Order by 12:00 – same-day shipping!
Currency
USD - US Dollar
  • Sign In
  • Create an Account
Toggle Nav
My Cart
Search
Advanced Search
  • Compare Products
Menu
Account
Settings
Currency
USD - US Dollar

Privacy Policy and Cookies

Using the Website www.xpets.pl and the online store under the name xPets signifies your acceptance of the following Privacy Policy and Cookies Policy terms.

As a User, please read its provisions carefully. The table of contents below will help you navigate it. In this policy we inform you how we care for User Data, how we process it, to whom we entrust it, and many other important matters related to Personal Data.

TABLE OF CONTENTS

§1 GENERAL PROVISIONS

  1. This Privacy Policy and Cookies Policy sets forth the rules for processing and protecting the Personal Data provided by Users, as well as cookies and other technologies appearing on the online store under the name and link: Privacy Policy and Cookies.
  2. The Controller of the Website and the Personal Data provided therein is Ofertigo sp. z o. o., with its registered office at Konin 284, 34-735 Niedźwiedź, registered in the National Court Register under the number KRS: 0001059425, NIP: 7372240997, REGON: 52645899600000, with a share capital of 5000 PLN, as confirmed by the current extract from the National Court Register, represented by Patryk Zapała – President of the Management Board.
  3. The Controller processes Personal Data in accordance with the applicable laws, in particular the GDPR and the Act on Personal Data Protection.
  4. The Controller takes special care to ensure respect for the privacy of Users and the protection of their interests, in particular by ensuring that Personal Data collected via the Website are processed solely for designated purposes and are not subjected to further processing inconsistent with those purposes.
  5. User Personal Data are collected and processed solely on appropriate legal grounds, and the scope of the data is dependent on the type of service provided and is kept as limited as possible.
  6. If you have any doubts regarding the provisions of this Privacy Policy and Cookies Policy, please contact the Controller via e-mail at: kontakt@xpets.pl
  7. The Controller reserves the right to make changes to this Privacy Policy and Cookies Policy, and every User is obliged to acquaint themselves with the current version. Reasons for changes may include: the development of internet technology, changes in applicable law, or improvements to the Website through, for example, the use of new tools by the Controller. The publication date of the current Privacy Policy and Cookies Policy is displayed at the bottom of the Website.
  8. Terms used in this Privacy Policy and Cookies Policy that are in uppercase have the meanings assigned to them in §2 of this Privacy Policy.

§2 DEFINITIONS

  1. Controller – Ofertigo sp. z o. o.
  2. User – any entity visiting and using the Website.
  3. Online Store – the online store located at www.xpets.pl.
  4. Personal Data – any information about an identified or identifiable natural person, such as name, identification number, location data, online identifier, or one or more specific factors relating to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  5. Consent – a voluntary, specific, informed, and unambiguous expression of will by which the User, either by a statement or by a clear affirmative action, agrees to the processing of their Personal Data.
  6. User Account – an account created by the User on the online platform of the Online Store that enables access to the history of purchased products in accordance with the Store Regulations, which the User is required to accept during account registration.
  7. Form or Forms – sections on the Website that allow the User to enter Personal Data for specified purposes, for example, to subscribe to a Newsletter, to place an order, or to contact the User.
  8. Store Regulations – the Store Regulations available on the Online Store that specify the rules related to subscribing to the Newsletter and the execution of the Newsletter Service.
  9. Newsletter – a free digital service provided electronically by the Controller to the User through the sending of electronic letters, by means of which the Controller informs about events, services, products, and other matters of importance either from the Controller’s perspective or for the purpose of fulfilling a legally justified purpose of the Controller, namely direct marketing, including the sending of marketing and commercial content with the User’s consent. Detailed information regarding the sending of the Newsletter is provided later in this Privacy Policy and in the Store Regulations.
  10. Service – a set of interconnected IT devices and software that ensures the processing, storage, transmission, and reception of data via telecommunication networks using an appropriate terminal (Internet), including the Website or parts thereof, the Online Store or parts thereof, as well as applications (including mobile applications) and other services provided by the Controller, and the social media channels operated by the Controller within these media.
  11. GDPR – the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which repeals Directive 95/46/EC (General Data Protection Regulation).
  12. DSA – the Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on the single market for digital services and amending Directive 2000/31/EC (Digital Services Act).
  13. Act on Personal Data Protection – the Act of 10 May 2018 on the protection of personal data (Journal of Laws 2019, item 1781, as amended).
  14. Act on Electronic Services – the Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2020, item 344, as amended).
  15. Telecommunications Act – the Act of 16 July 2004 on telecommunications (Journal of Laws 2024, item 34, as amended).
  16. Copyright and Related Rights Act – the Act of 4 February 1994 on copyright and related rights (consolidated version: Journal of Laws 2022, item 2509), hereinafter referred to as the Copyright Act.

