I. GENERAL PROVISIONS
1. This Privacy Policy sets out the principles for the processing and protection of personal data of Customers of the Website available at www.gomabox.com.pl
2. Terms not defined in this Privacy Policy have the meanings given to them in the Website Terms and Conditions.
3. Personal data means information about a natural person to whom the data relates, identified or identifiable, i.e., one who can be identified directly or indirectly, in particular based on an identifier (feature) such as: name and surname, location data, online identifier, identification number, or one or more specific factors determining the physical, mental, economic, physiological, genetic, cultural, or social identity of that natural person. 4. Processing means any operation or set of operations performed on personal data or sets of personal data by non-automated or automated means, such as collection, storage, recording, organization, structuring, adaptation or retrieval, consultation, modification, use, disclosure, making available, matching or combining, erasure or destruction.
5. Customers' personal data are processed in accordance with applicable regulations, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as the "GDPR") and the Personal Data Protection Act of 10 May 2018. 6. To ensure the security of Customers' personal data, the controller applies appropriate technical and organizational measures to secure the processing of personal data.
II. DATA CONTROLLER
1. Subject to point 2.2., the controller of Customers' personal data is GoMa Mariusz Markut, with its registered office in Stalowa Wola, ul. Kazimierza Mireckiego 13, 37-450 Stalowa Wola, entered into the Central Register of Business Activity and Information under No. 601/1999, REGON number: 690573141, NIP number: 865 001 04 15 (hereinafter "GoMa"). Contact GoMa in writing to the address indicated in the first sentence or by email at goma@goma.com.pl.
III. PURPOSE OF PROCESSING CUSTOMER PERSONAL DATA
1. Customers' personal data are or may be processed:
a/ for the purpose of concluding and performing a contract to which the Customer is a party, or to take action at the Customer's request prior to concluding a contract (Article 6, paragraph 1, letter b of the GDPR);
b/ for the purpose of handling a matter described by the Customer in the electronic form available on the Website – in this case, data processing by GoMa is necessary for the conclusion and performance of a contract for the provision of services by electronic means (Article 6, paragraph 1, letter b of the GDPR), and is also based on GoMa's legitimate interest (Article 6, paragraph 1, letter f of the GDPR) in supporting sales; c/ for the provision of electronic services by enabling Customers to view, reproduce, and read information and materials made available on the Website – data processing by GoMa is necessary for the performance of the contract to which the Customer is a party (Article 6, Section 1, Letter b of the GDPR);
d/ for the purposes of pursuing GoMa's legitimate interests related to the operation of the Website, including analyzing Customers' use of the website www.gomabox.com.pl and ensuring the security and reliability of the services provided on the Website (Article 6, Section 1, Letter f of the GDPR);
e/ for the purposes of pursuing GoMa's legitimate interests, which may include, among others, the establishment, pursuit, and defense of legal claims, the prevention and investigation of crimes, business management and further development, including risk management (Article 6, Section 1, Letter f of the GDPR); f/ for GoMa's direct marketing purposes, including the selection of Goods and services to meet Customer needs (including profiling) based on cookies and other similar technologies referred to in point 10 – data processing by GoMa is based on GoMa's legitimate interest (Article 6, paragraph 1, letter f of the GDPR);
g) for GoMa's marketing purposes, resulting from the consent granted by the Customer (Article 6, paragraph 1, letter a of the GDPR);
g/ to ensure compliance with legal obligations imposed on GoMa (in particular those arising from the provisions of the Accounting Act and tax regulations), when processing is necessary to fulfill a legal obligation to which the controller is subject (Article 6, paragraph 1, letter c of the GDPR). 2. Providing personal data on the Website is voluntary, but may be necessary to perform one or more services and personal data processing purposes specified in section 3.1 above, which GoMa will not be able to perform if personal data is not provided. 3. Customer personal data, collected through direct contact with the Customer
IV. SCOPE OF PROCESSING CUSTOMER PERSONAL DATA
1. The scope of Customer personal data processed by GoMa includes:
a/ Customer data voluntarily provided by the Customer using electronic forms available on the Website: first name, last name, email address, telephone number, company name;
b/ Customer data obtained by GoMa through the use of cookies and other similar technologies (see section 8);
2. Due to the fact that the services offered on the Website are intended for adults, the Controller does not knowingly process the personal data of children using the services offered on the Website.
V. CUSTOMER RIGHTS AND OBLIGATIONS
1. If the processing of personal data is based on the Client's consent, such consent is voluntary and may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal. A declaration of withdrawal of consent should be submitted via email to GoMa at goma@goma.com.pl.
2. The Client has the right to access and rectify (amend) their data at any time.
3. The Client also has the following rights:
a/ to delete their personal data;
b/ to restrict the processing of their personal data;
c/ to access and rectify (amend) their data;
d/ to receive a copy of their data or to transfer it, provided that this right does not adversely affect the rights and freedoms of others (including trade secrets or intellectual property rights) and will be implemented to the extent technically feasible. e/ to object to the processing of their personal data when the processing is based on the legitimate interest of the data controller or a third party.
