data (processors) or determine the purposes and means of processing independently (controllers).

3. Personal data of Service Users are stored exclusively within the European Economic Area (EEA), subject to §5 point 5 and §6 of the Privacy Policy.

§4 RIGHT TO CONTROL, ACCESS TO THE CONTENT OF ONE'S OWN DATA, AND TO RECTIFY IT

1. The data subject has the right to access the content of their personal data and the right to rectify, erase, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

2. The legal grounds for the Service User's request:

2.1. Access to data – Article 15 of the GDPR.

2.2. Rectification of data – Article 16 of the GDPR.

2.3. Erasure of data (the so-called right to be forgotten) – Article 17 of the GDPR.

2.4. Restriction of processing – Article 18 of the GDPR.

2.5. Data portability – Article 20 of the GDPR.

2.6. Objection – Article 21 of the GDPR.

2.7. Withdrawal of consent – Article 7(3) of the GDPR.

3. In order to exercise the rights referred to in point 2, a relevant email may be sent to the address: contact@stamply.co.

4. In the event of a request from the Service User based on the above rights, the Administrator will fulfill the request or refuse to fulfill it immediately, but no later than within one month of receiving it. However, if – due to the complex nature of the request or the number of requests – the Administrator cannot fulfill the request within one month, it will be fulfilled within the next two months, with the Service User being notified of the intended extension of the deadline and the reasons for it within one month of receiving the request.

5. In the event that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

§5 COOKIES

1. The Administrator's website uses "cookies".

2. Installing "cookies" is necessary for the proper provision of services on the Service's website. The "cookies" contain information necessary for the proper functioning of the site, as well as allow for the preparation of general statistics of website visits.

3. Two types of "cookies" are used on the website: "session" and "persistent".

3.1. "Session" cookies are temporary files stored on the Service User's device until they log out (leave the site).

3.2. "Persistent" cookies are stored on the Service User's device for a period defined in the cookie parameters or until they are deleted by the Service User.

4. The Administrator uses its own cookies to better understand how Service Users interact with the content of the website. The cookies collect information about how the Service User uses the website, the type of page from which the user was redirected, and the number of visits and the time spent on the website. This information does not record any specific personal data of the Service User but is used to generate statistics of site usage.

5. The Administrator uses external cookies to collect general and anonymous statistical data through Google Analytics tools (administrator of external cookies: Google LLC, based in the USA).

6. Cookies may also be used by advertising networks, particularly Google, to display ads tailored to how the Service User interacts with the Service. In this case, information about the user's navigation path or the time spent on a particular page may be retained.

7. The Service User has the right to decide on access to "cookies" on their computer by:

7.1. selecting the types of cookies they agree to collect right after entering the Service website when the cookie notification appears.

7.2. changing settings in their browser window. Detailed information on the possibility and methods of handling "cookies" is also available in the software (browser) settings.

§6 ADDITIONAL SERVICES RELATED TO THE USER'S ACTIVITY ON THE SERVICE

1. The Service uses so-called social media plugins (“plugins”) from social networks. When displaying the website www.stamply.pl, which contains such a plugin, the Service User's browser will establish a direct connection with the Instagram and TikTok servers.

2. The content of the plugin is sent by the respective service provider directly to the Service User's browser and integrated into the page. Through this integration, the service providers receive information that the Service User's browser displayed the website www.stamply.pl, even if the Service User does not have an account with the service provider or is not logged in. This information (along with the Service User's IP address) is transmitted directly from the browser to the server of the service provider (some of the servers are located in the USA) and stored there.

3. If the Service User logs into one of the above-mentioned social networks, the service provider can directly associate the visit to www.stamply.pl with the Service User's profile on that social network.

4. If the Service User uses the plugin, for example, by clicking the "Like" button or the "Share" button, the relevant information will also be sent directly to the service provider's server and stored there.

5. The purpose and scope of data collection, further processing and use by the service providers, as well as the possibility of contacting and exercising the User's rights in this regard, and the possibility of making settings to protect the User's privacy, are described in the privacy policies of the service providers:

5.1. https://www.tiktok.com/legal/page/eea/privacy-policy/pl

5.2. https://help.instagram.com/155833707900388

6. If the Service User does not want social networks to associate data collected during visits to www.stamply.pl directly with their profile on the social network, they must log out from the service before visiting www.stamply.pl. The Service User may also prevent the plugins from loading on the page by using appropriate browser extensions, e.g., blocking scripts with "NoScript".

7. The Administrator uses remarketing tools on the site, such as Google Ads. Their use involves using cookies from Google LLC related to the Google Ads service. As part of the cookie management mechanism, the Service User can decide whether the Service Provider will be able to use Google Ads (administrator of external cookies: Google LLC, based in the USA) in relation to them.

§7 FINAL PROVISIONS

1. The Administrator applies technical and organizational measures ensuring the protection of processed personal data appropriate to the risks and the categories of data subject to protection, and in particular ensures data is protected against disclosure to unauthorized persons, theft by an unauthorized person, processing in violation of applicable regulations, as well as changes, loss, damage, or destruction.

2. The Administrator provides appropriate technical measures to prevent the acquisition and modification of personal data sent electronically by unauthorized persons.

3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant Polish law provisions apply.