Your data is safe with ONSEN®!
1. Definitions
1.1. The privacy policy sets out the rules for the collection, processing, and use of personal data by the ONSEN® brand Service operated under the domain https://onsen.eu/ by Onsen Sp. z o.o. with its registered office in Toruń at ul. Marii Skłodowskiej-Curie 71G, registered in the National Court Register under number 0000588698, having REGON number 363084435 and NIP number 9562314576, hereinafter referred to as the Administrator.
1.2 Personal data means information about an identified or identifiable natural person by one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, location data, internet identifier, and information collected through cookies or other similar technology.
1.3 Privacy policy is a document containing information related to the processing of personal data, as well as the use of cookies and similar tracking technologies within the online store of the ONSEN® brand operated under the domain https://onsen.eu/.
1.4 Service is a website operated by Onsen Sp. z o.o. under the domain https://onsen.eu/, which is accessible through web browsers.
1.5 Online store is a part of the Service through which Onsen Sp. z o.o. conducts distance selling of goods.
1.6 User is any natural person who visits the Service or uses one or more services or functionalities described in the Privacy Policy.
1.7 Device is an electronic device through which the User accesses and uses the Service.
2. General information
2.1 When using our Service, we collect data necessary to provide the services offered by us and information about your activity within the Service. As the administrator of your personal data, we pay great attention to their security and protection. We assure you that our data processing methods comply with applicable legal standards, including in particular the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, and the Act of 10 May 2018 on the protection of personal data. Our priority is to provide you with comprehensive information about the processing of your personal data and to provide appropriate tools that will enable you to exercise your rights.
2.2 We make every effort to ensure that the personal data processed by us comply with applicable regulations and are always up to date. Therefore, we may periodically send you reminders to refresh them, using your email address or by displaying relevant information on the Service.
2.3 The Administrator makes every effort and takes all possible actions to ensure the protection of personal data during their processing and storage, and above all, to prevent access to them by third parties. At the same time, it guarantees that they will be processed in a fair and transparent manner for specific, legally justified purposes. Moreover, they are stored for no longer than necessary for the purposes for which the data are processed or for obligations imposed on the Administrator under the law. The data are used to the minimum extent necessary.
3. Contact with the Administrator
3.1 If you have any questions regarding how we process your personal data or if you wish to exercise your rights, we encourage you to contact us directly. You can contact us by sending a message to the email address biuro@onsen.eu, using the contact form provided on the Service, or by postal mail at the Administrator's headquarters.
4. Data Acquisition
4.1 We collect your personal data directly from you to ensure the effective provision of our services and the smooth operation of the Service. Most often, we receive your data through specially designated forms, for example, when you make purchases in our Store. We also obtain them when you subscribe to the newsletter or contact us, for example, through the contact form. Your data is also collected when you use other features of the Service, such as browsing the blog.
5. Optional Provision of Data
5.1 The choice to provide us with personal data is entirely up to you. We cannot require it from you. However, it should be noted that in certain situations, providing personal data is crucial for the provision of our services or necessary for the conclusion and performance of a contract, as explained in detail in the further part of the Privacy Policy.
6. Using the Service
6.1 If you use our Service without having an account (as an unregistered user), we process your personal data, such as IP address or data collected by cookies and similar technologies, for the purposes described below:
6.1.1 To provide access to content available on the Service as part of our electronic services, where data processing is necessary for the performance of a contract (Art. 6(1)(b) of the General Data Protection Regulation - processing is necessary for the performance of a contract).
6.1.2 For analytical and statistical purposes based on the legitimate interest of the Administrator, which is the analysis of users' activities and preferences to improve functionality and services (Art. 6(1)(f) of the General Data Protection Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Administrator).
6.1.3 For purposes related to establishing, investigating, or defending against claims regarding the protection of the rights and economic interests of the Administrator (Art. 6(1)(f) of the General Data Protection Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Administrator).