4. The Controller will exercise the Client's rights, subject to the exceptions specified in the provisions of the GDPR.
6. To exercise the rights specified in sections 5.1 and 5.2, please send an email to the Controller's address: goma@goma.com.pl
7. The Client has the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office – if they believe that the processing of their data violates the provisions of the GDPR.
8. The Client is obligated to immediately report any incidents that have or may have an impact on the security of personal data on the Website (including suspected sharing of files containing viruses and other files of a similar nature or other than files with destructive mechanisms) to GoMa at: goma@goma.com.pl
VI. CUSTOMER PERSONAL DATA PROCESSING PERIOD
1. The Controller processes the Customer's personal data in the manner and for the period necessary to achieve the purposes for which the data was collected.
2. In the case of data processing:
a/ for the conclusion and performance of a contract (including a Sales Agreement) – the Customer's data will be processed for the duration of the contract;
b/ based on the Customer's consent – the Customer's data will be processed until the consent is withdrawn;
c/ to ensure compliance with legal obligations imposed on GoMa – the Customer's data will be processed for the period required by law;
d/ for GoMa's direct marketing purposes, including the selection of Goods and services to meet Customer needs (profiling) – the Customer's data will be processed until the Customer objects;
e/ for the purposes of pursuing other legitimate interests of the Controller – the data will be processed until the Customer's objection is upheld or the limitation period for claims expires. 3. After the processing period expires, the data is deleted or anonymized.
VII. ENTITIES WITH WHOM CUSTOMER PERSONAL DATA ARE SHARED
1. The Controller shares Customer personal data if it has a legal basis to do so, in particular when it is necessary to perform the services provided to Customers.
2. Customer personal data may also be shared at the request of public authorities or other entities authorized to access it under legal provisions, in particular when it is necessary to ensure the security of GoMa systems.
3. Recipients of Customer personal data may include, in particular:
3.1. entities whose services the Controller uses to deliver Goods and services to Customers, in particular:
3.2. at the courier upon delivery of goods (cash on delivery).
a/ entities providing services or making IT systems available to the Controller;
b/ entrepreneurs providing services related to the delivery and maintenance of software used to operate the Website; c/ payment system operators;
d/ entities providing postal and courier services;
e/ law firms and consulting firms with which the controller cooperates;
3.3 GoMa's trusted marketing partners:
a/ Google LLC in connection with the use of Google Analytics;
VIII. COOKIES AND OTHER TECHNOLOGIES
1. As is common practice with most websites, when using the Website, the Customer's personal data may be collected automatically in the Website's system logs, through cookies, and the Google Analytics system.
2. Cookies are files saved on the Customer's end device, used to identify Customers and provide the administrator with statistical information about Customer traffic, Customer activity, and how the Website is used. They allow, among other things, to tailor the content and services on the Website to Customer preferences.
3. The Website uses session cookies, which are deleted upon closing the browser window, as well as persistent cookies, which are saved for a specified period (specified in the cookie parameters or until deleted by the Customer) on the end devices through which the Customer uses the Website. 4. GoMa uses the following types of cookies:
a/ necessary to use the services, e.g., for services requiring authentication;
b/ used to ensure security;
c/ enabling the collection of information about how the services are used;
d/ enabling the recording of settings selected by the Customer and personalization of the Customer interface;
e/ enabling the delivery of content to Customers that is more tailored to their preferences and interests.
5. GoMa legally processes data regarding the number (including IP) and type of the Customer's end device, as well as the time of the Customer's connection to the Website, and other operational data regarding the Customer's activity on the Website, including their preferences. The described data is processed for technical purposes to adapt the Website to Customers' needs and to collect general statistical information regarding the operation of the Website, as well as for the personalization of content provided to Customers. 6. The Customer may independently and at any time change cookie settings, specifying the conditions for their storage and access by cookies to the Customer's device, using the web browser settings. These settings can be changed, in particular, to block the automatic handling of cookies in the web browser settings or to notify the Customer each time cookies are placed on the Customer's device.
7. The Customer may delete cookies at any time using the available functions in the web browser they use. However, GoMa reserves the right to limit some of the functionalities available on the Website.
8. GoMa also uses Google Analytics, a web analytics system that provides insight into the movement of personal data and user location data, used to create statistics and reports on the operation of the Website, as well as to personalize the content of displayed advertisements. Detailed data processing rules by Google LLC and the cookie opt-out policy are available at: www.google.com/policies/privacy/partners/.
9. Customer activity on the Website, including their personal data, is recorded in system logs (log files used to store a chronological record of events and activities related to the IT system used to provide services by GoMa). The information collected in logs is processed primarily for purposes related to the provision of services. GoMa also processes it for technical and administrative purposes, to ensure the security of the IT system and to manage it, as well as for analytical and statistical purposes – in this respect, the legal basis for processing is the legitimate interest of the controller (Article 6, Section 1, Letter f of the GDPR).
IX. FINAL PROVISIONS
1. This Privacy Policy is reviewed on an ongoing basis and updated as necessary to reflect any changes in the way personal data is processed. GoMa may also make changes as required by applicable laws or regulations. Information about any changes will be posted on the website www.gomabox.com.pl.
2. The current version is available on the Website at www.gomabox.com.pl/polityka-prywatnosci
3. This Privacy Policy is effective as of October 8, 2025.