Privacy Policy

I. GENERAL INFORMATION

This document sets out the privacy rules for the cezar.eu website (hereinafter referred to as the "Website") and aims to inform you about how the Website uses your personal data, with respect to which we comply with all requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR), the Act of 10 May 2018 on the Protection of Personal Data, and the Act of 18 July 2002 on the Provision of Electronic Services.
The data controller on the Website is Dariusz Bogdan Niewiński, operating a business under the name CEZAR Przedsiębiorstwo Produkcyjne Dariusz Bogdan Niewiński (address: ul. Strefowa 2, 19-300 Ełk), NIP 5420011579, REGON 050126950, email address: cezar@cezar.eu and contact phone number: +48 87 620 99 00. The Data Protection Officer at CEZAR is Dr. Andrzej Marek Kisiel, email: iodo@cezar.eu, or by post to: Przedsiębiorstwo Produkcyjne
Dariusz Bogdan Niewiński, ul. Strefowa 2, 19-300 Ełk.

II. PERSONAL DATA - TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

The Administrator processes your personal data from the Website in the event of:

using the Website, for the purpose of providing electronic services in the scope of making content collected on the Website available to you, based on Art. 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract)
registering an Account on the Website, for the purpose of creating an individual Customer Account and managing this Account based on Art. 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract),
placing an order on the Website, for the purpose of concluding a sales contract based on Art. 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract),
using the contact form service on the Website, for the purpose of identifying the sender and handling the inquiry sent via the provided form, based on Art. 6(1)(b) of the GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract); for data provided optionally, the legal basis for processing is consent (Art. 6(1)(a) of the GDPR),
participating in contests, promotional campaigns, and loyalty programs (the legal basis for processing is consent - Art. 6(1)(a) of the GDPR),
using web push notifications (the legal basis for processing is consent - Art. 6(1)(a) of the GDPR),
subscribing to the Newsletter for sending commercial information by electronic and SMS means based on Art. 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller based on consent obtained under other regulations),
where processing is necessary for compliance with a legal obligation to which the Administrator is subject - Art. 6(1)(c) of the GDPR,
where processing is necessary for the purposes of the legitimate interests pursued by the Administrator, consisting in protecting the Administrator's interests and good reputation, based on Art. 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party),
where processing is necessary for the purposes of the legitimate interests pursued by the Administrator, consisting in conducting analysis of User activity on the Website to improve existing functionalities, based on Art. 6(1)(f) of the GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party).

Type of personal data processed:

When registering an Account on the Website and placing an Order on the Website, the Client provides:

First name and last name,
Address and/or delivery address
Email address
Phone number
Other

When registering an Account on the Website, the Client will receive a one-time access code to the provided email address, allowing them to log in to the Account.

When subscribing to the Newsletter and when using the Contact Form service on the Website, the Client provides:

First name,
Email address.

For entrepreneurs, the above scope of data is extended to include the entrepreneur's company name and NIP (tax identification number).
Providing your personal data is entirely voluntary, with the caveat that failure to provide the data specified in the Website registration form or the Website order form will prevent you from registering and creating a Customer Account, respectively, and placing an order.
When using the Website, additional information may be collected, in particular the IP address assigned to your computer or the external IP address of your Internet provider, domain name, browser type, access time, and operating system type.

III. PERSONAL DATA RETENTION PERIOD

If the basis for data processing is the performance of a contract, your personal data will be stored by the Administrator as long as it is necessary for the performance of the contract, and after that period, for a period corresponding to the archiving obligation period resulting from legal provisions, including the obligation to store accounting documents or the statute of limitations for any claims that the Administrator may raise and that may be raised against them. Unless a specific regulation provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business operations, it is three years.
If the basis for data processing is consent, your personal data will be stored by the Administrator for the period necessary to use the service, within the framework of which the Customer's personal data was provided, until the consent is withdrawn, and after withdrawal of consent, for a period corresponding to the archiving obligation period resulting from legal provisions, including the obligation to store accounting documents or the statute of limitations for claims that the Administrator may raise and that may be raised against them. Unless a specific regulation provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business operations, it is three years.
If the basis for data processing is the Administrator's compliance with legal obligations, your personal data will be stored by the Administrator until their obligations resulting from legal provisions are fulfilled.
If the basis for data processing is the Administrator's legitimate interest, your personal data will be stored by the Administrator for the duration of such interest or until you effectively object to the data processing.

