§1 General provisions

  1. This document is an attachment to the Regulations. When using our services, you entrust us with your information. This Privacy Policy is only intended to help you understand what information and data is collected and for what purpose and what we use it for. This data is very important to us, therefore you should read this document carefully as it defines the rules and methods of processing and protecting personal data. This document also outlines the principles of using “Cookies”. 
  2. We hereby declare that we comply with the principles of personal data protection and all legal regulations provided for by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  3. The person, whose personal data is processed, has the right to contact us in order to obtain comprehensive information on how we use their personal data. We always try to give clear information on the data we gather, how we use it, what purposes it is to serve as well as to whom we transfer it and what data protection we ensure after the data has been transferred to other entities. We also provide information on the institutions the User should contact in case of doubts. 

§2 Rules of privacy

  1. We take your privacy seriously. Our characteristic features are respect for privacy and the fullest possible and guaranteed comfort of using our services.
  2. We appreciate trust that our Users put in our company when providing us with their personal data in order to carry out their orders. We always use personal data fairly so as not to disappoint this trust and only to the extent necessary to complete the order, including its processing. 
  3. The User has the right to obtain clear and full information on how we use their personal data and for what purposes it is needed. We always give clear information on the data we gather, how and to whom we transfer it and we also provide information on the entities you should contact in case of doubts, questions or comments.  
  4. In case of any doubts as to how we use the User’s personal data, we will immediately take necessary steps to clarify and remove these doubts and we will fully and comprehensively answer all related questions. 
  5. We will take all reasonable actions to protect the Users data against its improper and uncontrolled use and to secure it in a comprehensive manner.
  6. We will comply with all applicable laws and regulations related to personal data protection and we will cooperate with data protection authorities and law enforcement bodies. In the absence of data protection regulations, we will act according to the generally accepted principles for data protection, the rules of social intercourse and with the established customs.    
  7. The exact method of personal data protection is included in the policy of personal data protection (security policy, personal data protection regulations, the manual of IT system management). For security reasons, due to the procedures it includes, it is only available to state control authorities.
  8. The administrator of your personal data is Marcin Drozd MULTIMA Marcin Drozd, ul. Boya-Żeleńskiego 23, 35-105 Rzeszów, VAT ID no.: 8132776368, phone no.: 17 282 20, 60, info@bagpack.pl
  9. The legal basis for the processing of your personal data is Art. 6(1)(b) of GDPR. Providing data is not mandatory, but it is essential to take appropriate actions preceding the contract conclusion and its realization. We will transfer your personal data to other recipients, whom the processing has been entrusted on our behalf and for our benefit. Your data will be transferred on the basis of Art. 6(1)(f) of GDPR, where the proper realization of contracts / orders is the legitimate interest. Moreover, we will transfer your personal data to other business partners. The data that we gather is stored in the European Economic Area („EEA”), but it may also be transferred to a country outside this area and processed there. Each operation of transferring personal data is conducted in accordance with applicable law. If data is transferred outside the EEA, we use standard contractual clauses and the privacy shield as security measures related to the countries, in case of which the European Commission has not found an appropriate level of data protection. 
  10. Your personal data related to the conclusion and implementation of the contract will be processed for the period of their realization and not longer than it is provided by the legal regulations including the provisions of the Civil Law and the Accounting Act, i.e. not longer than 10 years counting from the end of the calendar year, in which the last contract was implemented.   
  11. Your personal data processed in order to conclude and implement future contracts will be processed until you raise the objection. 
  12. You have the right to: access your personal data and receive a copy of the data we are processing, to correct your inaccurate data, to demand the deletion of your data (the right to be forgotten) in case of the circumstances indicated in Art. 17 of GDPR; the right to request to limit data processing in the cases specified in Art. 18 of GDPR, to raise the objection to data processing in the cases provided for in Art.21 of GDPR and to transfer the provided data that is processed in an automated manner. 
  13. 13. (Office for Personal Data Protection, ul. Stawki 2, Warsaw). If you need any additional information related to personal data protection or you want to access your rights, please contact us by post at our correspondence address. 
  14. If you have any questions concerning the proper handling of personal data, please contact us via the website from which the User has been redirected to this Privacy Policy. The contact request will be forwarded immediately to the appropriate person appointed for this purpose.
  15. The User has always the right to notify us if:
    - they do not want to receive information or messages from us in any form;
    - they would like to receive a copy of their personal information that we have;
    - they need to correct, update or delete their personal data that we keep in our records;
    - they want to report violations, improper use or processing of their personal data.
  16. In order to help us answer or address the provided information, please give your name, surname and further details.

