Privacy Policy and Cookies of the linska.pl Online Store

This Privacy Policy and Cookies describes how “LINSKA” uses information about you, which constitutes personal data within the meaning of the General Data Protection Regulation (GDPR). You will also find information about the rights you have in connection with the processing of your personal data. The Privacy Policy applies to all customers of the online store and visitors to our websites who may, but do not have to be, our customers.

The following Privacy Policy is an integral part of the Terms of Service, which defines the rules, rights, and obligations of Users using the Service.

§1 Definitions

1. Service – the “LINSKA” website operating at https://linska.pl
2. External service – websites of partners, service providers or service recipients cooperating with the Administrator
3. Service Administrator / Data Controller – The Service Administrator and Data Controller (hereinafter Administrator) is the company “Linska Zuzanna Zielińska”, conducting business at: ul. Pawia 4/9, 80-626 Gdańsk, with the assigned tax identification number (NIP): 9571184883, providing electronic services through the Service
4. User – a natural person for whom the Administrator provides electronic services through the Service.
5. Device – an electronic device with software through which the User gains access to the Service
6. Cookies – text data collected in the form of files placed on the User’s Device
7. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
8. Personal data – means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
9. Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
10. Restriction of processing – means the marking of stored personal data with the aim of limiting their processing in the future
11. Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements
12. Consent – consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her
13. Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data transmitted, stored or otherwise processed
14. Pseudonymisation – means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person
15. Anonymisation – Data anonymisation is an irreversible process of operations on data that destroys / overwrites “personal data” making identification impossible, or linking a given record with a specific user or natural person.

§2 Data Protection Officer

1. Based on Art. 37 GDPR, the Administrator has not appointed a Data Protection Officer.
2. For matters concerning data processing, including personal data, contact the Administrator directly.

§3 Types of Cookie Files

1. Internal cookies – files placed and read from the User’s Device by the Service’s IT system.
2. External cookies – files placed and read from the User’s Device by IT systems of external services. Scripts of external services that may place cookie files on Users’ Devices have been consciously placed in the Service through scripts and services made available and installed in the Service.
3. Session cookies – are files that, after ending a given browser session or turning off the computer, delete all previously saved information and are removed from the Client’s device memory. The session cookies mechanism does not allow for retrieving any personal data or any confidential information from Clients’ computers.
4. Persistent cookies – are stored in the Client’s end device memory and remain there until they are deleted or expire. The persistent cookies mechanism does not allow for retrieving any personal data or any confidential information from Clients’ computers.

§4 Data Storage Security

1. Cookie storage and reading mechanisms – The mechanisms for storing, reading and exchanging data between cookie files saved on the User’s Device and the Service are implemented through built-in web browser mechanisms and do not allow for retrieving other data from the User’s Device or data from other websites that the User visited, including personal data or confidential information. Transfer of viruses, trojans and other worms to the User’s Device is also practically impossible.
2. Internal cookies – cookie files used by the Administrator are safe for Users’ Devices and do not contain scripts, content or information that could threaten the security of personal data or the security of the Device used by the User.
3. External cookies – The Administrator takes all possible actions to verify and select service partners in the context of User security. The Administrator selects known, large partners with global social trust for cooperation. However, it does not have full control over the content of cookie files originating from external partners. The Administrator is not responsible for the security of cookie files, their content and license-compliant use by scripts installed in the service, originating from external services, to the extent permitted by law. The list of partners is included in the further part of the Privacy Policy.
4. The Administrator applies all possible technical measures to ensure the security of data placed in cookie files. However, it should be noted that ensuring the security of this data depends on both parties, including the User’s activity.
5. The Administrator ensures that it makes every effort to ensure that personal data voluntarily entered by Users is secure, access to it is limited and carried out in accordance with its purpose and processing objectives. The Administrator also ensures that it makes every effort to secure the data it holds against loss, by applying appropriate physical and organizational safeguards.
6. The Administrator declares that passwords are stored in encrypted form, using the latest standards and guidelines in this regard. Decryption of passwords provided in the Service for account access is practically impossible.

§5 Purposes for which cookie files are used

• Improving and facilitating access to the Service
• Personalizing the Service for Users
• Enabling login to the service
• Marketing, Remarketing in external services
• Conducting statistics (users, number of visits, types of devices, connection, etc.)
• Serving multimedia services
• Providing social services

§6 Purposes of personal data processing

Personal data voluntarily provided by Users is processed for one of the following purposes:

• Implementation of electronic services:
  • User registration and account maintenance services in the Service and related functionalities
  • Services for sharing information about content placed in the Service on social networks or other websites.
• Communication between the Administrator and Users regarding matters related to the Service and data protection
• Ensuring the Administrator’s legally justified interest

Data about Users collected anonymously and automatically is processed for one of the following purposes:

• Conducting statistics
• Remarketing
• Ensuring the Administrator’s legally justified interest

§7 Cookie files of external services

The Administrator uses javascript scripts and web components of partners in the Service, who may place their own cookie files on the User’s Device. Remember that in your browser settings you can decide about allowed cookie files that can be used by individual websites. Below is a list of partners or their services implemented in the Service that may place cookie files:

• Multimedia services:
• Social / connected services:
  (Registration, Login, content sharing, communication, etc.)
  • Facebook
• Content sharing services:
  • Instagram
• Statistics:
  • Google Analytics

Services provided by third parties are beyond the Administrator’s control. These entities may change their terms of service, privacy policies, data processing purposes and ways of using cookie files at any time.

