1.Who are we?
This Cookie and Privacy Policy (“Policy”) describes how STMT sp. z o.o. with its registered office at ul. Królowej Marysieńki 20/2, 02-954 Warsaw, [National Court Register] KRS 0000945666, [tax ID no.] NIP 9512532992, (“STMT”, “we”), acting as the data controller, processes your personal data in connection with the operation of the webportal https://pankobido.pl/ (“Website”).
The Policy describes in particular the types of processed data, purposes for which we use the data and entities to which we may make the data available as well as your rights.
We use our best efforts to protect your privacy in accordance with the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).
- How to contact us?
Should you have any questions concerning this Policy or wish to exercise your rights, you may contact us electronically at the address biuro@pankobido.pl or in writing, to the address STMT sp. z o.o. with its registered office at ul. Królowej Marysieńki 20/2, 02-954 Warsaw.
3. What personal data do we process, for what purpose and on what legal basis?
We may process your personal data for various purposes, to a various extent and on various legal grounds. For that reason, we have grouped the respective information according to the processing purpose of your personal data.
3.1 Use of the Website
Scope of data. When you browse our Website, we process data on your activity on the Website, e.g.: data on the offers for massages, trainings and products viewed by you, web pages, as well as data on the session, your device and operating system, browser, location, IP address and unique ID.
Legal grounds. Our legitimate interest (art. 6 section 1 letter f GDPR) in allowing you to familiarize yourself with selected content posted on our Website, or your consent granted for the use of cookie files by us.
Processing period: Personal data collected for the aforementioned purpose are processed throughout the lifecycle of our cookie files (more information on the storage period of individual cookies can be found below in the section “What types of cookies do we use?”).
3.2 Creation of a user account and authentication of the user
Scope of data. In order to create an account for you on the Website and authenticate you when you log in, we process the personal data provided by you during the registration process, in particular: your name, your e-mail address and the password you set.
Legal grounds. Need to perform the contract for the provision of services by electronic means (Article 6, paragraph 1, letter b of the GDPR) and our legal obligation (Article 6, paragraph 1, letter c of the GDPR) resulting from Article 7, point 1, letter a of the Act on the provision of services by electronic means.
Processing period. We store personal data collected for the aforementioned purpose for the duration of the contract for the provision of the account management service, regardless of whether you actively use the services of our Website.
3.3 Using the Website after logging in
We process your personal data to enable you to use the account functionalities: signing up for massages and purchasing other services and products, processing orders for searched and viewed services and products, managing your account.
Scope of data. For this purpose, we process your personal data which you have provided in the registration form, i.e.: name, surname, e-mail address, phone number, address, history of placed orders, as well as data regarding your activity on the Website, e.g.: data regarding the services, products, subpages viewed by you, as well as data regarding the session, your device and operating system, browser, location, IP address and unique ID.
Legal grounds. Need to perform the contract for the provision of services by electronic means (Article 6, paragraph 1, letter b of the GDPR), as well as consent to the processing of cookies.
Processing period. We store personal data collected for the above purpose for the duration of the contract for the provision of the account management service, regardless of whether you actively use the services on the Website. After deletion of the account, your personal data are anonymized/deleted, except for the following data: first name, last name, e-mail address and information about expressed consents (we will store these data for up to 3 years from the deletion of the account for the purpose of handling complaints and claims related to the use of our services). We store users’ personal data contained in cookies for a period corresponding to the life cycle of cookies saved on their devices. (More information on the storage periods of specific cookies can be found in the section “What types of cookies do we use?” below.
3.4 Provision of training services in massage techniques
Scope of data. Name, surname, e-mail address, phone number, [tax ID no.] NIP, business name and business address.
Legal grounds. Provision of data is necessary for performance of the contract, that is provision of a service (art. 6 section 1 letter b GDPR).
Processing period: Personal data collected for the aforementioned purpose are processed for the period of expiry of the limitation period for claims.
3.5 Sending of newsletters and communications by electronic means.
Scope of data. Name, surname, e-mail address, phone number.
Legal grounds. Provision of data is necessary for performance of the contract, that is provision of a service (art. 6 section 1 letter a GDPR).
Processing period: Personal data collected for the aforementioned purpose are processed until you withdraw your consent.
3.6 Marketing of services and products offered on the Website, including presentation of the offer for massages and trainings tailored to your preferences
Scope of data. For that purpose, we process information on the content of your consent granted for receiving of marketing communications, your phone number, private e-mail address and information on massages or trainings viewed or selected by you as well as your training history. We receive the information directly from your or obtain it from the cookie files used on the Website.
We use the aforementioned data to create your profile corresponding to your interests and preferences. Next, we adapt marketing information to your profile, to inform about products and services you may find interesting.
Legal grounds. Our legitimate interest (art. 6 section 1 letter f GDPR) consisting in the possibility to adapt our offer to your preferences or interests, and your consent granted for receiving of marketing correspondence.
Balance of interests. Having considered our interest and your interests, rights and freedoms, we have determined that the processing of data in the manner described above will not pose an excessive interference in your privacy nor will it constitute an excessive inconvenience for you.
