PRIVACY AND COOKIES POLICY OF TATUUM ONLINE STORE

I Information on the Collection and Processing of Personal Data

Personal Data Processing Information Clause

In accordance with Article 13(1) and (2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the GDPR) and the repeal of Directive 95/46/EC (General Data Protection Regulation), we provide information regarding personal data.

DATA CONTROLLER

The controller of the provided personal data is KAN Spółka z ograniczoną odpowiedzialnością based in Poland in Łódź (92-760) at ul. Wiączyńska 8a, with VAT number 7251019880, owner of the TATUUM brand (hereinafter referred to as the Controller).

Contact details:

Postal address: KAN sp. z o.o.

Wiączyńska 8a, 92-760 Łódź
Poland

Email: [email protected]

The Controller has appointed a Data Protection Officer, who can be contacted at

Postal address: KAN sp. z o.o.

Wiączyńska 8a, 92-760 Łódź
Poland

Email: [email protected]

PURPOSES AND LEGAL GROUNDS FOR PROCESSING

The purposes and legal bases for processing personal data will vary depending on how they are obtained and used. Below, the purposes and legal bases for the processing of personal data are presented, divided into datasets that are collected from the same source.

Data ‘NEWSLETTER’

The collected data will be processed for the purpose of distributing information about the Controller’s products and promotional campaigns, i.e. for marketing purposes, which constitutes the exercise of the Controller’s legitimate interest, in accordance with the basis specified in Article 6(1)(f) GDPR. Providing the data is voluntary, however, it is necessary for subscribing to the newsletter. Data may also be processed on a limited basis for analytical and statistical purposes under Article 6(1)(f) GDPR.

Data ‘CHAT, EMAIL’

Personal data obtained during chat conversations will be used to address the submitted inquiry/request and for any further contact, which constitutes a legally justified interest of the Controller, in accordance with the basis specified in Article 6(1)(f) GDPR. Providing the data is voluntary, however, it is necessary to respond to the submitted message.

Data ‘ONLINE STORE CUSTOMERS’

Personal data provided to the Controller during the registration of a shopping account in the online store will be processed for communication, maintenance of the customer account (in the case of account registration), and the fulfillment of orders placed in the online store owned by the Controller, based on Article 6(1)(b) GDPR, as well as for fulfilling legal and fiscal obligations related to completed orders under Article 6(1)(c) GDPR. The collected personal data may also be used in the legitimate interest of the Controller, namely for the marketing of its own products and services, based on the basis specified in Article 6(1)(f) GDPR. Providing the data is voluntary, however, it is necessary for making purchases and registering in the online store. Data may also be stored on a limited basis for statistical and archival purposes.

Data ‘TATUUM TUUGETHER CLUB MEMBERS’

Personal data provided to the Controller during the registration of a club/loyalty account will be processed for communication and to enable membership in the club and the exercise of membership rights, based on the premise of Article 6(1)(b) GDPR. The aforementioned data may also be used in the legitimate interest of the Controller, namely for the marketing of its own products and services, based on the basis specified in Article 6(1)(f) GDPR. Providing the data is voluntary, however, it is necessary for registration. Data may also be stored on a limited basis for statistical and archival purposes.

LEGITIMATE INTEREST OF THE CONTROLLER

The legitimate interest of the Controller, which forms the basis for processing personal data, is the marketing of its own products and services.

DATA RECIPIENTS

The processed personal data may be transferred to authorized offices and state authorities as well as to other entities based on a justified request, and also for the proper performance of a contract, service provision, product delivery, fee collection, data analysis, marketing services, or customer support, to entities such as IT service providers, marketing services, analytical providers, franchisees, couriers, payment intermediaries, etc., and, on a limited basis, to entities exercising operational control over the company.

DATA RETENTION PERIOD

The retention period for personal data may vary depending on the type of personal data collected and the purpose of its processing.

