Privacy Policy

Dear User!
We care about your privacy and want you to feel comfortable while using our services. We present to you the most important information about the principles of processing your personal data and about the cookies used by our application. This policy has been prepared in consideration of the GDPR.

Personal Data Administrator

The administrator of personal data for responsible for ensuring the safety of your personal data is: Suprematic Aleksandra Brzozowska-Nowak (hereinafter referred to as PDA) located at ul. Stołeczna 46 05-074 Józefin NIP: 8222365841 REGON: 369315829.

Personal Data Protection System

PDA has implemented technical and organizational measures ensuring the protection of processed data in accordance with the requirements specified in the applicable personal data protection regulations. In particular the following were taken into account: the regulation of the Minister of Internal Affairs and Administration of April 29 2004 on the documentation of personal data processing and the technical and organizational conditions that should be met by devices and computer systems used for personal data processing (Journal of Laws No. 100 item 1024); guidelines of the General Inspector for Personal Data Protection; Regulation of the European Parliament and the Council (EU) 2016/679 of April 27 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.

Type of Data Processed

In connection with the provision of electronic services in the application, the following personal data are processed: e-mail address, first and last name, business name, telephone number, position, computer IP address, browser type, operating system type.

Purpose and Legal Basis for Data Processing

The purpose and basis for processing personal data by PDA is the provision of electronic services within the application, including making available the functionalities of the application and ensuring IT security. The legal basis for processing is the necessity of processing to perform the contract (Article 6(1)(b) of the GDPR).

Data Recipients

Your personal data may be processed by entities processing data at the request of the administrator: IT service providers, marketing agencies, etc. These entities process data on the basis of a contract with the administrator and only in accordance with the administrator's instructions.

Data Protection Rights

According to GDPR, you have the right to access your data, rectify it, delete it, limit processing, the right to transfer data, the right to object, the right to withdraw consent to processing at any time without affecting the legality of the processing, which was made on the basis of consent before its withdrawal.

Cookies and Similar Technologies

The application uses cookies. These are small text files sent by a web server and stored by the browser's computer software. When the browser reconnects with the site, the site recognizes the type of device from which the user connects. Parameters allow the information contained in them to be read only by the server that created them. Therefore, cookies facilitate the use of previously visited websites.

The most important elements of the applied personal data protection system include:

  • An SSL certificate that guarantees the communication between your computer and is encrypted with a 256-bit key.
  • We collect and process only the necessary personal data and for the shortest possible time, and you must give separate consent for any activities not related to the execution of a purchase-sale agreement.
  • Access to your personal data is limited to authorized and trained individuals in the field of personal data protection, ensuring their safety.
  • The IT system of and internal company procedures meet all standards for the protection of personal data.
  • PDA has thus fulfilled all legally prescribed obligations in the field of personal data protection.
ActionPurpose of ProcessingBasis for ProcessingProcessing TimeConsequence of Not Providing Data
Using the Software or Actions Leading to the Use of the SoftwareProviding our services / In case of paid services - fulfilling our legal obligations related to accounting.Service agreement or actions taken at your request, leading to its conclusion (Art. 6(1)(b) GDPR). Including legal obligation related to accounting (Art. 6(1)(c) GDPR).36 months, or for the duration of the contract between us.Inability to use the Software.
Participation in a Satisfaction Survey Regarding Our Services Related to the PlatformAdjusting our services to the needs of Users, and improving the quality of these services.Our legitimate interest in processing your data to conduct satisfaction surveys of our services (Art. 6(1)(f) GDPR).24 months or until we consider your objection to processing* (see explanation below the table).Your opinion on our services not being considered in the further development of them.
Your Consent to Receive Marketing Information Related to the Obvio Platform (Including Software and Our Services)Sending information related to the e-commerce industry (including Software and Our Services), also in the form of a Newsletter.Your consent (Art. 6(1)(a) GDPR).Until you withdraw your consent – remember, you can withdraw your consent at any time. Processing remains lawful until withdrawal.Inability to receive educational and marketing information related to the Obvio Platform, unless you receive it as part of other services we provide.
Initiating Contact by You (e.g., to Ask a Question)Handling your inquiries or reports.Our legitimate interest in processing your data for communication with you (Art. 6(1)(f) GDPR) – if your inquiry or report is not related to a contract (in case of a contract, the first row of the table applies).– 36 months or until we consider your objection to processing* (see explanation below the table) For cookies: – Until the expiry of the cookie's validity (as per the table in this document) or until you delete the cookie*.Inability for us to respond to your inquiry or report.
Your Visit to the Service Website with Settings Allowing Us to Conduct MarketingDisplaying personalized ads (more on this in the "Profiling" and "Cookies" section of the Privacy Policy).Your consent (Art. 6(1)(a) GDPR).Until you withdraw your consent – remember, you can withdraw your consent at any time. Processing remains lawful until withdrawal.Inability to receive product or service suggestions you might be interested in.
Your Visit to the Service Website with Browser Settings Allowing Us to Conduct Analytical ActivitiesAnalyzing how you use and navigate the Service website, to tailor the site to the needs and behavior of Users (more on this in the "Analytical Activities" and "Cookies" section of the Privacy Policy).Our legitimate interest in processing your data for the purpose indicated in the previous column (Art. 6(1)(f) GDPR). Your consent – more information in the "Analytical Activities" and "Cookies" section of the Privacy Policy.Until the expiry of the longest-lasting analytical cookie used (more about cookies in the table in the latter part of the document) or until you delete the mentioned cookie*.Not considering your preferences in using the Service when working on its accessibility and intuitiveness.
Direct Marketing in Connection with the Use of Our ServicesSending traditional mail marketing content.Our legitimate interest in processing your personal data for direct marketing.While we have a legitimate interest or until we consider your objection to processing* (see explanation below the table).Inability to receive product or service suggestions you might be interested in.
Actions That May Lead to Claims Related to the Service or Our ServicesSecuring in case of the need to determine, pursue or defend against claims related to your or ourOur legitimate interest in processing your data in case of the need to determine, pursue or defendUntil the period of limitation of claims expires or until we consider your objection toInability to determine, pursue, or defend claims.
actions (including our cooperation).against claims (Art. 6(1)(f) GDPR).processing* (see explanation below the table).


