Free delivery on orders over 400 PLN.

The administrator of personal data is:

KOPI Natalia Kopiszka based in Warsaw, ul. Oleandrów 4, 00-629 Warszawa 

e-mail: kopi@kopi.com.pl / phone: 782 054 219

1. Explanation of terms used in the Privacy Policy:

1.1. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation data).

1.2. Personal data - means information about an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more specific factors.

1.3. Processing - means an operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, disseminating or otherwise such as sharing, aligning or combining, restricting, erasing or destroying.

1.4. Restriction of processing – means marking stored personal data in order to limit their future processing.

1.5. Profiling - means any form of automated processing of personal data, which consists in using personal data to evaluate certain personal factors of a natural person, in particular to analyze or predict aspects regarding the performance of that natural person, his or her economic situation, health, personal preferences, interests, reliability , behavior, location or movement.

1.6. Personal Data Controller – means a natural or legal person, public authority, entity or other entity that, alone or jointly with others, determines the purposes and means of processing personal data.

1.7. Processor – means a natural or legal person, public authority, entity or other entity that processes personal data on behalf of the Administrator.

1.8. Recipient – ​​means a natural or legal person, public authority, agency or other entity to which personal data are disclosed, regardless of whether it is a third party.

1.9. Third party - means a natural or legal person, public authority, unit or entity other than the data subject, Administrator, processor or persons who, with the authorization of the Administrator or processor, may process personal data.

1.10 Consent of the data subject - means voluntary, specific, conscious and unambiguous expression of will by the data subject in the form of a written declaration authorizing the processing of personal data.

1.11. Breach of personal data protection - means a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed.

1.12 Authorized person - a person with authorization issued by the Personal Data Administrator or a person authorized by him and allowed as a User to process personal data, also in the ICT system to the extent indicated in the authorization.

1.13 Unauthorized person - this means a person who is not authorized to process personal data (excluding the person authorized to view and process them under separate regulations), as well as a person whose personal data are not subject to processing in the appropriate data files.

1.14 User – a natural person who visits the website and uses the contact form available on the website.

2. KOPI Natalia Kopiszka serves as the Personal Data Administrator in accordance with the GDPR in relation to the Personal Data of Users who are natural persons.

3. Collection and processing of data for contract execution and contact purposes

3.1 Data processing 

We process information voluntarily provided by the User when placing an order. Personal data for the purpose of performing the contract (including inquiries regarding the processing of claims under warranty for defects or guarantees and the obligation to inform about necessary updates). The legal basis in this respect is Art. 6 section 1 letter b GDPR. Mandatory fields are marked as such because they concern data that is necessary to process the order and without providing it, we will not be able to process it. What data is collected results directly from the forms into which the data is entered.

Further information regarding the processing of the User's data, in particular regarding the transfer of data to our service providers for the purpose of processing orders, payments and shipping, can be found in the following sections of this privacy policy. After completion of the contract, the processing of the User's data will be limited, and after the expiry of the storage periods required under tax regulations and the Accounting Act, this data will be deleted (Article 6(1)(c) of the GDPR), unless the User expressly consents (Article 6 section 1(a) of the GDPR) for further use of this data for other purposes or we reserve the right to further use it in legally permitted cases, in which case we inform the User in this privacy policy.

3.2 Customer Account

If pursuant to Art. 6 section 1 letter a GDPR, the User will consent to creating a customer account - we will process the User's Personal Data necessary for this purpose. They will also be used for future orders on our website. The User's customer account may be deleted at any time. To do this, please send a message to our contact address indicated in the "Contact" section or use the appropriate function in the customer account settings. After deleting the User's customer account, the Processing of the User's data will be limited, and after the storage periods specified in the tax regulations and the Accounting Act, this data will be deleted (Article 6(1)(c) of the GDPR), unless the User expressly consents (Article 6(1)(c) of the GDPR). 6(1)(a) of the GDPR) to further use this data or in accordance with applicable law, we reserve the right to further use the data for other purposes, in which case we inform the User in this privacy policy.

3.3 E-receipts

The Seller may provide the entity providing IT services in the field of issuing, maintaining and providing access to e-receipts with the User's telephone number or e-mail address, which may be processed for the purposes of:

a. verification whether a given telephone number or e-mail address has been registered in the servicer's own products, and in the case of positive verification, providing the User with a view of e-receipts and additional information from the process of issuing them;

b. sending text messages and other notifications to Users confirming the issuance of an e-receipt to the IT system of the entity providing IT services for e-receipts.

