Website Administrator and Personal Data Controller

The website administrator and the personal data controller is Joanna Kajstura, conducting business under the name JoKaPRO Joanna Kajstura, with the registered place of business at ul. Gminna 43, 05-506 Lesznowola, correspondence address: ul. Grabiszyńska 163/603, 53-424 Wrocław, holding NIP number 6381483109 and REGON number 072929702.

Phone: +48 730 952 543
E-mail: kontakt@jokaproskin.pl

You can contact us regarding your personal data via:

Your personal data is collected and processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR).

Where not regulated by GDPR, the processing of personal data is governed by the Polish Personal Data Protection Act of 10 May 2018.

Data Processing Methods
Types of Data Processed and Retention Periods

On our website, we offer various services for which we process different categories of personal data based on different legal grounds:

  • Conclusion and performance of a sales contract
    Data: name, surname, correspondence address, e-mail address, phone number, and possibly business details (company name, NIP)
    Legal basis: Art. 6(1)(b) GDPR
    Retention: until the expiry of limitation periods for claims
  • Account registration and maintenance
    Data: username, e-mail address
    Legal basis: Art. 6(1)(b) GDPR
    Retention: until the expiry of limitation periods
  • Newsletter
    Data: e-mail address, name
    Legal basis: Art. 6(1)(a) GDPR (consent)
    Retention: until consent is withdrawn
  • Contact form / communication
    Data: name, e-mail, optionally phone number
    Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
    Retention: until objection is raised
  • Cookies and similar technologies
    Data: identifiers (e.g., cookie ID, IP address), location, website activity
    Legal basis:
    • Art. 6(1)(f) GDPR (necessary cookies)
    • Art. 6(1)(a) GDPR (other cookies – consent)
      Retention: until objection or withdrawal of consent
  • Direct marketing
    Data: name, location, address
    Legal basis: Art. 6(1)(f) GDPR
    Retention: until objection
  • Publishing product reviews
    Data: e-mail, name/nickname
    Legal basis: Art. 6(1)(b) GDPR
    Retention: until completion of service and expiry of claims
  • Social media profiles
    Data: user identifiers, profile data, comments, communication, statistics
    Legal basis: Art. 6(1)(f) GDPR
    Retention: until objection
  • Claims and legal defense
    Data: personal and contact details, IP, payment data
    Legal basis: Art. 6(1)(f) GDPR
    Retention: until limitation period expires
  • Legal obligations (tax/accounting)
    Data: identification and contact details
    Legal basis: Art. 6(1)(c) GDPR
    Retention: until legal obligations expire
  • Product safety communication (GPSR)
    Data: e-mail, phone, address
    Legal basis: Art. 6(1)(c) GDPR
    Retention: until obligations expire
  • Data subject rights handling
    Data: name, e-mail, phone/address
    Legal basis: Art. 6(1)(c) GDPR
    Retention: duration of correspondence + limitation period
  • Digital Services Act obligations
    Data: name, e-mail
    Legal basis: Art. 6(1)(c) GDPR
    Retention: duration of case + limitation period

Voluntary Provision of Data

Providing personal data is voluntary but necessary for providing services (e.g., account creation, newsletter). In cases required by law (e.g., invoicing), providing data is mandatory.

Recipients of Personal Data

A current list of entities receiving your data is available separately. Data may also be shared with authorized entities under applicable law.

Data Transfer Outside the EEA

Due to the use of cookies and social media, your data may be processed outside the European Economic Area (e.g., USA). In such cases, appropriate safeguards are applied, such as:

  • European Commission adequacy decisions
  • Standard Contractual Clauses

You may request copies of these safeguards.

Automated Decision-Making

We do not make decisions based solely on automated processing, including profiling.

Your Rights

Under GDPR, you have the right to:

  • access your data
  • obtain a copy
  • rectify data
  • erase data
  • restrict processing
  • data portability

We respond within 1 month (extendable by 2 months if necessary).

You also have the right to:

  • object to processing
  • lodge a complaint with the supervisory authority (President of the Personal Data Protection Office)

For newsletters, you may withdraw consent at any time via unsubscribe link.

Cookies

Cookies are small data files stored on your device.

  • Necessary cookies do not require consent
  • Other cookies (analytics, marketing) require consent

You can manage cookies via the settings panel on the website.

Changes to the Privacy Policy

This Privacy Policy may be updated due to legal or operational changes related to data processing or cookies.