§3 The scope and purpose of collecting personal data

  1. We process the necessary personal data for the purpose of providing services and for accounting purposes only namely:
    - to place an order,
    - to conclude a contract, make a complaint or withdraw from the contract,
    - to issue a VAT invoice or other receipt.
  2. We collect, process and store the following data of our Users:
    - name and surname,
    - address,
    - delivery address (if different from home address),
    - tax identification number (VAT),
    - e-mail address,
    - telephone number (mobile, landline),
    - information on the web browser used,
    - other personal data provided voluntarily to us.
  3. Provision of the data above is completely voluntary, but at the same time necessary for the full implementation of services. 
  4. We collect, process and use personal data for the following purposes: direct marketing, record-keeping purposes of advertising campaigns and the fulfillment of obligations imposed by the legal provisions done by collecting information on unwanted actions. 
  5. We may transfer personal data to servers located outside the User’s country of residence or to related entities and third parties established in other countries, including the countries from the European Economic Area (EEA – free trade zone and the Common Market including the countries of the European Union and the European Free Trade Assossiation-EFTA) so that they may process personal data on our behalf and in accordance with the provisions of this Privacy Policy and the applicable law, customs and regulations related to data protection.
  6. It is important to bear in mind that the level of legal data protection in numerous countries to which this personal data is transferred, is not the same as in the User’s country. Therefore, the User’s personal data stored in another country may be accessed in accordance with the law applicable there, for example by: courts, the authorities responsible for the enforcement of law and national security in accordance with the provisions of law that are in force in this country. With the exception of lawful requests for disclosure, we declare to require the entities processing personal data outside the User’s country to take measures protecting personal data in a manner that is adequate to the regulations of their national law. 

§4 „Cookies” policy

  1. We automatically collect information included in the cookies files to collect the User’s data. A cookie is a small piece of text, which is sent to the User’s browser and which the browser sends back when the User visits the website again. These files are mainly used to maintain a session, for example by generating and sending back a temporary ID after logging in. We use “session” Cookies stored at the User’s end device until the User logs out, closes the website or the web browser as well as „permanent” Cookies stored at the User’s end device for the time specified by the  Cookies parameters or until they are deleted by the User.
  2. Cookies files adjust and optimize the website and its offer to the Users’ needs by such actions as creating the pageview statistics and ensuring security. Cookies are also essential to maintain a session after leaving the website. 
  3. Each time the Users visit the website, the Administrator processes data included in the Cookie files for the following purposes:
    - to optimize the website use;  
    - to identify the Recipients as being logged in;  
    - to adjust graphics, selection options or any other website content to the individual Recipient’s preferences;
    - to remember automatically and manually completed data provided in Order Forms or login data given by the visitor;
    - to collect and analyze anonymous statistics demonstrating how the website is used in the administration panel and in Google Analytics;
    - to make remarketing lists based on the information on the Users’ preferences, their behaviour and their website use as well as to collect demographic data and then to share these lists in AdWords or Facebook Ads.
    - to create data segments based on demographic information, interests and   preferences in the selection of the browsed products / services.
    - to use demographic and interest data in Analytics reports.
  4. At any time the User may completely disable and delete the collection of Cookies files with the use of their web browser.
  5. If the Users block the possibility of collecting Cookies at their device, they may make it difficult or impossible to use some of the website functionalities which they are entitled to, but in such situation they have to be aware of the functionality limitations.  
  6. If the User does not want to use Cookies for the purpose described above, they may delete them manually at any time. In order to read the detailed instructions, the Users should visit the website of the manufacturer of the browser that they are currently using. 