Processing period: For that purpose, we shall process your personal data until you revoke your consent or until we find your objection against the processing of your personal data effective. Personal data contained in cookie files are stored for a period corresponding to the lifecycle of the cookie files stored on their devices.
3.7 Statistics of the use of individual Website functionalities, facilitation of the use of the Website and assurance of IT security of the Website
Scope of data. For those purposes, we process personal data concerning your activity on the Website, such as: visited subsites and the time spent on each of them as well as data concerning your browsing history, your IP address, location, ID of your device and data on the browser and operating system.
Legal grounds. Our legitimate interest (art. 6 section 1 letter f GDPR) consisting in the improvement of the Website functionalities, generation of statistics which help manage the Website and ensure IT security of the Website.
Processing period: for that purpose, we shall process your personal data until we find your objection against the processing of your personal data effective. Personal data of users, as contained in cookie files, are stored for a period corresponding to the lifecycle of the cookie files stored on their devices.
3.8 Determination, pursuit of or defence against claims
Scope of data. For the purpose of determination, pursuit of or defence against claims, we may process necessary personal data provided by you on the Website, such as: name, surname, date of birth, data on the manner you use our services and the scope of provided services, as well as other data necessary to prove a claim, including the scope of the suffered damage.
Legal grounds. Our legitimate interest (art. 6 section 1 letter f GDPR) consisting in the determination, pursuit of or defence against claims in proceedings before courts and other state authorities.
Processing period: for that purpose, we shall process your personal data for the period of limitation for (our or your) claims which may arise in connection with the use of the application or the Website, and in the case of institution of court proceedings – for the period of the proceedings and for 10 years after a finally binding completion of such proceedings.
3.9 Consideration of claims and requests, responding to enquiries
Scope of data. For that purpose, we may process some personal data provided by you on the Website or in other manner, in connection with the services provided and products offered by us, as well as data on the use of our services which are the reason for a complaint or a request, data provided in documents enclosed to a complaint or a request.
Legal grounds. Our legitimate interest (art. 6 section 1 letter f GDPR) consisting in the consideration of a filed complaint or a request, the improvement of the Website functionalities and in the building of positive relationships with the Website users, based on reliability and loyalty.
Processing period: Data are processed for a period necessary to consider the filed enquiry, complaint or request, however, not longer than for a period of 3 years after receiving a respective message. If a given message constitutes or may constitute evidence in proceedings before a court or other state authority, we may keep such messages and personal data contained therein until a legally binding completion of the proceedings.
Provision of some data is a prerequisite for the use of individual services (mandatory data). A failure to provide such data makes it impossible for us to provide specific services. Apart from data marked on the Website as mandatory, provision of other personal data is voluntary.
4. Data sharing
We share your personal data with the following categories of recipients:
4.1 Service Providers
We share your personal data with providers of services we use to operate the Website and in connection with the provision of services.
They provide for us, among others, the hosting service in a computing cloud, tools for online marketing, sending of e-mail messages, text communication, analysis of Website traffic, efficiency analysis of marketing campaigns, they support performance of specific Website functionalities, as well as provide accounting, legal, IT and HR services for us.
We may also share your personal data with other recipients who provide legal, courier or postal services for us.
4.2 State authorities
We provide your personal data if they are requested by competent state authorities, in particular organizational units of the prosecutor’s office, the Police, the President of the Personal Data Protection Office or the President of the Competition and Consumer Protection Office.
5. Personal data processing area
5.1 We process your personal data only within the European Economic Area (“EEA”) and we do not transfer them outside of EEA.
5.2 If you benefit from the services provided in the UK, your personal data may be transferred by us outside the EEA for the proper provision of the services. In accordance with two implementing decisions of the European Commission (ref. C(2021) 4800 and ref. C(2021) 4801), the UK has been recognised as a country providing an adequate level of protection for personal data.
6. Profiling
The processing of your data is not based on decisions made automatically (including automatic profiling).
- What rights do you have?
- The right to access your personal data, to obtain a confirmation that your personal data are used and to obtain their copy;
- The right to portability of the personal data you have provided to us and the right to their transfer to you or another indicated entity in a commonly used, computer readable format;
- The right to rectify your personal data if they are incomplete or incorrect;
- The right to erase all or some of your personal data;
- The right to restrict the processing of your personal data;
- The right to object against the processing performed by us based on our legitimate interest;
- The right to withdraw the consent granted for the use of personal data at any time – if the processing is based on the consent. However, withdrawal of the consent does not affect the legality of the use of data based on the consent in the period before its withdrawal;
Keep in mind that we will not always be able to satisfy your request, e.g. due to legal regulations binding upon us or a failure to meet the prerequisites for the request to be granted. We shall inform you about the actions taken or the reasons for refusing to take them. To exercise your rights, contact us in the manner described in section 2 above “How to contact us?”.
