Privacy policy

§ 1 General Provisions

1. The administrator of personal data of users of the website located at the domain www.kiwikick.pl is Kiwikick sp. z o.o., with its registered office in Warsaw, ul. Żelazna 51/53, 00-841 Warsaw, entered into the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number: 0001047004, NIP: 5273066182, REGON: 525863714, share capital: PLN 5,000.00, fully paid (hereinafter referred to as the “Administrator”).
2. You can contact the Administrator via:

• E-mail: hello@kiwikick.pl,
• in writing, to the Administrator’s address: ul. Żelazna 51/53, 00-841 Warszawa.

3. The purpose of this Policy is to define the actions undertaken regarding personal data collected through the Administrator’s website and related services and tools used by its users, as well as in the context of concluding and executing agreements outside the website.
4. If necessary, the provisions of this Policy may be amended. Any changes will be communicated to users by publishing the updated Policy, and in the case of individuals who have consented to data processing via email or provided email addresses during contract execution, they will also be notified of the changes via email.

§ 2 Basis for Processing, Purposes, and Storage of Personal Data

1. Personal data of users is processed in accordance with the General Data Protection Regulation (GDPR), the Personal Data Protection Act, the Personal Data Protection Act of May 10, 2018, and the Act on the Provision of Electronic Services of July 18, 2002.
2. In the case of processing personal data based on an email or complaint submitted by the user, such processing is carried out pursuant to Article 6(1)(b) of the General Data Protection Regulation (GDPR), which states that processing is necessary in order to take action at the request of the data subject.
3. If separate consent is obtained from the user, their personal data may also be processed by the administrator for marketing purposes, including sending commercial information electronically to the email address provided by the user (Article 6(1)(a) of the General Data Protection Regulation).
4. In the case of entering into and performing a sales agreement or service provision agreement by the Administrator, the other party is required to provide data necessary for the conclusion of the agreement (which is a contractual requirement, and in the case of tax numbers, also a statutory requirement), and for this purpose, the Administrator processes personal data (Article 6(1)(b) of the General Data Protection Regulation).
5. In the case of conducting research and analyses to improve the functionality of available services (e.g., tracking tools), the legal basis for data processing is Article 6(1)(f) of the General Data Protection Regulation.
6. Users’ personal data is stored no longer than necessary to achieve the purpose of processing, i.e., until consent is withdrawn if processing is based on such consent, until the expiration of claims by the Administrator and the other party concerning the performance of concluded agreements (in the case of sales agreements/service agreements, 2 years from the end of the year), and until the resolution of inquiries sent via email or the conclusion of complaint handling.
7. To the extent necessary for the proper functioning of the website, its features, and the correct execution of payment operations (if facilitated through the website), the site utilizes user metadata. Metadata refers to the process by which the website’s IT system reads and recognizes the configuration and components of the user’s computer to adapt the site to its capabilities and establish a secure connection between the user’s computer and the site. Importantly, such metadata cannot lead to the identification of the user and does not harm the data stored on the user’s computer. Nonetheless, the user has the right to withdraw consent for metadata processing at any time by appropriately configuring their browser or downloading a suitable plugin provided by the browser’s manufacturer. For this purpose, users should consult the software manufacturer and follow their recommendations.
8. The Administrator may use profiling for the purposes of direct marketing; however, decisions made by the Administrator based on such profiling do not pertain to entering into or refusing to enter into an agreement, nor do they affect the ability to use electronic services. The outcomes of profiling may include, for example, granting a discount, sending a discount code, reminding about unfinished purchases, offering a product suggestion aligned with the person’s interests or preferences, or proposing better conditions compared to the standard offer. Despite profiling, the individual freely decides whether to take advantage of the received discount or improved conditions and proceed with a purchase. Profiling involves the automatic analysis or prediction of a person’s behavior on the Administrator’s website, such as adding a specific product to the cart, viewing a specific product page, or analyzing past activity on the site. The prerequisite for such profiling is that the Administrator possesses the individual’s personal data to subsequently send, for instance, a discount code.
9. To the extent necessary for the proper functioning of the website, the site may collect additional information during the User’s visit, including but not limited to:

