§ 1. General provisions

1. The Privacy Policy and Use of Cookies at the website https://www.shop.dogsinbox.com/ (hereinafter referred to as the "Policy") has been created and adopted by the Owner, Stalmika Sp. z o.o.

2. Terms used in the Policy stand for:

1) Service: website https://www.shop.dogsinbox.com

2) User: an entity using the Service;

3) Owner: Stalmika Sp. z o.o., Sienkiewicza 21, 32-400 Myślenice, NIP [Tax Id. No.]: 6812066274, REGON [National Business Reg. No.]: 366811947

4) Cookies: text files sent by the Service and stored on the User's end device, which the User uses while using the Service.

3. The purpose of the Policy is, in particular:

1) to provide Users with information regarding the use of Cookies in the Service, required by legal provisions;

2) to ensure Users' privacy protection to the extent corresponding to the standards and requirements specified in the applicable legal regulations.

4. The Owner limits the collection and use of information about Users to the necessary minimum.

5. In order to gain full access through the Service to the content and services offered by the Owner, it is advisable to accept the Policy. Acceptance can be made through the settings of the software installed on the User's device or service configuration.

6. The following legal regulations, among others, apply:

1) the Act of July 16, 2004, Telecommunications Law (Journal of Laws 2022.1648 consolidated text, as amended);

2) the Act of July 18, 2002, on providing services by electronic means (Journal of Laws 2020.344 consolidated text, as amended);

3) Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Journal of Lawsl L 119, 4.5.2016), hereinafter referred to as the "Regulation";

4) the Act of May 10, 2018 on Personal Data Protection (Journal of Laws 2019.1781, as amended).

§ 2. Privacy and Personal Data Protection

1. The data concerning Users are processed by the Owner in accordance with the provisions of law. The personal data obtained by the Owner from the Users are processed on the basis of the consent given by the User or the occurrence of another basis entitling to the processing of data according to the regulations.

2. The Owner takes special care to protect the interests of the persons whose data are concerned, and in particular ensures that the data are:

1) processed in accordance with the law, fairly and in a manner that is transparent for Clients and other persons whose data are concerned;

2) collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes;

3) adequate, relevant and limited to what is necessary for the purposes for which they are processed;

4) accurate and, where necessary, kept up to date;

5) kept in a form which enables the identification of the data subject for no longer than is necessary for the purposes for which the data are processed;

6) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

3. The Owner implements appropriate technical and organizational measures that ensure the security of personal data processing and the protection of processed personal data appropriate to the nature, scope, context and purposes of processing and the risk of infringement of the rights or freedoms of natural persons.

4. The Owner strives to continuously modernize the applied computer, technical and organizational measures protecting this data, in particular, the Owner ensures updates of computer protection measures allowing for the security against unauthorized access, loss, alteration or destruction, and other threats arising from the operation of the information system and telecommunications networks.

5. To each User who has provided their data to the Owner in any way, the Owner ensures access to data and the use of other rights of the persons concerned, in accordance with the applicable legal provisions, including the right to:

1) withdraw consent for the processing of personal data;

2) obtain information concerning their personal data;

3) control the processing of data, including their supplementation, update, rectification, deletion;

4) object to processing or to request restriction of processing;

5) lodge a complaint with a supervisory authority and use other legal remedies to protect their rights.

6. The Owner may process personal data in an automated manner, including profiling, under the principles set out in the Regulation. In such a case, the purpose of the Owner's actions is marketing purposes or the need to personalize messages sent to Users (including adjusting information to the needs or expectations of the User). The User has the right to object to such processing of his data - this objection can be expressed by sending a message to the Owner's address: Stalmika Sp. z o.o., Sienkiewicza 21, 32-400 Myślenice, Tax ID: 6812066274, Business Registry Number: 366811947, phone number +48 517 218 656, email address: [email protected]

7. A person who has access to personal data processes it solely on the basis of the Owner's authorization or a personal data processing entrustment agreement and exclusively on the Owner's instructions.

