Privacy policy

1. This document defines the Privacy Policy for the online platform “wallcolors.com” operating at wallcolors.com run by the company KOMJ sp. z o. o. based in Trzebinia, ul. Przemysłowa 8, 32-540 Trzebinia, registered in the National Court Register under number KRS 0000964370, NIP 6282286943, REGON 52179221300000, with a share capital of 100,000.00 PLN, which particularly includes regulations concerning the protection of personal data and the security of other data entered into the Service by the User.
2. The Privacy Policy is an integral annex to the Terms and Conditions of the online service  wallcolors.com.

The terms used in this document mean:

1. Data Controller (also referred to as the Administrator) - KOMJ sp. z o. o., based in Trzebinia, ul. Przemysłowa 8, 32-540 Trzebinia, registered in the National Court Register under number KRS 0000964370, NIP 6282286943, REGON 52179221300000, with a share capital of 100,000.00 PLN.
2. Service - the website located at wallcolors.com and all its subpages.
3. User - a natural person using the Service and providing their personal data within it.
4. Personal data - information about an identified or identifiable natural person based on one or more factors, such as physical, genetic, economic, social data, etc.
5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.in relation to the protection of natural persons in connection with the processing of personal data.
6. Regulations – Regulations of the site "wallcolors.com" operating at the address wallcolors.com

1. The Administrator is the administrator of personal data within the meaning of the GDPR.
2. The Administrator collects and processes personal data in accordance with applicable legal regulations, including in particular the GDPR, and in accordance with the principles provided for in these regulations. 
3. The Administrator informs about the processing of data at the moment of their collection. The Administrator processes data to the extent, time, and purposes indicated each time in the content provided under the forms used to collect personal data from the User.
4. The Administrator shares Personal Data only with trusted subcontractors of the Administrator, i.e.to couriers, delivery personnel responsible for managing IT systems, entities such as banks and payment operators, entities providing accounting and legal services, marketing agencies (in the scope of marketing services), entities providing other IT and programming services. 
5. The Administrator has the right to transfer selected User Personal Data to the relevant authorities and third parties if such necessity arises from applicable legal regulations and when these entities request their provision based on the appropriate legal basis.
6. The Administrator ensures the security of processed personal data and their confidentiality, as well as enables the User to access information about data processing. Should there be a breach of Personal Data protection despite the security measures in place (e.g.In the event of a "data leak" or loss of data, such a breach could pose a high risk to the rights or freedoms of the User. The Administrator will inform the User of such an event in accordance with the regulations.
7. The User may contact the data administrator. The contact details are as follows:
8. Correspondence address: wallcolors sp. z o. o. 32-540 Trzebinia, Przemysłowa 8, POLAND
   Phone: +48 788 777 865 +48 692 775 025
   Email: hello@wallcolors.com
9. In order to offer you the payment method Klarna we may share your personal data in the form of contact details and order specifics with Klarna for the purpose of assessing whether you qualify for the payment method Klarna and to tailor these methods to you. Your provided personal data is processed in accordance with Klarna's privacy policy .

1. The Administrator utilizes all available technical and organizational measures to ensure the security of the User's personal data and to protect it against accidental or intentional destruction, accidental loss, modification, unauthorized disclosure, or access. Users' personal data is stored and processed on highly secure servers, with appropriate security measures in place, complying with Polish law.
2. The entrusted data is stored on top-class hardware and servers in appropriately secured data centers, to which only authorized personnel have access.
3. The Administrator carries out activities related to the processing of personal data with respect for all legal and technical requirements imposed on him by the regulations concerning the protection of personal data. The Administrator continuously analyzes the risks associated with the processing of personal data and ensures that access to the data is granted only to authorized individuals and only to the extent necessary to perform their duties. 
4. The Administrator takes all necessary actions to ensure that his subcontractors and other cooperating entities also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Administrator.
5. The Administrator commits to storing backup copies containing the User's personal data.