6.1.4 For marketing purposes of the Administrator and other entities, especially in the scope of behavioral advertising, with principles described in detail below (Art. 6(1)(f) of the General Data Protection Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Administrator).
6.2. Your activity on the Service and personal data are recorded in system logs, i.e., a program used to store records of actions and events related to the information system. This information is processed mainly for the purpose of providing services, as well as for technical and administrative purposes, to ensure the security and management of the information system, and for analytical and statistical purposes. The legal basis for this processing is the legitimate interest of the Administrator (Art. 6(1)(f) of the General Data Protection Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Administrator).
7. Registration and Account Management
7.1 Individuals who register on the Service are asked to provide data necessary to create and manage an account. To facilitate account management, you may provide additional data, thereby consenting to its processing. Such data can be deleted at any time. Providing data marked as mandatory is required to create and manage an account, and failure to provide it results in the inability to create an account. Providing other data is voluntary. Data collected in this way is processed for the purposes described below:
7.1.1 To provide services related to the operation and management of the account on the Service in the case of mandatory data provided (Art. 6(1)(b) of the General Data Protection Regulation - processing is necessary for the performance of a contract).
7.1.2 To provide services related to the operation and management of the account on the Service in the case of optional data provided (Art. 6(1)(a) of the General Data Protection Regulation - based on consent).
7.1.3 For analytical and statistical purposes, primarily to conduct analyses of user activity on the Service and account usage, as well as user preferences to improve the applied functionalities (Art. 6(1)(f) of the General Data Protection Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Administrator).
7.1.4 For purposes related to establishing, investigating, or defending against claims regarding the protection of the rights and economic interests of the Administrator (Art. 6(1)(f) of the General Data Protection Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Administrator).
7.1.5 For marketing purposes of the Administrator and other entities, as further described in the subsequent part of the Privacy Policy.
7.2 You can also log in to your account on the Service via the Facebook social media platform. In this case, the Service will only retrieve from your social media account the data necessary for registration and account management. The scope of your data to which we will have access will be indicated in the message displayed along with the request to continue logging in. Continuing the login process will mean transferring the indicated data to our Service. Facebook will remember your choice, and in the case of logging in through this platform again, the message will not be displayed again. Detailed information about the scope and purposes of data processing by the platform, as well as related rights and configuration options for privacy protection, are described in the Facebook Privacy Policy.
7.3 You can also log in to your account on the Service via your Apple ID. In this case, the Service will only retrieve from your Apple service account the data necessary for registration and account management. The scope of your data to which we will have access will be indicated in the message displayed along with the request to continue logging in. Continuing the login process will mean transferring the indicated data to our Service. Detailed information about the scope and purposes of data processing by Apple Inc., as well as related rights and configuration options for privacy protection, are described in the Apple Privacy Policy.
7.4 You can also log in to your account on the Service via your Google account. In this case, the Service will only retrieve from your Google account the data necessary for registration and account management. The scope of your data to which we will have access will be indicated in the message displayed along with the request to continue logging in. Continuing the login process will mean transferring the indicated data to our Service. Google will remember your choice, and in the case of logging in through this platform again, the message will not be displayed again. Detailed information about the scope and purposes of data processing by the platform, as well as related rights and configuration options for privacy protection, are described in the Google Privacy Policy.
7.5 If any User posts any personal data of other individuals (including their name, address, telephone number, or email address) on the Service, they may do so only if it does not violate the law and the personal rights of those individuals.
8. Placing Orders
8.1 When you place an order for products or services offered on the Service, your personal data is processed. It is necessary to provide data marked as required so that we can accept and fulfill your order. Failure to provide this data will prevent the order from being fulfilled. Providing additional data is optional. Data collected in this way is processed for the purposes described below:
8.1.1 For the purpose of fulfilling your order, where data processing is necessary for the performance of a contract in the case of mandatory data provided (Art. 6(1)(b) of the General Data Protection Regulation - processing is necessary for the performance of a contract).