3.4 Data processing for contact purposes

As part of communication with the client, we process Personal Data in order to process the User's inquiries (Article 6(1)(b) of the GDPR). The User provides us with this data voluntarily when contacting us (e.g. via the contact form or e-mail). Mandatory fields are marked as such because they concern data that is necessary to process your query. What data is collected results directly from the forms into which the data is entered. After the User's inquiry has been fully processed, the User's data will be deleted unless the User expressly consents (Article 6(1)(a) of the GDPR) to further use of this data for other purposes or we reserve the right to further use it in legally permitted cases, as described in such a situation, we inform you in this privacy policy.

4. Data processing for the purpose of delivery

W celu wykonania umowy (art. 6 ust. 1 lit. b RODO) przekazujemy dane Użytkownika wybranej przez Użytkownika w procesie składania zamówienia firmie spedycyjnej, której zlecono dostawę zamówionych produktów.

5. Data processing for the purpose of making payments

In order to make payments in our online store, we cooperate with external service providers handling electronic online payments and transfer the User's data to the payment processing company selected by the User in the ordering process. The above is for the implementation of the contract (Article 6(1)(b) of the GDPR).

6. Channels of marketing activities:

6.1 Sending the newsletter

If the User subscribes to our newsletter, then based on the consent given by the User (Article 6(1)(a) of the GDPR), we will use the data provided by the User to send our newsletter electronically on a regular basis.

You can unsubscribe from the newsletter at any time. To do this, please send a message to our contact address indicated in the "Contact" section or use the link included in the newsletter to unsubscribe from the list of recipients. After unsubscribing from the list of newsletter recipients, we will delete the User's e-mail address, unless the User expressly consents (Article 6(1)(a) of the GDPR) to further use of this data for other purposes or in accordance with applicable law, we reserve the right to further use of data, about which we inform the User in this privacy policy.

6.2 Sending an invitation to leave a purchase review

If the User has consented to this during or after placing the order (Article 6(1)(a) of the GDPR), then we will use the User's e-mail address to send the User an electronic invitation to evaluate the purchase made in our store. Opinions/ratings are issued via the feedback system we use. The User may withdraw the consent granted at any time by sending a message informing about the withdrawal of consent to our contact address indicated in the "Contact" section. Alternatively, the User may also use the unsubscribe link from the list of newsletter recipients included in the message with the invitation to leave an opinion.

7. Cookies

In order to make the visit to our website more attractive and to enable the User to use its key functions, we use technological tools, including the so-called cookies. Cookies are small text files that are automatically saved on the User's end device. Some of the cookies we use are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on the User's end device and enable us to recognize the User's browser the next time he or she visits the website (so-called persistent cookies).

7.1 Cookies categorized as "necessary" are stored on your browser as they are essential to enable basic functionalities of the website. Necessary cookies are crucial to the core functionality of the website and the website will not function as intended without them. These cookies do not store any personally identifiable information.

7.2 Functional cookies help perform certain functions such as sharing website content on social media platforms, collecting feedback and other third party functions.

7.3 Analytical cookies are used to understand how you interact with the website. These cookies help provide information about visitor count metrics, bounce rate, traffic source.

7.4 Performance cookies are used to understand and analyze key site performance metrics, helping to provide a better User experience for visitors. Advertising cookies are used to deliver personalized advertising to the User based on the pages the User has previously visited and to analyze the effectiveness of the advertising campaign.

8. Protection of privacy of end devices

When using our online offer, we use technologies that are absolutely necessary to ensure the correct and optimal use of the necessary functions of our website. In this respect, storing information on the User's end device or accessing information that is already stored on the User's end device does not require the User's consent.

For functions that are not strictly necessary, storing information on the User's end device or accessing information already stored on the User's end device requires the User's consent. Please note that in the absence of consent, some functions or elements of the website may not be fully available. All consents granted by the User remain valid until the consent is withdrawn, the settings are configured or the relevant settings are reset on the end device.

9. Any further Data Processing using cookies and other technologies

We use technologies that are absolutely necessary to ensure the correct and optimal use of the necessary functions of our website (e.g. shopping cart function). These technologies process data such as the User's IP address, time of visit to the website, information about the device and browser, as well as information about the use of our website (e.g. the contents of the shopping cart). This serves in accordance with Art. 6 section 1 letter f GDPR to pursue our legitimate interest in the optimal presentation of our offer. In addition, we also use technological tools to fulfill legal obligations to which we are subject (e.g. to prove receipt of consent to the Processing of the User's personal data), as well as for web analytics and internet marketing purposes. Further information on this subject, including the relevant legal basis for Data Processing, is provided in the following sections of this privacy policy.

9.1 Use of Google services

We use the technological tools set out below from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information collected automatically by Google technologies regarding the use of our website is usually transferred to a server of Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA and stored there. The European Commission has not issued an adequacy decision for the US. Our cooperation is based on standard data protection clauses adopted by the European Commission. If the User's IP address is processed as part of the use of Google technological tools, then thanks to enabled IP anonymization, the address is shortened before being saved on Google servers. Only in exceptional cases will the full IP address be sent to a Google server and shortened there. Unless otherwise specified for individual Google technologies described in this privacy policy, data processing is carried out on the basis of an agreement concluded with Google for the co-administration of Personal Data in accordance with Art. 26 GDPR. Further information regarding Data Processing by Google can be found in the privacy policy on the Google website.

