- For the Owner of this website, data protection
Users is of paramount importance. It makes great efforts to
Users felt safe entrusting their personal data during the
use of the website.
- A user is a natural person, a legal entity or an organisational unit,
an unincorporated entity to which legal capacity has been granted by law,
using the electronic services available on the website.
your personal data, your rights and the obligations of the controller
- The controller uses state-of-the-art technical means and solutions
organisational arrangements ensuring a high level of protection for the data processed
personal information and security against unauthorised access.
I. CONTROLLER OF PERSONAL DATA
The administrator of the personal data is Cosmos Museum Sp. z o.o., based at:
Łucka 15/3 00-842 Warsaw, entered in the register of entrepreneurs maintained by
by the District Court in Warsaw, 12th Commercial Division, under KRS number:
0000592588, NIP: 5272884234 (hereinafter: "Owner").
II. PURPOSE OF PROCESSING PERSONAL DATA
- The Administrator processes the User's personal data in order to:
the proper performance of sales contracts concluded in the shop
online via www.
- This means that these data are needed in particular for
a. register on the website;
b. conclusion of the contract;
c. make settlements;
d. delivery of the goods or services ordered by the User;
e. the User's exercise of any consumer rights (e.g. withdrawal from the contract, warranty).
- The user may also agree to receive information
about news and promotions, which will also make the administrator
process personal data in order to send you information
trade, such as new products or services, promotions or
- Personal data are also processed in fulfilment of legal
obligations incumbent on the controller and the performance of tasks, in the interest of
public, inter alia, to perform tasks related to security
and defence or the keeping of tax records.
- Personal data may also be processed for marketing purposes
direct products, the security and the enforcement of claims or the protection of
against claims by the User or a third party, as well as the marketing of services
and products of third parties or own marketing, which is not
III. TYPE OF DATA
- The controller shall process the following personal data, the provision of which is
a. register on the website:
- e-mail address;
b. to make purchases via the website:
- delivery address;
- telephone number;
- e-mail address;
c. Data provided by the User optionally:
- date of birth;
- PESEL number (if invoice is requested);
- VAT number (if an invoice for an entrepreneur is requested).
- In the event of withdrawal from the contract or acknowledgement of a complaint, when the return
The amount due is credited directly to the user's bank account, in order to
We also process information on the number of
IV. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
- Personal data are processed in accordance with the provisions of the Regulation
European Parliament and Council (EU) 2016/679 of 27 April 2016.
on the protection of individuals with regard to the processing of personal data
and on the free movement of such data and repealing the Directive
95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88,
hereinafter: 'RODO Regulation'.
- The controller shall process personal data only with the prior consent of the
User, expressed at the time of registration on the website or at the time of
confirmation of the transaction made on the website.
- Your consent to the processing of your personal data is entirely
voluntary, but failure to do so shall preclude registration on the site
website and to make purchases, via the website.
V. USER RIGHTS
- The user may at any time request information from the controller on the extent of the
processing of personal data.
- The user may at any time request the correction or rectification of their
personal data. The user can also do this himself, after
logging into your account.
- The user may at any time withdraw his or her consent to the processing of his or her
personal data, without giving any reason. Request not to process data
may relate to a specific purpose of processing indicated by the User, e.g.
Withdrawal of consent to receive commercial communications, or apply to all
purposes of data processing. Withdrawal of consent for all purposes
processing will result in the removal of the User's account from the website.
the Internet, together with all previously processed by the controller
personal data of the user. The withdrawal of your consent will not affect the data already stored.
- The user may at any time request, without giving reasons, that the
the controller has deleted his/her data. A request for deletion of data will not affect
the actions already carried out. Deletion of data means simultaneous deletion of
your account, including all previously saved and processed
by the controller of personal data.
- The user may at any time object to the processing of
personal data, both in terms of all the data processed by the
the controller of the User's personal data, as well as only for limited
extent, e.g. as to the processing of data for a specifically indicated purpose. Objection
will not affect the actions already carried out. The lodging of an objection will
deletion of the User's account, including all stored and processed to date
time, by the controller, of personal data.
