Privacy and Cookies Policy

At the very beginning – we are glad that you have visited our website www.doublebrand.pl and that the way we process your personal data matters to you. Below you will find the purposes, legal bases, and retention periods for the processing of personal data, indicated separately for each purpose of processing.

First of all, we want to emphasize that your data is safe with us. We ensure the confidentiality of all data provided to us, protect it against unauthorized access, and take appropriate security and data protection measures as required by applicable data protection laws.

1. General Information

1.1. Controller
The controller of your personal data is Double Brand Sp. z o.o, with its registered office at ul. Jarochowskiego 8/8, 60-235 Poznań, Poland, VAT ID: 7792258596. If you have any doubts related to this privacy policy, you may contact us at any time by sending an email to: rodo@doublebrand.pl 

1.2. Rights under GDPR
The General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 – “GDPR”) grants you the following rights in relation to the processing of your personal data:

a) the right to access your data and obtain a copy thereof,
b) the right to rectify (correct) your data,
c) the right to erasure of data (if, in your opinion, there is no legal basis for us to process your data, you may request that we delete it),
d) the right to restrict processing (you may request that we restrict processing solely to storage or actions agreed with you),
e) the right to object to processing (you have the right to object to processing carried out on the basis of our legitimate interest; you should indicate your particular situation that, in your opinion, justifies cessation of the processing subject to objection. We will stop processing your data in such cases unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the data is necessary for the establishment, exercise, or defense of legal claims),
f) the right to data portability (you have the right to receive, in a structured, commonly used, machine-readable format, personal data that you have provided to us on the basis of a contract or your consent; you may also request that we transmit such data directly to another controller),
g) the right to lodge a complaint with a supervisory authority (if you believe that we are processing your data unlawfully, you may lodge a complaint with the President of the Personal Data Protection Office in Poland or another competent supervisory authority).

The rules regarding the exercise of these rights are set out in Articles 16–21 GDPR. Remember, you can also request information about what data we hold about you and for what purposes we process it. Simply send an email to rodo@doublebrand.pl 

1.3. Data recipients
Your personal data may be processed by entities whose services we use. They may gain access to your personal data if the services they provide are connected with such access. In particular, this applies to entities such as hosting providers, email service providers, IT support providers, law firms, marketing service providers, accounting firms, cloud software providers, postal and courier companies, etc.
Your data is secure and processed only to the necessary extent. Additionally, your personal data may be disclosed to entities, authorities, or institutions entitled to access it under applicable law, such as law enforcement, security services, courts, prosecutors, or tax authorities, where necessary for tax, accounting, or settlement obligations.

1.4. Transfers to third countries
We transfer your personal data to third countries in connection with the use of tools that store personal data on servers located outside the EEA, in particular in the United States. The providers of these tools ensure an adequate level of protection through compliance mechanisms provided for by the GDPR, including standard contractual clauses. Such transfers occur in particular in relation to services provided by Google Ireland Limited (Google services), Meta Platforms Inc. (Facebook and Instagram).

1.5. Profiling
We use tools that may take certain actions depending on information collected through tracking mechanisms (profiling and behavioral advertising). However, we believe that these actions do not significantly affect you, as they do not differentiate your situation as a customer nor affect the terms of any contract you may conclude with us.

2. Purposes and Processing Activities

2.1. Contact

• Data processed: name, email address, and any data contained in the message (providing data is voluntary, but necessary to establish contact).
• Purpose: establishing contact.
• Retention period: correspondence may be archived; we cannot determine precisely when it will be deleted.
• Legal basis: Article 6(1)(f) GDPR (our legitimate interest). After contact ends, the legal basis for processing is also our legitimate interest in archiving correspondence for internal purposes (Article 6(1)(f) GDPR).
• Rights: You have the right to request access to your correspondence with us (if archived) as well as request its deletion, unless archiving is justified by our overriding interests, e.g., defense against potential claims.

2.2. Orders

• Data processed: data necessary to fulfill the order: full name, billing address, company details, email address, phone number, VAT number (providing data is voluntary but required to place an order).
• Purpose: performance of a contract concluded by placing an order, issuance of invoices and their inclusion in accounting records, archiving and statistical purposes, and direct marketing of our own products and services.
• Retention period: data is stored for the time necessary to fulfill the order, and thereafter until the expiry of limitation periods for claims under the concluded contract. After this period, data may still be processed for archiving/statistical purposes (e.g., identifying returning customers) and for direct marketing of our products and services until you object.
• Legal basis: performance of a contract (Article 6(1)(b) GDPR), issuing invoices (Article 6(1)(c) GDPR), accounting obligations (Article 6(1)(c) GDPR), direct marketing of own products/services (Article 6(1)(f) GDPR), archiving/statistics (Article 6(1)(f) GDPR).
• Rights: You cannot rectify order data after fulfillment, nor object to processing or request erasure until the limitation period expires. Similarly, you cannot object to or request erasure of data contained in invoices. You may object to processing for direct marketing purposes.

3. Cookies

3.1. Cookies and tracking technologies
Our website uses cookies. Cookies are small text files stored on your device (computer, tablet, smartphone), which may be read by our IT system (first-party cookies) or third-party systems (third-party cookies). Some cookies are session-based (deleted after you close your browser), while others are persistent and remain on your device to recognize your browser during subsequent visits.

3.2. Consent to cookies

• During your first visit, you are shown information about the use of cookies along with a request for consent.
• You can change cookie settings in your browser at any time or delete cookies entirely. Each browser handles cookie settings differently; see the help menu for details.
• You can also manage cookies using browser add-ons.
• Disabling or restricting cookies may cause difficulties in using our website and many other sites that rely on cookies.

3.3. Server logs

• Use of the website involves sending requests to the server where it is hosted. Each request is recorded in server logs.
• Logs include your IP address, server date and time, browser information, and operating system.
• Logs are stored on the server and are not associated with specific individuals and are not used to identify you.
• Logs are auxiliary material for server administration and are disclosed only to authorized personnel.

3.4. Google Analytics

• We use Google Analytics provided by Google LLC (USA).
• The purpose is to create statistics and analyze them to optimize our website.
• The data collected is not personal data and does not allow your identification. Accessible data includes OS/browser details, pages viewed, time spent, referral source, etc.
• We also use Advertising Features such as demographic/interest reports, age range, gender, approximate location, and interest categories based on online activity.
• Google Analytics operates via a tracking code implemented on our site, which uses cookies.

3.5. Google Tag Manager

• We use Google Tag Manager provided by Google LLC.
• It is used to manage website tags through an interface. It allows us to control advertising campaigns and site usage.
• Google Tag Manager only deploys tags and does not store cookies or collect personal data itself. It enables other tags that may, in some cases, collect data. However, Google Tag Manager itself has no access to such data.
• If cookie storage is disabled at the domain or browser level, it will apply to all tracking tags implemented through Google Tag Manager.
• We use this tool based on our legitimate interest in marketing our products/services and optimizing our website.

If any information provided in this Privacy and Cookies Policy is unclear to you, please feel free to contact us at rodo@doublebrand.pl