Privacy and cookie policy

As an Administrator, I process your personal data. I take care and protect it properly and in accordance with the legal regulations.

In the privacy policy you will find the rules for the processing of personal data and the use of cookies in connection with the use of the website https://www.estimon.com/en

1. GENERAL INFORMATION

By using the website and blog https://www.estimon.com/en, you agree to the following terms of the Privacy Policy.

This Privacy Policy sets up the rules for the processing and protection of personal data provided by Users. establishes Cookies policy, as well as other technologies appearing on the website https://www.estimon.com/en.

The administrator of the website and personal data is Estimon Marta Sieradzka, NIP 5272434726, REGON 522966543, hereinafter referred to as the Administrator.

In case of any doubts regarding this Privacy Policy, please contact the Administrator via e-mail address: hello@estimon.com.

All personal and address data provided by the User on the website https://www.estimon.com/en will not be resold in any way to third parties or persons.

The Administrator reserves the right to make changes to the privacy policy, and each User of the site is obliged to get familiar with the current privacy policy. The reason for the changes may be the development of internet technology, changes in generally applicable law or the development of the Website. The bottom of the page bears the date of publication of the current Privacy Policy.

2. PROTECTION OF PERSONAL DATA

In accordance with 13 section 1 and 2 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Regulation on data protection, hereinafter referred to as “GDPR”) that:

I. As a Personal Data Administrator, I have not appointed the Personal Data Protection Inspector and I perform the obligations related to the processing of personal data myself.

II. Purposes and basics of processing

Your personal data will be processed for the following purposes, based on the indicated legal grounds:

to contact by phone or e-mail in matters related to the implementation of the contract – pursuant to art. 6 (1) (a) GDPR,
in order to conclude or perform a concluded contract due to the need to process data for the performance of the contract – pursuant to art. 6 (1) (b) GDPR,
in order to keep records and settlements, and fulfill other obligations arising from the provisions of tax law – pursuant to art. 6 (1) (c) GDPR,
to send the newsletter – pursuant to art. 6 (1) (a) GDPR,
to post an opinion on the website – pursuant to art. 6 (1) (a) GDPR,
for archival and analytical purposes – pursuant to art. 6 (1) (f) GDPR, i.e. on the basis of the Administrator’s legitimate interest,
in order to ensure the security and protection of the Administrator’s property through monitoring, which is the legitimate interest pursued by the Administrator – pursuant to art. 6 (1) (f) GDPR,
for evidentiary purposes, which is the implementation of the Administrator’s legitimate interest in ensuring continuous and uninterrupted operation, as well as protection against various types of allegations and claims, pursuing claims and defense against claims – pursuant to art. 6 (1) (f) GDPR,
for internal administrative purposes of the Data Administrator, related to managing contact with you, as a legitimate interest,
Administrator – based on art. 6 (1) (f) GDPR,
for direct marketing, which is justified by the Administrator’s interest – pursuant to art. 6 (1) (f) GDPR,
in order to examine customer satisfaction, which is justified by the Administrator’s interest – pursuant to art. 6 (1) (f) GDPR,
to issue an invoice and meet other obligations arising from legal provisions – pursuant to art. 6 (1) (c) GDPR (obligation arising from legal provisions),
to consider a complaint – pursuant to art. 6 (1) (b) GDPR.

Moreover, we use tools that collect a lot of information about you related to the use of our website. It concerns, in particular, the following information:

information about the operating system and web browser,
subpages viewed,
time spent on the site,
transitions between individual subpages,
clicks on individual links,
the source from which you go to the page,
the age range you are in,
Your gender
Your approximate location limited to the town.
Your interests based on your online activity.

This information is referred to in the remainder of this privacy policy as Anonymous Information

Anonymous Information by itself is not, in our opinion, personal information, as it does not allow us to identify you and we do not compare it with the typical personal information we collect about you. Nevertheless, taking into account the rigorous jurisprudence of the Court of Justice of the European Union and the divided opinions among lawyers, as a precautionary measure in the event that Anonymous Information is assigned the nature of personal data, we have also included detailed explanations in this privacy policy regarding the processing of this information.

As Anonymous Information is collected by external tools that we use (Google Analytics, Facebook Custom Audiences, Google Ads, Facebook Ads, MailerLite), Anonymous Information is also processed by tool providers in accordance with their regulations and privacy policies.

III. Right to object

You can withdraw your consent at any time, and its withdrawal does not affect the compliance with the processing that was carried out on the basis of consent given before its withdrawal. You also have the right to object to the processing of your data based on the legitimate interests of the Data Administrator. The administrator will stop processing your data for these purposes, unless he is able to demonstrate that, in relation to these data, there are valid legally justified grounds for the Administrator that override your interests, rights and freedoms or these data will be necessary for the Administrator to establishing, pursuing or defending claims.

