I General Provisions

  1. The words written in capital letters and not defined below have the meaning given to them as in the Terms and Conditions of the Service available at: https://www.essente.pl/en/terms-and-conditions
  2. This document specifies the principles of processing and protecting the personal data of Customers of the Service available at www.essente.pl (Privacy Policy).
  3. GDPR - personal data processing is carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) Data Protection Regulation) of 27 April 2016 (OJ EU.L No. 119), hereinafter referred to as GDPR, taking into account the provisions of the Act on the provision of services by electronic means and other generally applicable provisions of law.
  4. Administrator - the administrator of personal data (Personal Data) of Customers - natural persons - and users (data subjects) of the Service is Essente Sp. z o.o. with its registered office in Wasilków, ul. Białostocka 108, 16-010 Wasilków, entered into the register of entrepreneurs of the National Court Register maintained by the District Court in Białystok, 12th Commercial Division of the National Court Register under the KRS number 0001126726, with the following numbers: NIP 9662196981, REGON 529639178, e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it., This email address is being protected from spambots. You need JavaScript enabled to view it., telephone 85 733 52 12.
  5. Personal Data - referred to in the Privacy Policy is information about an identified or possible to identify the natural person to whom the data relates, i.e. one who can be directly or indirectly identified, in particular on the basis of a feature such as: name and surname, identification number, location data, internet identifier or one or more features defining the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person.
  6. Processing - within the meaning of the Privacy Policy means an operation or set of operations performed on Personal Data or sets of Personal Data in an automated or non-automated manner, such as collecting, recording, organizing, arranging, storing, adapting or modifying, downloading, browsing.

II Scope and purpose of collected data

  1. Personal Data are processed by the Administrator on the Website in order to enable the use of the functionality of the Website, including automatically when using the Website, i.e. for the purpose of:
    1. Registering on the Website;
    2. Concluding agreements via or available on the Website, in particular placing and fulfilling an Order;
    3. Efficient management and operation of the Website, including the Online Store, and ensuring the safety of their use, including for the purpose of disclosing abuses and performing analyses;
    4. Fulfilling the obligations of the Service Provider, in particular complaints regarding agreements concluded on the Website or via the Website and the operation of the Website;
    5. Preparing and presenting advertisements and offers tailored to the interests and needs of persons whose Personal Data concern and receiving commercial information, in particular sending by the Service Provider to the e-mail address indicated by the Customer ordered Newsletter;
    6. for the purpose of publishing the Content.
  2. For the purpose of:
    1. Registration on the Website – the following Personal Data are processed - name and surname, e-mail address, password, IP address, cookies;
    2. concluding agreements via or available on the Website, in particular placing and fulfilling the Order, the following Personal Data are processed - name and surname, address (street, house number, town with postal code), contact telephone number, order number, e-mail address, IP address, cookies or other data provided by the Service Provider on the Website or during contact with the Customer;
    3. smooth management and operation of the Website, including the Online Store and ensuring the safety of their use, including for the purpose of disclosing abuses, creating reports and analyses, including statistics on the viewing of subpages of the Website – the following Personal Data are processed – listed in the point above;
    4. fulfilling the obligations of the Service Provider, in particular complaints concerning agreements concluded on the Website or via the Website and the functioning of the Website – the following Personal Data are processed – name, surname, e-mail, telephone number, address (street, house number, town with postal code), IP address, cookies, bank account number;
    5. preparing and presenting advertisements and offers tailored to the interests and needs of persons whose Personal Data relate to and receiving commercial information, in particular sending the ordered Newsletter by the Service Provider to the e-mail address indicated by the Customer – the following Personal Data are processed: e-mail, IP address;
    6. for the purpose of publishing the Content – ​​the following Personal Data are processed: name, surname, e-mail, nickname, IP address, cookies.

III Legal basis for processing Personal Data

  1. The legal basis for processing Personal Data is:
    1. the consent of the person whose Personal Data is being processed;
    2. necessity to perform contracts concluded on the Website or through the Website, or to take actions requested by the person whose Personal Data is being processed before concluding the contract;
    3. necessity to fulfill a legal obligation incumbent on the Service Provider;
    4. legitimate interests pursued by the Service Provider or by a third party, which are electronic payment operators or others pursued in connection with the functionality of the Website, provided that this basis for processing Personal Data does not apply to children. In the event of the consent of the person whose Personal Data is subject to their processing, Personal Data concerning children is processed only if the child is over 16 years of age.

    2. IV Period of processing Personal Data

    1. Personal Data collected on the Website will be stored for settlement purposes for a maximum period of 5 years, counted from the end of the calendar year in which the tax payment deadline related to the agreement concluded on the Website or via the Website expired. In the remaining scope justified by the purposes of processing, Personal Data will be stored for as long as there is a legal basis for their processing, unless applicable law would require a longer period of their storage, e.g. for use in proceedings concerning the functioning of the Website. At the end of the storage period, personal data will be deleted or anonymized.

    V Voluntary provision of Personal Data

    1. Providing Personal Data on the Website is voluntary, but necessary to implement one or more of the purposes of processing Personal Data defined in point II1. above, which the Service Provider will not be able to implement in the event of failure to provide Personal Data on the Website, respectively for one or more of the purposes defined in point II1. above.