1. In the event of a change in personal data, the User should update it by sending an appropriate message to the Administrator.
2. The user is entitled to the following rights:

1. the right to information about the processing of Personal Data,
2. the right to obtain a copy of the Personal Data processed by the Administrator,
3. the right to rectify Personal Data,
4. the right to delete Personal Data (on this basis, one can request the deletion of data that is no longer necessary for the purposes for which it was collected),
5. the right to restrict the processing of Personal Data,
6. the right to data portability,
7. the right to object to the processing of Personal Data for marketing purposes (the User may at any time object to the processing of Personal Data for marketing purposes, without the need to justify such objection),
8. the right to object to other purposes of data processing (The User may at any time object – for reasons related to their particular situation – to the processing of Personal Data, which is carried out on the basis of the legitimate interest of the Administrator; such an objection requires  justification),
9. the right to withdraw consent if Personal Data is processed based on the expressed consent (the withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal),
10. the right to lodge a complaint with the supervisory authority for the processing of Personal Data, competent due to the User's habitual residence, place of work, or the place of the alleged infringement.In Poland, the supervisory authority is the President of the Personal Data Protection Office.
    
    
1. The Administrator may refuse to delete the User's personal data if the retention of personal data is necessary due to an obligation imposed on the Administrator by law.
2. The User  has the right to submit a request regarding the exercise of the rights granted to them as indicated above, either by mail or electronically (email). The contact details of the Administrator are specified in § 3 sec. 7. 
3. In cases where, based on the request referred to in sec. 4, the Administrator is unable to determine and identify the individual to whom the request pertains, they will ask the applicant for additional information. Failure to provide additional information will result in the refusal to fulfill the applicant's request. 
4. The Administrator responds to the request within one month of its receipt.In case of the need to extend this deadline, the Administrator informs the applicant of the reasons and the expected date for providing a response to the request. 