Within the Platform, we perform profiling - in relation to you, this will take place if your browser settings allow such actions. Profiling involves an automatic assessment of which products or services you may be interested in, using information about the content you view. This way, the advertisements of products or services displayed as part of the online services you use will be more tailored to you and your needs.

The profiling we conduct does not result in decisions that have legal effects on you or similarly significantly affect you.

Analytical Activities

Within the Service, we conduct analytical activities aimed at increasing its intuitiveness and accessibility - in relation to you, this will take place if your browser settings allow such actions. As part of the analysis, we will consider the way you navigate the Service - e.g., how much time you spend on a particular subpage or where you click on the Service. This allows us to adjust the layout and appearance of the Service and the content placed in it to the needs of the Users.

The legal basis for this processing is Art. 6(1)(a) GDPR (Your consent).

In conducting analytical activities, we use services from entities that may transfer your personal data outside the EEA. In such a case, according to Art. 46(2)(c) GDPR, we are bound by contracts with these entities, containing standard contractual clauses adopted by the European Commission.

Google Ads Conversion Tracking

We use Google conversion tracking, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04E5W5, Ireland (“Google”). More information about personal data protection in connection with this service can be found at:

Google Analytics

The Administrator uses Google Analytics, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Dublin, D04E5W5, Ireland (“Google”). Google Analytics processes cookies: text files that are stored on the user's computer and enable analysis of the user's use of the website. The information generated by the cookies about the use of the website can be transferred to a server outside the European Economic Area and stored there. At your request, we can also use Google Analytics to provide services on your behalf, e.g., creating analyses of customer behavior in your store.

More information about Google Analytics can be found here:


In our digital services, we use tracking functions of Meta Platforms Ireland Limited, formerly Facebook Ireland Limited. This technology allows us to determine target groups of Internet users who have shown interest in our Service and products with advertising via Facebook. We do not pass any email addresses of our customers to the company Facebook. Further information on personal data protection on Facebook can be found at:


In the event that personal data, which are not necessary for the execution of a contract or a legal obligation, are transferred to us, e.g., in correspondence with us, such data will be immediately deleted or anonymized and will not be processed. Therefore, please do not transfer to us information and personal data that we do not explicitly request and that are not relevant from the point of view of the execution of a contract or legal obligation.


Your personal data, which are automatically collected after entering Cookies (so-called "cookies") constitute IT data, in particular text files, which are stored in the end device of Client.

