Privacy Policy

§ 1 General Provisions

1. This document constitutes the Privacy Policy, which sets out the rules governing the functioning of the Online Store and the principles regarding the processing of personal data.

2. In order to ensure the integrity and confidentiality of data, the Controller has implemented procedures that allow access to data only to authorized persons and only to the extent necessary for the performance of their tasks. The Controller applies organizational and technical measures to ensure that all operations on personal data are recorded and performed solely by authorized persons.

3. Personal data collected through this website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.

§ 2 Data Controller

1. The Controller of personal data is PIAG TEA sp. z o.o., with its registered office in Wągrowiec, ul. Ks. Wujka 15A, 62–100 Wągrowiec, entered into the Register of Entrepreneurs maintained by the District Court of Poznań – Nowe Miasto and Wilda in Poznań, 9th Commercial Division of the National Court Register, under KRS number: 0000986200, NIP (Tax Identification Number): 766-200-74-99, REGON: 522766086.

2. The Controller may be contacted via e-mail: shop@piagtea.com or in writing at: PIAGTEA sp. z o.o., ul. Ks. Wujka 15A, 62–100 Wągrowiec.

§ 3 Purposes and Legal Bases for Processing Personal Data

1. The purposes, legal bases, and retention periods of personal data are as follows:

1. for the purpose of providing the Newsletter service, based on the data subject’s consent (legal basis: Article 6(1)(a) GDPR), until consent is withdrawn,

2.  for the purpose of providing the Account service (legal basis: Article 6(1)(b) GDPR), for the time necessary to perform the contract, and thereafter for the period corresponding to the statute of limitations for claims,

3. for the purpose of concluding and performing sales contracts (legal basis: Article 6(1)(b) GDPR), for the time necessary to perform the contract, and thereafter for the period corresponding to the statute of limitations for claims,

4. for the purpose of fulfilling tax obligations arising from tax laws (legal basis: Article 6(1)(c) GDPR), for the retention period specified by tax regulations,

5. for the purpose of fulfilling accounting obligations under the Accounting Act (legal basis: Article 6(1)(c) GDPR), for the retention period specified by accounting regulation

6. for the purpose of fulfilling obligations under the Digital Services Act (legal basis: Article 6(1)(c) GDPR), such as receiving and handling reports of User Content, for the duration of obligations under the DSA, and thereafter for the period corresponding to the statute of limitations for claims,

7. for the purpose of enabling contact with the Controller via the contact form, which constitutes the Controller’s legitimate interest (legal basis: Article 6(1)(f) GDPR), for the duration of the correspondence,

8. for the purpose of posting product reviews, which constitutes the Controller’s legitimate interest (legal basis: Article 6(1)(f) GDPR), consisting of approving and publishing reviews submitted by Users, for the period during which the review is displayed,

9. for the purpose of pursuing claims or defending against claims, which constitutes the Controller’s legitimate interest (legal basis: Article 6(1)(f) GDPR), for the period corresponding to the statute of limitations for claims,

10. in connection with managing profiles on social media platforms such as Facebook and Instagram, in order to inform users about the Controller’s activities, promote services and products, and communicate with Users through functionalities available on social media. The legal basis for processing personal data of users visiting the Controller’s profiles is the Controller’s legitimate interest in promoting its own brand and building and maintaining a community related to the brand (legal basis: Article 6(1)(f) GDPR).

2. The Controller may process the following personal data: e-mail address, first name, last name, delivery address, telephone number, e-mail address, tax identification number (NIP), company name, and bank account number.

§ 4 Data Recipients

1. The Controller does not disclose Customers’ data to other entities, except for:

1. companies handling shipments on behalf of the Controller,

2. banks, where necessary for the purpose of settlements,

3. entities processing electronic or card payments,

4. authorized public authorities, in particular the Police, the Prosecutor’s Office, the President of the Personal Data Protection Office, and the President of the Office of Competition and Consumer Protection.

2. In addition, Customers’ personal data may be disclosed to entities processing data on behalf of and for the account of the Controller, on the basis of a data processing agreement, for the purpose of providing services specified in such agreement to the Controller, such as IT services, in particular hosting services, the provision or maintenance of IT systems, as well as accounting services.

§ 5 Rights of Data Subjects

1. Every data subject has the right:

1. of access (Article 15 GDPR),

2. to receive a copy of the data (Article 15(3) GDPR),

3. to rectification (Article 16 GDPR),

4. to erasure (Article 17 GDPR),

5. to restriction of processing (Article 18 GDPR)

6. to data portability (Article 20 GDPR),

7. to object (Article 21 GDPR),

8. to withdraw consent at any time and without providing any reason, where consent has been given for the processing of personal data.

2. In order to exercise the rights listed above, the data subject should contact the Controller and inform them which right and to what extent they wish to exercise. A request to exercise the rights of data subjects may be submitted by e-mail: shop@piagtea.com or in writing to the address: PIAGTEA sp. z o.o., ul. Ks. Wujka 15A, 62–100 Wągrowiec.

