1.1. In order to protect the privacy rights of the Users of the Website operated by the Website Administrator and to comply with legal requirements, the Website Administrator provides this Privacy Policy, which explains and informs Users about how their personal data is processed and protected.

1.2. The Website Administrator processes personal data in accordance with applicable laws, including the GDPR and the Polish Act of 18 July 2002 on Providing Services by Electronic Means.

1.3. Before using the Website, the User should read the content of this Privacy Policy.

• Privacy Policy– this Privacy Policy;
• Website Administrator – SuperDrob S.A., based in Karczew, ul. Armii Krajowej 80, 05-480 Karczew; registered in the National Court Register kept by the District Court for the Capital City of Warsaw, 14th Commercial Division of the National Court Register under number 0000053972, with share capital of PLN 21,772,550.00 fully paid;
• User – a natural person whose personal data is processed by the Website Administrator in connection with using the Website;
• GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data, repealing Directive 95/46/EC;
• Website – the website operated by the Website Administrator, available at: www.superdrob.pl;
• Cookie – a file downloaded to the User’s computer when accessing certain websites.

3.1. The Website Administrator is the controller of personal data provided by the User when using the Website.

3.2. When using the Website, the Administrator may process the following personal data: name and surname, email address, and telephone number.

3.3. The Administrator collects data necessary to provide the services offered on the Website and information about the User’s activity on the Website. Below are the detailed rules and purposes for which personal data is processed.

4.1. The Website Administrator processes personal data for the following purposes:

4.1.1. Communication about its activities (Art. 6(1)(f) GDPR – legitimate interest of the Administrator: contacting Users)
Data is processed to identify the sender and respond to their inquiries submitted via contact forms or to send newsletters to subscribers.

4.1.2. Marketing activities and service improvement (Art. 6(1)(f) GDPR – legitimate interest of the Administrator: improving services and tailoring marketing content to User interests)
The data is used for analytics, content personalization, and service quality improvements.

4.1.3. Legal compliance (Art. 6(1)(c) GDPR)
Data is processed when necessary to fulfill legal obligations.

4.1.4. Ensuring security and functionality of the Website (Art. 6(1)(f) GDPR – legitimate interest of the Administrator: securing operations and maintaining high-quality services).

4.1.5. Assertion or defense of claims (Art. 6(1)(f) GDPR – legitimate interest of the Administrator: managing legal claims).

5.1. The Website Administrator may share User data with public authorities or other entities authorized under the law, especially when required to ensure system security or the rights of other Users.

5.2. Third-party service providers (e.g., hosting providers) may access User data. In such cases, appropriate data processing agreements are in place to ensure data security.

5.3. Some service providers may store User data outside the European Economic Area (EEA). When this occurs, the Administrator ensures adequate protection through Standard Contractual Clauses or other lawful data transfer mechanisms.

6.1. Users have the following rights regarding their personal data:

• Right of access
• Right to rectification
• Right to withdraw consent
• Right to erasure
• Right to restrict processing
• Right to data portability
• Right to object to processing

6.2. To exercise these rights, Users can contact the Administrator at: rodo@superdrob.pl

6.3. Users have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if they believe their data protection rights have been violated.

7.1. The Administrator stores User data only as long as necessary to fulfill the purposes for which it was collected. Afterward, the data is deleted or anonymized.

7.2. Data may be stored longer if required by law or necessary for the establishment, exercise, or defense of legal claims.

7.3. Data processed on the basis of consent will be stored until the consent is withdrawn.

8.1. Cookies contain:

• The name of the server from which the cookie was sent
• The cookie’s lifespan
• A value (usually a randomly generated unique number)

8.2. The Website that sent the cookie uses the number to recognize the User upon return or while browsing. Only the sending Website can read and use that cookie.

8.3. The Website Administrator uses cookies to:

• Generate statistics to understand how Users interact with the site and improve its structure and content
• Maintain User sessions (after logging in), so the User doesn’t have to re-enter login information on each page

9.1. The Website uses several types of cookies, including:

9.1.1. Google Analytics cookies
These cookies monitor site traffic and are used by Google to analyze how the User interacts with the Website, producing statistics and performance reports. Google does not use the data to identify Users or link it for identification purposes. Details: Google Privacy Policy

9.2. Users can authorize, reject, or disable cookies by changing browser settings. Disabling cookies will not remove them from the browser until they expire. Blocking cookies may result in parts of the Website being unavailable or performing poorly.

9.3. Each browser is configured differently; follow the instructions provided by your browser’s publisher.

10.1. The most up-to-date version of the Privacy Policy is always available in the footer of the Website.