I. Content of the privacy policy.

  1. The Administrator’s privacy policy is information regarding the processing of personal data and other information regarding users of the website https://mangomica.com/ (hereinafter referred to as the “Website”). In this privacy policy, the Administrator has included information that data subjects should receive in connection with the GDPR.
  2. The privacy policy contains information on the processing of data obtained by the Website.

II. Data Administrator and User.

  1. The administrator of users’ data is: Mangomica spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw at Rondo ONZ 1, 00-124 Warsaw, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw. Warsaw in Warsaw, XIII Commercial Division of the National Court Register under KRS number 0001043869, NIP 5273063344, REGON 525673570.
  2. A User is any natural person visiting the Website or using one or more services or functionalities described in the Privacy Policy.
  3. The Data Controller can be contacted at the correspondence address: Rondo Organization ONZ 1, 00-124 Warszawa and at the e-mail address: biuro@mangomica.pl and telephone number +48 516 986 599

III. Purposes, legal basis and period of data processing.

  1. In order to provide the Website service, the service provider processes:
    1. data provided voluntarily by the user when using the Website’s services and registering, in particular name, surname, telephone number, e-mail address, postal address,
    2. information about the user’s device to ensure the correct operation of the services: computer IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data regarding activity on the Website, including individual subpages in order to improve quality of services, including information about the session, IP number, amount of time spent on the Website or subpages, use of individual functionalities of the services;
    3. geolocation information, if the user has consented to the geolocation by the service provider. Location information is used to provide more tailored product and service offerings.
  2. The administrator provides information with full protection under the GDPR.
  3. The data is processed in order to:
    1. implementation of the Website’s services, i.e. providing the User with content collected on the Website, concluding and implementing a contract for the provision of electronic services, in accordance with Art. 6 section 1 letter b GDPR, including:
      • creating and maintaining a User account on the Website,
      • handling the User’s order,
      • handling and answering questions sent via the forms on the Website,
      • implementation of the ordered newsletter service;
    2. in connection with consent to the use of specific cookies or other similar technologies expressed by appropriate settings of the web browser in accordance with the Telecommunications Law or in connection with consent to geolocation. The data is processed until the User stops using the Website, in accordance with Art. 6 section 1 letter a GDPR;
  4. The period of data processing by the Administrator depends on the type of service provided and the purpose of processing. As a rule, data is processed for the duration of the service provision, until the consent is withdrawn or an effective objection to data processing is raised in cases where the legal basis for data processing is the legitimate interest of the Administrator.

IV. Complaints.

  1. In order to consider complaints, the Administrator processes personal data of users submitting complaints, in particular e-mail address, content of the complaint, information obtained in the course of the complaint, including the circumstances of the event giving rise to the complaint. In the course of considering a complaint, the Administrator may process a number of other information, including the User’s name and surname, information about the User’s use of the service, cookies or other similar technologies, and information about devices.
  2. The data is processed in accordance with Art. 6 section 1 letter b GDPR in order to provide services, i.e. contracts for the provision of electronic services and are processed for the time necessary to consider the complaint and no longer than 3 months after the end of the complaint procedure for archiving purposes in the event of the need to defend against possible claims against the service provider in accordance with the information provided below.

V. Explanatory proceedings, pursuing claims.

  1. In the event of undertaking explanatory proceedings regarding a possible violation of the law, principles of social coexistence or good manners, proceedings to pursue claims by the Administrator or other Users or entities, defense against claims of Users or other entities, the Administrator may process personal data of specific Users until the completion of ongoing proceedings and the expiry of the limitation period for the Administrator’s claims against the user.
  2. If personal data will be processed in order to pursue claims of other Users, these data may be made available for this purpose to another User or entity or to a public authority authorized under the law.
  3. These data will then be processed, including made available in accordance with Art. 6 section 1 letter c GDPR, i.e. in order to fulfill the obligation arising from legal provisions regarding the obligation to process complaints, in accordance with the Act on the provision of electronic services or in accordance with Art. 6 section 1 letter f GDPR, i.e. in the legally justified interest of the Administrator, consisting in pursuing its claims against the user. The legitimate interest of the Administrator will then override the rights and freedoms of the service recipient.

VI. Statistics on the use of services.

  1. In order to improve the quality of its services, the Administrator processes statistical information regarding the use of the Website, including information about the session, IP number, amount of time spent on individual pages and subpages, use of individual service functionalities, information about the device and web browser. The administrator uses cookies or other similar technologies and Google Analytics statistical tools.
  2. These data are processed in accordance with Art. 6 section 1 letter f GDPR, i.e. in the legitimate interest of the Administrator, consisting in facilitating the use of the Website, improving the quality and functionality of the services provided, and the processing of this data does not violate the rights and freedoms of users. Information about Users is not used for any additional purposes, and due to the specificity of the website service, customizing the way the content of the Website is displayed, facilitating the use of the Website and improving the quality of services provided on the Website is not only a market standard, but also Users’ expectations towards suppliers. websites.
  3. The user may withdraw his/her consent at any time by changing the web browser settings regarding the admissibility of using cookies or other similar technologies.
  4. The data is processed as part of the Administrator’s ongoing activities, but no longer than 60 days from receiving the information. After this time, the Administrator may further process general statistical data, which will be devoid of any information regarding individual Users.
  5. The period of availability of statistical data in Google Analytics tools may be longer than 60 days, but this is beyond the Administrator’s decision-making scope.

