For the Owner of this website, the protection of Users' personal data is a matter of utmost importance. They make great efforts to ensure that Users feel secure when entrusting their personal data while using the website.

A User is a natural person, a legal person, or an organizational unit without legal personality, to whom the law grants legal capacity, using electronic services available on the website.

This privacy policy explains the rules and scope of processing Users' personal data, their rights, as well as the obligations of the data controller, and also provides information about the use of cookies.

The Controller uses the most modern technical measures and organizational solutions, ensuring a high level of protection of processed personal data and security against unauthorized access.

I. PERSONAL DATA CONTROLLER

The controller of personal data is the Entrepreneur Mr. Grzegorz Lewicki representing the company: TECTO SYSTEM Sp. z o.o. ul. Strachocińska 164D/2, 51-518 Wrocław, Poland VAT ID (NIP): 8952282926 biuro@tectosystem.com

(hereinafter referred to as the "Owner").

II. PURPOSE OF PERSONAL DATA PROCESSING

1. The Controller processes the User's personal data for the purpose of: Preparing an offer and providing all information about the service and its scope.

2. This means that this data is needed in particular for: a. registering on the website; b. concluding a contract; c. making settlements; d. delivering goods ordered by the User or performing services; e. the User's exercise of any consumer rights (e.g., withdrawal from the contract, warranty).

3. The User may also consent to receive information about news and promotions, which will result in the controller also processing personal data to send the User commercial information regarding, among other things, new products or services, promotions, or sales.

4. Personal data is also processed as part of fulfilling the legal obligations incumbent on the data controller and performing tasks in the public interest, including the performance of tasks related to security and defense or the storage of tax documentation.

5. Personal data may also be processed for the purposes of direct marketing of products, securing and pursuing claims or protecting against claims of the User or a third party, as well as marketing the services and products of third parties or own marketing that is not direct marketing.

III. TYPE OF DATA

1. The Controller processes the following personal data, the provision of which is necessary for: a. registering on the website: - name and surname; - e-mail address; b. making purchases via the website: - name and surname; - gender; - delivery address; - telephone number; - e-mail address; c. Data optionally provided by the User: 3/7 - date of birth; - PESEL number (in case of requesting an invoice); - VAT ID (NIP) number (in case of requesting an invoice for a business).

2. In the event of withdrawal from the contract or recognition of a complaint, when the refund is made directly to the User's bank account, we also process information regarding the bank account number for the purpose of making the refund.

IV. LEGAL BASIS FOR PERSONAL DATA PROCESSING

1. Personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1–88, hereinafter referred to as the "GDPR".

2. The Controller processes personal data only after obtaining the User's prior consent, expressed at the time of registration on the website or at the time of confirming a transaction made on the website.

3. Providing consent to the processing of personal data is completely voluntary, however, failure to provide it prevents registration on the website and making purchases via the website.

V. RIGHTS OF THE USER

1. The User may at any time request information from the controller about the scope of personal data processing.

2. The User may at any time request the correction or rectification of their personal data. The User can also do this independently after logging into their account.

3. The User may at any time withdraw their consent to the processing of their personal data, without giving a reason. The request not to process data may concern a specific processing purpose indicated by the User, e.g., withdrawal of consent to receive commercial information, or it may concern all purposes of data processing. Withdrawal of consent for all 4/7 processing purposes will result in the User's account being deleted from the website, along with all previously processed personal data of the User by the controller. Withdrawal of consent will not affect actions already taken.

4. The User may at any time request, without giving a reason, that the controller delete their data. The request to delete data will not affect actions already taken. Deleting data means the simultaneous deletion of the User's account, along with all personal data saved and processed by the controller to date.

5. The User may at any time object to the processing of personal data, both in the scope of all personal data of the User processed by the controller, as well as only to a limited extent, e.g., regarding the processing of data for a specifically indicated purpose. The objection will not affect actions already taken. Lodging an objection will result in the deletion of the User's account, along with all personal data saved and processed by the controller to date.

6. The User may request the restriction of the processing of personal data, whether for a specific period or without a time limit, but within a specific scope, which the controller will be obliged to fulfill. This request will not affect actions already taken.

