Privacy Policy
1. Data controller and definitions
- The data controller of Customers/Users of the Online Shop, also known as the Seller, is Marek Kowalczyk, tel. Ten tekst zmienisz w ADMINISTRACJA / Dane Twojej firmy / Dane kontaktowe, NIP 5211445084, REGON 014945066.
- The data controller can be contacted at:
- address for letters: Ul. Obrońców Modlina 49, 05-123 Chotomów;
- the e-mail address: molanspa@gmail.com.
 
- User - a natural person entering the website/websites of the Online Shop or using the services or functionalities described in this Policy.
- Customer - a natural person having full legal capacity, a natural person who is a Consumer, a legal person or an organizational unit without legal personality, to which the Act grants legal capacity, which concludes a Distance Selling Agreement with the Seller.
- Online Shop - an Internet service run by the Seller, available at electronic addresses (websites): https://molanspa.pl through which the Customer/User may obtain information about the Goods and its availability and buy the Goods or order the service.
- Newsletter - information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of electronic services (Dz. U. z 2020 r. poz. 344) from the Seller, sent to the Customer/User by electronic means; its receipt is voluntary and requires the consent of the Customer/User.
- Account - a set of data stored in the Online Shop and in the Seller's IT system concerning the Customer/User and orders placed by the Customer/User and the agreements concluded by the Customer/User, which enables the Customer/User to place orders and conclude agreements.
- GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
2. The purposes, legal basis and period of the processing
- In order to perform the Distance Selling Agreement, the Seller processes:
- information concerning the User's device in purpose to ensure the correct functioning of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, web browser data, device data, data concerning activity on the website, including on individual subpages;
- geolocation data, if the User has consented to the service provider's access to geolocation. The geolocation data is used to provide more tailored offers of Goods and services;
- users personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, Tax Identification Number (NIP), bank account number or other personal data required by the Administrator in the purchasing process.
 
- This information does not contain identity data of the Users, but in combination with other information may constitute personal information. Therefore, the data controller extends full GDPR protection to them.
- These data are processed in accordance with Article 6 section 1 letter b of the GDPR, for the purpose of providing a service, i.e. an agreement for the provision of services by electronic means in accordance with the Regulation, in accordance with Article 6 section 1 letter a of the GDPR, in accordance with consenting to the use of certain cookies or other similar technologies, as expressed by the appropriate settings of the Internet browser, in accordance with the Telecommunications Law or in accordance with consenting to geolocation. The data are processed until the end of the User's use of the Online Shop.
- The Administrator undertakes to take all measures required under Article 32 of the RODO, i.e., taking into account the state of the art, the cost of implementation and the nature, scope and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator implements appropriate technical and organizational measures to ensure a level of security appropriate to that risk.
3. Marketing activities of the data controller
- The data controller may place marketing information about his/her Goods or services on the Online Shop’s website. Such content shall be displayed by the data controller in accordance with Article 6 section 1 letter f of the GDPR, in accordance with the legitimate interest pursued by the data controller, in publishing the content related to the services provided and the promotional content of the actions in which the data controller is involved. At the same time, the action does not infringe the rights and freedoms of the Customers/Users, the Customers/Users expect to receive similar content, or even expect it or it is their direct purpose to visit the website(s) of the Online Shop.
4. Recipients of User’s data
- The data controller discloses the Users' personal data only to the processors under the concluded contracts of entrustment of personal data processing, for the purpose of providing services to the Administrator, e.g. hosting and maintenance of the website, IT services, marketing and PR services.
5. Transfer of personal data to third countries
- Personal data will not be processed in third countries.
