1. The controller of the personal data of the Service Recipients is "TOYA" S.A. with its registered office in Wrocław at 13-15 Sołtysowicka Street, 51-168 Wrocław, entered into the Register of Entrepreneurs kept by the District Court for Wrocław-Fabryczna in Wrocław, 6th Commercial Division of the National Court Register, under KRS number 0000066712, with a share capital of PLN 7,504,222.60 fully paid up, with NIP number: 8951686107, REGON: 932093253 ("TOYA").
   
   
2. The processing of personal data takes place on the principles set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Journal of Laws of the European Union Of 2016 No. 119 page 1) ("GDPR"), the Act of 10 May 2018 on the protection of personal data (Journal Of Laws of 2019, item 1781, as amended) and the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2020 item 344 as amended).
   
   
3. According to Article 6 section 1 letter a of the GDPR, personal data of the Service Recipient in the case of services referred to in Chapter 2 of the Regulations for the provision of electronic services in "TOYA" S.A., section 1 letters a and b will be processed on the basis of the consent of the Service Recipient in order to send commercial information to the email address provided by the Service Recipient and contact with the Service Recipient regarding the goods and services offered by the Service Provider.
   
   
4. According to Article 6 section 1 letter a of the GDPR, personal data of the Service Recipient in the case of services referred to in Chapter 2 of the Regulations for the provision of electronic services in "TOYA" S.A., section 1 letters c-f, will be processed in order to provide electronic services aimed at enabling the conclusion of contracts for the sale of goods offered by the Service Provider and submitting complaints by the Service Recipient, as well as in order to defend against possible legal claims of the Service Recipient for the provision of electronic services.
   
   
5. According to Article 6 section 1 letter a of the GDPR, personal data of the Service Recipient in the case of services referred to in Chapter 2 of the Regulations for the provision of electronic services in "TOYA" S.A., section 1 letter g, will be processed:
   
   a) in order to take the steps necessary to conclude the contract (Article 6 section 1 letter b of the GDPR),
   b) to the extent resulting from the provisions of law, in particular the Labour Code – pursuant to Article 6 section 1 letter c of the GDPR, in order to implement the recruitment process,
   c) in the event that the Candidate shares data other than those required by law, including information on interests and sports – on the basis of his consent, in order to carry out the recruitment process (Article 6 section 1 letter a of the GDPR, and in the case of providing data of a special category, also Article 9 section 2 letter a of the GDPR).
   
   
6. Personal data gathered by the Service Provider may be shared with:
   
   a) entities from the TOYA capital group, institutions legally authorized to receive data under the relevant provisions of law, as well as entities processing data on behalf of TOYA and their authorized employees, where such entities process data on the basis of a contract with TOYA and only in accordance with instructions and confidentiality. The group of entities performing tasks on behalf of and for TOYA includes, among others, entities   providing services to the extent necessary to provide technical facilities for the implementation of services, such as IT and service providers, legal service providers, audit entities. TOYA shall exercise due diligence in the transmission of the data, using measures and safeguards which prevent unauthorised persons from gaining access to the data;

    b) other persons and entities – in cases provided for by law.

7. The Service Provider provides appropriate technical and organizational measures ensuring the security of personal data provided by the Service Recipients, in particular preventing access to them by third parties or their processing in violation of the law, preventing the loss of data, their damage or destruction.
   
   
8. The Service Recipient's data will be processed:
   
   a) in the case of the service referred to in Chapter Two of the Regulations for the provision of electronic services in "TOYA" S.A., section 1 letter a – until the cessation of direct marketing activities in the form of sending commercial information about the products offered by the Service Provider;
   b) in the case of the service referred to in Chapter Two of the Regulations for the provision of electronic services in "TOYA" S.A., section 1 letter b – until the end of the contact in the case reported in the contact form;
   c) in the case of services referred to in Chapter Two of the Regulations for the provision of electronic services in "TOYA" S.A., section 1 letters c-f – for the period of existence of an account as part of services or limitation of claims resulting from the concluded contract;
   d) in the case of the service referred to in Chapter Two of the Regulations for the provision of electronic services in "TOYA" S.A., section 1 letter g – until:
   1) completion of the recruitment process and for a period of 3 months after its completion, understood as signing a contract with one of the candidates;
   2) withdrawal of consent, to the extent that the application documents contain personal data going beyond art. 22¹ of the Polish Labour Code.
   
   
9. Providing personal data by the Service Recipient is voluntary, however, it is necessary in order for the Service Provider to provide services electronically. The Service Recipient has the right to access the content of its data, rectify it, delete it, limit its processing and to transfer data.
   
   
10. The Purchaser has the right to lodge a complaint to the Head of the Office for Personal Data Protection, if he considers that the processing of personal data regarding the Purchaser violates the provisions of the GDPR.
    
    
11. In order to exercise the above rights, please contact the data administrator, i.e. "TOYA" S.A., 13-15 Sołtysowicka Street, 51-168 Wrocław, tel. +48 71 3246200, and the Data Protection Inspector; contact details: iod@yato.pl, tel. +48 71 3246200.
    
    
12. Upon the termination of the Service Recipient's use of the services provided by the Service Provider, as a result of termination, refusal to accept amendments to the Regulations, the Service Recipient's personal data may be processed to the extent necessary to achieve the following purposes:
    
    a) claiming liability in connection with the Service Recipient's violation of the provisions of law and the Regulations for the provision of electronic services in "TOYA" S.A.,
    b) determining whether the use of the services by the Service Recipient was in accordance with the regulations and legal provisions.
    
    
13. TOYA uses so-called cookies to track the visits of the Service Recipients on the website and save their preferences, e.g. language, as well as to adapt the services/goods offered to their needs. The above files are used to develop general statistics on the use of the website by the Service Recipients. These files will be stored until they become obsolete or no longer useful. Cookies will not be made available to third parties. It is possible to disable cookies in the web browser, which will not prevent the use of the services, however, there may be some difficulties. The TOYA website traffic is monitored by the Google Analytics system, the purpose of which is to collect data on the use of websites and their popularity. This data (e.g. your browser or IP address) will not be shared by TOYA with third parties.
    
    
14. TOYA informs that the TOYA website may contain plugins for social networks, including Facebook, Twitter, LinkedIn, Instagram, etc., as well as recruitment services, e.g. Pracuj.pl. In connection with placing them on the TOYA website, the Service Recipient is obliged to read the privacy policy of these suppliers in order to receive up-to-date information on the protection of personal data.
    
    
15. The data collected during the visits of the Service Recipients on the TOYA website will be processed until it becomes obsolete or loses its usefulness. This applies to data processed for analytical and statistical purposes, including the use of cookies and the administration of TOYA websites.
    
    
16. TOYA reserves the right to supplement and update the Privacy Policy in accordance with the Controller's current needs in order to provide current   and reliable information to Users/Service Recipients.