3. If, after receiving a request, the Controller is unable to determine the content of the request or identify the requesting person on the basis of the submitted application, the Controller shall ask the requesting person to provide additional information.

4. A response to the request shall be provided within one month of its receipt to the e-mail address from which the request was sent. In the case of requests submitted in writing, the response shall be sent by registered mail to the address indicated by the requesting person, unless the content of the request indicates a preference for receiving the reply via e-mail.

5. The data subject has the right to lodge a complaint with the supervisory authority responsible for personal data protection, which in Poland is the President of the Personal Data Protection Office.

§ 6 Information on the Requirement/Voluntariness of Providing Data

Providing data is voluntary; however, in certain cases, it may be necessary. The requirement to provide data occurs in the following cases:

1. when concluding and performing a sales contract – failure to provide the personal data necessary for concluding and performing the contract will result in the inability to enter into such a contract,

2. when registering an Account in the Store – failure to provide the personal data specified in the Account registration form will prevent registration and creation of an Account,

3. due to the statutory obligations of the Controller – such obligations include the processing of personal data for the purpose of fulfilling tax obligations and maintaining accounting records. Failure to provide personal data will result in the inability to perform the above obligations.

§ 7 Transfer of Data to Third Countries

(outside the European Economic Area)

The Controller, when using tools supporting its current business activities, for example those provided by Google, may transfer personal data to a country outside the European Economic Area, where a cooperating entity maintains tools for processing personal data in cooperation with the Controller. In such cases, compliance mechanisms provided for under the GDPR are applied, including the standard contractual clauses adopted by the European Commission.

Cookie Policy

§ 1 Cookies

1. The Online Store uses cookies. Cookies are small text files saved by the IT system on the User’s device (computer, phone, tablet) when browsing the Online Store, which allow the User to be identified again when reconnecting to the Store’s website from the device on which they were saved. These files are intended to ensure the proper functioning of the Store.

2. Any person visiting the Online Store, whether a Customer or a visitor, may choose the scope of use of cookie technology and subsequently provide the appropriate consent. Depending on the selected scope of cookie use, data about the visitor may be collected through them, e.g., how the visitor uses the Online Store’s website.

3. Cookies used in the Online Store are not harmful either to the visitor or to the end device used by the visitor.

§ 2 Types of Cookies Used

1. The Online Store uses the following types of cookies:

1.  session cookies – stored on the User’s device and remain there until the end of a given browser session. The stored information is then permanently deleted from the device’s memory. The session cookie mechanism does not allow the collection of any data or confidential information from the User’s device,

2. persistent cookies – stored on the User’s device and remain there until they are deleted. Ending a given browser session or turning off the device does not delete them from the User’s device. The persistent cookie mechanism does not allow the collection of any data or confidential information from the User’s device.

2. Depending on their purpose, the Online Store uses the following cookies:

1.  necessary – enabling the proper functioning of the Online Store,

2. functional – enabling Users to use additional features of the Online Store (other than those necessary for its operation). Enabling them provides full access to the Store’s functionalities,

3. analytical – allowing analyses concerning the Online Store, which may contribute to its better operation and adaptation to Users’ needs,

4. marketing – enabling the conduct of marketing activities.

3. In order to optimize its performance, the Online Store also uses third-party cookies. Third-party cookies are used for analytical and statistical purposes.

§ 3 Social Media Tools

The Website uses social media plugins, which may result in cookies from other entities such as Facebook, YouTube, and Instagram being placed on the User’s device. Details are provided below:

1. Facebook – We use the Facebook Like button to integrate our Website with our Facebook page. This may result in certain cookies being created by Facebook that detect the number of “likes” and whether you are logged into Facebook. Please refer to Facebook’s Privacy Policy.

2. Instagram – Instagram is a social networking service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Detailed information about cookies is available in Instagram’s Privacy Policy.

3. YouTube – We may embed videos on the Website that are hosted on an external service (YouTube), using YouTube’s enhanced privacy mode. According to information provided on YouTube’s website, YouTube may store cookies on the User’s computer only once the User plays a YouTube video. Furthermore, for the purposes of playing embedded videos under this privacy mode, YouTube will not store personally identifiable information about the User. Since these cookies are stored by YouTube, we do not have direct control over their use. Detailed information about cookies is available in YouTube’s Privacy Policy.

§ 4 Cookie Management

1. The operation of cookies can be modified by managing the scope of cookie technologies and the consent expressed within the settings available on the Online Store’s website (depending on the tools implemented by the Administrator or by changing the settings of the web browser). When using browser settings, the method of deleting cookies differs depending on the web browser used. Detailed information regarding the options and ways of handling cookies is available in the help section of the web browser used by the User. Nevertheless, if the use of cookies is in any way inconvenient for a person visiting the Online Store, the Administrator reminds that it is possible to opt out of cookies and prevent the web browser from saving them.

2. In the case of cookies intended to facilitate or improve the use of the Online Store’s website, limiting their use on a given device may affect the proper functioning of the Online Store. For example, in some cases, this may significantly hinder the use of the Online Store’s website.