Privacy policy and cookies

1. This Privacy Policy sets out the rules for the processing of personal data obtained through the online store www.tommytomson.com (hereinafter referred to as the "Online Store").

2. The owner of the Store and at the same time the data administrator is Ryszard Rosiak running a business under the name Przedsiębiorstwo Handlowo Usługowe TOMSON Ryszard Rosiak with its registered office in Łódź (93-582), Felsztyńskiego 12/26, entered into the Central Register and Information on Economic Activity kept by the Minister of Development, Labor and Technology, NIP: 7292727964, REGON: 381571871, hereinafter referred to as "Phu Tomson".

3. Personal data collected by Phu Tomson via the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such and the repeal of Directive 95/46/EC (General Data Protection Regulation), also referred to as the GDPR.

4. Phu Tomson takes special care to respect the privacy of customers visiting the Online Store.



§ 1 Type of data processed, purposes and legal basis:

1. Phu Tomson collects information on natural persons performing legal transactions not directly related to their activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, hereinafter collectively referred to as customers.

2. Customers' personal data is collected in the case of:

a) rejestracji konta w Sklepie Internetowym, w celu utworzenia indywidualnego konta i zarządzania tym kontem. Podstawa prawna: niezbędność do wykonania umowy o świadczenie usługi Konta (art. 6 ust. 1 lit. b RODO);

b) placing an order in the Online Store in order to perform the sales contract. Legal basis: necessity to perform the sales contract (Article 6(1)(b) of the GDPR);

c) subscription to the newsletter (Newsletter), in order to perform the contract, the subject of which is the service provided electronically. Legal basis - consent of the data subject to perform the contract for the provision of the Newsletter service (Article 6(1)(a) of the GDPR);

d) using the contact form service in the Online Store in order to perform the contract provided electronically. Legal basis: necessity to perform the contract for the provision of the contact form service (Article 6(1)(b) of the GDPR); e) use the service, post an opinion, in order to perform the contract, the subject of which is the service provided electronically. Legal basis - necessity to perform the contract for the provision of the post an opinion service (Article 6(1)(b) of the GDPR).

3. In the case of registering an account in the Online Store, the Customer provides: a) e-mail address.

4. When registering an account in the Online Store, the Customer independently sets an individual login and password to access his account. The customer may change the password at a later time, on the terms described in §5.

5. When placing an order in the Online Store, the Customer provides the following data: a) e-mail address; b) address details:

a. zip code and city;

b.country

c. street and house/apartment number.

c) name and surname;

d) phone number.

6. In the case of Entrepreneurs, the above scope of data is additionally extended by:

a) the Entrepreneur's company.

7. In the case of using the Newsletter service, the Customer only provides his e-mail address.

8. In the case of using the contact form service, the Customer provides the following data: a) e-mail address; b) order number (optional).

9. If you use the post an opinion service, the customer must be registered.

10. When using the Store Website, additional information may be downloaded, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.

11. Navigation data may also be collected from Customers, including information about links and references that they decide to click or other activities undertaken in the Online Store. Legal basis - legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.

12. In order to establish, pursue and enforce claims, some personal data provided by the Customer as part of using the functionality in the Online Store may be processed, such as: name, surname, data on the use of services, if the claims result from the manner in which the Customer uses services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - legitimate interest (Article 6(1)(f) of the GDPR), consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.

13. The transfer of personal data to Phu Tomson is voluntary, in connection with concluded sales contracts or the provision of services via the Store Website, with the proviso that failure to provide the data specified in the data forms in the Registration process prevents Registration and setting up a Customer Account, and in the case of placing an order without registering a Customer Account, it will prevent the submission and execution of the Customer's order.



§ 2 Who are the data made available to or entrusted to and how long are they stored?

1. The Customer's personal data is transferred to service providers used by Phu Tomson when running the Online Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to Phu Tomson's instructions as to the purposes and methods of data processing (processors) or independently determine the purposes and methods of their processing (administrators).

a) Processors. Phu Tomson uses suppliers who process personal data only at the request of Phu Tomson. They include e.g. suppliers providing hosting services, accounting services, marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns, couriers, payment operators;

2. Lokalizacja. Dostawcy usług mają siedziby w Polsce i w innych krajach Europejskiego Obszaru Gospodarczego (EOG).

3. Customers' personal data is stored:

a) If the basis for the processing of personal data is consent, then the Customer's personal data are processed by Phu Tomson until the consent is revoked, and after the consent is revoked, for a period of time corresponding to the period of limitation of claims that Phu Tomson may raise and which may be raised against him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years.

b) If the basis for data processing is the performance of the contract, then the Customer's personal data is processed by Phu Tomson as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years.