§3 PERSONAL DATA AND RULES OF PROCESSING

WHO IS THE DATA CONTROLLER OF THE USER’S PERSONAL DATA?

The Data Controller of the User’s Personal Data is Ofertigo sp. z o. o. The Controller co-manages the data with social media platform providers (such as Facebook, TikTok, etc.) as indicated in this document with respect to the data of individuals using social media, following the Controller’s profile on a given social platform, and interacting with the Controller. The rules for co-management are provided below for each social media platform on which the Controller has a profile.

IS PROVIDING DATA VOLUNTARY? WHAT IS THE CONSEQUENCE OF NOT PROVIDING THEM?

Providing Data is voluntary; however, failure to provide certain information marked as mandatory on the Controller’s pages will generally result in the inability to perform the service or achieve the intended purpose or take certain actions. If the User provides Data that is not mandatory or provides excess data that the Controller does not need to process, such processing is based on the User’s decision and is carried out on the legal basis set forth in Art. 6(1)(a) of the GDPR (consent). The User gives Consent for the processing of these Data and for the anonymization of Data that the Controller neither requires nor wishes to process, even though the User has provided them.

FOR WHAT PURPOSES AND ON WHAT LEGAL GROUNDS DOES THE CONTROLLER PROCESS THE USER’S PERSONAL DATA PROVIDED WHILE USING THE SITE?

The User’s Personal Data on the Controller’s Website may be processed for the following purposes and on the following legal bases:

