1.1. Administrator – eTOP Sp. z o.o. with its registered office at al. Jerozolimskie 200, 02-222 Warsaw.

1.2. Personal Data – information about an identified or identifiable natural person through one or more specific factors defining physical, physiological, genetic, psychological, economic, cultural, or social identity, including device IP, location data, online identifier, and information collected via cookies and similar technologies.

1.3. Policy – this Privacy Policy.

1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.5. Service – the website operated by the Administrator at the addresses:

https://www.etop.pl,

https://datahouse.pl,

https://hostilla.pl,

https://datahouse.net.

1.6. User – any natural person visiting the Service or using one or more services or functionalities described in this Policy.

3.1. The personal data of all individuals using the Service (including IP address or other identifiers and information collected via cookies or similar technologies), who are not registered Users (i.e., do not have a profile in the Service), are processed by the Administrator for:

3.1.1. Providing electronic services related to making content available to Users in the Service – the legal basis for processing is the necessity of processing to perform a contract (legal basis: Article 6(1)(b) GDPR);

3.1.2. Analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (legal basis: Article 6(1)(f) GDPR), consisting of analyzing User activity and preferences to improve functionalities and provided services;

3.1.3. Potential establishment, exercise, or defense of legal claims – the legal basis for processing is the legitimate interest of the Administrator (legal basis: Article 6(1)(f) GDPR), consisting of protecting its rights.

3.2. The User’s activity on the Service, including Personal Data, is recorded in system logs (a specialized computer program used to store a chronological record containing information about events and actions concerning the IT system used to provide services by the Administrator). The information collected in logs is primarily processed for service provision purposes. The Administrator also processes them for technical, administrative, security, and statistical purposes – in this scope, the legal basis for processing is the legitimate interest of the Administrator (legal basis: Article 6(1)(f) GDPR).

4.1. Individuals registering in the Service are required to provide data necessary to create and manage an account. To facilitate usage, the User may provide additional data using available functionalities within the account, which can be removed at any time. Providing required data is mandatory to create and maintain an account, and failure to provide them will result in the inability to register. Providing other data is voluntary.

4.2. Personal data is processed:

4.2.1. To provide account-related services – the legal basis for processing is the necessity of processing to perform a contract (legal basis: Article 6(1)(b) GDPR);

4.2.2. For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (legal basis: Article 6(1)(f) GDPR), consisting of analyzing User activity on the Service and preferences to improve functionalities;

4.2.3. For potential establishment, exercise, or defense of legal claims – the legal basis for processing is the legitimate interest of the Administrator (legal basis: Article 6(1)(f) GDPR), consisting of protecting its rights.

4.2.4. For marketing purposes of the Administrator and other entities – the rules of processing personal data for marketing purposes are described in the MARKETING section.

4.3. If a User submits any Personal Data of other persons in the Service (including their name, address, phone number, or email address), they may do so only if they do not violate legal provisions or the personal rights of those individuals.

4.4. Placing an order (e.g., purchasing a product or service) via the Service involves processing the User’s Personal Data. Providing required data is necessary to accept and process an order, and failure to provide them will result in the inability to complete the order. Providing other data is voluntary.

4.5. Personal data is processed:

4.5.1. To fulfill the placed order – the legal basis for processing is the necessity of processing to perform a contract (legal basis: Article 6(1)(b) GDPR);

4.5.2. To fulfill legal obligations imposed on the Administrator, particularly tax and accounting obligations – the legal basis for processing is a legal obligation (legal basis: Article 6(1)(c) GDPR);

4.5.3. For analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Administrator (legal basis: Article 6(1)(f) GDPR), consisting of analyzing User activity in the Service and purchase preferences to improve functionalities;

4.5.4. For potential establishment, exercise, or defense of legal claims – the legal basis for processing is the legitimate interest of the Administrator (legal basis: Article 6(1)(f) GDPR), consisting of protecting its rights.

4.6. The Administrator provides an option to contact via electronic contact forms or chat. Using the form requires providing Personal Data necessary for responding to the inquiry. Additional data may be provided to facilitate contact or request processing. Providing required data is necessary to handle inquiries, and failure to do so will result in the inability to provide assistance. Providing additional data is voluntary.

4.7. Personal data is processed to identify the sender and handle their inquiry submitted via the provided form – the legal basis for processing is the necessity of processing to perform a contract (legal basis: Article 6(1)(b) GDPR).

5.1. The Administrator processes Users’ Personal Data for marketing purposes, which may include:

5.1.1. Displaying marketing content to the User that is not tailored to their preferences (contextual advertising);

5.1.2. Sending email notifications about interesting offers or content, which may sometimes contain commercial information (newsletter service);

5.1.3. Conducting other types of direct marketing activities related to goods and services (sending commercial information electronically and telemarketing activities).