Data ‘NEWSLETTER’

The data will be retained until the consent for its processing is withdrawn and the newsletter subscription is canceled, extended by the time required to process the request in this regard, for a maximum of up to 30 days. In the case of data processed for marketing purposes, such data is processed until an objection to further processing is raised by the data subject. For data processed solely for statistical and archival purposes, the retention period is 10 years.

Data ‘CHAT, EMAIL’

Data will be processed until a response is provided to the submitted inquiry, and after the contact is concluded, for a maximum of 5 years.

Data ‘ONLINE STORE CUSTOMERS’

Personal data will be processed until a request to delete the customer’s account is submitted, extended by the time required to process the request (up to 30 days). Furthermore, data may be stored on a limited basis until any potential claims arising from historical purchases become time-barred. In the case of data processed for marketing purposes, the data is processed until an objection to further processing is raised by the data subject. For data processed solely for statistical and archival purposes, the retention period is 10 years.

Data ‘TATUUM TUUGETHER CLUB MEMBERS’

Personal data will be processed until the consent is withdrawn and participation in the club is terminated, and for the time required to process the request. In the case of data processed for marketing purposes, the data is processed until an objection to further processing is raised by the data subject. For data processed solely for statistical and archival purposes, the retention period is 10 years.

RIGHTS OF THE DATA SUBJECTS

Everyone whose data is processed is entitled, in accordance with the GDPR, to:

the right to access their data and receive a copy thereof;

the right to rectification (correction) of their data if they are inaccurate or outdated, as well as the right to have them deleted when the processing does not occur for the purpose of fulfilling a legal obligation or as part of the exercise of public authority;

the right to restrict or object to data processing;

the right to lodge a complaint with a data protection supervisory authority.

PROFILING

For the purpose of marketing its own products and services with the intent to prepare a personalized commercial offer, the Controller employs profiling. The data subject to profiling includes, among others, gender, first name, postal code, and date of birth, which are used to select commercial information about products tailored to your needs. Providing the aforementioned personal data is voluntary.

II Information about Cookies

TATUUM collects information about users and their behavior in the following ways:

by voluntarily providing information in the forms used,

by storing cookies on end-user devices (so-called "cookies").

The content of the www.tatuum.com website (“Service”) is the property of the Controller and is legally protected.

The Controller declares that the pages of the Service are free from content that infringes the rights of third parties or applicable legal provisions, and in particular from content containing information that causes or poses a threat to the privacy or security of any person, contains information promoting illegal activities or behavior, is offensive, constitutes a threat, is indecent, defamatory or slanderous, incites racism, persecution on ethnic, cultural or religious grounds, promotes or facilitates criminal activities, infringes the rights of third parties (including intellectual property rights) or constitutes any other form of violation of legally protected rights.

III Information about Cookies

The Service uses cookies.

Cookies (so-called “cookies”) are data files, in particular text files, that are stored on the end-user’s device and are intended for use with the Service’s website.

Cookies usually contain the name of the website from which they originate, the duration of their storage on the end-user’s device, and a unique number.

The entity that places cookies on the end-user’s device and accesses them is the operator of the Service.

Cookies are used for the following purposes:

to create statistics that help understand how users of the Service use the website, which enables improvements to its structure and content;

to maintain the User’s session on the Service (after logging in), so that the User does not have to re-enter their login and password on every page of the Service;

to determine the user profile in order to display tailored content in advertising networks.

Within the Service, two main types of cookies are used: “session” cookies and “persistent” cookies. Session cookies are temporary files that are stored on the User’s device until logout, leaving the website, or closing the browser. Persistent cookies are stored on the User’s device for the duration specified in the cookie parameters or until they are deleted by the User.

Web browsing software (web browser) typically allows the storage of cookies on the User’s device by default. Users of the Service can change these settings. The web browser allows for the deletion of cookies. It is also possible to automatically block cookies. Detailed information on this topic can be found in the help or documentation of the web browser.