No. Purpose of Processing Legal Basis for Processing Processing Period
1. To perform the service or execute the concluded contract; to send an offer (e.g., advertising) at the User’s request Art. 6(1)(b) of the GDPR (necessary for the conclusion and/or performance of a contract or to take action at the User’s request) Data are processed for the duration of the contract/the time needed to send the offer and receive the User’s response, and then until the limitation period expires – 2 years or 6 years after contract execution, depending on whether the User is an entrepreneur
2. Issuance of an invoice, receipt, and fulfillment of other obligations under tax law in the case of orders placed in the Online Store or for other products and services Art. 6(1)(c) of the GDPR (legal obligation) Data are processed for 5 years from the end of the tax year in which the tax event occurred
3. Providing discounts or informing about promotions and interesting offers from the Controller or recommended third parties, including sending the Newsletter Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn, then for 2 years in case of withdrawal or 6 months of inactivity by the recipient
4. Storage of unpaid orders Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until they become useless – 14 days from the time the order is placed
5. Handling of complaints or claims related to the contract Art. 6(1)(b) of the GDPR (necessary for the conclusion and/or performance of a contract) and Art. 6(1)(c) of the GDPR (legal obligation) Data are processed for the duration of the procedure or claim – 1 year from the end of the claim period or 5 years from the end of the tax year for data stored under tax regulations
6. Establishing, pursuing, or defending claims Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until the legal basis for processing ceases – 2 years or 6 years after contract execution, depending on whether the User is an entrepreneur
7. Telephone contact regarding the performance of the service or contract Art. 6(1)(b) of the GDPR (necessary for the conclusion and/or performance of a contract) Data are processed for the duration of the contract/the time needed to send the offer and receive the User’s response, and then until the limitation period expires – 2 years or 6 years after contract execution, depending on whether the User is an entrepreneur
8. Telephone contact for presenting an offer and for direct marketing Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn
9. Creation of records related to the GDPR and other regulations Art. 6(1)(c) of the GDPR (legal obligation) and Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until the legal basis for processing ceases or the data are no longer useful for the Controller
10. Archiving for the purpose of securing information that may serve as evidence Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until an objection is raised or the data are no longer useful for the Controller – 2 years or 6 years after contract execution, depending on whether the User is an entrepreneur
11. Analytical purpose, including the analysis of data automatically collected while using the Website, such as cookies (e.g., Google Analytics or Meta Pixel) Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until the cookies are deleted from the User’s browser
12. Use of cookies on the Website and its subpages Art. 6(1)(a) of the GDPR (consent) Data are processed until the cookies are deleted from the User’s browser
13. Management of the Website and the Controller’s pages on other platforms Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until an objection is raised or the data are no longer useful for the Controller
14. Measuring satisfaction with the offered services Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until an objection is raised or the data are no longer useful for the Controller
15. Publication by the User of reviews of the services provided by the Controller Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn or the data are no longer useful for the Controller
16. Internal administrative purposes of the Controller related to managing contact with the User Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until the legal basis for processing ceases – 2 years or 6 years after contract execution, depending on whether the User is an entrepreneur
17. Tailoring the content displayed on the Controller’s pages to individual needs and continuously improving the quality of the services offered Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until an objection is raised or the data are no longer useful for the Controller
18. Direct marketing aimed at the User for products or services or those recommended by third parties Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until an objection is raised or the data are no longer useful for the Controller
19. Managing a fanpage on Facebook and interacting with Users Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) and Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn, an objection is raised, or the data are no longer useful for the Controller
20. Managing a profile on the Instagram platform and interacting with Users Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) and Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn, an objection is raised, or the data are no longer useful for the Controller
21. Managing a profile on the LinkedIn platform and interacting with Users Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) and Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn, an objection is raised, or the data are no longer useful for the Controller
22. Managing a profile on the Twitter platform and interacting with Users Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) and Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn, an objection is raised, or the data are no longer useful for the Controller
23. Managing a profile on the YouTube platform and interacting with Users Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) and Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn, an objection is raised, or the data are no longer useful for the Controller
24. Managing a profile on the TikTok platform and interacting with Users Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) and Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn, an objection is raised, or the data are no longer useful for the Controller
25. Targeted advertising on social media and websites, such as ads created using Facebook Ads Manager, and remarketing Art. 6(1)(a) of the GDPR (consent) and Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) for promoting and advertising the Controller’s services through remarketing aimed at individuals subscribed to the mailing list or visiting a particular website Data are processed until consent is withdrawn, an objection is raised, or the data are no longer useful for the Controller
26. Contacting the Controller via a chatbot Art. 6(1)(a) of the GDPR (consent) or Art. 6(1)(b) of the GDPR (necessary for the performance of a contract) – Data processed for answering a user’s question on the Website Data are processed until consent is withdrawn, an objection is raised, or the data are no longer useful for the Controller
27. Posting comments by the User Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn or the data are no longer useful for the Controller
28. Posting reviews by the User Art. 6(1)(a) of the GDPR (consent) Data are processed until consent is withdrawn or the data are no longer useful for the Controller
29. Conducting recruitment For the purpose and for the time necessary to take steps required before concluding a contract – Art. 6(1)(b) of the GDPR – and for up to 6 months after the recruitment process; and in the case of data provided voluntarily by the candidate or excess data – based on Art. 6(1)(a) of the GDPR (consent) and Art. 9(2)(a) of the GDPR (consent) for sensitive data provided by the candidate; for future recruitment purposes – based on the Consent given pursuant to Art. 6(1)(a) of the GDPR, for a maximum period of 3 years (calculated from the end of the year in which the data were collected); for the purpose and for the period necessary to pursue the Controller’s legitimate interests, e.g. to pursue claims and defend against claims, marketing of its own products or services (to the extent that processing is necessary for that purpose) – based on Art. 6(1)(f) of the GDPR. Until the contract is concluded or until Consent is withdrawn. No longer than 6 months after the recruitment process. For a maximum period of 1 year (this period is calculated from the end of the year in which the data were collected) Until an objection is raised.
30. Creation of proprietary User Data databases Art. 6(1)(f) of the GDPR (legitimate interest of the Controller) Data are processed until an objection is raised or until the data are no longer useful for the Controller

Providing Data that are not mandatory or providing excess Data that the Controller does not need to process is based on the User’s own decision; in that case, processing is carried out on the basis of the legal premise contained in Art. 6(1)(a) of the GDPR (consent). The User gives Consent for the processing of such Data and for the anonymization of Data that the Controller neither requires nor wishes to process, even though the User has provided them.

RECRUITMENT

The Controller makes available on its Website a recruitment form through which the User can submit their Data in the form of a CV for the purpose of participating in the recruitment process.