5.2. In some cases, the Administrator uses profiling to carry out marketing activities. This means that through the automatic processing of data, the Administrator creates a User profile and, based on the collected information, evaluates selected factors concerning Users (e.g., email address, order history, type of device, technology used, visit frequency, vehicle model) to analyze their behavior as buyers or to create a purchase forecast for the future. This allows for better customization of displayed content according to the User’s individual preferences and interests.

5.4. The Administrator provides the newsletter service under the terms set out in the regulations to individuals who have provided their email address for this purpose. Providing data is required to receive the newsletter, and failure to do so will result in the inability to send it. This form of communication with the User may involve profiling. This means that through automatic data processing, the Administrator creates a User profile and, based on the collected information, evaluates selected factors concerning Users (e.g., email address, order history, type of device, technology used, visit frequency) to analyze their behavior as buyers or to create a purchase forecast for the future. This allows for better customization of the sent content according to the User’s individual preferences and interests.

5.4. Personal Data is processed:

5.4.1. To provide the newsletter service – the legal basis for processing is the necessity of processing to perform a contract (legal basis for processing: Article 6(1)(b) of the GDPR);

5.4.2. In the case of directing marketing content within the newsletter – the legal basis for processing, including profiling, is the Administrator’s legitimate interest (legal basis for processing: Article 6(1)(f) of the GDPR) in connection with the expressed consent to receive the newsletter;

5.4.3. For analytical and statistical purposes – the legal basis for processing is the Administrator’s legitimate interest (legal basis for processing: Article 6(1)(f) of the GDPR), consisting of analyzing Users' activity in the Service to improve its functionalities;

5.4.4. To establish and pursue claims or defend against claims – the legal basis for processing is the Administrator’s legitimate interest (legal basis for processing: Article 6(1)(f) of the GDPR), consisting of protecting its rights.

5.5. The User’s Personal Data may also be used by the Administrator to send them marketing content through various channels, such as email, MMS/SMS, or telephone. Such actions are taken by the Administrator only if the User has given consent, which can be withdrawn at any time.

5.6. In some cases, the Administrator may also conduct direct marketing via traditional mail. Users have the right to object to this type of marketing.

7.1. The Administrator allows Users to post comments on the Service. Providing data in fields marked as “required” is voluntary, but failure to provide them will prevent the comment from being posted. The data publicly visible to all Users includes the User’s nickname.

7.2. Personal Data is processed for publishing comments as part of the functionalities provided by the Administrator – the legal basis for processing is the necessity of processing to provide the service (legal basis for processing: Article 6(1)(b) of the GDPR).

8.1. Cookies are small text files installed on the User’s device when browsing the Service.
 

Cookies collect information that makes it easier to use the website – for example, by remembering the User’s visits and actions.

8.2. The Administrator uses so-called service cookies primarily to provide Users with electronic services and to improve the quality of those services. Therefore, the Administrator and other entities providing analytical and statistical services use cookies to store or access information already stored on the User's telecommunication end device (computer, phone, tablet, etc.). Cookies used for this purpose include:

8.2.1. User input cookies (session identifier) for the duration of the session;

8.2.2. Authentication cookies used for services requiring authentication for the duration of the session;

8.2.3. Security cookies used to detect authentication abuses;

8.2.4. Session cookies of multimedia players (e.g., flash player cookies) for the duration of the session;

8.2.5. Persistent cookies for User interface customization for the duration of the session or slightly longer.

10.1. The User may withdraw their consent to the use of cookies for data collection at any time, including access to data stored on their device.

10.2. Consent is not required only for cookies that are essential for providing a telecommunications service (data transmission for content display).

10.3. Withdrawal of consent for the use of cookies is possible via browser settings.

10.3.1. Internet Explorer: https://support.microsoft.com/pl-pl/help/17442/windows-internet-explorer-delete-manage-cookies

10.3.2. Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

10.3.3. Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

10.3.4. Opera: http://help.opera.com/Windows/12.10/pl/cookies.html

10.3.5. Safari: https://support.apple.com/kb/PH5042?locale=en-GB

10.4. The User can verify the status of their current privacy settings for their browser at any time using the tools available at the following links:

10.4.1. http://www.youronlinechoices.com/pl/twojewybory

10.4.2. http://optout.aboutads.info/?c=2&lang=EN

11.1. The period for which the Administrator processes data depends on the type of service provided and the purpose of processing. As a general rule, data is processed for the duration of the service provision or order fulfillment, until consent is withdrawn, or an effective objection to data processing is submitted in cases where the legal basis for processing is the Administrator’s legitimate interest.

11.2. The data processing period may be extended if processing is necessary for establishing, pursuing, or defending legal claims. After this period, data will only be stored if required by legal provisions. Once the processing period expires, data is irreversibly deleted or anonymized.

12.1. The User has the right to access their data, request its rectification, deletion, restriction of processing, data portability, and object to the processing of their data. Additionally, the User has the right to file a complaint with the supervisory authority responsible for Personal Data protection.

12.2. If the User’s data is processed based on consent, the User may withdraw this consent at any time by contacting the Administrator or using the functionalities available on the Service.