IV. Data storage period

Your data will be stored:

until the consent is withdrawn or a request to cease processing of personal data or a request to delete the processing of personal data is made, or until the purpose of processing is achieved – in relation to personal data processed on the basis of consent,
for the duration of the contract and until the limitation period for claims arising from or related to the conclusion of the contract, in accordance with generally applicable provisions,
until the expiry of data storage obligations resulting from legal provisions (archival, tax and accounting purposes),
until the data becomes outdated or its usefulness lapses – in relation to data processed for analytical purposes, cookies, etc.

V. Data recipients

We may disclose personal data to the following recipients: employees dealing with HR and payroll services, an accountant or an accounting office, a law firm, a company that supports text messaging, the Social Insurance Institution (ZUS), the Tax Office (US), the insurer, contractors and clients who will receive your data to the extent necessary to enable contractors and clients to communicate with you, other entities with whom or on whose behalf we provide services to the extent that it is necessary and with whom we cooperate, services providing IT system maintenance and hosting, email service providers, management system service providers company, mailing service provider (newsletter) or payment system. We may also be required to provide your data to private and public entities on the basis of legal provisions.

VI. Transfer to third countries

The User’s data may be transferred outside the European Union – to third countries.
Due to the fact that the Administrator uses external providers of various services, e.g. Facebook and subsidiaries, Google, Microsoft, MailerLite, the User’s data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in partly). Google and Facebook use the compliance mechanisms provided for by the GDPR (e.g. certificates) or standard contractual clauses for their services. They will be provided only to recipients who guarantee the highest protection and data security, including through:
1.cooperation with entities processing personal data in countries for which a relevant decision of the European Commission has been issued,
2.using standard contractual clauses issued by the European Commission (as is the case, for example, in the case of Google),
3.application of binding corporate rules approved by the competent supervisory authority,
or that for the transfer of personal data which the User has consented to.

Detailed information is available in the content of the privacy policy of each of the providers of these services, available on their websites.

For example:
Google: https://policies.google.com/privacy?hl=en-US
Facebook Ireland Ltd .: https://www.facebook.com/privacy/explanation
UAB MailerLite: https://www.mailerlite.com/legal/privacy-policy

Currently, the services offered by Google and Facebook are provided mainly by entities located in the European Union. However, you should always read the privacy policy of these providers in order to receive up-to-date information on the protection of personal data. MailerLite may store some data in the United States or use service providers from that country, however, the data is processed mainly in the European Union.

VII. Rights of data subjects

You have the right to access your data, receive a copy of it and the right to rectify it, delete it (if you think there are no grounds for us to process this data, you can request their removal), processing restrictions, the right to transfer data, the right to object, the right to withdraw consent at any time, which, however, will not affect the lawfulness of processing based on consent before its withdrawal.

VIII. Right to make a complaint

You have the right to lodge a complaint to the President of the Office for Personal Data Protection, if you find that the processing of personal data violates the provisions of the GDPR.

IX. Requirement to provide data and consequences of not providing it

Providing personal data is voluntary, except that providing some data may be necessary to conclude the contract, to perform the service, consider complaints, return cash, issue an invoice or tax settlement, or send you a newsletter. The consequence of not providing this data will be the lack of implementation of the above actions.

X. Profiling

Profiling helps in better personalizing the company’s offer, which is directed to you. The administrator does not make automatic decisions that affect your rights. We do not use profiling mechanisms that use personal data.

XI. Recovery of abandoned carts

If you start the ordering process, but you do not complete it, this fact will be recorded in our system and you will receive an e-mail notification of the possibility of finalizing the order. For this purpose, your personal data collected by us in connection with the start of your order is processed. In this case, we base our data processing on our legitimate interest (Article 6 (1) (f) of the GDPR). You can object to the processing of your data for the purposes of recovering abandoned carts by clicking on the link available as part of the message sent as part of recovering abandoned carts.

3. COOKIE POLICY

1. The site does not automatically collect any information, except for information contained in cookies.

2. Cookies are IT data, in particular text files, which are stored on the Website User’s end device and are intended for using the Website. Cookies usually contain the name of the website from which they originate, their storage time on the end device and a unique number.

3. Cookies are used to:

a) adapt the content of the Website’s pages to the User’s preferences and optimizing the use of websites; in particular, these files allow to recognize the device of the Website User and properly display the website, tailored to their individual needs;

b) creating statistics that help to understand how Users use the Website, which allows improving its structure and content;

4. Within the Website, two basic types of cookies are used: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in the cookie parameters or until they are deleted by the User.

