Privacy policy

What is a Privacy Policy?

We would like to provide you with details concerning our processing of your personal data in order to give you full knowledge and comfort in using our website.

Since we operate in the online sector, we know how important it is to protect your personal data. Therefore, we make particular efforts to protect your privacy and information you provide us with.

We carefully select and apply appropriate technical measures, in particular programming and organisational measures, to ensure protection of the personal data we process. Our website uses encrypted data transmission (SSL), which ensures protection of your identity.

In our Privacy Policy you will find all key information regarding our processing of your personal data. Please read it, we promise it won’t take more than a few minutes.

Who is the administrator of the website www.onlybio-shop.com?

The administrator of the website is ONLYBIO.LIFE SPÓŁKA AKCYJNA with its registered office in Bydgoszcz at ul. Jakóba Hechlińskiego 6, 85-825 Bydgoszcz, registered by the District Court in Bydgoszcz, XIII Economic Division of the National Court Register, KRS 0000875787, NIP 9562303561, REGON 341433396, Product, Packaging and Waste Management Database Registry (BDO): 000505675, with the share capital of: 5 000 000,00 PLN (i.e.: We).

Personal data

What legal act governs the processing of your personal data?

Your personal data are collected and processed by us in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ EU L 119, p. 1), commonly referred to as: GDPR. In the scope not regulated by the GDPR, the processing of personal data is governed by the Personal Data Protection Act of 10 May 2018.

Who is the controller of your personal data?

The controller of your personal data is ONLYBIO.LIFE SPÓŁKA AKCYJNA with its registered office in Bydgoszcz at ul. Jakóba Hechlińskiego 6, 85-825 Bydgoszcz, registered by the District Court in Bydgoszcz, XIII Economic Division of the National Court Register, KRS 0000875787, NIP 9562303561, REGON 341433396, Product, Packaging and Waste Management Database Registry (BDO): 000505675, with the share capital of: 5 000 000,00 PLN, email: [email protected], phone: +48 697 652 227.

You can contact us about your personal data using the following methods:
e-mail: [email protected],
traditional mail: ul. Jakóba Hechlińskiego 6, 85-825 Bydgoszcz,
phone: +48 697 652 227.

How do we process your personal data, that you provide to us?

What personal data do we process and for what purposes?

On our website we offer a variety of services as part of which we process different personal data on different legal grounds.

Objective	Personal data	Legal basis for processing	Data retention time
conclusion and performance of an agreement	first name, last name, address for correspondence, e-mail address, telephone number, Taxpayer Identification Number (NIP)	article 6(1)(b) of the GDPR, i.e. processing in order to take action at your request, prior to conclusion of a contract, and processing necessary for the performance of a contract to which you are party	until the expiry of the limitation period for claims concerning the performance of the contract
creating and maintaining an account	first name, last name, e-mail address, telephone number, address for correspondence	article 6(1)(b) of the GDPR, i.e. processing in order to take action at your request, prior to conclusion of a contract, and processing necessary for the performance of a contract to which you are party	until the expiry of the limitation period for claims concerning the performance of the contract
adding opinions	nickname, name, surname, e-mail address	Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in presenting opinions on the goods and the course of the transaction on the online store website	until you object to the processing of your personal data
newsletter	e-mail address, name, surname,	Article 6(1)(a) of the GDPR, i.e. processing based on the consent given by you to the processing of your personal data	until the day you withdraw your consent to personal data processing
contact form	name, surname, e-mail address	article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in maintaining the continuity of communication and enabling contact with us in matters of business activity.	until you object to the processing of your personal data
"notify about availability" form	e-mail address	article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in maintaining the continuity of communication and enabling contact with us in matters of business activity.	until you object to the processing of your personal data
organization of competitions	name, surname, e-mail address, image	Article 6(1)(a) of the GDPR, i.e. processing based on the consent given by you to the processing of your personal data	until the day you withdraw your consent to personal data processing
traffic analysis on the website	IP number, browser data	Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing the Controller's legitimate interest in analysing customer traffic on the website	14 months or until you object to the processing of your personal data
direct marketing of Goods and own services, including remarketing	IP number, browser data	Article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing the Controller's legitimate interest in direct marketing of its own services, including remarketing	3 years or until you object to the processing of your personal data
determination, pursuit and enforcement of claims and defence against claims in proceedings conducted before courts and other state authorities	first name, last name, address, PESEL number, tax identification number (NIP), national business registry number (REGON), e-mail address, telephone number, IP number, bank account number, payment card number	article 6(1)(f) of the GDPR, i.e. processing for the purpose of pursuing our legitimate interest in establishing, pursuing and enforcing claims and defending against claims in proceedings conducted before courts and other state authorities	until the expiry of the limitation period for claims concerning the performance of the contract
fulfilling legal obligations arising from legal regulations, in particular tax and accounting regulations	first name, last name, company name, PESEL number, tax identification number (NIP) or national business registry number (REGON), e-mail address, telephone number, address for correspondence, payment card number	Article 6(1)(c) of the GDPR, i.e. processing is necessary to fulfil legal obligations incumbent of the Controller, resulting from legal regulations, in particular tax and accounting regulations	until the expiry of the legal obligations imposed on the Controller which justify the processing of personal data

