Using the website www.cleansery.com/ implies acceptance of the following Privacy Policy and Cookies Policy terms. As a User, please read its provisions. The table of contents below will help you navigate it. It informs you how we take care of Users' data, how we process it, to whom we entrust it, and many other important matters related to personal data.

§1 GENERAL PROVISIONS
§2 DEFINITIONS
§3 PERSONAL DATA AND PRINCIPLES OF PROCESSING
§4 FORMS
§5 DISCLAIMER AND COPYRIGHT
§6 TECHNOLOGIES
§7 COOKIES POLICY
§8 CONSENT TO COOKIES
§9 SERVER LOGS

Controller – Cleansery Sp. z o.o., registered office at ul. Zamknięta 10/1.5, 30-554 Kraków, KRS: 0000988474, NIP 6793246399, REGON 522889239, share capital PLN 100,000, represented by Andrzej Suwara – President of the Management Board.

User – Any entity visiting and using the Site.

Site – The website and blog located at www.cleansery.com and www.cleansery.com/blog.Form /

Forms – Places on the Site that allow the User to enter personal data for specified purposes, e.g. newsletter subscription, placing an order, or contact.

Regulations – The regulations available on the Site governing the rules for subscribing to the Newsletter and delivery of the Newsletter Service.

Newsletter – A free electronic service provided by the Controller to the User by sending electronic messages through which the Controller informs about events, services, products, and other matters relevant to the Controller and/or for direct marketing purposes, including sending marketing and commercial content with the User's consent. Details in the Newsletter Regulations at www.cleansery.com/newsletter-policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

Act on Personal Data Protection – The Act of 10 May 2018 on the protection of personal data (Journal of Laws 2018, item 1000, as amended).Act on Provision of Electronic Services – The Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2020, item 344, as amended).

Telecommunications Law – The Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2021, item 576, as amended).

WHO IS THE CONTROLLER OF THE USER'S PERSONAL DATA?
The controller of the User's personal data is Cleansery Sp. z o.o., registered office at ul. Zamknięta 10/1.5, 30-554 Kraków, KRS: 0000988474, NIP 6793246399, REGON 522889239, share capital PLN 10,000, represented by Andrzej Suwara – President of the Management Board.The Controller jointly controls data with social media platform providers (e.g. Facebook, TikTok, etc.) listed in this document, in respect of data of persons using social media and following the Controller's profile on a given platform and interacting with the Controller. The rules of joint control are set out below for each social media platform on which the Controller has a profile.

IS PROVIDING DATA VOLUNTARY? WHAT ARE THE CONSEQUENCES OF NOT PROVIDING IT?
Providing data is voluntary; however, failure to provide certain information marked as mandatory on the Controller's pages will result in the inability to perform a given service or achieve a specific purpose.Providing data that is not mandatory or providing excess data that the Controller does not need to process is based on the User's own decision and is then processed on the basis of Article 6(1)(a) GDPR (consent). The User consents to the processing of such data and to the anonymisation of data that the Controller does not require.

FOR WHAT PURPOSES AND ON WHAT LEGAL BASES DO WE PROCESS THE USER'S PERSONAL DATA?
The User's personal data on the Controller's Site may be processed for the following purposes and on the following legal bases. The full table is provided on the Site.

HOW IS DATA COLLECTED?
Only data provided directly by the User is collected and processed (except, in certain situations, data collected automatically via cookies). During a visit to the Site, data about the visit itself is collected automatically, e.g. the User's IP address, domain name, browser type, operating system type, etc. (log-in data). Automatically collected data may be used to analyse user behaviour on the website, collect demographic data about users, or personalise the site's content for improvement purposes. This data is processed solely for site administration, hosting, or directing marketing content, and is not associated with individual users.Data may also be collected via forms on the Site, as described further in this policy.The Controller does not collect data from children. Users must be at least 16 years old to independently consent to the processing of their personal data for information society services, or obtain consent from a legal guardian. Users under 16 should not use the Site.

WHAT ARE THE USER'S RIGHTS?
At any time, the User has the following rights under Articles 15–21 GDPR:
right of access to their data
right to data portability
right to rectification of data
right to erasure, if there is no legal basis for processing
right to restriction of processing, if it has occurred improperly or without a legal basis
right to object to processing based on the legitimate interests of the controller
right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (UODO) – if the User considers that the processing of their data is unlawful
right to be forgotten, if further processing is not provided for by applicable lawThe Controller notes that these rights are not absolute and do not apply to all processing activities. To exercise their rights, the User may contact the Controller at: info@cleansery.com. A response will be provided within no more than 30 days of receipt of the request.

