Privacy Policy - Awaryjny Słoik
https://www.awaryjnysloik.pl
Dear User!
We care about your privacy and want you to feel comfortable while using our services. Below you will find the most important information about how we process your personal data and the cookies used by our Store. This information has been prepared in accordance with GDPR, i.e., the General Data Protection Regulation.
DATA CONTROLLER
Challengeen Sp. z o.o. with registered office at ul. Wielkopolska 65/12, 80-180 Gdańsk, Poland, entered in the National Court Register - register of entrepreneurs by the District Court Gdańsk-Północ in Gdańsk, 7th Commercial Division of the National Court Register, under KRS number 0000969590, Tax ID (NIP) 5833449956, REGON 521926257.
If you wish to contact us regarding the processing of your personal data, please write to us at: kontakt@awaryjnysloik.pl.
YOUR RIGHTS
You have the right to request:
- access to your personal data (Article 15 GDPR),
- rectification (Article 16 GDPR),
- erasure (Article 17 GDPR),
- restriction of processing (Article 18 GDPR),
- data portability to another controller (Article 20 GDPR).
As well as the right to:
- object at any time to the processing of your data:
- for reasons related to your particular situation – to processing of personal data concerning you based on Article 6(1)(f) GDPR (i.e., our legitimate interests), including profiling (Article 21(1) GDPR);
- if personal data is processed for direct marketing purposes, including profiling, to the extent that processing is related to such direct marketing (Article 21(2) GDPR).
Contact us if you wish to exercise your rights. You can express your objection to our use of cookies (which you can read about below) especially through appropriate browser settings.
If you believe that your data is being processed unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office.
PERSONAL DATA AND PRIVACY
Below you will find detailed information on how we process your data depending on the actions you take.
1. Purchase at Awaryjny Słoik Vending Machine (Venloop)
| For what purpose? |
|---|
| execution of product purchase transaction at vending machine |
| On what basis? |
|---|
| sales contract (Article 6(1)(b) GDPR) |
| legal obligation related to accounting (Article 6(1)(c) GDPR) |
| For how long? |
|---|
| for the duration of the contract |
| until the legal obligation related to accounting expires |
| until the statute of limitations expires (more in the last table) |
| What happens if you don't provide data? |
|---|
| you will not be able to make a purchase at the vending machine |
2. Online Order with Home Delivery
| For what purpose? |
|---|
| execution of your order with home delivery |
| On what basis? |
|---|
| sales contract (Article 6(1)(b) GDPR) |
| legal obligation related to accounting (Article 6(1)(c) GDPR) |
| For how long? |
|---|
| for the duration of the contract |
| until the legal obligation related to accounting expires |
| until the statute of limitations expires |
| What happens if you don't provide data? |
|---|
| you will not be able to place an order |
3. Jar Return at Vending Machine (Deposit)
| For what purpose? |
|---|
| recognition of returned jars and deposit refund |
| On what basis? |
|---|
| execution of deposit refund contract (Article 6(1)(b) GDPR) |
| For how long? |
|---|
| for the period necessary to settle the deposit refund |
| until the statute of limitations expires |
| What happens if you don't provide data? |
|---|
| we will not be able to refund your jar deposit |
4. Creating an Account in the Store
| For what purpose? |
|---|
| execution of account service provision contract |
| On what basis? |
|---|
| service provision contract (Article 6(1)(b) GDPR) |
| For how long? |
|---|
| until the account is deleted by you or by us at your request |
| until the statute of limitations expires |
| What happens if you don't provide data? |
|---|
| you will not be able to create an account and use its features, such as viewing order history or checking order status |
5. Saving Payment Card (Stripe)
| For what purpose? |
|---|
| enabling fast payments at vending machines without re-entering card details |
| On what basis? |
|---|
| your consent (Article 6(1)(a) GDPR) |
| For how long? |
|---|
| until you delete the card or withdraw consent |
| What happens if you don't provide data? |
|---|
| you will need to enter card details each time you make a purchase |
Note: Card data is processed and stored by Stripe (payment provider), not directly by us. We only store a token identifying your card in the Stripe system.
| For what purpose? |
|---|
| handling your inquiries or requests |
| On what basis? |
|---|
| contract or actions taken at your request (Article 6(1)(b) GDPR) |
| our legitimate interest (Article 6(1)(f) GDPR) |
| For how long? |
|---|
| for the duration of communication or until the statute of limitations expires |
| What happens if you don't provide data? |
|---|
| we will not be able to respond to your inquiry |
7. Newsletter Subscription
| For what purpose? |
|---|
| sending newsletter with information about products and promotions |
| On what basis? |
|---|
| newsletter service provision contract (Article 6(1)(b) GDPR) |
| For how long? |
|---|
| until you unsubscribe from our newsletter |
| What happens if you don't provide data? |
|---|
| you will not be able to receive information about our products and promotions |
8. Firebase - Push Notifications
| For what purpose? |
|---|
| sending notifications about transaction status at vending machine (e.g., "door opened", "payment completed") |
| On what basis? |
|---|
| your consent (Article 6(1)(a) GDPR) |
| For how long? |
|---|
| until consent withdrawal or app removal |
| What happens if you don't provide data? |
|---|
| you will not receive real-time transaction status notifications |
9. Actions That May Give Rise to Claims
| For what purpose? |
|---|
| establishment, pursuit, or defense of possible claims |
| On what basis? |
|---|
| our legitimate interest (Article 6(1)(f) GDPR) |
| For how long? |
|---|
| until the statute of limitations expires or until we acknowledge your objection |
| What happens if you don't provide data? |
|---|
| inability to establish, pursue, or defend claims |
PROFILING
Within the Store, we do not perform advanced consumer profiling. We only collect basic analytical data on site usage (see "Analytical Activities" and "Cookies" sections).