• adres IP;
• information about the device, hardware, and software, such as hardware identifiers, mobile device identifiers (e.g., Apple Identifier for Advertising [“IDFA”] or the advertising identifier on an Android device). [„AAID”]),
• type of platform,
• settings and components,
• installed operating system
• the presence of necessary plugins;
• approximate geolocation data (derived from the IP address or device settings);
• data regarding the web browser, including the browser type and preferred language;
• Taking into account the nature, scope, context, and purposes of processing, as well as the risk of infringement of the rights or freedoms of natural persons with varying likelihood and severity of threats, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the regulation and can demonstrate this compliance. These measures are reviewed and updated as necessary. The Administrator applies technical measures to prevent unauthorized acquisition and modification of personal data transmitted electronically.

§ 3 Data Sharing

1. The Administrator ensures that all collected personal data is used to fulfill obligations towards users. This information will not be shared with third parties except in cases where:

○     explicit consent is given in advance by the individuals concerned for such an action, or

○     if the obligation to disclose such data arises or will arise from applicable legal provisions, e.g., to law enforcement authorities.

2. Additionally, the personal data of service recipients and customers may be shared with the following recipients or categories of recipients:

○     service providers supplying the Administrator with technical, IT, and organizational solutions that enable the Administrator to conduct business operations, including the website and electronic services provided through it (in particular, providers of computer software, marketing agencies, email and hosting providers, software for business management and technical support for the Administrator, and product delivery operators) – the Administrator shares the collected personal data of the Customer with the selected provider acting on their behalf only when and to the extent necessary to achieve the specific data processing purpose in accordance with this privacy policy.

○     providers of accounting, legal, and advisory services providing the Administrator with accounting, legal, or advisory support (in particular, an accounting office, law firm, or debt collection company) – the Administrator shares the collected personal data of the Customer with the selected provider acting on their behalf only when and to the extent necessary to achieve the specific data processing purpose in accordance with this privacy policy.

3. The Administrator may share anonymized data (i.e., data that does not identify specific Users) with external service providers to better understand the attractiveness of advertisements and services for users. In this regard, due to the location of software providers, data may be transferred – with adherence to protection principles – to third countries. These countries must comply with standard contractual clauses approved by the European Commission for the processing of personal data or have appropriate authorization based on bilateral data processing agreements between the European Union and the given third country, which is not a member of the European Economic Area. In the case of the Administrator, these entities include:

○     Google LLC (headquarters: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) for tools such as Google Analytics, used for analyzing website statistics; Google Tag Manager, used for managing scripts by easily adding code snippets to websites or applications and tracking user activities on a website; and Google Ads, used for displaying sponsored links in Google search results and on websites participating in the Google AdSense program,

○     Facebook Inc. (headquarters address: Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA) for the Facebook Pixel, used to track conversions from Facebook ads, optimize them based on collected data and statistics, and build targeted audience lists for future advertisements.

4. Third-party analytical technologies integrated with the Administrator’s services (including SDK [Software Development Kit] and API [Application Programming Interfaces]) may combine data collected from a user’s interaction with the Administrator’s website with information separately gathered over time and/or across different platforms. Many of these companies collect and use information based on their own privacy policies, which can be found on their respective websites. The Administrator encourages reviewing these policies.
5. The Administrator’s website may utilize the functionality of Google Analytics, a web analytics service provided by Google, LLC (“Google”). Google Analytics uses cookies to help website operators analyze how visitors use the site. Information generated by cookies about visitors’ use of the website is typically transmitted to and stored by Google on servers in the United States. According to current IT standards, the IP addresses of users visiting the Administrator’s website are anonymized. Only in exceptional cases is the complete IP address sent to Google’s servers in the United States and anonymized there. On behalf of the Administrator, Google uses this information to evaluate the website for its users, compile reports on website traffic, and provide other services related to website and internet usage to website operators. Google does not combine the IP address transmitted via Google Analytics with other data held by Google. More information on how Google Analytics collects and uses data can be found on Google’s official page at: www.google.com/policies/privacy/partners. Additionally, any user can prevent Google from collecting and processing data related to their use of the website by downloading and installing a browser add-on available at the following link: http://tools.google.com/dlpage/gaoptout.
6. The Administrator, when sharing data with third parties, makes every effort to do so only with entities that hold certifications under the (former) EU–US and Swiss–US Privacy Shield frameworks, accessible at www.privacyshield.gov. Such entities, when handling information originating from the European Economic Area (EEA), will do so in accordance with the “Accountability for Onward Transfer” principle of the Privacy Shield program. Where applicable, the Administrator will rely on EU standard contractual clauses and other safeguards to enable transfers outside the EEA. In line with the decision of the Court of Justice of the European Union dated July 16, 2020, regarding the EU–US Privacy Shield and the guidelines of the European Data Protection Board, the Administrator continues to assess the legal systems of the countries to which data is transferred and updates measures as necessary to ensure appropriate levels of protection.