4. In the case of a purchase in the Online Store, personal data may be transferred, depending on the Customer's choice, to the following entities in order to deliver the ordered goods: a) epaka Sp. z o. o. Sp. k., ul. Sochacz 16a, 21-400 Łuków, KRS 0000715732, REGON 369332957, NIP 8252181790, license for domestic road transport of goods No. LS 0008805.;

5. Navigation data can be used to provide customers with better service, analyze statistical data and adapt the Online Store to customer preferences, as well as administer the Online Store.

6. If the Customer subscribes to the newsletter (Newsletter) to his e-mail address, Phu Tomson will send electronic messages containing commercial information about promotions and new products available in the Online Store.

7. In the event of a request, Phu Tomson provides personal data to authorized state authorities, in particular organizational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.



§ 3 Cookie mechanism, IP address

1. The Online Store uses small files called cookies. They are saved by Phu Tomson on the end device of the person visiting the Online Store, if the web browser allows it. A cookie file usually contains the name of the domain it comes from, its "expiration time" and an individual, randomly selected number identifying this file. Information collected using this type of files helps to adapt the products offered by Phu Tomson to individual preferences and real needs of people visiting the Online Store. They also give the opportunity to develop general statistics of visits to the presented products in the Online Store.

2. Phu Tomson uses two types of cookies:

a) Session cookies: after the browser session ends or the computer is turned off, the saved information is deleted from the device's memory. The session cookies mechanism does not allow for downloading any personal data or any confidential information from the Customers' computers.

b) Persistent cookies: they are stored in the memory of the Customer's end device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow downloading any personal data or any confidential information from the Customer's computer.

3. Phu Tomson uses its own cookies to:

a) authentication of the Customer in the Online Store and ensuring the Customer's session in the Online Store (after logging in), thanks to which the Customer does not have to re-enter the login and password on each subpage of the Online Store;

b) analyzes and research as well as audience audits, in particular to create anonymous statistics that help to understand how customers use the Store Website, which allows improving its structure and content.

4. The cookie mechanism is safe for the computers of the Online Store Customers. In particular, this way is not possible to get viruses or other unwanted software or malicious software to the Customers' computers. However, in their browsers, customers have the option of limiting or disabling the access of cookies to computers. If you use this option, the use of the Online Store will be possible, except for the functions that by their nature require cookies.

5. Below we present how to change the settings of popular web browsers regarding the use of cookies:

a) Internet Explorer browser;

b) Microsoft EDGE browser;

c) Mozilla Firefox browser;

d) Chrome browser;

e) przeglądarka Safari;

f) Opera browser.

6. Phu Tomson may collect Customers' IP addresses. The IP address is a number assigned to the computer of the person visiting the Online Store by the Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes each time you connect to the Internet. The IP address is used by Phu Tomson when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we record the most visits), as information useful in administering and improving the Online Store, as well as for security purposes and possible identification of burdening the server undesirable automatic programs for viewing the content of the Online Store.

7. The Online Store contains links and references to other websites. Phu Tomson is not responsible for their privacy policies.



§ 4 Rights of data subjects

1. The right to withdraw consent - legal basis: art. 7 sec. 3 GDPR.

a) The customer has the right to withdraw any consent given to Phu Tomson.

b) Withdrawal of consent takes effect from the moment of withdrawal of consent.

c) Withdrawal of consent does not affect the processing carried out by Phu Tomson in accordance with the law before its withdrawal.

d) Withdrawal of consent does not entail any negative consequences for the Customer, but it may prevent further use of services or functionalities that Phu Tomson may only provide with consent.

2. The right to object to data processing - legal basis: art. 21 GDPR.

a) The customer has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data, including profiling, if Phu Tomson processes his data based on a legitimate interest, e.g. marketing of Phu Tomson products and services keeping statistics on the use of individual functionalities of the Online Store and facilitating the use of the Online Store, as well as satisfaction surveys.

b) Resignation in the form of an e-mail from receiving marketing messages regarding products or services will mean the Customer's objection to the processing of his personal data, including profiling for these purposes.

c) If the Customer's objection turns out to be justified and Phu Tomson has no other legal basis for processing personal data, the Customer's personal data will be deleted, to the processing of which the Customer has objected.

