Privacy policy

I. General Provisions
This Privacy Policy sets out the rules for the collection, processing, and storage of Users’ personal data necessary for the provision of electronic services via the website www.subsee.pl (hereinafter referred to as the “Service”).
The Service collects only personal data that is necessary for the provision and development of the services offered therein.
Personal data collected via the Service is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – “GDPR”), as well as the Polish Personal Data Protection Act of 10 May 2018

II. Data controller
The controller of personal data collected via the Service is:
Subsee sp. z o.o.
Address: Ul. Aleja Zwycięstwa 96/98; 81-451 Gdynia
KRS: 0001138590
NIP: 9581749080
REGON: 540211262
Email: kontakt@subsee.pl
(hereinafter referred to as the “Controller”).

III. Purpose of personal data collection
Personal data is used for the following purposes:
• registration of a user account and verification of the User’s identity,
• enabling login to the Service,
• performance of contracts relating to services and electronic services,
• communication with the User (live chat, contact form, etc.),
• sending newsletters (after the User has given consent),
• operating a comment system,
• providing community/social features,
• promotion of the Controller’s offer,
• marketing, remarketing, and affiliate activities,
• personalization of the Service for Users,
• analytical and statistical activities,
• debt collection,
• establishing and pursuing claims or defending against claims.
Providing personal data is voluntary but necessary to conclude a contract or use certain functionalities of the Service.
The legal bases for processing are:
• performance of a contract – Article 6(1)(b) GDPR,
• compliance with legal obligations – Article 6(1)(c) GDPR,
• marketing of the Controller’s own services and pursuing claims – Article 6(1)(f) GDPR (legitimate interest),
• newsletter distribution and marketing profiling – Article 6(1)(a) GDPR (consent).

IV. Categories of personal data processed
The Controller may process the following personal data of Users:
• first and last name,
• email address,
• phone number.
In the case of Users who are entrepreneurs, the Controller may also process business-related data, including the company name, company registration details, and business address.

V. Data retention period
Users’ personal data will be processed for the following periods:
• where the legal basis for processing is the performance of a contract – until the expiry of limitation periods for claims following its performance,
• where the legal basis for processing is consent – until the consent is withdrawn, and after withdrawal, until the expiry of limitation periods for claims.
In both cases, the limitation period is generally 6 years, and 3 years for claims related to periodic benefits or business activities (unless specific provisions state otherwise).

VI. Disclosure of personal data
Users’ personal data may be shared with:
• entities affiliated with the Controller,
• the Controller’s subcontractors,
• entities cooperating with the Controller, such as electronic payment providers, courier/postal service providers, and law firms.
Users’ personal data may be transferred outside the European Economic Area (EEA).
In the case of transfers outside the EEA, such transfers are carried out on the basis of standard contractual clauses approved by the European Commission or an adequacy decision confirming an appropriate level of data protection.

VII. Users’ rights
Users have the right to:
• access their personal data,
• rectify their data,
• erase their data,
• restrict processing,
• data portability,
• object to processing,
• withdraw consent at any time (which does not affect the lawfulness of processing carried out before the withdrawal).
Requests related to exercising these rights should be sent to: kontakt@subsee.pl
The Controller will fulfill or refuse the request without undue delay, no later than within one month of receiving it.
Users have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if they believe that the processing of their data violates the GDPR.

VIII. Cookies
The Service collects information using cookies – session cookies, persistent cookies, and third-party cookies.
Cookies help ensure the proper provision of services within the Service and are used for statistical purposes.
For cookies other than essential ones, the Controller obtains the User’s consent via a cookie banner. Consent may be withdrawn at any time.
The Service may use external tools such as Google Analytics, Meta (Facebook) Pixel, or other marketing and analytical tools.
Cookies are divided into:
• essential – necessary for the proper functioning of the Service,
• analytical – used to analyze how the Service is used,
• marketing – used to tailor advertising content,
• functional – used to remember User preferences.
For non-essential cookies, the Controller obtains the User’s consent via a cookie banner, which can be withdrawn at any time.

IX. Automated decision-making and profiling
Users’ data will not be processed in an automated manner that would result in decisions producing legal effects or similarly significant effects for them.
Users’ data may be subject to profiling for the purpose of personalizing content and offers, provided the User has given consent.
Profiling does not produce legal effects or otherwise significantly affect the User.

X. Personal data security
The Controller applies appropriate technical and organizational measures to ensure the protection of personal data, appropriate to the risks and the categories of data protected. In particular, the Controller safeguards data against unauthorized access, loss, damage, or destruction.

XI. Final provisions
The Controller reserves the right to make changes to this Privacy Policy, provided that Users’ rights will not be limited.
Information about changes will be published in the form of a notice available on the Service.
In matters not regulated by this Privacy Policy, the provisions of the GDPR and Polish law shall apply.