CAN THE USER WITHDRAW CONSENT?
If the User has consented to a specific action, that consent may be withdrawn at any time, which will result in removal of the email address from the Controller's mailing list and cessation of the indicated activities. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

DO WE TRANSFER DATA TO THIRD COUNTRIES?
User data may be transferred outside the European Union. As the Controller uses external service providers such as Meta Platforms Ireland Limited (Facebook and subsidiaries), Google, Microsoft, Airtable, Notion, Basecamp, etc., User data may be transferred to the United States or other countries. Google and Facebook apply GDPR-compliant mechanisms (e.g. certificates or standard contractual clauses). Data is transferred only to recipients guaranteeing the highest level of protection and security, in particular through:
cooperation with entities processing personal data in countries for which an adequacy decision has been issued by the European Commission,
application of standard contractual clauses issued by the European Commission (as is the case with Google),
application of binding corporate rules approved by the competent supervisory authority.

HOW LONG DO WE STORE THE USER'S DATA?
User data will be stored by the Controller for the duration of individual services/achievement of the purposes indicated, and additionally:
for the period of service provision and cooperation, and for the period of limitation of claims under applicable law – for data provided by contractors, clients, and Users,
for the period of negotiations preceding the conclusion of a contract – for data provided in enquiries,
for the period required by law, including tax law – for data related to fulfilment of legal obligations,
until an effective objection is lodged under Article 21 GDPR – for data processed on the basis of legitimate interests, including direct marketing,
until consent is withdrawn or the purpose of processing is achieved – for data processed on the basis of consent,
until the data becomes outdated or loses its usefulness – for data processed mainly for analytical and statistical purposes and site administration,
for a maximum of 3 years in the case of persons who have unsubscribed from the newsletter – for the purpose of defence against potential claims.

LINKS TO OTHER SITES
The Site may contain links to other websites. The Controller is not responsible for the content of those sites. Users are obliged to read the privacy policy or terms and conditions of those sites.

SOCIAL MEDIA ACTIVITY – FACEBOOK
The Controller administers User data on the fanpage named Cleansery on Facebook. Personal data is processed for the purposes of administering and managing the Fanpage, communicating with Users, interaction, directing marketing content, and building the Fanpage community. The legal basis is the User's consent and the Controller's legitimate interest in interacting with Users and Followers. The User voluntarily decides to like/follow the Fanpage. The Controller sees public personal data such as name and general information visible on the User's profile. Processing of other personal data is carried out by Facebook under its own terms. Privacy policy: https://www.facebook.com/privacy/explanation

SOCIAL MEDIA ACTIVITY – INSTAGRAM
The Controller administers User data on the profile @cleansery_ at www.instagram.com/cleansery_ on Instagram. Data is processed for the purposes of administering and managing the Profile, communicating with Users, interaction, directing marketing content, and building the Profile community. The legal basis is the User's consent and the Controller's legitimate interest in interacting with Users and Followers. Privacy policy: https://help.instagram.com/519522125107875

SOCIAL MEDIA ACTIVITY – LINKEDIN
The Controller administers User data on the profile Cleansery at https://www.linkedin.com/company/65461676/ on LinkedIn. Data is processed for the purposes of administering and managing the Profile, communicating with Users, interaction, directing marketing content, and building the Profile community. Privacy policy: https://pl.linkedin.com/legal/privacy-policy

DATA SECURITY
The User's personal data is stored and protected with due care, in accordance with the Controller's internal procedures. The Controller processes information about the User using appropriate technical and organisational measures meeting the requirements of applicable law, in particular data protection legislation. These measures are designed primarily to protect Users' personal data from unauthorised access. Only authorised persons are permitted to access personal data, and they are obliged to keep such data confidential, or entities to whom data processing has been entrusted under a separate data processing agreement.

WHO MAY BE RECIPIENTS OF PERSONAL DATA?
The Controller informs that it uses the services of external entities. The entities to whom it entrusts the processing of personal data (such as courier companies, electronic payment intermediaries, accounting service providers, newsletter dispatch services) guarantee the application of appropriate data protection measures required by applicable law, in particular the GDPR. The Controller entrusts the processing of personal data to, among others:
GetResponse and SendGrid – for newsletter dispatch and mailing system
Google – for storing personal data on a server
Webflow – for creating landing pages and collecting leads
ING Księgowość – for issuing accounting documents
Notion – for company management
OVH – for domain handling
Other contractors or subcontractors engaged for technical, administrative, legal, accounting, IT, graphic or copywriting support, debt collection agencies, lawyers, etc.

