Privacy Policy

Publication Date: September 15, 2025

TABLE OF CONTENTS
1. GENERAL PROVISIONS
2. LEGAL BASES FOR DATA PROCESSING
3. PURPOSE, LEGAL BASIS, PERIOD, AND SCOPE OF DATA PROCESSING IN THE STORE
4. DATA RECIPIENTS
5. PROFILING IN THE STORE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES, OPERATIONAL DATA, AND ANALYTICS
8. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. This Privacy Policy is for informational purposes. It defines the rules for processing personal data in the online store www.essensu.pl (hereinafter: “Store”), including the legal bases, purposes, scope, and period of data processing, as well as the rights of data subjects, and information about cookies and analytical tools.
1.2. Data Controller: Essensu.pl Rafał Południok, registered office: ul. Turkusowa 1/100, 20-572 Lublin, correspondence address: ul. Złotej Wilgi 8/178, 03-984 Warszawa, NIP (Tax ID): 7123489315, e-mail: knives@essensu.pl, tel.: +48 794 992 662 (Mon–Fri 09:00–19:00). The Controller is also the service provider of the Store and the seller.
1.3. Personal data is processed in accordance with applicable regulations, particularly the GDPR (Regulation 2016/679), as well as the Act on Providing Services by Electronic Means and the Telecommunications Law.
1.4. Use of the Store (including purchases) is voluntary. Providing data is voluntary, with the exception of: (1) concluding and performing a contract – lack of data necessary to fulfill an order will prevent its conclusion/fulfillment; (2) statutory obligations of the Controller (e.g., accounting/tax) – lack of data will prevent their fulfillment.
1.5. The Controller takes special care to protect the interests of data subjects – data is processed lawfully, for specified purposes, adequately, factually correct, stored no longer than necessary, and secured with appropriate technical and organizational measures.
1.6. Terms written with a capital letter (e.g., Store, Electronic Service, Sales Agreement) have the meaning assigned to them in the Store’s Terms and Conditions.

2. LEGAL BASES FOR DATA PROCESSING

2.1. The Controller processes data when at least one of the legal bases from Article 6(1) of the GDPR applies: (1) consent of the data subject; (2) necessity for the performance of a contract or to take steps prior to entering into a contract; (3) legal obligation incumbent on the Controller; (4) legitimate interest of the Controller or a third party – with respect for the rights and freedoms of the data subject.
2.2. The specific legal basis for a given purpose is indicated in Chapter 3.

3. PURPOSE, LEGAL BASIS, PERIOD, AND SCOPE OF DATA PROCESSING IN THE STORE

3.1. The scope of processing depends on the user’s activities in the Store (e.g., account registration, placing an order, subscribing to the newsletter, e-mail/telephone contact).
3.2. Purposes of processing:
A) Performance of a Sales Agreement / provision of Electronic Services
– Legal Basis: Article 6(1)(b) of the GDPR.
– Period: duration of the contract and until the expiry of the limitation periods for claims.
– Maximum Scope: first name and last name, e-mail, telephone number, delivery address, billing address; for companies: company name and Tax ID.
B) Handling inquiries, complaints, and returns
– Legal Basis: Article 6(1)(b) and/or (f) of the GDPR (legitimate interest – handling correspondence).
– Period: until the matter is resolved + period of limitation for claims/documentation period.
– Scope: identification and contact data, transaction data, content of the request.
C) Settlements, accounting, and tax obligations
– Legal Basis: Article 6(1)(c) of the GDPR in conjunction with tax/accounting regulations.
– Period: in accordance with regulations (as a rule, until the expiry of archiving/limitation periods).
– Scope: identification and address data, Tax ID, data from accounting documents.
D) Direct marketing of own products and services (e.g., newsletter)
– Legal Basis: Article 6(1)(a) of the GDPR (consent) – for e-mail/SMS communication; and/or Article 6(1)(f) of the GDPR (legitimate interest) regarding presenting offers in the Store.
– Period: until consent is withdrawn or an effective objection is raised; no longer than until the expiry of the limitation periods for claims.
– Scope: first name (optional), e-mail, activity/purchase history (in the newsletter – limited to the necessary minimum).
E) Post-purchase reviews
– Legal Basis: Article 6(1)(a) of the GDPR (consent).
– Period: until consent is withdrawn.
– Scope: e-mail, order identifier, content of the review.
F) Establishment, exercise, or defense of claims
– Legal Basis: Article 6(1)(f) of the GDPR.
– Period: until the expiry of the limitation periods for claims.
– Scope: identification data, contact data, address data, transaction data, and correspondence.
G) Ensuring website security and maintaining IT infrastructure
– Legal Basis: Article 6(1)(f) of the GDPR.
– Period: in accordance with the IT security policy (system logs for the necessary time).
– Scope: operational data (e.g., IP address, timestamps, session identifiers, browser headers).

4. DATA RECIPIENTS

4.1. For the proper functioning of the Store, the Controller uses the services of external entities. Data is transferred only when necessary for the purpose and to an adequate extent.
4.2. Categories of recipients: carriers/courier brokers/pickup points; payment operators; hosting, mail, store software, and IT service providers; accounting, legal, advisory, and debt collection service providers; providers of survey/review tools and newsletters (with consent).

5. PROFILING IN THE STORE

5.1. The Controller may use profiling for its own marketing purposes (e.g., cart reminders, product suggestions, coupons). Decisions based on profiling do not produce legal effects concerning the user or similarly significantly affect them.
5.2. Profiling involves analyzing activity in the Store (e.g., viewed products, purchase history) to better tailor content.
5.3. The user may object to profiling for direct marketing purposes at any time.

6. RIGHTS OF THE DATA SUBJECT

6.1. Rights: access to data, rectification, erasure (“right to be forgotten”), restriction of processing, data portability, objection to processing (including profiling), the right not to be subject to a decision based solely on automated processing.
6.2. Withdrawal of consent – at any time, without affecting the lawfulness of processing carried out before its withdrawal.
6.3. Complaint to the supervisory authority – President of the Personal Data Protection Office (UODO).
6.4. Objection – at any time to processing based on Article 6(1)(e)–(f) of the GDPR for reasons relating to your particular situation; and unconditionally to direct marketing.
6.5. Exercise of rights: contact the Controller (data in point 1.2) or use the contact form in the Store.

7. COOKIES, OPERATIONAL DATA, AND ANALYTICS

7.1. Cookies are small text files stored on the user’s device. They enable, among other things, maintaining sessions, remembering settings, analyzing traffic, and personalizing content.
7.2. Purposes of using cookies: identifying logged-in users and maintaining sessions; remembering shopping carts and form data; adapting the interface; anonymous statistics; remarketing/presenting tailored content (if enabled).
7.3. Most browsers accept cookies by default. The user can restrict or disable them – however, this may affect the functionality of some Store features.
7.4. Consent to cookies can be expressed through browser settings or a consent management panel (if available).
7.5. Managing cookies – information can be found in the help sections of web browsers.
7.6. Analytics: The Store may use analytical tools (e.g., Google Analytics) and advertising/remarketing tools (e.g., Google Ads/Facebook Ads). Data is processed in an anonymized or pseudonymized manner. The user can use the opt-out mechanisms provided by suppliers (e.g., the Google Analytics Opt-out Add-on).

8. FINAL PROVISIONS

8.1. The Store may contain links to other websites. After navigating to another website, we recommend reviewing its privacy policy. This Policy applies only to the Controller’s Store.
8.2. The Controller may update the Policy in case of legal/organizational changes or changes in Store functionality. Users will be informed of significant changes in a visible manner in the Store (e.g., announcement, e-mail to subscribers).