Submitting your CV signifies participation in the recruitment process and constitutes Consent for the processing of sensitive Data and excess Data contained in the submitted recruitment documents for the purposes of future recruitment processes conducted by the Controller, provided that the individual has given such Consent.

The User’s Personal Data will be processed for the following purposes and on the following legal bases:

  1. For the purpose of conducting recruitment in connection with employment based on an employment contract – based on the authority arising from Art. 22(1) § 1 of the Act of 26 June 1974, the Labor Code (Journal of Laws 2023, item 1465) – based on Art. 6(1)(c) of the GDPR and in connection with the processing of data other than those specified in Art. 22(1) of the Labor Code, i.e. Data provided voluntarily by the User contained in the CV and in the application documents based on the User’s Consent – Art. 6(1)(a) of the GDPR and Art. 9(2)(a) of the GDPR – in the case of sensitive Data, for the time necessary to take steps required prior to concluding a contract and for up to 6 months after the end of recruitment,
  2. For the purpose of conducting recruitment in connection with employment based on a civil law contract – based on Art. 6(1)(b) of the GDPR, i.e. processing is necessary for the performance of a contract to which the User is a party or to take steps at the User’s request before concluding a contract, for the time necessary to take the required steps prior to concluding the contract and for up to 6 months after the end of recruitment,
  3. For future recruitment purposes – on the basis of the Consent given by the User pursuant to Art. 6(1)(a) of the GDPR, for a maximum period of 3 years (this period is calculated from the end of the year in which the data were collected),
  4. For the purpose and for the period necessary to pursue the Controller’s legitimate interests, e.g. to pursue claims and defend against claims, marketing of its own products or services (to the extent that processing is necessary for that purpose) – based on Art. 6(1)(f) of the GDPR.

After the above processing periods, the User’s Data are permanently deleted or anonymized.

At any time, the User may withdraw the given Consent, although such withdrawal will not affect the lawfulness of processing carried out on the basis of the Consent provided prior to its withdrawal.

The User also has the right to lodge a complaint with the Head of the Office for Personal Data Protection if they believe that the processing of their Personal Data violates the GDPR.

Providing Personal Data is voluntary; however, failure to provide certain Data may render the performance of the aforementioned actions or participation in the recruitment process or future recruitments impossible.

Within the Controller’s recruitment activities, the User’s Data are not subject to profiling.

HOW ARE DATA COLLECTED?

Only the Data that the User provides themselves are collected and processed (except – in certain situations – for Data collected automatically via cookies and log data, as mentioned below).

During a visit to the Website, data regarding the visit (e.g., the User’s IP address, domain name, browser type, operating system type, etc.) are automatically collected (log data). Such automatically collected Data may be used to analyze User behavior on the Website, to gather demographic data about Users, or to personalize the Website content for improvement purposes. However, these Data are processed solely for administering the Website, ensuring efficient hosting services, or for directing marketing content and are not associated with the individual User’s Data. More about cookies can be read later in this Privacy Policy.

Data may also be collected for the purposes of filling out forms available on the Website, as described later in this Privacy Policy.

Information Society Services

The Controller does not collect children’s Data. The User should be at least 16 years old to independently give Consent for the processing of Personal Data for the provision of information society services (including for marketing purposes), or obtain consent from a legal guardian (e.g., a parent).

If the User is under 16, they should not use the Website or the xPets service.

The Controller is entitled to take reasonable steps to verify whether the User meets the above age requirement or whether the person exercising parental authority or care over a User under 16 has given or approved such Consent.

WHAT RIGHTS DOES THE USER HAVE?

The User is entitled at all times to the rights contained in Articles 15–21 of the GDPR, namely:

  • the right to access their Data,
  • the right to data portability,
  • the right to rectify Data,
  • the right to have Data corrected,
  • the right to have Data erased if there is no legal basis for processing,
  • the right to restrict processing if it has been carried out unlawfully or without legal basis,
  • the right to object to the processing of Data based on the Controller’s legitimate interests,
  • the right to lodge a complaint with the supervisory authority – the Head of the Office for Personal Data Protection (in accordance with the Act on Personal Data Protection) if they believe that the processing of their Data violates applicable data protection laws,
  • the right to be forgotten, if further processing is not provided for by applicable law.