5. The Website uses the following types of cookies:

a) “necessary” cookies, enabling the use of services available on the Website, e.g. authentication cookies used for services that require authentication on the Website

b) cookies used to ensure security, e.g. used to detect fraud in the field of authentication within the Website

c) “performance” cookies, enabling the collection of information on how the Website is used

d) “functional” cookies, enabling “remembering” the settings selected by the User and personalizing the User’s interface, e.g. in terms of the language or region of the User’s origin, font size, website appearance, etc.

e) “advertisment” cookies, enabling users to provide advertising content more tailored to their interests.

6. In many cases, the software used for browsing websites (web browser) by default allows the storage of cookies on the User’s end device. Website Users can change cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the web browser settings or to inform about them every time they are placed on the Website User’s device. Detailed information about the possibilities and ways of handling cookies is available in the software (web browser) settings.

7. The Administrator informs that restrictions on the use of cookies may affect some of the functionalities available on the Website’s pages. Disabling or limiting the use of cookies may cause difficulties in using the website, as well as many other websites that use cookies.

8. Consent to cookies. When you first visit https://www.estimon.com/en, you must agree to cookies or take other possible actions indicated in the message in order to continue using the website content. You can always change cookie settings in your browser or delete cookies altogether. Browsers manage cookie settings in different ways. In the auxiliary menu of the web browser you will find explanations about changing cookie settings. Cookies that are not necessary for the proper provision of electronic services remain blocked until you consent to the use of cookies. During your first visit to the website, we display a message asking for your consent along with the possibility of managing cookies, i.e. deciding which cookies you agree to and which you want to block.

9. We use the Google Analytics tool. We implement activities in this area, based on our legitimate interest – statistics and their analysis in order to optimize our website. As part of Google Analytics, we do not collect any data that would allow you to be identified. Therefore, the data collected as part of Google Analytics is not personal data. Google Analytics automatically collects information about your use of our site. The information collected in this way is usually transmitted to a Google server in the United States and stored there. In order to use Google Analytics, we have implemented a special Google Analytics tracking code in the code of our website. The tracking code uses Google Poland sp. z o.o. cookies for the Google Analytics service. On our website, by using the mechanism for managing cookies, you can disable the Google Analytics tracking code.

10. We use the Google Ads advertising program to run advertising campaigns, including remarketing. We implement activities in this area based on our legitimate interest, consisting in marketing our own products or services. Information processing only takes place if you have consented to Google to combine the browsing history and use of the application with your account, and to use information from your Google account to personalize the ads that are displayed on websites. If in this case you will be logged in when visiting my website on Google, Google will use your data together with Google Analytics data to create and define lists of target groups for remarketing on different devices.

When using Google Ads, we do not collect any data that would allow your identification. In order to use Google Ads, we have implemented a special Google Ads conversion pixel in the code of our website. The pixel uses Google Poland sp. z o.o. cookies for the Google Ads service. On our website, by using the mechanism for managing cookies, you can disable these cookies.

11. We use marketing and analytical tools available as part of Facebook. We implement activities in this area, based on our legitimate interest, consisting in marketing our own products or services as well as analysis and statistics. In order to target you personalized ads in terms of your behavior on our website, we have implemented Facebook Pixel as part of our website, which automatically collects information about your use of our website in terms of pages viewed. The information collected in this way is usually transmitted to a Facebook server in the United States and stored there. The information collected as part of Facebook Pixel is anonymous, i.e. it does not allow us to identify you. However, we inform you that Facebook can combine the information collected with other information about you collected as part of your use of Facebook and use for its own purposes, including marketing. Such Facebook actions are no longer dependent on us, and you can search for information directly in Facebook’s privacy policy

The above fragments of the Cookies policy are protected by copyright, which IAB Polska holds and has been taken from the website http://wszystkoociasteczkach.pl.

4. COMMENTS POLICY

When a visitor leaves a comment, we collect the data visible in the comment form, as well as the visitor’s IP address and browser signature to help detect spam.

An anonymous string of characters created based on your email address (so-called hash) can be sent to the Gravatar service to check if you are using it. The Gravatar privacy policy is available here: https://automattic.com/privacy/. After approval of the comment, your profile picture is publicly visible in the context of your comment.

5. CONTACT FORM POLICY

Your personal data provided in the contact form will be processed only to take specific actions regarding your request, e.g. to answer your question sent electronically by writing on the Administrator’s website and for further electronic correspondence.

Providing personal data is voluntary, but necessary to send a reply to your message.

Your personal data will be processed for the period necessary to conduct correspondence with you and after its completion, in order to implement the legitimate interests of the Administrator, i.e.:

– marketing of own products or services

– pursuing possible claims in connection with the provision of the service – in accordance with applicable legal provisions regarding limitation periods for claims.

If you have consented to the processing of your data for another purpose, they will be processed by us until the consent is withdrawn. You can do it at any time.