ANALYTICAL ACTIVITIES
Within the Store, we conduct analytical activities aimed at increasing its intuitiveness and accessibility. As part of the analysis, we consider how you navigate the Store – e.g., how much time you spend on a given page, where you click. This allows us to adapt the layout and appearance of the Store to Users' needs.
DATA SECURITY
When processing your personal data, we apply organizational and technical measures in accordance with applicable law, including:
- SSL certificate connection encryption
- payment card data tokenization (Stripe)
- encrypted data storage in Firebase
- regular security audits
COOKIES
Our Store, like most websites, uses so-called cookies. These files:
- are stored in your device's memory (computer, phone, etc.);
- do not cause changes to your device settings.
In this Store, cookies are used for:
- necessary purposes (user session, cart, authentication)
- statistical purposes (Google Analytics, Microsoft Clarity)
- functional purposes (language preferences, location)
Except for necessary cookies, cookies only run after your explicit opt-in via the cookie banner. You can change your choices at any time using the cookie icon or the “Cookie settings” link in the footer. Preferences are stored locally in your browser (localStorage) by the banner and are re‑prompted roughly every 6 months or when there are significant changes.
To learn how to manage cookies, including how to disable them in your browser, you can use your browser's help file. You can access this information by pressing F1 in your browser. Additionally, you will find appropriate guidance on the following pages:
Cookies we use:
| cookie name | validity period | function |
|---|
| _ga | 2 years | Google Analytics - visit counting |
| _gid | 24 hours | Google Analytics - user distinction |
| _clck | 1 year | Microsoft Clarity - user identification |
| _clsk | 1 day | Microsoft Clarity - session events linking |
| _medusa_jwt | session | User authentication (httpOnly cookie) |
| _medusa_cart_id | 30 days | Shopping cart identification |
| locale | 1 year | Language preferences |
Note: Consent preferences are stored in the browser’s localStorage by the consent banner and are not a cookie.
Using appropriate browser options, you can at any time:
- delete cookies,
- block the use of cookies in the future.
More information about cookies can be found on Wikipedia.
EXTERNAL SERVICES / DATA RECIPIENTS
We use services of external entities that support us in conducting business. We entrust them with processing your data – these entities process data only on our documented instructions.
Below you will find a list of data recipients:
| ACTION | DATA RECIPIENTS | DATA TRANSFER OUTSIDE EU |
|---|
| any action in the store | hosting provider (Railway) | yes – USA ** |
| IT/technical support provider | no |
| payments | Stripe (payment provider) | yes – USA ** |
| push notifications | Firebase / Google Cloud | yes – USA ** |
| purchase at vending machine | MQTT / EMQX system (vending machine communication) | possible – depending on server location |
| analytics | Google Analytics | yes – USA ** |
| Microsoft Clarity (user behavior analytics) | yes – USA ** |
| accounting | accounting office | no |
| shipping (online orders) | courier company | no |
Furthermore:
Relevant public authorities to the extent we are obliged to provide them with data.
TRANSFER OF PERSONAL DATA TO COUNTRIES OUTSIDE THE EUROPEAN UNION
** In connection with the above, your personal data may also be processed by entities outside the European Union. The appropriate level of protection for your data is ensured by:
- Stripe: Participation in GDPR compliance certification programs, use of Standard Contractual Clauses approved by the European Commission
- Google (Firebase, Analytics): European Commission adequacy decision (EU-US Data Privacy Framework), Standard Contractual Clauses
- Microsoft (Clarity): European Commission adequacy decision (EU-US Data Privacy Framework), Standard Contractual Clauses
- EMQX: Depending on chosen server region - possible EU location
More information about safeguards used by these entities:
SPECIAL RULES FOR AWARYJNY SŁOIK SYSTEM
Vending Machines (Venloop)
When using Awaryjny Słoik vending machines:
- Transactions are recorded with assignment to your account (if logged in)
- The system tracks jar returns for deposit settlement
- Purchase data is stored for accounting and claims purposes
Geolocation
The mobile app may use your location data to:
- Display nearest Awaryjny Słoik vending machines
- Facilitate the purchase process
You can always disable location sharing in your device settings.
Deposit System
The system remembers which jars you purchased to enable deposit refund. Data about purchased jars is stored for:
- 2 years from purchase (standard warranty period)
- or until jar and deposit return
Last updated: December 2024
If you have questions about the privacy policy, contact us:
📧 kontakt@awaryjnysloik.pl
📞 537 291 807