7. The User may request that the controller transfer the User's processed personal data to another entity. To do this, they should write a request to the controller, indicating to which entity (name, address) the User's personal data should be transferred and what specific data the User wishes the controller to transfer. After the User confirms their request, the controller will transfer the User's personal data in electronic form to the indicated entity. Confirmation of the request by the User is necessary for the security of the User's personal data and to ensure that the request comes from an authorized person.

8. The Controller informs the User about the actions taken within one month of receiving one of the requests mentioned in the previous points.

VI. PERSONAL DATA RETENTION PERIOD

1. In principle, personal data is stored only for as long as it is necessary to fulfill contractual or legal obligations for which it was collected. This data will be deleted immediately when its storage is no longer necessary for evidentiary purposes, in accordance with civil law 5/7, or in connection with a statutory obligation to store data.

2. Information regarding the contract is stored for evidentiary purposes for a period of three years, starting from the end of the year in which the commercial relationship with the User ended. The data will be deleted after the expiry of the statutory limitation period for contractual claims.

3. In addition, the controller may retain archival information regarding concluded transactions, as its storage is related to the User's claims, e.g., under warranty.

4. If no contract has been concluded between the User and the Owner, the User's personal data is stored until the User's account is deleted from the website. The account may be deleted as a result of a request made by the User, withdrawal of consent to the processing of personal data, or an objection to the processing of this data.

VII. TRANSFER OF DATA PROCESSING TO OTHER ENTITIES

1. The Controller may entrust the processing of personal data to entities cooperating with the controller, to the extent necessary for the execution of transactions, e.g., for the preparation of ordered goods and the delivery of shipments or the transmission of commercial information originating from the controller (the latter applies to Users who have consented to receive commercial information).

2. Apart from the purposes indicated in this Privacy Policy, Users' personal data will not be made available to third parties or transferred to other entities in any way for the purpose of sending marketing materials of these third parties.

3. Personal data of website Users is not transferred outside the European Union.

4. This Privacy Policy complies with the provisions resulting from Article 13(1) and (2) of the GDPR.

VIII. COOKIES

1. The website uses cookies or similar technology (hereinafter collectively referred to as "cookies") to collect information about the User's access 6/7 to the website (e.g., via a computer or smartphone) and their preferences. They are used, among other things, for advertising and statistical purposes and to adapt the website to the individual needs of the User.

2. Cookies are pieces of information that contain a unique reference code that the website sends to the User's device for storage and sometimes to track information about the device used. They usually do not allow the User to be identified. Their main task is to better adapt the website to the User.

3. Some of the cookies on the website are only available for the duration of a given internet session and expire when the browser is closed. Other cookies are used to remember the User who, after returning to the website, is recognized on it. They are then stored for a longer period.

4. The cookies used on this website are: ECSI - deleted after one month, CCK3 - deleted after closing the browser, Secure_Cartgc - deleted after closing the browser, Kas_js - deleted after closing the browser. 5. All cookies on the website are set by the administrator.

5. All cookies used by this website comply with applicable European Union law.

6. Most Users and some mobile browsers automatically accept cookies. If the User does not change the settings, cookies will be saved in the device's memory.

7. The User can change their preferences regarding the acceptance of cookies or change their browser to receive a relevant notification each time a cookie function is set. To change cookie acceptance settings, adjust the settings in your browser.

8. It is worth remembering that blocking or deleting cookies may prevent full use of the website.

9. Cookies will be used for essential session management, including:

   a. Creating a special login session for the Website User so that the site remembers that the User is logged in and their requests are delivered effectively, securely, and consistently; b. Recognizing a User who has previously visited the website, which allows the identification of the number of unique users who have used the service and ensures sufficient service capacity for the number of new users; c. Recognizing whether a person visiting the website is registered on the website; d. Recording information from the User's device, including: cookies, IP address, and information about the browser used, in order to diagnose problems, administer, and track website usage; e. Adapting elements of the graphic layout or content of the website; f. Collecting statistical information about how the User uses the website in order to improve the site and determine which areas of the website are most popular with Users.