6. Withdrawal from the contract - electronic return form
- Rights for the data subjects
- of access (Article 15 of the GDPR) - to obtain confirmation from the data controller, whether his or her personal data are being processed. If the data about a person is processed, he or she is entitled to access it and to obtain the following information: about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be disclosed, about the period of data storage or about the criteria used to determine that period, about the right to request rectification, erasure or restriction of processing of personal data and to object to such processing;
- to obtain a copy of the data (Article 15 section 3 GDPR) - to obtain a copy of the data to be processed; the first copy being free of charge. For further copies the data controller may charge a reasonable fee based on administrative costs;
- to rectification (Article 16 of the GDPR) - to request the rectification of inaccurate or to supplement incomplete data concerning him or her;
- to erase the data (Article 17 of the GDPR) - to request the erasure of his/her personal data if the data controller has not a legal basis for their processing or the data are not necessary for the purposes of processing anymore;
- to restriction of processing (Article 18 of the GDPR) - to request a restriction of processing of personal data when:
- the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
- the data controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims,
- the data subject has objected to processing pursuant to Article 21 section 1 pending the verification whether the legitimate grounds of the controller override those of the data subject;
 
- to data portability (Article 20 GDPR) - to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the data controller to which the personal data have been provided, where data are processed on the basis of the data subject's consent or on a contract with him/her and where data are processed by automated means;
- to object (Article 21 of the GDPR) - to object to the processing of his/her personal data for the legitimate purposes of the controller, on grounds related to his/her specific situation, including profiling. In such case, the data controller shall assess the existence of important legitimate grounds for processing overriding the interests, rights and freedoms of data subjects or grounds for establishing, pursuing or defending claims. If according to the assessment the interests of the data subject will take precedence over the interests of the controller, the data controller shall be obliged to stop processing the data for these purposes;
- to withdraw consent at any time and without giving any reason, but the processing of personal data carried out before withdrawal of consent will still remain lawful. Withdrawal of consent shall result in the data controller ceasing to process personal data for the purpose for which the consent was given.
 
- In order to exercise the aforementioned rights, the data subject should contact the data controller, using the contact details provided and inform the data controller, which right and to what extent he/she wants to exercise it.
7. The President of the Personal Data Protection Office
- The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office, with its seat in Warsaw, ul. Stawki 2, which can be contacted as follows:
- address for letters: ul. Stawki 2, 00-193 Warsaw;
- via the electronic mailbox available on the website: https://www.uodo.gov.pl/pl/p/kontakt;
- address for letters: helpline: 606-950-000.
8. Data Protection Officer
- In any case, the data subject may also contact the Data Protection Officer of the data controller directly by e-mail or in writing to the address of the data controller given in section 1 point 2 this Policy.
9. Changes to the privacy and cookie policy
- Privacy and Cookies Policy may be supplemented or updated according to the data controller's current needs in purpose to provide current and reliable information to Customers/Users.
10. Cookies
- The Online Shop performs the functions of obtaining information about Customers, Users and their behaviour in the following way by:
- information voluntarily entered on the forms, for purposes arising from the function of the form;
- storing cookies (so-called: “cookies") on final device;
- collecting web server logs by the Online Shop’s hosting operator (necessary for proper operation of the Online Shop).
 
- Cookie files are IT data, in particular text files, which are stored in the Customer's/ User's final device and are designed to use the Online Shop’ s website. Cookies usually contain the name of the website from which they come from, the time of their storage on the final device and a unique number.
- The Online Shop uses cookies only after the Customer/User has given his/her prior consent in this regard. Consent to the use of all cookies by the Online Shop is given by clicking the button: "Close" when the announcement about the use of cookies by the Online Shop is displayed or by closing that announcement.
- If the Customer/User does not agree to the use of cookies by the Online Shop, he/she may use the option: "I do not agree", which is also available in the announcement about the use of cookies by the Online Shop or make changes to the settings of the Internet browser, which is currently using by Customer/User (however, this may cause incorrect operation of the Online Shop).
- To manage the cookie settings, Customer/User should select web browser/system and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
- The legal basis for the processing of personal data from cookies is the legitimate interests pursued by the Website’s Operator, consisting in providing high quality services, ensuring the safety of services.
- The Online Shop uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files, which are stored in the User's final device until logging out, leaving the Online Shop or switching off the software (web browser). Persistent cookies are stored in a User's device for the time specified in the parameters of cookies or until their removal by the User.
Functional cookies (required)
molanspa.pl
monit_token: 365 days, cookie
Identifies the shop's customer.
shop_monit_token: 30 minutes, cookie
Identifies the shop's customer.
client: 1 days, cookie
Identifies the logged-in customer / basket of the non-logged-in customer.
affiliate: 90 days, cookie
It stores information about the partner ID from which the shop was entered.
ordersDocuments: cookie
Stores information about the print status of a document.