HAVE WE APPOINTED A DATA PROTECTION OFFICER?
The Controller informs that it has not appointed a Data Protection Officer (DPO) and performs data protection obligations independently.DO WE PROFILE THE USER'S DATA?
The User's personal data will not be used for automated decision-making that has legal or similarly significant effects on the User within the meaning of the GDPR. Within the Site and tracking technologies, the User's data may be profiled to help better personalise the Controller's offer directed to the User (mainly through behavioural advertising). This should not affect the User's legal situation. The information used is anonymous and is not associated with personal data provided by the User, e.g. during a purchase.

The Controller uses the following types of forms on the Site:

Newsletter subscription form – requires the User's first name and email address. These fields are mandatory. The User must then confirm their wish to subscribe. The data obtained is added to the mailing list for the purpose of sending the newsletter.

By subscribing, the User agrees to this Privacy Policy and consents to receiving marketing and commercial information via electronic means of communication (e.g. email) within the meaning of the Act of 18 July 2002 on the provision of electronic services.

The newsletter is sent for an indefinite period, from the moment of activation until consent is withdrawn. After withdrawal, data may still be stored in the newsletter database for up to 4 years for the purposes of demonstrating that consent was given and defending against potential claims, which constitutes the Controller's legitimate interest (Article 6(1)(f) GDPR).

Contact form – allows the User to send a message to the Controller electronically. Personal data in the form of name, surname, email address, and data provided in the message are processed by the Controller in accordance with this Privacy Policy for the purpose of contacting the User.

1. The content presented on the Site does not constitute specialist advice and does not refer to specific circumstances. If the User wishes to obtain help in a specific matter, they should contact a qualified professional or the Controller. The Controller is not liable for the use of content from the Site.

2. All content on the Site (e.g. photos, texts, other materials) is subject to copyright of specific persons and/or the Controller. The Controller does not consent to copying such content, in whole or in part, without prior explicit consent.

3. The Controller informs the User that any dissemination of content made available by the Controller constitutes a breach of applicable law and may give rise to civil or criminal liability.

4. The Controller may also seek appropriate compensation for material or non-material losses in accordance with applicable law.

5. The Controller is not liable for the use of materials available on the Site in a manner inconsistent with the law.

To use the Controller's website, the following are required:A device with internet accessAn active email inboxAn internet browser capable of displaying web pagesSoftware enabling reading of content in the formats provided, e.g. pdf, video, mp3, mp4

1. Like most websites, the Controller's Site uses tracking technologies, i.e. cookies, which allow the Site to be improved to meet the needs of its visitors.

2. The Site does not automatically collect any information other than that contained in cookies.

3. Cookies are small text files stored on the User's end device (computer, tablet, smartphone) when using the Site.

4. These may be first-party cookies (from the Site itself) and third-party cookies (from other websites).

5. Cookies allow the content of the Site to be tailored to the individual needs of the User and other visitors, and enable the creation of statistics showing how Users interact with the Site.

6. The Controller uses the following third-party cookies on the Site: (a) Facebook Conversion Pixel and Facebook Ads – for managing Facebook advertising and remarketing; (b) Google Analytics – for analysing Site statistics; (c) Plugins directing to social media such as Facebook, Instagram, TikTok, LinkedIn; (d) Google Ads tools – for running advertising and remarketing campaigns; (e) Cookies for recovering abandoned carts and tracking User activity on the online store; (f) Content from external providers (YouTube, Vimeo, SoundCloud); (g) Affiliate links and partnership programmes.

7. The Controller recommends reading the privacy policy of each of the above-mentioned service providers.

8. The Site uses two types of cookies: session cookies, which are deleted after the browser is closed, and persistent cookies, which are stored on the User's device for the period specified in the cookie parameters or until deleted by the User.

9. Users may at any time change their cookie settings in their browser, including blocking automatic cookie handling or being notified of each placement of a cookie on the device.

10. The Controller informs that restricting the use of cookies may affect certain functionalities available on the Site.

11. More information about cookies is available at http://wszystkoociasteczkach.pl/ or in the 'Help' section of the browser menu.

Upon first visiting the Site, you must consent to cookies or take other actions indicated in the notice to continue using the Site's content. Using the Site constitutes consent. If you do not wish to consent – please leave the Site. You may also at any time change your browser settings, disable or delete cookies. The 'Help' tab in the User's browser contains the necessary information.

1. Using the Site involves sending requests to the server on which the Site is stored.

2. Each request directed to the server is recorded in server logs. The logs include, among others, the User's IP address, server date and time, information about the internet browser and operating system used by the User.

3. Logs are saved and stored on the server.

4. Server logs are used for site administration purposes and their content is not disclosed to anyone other than persons and entities authorised to administer the server.

5. The Controller does not use server logs in any way to identify the User.

Publication date of Privacy Policy: 01.12.2023
Last updated: 03.04.2026