§8 Types of collected data

1. Customer personal data is collected in case of:
   a. registering a customer account in the Online Store, in order to create an individual account and manage this account. Legal basis: necessity for the conclusion and performance of the Account service agreement (art. 6 para. 1 lit. b GDPR);
   b. placing an order for the purchase of Goods offered by the Data Administrator in the Online Store, in order to perform the sales contract. Legal basis: necessity to perform the sales contract and delivery of purchased Goods (art. 6 para. 1 lit. b GDPR);
   c. using the contact form service made available by the Data Administrator in the Online Store in order to perform a contract provided electronically. Legal basis: necessity to perform the contact form service agreement (art. 6 para. 1 lit. b GDPR);
2. The Service collects data about Users. Some data is collected automatically and anonymously, and some data is personal data provided voluntarily by Users during registration for individual services offered by the Service.
3. In order for the Customer to conclude an agreement for maintaining an account in the Online Store, the Data Administrator processes the following personal data:
   a. email address,
   b. phone number,
   c. address data (country, city, street with apartment/house number),
   d. first and last name.
4. When registering an account in the Online Store, the Customer independently sets an individual password for access to their account. The Customer can change the password later, according to the rules described in § 7 of this Privacy Policy.
5. In case of placing an order for the purchase of Goods offered through the Online Store, the Data Administrator processes the following personal data:
   a. email address,
   b. phone number,
   c. address data (country, city, street with apartment/house number),
   d. first and last name.
6. If an order for the purchase of Goods is placed by a person who is an Entrepreneur, the above-mentioned scope of personal data is additionally extended to include the following data:
   a. entrepreneur’s company name,
   b. NIP number,
   c. registered office address.
7. In case of using the Newsletter service, the Customer provides only their email address.
8. In case of using the contact form service, the Data Administrator processes the following personal data:
   a. email address,
   b. phone number,
   c. information contained in the content of the submitted inquiry.
9. When using services offered through the Online Store, the IT system may also collect additional information, in particular: IP address assigned to the Customer’s computer or external IP address of the Internet provider, domain name, browser type, access time, operating system type.
10. Providing personal data to the Data Administrator is completely voluntary, in connection with concluded sales contracts or service provision through the Online Store, with the reservation that failure to provide specific data required by the Data Administrator in the process of concluding an agreement for using specific services, e.g., data provided in the Customer Account registration form in the Online Store, prevents the customer from using the service they are interested in, e.g., inability to register a Customer Account in the Online Store or place an Order for the purchase of Goods offered by the Administrator.

§9 Access to personal data by third parties

1. Personal data processed by the Data Administrator through the Online Store may be transferred to third parties who are service providers or subcontractors of the Data Administrator, whose services the Administrator uses to ensure the smooth functioning of the Online Store. Third parties providing the Data Administrator with specific services have access to Customers’ personal data, depending on contractual arrangements and circumstances, either subject to the Data Administrator’s instructions regarding the purposes and methods of processing this data (processors), or independently determine the purposes and methods of their processing (controllers).
2. Processors: The Data Administrator uses services offered by third parties when third parties process Customers’ personal data exclusively on the instruction of the Data Administrator. These include, among others, providers offering hosting services, providing marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns. With each of such entities, the Data Administrator has concluded a data processing agreement that ensures the security of entrusted Customers’ personal data;
3. Controllers: The Data Administrator uses services offered by third parties that do not act exclusively on the instruction of the Data Administrator and independently determine the purposes and methods of using Customers’ personal data. These include, among others, providers of electronic and banking payment services.
4. Location: Service providers are based in Poland and other countries of the European Economic Area (EEA). The Data Administrator does not share data outside the EEA.
5. In case of purchasing Goods in the Online Store, Customer’s personal data may be transferred, depending on the Customer’s choice, to the following third parties, in order to ensure proper delivery of ordered Goods:
   – to the courier company selected by the Customer;
   – to InPost Paczkomaty Sp. z o.o. based in Krakow, being the operator of the Paczkomaty network and providing delivery services and operation of the postal locker system (Paczkomaty);
6. In case the Customer chooses the payment method for Goods – Przelewy24.pl system, their personal data is transferred to the extent necessary for payment processing to PayPro S.A. based in Poznań (60-327 Poznań, ul. Kanclerska 15), entered in the register of entrepreneurs maintained by the District Court Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under number KRS 0000347935, NIP 7792369887, Regon 301345068.
7. Navigation data may be used to provide Customers with better service, analyze statistical data and adapt the Online Store to Customer preferences, as well as administer the Online Store.
8. The Administrator uses the services of an external hosting, VPS or Dedicated Servers provider – ultimahost.pl Szeliga sp.j. with headquarters at ul. Piotrkowska 148/150, 90-063 Łódź, Poland, NIP 9671354758 – to operate the website.