Within, two main types of cookies are used: "session" (session cookies) and "persistent" (persistent cookies). "Session" cookies are temporary files stored in the Client's terminal equipment until logging out, leaving the website, or disabling the software (web browser). "Persistent" cookies are stored in the Client's terminal device for the time specified in the cookie parameters or until they are deleted by the Client.

Within, the following types of cookies are used:

  • "Essential" cookies, enabling the use of services available within; cookies used to ensure security, e.g., used to detect fraud in authentication within;
  • "Performance" cookies, enabling the collection of information about how the websites are used;
  • "Functional" cookies, enabling "remembering" the settings selected by the Client and personalizing the interface;

In many cases, the software used to browse websites (web browser) by default allows the storage of cookies.

If you do not agree to place cookies on your device, you can block their placement by appropriately configuring your web browser. Information on how to do this can be found in the help files of your web browser. Unfortunately, in the case of blocking cookies from, we cannot guarantee its proper functioning.

If you agree to the placement of cookies on your device but would like to delete them after visiting, you can do so without risk, and information on how to do this can be found in the help files of your web browser.


As part of the Reseller search function, the Administrator uses Google Maps to display interactive maps. Google Maps is a mapping service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA ("Google").

To provide this service, your browser will connect directly with Google's servers. The Administrator has no influence on the scope of data that Google collects with Google Maps. More information can be found on Google's website:

Nevertheless, we inform you that the information collected by Google is usually transferred to a Google server in the USA and processed there. We use Google Maps in accordance with Art. 6(1)(f) GDPR. Our legitimate interest lies in optimally adapting our services to your requirements. The user can object to the use of Google Maps by setting cookie preferences.

Google AdWords (cookies)

Google AdWords uses "cookies" technology, i.e., text files placed on your device, to enable to evaluate the correctness and effectiveness of the advertising activity using the AdWords network.

Google collects data obtained from placing cookies on devices on its servers and uses this information to create reports and provide other services related to traffic and internet usage. Google may also transfer this information to third parties if required to do so by law or if such persons process this information on behalf of Google.

This data is never combined with the data mentioned in part III and serves only as material for statistical analysis and error correction mechanisms.

Data is processed for 12 months from the last activity, after which the cookie is deleted.

Transferring Your Personal Data

In special situations, where applicable law requires the Personal Data Administrator to transfer the collected data to state authorities, will make such data available.

Except for these situations, your personal data, to the extent permitted by law based on separate entrustment agreements, are transferred to specific entities, exclusively and in connection with the necessity to fulfill the contractual or legal obligation of the Personal Data Administrator. Categories of entities to which data may be transferred include: advertising agencies, banks, accounting offices, IT service providers, courier companies, logistics companies, payment institutions, carriers.

In the case of such a transfer, the Personal Data Administrator concludes appropriate entrustment agreements with these entities, guaranteeing the highest standard of protection and confidentiality and security of personal data, and their use only for the purpose of fulfilling the contractual or legal obligation of the Personal Data Administrator.

Transferring Personal Data to Countries outside the European Union

Your personal data will also be processed by entities outside the European Union, particularly by entities from the USA. In such a case, personal data will be transferred outside the European Economic Area, in particular to the USA – in cases marked with an asterisk in the above table. The appropriate level of protection of your data, including through the use of appropriate safeguards, is ensured by the Administrator's application, in cooperation with these entities, of standard data protection clauses referred to in Art. 46(2)(c) GDPR, adopted by the European Commission. In addition, some entities declare the transfer of data outside the EEA based on Art. 45 GDPR (decision establishing an adequate level of protection) or Art. 46(2)(b) GDPR (binding corporate rules).

Change of Privacy Policy reserves the right to change the privacy policy if required by applicable law, if the technological conditions of operation change, or if the change introduces a standard higher than the minimum required by law. will notify of such a change electronically (to the email provided at registration).

The current text of the privacy policy will always be available at

Your Rights

In accordance with applicable regulations regarding your personal data, you have the right to:

  • refuse or limit the processing of personal data,
  • object to the processing of personal data,
  • access personal data,
  • rectify or delete personal data,
  • transfer personal data,
  • withdraw consent to the processing of personal data,
  • lodge a complaint with the supervisory authority - the President of the Personal Data Protection Office.

These rights are inalienable and cannot be restricted. We are always happy to assist and provide information, and some of the above rights you can exercise yourself.