12.3. The User has the right to object to the processing of data for marketing purposes if processing is based on the Administrator's legitimate interest. The User may also object—on grounds relating to their particular situation—in other cases where data is processed based on the Administrator’s legitimate interest (e.g., for analytical and statistical purposes). To withdraw consent, Users may send an email to: iod@etop.pl.

13.1. In connection with service provision, Personal Data may be disclosed to external entities, including but not limited to IT service providers, banks, and payment operators, accounting service providers, couriers (for order fulfillment), and entities affiliated with the Administrator.

13.2. If a comment is added to the Service, the User’s pseudonym will be publicly visible along with the comment content.

14.1. The level of Personal Data protection outside the European Economic Area (EEA) may differ from that guaranteed by European law. For this reason, the Administrator transfers Personal Data outside the EEA only when necessary and with an adequate level of protection, primarily by:

14.1.1. Cooperating with entities processing Personal Data in countries for which the European Commission has issued a decision confirming an adequate level of protection;

14.1.2. Applying standard contractual clauses issued by the European Commission;

14.1.3. Implementing binding corporate rules approved by the relevant supervisory authority;

14.1.4. In the case of data transfer to the USA, cooperating with entities participating in the Privacy Shield program approved by the European Commission.

14.2. The Administrator always informs Users about the intention to transfer Personal Data outside the EEA at the time of data collection.

15.1. The Administrator continuously conducts risk analyses to ensure that Personal Data is processed securely—ensuring that only authorized individuals have access to data and only to the extent necessary for their tasks. The Administrator ensures that all operations involving Personal Data are recorded and carried out only by authorized employees and associates.

15.2. The Administrator takes all necessary steps to ensure that its subcontractors and other cooperating entities provide guarantees for implementing appropriate security measures whenever they process Personal Data on behalf of the Administrator.

16.1. The Administrator can be contacted via email at etop@etop.pl or by mail at Etop sp. z o.o., al. Jerozolimskie 200, 02-222 Warsaw, Poland.

16.2. The Administrator has appointed a Data Protection Officer, who can be contacted via email at iod@etop.pl or by mail to the Administrator’s address with the note "Data Protection Officer" regarding any matters related to Personal Data processing.

16.3. Users have the right to access their data, request its rectification, deletion, restriction of processing, data portability, and object to data processing (e.g., if data is processed based on consent, for marketing purposes, or shared with third parties). Users also have the right to withdraw their consent at any time. To withdraw consent, Users may contact Etop sp. z o.o.’s customer service or send an email to iod@etop.pl.

Providing Personal Data is entirely voluntary. Failure to provide Personal Data will prevent full execution of the obligations undertaken by Etop sp. z o.o. under agreements concluded with Users.

17.1. The Privacy Policy is regularly reviewed and updated as needed.

17.2. The current version of the Privacy Policy was adopted and has been in effect since 01.01.2022.

18.1. Information on Personal Data Processing

eTOP sp. z o.o., headquartered at al. Jerozolimskie 200, 02-222 Warsaw, Poland, places great importance on the protection of personal data. Therefore, it has appointed a Data Protection Officer, who can be contacted via traditional mail (at the above address) or by email at iod@etop.pl. eTOP sp. z o.o. encourages contact via email.

18.2. Data Administrator

In connection with the recruitment process, the administrator of your personal data is eTOP sp. z o.o., which will process personal data for the purpose of conducting the recruitment process.

18.3. Data Collection and Processing Purposes

Your personal data is processed for recruitment purposes based on:

 

Article 6(1)(b) of the General Data Protection Regulation (GDPR) – for the purpose of concluding an employment or cooperation agreement;

Article 6(1)(a) of the GDPR – based on your consent for processing personal data that is not required by labor law or for participation in future recruitment processes;

Article 9(2)(b) of the GDPR – for processing data necessary to assess an employee’s work ability.

Providing data required under labor law is mandatory, while other data provision is voluntary.

 

If no contract is concluded, your data will be deleted after the recruitment process is completed. The Administrator may, without additional consent, store candidate data for up to six months after the recruitment process as a justified interest, considering that the hired candidate may not perform well in the position or may resign. If consent is given for participation in future recruitment processes, data will be stored for no more than one year.

 

Your data may be processed automatically, including for profiling purposes, but such processing will not have any legal effects or significantly impact you.

18.4. Data Recipients

Data may be accessed by entities providing IT solutions, auditing firms, government authorities, or other entities authorized by law, as required to fulfill the legal obligations of eTOP sp. z o.o. Data will be processed in Poland or within the European Economic Area (EEA).

18.5. Rights Regarding Processed Data

Individuals whose data is processed by the Administrator have the right to:

 

Access their data,

Request data correction, deletion, or restriction of processing,

Object to processing,

Request data portability.

More information about data subject rights is available in Articles 12-23 of the GDPR, which can be found at:

https://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

 

Additionally, you have the right to lodge a complaint with the supervisory authority, the President of the Personal Data Protection Office (PUODO). More information is available at:

https://uodo.gov.pl/