The Controller points out that these rights are not absolute and do not apply to all processing activities of the User’s Personal Data. For example, the right to obtain a copy of the Data is subject to limitations so as not to adversely affect the rights and freedoms of others, such as copyright or professional confidentiality. For further details on the limitations regarding the User’s rights, please refer to the GDPR.

Nevertheless, the User always has the right to file a complaint with the supervisory authority – the Head of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw, tel. 22 531-03-00, e-mail: kancelaria@uodo.gov.pl – if they believe that the processing of their Personal Data violates the GDPR or other applicable laws on data protection.

To exercise these rights, the User may contact the Controller via e-mail at kontakt@xpets.pl or in writing at the Controller’s business address, if provided in this Privacy Policy, specifying the scope of their requests. A response will be provided within no later than 30 days from the date the request and its justification are received, unless an extension is justified under the GDPR.

CAN THE USER WITHDRAW HIS CONSENT?

If the User has given Consent for a specific action, such Consent may be withdrawn at any time. Withdrawal will result in the removal of the User’s e-mail address from the Controller’s mailing list and the cessation of the specified actions (in the case of subscription based on Consent). The User may withdraw Consent by clicking on the "unsubscribe" link in the Newsletter, which will redirect the User to a page where they will be asked to confirm the withdrawal. The User may also withdraw Consent by sending a statement to the Controller’s e-mail address or business address provided in this Privacy Policy. Withdrawal of Consent does not affect the lawfulness of the processing carried out based on the Consent given prior to its withdrawal.

In some cases, Data may not be completely deleted and will be retained to defend against potential claims for the period required by law (e.g., under the limitation periods of the Civil Code) or for fulfilling legal obligations imposed on the Controller.

Each time, the Controller will respond to the User’s request, appropriately justifying any further actions required by legal obligations.

DOES THE CONTROLLER TRANSFER THE USER’S DATA TO THIRD COUNTRIES?

User Data may be transferred outside the European Union – to third countries.

Because the Controller uses external service providers (e.g., Meta Platforms Ireland Limited [Facebook and its subsidiaries, hereinafter Meta or Facebook], Google, Microsoft, etc.), the User’s Data may be transferred to the United States of America (USA) in connection with their storage on American servers (in whole or in part). Google and Facebook, based on the European Commission’s decision of 10 July 2023, have undergone a certification process and obtained a certificate confirming an adequate level of protection of Personal Data in line with EU standards. User Personal Data will be transferred only to recipients who guarantee the highest protection and security of the Data, for example, by:

  1. cooperating with entities that process Personal Data in countries for which an appropriate European Commission decision has been issued,
  2. using standard contractual clauses issued by the European Commission,
  3. applying binding corporate rules approved by the competent supervisory authority,

or to those for which the User has given consent to the transfer of Personal Data.

Detailed information is available in the privacy policies of each of these service providers on their respective websites. For example:

Google Ireland Limited: https://policies.google.com/privacy?hl=en

Meta Platforms Ireland Limited: https://www.facebook.com/privacy/explanation

UAB MailerLite: https://www.mailerlite.com/legal/privacy-policy

Currently, services provided by Google Ireland Limited and Meta Platforms Ireland Limited are mainly delivered by entities located in the European Union. However, you should always review the privacy policy of these providers to obtain up-to-date information regarding Personal Data protection. MailerLite may store some Data in the USA or use service providers from that country, but the Data are primarily processed within the European Union.

HOW LONG DOES THE CONTROLLER RETAIN THE USER’S DATA?

User Data will be retained by the Controller for the duration necessary to perform the individual services/achieve the purposes indicated in the table above, and also:

  1. for the duration of the service and cooperation, and also for the limitation period in accordance with applicable law – with respect to Data provided by contractors, clients, or Users,
  2. for the period during which conversations and negotiations preceding the conclusion of a contract or the performance of a service take place – with respect to Data provided in an inquiry for an offer,
  3. for the period required by law, including tax law – with respect to Personal Data associated with fulfilling applicable obligations,
  4. until an effective objection is raised pursuant to Art. 21 of the GDPR – with respect to Personal Data processed on the basis of the Controller’s legitimate interests, including for direct marketing purposes,
  5. until Consent is withdrawn or the processing purpose or business purpose is achieved – with respect to Personal Data processed on the basis of Consent. After Consent is withdrawn, Data may still be processed for the purpose of defending against potential claims in accordance with the limitation period for such claims or a shorter period as indicated to the User,
  6. until the Data become outdated or lose their usefulness – with respect to Personal Data processed primarily for analytical, statistical purposes, the use of cookies, and managing the Controller’s Websites,
  7. for a maximum period of 2 years in the case of users who have unsubscribed from the Newsletter for the purpose of defending against potential claims (e.g., information on the subscription date, unsubscription date, the number of Newsletters received, actions taken, and activity related to the received messages), or after 6 months of no activity by the subscriber, such as not opening any messages from the Controller.