1. Personal data is processed for the following purposes and on the following bases:
1. Using the Service: 
1. Personal data of all individuals using the Service (including IP address or other identifiers and information collected through cookies or other similar technologies) is processed by the Administrator for the purpose of:
1. providing services electronically (legal basis: necessity of processing for the performance of a contract  - art. 6 sec. 1 lit. b GDPR),
2. for analytical and statistical purposes (legal basis: consent – art. 6 sec. 1 lit. a GDPR),
3. establishing and pursuing claims or defending against claims  (legal basis: legitimate interest of the Administrator - art. 6 sec. 1 lit. f GDPR, which is the protection of the Administrator's rights).
2. Registration in the Service, order form:
1. In order to create, manage, and maintain a User Account, the User is asked to provide the Personal Data indicated in the registration form. Providing data is not mandatory, but refusal to provide it results in the inability to create a User Account. To place an order in the Service, the User is asked to provide the Personal Data indicated in the order form. Providing data is not mandatory, but refusal to provide it results in the inability to place an order.The personal data provided by the User is processed by the Administrator for the purpose of:
1. providing services electronically (legal basis: necessity of processing for the performance of a contract  - art. 6 sec. 1 lit. b GDPR),
2. for analytical and statistical purposes (legal basis: consent – art. 6 sec. 1 lit. a GDPR),
3. establishing and pursuing claims or defending against claims  (legal basis: legitimate interest of the Administrator - art. 6 sec. 1 lit. f GDPR, which is the protection of the Administrator's rights).
3. Newsletter and SMS/MMS marketing service:
1. Users who have expressed such a desire to the Administrator receive e-mails, SMS, or MMS with advertising content. Subscribing to the Newsletter and SMS/MMS marketing services involves providing the Administrator with the User's personal data.Providing data is not mandatory, but refusal to provide it results in the inability to deliver the Newsletter service and SMS/MMS marketing services. The personal data indicated by the User is processed by the Administrator for the purpose of:
1. providing services electronically (legal basis: necessity of processing for the performance of the contract  - art. 6 sec. 1 lit. b GDPR - in the scope of data necessary for sending the Newsletter, SMSs, and MMSs, in the scope of optional data the legal basis: consent – art. 6 sec. 1 lit. a GDPR),
2. for analytical and statistical purposes (legal basis: consent – art. 6 sec. 1 lit. a GDPR),
3. establishing and pursuing claims or defending against claims  (legal basis: legitimate interest of the Administrator - art. 6 sec. 1 lit. f GDPR, which is the protection of the Administrator's rights),  
4. for the marketing purposes of the Administrator – directing marketing content via Newsletter, MMS, and SMS (legal basis: legitimate interest of the Administrator - art. 6 sec. 1 letter f GDPR - dictated by the User's consent to use the Newsletter service and SMS/MMS marketing).
4. Marketing
1. The Administrator processes Users' Personal Data for the purpose of carrying out marketing activities, which may consist in particular of displaying marketing content to the User that corresponds to their interests or sending commercial information electronically for purposes related to the direct marketing of goods and services. In such cases, the User's Personal Data is processed by the Administrator based on the User's consent  (art. 6 sec. 1 letter a GDPR), which can be withdrawn.The achievement of the marketing goals of the Administrator can be realized through profiling, which involves the automatic processing of Personal Data and its assessment for the purpose of analyzing user behavior and creating forecasts for the future, allowing for the display of content to the User that aligns with their individual preferences and interests. 
5. Contact form, traditional and electronic correspondence (email)
1. The User can send messages to the Administrator using electronic mail with the contact details of the Administrator available in the Service, the Terms and Conditions, or this Privacy Policy, as well as through the contact form available in the Service. The personal data contained in this correspondence is used by the Administrator solely for the purpose of communication and addressing the matter to which the correspondence pertains.The basis for processing Data is the legitimate interest of the Administrator - Article 6(1)(f) of the GDPR - consisting of maintaining correspondence directed to him in connection with his business activities, and in the case of contact related to the services provided or the contract - the necessity of processing for the performance of the contract - Article 6(1)(b) of the GDPR. 
6. Telephone contact
1. The User may contact the Administrator by telephone regarding the services provided or the contract concluded, as well as in other matters. In the event of telephone contact regarding matters unrelated to the concluded contract or the services provided, the Administrator may request the provision of Personal Data only when it is necessary to handle the reported issue. The legal basis for processing Personal Data is the legitimate interest of the Administrator  - Article 6(1)(f).GDPR - related to the necessity of resolving the reported  matter related to his business activity, and in the case of contact related to the services provided or the contract - the necessity of processing for the performance of the contract  - art. 6 sec. 1 lit. b GDPR.
7. Social media profiles 
1. The Administrator has his profiles on social media ( m.in. Facebook). The Administrator processes Personal Data left by individuals responding to the profiles, such as comments or online identifiers. The Administrator uses this data for the effective management of the profiles, enabling activity on these profiles, as well as for analytical or statistical purposes. The legal basis for processing Personal Data is the legitimate interest of the Administrator   - art. 6 sec. 1 lit.According to GDPR - related to the promotion of one's activities and services provided, possibly for the purpose of pursuing claims or defending against claims from third parties. The above does not apply to the processing of personal data by social media platforms. To familiarize yourself with the rules of data processing by social media platforms, you should review their personal data processing policy. 
2. The period of data processing depends on the service provided, the purpose, and the basis for their processing. The principle is to process data for the duration of the service or order fulfillment. In cases where the basis for processing personal data is consent, the data is processed until such consent is effectively withdrawn. In cases where the basis for processing personal data is the legitimate interest of the Administrator, the data is processed until an effective objection is raised. 
3. The period for processing Personal Data referred to in paragraph 2 may be extended if the processing of data is necessary for the establishment, pursuit, and defense of potential claims. After this period, Personal Data may only be processed to the extent required by applicable law.
4. After the expiration of the period for processing Personal Data, Personal Data is deleted or irreversibly anonymized. 