8. In connection with the operation of the Service, the Owner uses the services of other entities, including for the purpose of performing a service for the User. Users' personal data may be transferred to:

1) the hosting company,

2) the supplier of software for the Service management,

3) the provider of internet services,

4) the provider of marketing or advertising services.

§ 3. Twisto Purchase Formula

1. This clause constitutes information of the data controller prepared pursuant to Art. 13(1) and (2) of the General Data Protection Regulation (GDPR) related to the payment service in the Twisto formula offered via the Website.

2. The Website processes your personal data for the following purposes:

a) processing payments offered on the Website,

b) providing your personal data to ING Bank Śląski S.A. (“Bank”) in relation to the provision by the Bank of an infrastructure for servicing on-line payments for the On-Line Store (legal basis: Art. 6(1)(f) of the Regulation,

c) servicing and clearance by the Bank of payments made by the On-Line Store clients with the use of payment instruments (legal basis: Art. 6(1)(f) of the Regulation),

d) for the purpose of verification, by the Bank, of proper performance of contracts concluded with the On-Line Store, in particular to ensure protection of interests of payers in relation to the complaints lodged by them (legal basis: Art. 6(1)(f) of the Regulation),

e) to provide your personal data to Twisto Polska Sp. z o.o. in relation to the possibility of offering payment for the acquired goods or services by Twisto Polska Sp. z o.o. as part of a contract of mandate encompassing the “Buy with Twisto” purchase formula, and making such formula available by the On-Line Store, as well as for the purpose of verification, by Twisto Polska Sp. z o.o. of correct performance of such contracts of mandate (legal basis: Art. 6(1)(f) of the Regulation),

3. In relation to the processing of personal data for the purposes specified in Section 1a, your personal data may be made available by the On-Line Store to other recipients or categories of personal data recipients, which may include:

a) ING Bank Śląski S.A.

b) Twisto Polska sp. z o.o.

4. In case the provision of personal data takes place with the aim of transferring your data to Twisto Polska Sp. z o.o. before conclusion of a goods (or service) sale contract purchased in the On-Line Store, the provision of such data shall be the condition precedent for entering into the sale contract in relation to the business model of operation adopted by the On-Line Store.

5. In case of provision of your personal data to the Bank in relation to the processing and clearance of payments made by you for the benefit of the On-Line Store via the Internet with the use of payment instruments, provision of data is required for the purpose of processing payments and provision of confirmation of such payment by the Bank for the benefit of the On-Line Store.

6. In case your personal data are provided to the Bank for the purpose of verification, by the Bank, of correct performance of contacts concluded with the On-Line Store, in particular protection of payer’s interests in relation to complaints filed by them, provision of such data is required for the purpose of allowing performance of a contract concluded between the On-Line Store and the Bank.

7. In case of provision of your personal data to Twisto Polska Sp. z o.o. in relation to the possibility of paying the price for the goods or services purchased by you by Twisto Polska Sp. z o.o. as part of a contract of mandate encompassing the “Buy with Twisto” purchase formula and making such formula available by the On-Line Store, provision of such data and their processing to this aim is required in relation to the business model of conducting operation adopted by the On-Line Store and for the purpose of performing the contract concluded between the On-Line Store and Twisto Polska Sp. z o.o.

§ 4. Cookies

1. The Owner uses Cookies primarily to ensure the proper functioning of the Service and its basic features.

2. The Owner may also use its own or partners' Cookies for analytical, functional, or marketing purposes, but only when the User provides their consent.

3. The following types of Cookies may be used in the Service:

1) necessary Cookies, the purpose of which is to provide the User with access to the Service and its proper functioning. Without them, the Owner would not be able to provide services within the Service, therefore their use does not require the User's consent;

2) analytical Cookies, the purpose of which is to collect information and create statistics for the purpose of improving the Service (including checking the number of visits or traffic in the Service and its sources). These are optional Cookies, so the Owner may use them only if the User gives their consent;

3) functional Cookies, the purpose of which is to remember the User's preferences regarding the Service (including the appearance of the Service, language, font, or other elements that can be customized) and to provide personalized content. These are optional Cookies, so the Owner may use them only if the User gives their consent;

4) marketing Cookies, the purpose of which is to collect information about the preferences or interests of Users and to adjust advertising or marketing content to those preferences. These are optional Cookies, so the Owner may use them only if the User gives their consent.