    VI Cookies

    1. The Service Provider informs that all information contained on the Cookies Policy can be found at https://www.essente.pl/en/privacy-policy

    VII Rights and Obligations of the Service Provider

    1. The Service Provider reserves the right to disclose selected Personal Data to competent authorities or third parties who submit a request for such information, based on an appropriate legal basis, in accordance with the provisions of applicable law.
    2. The Service Provider declares that it entrusts the processing of Personal Data, on the basis of a written agreement concluded in accordance with the provisions of applicable law, to entities providing the Service Provider with hosting, administration, maintenance and management services of the Service, as well as services in the field of message optimization and management of promotional campaigns.
    3. The Service Provider declares that it entrusts the processing of the Customer's Personal Data to entities providing the Service Provider or the Customer directly with services to the extent necessary to use the Service, including the implementation of agreements, in particular Orders, consideration of complaints and use of financial services available in the Online Store, on the basis of a written agreement concluded in accordance with the provisions of applicable law. Personal Data of Customers may be entrusted in particular to suppliers of Products, service technicians and accountants, post offices and transport companies.
    4. Personal Data may be processed in Poland, a Member State of the European Union (EU), in the territory of a signatory to the Agreement on the European Economic Area (EEA). Personal Data may also be processed outside the EEA, through their transfer by the Service Provider or the Processor, but only when it is necessary to achieve the purposes specified in point II1. above, and the transfer and processing of Personal Data outside the EEA are covered by an appropriate level of protection, adequate to the principles provided for in the GDPR, recognized by the decision of the European Commission. The Service Provider informs about the intention to transfer Personal Data outside the EEA at the stage of their collection.

    VIII Processing of Personal Data by Processors

    1. Processors within the meaning of the Privacy Policy are entities referred to in point VII1. and pt. VII2. , which process Personal Data on behalf of the Service Provider.
    2. The Processor is authorized and has the right to process Personal Data only for the purposes and to the extent specified in the Privacy Policy.
    3. The Processor processes the entrusted Personal Data in accordance with applicable legal regulations, in particular the Processor:
      1. applies technical and organizational measures required by law, in particular in the scope of security of Personal Data processing.
      2. applies measures ensuring:
        1. ability to continuously ensure confidentiality, integrity, availability and resilience of processing systems and services;
        2. ability to quickly restore the availability of personal data and access to them in the event of a physical or technical incident;
        3. regular testing, measuring and assessing the effectiveness of technical and organizational measures to ensure security of processing.
      3. applies Personal Data security measures at a level no lower than the one applied by the Service Provider.
    4. The Processor may change, delete or block the Personal Data being processed only at the request of the Data Controller. If the person whose Personal Data is being processed requests the Processor directly to change or delete their Personal Data, the Processor shall immediately, no later than 5 business days, forward such a request to the Service Provider.
    5. The Processor should not process the Personal Data for any purpose other than the performance of the obligations indicated in the Privacy Policy. The Processor may not disclose the Personal Data to third parties.
    6. The Processor is liable to the person whose Personal Data is being processed for any damage that the person may suffer as a result of the Processor's actions and omissions.

    IX Rights and Obligations of the Person Whose Personal Data is Being Processed

    1. Each Customer has the right to:
      1. access their Personal Data, the right to rectify it, delete it and the right to request the restriction of processing.
      2. object to the processing of Personal Data, withdraw consent to the processing of Personal Data for one or more purposes for which it was granted, at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal, as well as the right to transfer their Personal Data.
    2. In order to exercise the rights referred to in point IX1a. above, send an e-mail to the following address: This email address is being protected from spambots. You need JavaScript enabled to view it., call the telephone number 85 733 52 12 or use the functionalities provided in the Customer Account.
    3. In order to exercise the rights referred to in point IX1b. above, you should send an e-mail to the following address: This email address is being protected from spambots. You need JavaScript enabled to view it. with the word "objection" or "withdrawal of consent" in the title, call the telephone number 85 733 52 12 and inform about the objection or withdrawal of consent, click on the link causing the withdrawal of consent included in the content of commercial information or send written information about the withdrawal of consent to receive commercial information to the address of the Service Provider: Essente Sp. z o.o., Białostocka 108 St., 16-010 Wasilków, with the note "PERSONAL DATA".
    4. If the Customer places any personal data of other people on the Website (including their name, address, telephone number or e-mail address), they may do so only under the condition that they do not violate the provisions of applicable law and the personal rights of such people.
    5. The Customer is entitled to use the Personal Data and content made available by other people on the Website only in connection with the use of the Website and with their consent in a manner consistent with the provisions of applicable law, unless they obtain the consent of such other people to process their Personal Data and their content within the scope or for the purpose provided for in the Privacy Policy and extending beyond the use of the Website.
    6. Each Customer has the right to lodge a complaint with the body supervising the processing of Personal Data.

    X Personal Data Protection

    1. Service Provider declares that it makes every effort to provide Customers with a high level of security in the use of the Service and for this purpose:
      1. applies technical and organizational measures required by law, in particular in the area of ​​security of Personal Data processing;
      2. applies measures ensuring:
        1. ability to continuously ensure confidentiality, integrity, availability and resilience of processing systems and services;
        2. ability to quickly restore the availability of Personal Data and access to them in the event of a physical or technical incident;
        3. regular testing, measuring and assessing the effectiveness of technical and organizational measures to ensure security of processing.
    2. Any events affecting the security of information and data transmission, including suspicions of sharing files containing viruses and other files of a similar nature or other than destructive mechanism files, should be reported to the Service Provider via e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

    XI Final Provisions

    1. In matters not regulated in the Privacy Policy, the provisions of the law regarding the processing of Personal Data, including the GDPR, shall apply.