8.1.2 For the purpose of fulfilling your order, where data processing is necessary for the performance of a contract in the case of optional data provided (Art. 6(1)(a) of the General Data Protection Regulation - based on consent).
8.1.3 To fulfill legal obligations imposed on the Administrator, mainly related to tax and accounting regulations, based on its legal obligation (Art. 6(1)(c) of the General Data Protection Regulation - processing is necessary to fulfill a legal obligation incumbent on the Administrator).
8.1.4 For analytical and statistical purposes, where the legal basis is the legitimate interest of the Administrator aimed at analyzing user activity and their purchasing preferences to improve the functionality of the service (Art. 6(1)(f) of the General Data Protection Regulation - processing is necessary for the purposes of the legitimate interests pursued by the Administrator).
8.1.5 For the purposes of establishing, investigating, or defending against claims regarding the protection of the rights and economic interests of the Administrator (Art. 6(1)(f) of the General Data Protection Regulation - processing of data is necessary for the purposes of the legitimate interests pursued by the Administrator).
9. Complaints and Returns
9.1 Submitting complaints or making returns requires the processing of your personal data. Completing the complaint form is not obligatory but may be useful for proper consideration of your case. Also, providing data in the return form is not required but is necessary for effective resolution. Data collected in this way is processed for the purposes described below:
9.1.1 For the purpose of resolving the submitted complaint due to the provisions on liability for defects (non-conformity of the goods with the contract) or based on the manufacturer's warranty (Art. 6(1)(c) of the General Data Protection Regulation - processing of data is necessary to fulfill a legal obligation incumbent on the Administrator).
9.1.2 To handle returns due to the legal obligation arising from consumer rights (Art. 6(1)(c) of the General Data Protection Regulation - processing of data is necessary to fulfill a legal obligation incumbent on the Administrator).
9.1.3 To handle returns in the case of withdrawals based on the right to withdraw from the contract or based on offers from the Service (Art. 6(1)(b) of the General Data Protection Regulation - processing of data is necessary for the performance of a contract).
9.1.4 To fulfill legal obligations imposed on the Administrator, mainly related to tax and accounting regulations, based on its legal obligation (Art. 6(1)(c) of the General Data Protection Regulation - processing of data is necessary to fulfill a legal obligation incumbent on the Administrator).
9.1.5 For analytical and statistical purposes, where the legal basis is the legitimate interest of the Administrator aimed at analyzing user activity and their purchasing preferences to improve the functionality of the service (Art. 6(1)(f) of the General Data Protection Regulation - processing of data is necessary for the purposes of the legitimate interests pursued by the Administrator).
9.1.6 For the purposes of establishing, investigating, or defending against claims regarding the protection of the rights and economic interests of the Administrator (Art. 6(1)(f) of the General Data Protection Regulation - processing of data is necessary for the purposes of the legitimate interests pursued by the Administrator).
10. Contact Form
10.1 We offer the possibility of contacting us using a contact form. Using the form requires providing personal data necessary to contact you and respond to your inquiries. Providing data marked as necessary is required for us to accept and address your inquiry. Failure to provide this data will prevent us from handling your request. Providing additional information is optional. Data collected in this way is processed for the purposes described below:
10.1.1 Identification and handling of your inquiry submitted via the available form to address the reported issue and conduct correspondence within the business activities of the Administrator (Art. 6(1)(f) of the General Data Protection Regulation - processing of data is necessary for the purposes of the legitimate interests pursued by the Administrator).
10.1.2 For analytical and statistical purposes, where the legal basis is the legitimate interest of the Administrator aimed at analyzing user activity and their purchasing preferences to improve the functionality of the service (Art. 6(1)(f) of the General Data Protection Regulation - processing of data is necessary for the purposes of the legitimate interests pursued by the Administrator).