9.2 Google Analytics

To analyze the use of our website, we use Google Analytics - a web analytics tool from Google, which automatically processes User data for this purpose (IP address, time of visit to the website, information about the device and browser, as well as information regarding the use of our website). ) and creates pseudonymous user profiles on their basis. Cookies may be used for this purpose. The User's IP address is generally not combined with other data collected by Google. Data processing as part of the Google Analytics service takes place on the basis of a data entrustment agreement concluded with Google.

9.3 Google Ads

With the help of Google Ads, we promote our website in search results and on third-party websites. For this purpose, when visiting our website, a Google remarketing cookie will be automatically saved on the User's device, which, based on the pages visited by the User, enables the display of advertisements based on the User's interests by processing the User's data (IP address) using a pseudonymous identifier (ID). , time of visit to the website, information about the device and browser, as well as information regarding the use of our website). Further data processing only takes place if the User has activated the advertising personalization option in the settings of their Google account. In such a case - if the User is logged in to Google at the same time while visiting our website, Google will use the User's data together with the data collected as part of the Google Analytics service in order to create and define the so-called lists of target groups for remarketing purposes on various devices.

9.4 Use of Facebook services

We use the Facebook Pixel tool provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). The scope of functionalities of the Piksel Facebook tool that we use is indicated below. The Facebook pixel automatically collects and stores data (User's IP address, time of visit to the website, information about the device and browser, as well as information regarding the use of our website, e.g. visit to the website or registration to the newsletter). Based on this data, pseudonymized User profiles are then created.

As part of the so-called extended data comparison in the Facebook Analytics tool - for comparison purposes, hashed information is also collected and stored, which can be used to identify natural persons (e.g. names and surnames, e-mail addresses and telephone numbers).

For this purpose, when visiting our website, the Facebook Pixel saves a cookie on the User's device, which, using a pseudonymous Cookie ID, enables automatic recognition of the User's browser when visiting other websites. Facebook will combine this information with other data from the User's Facebook account and use it to prepare reports on website activity and to provide other services related to the use of websites, in particular for the purposes of advertising personalization. Information collected automatically by Facebook technologies about your use of our website is usually transmitted to a Facebook, Inc. server. 1601 Willow Road, Menlo Park, California 94025, USA and stored there. In relation to the USA, the European Commission has not issued a decision confirming the adequacy of data protection. To the extent that data transfers to the USA are our responsibility, our cooperation is based on standard data protection clauses of the European Commission. Further information regarding Data Processing by Facebook can be found in Facebook's privacy policy.

9.5 Facebook Analytics Tools

As part of the Facebook Business tools, statistics of Users' activity on our website are created based on data collected using the Facebook pixel code regarding the User's use of our website. Data processing by Facebook takes place on the basis of a concluded data entrustment agreement. Data analysis (website usage statistics) serves to optimize and make our website more attractive.

9.6 Facebook Ads (ad management)

Facebook Ads allows us to advertise our website on Facebook and other platforms. We establish the parameters of a given advertising campaign. Facebook is responsible for accurate implementation, and in particular for the decision to display a given ad to individual Users. Unless otherwise specified for individual functions and tools, Data Processing takes place on the basis of an agreement for co-administration of Personal Data in accordance with Art. 26 GDPR. Joint liability is limited to the collection of data and its transfer to Facebook Ireland. This does not include subsequent Data Processing by Facebook Ireland.

10. Data processing after placing an order

After the User places an order in the store, the User's encrypted e-mail address will be transferred to GetResponse S.A. and TrustMate S.A.. The legal basis for Processing is Art. 6 section 1 point 1 letter f GDPR. This is done to check whether the User is already registered in the GetResponse S.A. system. and TrustMate S.A. and is necessary for the implementation of overriding, legally justified interests - both ours and GetResponse S.A. and TrustMate S.A. - consisting in the possibility of ensuring buyer protection in connection with a specific order and providing transaction evaluation services. If the User is already registered to use the services of GetResponse S.A. and TrustMate S.A., then in such a case, further Data Processing takes place in accordance with the agreement concluded between the User and GetResponse S.A. and TrustMate S.A. People who have not registered will have the opportunity to register for the first time. Further Data Processing after registration also depends on the type of contract concluded by the User with GetResponse S.A. and TrustMate S.A. If the User does not register to use GetResponse S.A. services. and TrustMate S.A., all transferred data will be automatically deleted by GetResponse S.A. and TrustMate S.A., and it will not be possible to link them to a specific person.