§ 4 User Rights

1. A user whose personal data is being processed has the right to:

• access, rectification, restriction, erasure, or data portability – the data subject has the right to request from the Administrator access to their personal data, rectification, erasure (“right to be forgotten”), or restriction of processing. They also have the right to object to the processing and the right to data portability. Detailed conditions for exercising these rights are outlined in Articles 15-21 of the GDPR.
• withdrawal of consent at any time – if personal data is processed by the Administrator based on consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR), the data subject has the right to withdraw their consent at any time without affecting the lawfulness of processing carried out based on consent before its withdrawal.
• lodging a complaint with a supervisory authority – a person whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office in Warsaw.
• objection – a person whose data is processed has the right to object at any time, on grounds related to their particular situation, to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interests of the administrator), including profiling based on these provisions. In such cases, the Administrator may no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
• objection to direct marketing – if personal data is processed for the purposes of direct marketing (based on the Administrator’s legitimate interest, not on the data subject’s consent), the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.

2. The exercise of the above rights is carried out based on the user’s request sent to the email address hello@kiwikick.pl. Such a request should include the user’s first and last name.
3. The user ensures that the data provided or published by them on the website is accurate.

§ 5 Cookies

1. Cookies are understood as IT data, in particular text files, stored on users’ end devices (usually on the computer’s hard drive or a mobile device) used by the user’s browser to save specific settings and data for using websites. These files allow the user’s device to be recognized and the website to be displayed appropriately, ensuring comfort during use. Storing cookies thus enables the website and its offerings to be tailored to the user’s preferences – the server recognizes the user and remembers preferences such as visits, clicks, and previous actions.
2. Cookies specifically contain the name of the domain of the website from which they originate, the duration of their storage on the end device, and a unique number used to identify the browser used to connect to the website.
3. Cookies are used for the purpose of:

• adjusting the content of websites to the user’s preferences and optimizing the use of websites,
• creating anonymous statistics that help determine how users interact with websites, enabling the improvement of their structure and content,
• delivering website users advertising content tailored to their interests.

4. Cookies do not serve to identify the user, and they do not establish the user’s identity.
5. The fundamental division of cookies distinguishes them into:

• Essential cookies – these are absolutely necessary for the proper functioning of the website or the features the user wants to utilize, as without them, many of the services we offer could not be provided. Some of them also ensure the security of the services we provide electronically.
• Functional cookies – these are important for the operation of the website due to the fact that:

1. they enhance the functionality of websites; without them, the website will function correctly, but it will not be tailored to the user’s preferences,
2. they ensure a high level of website functionality; without them, the functionality of the website may decrease, but their absence should not completely prevent its use,
3. they serve most website functionalities; blocking them will cause certain features to not function properly.