Voluntary provision of personal data

Provision of the required personal data is voluntary, but it is necessary for us to provide services to you.

Recipients of personal data

The current list of entities to which we disclose your personal data can be found here.

Automated decision making (including profiling)

We do not make automated decision and we do not use profiling in relation to you.

Will we transfer your personal data outside the EEA or to an international organisation?

In order to use Google, Youtube tools, your personal data may be transferred to the United States, where Google LLC. servers are located.

Google LLC. is included in the list of entities participating in the Data Privacy Framework (link: https://www.dataprivacyframework.gov/s/participant-search) therefore the protection of personal data is adequate in relation to the regulations in force in the European Union, in accordance with Commission Implementing Decision (EU) C(2023) 4745 of July 10, 2023 on the adequate level of protection of personal data in accordance with the EU-US Data Privacy Framework (link: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework.pdf).

In order to use Facebook tools, your personal data may be transferred to the United States, where Meta Platforms Inc., servers are located.

Meta Platforms Inc. is included in the list of entities participating in the Data Privacy Framework (link: https://www.dataprivacyframework.gov/s/participant-search) therefore the protection of personal data is adequate in relation to the regulations in force in the European Union, in accordance with Commission Implementing Decision (EU) C(2023) 4745 of July 10, 2023 on the adequate level of protection of personal data in accordance with the EU-US Data Privacy Framework (link: https://commission.europa.eu/system/files/2023-07/Adequacy%20decision%20EU-US%20Data%20Privacy%20Framework.pdf).

In order to use the Hotjar statistical tool, your personal data may be transferred to the United States. In accordance with the privacy policy of the indicated tool, Hotjar has taken appropriate safeguards to ensure that your personal data remains protected and requires that external service providers and partners also have appropriate safeguards. For more information, see the Hotjar Privacy Policy at the following link: https://www.hotjar.com/legal/policies/privacy/.

In order to use Tiktok tools, your personal data may be transferred to the United States and Singapore, where TikTok Technology Limited's servers are located.

TikTok Technology Limited, when transferring user information outside the EEA, the United Kingdom or Switzerland, ensures an adequate level of data protection, relying on:

decisions establishing an adequacy level of protection or
standard contractual clauses. The European Commission has approved contractual clauses under Article 46 of the GDPR that allow EEA companies to transfer data outside the EEA.

How do we process your personal data, which we receive form other data controllers (e.g. Facebook)?

Our Online Shop allows you to:

log into account in the Shop via your Facebook profile,
log into account in the Shop via your Google account.

In such cases, we receive your personal data not directly from you, but from websites that provide these functionalities i.e.: Facebook, Google. In order to give you full control over your data, we provide below information about how we process your personal data.

Categories of relevant personal data
We process the following categories of relevant personal data: - identification data (i.e. personal data that you have published in your profile on Facebook, Google, first of all: name, surname, nick, e-mail address and your image).
Source of personal data
Your personal data comes from website:
- Facebook, the administrator of which is Meta Platforms Ireland Limited.,
- Google, the administrator of which is Google Ireland Ltd.

Purposes and legal basis for the processing of personal data

Your personal data that we have obtained will be processed for the following purposes:

Objective

Personal data

Legal basis for processing

Data retention time

logging into the account in the shop using the Facebook profile

name, surname, image

Article 6(1)(f) of the GDPR, i.e.

processing for the purpose of

pursuing the Controller's legitimate interest in allowing you to log into your account in the Online Shop using your Facebook profile

until the account is deleted

logging into the account in the shop using the Google account

name, surname, image

Article 6(1)(f) of the GDPR, i.e.

processing for the purpose of

pursuing the Controller's legitimate interest in allowing you to log into your account in the Online Shop using your Google account

until the account is deleted

What rights do you have with regard to our processing of your personal data?