__idsui: 1095 days, cookie
File required for the so-called lightweight login function on the website.
__idsual: 1095 days, cookie
File required for the so-called lightweight login function on the website.
__IAI_SRC: 90 days, cookie
It only stores the source from which the page was accessed.
login: cookie
Stores information about whether the user has logged in to the site.
CPA: 28 days, cookie
Includes information on the variables for the CPA / CPS programmes in which the site participates.
__IAIRSABTVARIANT__: 30 days, cookie
Variant identifier for the A/B test and IdoSell RS engine configuration.
basket_id: 365 days, cookie
The site user's shopping cart identifier, assigned for the duration of the ongoing session.
page_counter: 1 days, cookie
Counter of pages visited.
LANGID: 180 days, cookie
Stores information about the language selected by the site user.
REGID: 180 days, cookie
Stores information about the site user's region.
CURRID: 180 days, cookie
Stores information about the currency of the site selected by the user.
__IAIABT__: 30 days, cookie
It stores the A/B test identifier, for the purpose of testing and improving shop functionality.
__IAIABTSHOP__: 30 days, cookie
It stores the identifier of the shop participating in the A/B test.
__IAIABTVARIANT__: 30 days, cookie
Stores the identifier of the variant drawn as part of the ongoing A/B test.
toplayerwidgetcounter[]: cookie
Stores the number of times a pop up message has been displayed.
samedayZipcode: 90 days, cookie
Stores information about the site user's postcode, which is required to offer courier delivery on the SameDay service.
applePayAvailability: 30 days, cookie
Stores information about whether an ApplePay payment method is available for the user.
paypalMerchant: 1 days, cookie
PayPal account ID.
toplayerNextShowTime_: cookie
Stores information about the time at which the next pop up message is to be displayed. 
rabateCode_clicked: 1 days, cookie
Stores information about the closure of the active discount bar.
freeeshipping_clicked: 1 days, cookie
Stores information about the closing of the free delivery bar.
redirection: cookie
Stores information on the closure of the pop-up message indicating the suggested language for the shop.
filterHidden: 365 days, cookie
When the option to collapse the filter for goods is clicked, it saves which filter is to be collapsed when the goods list is refreshed.
toplayerwidgetcounterclosedX_: cookie
It stores information about closing the pop-up message.
cpa_currency: 60 minutes, cookie
Includes currency information for CPA / CPS programmes in which the site participates.
basket_products_count: cookie
Stores information on the number of products in the basket.
wishes_products_count: cookie
Stores information on the number of products in the favorites list.
remembered_mfa: 365 days, cookie
Stores remembered user information for multi-factor authentication (MFA)
HOMELANDID: 180 days, cookie
Stores information about the visitor's country.
IAI S.A.
iai_accounts_toplayer: 30 days, cookie
Ensures the correct display of the pop up message informing about the IdoAccounts login service (https://www.idosell.com/en/idoaccounts-is-a-system-that-facilitates-the-process-of-logging-in-to-many-stores-with-one-account-and-placing-orders-in-online-stores/).
IdoSell
platform_id: cookie
Stores information about whether the page is displayed in the mobile app.
paypalAvailability_: 1 days, cookie
Stores information on whether a PayPal payment method is available for the user.
ck_cook: 3 days, cookie
Stores information about whether the user of the website has consented to cookies.
IdoAccounts
accounts_terms: 365 days, cookie
Stores information on whether the user has accepted consent to use the IdoAccounts service.
express_checkout_login: 365 days, cookie
CookieNameExpressCheckoutLogin
NID: 180 days, cookie
These cookies (NID, ENID) are used to remember your preferences and other information, such as your preferred language, how many results you prefer to have shown on a search results page (for example, 10 or 20), and whether you want to have Google’s SafeSearch filter turned on. This cookie is also required to offer the Google Pay payment service.
Google reCAPTCHA
_GRECAPTCHA: 1095 days, cookie
This cookie is set by Google reCAPTCHA, which protects our site against spam enquiries on contact forms.