The retention periods indicated above, expressed in years, are calculated until the end of the year in which data processing began. This is intended to streamline the processing and management of Data.

Detailed retention periods for Personal Data, regarding specific processing activities, are set out in the Controller’s processing activities register.

LINKS TO OTHER WEBSITES

The Website may contain links to other websites. These links will open in a new browser window or in the same window. The Controller is not responsible for the content transmitted by these websites. The User is advised to review the privacy policy or terms of use of those websites.

SOCIAL MEDIA ACTIVITY – FACEBOOK

The Controller manages the User’s Personal Data on the fan page named xPets.pl – Discover Unlimited Choice on Facebook.

User Personal Data provided on the fan page will be processed for the purposes of administering and managing the fan page, communicating with the User, interacting with them, directing marketing content to the User, and building the fan page community.

The legal basis for such processing is the User’s Consent and the Controller’s legitimate interest in engaging with Users and followers of the fan page. The User voluntarily chooses to like/follow the fan page.

The rules applicable on the fan page are determined by the Controller; however, the rules for using Facebook are governed by Facebook’s own regulations.

The User may stop following the fan page at any time. In that case, the Controller will no longer display any content originating from the Controller related to the fan page to the User.

The Controller can view User Personal Data such as first name, last name, or general information that the User posts publicly on their profiles. The processing of other Personal Data is carried out by Facebook under its own terms.

User Personal Data will be processed for the duration of the fan page’s existence based on the Consent given by liking/following the fan page or interacting with it (e.g., leaving a comment or sending a message) and for the purpose of pursuing the Controller’s legitimate interests, such as marketing its own products or services or defending against claims.

User Personal Data may be shared with other data recipients, such as the Facebook platform, cooperating advertising agencies, or other subcontractors managing the Controller’s fan page, IT service providers, or virtual assistants, if contact occurs outside of Facebook.

Other User rights are described in this Privacy Policy.

User Personal Data may be transferred to third countries in accordance with Facebook’s policies.

These Data may also be subject to profiling, which helps to better personalize the advertising offer directed at the User. However, they will not be processed in an automated manner as defined by the GDPR (i.e., to the detriment of the User’s rights and freedoms).

Facebook’s Privacy Policy: https://www.facebook.com/privacy/explanation.

SOCIAL MEDIA ACTIVITY – INSTAGRAM

The Controller manages the User’s Personal Data on the profile “xPets.pl – Discover Unlimited Choice” available at https://www.instagram.com/xpets.pl/ on Instagram.

User Personal Data provided on the profile will be processed for administering and managing the profile, communicating with the User, interacting with them, directing marketing content to the User, and building the profile community.

The legal basis for such processing is the User’s Consent and the Controller’s legitimate interest in engaging with Users and followers of the profile. The User voluntarily chooses to like/follow the profile.

The rules for the profile are determined by the Controller; however, the rules for using Instagram are set out in Instagram’s own terms.

The User may stop following the profile at any time. In that case, the Controller will no longer display any content originating from the Controller related to the profile to the User.

The Controller can see User Personal Data, such as first name, last name, or general information that the User posts publicly on their profiles. The processing of other Personal Data is carried out by Instagram according to its own terms.

User Personal Data will be processed for the duration of the profile’s existence based on the Consent given by liking/following the profile or interacting with it (e.g., leaving a comment or sending a message) and for the purpose of pursuing the Controller’s legitimate interests, such as marketing its own products or services or defending against claims.

User Personal Data may be shared with other data recipients, such as cooperating advertising agencies or other subcontractors managing the Controller’s profile, IT service providers, or virtual assistants, if contact occurs outside Instagram.

Other User rights are described in this Privacy Policy.

User Personal Data may be transferred to third countries in accordance with Instagram’s policies.

These Data may also be subject to profiling, which helps to better personalize the advertising offer directed at the User. However, they will not be processed in an automated manner as defined by the GDPR (i.e., to the detriment of the User’s rights and freedoms).