3. Business-purpose “cookies” – enable the implementation of the business model on which the website is based; blocking them will not make the entire functionality unavailable, but it may reduce the quality of service delivery due to the inability of the website owner to generate revenue subsidizing its operation. This category includes, for example, advertising “cookies.”
4. “Cookies” used for website configuration – enable the settings of features and services on websites.
5. “Cookies” used for website security and reliability – allow the verification of authenticity and the optimization of website performance.
6. “Cookies” used for authentication – allow the website to identify when a user is logged in, enabling the display of appropriate information and functionalities.
7. “Cookies” monitoring session state – enable the storage of information on how users interact with the website. These may include details about the most frequently visited pages or any error messages displayed on certain pages. “Cookies” used to save the so-called “session state” help improve services and enhance the browsing experience.
8. “Cookies” monitoring processes on the website – enable the efficient operation of the website and its available features.
9. Cookies supporting advertisements – allow the display of ads that are more interesting to users and simultaneously more valuable for publishers and advertisers; cookies can also be used to personalize advertisements and display ads outside of websites.
10. Cookies accessing location – allow the adjustment of displayed information to the user’s location.
11. Cookies used for analysis, research, or viewership audits – enable website owners to better understand user preferences and improve and develop products and services through analysis. Typically, the website owner or a research company collects information anonymously and processes data on trends without identifying the personal data of individual users.
12. Harmless cookies – include cookies necessary for the proper functioning of the website and enabling its functionalities, but their operation is not related to tracking the user.
13. Analytical cookies – used to track users, but do not include information that would (without additional data) allow the identification of a specific user.

6. The use of cookies to adjust website content to user preferences generally does not involve collecting any information that allows the identification of the user, although such information may sometimes qualify as personal data, i.e., data enabling the attribution of certain behaviors to a specific user. Personal data collected using cookies can only be gathered for the purpose of performing specific functions for the user. Such data is encrypted in a way that prevents unauthorized access.
7. Cookies used by this website are neither harmful to the user nor to the user’s device. Therefore, to ensure the proper functioning of the service, it is recommended not to disable cookies in the browser settings. In many cases, the software used for browsing the web (web browser) by default allows storing information in the form of cookies and similar technologies on the user’s device. Users can change how cookies are used by their browser at any time by modifying the browser settings. The method for changing these settings varies depending on the software (web browser) being used. Appropriate instructions can be found on the support pages of the browser you are using.
8. Cookies are also used to facilitate logging into the user account, including via social media, and to enable seamless navigation between subpages on websites without requiring repeated login on each subpage. Simultaneously, cookies are used to secure websites, for example, by preventing access by unauthorized persons.
9. As part of cookie technology, the Administrator may use tracking pixels or clear GIF files to collect information about how users utilize their services and respond to marketing messages sent via email. A pixel is a piece of software code that allows embedding an object, usually a one-pixel image, on a website, enabling the tracking of user behavior on the pages where it is placed. Upon obtaining appropriate consent, the browser automatically establishes a direct connection with the server hosting the pixel, meaning that the data processing collected by the pixel is governed by the data protection policy of the partner administering the aforementioned server.
10. The Administrator may use web log files (which contain technical data, such as the user’s IP address) to monitor traffic within its services, resolve technical issues, detect and prevent fraud, and enforce the provisions of the User Agreement.
11. The Administrator informs that the website does not respond to DNT (Do Not Track) signals; however, the user can disable certain forms of tracking online, including some analytics and personalized advertisements, by adjusting cookie settings in their browser or using our cookie consent tools (if applicable).
12. Detailed information on how to change cookie settings and delete them manually in the most popular web browsers is available in the help section of your browser and on the following pages (simply click on the respective link):
    in Chrome browser
    in Firefox browser
    in Opera browser
    in Safari browser
    in Microsoft Edge browser
13. Detailed information on managing cookies on a mobile phone or other mobile device should be found in the user manual of the respective mobile device.
14. On our websites, third parties place information in the form of cookies and other similar technologies on your end device (e.g., computer, smartphone) and access them. These are our trusted partners with whom we collaborate to tailor advertisements and services to your needs and interests on both our and their websites. One such trusted partner is entities from the Wirtualna Polska capital group. Detailed information on how Wirtualna Polska processes your data can be found in the Wirtualna Polska privacy policy.