§10 Method of personal data processing

Personal data voluntarily provided by Users:

• Personal data will not be transferred outside the European Union
• Personal data will not be used for automated decision-making (profiling).
• Personal data will not be sold to third parties.

Anonymous data (without personal information) collected automatically:

• Anonymous data (without personal information) will be transferred outside the European Union.
• Anonymous data (without personal information) will not be used for automated decision-making (profiling).
• Anonymous data (without personal information) will not be resold to third parties.

§11 Legal basis for personal data processing

The Service collects and processes User data based on:

• Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  1. Article 6(1)(a)
     The data subject has given consent to the processing of their personal data for one or more specific purposes
  2. Article 6(1)(b)
     Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  3. Article 6(1)(f)
     Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
• Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000)
• Act of 16 July 2004 Telecommunications Law (Journal of Laws 2004 No. 171, item 1800)
• Act of 4 February 1994 on Copyright and Related Rights (Journal of Laws 1994 No. 24, item 83)

§12 Period of personal data processing

1. Customers’ personal data is stored:
   a. When the basis for processing personal data is the consent of the personal data owner, the Customer’s personal data is processed by the Data Administrator for as long as the consent is not withdrawn, and after the consent is withdrawn for a period corresponding to the limitation period for claims that may be raised by the Data Administrator or that may be raised against it. Unless a specific provision states otherwise, the limitation period for such claims is six years, and for claims for periodic benefits and claims related to business activities – three years.
   b. When the basis for data processing is the performance of a contract, the Customer’s personal data is processed by the Data Administrator for as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years.
   c. When the basis for data processing is the legitimate interest of the Data Administrator, the Customer’s personal data is processed by the Data Administrator for as long as there is a legitimate legal interest of the Data Administrator.
2. In the case of purchasing Goods in the Online Store, the Customer’s personal data may be transferred, depending on the Customer’s choice, to the following third parties in order to ensure proper delivery of the ordered Goods to InPost Paczkomaty Sp. z o.o. based in Krakow, which is the operator of the Parcel Locker network and provides delivery services and operation of the postal locker system (Parcel Lockers);
3. Anonymous statistical data, which does not constitute personal data, is stored by the Administrator for the purpose of conducting service statistics for a period of up to 26 months.

§13 User rights related to the processing of personal data

The Service collects and processes User data based on:

• Right of access to personal data
  Users have the right to obtain access to their personal data, exercised upon request submitted to the Administrator
• Right to rectification of personal data
  Users have the right to request from the Administrator immediate rectification of personal data that is incorrect and/or completion of incomplete personal data, exercised upon request submitted to the Administrator
• Right to erasure of personal data
  Users have the right to request from the Administrator immediate erasure of personal data, exercised upon request submitted to the Administrator. In the case of user accounts, data erasure involves anonymizing data that enables User identification. The Administrator reserves the right to suspend the execution of the erasure request in order to protect the legitimate interest of the Administrator (e.g., when the User has violated the Terms of Service or the data was obtained as a result of correspondence).
• Right to restriction of processing of personal data
  Users have the right to restrict the processing of personal data in cases indicated in Article 18 of the GDPR, including questioning the accuracy of personal data, exercised upon request submitted to the Administrator
• Right to data portability
  Users have the right to obtain from the Administrator personal data concerning the User in a structured, commonly used and machine-readable format, exercised upon request submitted to the Administrator
• Right to object to the processing of personal data
  Users have the right to object to the processing of their personal data in cases specified in Article 21 of the GDPR, exercised upon request submitted to the Administrator
• Right to lodge a complaint
  Users have the right to lodge a complaint with the supervisory authority responsible for personal data protection.

§14 Contact with the Administrator

The Administrator can be contacted in one of the following ways

• Postal address – Linska Zuzanna Zielińska, ul. Pawia 4/9, 80-626 Gdańsk
• Email address – biuro@linska.com

§15 Service Requirements

• Limiting the saving and access to Cookie files on the User’s Device may cause some functions of the Service to malfunction.
• The Administrator bears no responsibility for malfunctioning Service functions in case the User limits in any way the ability to save and read Cookie files.

§16 Changes to the Privacy Policy

1. The Administrator reserves the right to change this Privacy Policy in case of changes in law, guidelines of authorities responsible for supervising personal data protection processes, technology used to process personal data (if the change affects the wording of this document), as well as in case of changes in the methods, purposes or legal bases for processing personal data by us.
2. In matters not regulated in this Privacy Policy, but related to its subject matter, the provisions of Polish law shall apply, in particular:
   (1) Act of 23 April 1964 – Civil Code,
   (2) Act of 30 May 2014 on Consumer Rights,
   (3) Act of 18 July 2002 on Providing Services by Electronic Means (UŚUDE),
   (4) Act of 10 May 2018 on Personal Data Protection,
   (5) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
3. The current version of the Privacy and Cookies Policy was adopted and is effective from 26.09.2025.