I. GENERAL PROVISIONS

Definitions

For the purposes of this Privacy Policy, the following definitions shall apply:

Administrator – BaldBold.pl Szymański Marcin, with its registered office in Września, ul. Słowackiego 27, NIP: 7891654757, e-mail: kontakt@baldbold.pl
Personal Data – any information relating to an identified or identifiable natural person
User – any natural person using the services of the Administrator
Service – the website operated by the Administrator at https://baldbold.eu and other platforms where the Administrator advertises

Legal Basis

This Privacy Policy has been prepared in accordance with:

Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR)
The Personal Data Protection Act of May 10, 2018
The Electronic Communications Law of July 12, 2024
The Civil Code

II. PERSONAL DATA ADMINISTRATOR

Administrator’s Data

The Administrator of your personal data is the Administrator.

III. PURPOSES AND LEGAL BASES OF DATA PROCESSING

Broadest Scope of Collected Data

The Administrator may collect and process the following categories of personal data:

a) Basic data:

first and last name, nickname, username
residential address, correspondence address, delivery address
phone number, e-mail address, other contact details
date of birth, age, gender
PESEL number, ID card number, passport number
photo, image, voice recordings

b) Demographic and socio-economic data:

education, occupation, place of work
marital status, family composition
interests, hobbies, preferences

c) Behavioral and technical data:

history of activity on the website
IP address, location data
device and browser information
purchase and transaction history
shopping preferences, wish lists
cookies, beacons, advertising identifiers

Purposes of Data Processing

The Administrator processes personal data for the following purposes:

a) Provision of services and contracts (Art. 6(1)(b) GDPR):

performance of the concluded contract
communication with clients
handling complaints and returns
accounting and bookkeeping

b) Direct marketing (Art. 6(1)(a) and (f) GDPR):

sending commercial offers by e-mail
conducting telephone marketing
sending SMS and MMS messages
using automated calling systems
remarketing and retargeting
social media marketing
creation of marketing profiles

c) Analytics and research (Art. 6(1)(f) GDPR):

analysis of user behavior
market and opinion research
customer segmentation
campaign effectiveness analysis

d) Legitimate interests of the Administrator (Art. 6(1)(f) GDPR):

ensuring IT security
debt collection
pursuing claims
protection against fraud

IV. MARKETING CONSENTS – BROADEST SCOPE

By accepting this Privacy Policy, the User grants the Administrator the following consents:

Consent to process all categories of personal data
I give voluntary, informed, and explicit consent for the Administrator to process all my personal data, including sensitive data, for the purposes specified in this Policy.
Consent to direct marketing – all communication channels
I consent to receiving commercial and marketing information from the Administrator via:

e-mail
SMS and MMS messages
telephone calls
automated calling systems
mobile apps and push notifications
internet messengers
social media

Consent to profiling and automated decision-making
I consent to:

profiling of my behaviors and preferences
automated decision-making affecting my rights
creation of consumer profiles
predictive analytics

Consent to data sharing with third parties
I consent to sharing my personal data with the following categories of entities:

Administrator’s business partners
marketing service providers
credit information bureaus
advertising platforms and social media
market research companies
debt collection agencies
IT and analytics service providers
all other entities cooperating with the Administrator

Consent to international data transfer
I consent to the transfer of my personal data:

to countries outside the European Economic Area
to the USA, the UK, and other third countries
to international technology platforms
within cloud and hosting services

V. DATA RETENTION PERIODS

The Administrator stores personal data for the following periods:

Contractual data – for the duration of the contract and for 6 years after its termination (limitation of claims)
Marketing data – up to 10 years from the last contact or until consent is withdrawn
Accounting data – for 5 years in accordance with the Accounting Act
Legitimate interest data – up to 3 years from collection
Sensitive data – maximum 5 years or until consent is withdrawn
System logs – up to 12 months
Cookies – in accordance with the cookies policy

VI. USER RIGHTS

The User has the following rights:

Right of access (Art. 15 GDPR) – to information about processed data
Right to rectification (Art. 16 GDPR) – to correct inaccurate data
Right to erasure (Art. 17 GDPR) – “right to be forgotten”
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR) – against processing for marketing purposes
Right to withdraw consent (Art. 7(3) GDPR)
Right to lodge a complaint with the President of the Polish DPA (UODO)

To exercise these rights, please contact the Administrator:

E-mail: kontakt@baldbold.pl
Correspondence address: Słowackiego 27/8, Września, 62-300

The Administrator will respond within one month of receiving the request.

VII. DATA SHARING WITH THIRD PARTIES

Categories of Data Recipients

The Administrator may share personal data with the following categories of entities:

a) Entities providing services to the Administrator:

IT and hosting providers
courier and logistics companies
payment operators
accounting offices
law firms
audit companies

b) Business partners:

distributors and resellers
partner networks
e-commerce platforms
offer aggregators

c) Marketing entities:

advertising agencies
data brokers
social media platforms
analytics tool providers
research companies

d) Financial entities:

credit information bureaus
debt collection agencies
credit institutions
insurers

International Data Transfer

The Administrator may transfer personal data outside the European Economic Area:

to the USA based on new adequacy frameworks
to the UK based on adequacy decision
to other countries based on standard contractual clauses
within cloud platforms (Google, Microsoft, Amazon)

VIII. DATA SECURITY

The Administrator applies appropriate technical and organizational measures:

Technical safeguards:

data encryption (SSL/TLS)
firewalls and antivirus systems
backups
access control
system monitoring

Organizational safeguards:

employee training
confidentiality agreements
security procedures
regular audits

IX. COOKIES AND TRACKING TECHNOLOGIES

Types of cookies used:

essential cookies
functional cookies
analytical cookies
marketing cookies
social media cookies

Purposes of use:

ensuring service functionality
analyzing traffic and user behavior
content personalization
remarketing and retargeting
optimizing advertising campaigns

Cookies management:
The User may manage cookie settings in their web browser.

X. CHANGES TO THE PRIVACY POLICY

The Administrator reserves the right to make changes to this Privacy Policy. Users will be informed of any changes through:

publication of the new version on the website
sending information to the e-mail address
notification upon login

XI. CONTACT

For matters related to data protection, you may contact the Administrator.

XII. FINAL PROVISIONS

Acceptance of the Policy

By using the Administrator’s services, the User confirms that they:

have read this Privacy Policy
understand its content and consequences
give all consents specified in section IV
accept the conditions of personal data processing

Governing Law

Matters related to personal data processing shall be governed by Polish law and the law of the European Union.

Jurisdiction

Any disputes shall be resolved by Polish courts competent for the registered office of the Administrator.

Privacy Policy