PayPal
ts: cookie
This cookie is generally provided by PayPal and supports payment services on the website.
ts_c: 1095 days, cookie
This cookie is generally provided by PayPal and is used to prevent fraud.
x-pp-s: cookie
This cookie is generally provided by PayPal and supports payment services on the website.
enforce_policy: 365 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.
tsrce: 3 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.
l7_az: 60 minutes, cookie
This cookie is necessary for the PayPal login-function on the website.
LANG: 1 days, cookie
This cookie is generally provided by PayPal and supports payment services on the website.
nsid: cookie
Used in the context of transactions on the Website. The cookie is required for secure transactions.
Analytics cookies
IAI S.A.
__IAI_AC2: 45 days, cookie
Activity Tracking identifier to collect the history of pre-order sources as well as the source through which the order was placed according to the last click attribution model.
Google Maps
SID: 3650 days, cookie
Contain digitally signed and encrypted records of a user’s Google Account ID and most recent sign-in time. The combination of these cookies (SID, HSID) allows Google to block many types of attack, such as attempts to steal the content of forms submitted in Google services.
Advertising cookies
Meta (Facebook)
fbsr_: cookie
Contains the signed request for the Facebook App user.
fbss_: 365 days, cookie
Shared session Facebook.
fbs_: 30 minutes, cookie
Facebook session.
Meta Pixel: 999 days, tracking pixel
The Meta Pixel is a piece of code that allows you to measure the effectiveness of your advertising by understanding the actions taken by users of the site and allows you to make sure that your shop ads are shown to the right people.
_fbp: 90 days, cookie
Cookie used for user profiling and to match advertising to user profile as accurately as possible.
fr: 90 days, cookie
Cookie used for user profiling and to match advertising to user profile as accurately as possible.
_fbc: 730 days, cookie
Store last visit.
tr: cookie
Cookie used for user profiling and to match advertising to user profile as accurately as possible.
sb: 402 days, cookie
This cookie helps identify and apply additional security measures in case someone tries to access your Facebook account without authorization, for example by entering random passwords. It is also used to record information that will allow Facebook to recover a user's account if they forget their password, or to provide additional authentication if it suspects someone has hacked into their account. This includes, for example, \"sb\" and \"dbln\" cookies, which can securely identify a user's browser.
usida: cookie
Collects a combination of the user’s browser and unique identifier, used to tailor advertising to users.
wd: 9 days, cookie
This cookie helps direct traffic between servers and analyze how fast Meta Products load on different users. Thanks to cookies, Meta can also record the aspect ratio and dimensions of a user's screen and windows, and know whether the user has high contrast mode enabled, so it can present its sites and applications correctly. It can, for example, use \"dpr\" and \"wd\" cookies, among others, to provide the user with optimal device screen parameters.
locale: 9 days, cookie
This cookie contains the display locale of the last logged in user on this browser.
datr: 7 days, cookie
The purpose of the datr cookie is to identify the web browser being used to connect to Facebook independent of the logged in user. This cookie plays a key role in Facebook's security and site integrity features.
molanspa.pl
RSSID: 180 days, cookie
IdoSell RS user ID, used for the purpose of displaying tailored product recommendations on the website.
__IAIRSUSER__: 60 minutes, cookie
IdoSell RS user ID, used for the purpose of displaying tailored product recommendations on the website.
Wirtualna Polska Media S.A.
WPH Pixel: tracking pixel
A user identifier that is used to measure the actions taken by users visiting the site and to increase the effectiveness of ads on the WP Advertising Network (e.g. Allani, Homebook and Domodi).
__wph_a.accessed: 999 days, cookie
Facilitates payment of referral commission fees to ad partners when the user makes a purchase.
__wph_a.key: 999 days, cookie
Facilitates payment of referral commission fees to ad partners when the user makes a purchase.
__wph_a.ts: 999 days, cookie
Facilitates payment of referral commission fees to ad partners when the user makes a purchase.
__wph_st.accessed: 999 days, cookie
Facilitates payment of referral commission fees to ad partners when the user makes a purchase.
__wph_st.key: 999 days, cookie
Facilitates payment of referral commission fees to ad partners when the user makes a purchase.