- The user may request the restriction of the processing of personal data or
whether for a specific period of time or without a time limit, but within a specific
scope, which the controller will be obliged to comply with. This request will not affect
activities carried out to date.
- The user may request that the controller transfer to another entity,
User's personal data processed. To this end, he should write a request to
administrator, indicating to which entity (name, address) it should be communicated
the User's personal data and which specific data the User wishes to have
administrator provided. Once the User has confirmed his/her wish,
the controller shall transmit electronically to the designated entity the data
personal information of the User. Confirmation of the request by the User is necessary
for reasons of security of your personal data and to obtain
certainty that the request comes from a legitimate person.
- The administrator shall inform the user of the action taken before the expiry of the
one month after receipt of one of the requests listed in the preceding paragraphs.
VI. RETENTION PERIOD OF PERSONAL DATA
- In principle, personal data is only kept for as long as it is
necessary for the fulfilment of contractual or statutory obligations for which the
were collected. This data will be deleted as soon as it is
storage will not be necessary, for evidential purposes, in accordance with the law
civil or in connection with a statutory data retention obligation.
- Information relating to the contract shall be retained for evidential purposes, for
a period of three years starting from the end of the year in which the business relationship was terminated
with the user. Deletion of data will take place after the statutory period has expired.
the statute of limitations for the assertion of contractual claims.
- In addition, the controller may retain archival information on
transactions concluded, as their retention is linked to the rights of the
The user shall be entitled to assert claims, e.g. under warranty.
- If no contract has been concluded, between the User and the Owner,
your personal data is stored until you delete your account
User on the website. Deletion of your account may take place as a result of
a request by the user, withdrawal of consent to data processing
personal data, or to object to the processing of such data.
VII. OUTSOURCING DATA PROCESSING TO OTHER ENTITIES
- The controller may entrust the processing of personal data to entities
with the controller, to the extent necessary for the performance of the transaction
e.g. for preparation of ordered goods and delivery of shipments
or the transmission of commercial information from the controller (last
applies to users who have consented to receive information
Users will not be made available in any way to third parties or to
communicated to other parties for the purpose of sending marketing material
these third parties.
- Personal data of website users will not be transferred beyond
European Union area.
paragraphs 1 and 2 of the RODO Regulation.
(hereinafter collectively referred to as "cookies") to collect information about user access
to the website (e.g. via a computer or smartphone) and its
preferences. They are used, among other things, for advertising and statistical purposes
and to customise the website
- Cookies are pieces of information that contain a unique reference code,
which the website transfers to the User's device for the purpose of
storing, and sometimes tracking, information on the information used
devices. They do not usually allow the User to be identified. Their
the main task is to make the website more relevant to the user.
- Some of the cookies found on the website are only available
for the duration of the respective web session and expire when the browser is closed.
Other cookies are used to remember you when you return to the site.
Internet, is recognised on it. They are then saved from
- The cookies used on this website are:
personal data (name, e-mail address) - stored for 1 year
- All cookies present on the website are set by the
- All cookies used by this website comply with
with applicable European Union law.
- Most users and some mobile browsers automatically
accept cookies. If the user does not change the settings, the cookies will be
stored in the device's memory.
- The user can change their cookie acceptance preferences
or change your browser so that you can receive the relevant
notification when the cookie function is set. To change your settings
acceptance of cookies, you will need to adjust your browser settings.
- It is worth remembering that blocking or deleting cookies may make it impossible to
full use of the website.
- Cookies will be used for essential session management, including:
a. Create a special login session for the website user in order to
the website remembered that the user was logged in and that their requests were
delivered in an efficient, secure and consistent manner;
b. Recognition of a user who has previously visited the site
Internet, which makes it possible to identify the number of unique users who
have used the service and makes it possible to be sure of sufficient capacity
service for the number of new users;
c. Identifying whether a website visitor is
registered on the website;
d. Recording of information from the User's device, including: cookies,
the IP address and information about the browser used, in order to be able to diagnose
problems, administration and tracking of site usage;
e. Customise elements of the layout or content of the site
f. Collect statistical information about how the User uses the site,
in order to be able to improve the website and to determine which areas of the site
Internet are the most popular for users.