If you find that in the processing of personal data, we act improperly or unlawfully, you may file a complaint with a supervisory authority appointed to supervise the observance of personal data protection regulations in Poland, that is the Personal Data Protection Office (www.uodo.gov.pl).
8. Links to other websites
For your convenience and for information purposes, we may post on our Website links to other websites. Other websites to which we post links usually publish their own privacy policies. If you visit such websites, we encourage you to familiarize yourself with those policies. We are not liable for the content posted on other websites, for the websites themselves nor for privacy practices of the entities operating those websites.
Furthermore, we may process your data obtained through social media. If you visit our profiles (e.g. Facebook, Instagram) or participate in our various actions organized in those social media, we shall process your personal data obtained through those profiles, among others, your name and surname, user name, profile photo (avatar), information provided in your posts and comments. The legal basis for that processing is our legitimate interest – it allows us to build positive relationships with our clients or users not logged into social media. Data within that scope shall be processed for the period of the functioning of our profile or until you file your objection.
9. Cookies and other information stored on your end device
9.1 What are cookie files and other information?
The Website uses “cookie” files.
“Cookie” files are text files sent by websites to your computer or your other device connected to the Internet, which allow to unmistakably identify your browser or store information on its settings.
Cookies usually include the name of the website they originate from, their storage period on the end device and a unique number. They record, in particular, data such as: clicks on the Website, visits to the Website (main site and subsites) or data on the use of specific services on the Website.
Furthermore, we use solutions which allow us to recognize devices (based on analysis of the collected information on your device), user tokens and solutions helping us determine if the application has already been logged into from the given browser (by assigning an ID to data on the use of the device).
9.2 For what purposes do we use cookies and other information?
We use them to prepare statistics on site and subsite views of the Website (analytical cookies) – we use cookie files of our partners (e.g. Google Analytics) to count visits on the Website, their length, and to determine which functionalities of the Website or its part were used or visited most frequently. Information collected that way allows us to analyse the efficiency of the Website and to determine directions for the development of new functionalities and services.
9.3 What type of cookies and other information do we use?
We use “cookies” on the Website. “Cookies” are text files sent by websites to your end device, which enables clear identification of your browser or retaining information about your browser settings.
In particular, we use the following cookies on the Website:
| Name of the cookie file | Provider | Purpose | Storage period |
| display of recent posts and buttons to Facebook | from 7 days to 3 years | ||
| display of recent posts and buttons to Facebook | from 7 days to 3 years | ||
| Youtube | Youtube | display of videos | up to 6 months |
| Google Maps | display of maps | in accordance with Google policy | |
| Google reCAPTCHA | preventing spam | in accordance with Google policy | |
| TikTok | TikTok | display of videos | up to 3 years |
| Google Tag Manager | service statistics | 3 months | |
| Vimeo | Vimeo | display of videos | 1-2 years |
| WP Optimize | Updraft WP Software Ltd. | page caching | a few days |
| WP Rocket | WP Media | page caching | a few days |
| Google Analytics | service statistics | 1 year 1 month 4 days | |
| WooCommerce | At Automatic | storing basket content | during user’s session – 2/3 days |
Cookies contain the name of the originating website, their storage time on the end device and a special number. In particular, they record data such as clicks on the Website, visits to the Website (main and sub-pages) or data on the use of certain services on the Website.
In addition, we use solutions that allow us to recognise devices (based on analysis of the information collected about your device), a user token and solutions that help us determine whether a login has already taken place from a particular browser (by assigning an identifier to the data resulting from the use of the device).
We use them for the following purposes: to compile statistics on views of the page and sub-pages of the Website (analytical cookies) – we use the cookies of our partners (e.g. Google Analytics) to count visits to the Website, their length and to determine which functionalities of the Website or parts of the Website have been used or visited most frequently. The information we collect in this way allows us to analyse the performance of the Website and to determine the development of new features and services, to tailor the Website to your needs, and – on the basis of the consents you have given or on any other legal basis – to tailor advertising on the Website or other websites.
We use third party cookies on our Website, including Google, Tag Manager, Facebook in order to target you with tailored advertising. Each third-party provider specifies the rules for the cookies used in its privacy policy. A description of how Google Analytics uses the data collected on websites and applications is available here: https://www.google.com/policies/privacy/partners.
Information to help you manage your cookie settings can be found here, among other places: Your Online Choices | EDAA.
9.4 Accepting and rejecting cookies
Very often, a web browser accepts storage of cookie files on your end device by default. However, you may configure your browser so that cookie files are not stored on your device (this may apply to all cookie files or to cookie files of third parties), and also remove cookie files which have already been saved.
In the menu bar of the web browser, in the “Help” section, you may find information on how to reject saving of new cookie files, how to remove already saved cookies, how to request notification about a new cookie file saved, and how to block operation of cookie files.
Listed below are links to information about cookie settings, including information on how to delete cookies in the most popular web browsers:
10. Cookie and privacy policy updates
This Cookie and Privacy Policy may be updated from time to time. Information on all important changes to this document will be posted on the Website, and the date of the last update is indicated in the top part of the document.