Instagram’s Privacy Policy: https://help.instagram.com/519522125107875.

DATA SECURITY

User Personal Data are stored and protected with due diligence in accordance with the internal procedures implemented by the Controller. The Controller processes User information using appropriate technical and organizational measures that meet the requirements of applicable law, in particular the Act on Personal Data Protection and the GDPR. These measures primarily aim to safeguard User Personal Data from unauthorized access.

In particular, only authorized persons, who are obligated to keep such Data confidential, or entities to whom the processing of Personal Data has been entrusted under a separate data processing agreement, have access to User Personal Data.

The User should also take care to secure their Personal Data provided via the Internet, in particular by not disclosing their login credentials to third parties, using antivirus protection, and keeping their software updated.

WHO MAY BE THE RECIPIENTS OF PERSONAL DATA?

The Controller informs that it uses the services of external entities. The entities to whom the Controller entrusts the processing of Personal Data (e.g., courier companies, electronic payment intermediaries, accounting firms, companies that facilitate newsletter distribution) guarantee the use of appropriate protective and security measures for Personal Data as required by law, in particular by the GDPR.

The Controller informs the User that Personal Data are entrusted, among others, to the following entities:

  1. xPets – for sending the Newsletter and for using the mailing system
  2. Google – for storing Personal Data on a server,
  3. Google – for creating landing pages and collecting leads,
  4. Fakturownia – for issuing accounting documents,
  5. PayU – for handling the payment system and electronic transactions,
  6. Baselinker – for business management,
  7. Google – for using Google services, including e-mail,
  8. Google – for domain and mail server management,
  9. xPets – for IT support or for managing the Website from an IT perspective,
  10. other contractors or subcontractors engaged to provide technical, administrative, or legal assistance to the Controller and its clients, e.g., accounting, HR, IT, graphic design, copywriting, debt collection companies, lawyers, etc.

Personal Data may also be provided to other recipients, for example, government authorities such as the tax office – for fulfilling legal and tax obligations related to settlements and accounting.

The entities that process Personal Data, like the Controller, ensure that European standards for the protection of Personal Data are maintained, including those set by legal acts and decisions of the European Commission, and they also implement compliance mechanisms when transferring Data outside the EEA, e.g., by using standard contractual clauses adopted by the European Commission pursuant to Decision 2021/915 of 4 June 2021 regarding standard contractual clauses between Controllers and Processors pursuant to Art. 28(7) of Regulation (EU) 2016/679 and Art. 29(7) of Regulation (EU) 2018/1725. https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32021D0915&from=PL

HAS THE CONTROLLER APPOINTED A DATA PROTECTION OFFICER?

The Controller hereby informs that it has not appointed a Data Protection Officer (DPO) and carries out its data processing obligations independently.

The User acknowledges that their Personal Data may be transferred to authorized state bodies in connection with the proceedings conducted by them, upon their request and after the necessary conditions for obtaining such Data from the Controller have been met.

DO WE PROFILE THE USER’S DATA?

User Personal Data will not be used for automated decision-making that affects the rights, obligations, or freedoms of the User as defined by the GDPR.

Within the Website and using tracking technologies, User Data may be profiled to help better personalize the advertising offer directed to the User (mainly through behavioral advertising). However, this will not affect the legal position of the User, in particular not the terms of contracts concluded or to be concluded. It may only help to better tailor content and targeted advertisements to the User’s interests. The information used is anonymous and is not linked to the Personal Data provided by the User (e.g., during the purchase process). It is derived from statistical data such as gender, age, interests, approximate location, and behavior on the Website.

Every User has the right to object to profiling if it would negatively affect their rights and obligations.

More information about behavioral advertising can be found here: https://www.youronlinechoices.com/pl/o-reklamie-behawioralnej

§4 FORMS

The Controller uses the following types of Forms on the Website:

  1. Newsletter Subscription Form – requires the User to enter their first name and e-mail address in the designated fields. These fields are mandatory. Then, to add their e-mail address to the Controller’s subscriber database, the User must confirm their wish to subscribe. The Data obtained in this way are added to the mailing list for sending the Newsletter.

    Subscription means that the User agrees with this Privacy Policy and gives Consent to receive marketing and commercial information via electronic means (e.g., e-mail), as defined by the Act of 18 July 2002 on the provision of electronic services (Journal of Laws 2020, item 344, as amended).