3. The right to delete data ("the right to be forgotten") - legal basis: art. 17 GDPR.

a) The customer has the right to request the removal of all or some of his personal data.

b) The customer has the right to request the deletion of personal data if:

a. the personal data are no longer necessary for the purposes for which they were collected or processed;

b. withdrew a specific consent to the extent that personal data was processed based on his consent;c

c. objected to the use of his data for marketing purposes;

d. personal data is processed unlawfully;

e. personal data must be deleted in order to comply with a legal obligation provided for in Union law or the law of a Member State to which Phu Tomson is subject;

f. personal data has been collected in connection with offering information society services.

c) Despite the request to delete personal data, in connection with the objection or withdrawal of consent, Phu Tomson may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfill a legal obligation requiring processing under Union or Member State law to which Phu Tomson is subject. This applies in particular to personal data including: name, surname, e-mail address, which data is retained for the purpose of handling complaints and claims related to the use of Phu Tomson services, or additionally, address of residence / correspondence address, order number, which data is kept for the purpose of considering complaints and claims related to concluded sales contracts or the provision of services.

4. The right to limit data processing - legal basis: art. 18 GDPR.

a) The customer has the right to request the restriction of the processing of his personal data. Submitting a request, until it is considered, prevents the use of specific functionalities or services, the use of which will involve the processing of data covered by the request. Phu Tomson will also not send any messages, including marketing ones.

b) The customer has the right to request the restriction of the use of personal data in the following cases:

a. when he questions the correctness of his personal data - then Phu Tomson limits their use for the time needed to verify the correctness of the data, but not longer than for 7 days;

b. when data processing is unlawful, and instead of deleting the data, the Customer requests the restriction of their use;

c. when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the Customer to establish, pursue or defend claims;

d. when he objected to the use of his data - then the restriction takes place for the time needed to consider whether - due to the particular situation - the protection of the interests, rights and freedoms of the Customer outweighs the interests pursued by the Administrator when processing the Customer's personal data.

5. Right of access to data - legal basis: art. 15 GDPR.

a) The Customer has the right to obtain confirmation from the Administrator whether he processes personal data, and if this is the case, the Customer has the right to:

a. access your personal data;

b. obtain information about the purposes of processing, categories of personal data being processed, about the recipients or categories of recipients of this data, the planned period of storing the Customer's data or about the criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the Customer under GDPR and about the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the safeguards applied in connection with the transfer of this data outside the European Union;

c. obtain a copy of your personal data.

6. The right to rectify data - legal basis: art. 16 GDPR. a) The customer has the right to request the Administrator to immediately rectify his personal data that are incorrect. Taking into account the purposes of processing, the data subject has the right to request completion of incomplete personal data, including by submitting an additional statement, sending a request to the e-mail address in accordance with §6 of the Privacy Policy.

7. The right to transfer data - legal basis: art. 20 GDPR.

a) The customer has the right to receive his personal data, which he provided to the Administrator, and then send them to another personal data administrator of his choice. The customer also has the right to request that personal data be sent by the Administrator directly to such an administrator, if it is technically possible. In this case, the Administrator will send the Customer's personal data in the form of a file in the csv format, which is a commonly used, machine-readable format and allows the received data to be sent to another personal data administrator.

8. In the event of the Customer exercising the right resulting from the above rights, Phu Tomson fulfills the request or refuses to comply with it immediately, but not later than within a month after receiving it. However, if - due to the complexity of the request or the number of requests - Phu Tomson will not be able to meet the request within a month, it will meet them within the next two months informing the Customer in advance within one month of receiving the request - about the intended extension of the deadline and its reasons.

9. The customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the exercise of his rights.

10. The customer has the right to request Phu Tomson to provide a copy of standard contractual clauses by directing the inquiry in the manner indicated in §6 of the Privacy Policy.

11. The customer has the right to lodge a complaint with the President of the Office for Personal Data Protection in the scope of violation of his rights to the protection of personal data or other rights granted under the GDPR.



§ 5 Security management - password

1. Phu Tomson provides customers with a secure and encrypted connection when transferring personal data and when logging in to the Customer Account on the Website. Phu Tomson uses an SSL certificate issued by one of the world's leading companies in the field of security and encryption of data transmitted over the Internet.

2. If the Customer with an account in the Online Store has lost the access password in any way, the Online Store allows you to generate a new password. Phu Tomson does not send a password reminder. The password is stored in an encrypted form, in a way that makes it impossible to read it. In order to generate a new password, you must provide your e-mail address in the form available under the link "Forgot your password?", provided next to the login form for the account in the Online Store. The Customer will receive an e-mail to the e-mail address provided during registration or saved in the last change of the account profile, containing a redirection to a dedicated form available on the Store Website, where the Customer will be able to set a new password.

3. Phu Tomson never sends any correspondence, including electronic correspondence, asking for login details, in particular the access password to the Customer's account.



§ 6 Zmiany Polityki Prywatności

1. The Privacy Policy may change, which Phu Tomson will inform Customers 7 days in advance

2. Questions related to the Privacy Policy should be sent to the following address: Kontakt@tommytomson.com

3. Date of last modification: 08/06/2023.