__wph_st.ts: 999 days, cookie
Facilitates payment of referral commission fees to ad partners when the user makes a purchase.
statid: 1095 days, cookie
Sets a unique ID for the visitor, that allows third-party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third-party advertisement hubs, which facilitates real-time bidding for advertisers.
- The cookies are used for the following purposes:
- creating statistics that help to understand how Customers/Users of the Online Shop use the websites, which allows to improve their structure and content;
- maintaining the Customer/User session (after logging in), thanks to which the Customer/User does not have to re-enter the login and password on each subpage of the Online Shop;
- defining the Customer's profile in purpose to display product recommendations and matching materials in advertising networks, in particular the Google network.
 
- Software for web browsing (web browser) usually by default allows for storing cookies in the User's final device. Customers/Users may change their settings in this area. The web browser allows to remove cookies. It is also possible to automatically block cookie files.
- Restrictions on the use of cookies may affect some of the functionalities available on the Online Shop's websites.
- Cookie files placed in the Customer’s/User's final device and may also be used by Online Shop’s advertisers and partners, cooperating with the Online Shop.
- Cookies may be used by the Google network to display advertisements tailored to the way the Customer/User uses the Online Shop. For this purpose, they can store information about the user's navigation path or time spent on a given page: https://policies.google.com/technologies/partner-sites.
- We recommend that Customer/User should read these companies' privacy policies in purpose to understand the cookies’ usage in the statistics: Privacy Policy - Google Analytics.
- In terms of information on the Customer’s/ User's preferences collected by the Google's advertising network, the Customer/User can view and edit the information resulting from cookies using the tool: https://www.google.com/ads/preferences/
- On the website of the OnlineShop there are plug-ins, which can transfer the data of Customers/Users to the data collectors, such as e.g: .
- In purpose to correctly perform the Distance Selling Agreement, the data controller may make the Customer/User data available to courier entities. The currently available delivery methods in the Online Shop are: https://molanspa.pl/en/delivery.html.
- In purpose to correctly perform the Distance Selling Agreement, the data controller may make the Customer/User data available to Internet payment systems. The currently available methods of payment in the form of prepayment in the Online Shop are: https://molanspa.pl/en/payments.html.
- More information on terms and conditions and privacy can also be found on Google's Privacy and Terms page.
11. Newsletter
- The Customer/User may give his/her consent to receive commercial information electronically by ticking the appropriate option in the registration form or at later date in the appropriate tab. In the case of such consent, the Customer/User shall receive information (Newsletter) of the Online Shop as well as other commercial information sent by the Seller to the Customer’s/User’s email address.
- The Customer/User may unsubscribe from the Newsletter at any time by unchecking the appropriate box on his/her Account page or by going to the form https://molanspa.pl/en/newsletter.html, clicking the appropriate link in the content of each Newsletter or through the Customer Service Office.
12. Account
- The Customer/User may not place in the Online Shop or provide the Seller with content, including opinions and other data of an illegal nature.
- The Customer/User gets access to the Account after registration.
- When registering, the Customer/User provides the account type or gender, name, surname, company name, NIP number, data for issuing a sales document, shipping data, e-mail address and choose a password. The Customer/User assures that the data provided by him/her in the registration form are correct. Registration requires that Customer/User read the Regulations carefully and mark on the registration form that he/she has read the Regulations and fully accepts all provisions.
- At the moment of granting the Customer/User access to the Account, an agreement for the provision of services by electronic means is concluded between the Seller and the Customer/User for an indefinite period of time. The Consumer may withdraw from this agreement on the terms specified in the Regulations.
- Registration of an Account on one of the websites of the Online Shop means at the same time registration allowing access to the other websites where the Online Shop is available.
- The Customer/User may terminate the agreement for the provision of services by electronic means at any time with immediate effect, informing the Seller about it by e-mail or in writing to the address of the data controller given in section 1 point 2 this Policy.
- The Seller has the right to terminate the agreement for the provision of services concerning the Account in the event of: cessation or transfer of the Online Shop service to a third party, violation by the Customer/User of the law or provisions of the Regulations, as well as in the event of inactivity of the Customer/User for a period of 6 months. The agreement is terminated with seven days’ notice. The Seller may stipulate that re-registration of the Account shall require the Seller's permission.