IV. ENTITIES TO WHOM CUSTOMER'S PERSONAL DATA WILL BE DISCLOSED

Recipients of your personal data may include entities fulfilling orders on behalf of the Administrator and handling them, including: shipping service providers, accountants, goods suppliers, IT solution providers, payment processing companies, banks, marketing service providers, warehouse service providers, telecommunications service providers, law firms, and authorized state authorities. Your personal data is not shared with other entities for commercial purposes.

V. CUSTOMER RIGHTS IN PERSONAL DATA PROTECTION

1. You have the right to:

request access from the Administrator to your personal data stored by the Administrator,
request from the Administrator the rectification of your personal data stored by the Administrator if it is inaccurate,
request from the Administrator the immediate erasure of your personal data, provided that the conditions specified in Article 17 of the GDPR are met,
request from the Administrator the restriction of processing of your personal data, provided that the conditions specified in Article 18 of the GDPR are met,
request from the Administrator to receive and transfer your personal data, provided that the conditions specified in Article 20 of the GDPR are met,
object to the processing of your personal data, provided that the conditions specified in Article 21 of the GDPR are met,
withdraw consent to the processing of your personal data at any time, if personal data is processed on the basis of consent, without affecting the lawfulness of processing carried out on the basis of consent before its withdrawal,
lodge a complaint against the Administrator with the supervisory authority, i.e., the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, tel. 22 531 03 00.

2. You may exercise the rights indicated in paragraph 1 by submitting the appropriate declaration of intent to the Administrator:

by mail to the address: Przedsiębiorstwo Produkcyjne Dariusz Bogdan Niewiński, ul. Strefowa 2, 19-300 Ełk
by email to: iodo@cezar.eu

The Administrator may use profiling on the Website for direct marketing purposes, although decisions made by the Administrator based on this profiling do not concern the conclusion or refusal to conclude a Sales Contract or the ability to use Digital Services on the Website. The result of using profiling on the Website may be, for example, granting you a dedicated discount code, reminding you about unfinished purchases, sending product suggestions that may match your interests or preferences, or offering better conditions compared to the standard Website offer. Despite profiling, you freely decide whether you want to use the discount or other better conditions received in this way and make a purchase on the Website.
Profiling on the Website involves the automatic analysis or prediction of your behavior on the Website, for example, by adding a specific Product to the shopping cart, browsing a specific Product page on the Website, or analyzing the history of previous purchases on the Website. A prerequisite for profiling is that the Administrator has your personal data in order to send you, for example, a discount code.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, unless the conditions specified in Article 22 of the GDPR are met.
Your personal data will not be transferred to a third country.

VI. PERSONAL DATA BREACH

In the event of a personal data breach, the Administrator shall, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the supervisory authority (President of the Personal Data Protection Office), unless the breach is unlikely to result in a risk to the rights or freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by an explanation for the delay. If the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Administrator shall communicate the personal data breach to the data subject without undue delay.

