Privacy policy

This privacy policy describes how we process information about you, including personal data and cookies.

1. General Information

  1. This policy applies to the website operating at the URL: tompack.pl
  2. The website operator and Data Controller is: Tomasz Stanisław Podolak, ul. Magazynowa 5, 30-858 Kraków
  3. Contact email for the operator: kontakt@tompack.pl
  4. The operator is the Data Controller regarding any data provided voluntarily on the website.
  5. The website processes personal data for the following purposes:
    • Handling inquiries through the form
    • Presenting offers or information
  6. The website collects information about users and their behavior in the following ways:
    1. Through data entered voluntarily in forms, which are stored in the operator’s systems.
    2. By saving cookies on users’ devices.

2. Selected Data Protection Methods Used by the Operator

  1. Login and data entry areas are protected in the transmission layer (SSL certificate). This ensures that personal and login data entered on the site are encrypted on the user’s computer and can only be read on the target server.
  2. Personal data stored in the database is encrypted so that only the Operator with the key can read it. This protects the data in case of a database theft from the server.
  3. User passwords are stored in a hashed form. The hashing function is one-way – it cannot be reversed, which is currently a modern standard for storing user passwords.
  4. The operator periodically changes their administrative passwords.
  5. To protect data, the operator regularly performs backups.
  6. An essential aspect of data protection is the regular updating of all software used by the operator to process personal data, particularly regular updates to software components.

3. Hosting

  1. The website is hosted (technically maintained) on servers operated by: cyberFolks.pl
  2. To ensure technical reliability, the hosting company keeps logs at the server level. The logs may include:
    • resources identified by URL (addresses of requested resources – pages, files),
    • the time the request was received,
    • the time the response was sent,
    • client device name – identified via HTTP protocol,
    • information on errors that occurred during HTTP transactions,
    • the URL of the previously visited page (referrer link) – if the user arrived at the website via a link,
    • information about the user’s browser,
    • IP address information,
    • diagnostic information related to self-ordering services via registries on the website,
    • information regarding email handling directed to and sent by the operator.

4. Your Rights and Additional Information on How We Use Data

  1. In some situations, the Administrator has the right to transfer your personal data to other recipients if necessary for the execution of a contract concluded with you or to fulfill obligations imposed on the Administrator. This applies to such recipient groups:
    • the hosting company under delegation of processing
    • authorized employees and collaborators who use the data to achieve the purpose of the website’s operation
    • companies providing marketing services for the Administrator
  2. Your personal data is processed by the Administrator no longer than necessary to perform activities related to the data specified by separate regulations (e.g., accounting regulations). For marketing data, it will not be processed for more than 3 years.
  3. You have the right to request from the Administrator:
    • access to personal data concerning you,
    • rectification,
    • deletion,
    • restriction of processing,
    • and data portability.
  4. You have the right to object to the processing specified in point 3.2 concerning the processing of personal data for the purpose of legitimate interests pursued by the Administrator, including profiling, but the right to object cannot be exercised if there are valid legitimate grounds for processing that override your interests, rights, and freedoms, particularly establishing, pursuing, or defending claims.
  5. You have the right to lodge a complaint with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
  6. Providing personal data is voluntary but necessary to operate the website.
  7. Automated decisions, including profiling, may be made in relation to you for the purpose of providing services under the concluded contract and for the direct marketing conducted by the Administrator.
  8. Personal data is not transferred to third countries within the meaning of personal data protection regulations. This means we do not transfer them outside the European Union.

5. Information in Forms

  1. The website collects information provided voluntarily by the user, including personal data if provided.
  2. The website may save information about connection parameters (time stamp, IP address).
  3. The website may, in some cases, save information facilitating linking data in the form with the user’s email address filling out the form. In this case, the user’s email address appears within the URL of the page containing the form.
  4. Data provided in the form is processed for the purpose resulting from the specific function of the form, e.g., to process a service request or commercial contact, service registration, etc. Each time, the context and description of the form clearly inform what it is used for.

6. Administrator’s Logs

  1. Information on user behavior on the website may be subject to logging. These data are used to administer the website.

7. Important Marketing Techniques

  1. The operator uses statistical analysis of site traffic through Google Analytics (Google Inc. based in the USA). The operator does not transfer personal data to this service operator but only anonymized information. The service is based on cookies on the user’s end device. Concerning user preferences collected by Google’s ad network, the user can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/

8. Cookie Information

  1. The website uses cookies.
  2. Cookies are IT data, in particular text files, stored on the User’s end device, intended for the use of the website’s pages. Cookies usually contain the name of the website they come from, the time they are stored on the end device, and a unique number.
  3. The entity placing cookies on the User’s end device and accessing them is the website operator.
  4. Cookies are used for the following purposes:
    1. maintaining the User’s session (after logging in), so that the user does not have to re-enter the login and password on each subpage of the website;
    2. fulfilling purposes specified in the section “Important Marketing Techniques”;
  5. There are two main types of cookies used within the website: “session” (session cookies) and “persistent” (persistent cookies). “Session” cookies are temporary files stored on the User’s end device until logging out, leaving the website, or turning off the software (web browser). “Persistent” cookies are stored on the User’s end device for a period specified in the cookie parameters or until they are deleted by the User.
  6. Web browsing software (web browser) typically allows the storage of cookies on the User’s end device by default. Website Users may change these settings. The web browser allows deleting cookies. It is also possible…