    By subscribing to the Newsletter, the User also gives Consent for the Controller to use the User’s telecommunications devices (e.g., phone, tablet, computer) for direct marketing of the Controller’s products and services and to send the User commercial information in accordance with Art. 172(1) of the Telecommunications Act (Journal of Laws 2014, item 243, as amended).

    The above Consents are voluntary but necessary for using the Newsletter service, including for informing about services, new blog posts, products, promotions, and discounts offered by the Controller or by third parties recommended by the Controller. Such Consents may be withdrawn at any time, which will result in the cessation of Newsletter delivery as described in this Privacy Policy.

    The Newsletter is sent indefinitely from the moment of activation until Consent is withdrawn. After withdrawal, the User’s Data may be retained in the Newsletter database for up to 2 years to demonstrate that the User gave Consent to receive Newsletter communications, to record email open rates and the time of withdrawal, and to defend against any related claims, which constitutes the Controller’s legitimate interest (Art. 6(1)(f) of the GDPR).

    The sending of the Newsletter may be discontinued if the User shows no activity for at least 6 months from the commencement of the Newsletter service or since the last e-mail was opened. In such a case, the Controller will remove the User’s Data from the Newsletter system (service provider). The User will then no longer be entitled to receive any messages from the Controller unless they choose to re-subscribe.

§5 DISCLAIMER AND COPYRIGHT

The Controller does not guarantee the completeness, accuracy, or timeliness of the content provided on this Website. The content is provided "as is" and the Controller disclaims any liability for any errors or omissions therein. All copyrights for the content on the Website remain with the Controller or with the original copyright owners as specified in the Store Regulations.

§6 TECHNOLOGIES

This Website uses various technologies, including cookies, server logs, and similar tracking tools, to improve user experience, analyze traffic, and provide personalized content and advertising. For more details, please refer to §§7 and 8 of this Policy.

§7 COOKIES POLICY

This Cookies Policy describes how cookies and similar technologies are used on this Website. Cookies are small text files placed on your device that help us enhance your user experience, analyze website usage, and deliver personalized content and advertising. For more detailed information, please refer to our Cookies Policy.

§8 CONSENT FOR COOKIES

By using this Website, you consent to the placement and use of cookies in accordance with this Privacy Policy and Cookies Policy. You may withdraw your consent at any time by adjusting your browser settings. However, withdrawing consent may affect the functionality and performance of the Website.

§9 SERVER LOGS

Server logs are automatically generated by the Website’s server and contain technical information such as IP addresses, browser type, operating system, and access times. These logs are used for administrative purposes, security, and to improve the Website’s functionality. Server log data are processed in accordance with the purposes set out in §3 and are not linked to any specific User.

§10 DEFINITIONS, PROCEDURES, OBLIGATIONS AND RIGHTS RELATED TO THE DSA

This section sets forth the information regarding all limitations imposed by the Administrator regarding the use of its services with respect to the information transmitted by Users – including, but not limited to, details about all policies, procedures, measures, and tools used for content moderation (including algorithmic decision-making and human review), as well as internal rules of the complaint system, substantial changes to the Terms of Use, and mechanisms for reporting illegal content. The Administrator provides this information and the Terms of Use in a clear and understandable manner and organizes its online services (and interfaces) so as not to mislead, manipulate, or otherwise restrict the Users’ ability to make free and informed decisions.

For the purposes of the DSA, the Administrator is considered a provider of intermediary services and offers the following services:

  1. standard transmission services,
  2. hosting services.

The intermediary services provided by the Administrator allow Users to publish content as part of the service, such as comments, ratings, and reviews.

The Administrator also provides intermediary services via its social media profiles – for example, on Facebook, Instagram, LinkedIn, Twitter, YouTube, and TikTok – as described in §§3.11–3.16.

Fast Delivery in Europe

We deliver all across Europe – check available delivery options in the cart!

Online Support

We're here to help! Contact us via chat or email.

Money-Back Guarantee

Risk-free shopping – 14-day return policy for a full refund.

Information

Contact Information

  • Address
    Konina 284, 34-735 Niedźwiedź
  • Phone
    18 414 78 47
  • Email

Newsletter

Join us and be the first to know about news

Copyright © 2020 - 2025 Ofertigo sp. z o. o. Wszelkie prawa zastrzeżone!