VII. Marketing and PR activities of the Administrator.

  1. The Administrator may post marketing information about its products or services on the Website. This content is displayed by the Administrator in accordance with Art. 6 section 1 letter f GDPR, in accordance with the legitimate interest of the Administrator consisting in publishing content related to the services provided and promotional content, campaigns in which the Administrator is involved. At the same time, this action does not violate the rights and freedoms of Users.
  2. The administrator may also post marketing information about the products or services of its contractors. This content is displayed by the Administrator in accordance with Art. 6 section 1 letter f of the GDPR, in accordance with the legitimate interest of the Administrator consisting in marketing activities of the products or services of its contractors.
  3. The user has the right to object to the processing of his or her personal data for marketing purposes.

VIII. Recipients of Users’ data.

  1. The Administrator discloses users’ personal data only to processing entities under concluded contracts entrusting the processing of personal data in order to provide services to the Administrator, e.g. hosting and operating the Website, IT services, marketing and PR services, legal and advisory services.
  2. The data will not be shared or processed in third countries.

IX. Rights of persons to whom personal data concern.

  1. Every data subject has the right to:
    1. Access – obtaining confirmation from the Administrator whether her personal data is being processed. If data about a person is processed, he or she is entitled to access them and obtain the following information: about the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, about the period of data storage or the criteria for determining them, about the right to request rectification, deletion or limitation of the processing of personal data of the data subject and to object to such processing (Article 15 of the GDPR);
    2. Receiving a copy of the data – obtaining a copy of the data subject to processing, the first copy is free of charge, for subsequent copies the Administrator may impose a reasonable fee resulting from administrative costs (Article 15(3) of the GDPR);
    3. Rectification – requests to rectify incorrect personal data or to complete incomplete data (Article 16 of the GDPR);
    4. Deletion of data – requests to delete personal data if the Administrator no longer has a legal basis for their processing or the data is no longer necessary for the purposes of processing (Article 17 of the GDPR);
    5. Processing restrictions – requests to limit the processing of personal data (Article 18 of the GDPR) when:
      1. the data subject disputes the accuracy of the personal data – for a period enabling the controller to check the accuracy of the data;
      2. the processing is unlawful and the data subject objects to their deletion and requests restriction of their use;
      3. The controller no longer needs this data, but it is needed by the data subject to establish, pursue or defend claims;
      4. the data subject has objected to the processing – until it is determined whether the legally justified grounds on the part of the Administrator override the grounds for the data subject’s objection;
    6. Transferring data – receiving personal data concerning him/her in a structured, commonly used format suitable for mass reading, which he or she provided to the Administrator, and requesting that these data be sent to another administrator, if the data is processed on the basis of the data subject’s consent or a contract concluded with him or her, and if the data is processed in an automated manner (Article 20 of the GDPR);
    7. Objection – objecting to the processing of her personal data for the legally justified purposes of the Administrator, for reasons related to her particular situation, including profiling. The Administrator then assesses the existence of valid legally justified grounds for processing, overriding the interests, rights and freedoms of data subjects, or grounds for establishing, pursuing or defending claims. If, according to the assessment, the interests of the data subject are more important than the interests of the Administrator, the Administrator will be obliged to stop processing data for these purposes (Article 21 of the GDPR);
    8. Withdrawal of consent at any time and without giving a reason, but the processing of personal data carried out before the withdrawal of consent will still remain lawful. Withdrawal of consent will result in the Administrator ceasing to process personal data for the purpose for which the consent was expressed.
  2. In order to exercise the above-mentioned rights, the data subject should contact the Administrator using the provided contact details and inform him which right and to what extent he wants to exercise.

X. President of the Personal Data Protection Office.

The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office with its registered office in Warsaw, ul. Stawki 2, which can be contacted as follows:

  1. by letter: ul. Stawki 2, 00-193 Warszawa;
  2. via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt
  3. by phone: (22) 531 03 00.

XI. Changes to the Privacy Policy.

  1. This Privacy Policy may be changed and updated in accordance with the Administrator’s current needs.
  2. Niniejsza Polityka Prywatności oThis Privacy Policy is valid from April 1, 2024.bowiązuje od dnia 01.04.2024 r.

XII. Legal acts referred to in the Privacy Policy.

  1. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016. on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L. of 2016, No. 119, p. 1, as amended);
  2. Civil Code – Act of April 23, 1964 Civil Code (consolidated text: Journal of Laws of 2023, item 1610, as amended);
  3. Act of 18 July 2002 on the provision of services by electronic means (consolidated text: Journal of Laws of 2020, item 344);
  4. Ustawa z dnia 16 lipca 2004 r. Telecommunications Law (consolidated text: Journal of Laws of 2024, item 34).