§5 Rights and obligations

  1. We have the right, and in cases specified by law, the statutory obligation to provide selected or all information on personal data to public authorities or third parties, which submit a request for such information based on the applicable provisions of Polish law. 
  2. The User has the right to access the content of the personal data they provide, 
  3. the right to correct this data, complete it at any time as well as the right to demand that the data should be deleted from the databases or ceased to be processed without giving any reasons. In order to access their rights, the User may send at any time a suitable message at the e-mail address or in any other way which will deliver / transfer such a request. 
  4. The User’s request to delete their personal data or to cease processing it may result in a complete inability to provide services or their serious limitation.
  5. We declare to comply with the applicable provisions of law and the rules of social intercourse. 
  6. Information on out-of-court resolution of consumer disputes. The entity authorized by the Act on Out-of-Court Consumer Dispute Resolution is the Spokesman for Finance, whose website address is as follows: www.rf.gov.pl.

§6 Fundamental safety principles

  1. Each User should take care of their own data security and the security of their devices which are used to access the Internet. Such a device should absolutely have an antivirus program with an up-to-date and regularly completed database of definitions and types of viruses as well as a safe version of the browser they use with a firewall enabled. The User should check whether the operational system and the programs installed on it have the latest and compatible updates, since attacks take advantage of errors found in the installed software. 
  2. Access data to services offered in the Internet, for instance logins, passwords, PINs, electronical certificates, etc., should be secured in a place inaccessible for others and impossible to be broken into from the Internet network. They must not be disclosed or stored at the device in such a form that allows an authorized access or reading it by unauthorized persons. 
  3. The User should be cautious when opening strange attachments or clicking links in the e-mails that they did not expect, e.g. from unknown senders or from the spam folder.  
  4. It is recommended to enable anti-phising filters in the browser, i.e. tools which verify whether the displayed website is authentic and is not used for phishing for example by impersonating an individual or an institution. 
  5. Files should be downloaded only from trusted sites, services and websites. It is not recommended to install software from unverified sources, particularly from unknown publishers with unverified opinions. This also applies to mobile devices, e.g. smartphones, tablets. 
  6. When using home WI-FI network, the User should set a safe and hard to break password. It should not be any pattern or a string of characters that is easy to identify (e.g. street name, host name, date of birth, etc.). It is also recommended to use the highest possible standards of WI-FI network encryption, which can be run on the equipment you have, e.g. WPA2. 

§7 Use of Social Media plugins

  1. Our website includes plugins of the social portals such as facebook.com, Twitter and others. The related services are provided by Facebook Inc. and Twitter Inc. respectively.
  2. Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook. In order to see Facebook plugins, please go to: https://developers.facebook.com/docs/plugins
  3. Twitter is operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. In order to see Twitter plugins, go to: https://dev.twitter.com/web/tweet-button
  4. The plug-in gives the provider only the information on which of our websites you have accessed and when. If during browsing or visiting our website, the User is logged for example into Facebook or Twitter, the provider is able to combine their interests, IT preferences and other data obtained for example by clicking the “Like” button, leaving a comment or typing a profile name in their search activity. Such information will be also transmitted directly to the provider via the browser. 
  5. More detailed information on collecting and using data by Facebook or Twitter and on the protection of privacy may be found on the following websites:
  6. Data protection / advice on privacy issued by Facebook: http://www.facebook.com/policy.php
  7. Data protection / advice on privacy issued by Twitter: https://twitter.com/privacy
  8. In order to avoid associating the visit on our website with a given Facebook or Twitter account, you have to log out of your account before browsing our websites.