VII. COOKIES

We use cookies on our Website. They are stored on the end device of the person visiting the Website if the web browser allows it. Cookies usually contain the name of the domain they come from, their "expiry time" and a unique, randomly selected identification number. Information collected through cookies helps the Administrator to tailor the offered products to your individual preferences and actual needs. They also allow for the compilation of general statistics on visits to the products presented on the Website.
Cookies used by the Website can be divided according to the following criteria:
1. based on their provider:
  1. first-party (created by the Administrator's Website),
  2. third-party (other than the Administrator),
2. based on their storage period on the device of the person visiting the Website:
  1. session (stored until logging out of the Website or closing the web browser),
  2. persistent (stored for a defined period, specified by the parameters of each file or until manually deleted),
3. based on their purpose of use:
  1. necessary (enable the proper functioning of the Website),
  2. functional (allow customization of the Website to the preferences of the visitor),
  3. analytical and performance (collect information on how the Website is used),
  4. marketing, advertising, and social (collect information about the visitor of the Website to display personalized advertisements and conduct other marketing activities, including on websites separate from the Website, such as social media platforms).
The Administrator uses cookies for the purpose of:
1. identifying Users as logged in to the Website and indicating that they are logged in (Necessary Cookies),
2. remembering Products added to the shopping cart for placing an Order (Necessary Cookies),
3. remembering data from completed Order Forms, surveys, or login data to the Website (Necessary or Functional Cookies),
4. customizing the content of the Website to the User's individual preferences (e.g., regarding colors, font size, page layout) and optimizing the use of Website pages (Functional Cookies),
5. conducting anonymous statistics illustrating the way the Website is used (Analytical Cookies)
6. remarketing and retargeting, i.e., examining the behavior of Website visitors through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords) in order to create their profile and deliver advertisements tailored to their anticipated interests, also when they visit other websites in the advertising network of Google Ireland Ltd. and Meta Platforms Ireland Ltd. (Marketing, Advertising, and Social Cookies)
Upon your first visit to our Website, we ask for your consent to the use of optional cookies, i.e., those that are not essential for the proper functioning of the site (by clicking the "..." field). It is also possible to refuse consent to the use of all optional cookies (by clicking the "..." field) or to consent to the use of only specific types of cookies (by clicking the "..." field). Furthermore, you can at any time define the conditions for using cookies through your own browser settings. This means that you can partially restrict (e.g., temporarily) or completely disable the saving of cookies – however, in the latter case, this may affect some functionalities of the Website (e.g., it may be impossible to complete the Order path via the Order Form due to Products not being remembered in the cart during subsequent steps of placing the Order).
Browser settings regarding Cookies are important from the perspective of consenting to the use of Cookies by our Website. Detailed information on changing cookie settings and independently deleting them in the most popular web browsers is available in the help section of your web browser and on the following pages (just click the link):
The Administrator may use Google Ads, Google Analytics, and Google Tag Manager services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and Meta Pixel service provided by Meta Platforms Ireland Limited on the Website. These services help the Administrator track statistics and analyze traffic on the Website. The collected data is processed within these services to generate statistics useful for administering the Website and analyzing traffic on the Website. This data is aggregate. When using the above services on the Website, the Administrator collects data such as sources and medium of acquisition of Website visitors and their behavior on the Website, information about devices and browsers from which they visit the site, IP and domain, geographic data, demographic data (age, gender), and interests.

VII. REVIEWS IN THE ONLINE STORE

1.1.The Customer of the Online Store has the option to voluntarily and free of charge post reviews regarding purchases made in the Online Store. The subject of the review may also be an evaluation, photo, or review of a purchased product in the Online Store.
1.2. After purchases are made in the Online Store, the Seller transfers the data necessary to create an email invitation to the company that handles the survey process. The sending of surveys and the process of collecting feedback in forms is fully handled by TrustMate SA, with its registered office at Bartoszowicka 3, 51-641 Wrocław. TrustMate SA sends an email to the Customer requesting a review and a link to an online form enabling them to post it – the online form allows answering the Seller's questions about purchases, evaluating them, adding one's own description of the review, and a photo of the purchased product. If no review is posted after receiving the first invitation to leave a review, TrustMate may resend the invitation.
1.3.A review can only be posted by a Customer who has made purchases in the Seller's Online Store.
1.4.Reviews posted by the Customer are published by the Seller in the Online Store and on the TrustMate.io profile.
1.5.Posting a review may not be used by the Customer for unlawful activities, in particular for actions constituting an act of unfair competition against the Seller, or actions violating personal rights, intellectual property rights, or other rights of the Seller or third parties.
1.6.A review can only be posted for products actually purchased in the Seller's Online Store. It is forbidden to enter into fictitious/sham sales contracts for the purpose of posting a review. The author of the review cannot be the Seller themselves or their employees, regardless of the basis of employment.
1.7.A posted review may be removed by its author at any time.

The privacy policy is regularly reviewed and updated as needed.

This version of the privacy policy is effective from January 1, 2026.