Restrictions on the use of cookies may affect some functionalities available on the Service’s website.

Cookies placed on the User’s device by the Service may also be accessed by advertisers and partners cooperating with the Service operator. These entities include, among others: RTBHouse - https://www.rtbhouse.com/privacy-center/services-privacy-policy-pl; LIVECHAT - https://www.livechat.com/legal/privacy-policy/

We recommend reading the privacy policies of these companies to understand the principles of cookie usage in statistics: https://www.google.analytics

Cookies may be used by advertising networks, in particular the Google network, to display ads tailored to the way the user uses the Service. For this purpose, they may store information about the user’s navigation path or the time spent on a given page.

Regarding information about user preferences collected by the Google advertising network, the user can view and edit the information derived from cookies using the tool: https://www.google.com/ads/preferences/

How to manage cookies – instructions from web browser manufacturers:

Mozilla Firefox: http://support.mozilla.org/pl/kb/ciasteczka

Internet Explorer: http://support.microsoft.com/kb/278835/pl

Google Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

Safari: http://safari.helpmax.net/pl/oszczedzanie-czasu/blokowanie-zawartosci/

Opera: http://help.opera.com/Linux/9.22/pl/cookies.html

In accordance with the applicable provisions of the Telecommunications Act of 16 July 2004, the User has the right to decide on the access of cookies to their computer by pre-selecting them in their browser settings.

IV Server Logs

Information about certain user behaviors is logged at the server level. These data are used solely for the purpose of administering the Service and ensuring the most efficient operation of the hosting services provided.

The browsed resources are identified by URLs. Additionally, the following may be logged:

the time of the request arrival,

the time the response was sent,

the client’s station name – identification performed via the HTTP protocol,

information about errors that occurred during the HTTP transaction,

the URL of the previously visited page (referrer link) – in case the visit to the Service occurred via a link,

information about the user’s browser,

information about the IP address.

The above data is not associated with specific individuals browsing the pages.

The above data is used solely for server administration purposes.

V Cookie Tools

Elements embedded in the cookie mechanism that perform functions related to security, personalization, and analytics (e.g., CookieConsent, gp_s, SERVERID, language settings).

They enable the basic functionality of the website (e.g., maintaining sessions, remembering preferences) and support analytics and remarketing.

They collect unique identifiers, consent statuses, preference settings (e.g., language, region), and session data.

VI Cookiebot CMP

A tool for managing cookie consents that automatically scans the website, informs users about the cookies used, and enables the management of consents.

It is used for obtaining and documenting cookie consents, ensuring transparency in processing, and compliance with the GDPR.

It processes information about given consents, scanning results, and cookie metadata.

VII Synerise

An advanced marketing automation and analytics platform that enables customer segmentation, offer personalization, and campaign automation.

A tool used for automating sales activities, content personalization, behavior analysis, and building a customer base. It collects data regarding behavioral, transactional, demographic information, and data from marketing campaigns.

VIII Disclaimer

This Privacy Policy does not cover any information regarding the services or goods of entities other than the Controller, which have been placed on the Service’s pages commercially, as a guest, on a reciprocal basis, or not intended to achieve a commercial effect.

The Controller is not responsible for the actions or omissions of Users, as a result of which the Controller processes the personal data provided by them in the manner specified in this Privacy Policy.

The Controller reserves the right to introduce changes, withdraw, or modify the functions or properties of the Service’s website, as well as to cease operations, transfer rights to the Service, and perform any legal actions permitted by applicable law. All actions taken by the Controller must not infringe upon the rights of the Users.

IX Changes to the Privacy Policy

The Controller reserves the right to make changes to the Privacy Policy if required by law or due to changes implemented in the Service. The Controller will notify Users of any such changes and the date on which they come into effect, in particular by posting a notice on the Service’s website.

The date specified below is the effective date of the latest version of the Privacy Policy.

PRIVACY POLICY EFFECTIVE FROM 05.08.2025