11. Social media

11.1 Our activity on social networking sites: Facebook, Instagram, YouTube

If the User has given consent in this respect to a given social networking site (Article 6(1)(a) of the GDPR), when visiting our account/profile on the above-mentioned social networking sites, the User's data will be automatically collected and stored for web analytics and marketing purposes. Pseudonymous user profiles are created based on this data. They can be used, for example, to post the so-called personalized advertisements that probably match the User's interests. Cookies are usually used for this purpose.

Detailed information regarding the Processing and use of User's data by individual social networking sites, as well as information regarding User's rights and the possibility of configuring privacy settings, as well as contact details for the purpose of submitting an inquiry, are described in the privacy policies of individual social networking sites linked below. If the User needs help in this regard, he or she can also contact us.

**Facebook (by Meta)** is a social networking site provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Automatically processed information regarding the activity and use of our Facebook fan page (by Meta) is usually transferred to a server of Meta Platforms Ireland, Inc., 1 Hacker Way, Menlo Park, California 94025 in the USA and stored there. In relation to the USA, the European Commission has not issued a decision confirming the adequacy of data protection. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing when visiting a fan page on Facebook (by Meta) takes place in accordance with Art. 26 GDPR on the basis of joint arrangements concluded between the joint controllers, which are available [here](https://www.facebook.com/legal/terms/page_controller_addendum). Further information regarding the Processing of User's Personal Data when visiting a Facebook fan page (information regarding the page statistics function) is available [here](https://www.facebook.com/legal/terms/information_about_page_insights_data).

**Instagram (by Meta)** is a social networking service provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Automatically processed information regarding the activity and use of our Instagram fan page account is usually transferred to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025 in the USA and stored there. In relation to the USA, the European Commission has not issued a decision confirming the adequacy of data protection. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing as part of visits to the fan page account on Instagram (by Meta) takes place in accordance with Art. 26 GDPR based on joint arrangements between the joint controllers. Further information regarding the Processing of User's Personal Data when visiting a Facebook fan page (information regarding the page statistics function) is available [here](https://www.facebook.com/legal/terms/information_about_page_insights_data).

12. User Rights

12.1 Persons whose data are processed have the following rights:

a. in accordance with Art. 15 GDPR: the right to obtain information about Data Processing to the extent specified in this article;

b. in accordance with Art. 16 GDPR: the right to rectify incorrect or incomplete User Personal Data;

c. in accordance with Art. 17 GDPR: the so-called "right to be forgotten", i.e. the right to delete your Personal Data stored with us, unless their further Processing is necessary:

   – to exercise the right to freedom of expression and information;

   – to fulfill a legal obligation;

   – for reasons of public interest;

   – to establish, pursue or defend claims;

d. in accordance with Art. 18 GDPR: the right to restrict the Processing of the User's Personal Data, provided that:

   – the accuracy of this Personal Data is questioned by the User;

   – The processing is unlawful and the User objects to their deletion;

   – we no longer need Personal Data, but the User needs them to establish, pursue or defend claims;

   – The user filed a complaint pursuant to Art. 21 objection to Data Processing;

e. in accordance with Art. 20 GDPR: the right to receive the data provided to us in a structured, commonly used, machine-readable format and to send it to another Personal Data Administrator;

f. in accordance with Art. 77 GDPR: the right to lodge a complaint with the supervisory authority (the President of the Personal Data Protection Office "UODO").

12.2 Right to object

If we process Personal Data in the manner described in this privacy policy in order to secure our legitimate interests, then the User may object to the Processing of the User's data for this purpose - with effect for the future. If the Processing takes place for direct marketing purposes, the User may exercise the right to object at any time. If the Processing takes place for other purposes, the User has the right to object only for reasons arising from the User's specific situation.

Once you have exercised your right to object, we will not continue to process your Personal Data unless we demonstrate compelling legitimate grounds for the Processing that override your interests and rights, or if the Processing is for the purpose of asserting, exercising or defending legal claims. .

The previous sentence does not apply when Data Processing is carried out for direct marketing purposes. In such a case, after the User expresses an objection, we will always stop further Processing of the User's Personal Data.

12.3 Contacting us

If you have any questions regarding the collection, processing and use of your Personal Data, as well as in the event of requesting information, rectification, restriction of Processing or deletion of data, and to withdraw consents granted or to object to the use of specific data, please contact the Data Administrator directly. Personal data indicated at the beginning of this privacy policy.

The privacy policy for KOPI Natalia Kopiszka was prepared in accordance with applicable legal provisions regarding the protection of Personal Data, in particular in accordance with the GDPR. We make every effort to ensure that User data is Processed in accordance with best privacy practices.

If you have additional questions or need further changes, please let me know!

Hoops Simple Medium Small