Pursuant to the GDPR, you have the right to:

request access to your personal data
request rectification of your personal data
request deletion of your personal data
requests that the processing of your personal data is restricted
object to the processing of your personal data
requests transfer of your personal data

If you submit any of the above requests, without undue delay – and in any case within one month from receipt of the request – we will inform you of the actions taken in connection with your request.

If necessary, we can extend the one-month period by another two months due to the complexity of the request or the number of requests.

In any case, we will inform you within one month from receiving your request about any extension and give you the reasons for the delay.

Right of access to personal data (Article 15 of GDPR)

You have the right to be informed whether we are processing your personal data.

If we process your personal data, you have the right to:

access your personal data,
obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of these data, planned period of storage of your data or criteria for determining this period, your rights under the GDPR and about the right to lodge a complaint with the President of the Office for Personal Data Protection, about the source of these data, about automated decision making, including profiling, and about the safeguards applied in connection with the transfer of these data outside the European Union;
receive a copy of your personal data.

If you wish to request access to your personal data, please send your request to: [email protected].

Right to correct your personal data (Article 16 of GDPR)

If your personal data are incorrect, you have the right to ask us to correct your personal data immediately. You also have the right to request that we supplement your personal data.

If you wish to request correction or supplementation of your personal data, please send your request: [email protected].

Right to correct your personal data (Article 16 of GDPR)

If your personal data are incorrect, you have the right to ask us to correct your personal data immediately. You also have the right to request that we supplement your personal data.

If you wish to request correction or supplementation of your personal data, please send your request: [email protected].

The right to have your personal data deleted, i.e. the so-called “right to be forgotten” (Article 17 GDPR)

You have the right to request that your personal data be deleted when:

your personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
you have withdrawn a specific consent, to the extent that your personal data were processed on the basis of your consent;
your personal data were processed illegally;
you have raised objections to the processing of your personal data for the purposes of direct marketing, including profiling, to the extent that the processing of personal data is connected to direct marketing;
you have objected to the processing of your personal data in connection with processing necessary for the performance of a task carried out in the public interest or processing necessary for the purposes of legitimate interests pursued by us or a third party.

Despite your request to delete your personal data, we may process your data further for the purpose of determining, pursuing or defending claims, of which you will be informed.

If you wish to request deletion of your personal data, please send your request to: [email protected].

Right to submit a request to restrict processing of your personal data (Article 18 of GDPR)

You have the right to request restriction of the processing of your personal data when:

you are questioning the correctness of your personal data – in this case we will limit the processing of your personal data for a period of time that allows us to check the accuracy of the data;
the processing of your data is unlawful, and instead of deleting your personal data you request limited processing of your personal data;
your personal data are no longer needed for the purposes of processing, but is needed to establish, pursue or defend your claims;
you have objected to the processing of your personal data – until it is determined whether our legitimate interests take precedence over the grounds for objection.

If you wish to request restricted processing of your personal data, please send your request to:[email protected].

Right to submit an objection to the processing of your personal data (Article 21 of GDPR)

You have the right to object to the processing of your personal data at any time, including profiling, in connection with:

processing necessary for the performance of a task carried out in the public interest or processing necessary for purposes resulting from legitimate interests pursued by the Controller or a third party;
processing for direct marketing purposes.

If you wish to submit an objection to the processing of your personal data, please send your request to: [email protected].

Right to request transfer of your personal data (Article 20 of GDPR)

You have the right to receive your personal data from us in a structured, commonly used machine-readable format and to send data to another personal data controller.

As standard, we will provide you with your personal data in CSV format. If you prefer to have your data provided to you in a different format, please indicate your preferred format in your request. As far as possible, we will try to provide your data in your preferred format.

You can also request that we send your personal data directly to another controller (if technically possible).

If you wish to request transfer of your personal data, please send your request to: [email protected].

Can you revoke your consent to personal data processing?

You may revoke your consent to the processing of your personal data at any time.

Withdrawal of consent to personal data processing does not affect the legitimacy of processing carried out by us on the basis of your consent before it was withdrawn.

If you wish to withdraw consent to the processing of your personal data, please send your request to [email protected].

If you wish to withdraw your consent for the processing of personal data for the purpose of the "Newsletter" service, you can unsubscribe by clicking the link included in the content of the "Newsletter" email.

General information

While browsing the web pages, HTTP cookies are used, hereinafter referred to as cookies, inother words small text data files, saved on your end-device while using the website. Their use is aimed at facilitating the operation of our website.