1. The Administrator uses cookies. Cookies are small text files sent (saved) by the Service to the User's end device (e.g., computer, smartphone). 
2. The Administrator uses cookies to provide electronic services, improve them, and enhance quality, as well as for marketing, advertising, analytical, and statistical purposes, and to tailor the Service to the needs of its Users. By using cookies, the Administrator personalizes content and advertisements. Information about how the User interacts with the Service is shared with trusted social, advertising, and analytical partners to ensure the highest quality of services related to the operation of the e-store, analytics, matching, and personalization.
3. Two types of cookies are used within the Service: "session cookies" and "persistent cookies." "Session cookies" are temporary files that are stored on the User's device until they log out, leave the website, or close the software (web browser)."Permanent" cookies are stored on the User's device for a period specified in the cookie parameters or until they are deleted by the User.
4. In the Service, the Administrator uses the following types of cookies:
1. necessary - enable the use of services and functionalities available within the Service, e.g., they are used for user authentication or to fill the shopping cart during online purchases; 
2. analytical-statistical - allow for the collection of a range of information m.in. the number of visits and sources of traffic in the Service. The collection of this data serves to determine which pages are most frequently visited and leads to the creation of statistics regarding traffic in the Service. The collection of this data helps the Administrator improve the performance of the Service. The collected data is processed in an anonymized form.;
3. marketing and advertising – allow for the adjustment of content displayed in the Service and outside the Service, including advertisements, to the interests of Users. Data regarding browsing history, activity on services (e.g., purchase history, usage of services, type of displayed content and advertisements), or geolocation data may be used to present personalized content.  Based on information from the Service and the User's activity on other services, a profile of the User's interests is built. 
4. unclassified - this group includes cookies that could not be classified into the previous groups.
5. Marketing and advertising, analytical-statistical, and unclassified cookies may be installed by the Administrator and its trusted partners through the Service.
6. The legal basis for processing data in connection with the use of necessary cookies is the necessity of processing Personal Data to perform the contract (Article 6(1)(b) of the GDPR). For other cookies, the legal basis for processing Personal Data is the legitimate interest of the Administrator or the consent of the User (Article 6(1)(a) and (f) of the GDPR). The Administrator must obtain the User's consent to use analytical-statistical, marketing-advertising, and unclassified cookies. 
7. The consent referred to in paragraph 6 is granted through an appropriate form displayed during the first visit to the Service. The granted consent can be withdrawn or adjusted in another way at any time. To change or withdraw the granted consents, please contact the Administrator.
8. The User can change the cookie settings from the web browser level. 
9. Changing the settings of cookies and similar technologies may affect the operation of the Service and the services provided by it.
10. The Service uses tools from third parties to collect cookies. These entities process cookies according to the principles set out in their privacy policies and other documents defining cookie standards: 
1. Google Ads:
   https://support.google.com/adspolicy/answer/54817?hl=pl
   https://support.google.com/google-ads/answer/12929169?hl=pl
2. Meta (Facebook):
   https://pl-pl.facebook.com/privacy/policy/?entry_point=facebook_help_center_ig_data_policy_redirect|
   https://www.meta.com/pl/legal/quest/cookies-pixels-and-other-technologies/

1. In accordance with the practice of most services, www Administrator stores HTTP requests directed to its server (server logs).In connection with the above, the Administrator stores the following information:
1. IP addresses from which users browse the informational content of our service;
2. the time of the request arrival,
3. the time of the response sent,
4. the name of the client station - identification carried out by the HTTP protocol,
5. information about errors that occurred during the execution of the HTTP transaction,
6. the URL of the page previously visited by the user (referer link),
7. information about the user's browser.
2. The collected logs are stored indefinitely as auxiliary material for administering the Service. The information contained therein is not disclosed to anyone other than those authorized to administer the Service. Based on the log files, statistics may be generated to assist in administering the Service.Aggregate summaries in the form of such statistics do not contain any identifying features of individuals visiting the service.
3. The information contained in the logs is processed by the Administrator for technical, administrative purposes, to ensure the security of the IT system and to manage this system, as well as for analytical and statistical purposes – in this regard, the legal basis for processing Personal Data is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR).

1. As part of the Administrator's use of tools supporting ongoing activities provided, for example,by Google, Users' Personal Data may be transferred to countries outside the European Economic Area (EEA), in particular to the United States of America (USA) or another country where the entity cooperating with it maintains tools for processing Personal Data in collaboration with the Administrator. The Administrator transfers Personal Data outside the EEA only when necessary and with the assurance of an appropriate level of protection, primarily by using standard contractual clauses issued by the European Commission. 

1. This privacy policy is subject to updates in connection with the ongoing analysis of technical and legal conditions related to the processing of personal data. 

2. This privacy policy is effective from January 1, 2024