4. The user can decide on their cookie preferences by Cookie management. A consent management platform is used in the Service, where the User can at any time express or withdraw consent to the use of optional Cookies, change statements, and obtain information regarding Cookies.

5. Regarding the storage time of Cookies on Users' devices, the following are used in the Service:

1) Session Cookies, which are not stored on Users' devices after the end of the session (e.g., after logging out or closing the Service page or browser) or for any other period indicated in the cookie consent management tool;

2) Permanent Cookies, which are saved on Users' devices even after the end of the session and for the time specified in their parameters or until they are deleted by the User. The time specified in the Cookie parameters can be checked on the consent management platform for each Cookie separately.

6. When using the Service, Cookies originating from the Owner's partners such as Google, Facebook, Tiktok, Consent Manager, or others, whose list may change over time, may be placed on Users' devices. Information is available through the functionality to manage cookie settings.

7. In some cases, software installed by the User on the terminal device for browsing websites (e.g., web browser) introduces default storage of Cookies on the User's terminal device. Users can change the Cookie settings at any time. Detailed information in this regard is available in the settings and instructions for the software (web browser). Failure to change the settings means that data will be placed on the User's terminal device (using the Service will result in automatic placement of Cookies on the User's terminal device). Changing the browser settings may cause some services to not work correctly or even completely prevent the use of the Service.

8. The data stored on the User's terminal device does not cause any configuration changes to the User's terminal device or the software installed on that device.

9. Information regarding Cookies may also apply to other similar technologies used within the Service.

10. The User can also manage Cookies at the level of the web browser in a way that allows the browser's functionality.

§ 5. Complaints

1. Complaints can be directed to the Owner in electronic form at the address [email protected]

2. It is possible to use non-judicial methods of dealing with complaints and pursuing claims in legal relations with Consumers, including:

1) the possibility of resolving disputes electronically via the ODR (online dispute resolution) platform, available at https://ec.europa.eu/consumers/odr/main/index.cfm?event=main.home2.show&lng=PL;

2) the possibility of conducting conciliation proceedings before a court of law or other bodies.

3. The Owner undertakes to consider the complaint within 14 days.

4. If the complaint is accepted, the Owner will take appropriate action.

5. In order to consider complaints, the Owner processes the personal data of Users filing complaints, in particular e-mail address, name, surname, content of the complaint, circumstances of the event causing the complaint, information obtained during the consideration of the complaint, including explanation of the event causing it. During the consideration of the complaint, the Owner may process a number of other information, including information about the User's use of Services, Cookies or other similar technologies, information about devices. This data is processed in accordance with Art. 6(1)(b) of the Regulation in order to consider the complaint and is processed for the time necessary to consider the complaint and after the end of the complaint procedure for archival purposes in accordance with the accounting act in case of need to defend against possible claims against the Owner.

6. In case of initiating an explanatory procedure regarding a possible violation of the Policy or legal regulations, social coexistence rules or good manners, the Owner may process the User's personal data until the end of the ongoing procedure and until the expiry of the limitation period for claims, which usually lasts 3 years, but in special cases provided for by law may be longer. This data will then be processed, including disclosed in accordance with Art. 6(1)(f) of the Regulation, i.e. in the legitimate interest of the administrator consisting in pursuing its claims against the User. The legitimate interest will then be the overriding aim against the rights and freedoms of the User.

§ 6. Final provisions

1. The Policy was adopted by the order of the Owner and comes into force on 22 April 2024.

2. Any deviations from the Policy require a written form under pain of nullity.

3. The law applicable to the Policy is the law of the Republic of Poland.

4. In matters not regulated in the Policy, the relevant provisions of the law apply.

5. This document is protected by copyright and is made available on a license basis. Any use of the document without the author's consent, dissemination by publication is prohibited.