These files allow us to identify the software you are using and tailor our website to your needs.

Cookies usually contain the name of the domain from which they come, duration of their storage on the device and values assigned to them.

Safety

Cookies we use are safe for your devices. Therefore, no viruses and no unwanted or malicious software can affect your devices via cookies.

Types of cookies

We use two types of cookies:

Session cookies: stored and kept on your device until the web browser is closed. Saved information is then permanently deleted from the memory of your device. This mechanism does not allow the acquisition of any personal data or confidential information from your device.
Persistent cookies: stored and kept on your device until deleted. Closing the web browser or switching off the device does not cause them to be removed from your device. This mechanism does not allow the acquisition of any personal data or confidential information from your device.

Aims

We also use cookies of external entities for the following purposes:

online shop configuration;
to compile statistics, which allow us to understand how Customers use the online shop and to improve its structure and content with analytical tools: Google Analytics – through Google Ireland Ltd., registered in Ireland, Google's privacy policy is available here: https://policies.google.com/privacy?fg=1
to profile Clients, and display content tailored to them in advertising networks with online advertising tools: Google Ads – through Google Ireland Ltd., registered in Ireland, Google's privacy policy is available here: https://policies.google.com/privacy?fg=1;
to collect information about Client's behavior using the Pixel Facebook tools provided by Meta Platforms Ireland Limited registered in Ireland, the Facebook Privacy Policy is available at the following link: https://www.facebook.com/help/cookies/;
to promote the Website by means of the social network service Facebook.com, the administrator of which is Meta Platforms Ireland Limited registered in Ireland, the Facebook Privacy Policy is available at the following link: https://pl-pl.facebook.com/privacy/explanation;
determining the Client's profile in order to display tailored materials in advertising networks, using the TikTok Ads online advertising tool, which is administered by TikTok Technology Limited, whose privacy policy is available at the following link: https://ads.tiktok.com/i18n/official/policy/privacy;
creating content performance and statistics and, through Hotjar tools, operated by Hotjar Ltd, based in Malta, the Hotjar Privacy Policy is available at the following link: https://www.hotjar.com/legal/policies/privacy/;
examining opinions on the level of satisfaction of Customers with a purchase made or covering purchases with buyer protection by Trusted Shops, the administrator of which is Trusted Shops GmbH with its registered office in Cologne, the Privacy Policy is available at the following link: https://www.trustedshops.pl/dane-firmy-ochrona-danych/;
popularization of the online store using the service Google.com, which is administered by Google Ireland Ltd. based in Ireland, the Privacy Policy is available at the following link: https://policies.google.com/privacy?hl=pl&gl=pl.

To be familiar with rules for the use of cookies, we recommend that you read the privacy policies of the company mentioned above.

Cookies may be used by advertising networks, especially Google, to display ads tailored to your preferences. To do so, information may be saved on your Internet behaviour or your activities on the website.

To browse and edit information on your preferences, collected by the advertising network of Google, you may use the tool available at this address: https://www.google.com/ads/preferences/.

You may change the cookie settings by yourself at any moment in the options of the web browser or service, to specify conditions for storing such files and granting access to your device via them. You may change these settings to block the automatic handling of cookies in the options of your web browser or to be informed every time they are stored on your device. Detailed information on the options and methods for handling cookies is available in the settings of your software (web browser).

List of service providers we use to operate the Website

Entity	Objective
PKO Bank Polski Spółka Akcyjna	Execution of payments
Autopay S.A., ul. Powstańców Warszawy 6, 81-718 Sopot	Execution of payments
Operator DHL Express (Poland) sp. z o.o. with its registered office in Warsaw	Order fulfilment
Operator InPost S.A. with its registered office in Kraków	Implementation of handover
Google Ireland Ltd. (Google Cloud, Google Analytics, Google Analytics 360, Fabric Software) with its registered office in Ireland	Measuring website traffic, reporting on application errors, creating statistics
Google Ireland Ltd. with its registered office in Ireland	Analysis of customer activity
Meta Platforms Ireland Limited	Promotion of the Online Shop via social network Facebook.com
Meta Platforms Ireland Limited	Popularisation of the Online Shop via the social network Instagram.com
LinkedIn Ireland Ltd. with its registered office in Ireland	Promotion of the Online Shop via social network LinkedIn.com
TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, IRELAND	Promotion of the Online Shop via social network Tiktok.com

Privacy policy

Our brands

App