top of page



General information


Selected data protection methods used by the Operator

This policy applies to the Website operating under the url:

The website operator and personal data administrator is: OXYMA Sp. z o.o. with registered office in Krakow, Plac Wolnica 13/10, 31-060, KRS 0000872425, NIP: 6762589164.

Operator's e-mail contact address:

The Operator is the Administrator of your personal data with regard to the data provided

voluntarily provided on the Website.


The Website uses your personal data for the following purposes:

1) Running the newsletter

2) Preparation, packaging, shipment of goods o Fulfillment of ordered services

3) Debt collection

4) Presentation of an offer or information

The Service performs functions of obtaining information about users and their behavior in the following ways:

1) Through voluntary data entered in forms, which are entered into the Operator's systems.

2) By saving cookies (so-called "cookies") in the end devices.

Respecting your rights and respecting applicable laws, including the provisions of the Regulation of the European Parliament and of the Council (EU 2016/679) in force since May 25, 2018. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons about the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter "RODO")
You are entitled to request:
a) Access to your personal data, including obtaining a copy of your data (Article 15 RODO or, if applicable, Article 13(1)(f) RODO),
b) Restriction of your personal data (Article 16 RODO),
c) Deletion of your personal data (Article 17 RODO),
d) Restriction of the processing of your personal data (Article 18 RODO),
e) Request the transfer of your data to another controller (Article 20 RODO).
f ) Object at any time to the processing of your data on grounds relating to your particular situation - to the processing of personal data concerning you, based on Article 6(1)(f) RODO (i.e. the legitimate interests pursued by us) (Article 21(1) RODO).

The login and entry points for personal data are protected in the transmission layer (SSL certificate). In this way, the personal and login data entered on the website are encrypted on the user's computer and can only be read on the target server.

The personal data stored in the database are encrypted in such a way that only those holding the Operator's key can read them. This way the data is protected in case the database is stolen from the server.

User passwords are stored in hashed form. The hash function works unidirectionally - it is not possible to reverse it, which is now a modern standard for storing user passwords.

In order to protect the data, the Operator regularly makes backup copies.

An important element of data protection is the regular updating of any software used by the Operator to process personal data, which in particular means regular updates of programming components.




Your rights and additional information about how we use your data

Service is hosted (technically maintained) on the Operator's servers:

In certain situations, the Administrator has the right to transfer your personal data to other recipients if this is necessary for the performance of a contract concluded with you or for the fulfillment of obligations incumbent on the Administrator. This applies to such groups of recipients:

1) hosting company on the basis of entrustment

2) postal operators

3) insurers

4) law firms and debt collectors

5) banks

6) payment operators

7) authorized employees and associates who use the data in order to fulfill the website's purpose

8) companies providing marketing services to the Administrator

9) Couriers.

Your personal data is processed by the Administrator no longer than it is necessary for the performance of related activities specified in separate regulations (e.g. on accounting). With regard to marketing data, the data will be processed no longer than for 3 years.

You have the right to request from the Administrator:

1) Access to personal data concerning you, to rectify them.

2) Deletion.

3) Restriction of processing.

4) And data portability.

You have the right to object within the scope of the processing indicated in point 3.3 c) to the processing of personal data for the purposes of carrying out the legitimate interests pursued by the Administrator, including profiling, whereby the right to object will not be exercisable if there are valid legitimate grounds for processing overriding your interests, rights and freedoms, in particular the establishment, assertion or defence of claims.

The Administrator's actions may be complained about to the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.

Providing personal data is voluntary, but necessary to operate the Service.

In relation to you may be taken actions involving automated decision-making, including profiling in order to provide services under the concluded agreement and in order for the Administrator to conduct direct marketing.

Personal data is not transferred from third countries within the meaning of data protection regulations. This means that we do not send them outside the European Union.


Information on the forms

The Service collects information voluntarily provided by the user, including personal information if provided.

The site may record information about connection parameters (time stamp, IP address).

The site, in some cases, may save information to help associate the data in the form with the e-mail address of the user completing the form. In such a case, the user's e-mail address appears inside the url of the page containing the form.

The data provided in the form is processed for the purpose resulting from the function of a particular form, e.g. to perform the process of service request or business contact, service registration, etc. Each time the context and description of the form informs in a clear way what it is used for.


Administrator logs

Information about users' behavior on the site may be subject to logging. This data is used to administer the service.


Information about cookies


Essential marketing techniques

The website uses cookies.

Cookies (so-called "cookies") are computer data, in particular text files, which are stored in the Service User's terminal equipment and are intended for use on the websites of the Service. Cookies usually contain the name of the website from which they come, the time of storing them on the terminal equipment and a unique number.

The operator of the Website is the entity placing cookies on the Website User's terminal equipment and accessing them.

Cookies are used for the following purposes:

1) maintaining a session of the Website user (after logging in), so that the user does not have to re-enter login and password on each subpage of the Website;

2) Realizing the purposes specified above in the section "Important marketing techniques";

There are two basic types of cookies used within the Website: "session" (session cookies) and "permanent" (persistent cookies). "Session" cookies are temporary files that are stored in the User's terminal equipment until logging out, leaving the website or switching off the software (web browser). "Permanent" cookies are stored on the User's end device for the time specified in the parameters of cookies or until they are deleted by the User.

Web browsing software (Internet browser) usually allows by default to store cookies on User's end device. Users of the Website can change their settings in this regard. Internet browser makes it possible to delete cookies. It is also possible to block cookies automatically. Detailed information on this subject can be found in help or documentation of a web browser.

Restrictions on the use of cookies may affect some of the functionality available on the Website.

Cookies placed in the Service User's end device can also be used by entities cooperating with the Service Operator, in particular this concerns companies: Google (Google Inc. based in the USA), Facebook (Facebook Inc. based in the USA), Twitter (Twitter Inc. based in the USA).

Managing cookies - how to give and withdraw consent in practice?

1) If you do not want to receive cookies, you can change your browser settings. We stipulate that disabling cookies necessary for authentication processes, security, maintaining user preferences may hinder and in extreme cases make it impossible to use websites

2) In order to manage cookies, select the web browser you are using from the list below and follow the instructions:

a. Edge

b. Internet Explorer o Chrome

c. Safari

d. Firefox

e. Opera

3) Mobile Devices:

a. Android

b. Safari (iOS)

c. Windows Phone

The Operator uses statistical analysis of the website traffic via Google Analytics (Google Inc., USA). The Operator does not transmit personal data to the operator of this service, but only anonymised information. The service is based on the use of cookies on the user's terminal device. As regards information on the user's preferences collected by the Google advertising network, the user can view and edit the information resulting from the cookies using the following tool:

The Operator uses remarketing techniques that allow matching advertising messages to the user's behavior on the website, which may give the illusion that the user's personal data are used for tracking, but in practice no personal data are transferred from the Operator to the advertising operators. A technological prerequisite for this is that cookies are enabled.

The Operator uses the Facebook pixel. This technology allows Facebook (Facebook Inc., USA) to know that a person registered with it is using the Website. The Operator does not transmit any additional personal data to Facebook. The service is based on the use of cookies on the user's terminal device.

The Operator uses a solution which examines the behaviour of users by creating heat maps and recording the behaviour on the website. This information is anonymized before it is sent to the operator of the service so that he does not know which natural person it concerns. In particular, typed passwords and other personal data are not recorded.

The Operator uses a solution which automates the operation of the Website with regard to the users, e.g. it may send an e-mail to the user after he visits a particular subpage, provided that he has given his consent to receive commercial correspondence from the Operator.

bottom of page