Your personal data will be shared with other data recipients, such as websites providing IT system and hosting services, an email service provider, a company management system service provider, a newsletter service provider or a payment system provider, etc.

You have the right to access your data, correct it, rectify it, delete or limit processing, the right to object to the processing, the right to transfer data, the right to request access to data, as well as the right to lodge a complaint to the supervisory body if you feel that the processing of your data is inconsistent with the applicable law on data protection. You also have the right to be forgotten if further processing is not provided by current law.

You also have the right to withdraw consent at any time. Withdrawal of consent does not affect the processing of data that was made on the basis of consent before its withdrawal.

6. NEWSLETTER POLICY

The administrator of your personal data is is Estimon Marta Sieradzka, based in Warsaw, Ludwiki 4/63, 01-226, being the administrator of the estimon.com/en website. Contact details: phone: +48 600-077-992, e-mail: hello@estimon.com.

Your personal data provided in the newsletter form will be processed for the purpose of sending the newsletter, i.e. information on blog entries, offers or training, blog products and what I consider valuable and in connection with the blog.

Your personal data will be processed for the period necessary to conduct correspondence with you and after its completion, in order to implement the legitimate interests of the Administrator, i.e.:

– marketing of own products or services

– pursuing possible claims in connection with the provision of the service – in accordance with applicable legal provisions regarding limitation periods for claims.

If you have consented to the processing of your data for another purpose, they will be processed by us until the consent is withdrawn. You can do it at any time. Your personal data will be processed only until you withdraw your consent / unsubscribe from the newsletter, and then they will be removed, unless you decide to use our services and leave them on a different basis and for the purpose indicated to you. You can unsubscribe at any time by clicking the unsubscribe link (“Unsubscribe”).

Your personal data will be shared with other data recipients, such as websites providing IT system and hosting services, an email service provider, a company management system service provider, a mailing service provider or a payment system provider, etc.

You also have the right to withdraw consent at any time, withdrawal of consent does not affect the processing of data that was made on the basis of consent before its withdrawal.

The administrator has not appointed the Personal Data Protection Inspector and independently performs activities related to the protection of personal data.

Due to the fact that the Administrator uses external providers of various services, e.g. Facebook and subsidiaries, Google, Microsoft, MailerLite, the User’s data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in partly). Google and Facebook use the compliance mechanisms provided for by the GDPR (e.g. certificates) or standard contractual clauses for their services.
MailerLite may store some data in the United States or use service providers from that country, however, the data is processed mainly in the European Union.

Your data will not be processed in an automated manner, including in the form of profiling.

Profiling helps in better personalizing the company’s offer, which we direct to you. The administrator does not make automatic decisions that affect your rights. We do not use profiling mechanisms that use personal data.

7. DATA PROCESSING ON FACEBOOK AND INSTAGRAM POLICY

The administrator of your personal data on Estimon fanpage and estimon_bags instagram account is Estimon Marta Sieradzka, based in Warsaw, Ludwiki 4/63, 01-226, being the administrator of the estimon.com/en website. Contact details: phone: +48 600-077-992, e-mail: hello@estimon.com.

Your personal data provided on the fanpage will be processed in order to administer the fanpage, to communicate with you, interact, direct marketing content to you and create a fanpage community.
The basis for their processing is your consent. You voluntarily decide to like the fanpage. The rules prevailing on the fanpage are set by the Administrator, however the rules of staying on the Facebook social network result from the Facebook regulations.
You can stop following the fanpage at any time. However, you will not be able to see any content from the Administrator related to the fanpage.

The administrator sees your personal data, such as e.g. name, surname or general information that you place on your profile as public. The processing of other personal data is carried through Facebook and on the terms contained in the regulations.
Your personal data will be processed for the period of running the fanpage based on your consent and in order to implement the Administrator’s legitimate interests, i.e. marketing of own products or services.
Your personal data will be shared with other data recipients, such as Facebook, cooperating advertising agencies or other subcontractors operating a fan page, IT service, if contact is made outside of Facebook.

You have the right to access your data, correct it, rectify it, delete or limit processing, the right to object to processing, the right to transfer
data, the right to request access to data, the right to lodge a complaint with a supervisory authority, the right to be forgotten and the right to withdraw consent at any time. Withdrawal of consent remains without
impact on data processing that was made on the basis of consent before its withdrawal.

Currently, the services offered by Facebook are provided mainly by entities located in the European Union. However, you should always read the privacy policy of these providers in order to receive updated information on the protection of personal data.
Due to the fact that the Administrator uses external providers of various services, e.g. Facebook, the User’s data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in partly). Google and Facebook use the compliance mechanisms provided for by the GDPR (e.g. certificates) or standard contractual clauses for their services.

Published on 05.01 2020

Last updated: 02.09.2022

Shipping within 48 hours