Legal Notice

  1. General Provisions

This privacy policy of the Online Store is for informational purposes only, i.e., it does not create obligations for the Service Recipients or Customers (hereinafter: Users) of the Online Store. The privacy policy defines the principles of personal data processing by the Administrator in the Online Store, including the legal basis, purposes, and scope of personal data processing, as well as the rights of the data subjects, and information regarding the use of cookies and analytical tools in the Online Store.

The personal data administrator collected through the Online Store is Paweł Cach, conducting a sole proprietorship registered in the Central Registration and Information on Business under the name "PAWEŁ CACH GALICYA DYSTRYBUCJA", with its seat at 37-200 Przeworsk, Rozbórz 392, NIP: 7941577528, REGON: 651433025, hereinafter referred to as the “Administrator”, who is simultaneously the Service Provider of the Online Store and the Seller.

Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”.

Use of the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the User of the Online Store is voluntary, subject to:

  1. concluding contracts with the Administrator – in cases and to the extent indicated on the Online Store’s website and in the Online Store Regulations and this privacy policy, failure to provide personal data necessary to conclude and execute the Sales Agreement or the Electronic Service Agreement with the Administrator will result in the inability to conclude such an agreement. Providing personal data is a contractual requirement in such a case, and if the data subject wishes to conclude an agreement with the Administrator, they are obliged to provide the required data. The scope of data required to conclude the agreement is always indicated in advance on the Online Store website and in the Online Store Regulations;
  2. statutory obligations of the Administrator – i.e., providing personal data is a legal requirement arising from generally applicable laws imposing on the Administrator the obligation to process personal data (e.g., processing data for accounting or bookkeeping purposes), and failure to provide them prevents the Administrator from fulfilling these obligations.

The Administrator is responsible and ensures that the collected data is:

  1. processed lawfully;
  2. collected for specified, lawful purposes and not subjected to further processing incompatible with these purposes;
  3. accurate and adequate in relation to the purposes for which they are processed;
  4. stored in a form that allows identification of the data subjects no longer than necessary to achieve the purpose of processing;
  5. processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

The Administrator implements appropriate technical and organizational measures to prevent unauthorized persons from obtaining or modifying personal data transmitted electronically, ensuring processing in accordance with GDPR. These measures are periodically reviewed and updated if necessary.

The Online Store may contain features that allow sharing content via third-party social media applications, such as the “Like” button on Facebook or widgets on other services such as YouTube or Google. These social media applications may collect and use data regarding Users’ activity in the Online Store and on the website www.glassto.eu. Any personal data provided by Users via these social media applications may be collected and used by other users of these applications, and interactions conducted via these applications are subject to the privacy policies of the respective application providers. The Administrator has no control over or responsibility for these entities or their use of User data.

  1. Legal Bases for Data Processing

The Administrator is authorized to process personal data if at least one of the following conditions is met:

  1. the data subject has given consent to the processing of their personal data for one or more specific purposes;
  2. processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract;
  3. processing is necessary to comply with a legal obligation to which the Administrator is subject;
  4. processing is necessary for the purposes of legitimate interests pursued by the Administrator or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, in particular where the data subject is a child.
  1. Purpose, Legal Basis, Retention Period, and Scope of Data Processing in the Online Store

The purpose, legal basis, retention period, scope, and recipients of personal data processed by the Administrator depend on the actions taken by the User in the Online Store.

The Administrator may process personal data in the Online Store for the following purposes:

  1. Registration and managing an Account in the Online Store – processing is necessary to perform an electronic service agreement with the User or to take actions at the User’s request prior to entering into the agreement (Art. 6(1)(b) GDPR);
  2. Handling requests submitted by the User through electronic forms available in the Online Store – processing is necessary to conclude and perform an electronic service agreement, for contacting purposes without further processing (Art. 6(1)(b) GDPR);
  3. For legitimate interests of the Administrator related to operating the Online Store, including analyzing Users’ use of the website, ensuring security and reliability of services provided (Art. 6(1)(f) GDPR);
  4. For legitimate interests of the Administrator, including determining, pursuing, and defending claims, preventing crimes, conducting related investigations, managing and developing business activities, including risk management (Art. 6(1)(f) GDPR);
  5. User satisfaction surveys (e.g., via surveys sent to Users by the Administrator or partners) – processing based on legitimate interest (Art. 6(1)(f) GDPR);
  6. Direct marketing of the Administrator, including tailoring services to Users based on cookies and similar technologies – processing based on legitimate interest (Art. 6(1)(f) GDPR);
  7. Marketing based on User consent (Art. 6(1)(a) GDPR);
  8. Compliance with legal obligations imposed on the Administrator (e.g., accounting or tax law) – processing necessary to fulfill a legal obligation (Art. 6(1)(c) GDPR).
  1. Data Recipients in the Online Store

To execute Sales Agreements and ensure proper functioning of the Online Store, the Administrator must use external service providers.

Personal data of Online Store Users may be disclosed to the following recipients or categories of recipients:

  1. carriers/shippers/courier brokers – regarding Users using postal or courier delivery;
  2. payment service providers or card operators – regarding Users using electronic payments or cards;
  3. service providers supplying technical, IT, or organizational solutions enabling the Administrator to operate the business, Online Store, and electronic services;
  4. accounting, legal, and consulting service providers supporting the Administrator in financial, legal, or advisory matters.
  1. Rights of the Data Subject
  1. Right of access – Users may request information about which personal data are processed by the Administrator, including receiving a copy of their personal data.
  2. Right to rectification – Users may request correction of inaccurate data or completion of incomplete data.
  3. Right to erasure (“right to be forgotten”) – Users may request deletion of their data in certain cases, e.g., if consent is withdrawn (if it was the sole basis for processing) or if data were processed unlawfully. This right may not apply when processing is necessary for legal obligations or claims.
  4. Right to object – Users may request that processing be stopped for reasons related to their particular situation when processing is based on legitimate interests (e.g., statistics or analysis). In such cases, the Administrator will stop processing unless there are overriding legitimate grounds or legal obligations.
  5. Right to restrict processing – Users may request “blocking” of data in specific situations, e.g., while correcting or if storage is necessary for legal purposes.
  6. Right to data portability – Users may request their data in a structured, commonly used format and transmit it directly to another administrator where technically possible.

In case of suspected breaches of data protection regulations, Users may lodge a complaint with the President of the Personal Data Protection Office.

  1. Privacy of Minors

The Administrator does not monitor or verify the age of its community, mailing list recipients, survey participants, or contest participants. Contact information provided by visitors (such as email addresses) is used for order fulfillment, Administrator communications, and promotional materials from certain partners. Minors should not provide information, place orders, or subscribe to services without parental consent.

  1. Cookies in the Online Store

The Administrator may process data contained in Cookies for the following purposes:

  1. identifying Users as