11. Geolocation
11.1 We process data regarding your location to enable you to find the nearest pick-up points. Using this option is completely voluntary and is not required for the effective use of the Service. Your consent to the processing of location data expressed in your internet browser or application, expressed by granting access to the location services of your mobile device, constitutes the legal basis for this processing. Location data is processed only when you give consent, which you can withdraw at any time by revoking the application's permissions for access to location data on your device. Withdrawal of consent does not affect the legality of processing based on consent before its withdrawal (Art. 6(1)(a) of the General Data Protection Regulation - based on consent).
12. Marketing and Promotion
12.1 We process your personal data for marketing purposes, which may include the following forms:
12.1.1 Presenting you with marketing content tailored to your preferences (behavioral advertising).
12.1.2 Conducting direct marketing activities, including sending electronic commercial information and conducting telemarketing activities.
12.2 As part of our marketing and advertising activities, we sometimes use profiling, which means automatic processing of your data to assess some of your characteristics. The purpose of this is to analyze or predict your future actions, preferences, and interests, enabling us to better tailor the presented content to your individual needs.
12.3 Behavioral advertising is based on cooperation with trusted partners to process your personal data, including data collected through cookies and similar technologies, for marketing purposes, which include customizing ads to your preferences. This processing also includes profiling aimed at customizing ads based on your personal data obtained by us and our partners. A list of our trusted partners is available in the further part of the Privacy Policy.
12.4 Upon obtaining your consent, we may use your data for marketing purposes through various channels, such as email (newsletter), MMS/SMS, or telephone contact, as well as direct mail marketing to the address provided to us. The legal basis for this processing is the legitimate interest of the Administrator, which operates in conjunction with your consent to the marketing of our goods and services. Such actions are taken only after obtaining your consent, which you can withdraw at any time. Consent can be revoked by clicking on the link contained in each email message sent with commercial information, by contacting us via email at biuro@onsen.eu, or using the contact form. Withdrawal of consent does not affect the legality of processing that occurred before its withdrawal.
12.5 If you consent to receiving push notifications, you may receive messages on your mobile device and in your internet browser. These may contain marketing content about our offers, services, and promotions. The legal basis for processing your data in this regard is the legitimate interest of the Administrator, based on your consent to receive such notifications. You can withdraw your consent to receive push notifications at any time, which will not affect the lawfulness of processing before its withdrawal. Withdrawal of consent is possible by changing settings in your internet browser or mobile device.
12.6 We promote our products and services using the Google Ads Customer Match tool. This tool allows us to upload an encrypted database of customer email addresses to the Google system to check if there are Google accounts (e.g., on YouTube, Gmail, etc.) registered using these same email addresses. If such addresses are found, Google users may see our ads after logging into their accounts. More information about using customer lists for advertising purposes can be found here: [Google Ads Customer Match](https://support.google.com/google-ads/answer/7474263).
12.7 To increase the accuracy of measuring the effectiveness of our marketing campaigns using Google Ads Customer Match, we also use the available Google tool called Enhanced Conversions. This tool allows us to more accurately measure conversions (e.g., purchases in our online store) using encrypted data, including email addresses, which ensures privacy protection through the use of a one-way encryption algorithm. More information about Enhanced Conversions can be found here: [Enhanced Conversions](https://support.google.com/google-ads/answer/9888656).
12.8 For marketing our products and services, we also use the Facebook Custom Audience tool. It allows us to upload an encrypted database of email addresses to the Facebook system to verify if there are Facebook accounts created using these same addresses. If matching addresses are found, Facebook users may see our ads after logging in. More information about the Facebook Custom Audience tool and creating custom audience groups can be found here: [Facebook Custom Audience](https://www.facebook.com/business/help/341425252616329?id=2469097953376494).
12.9 We process personal data of visitors to our social media profiles, such as Facebook, Instagram, TikTok, LinkedIn, or Pinterest. Detailed information regarding the processing of this personal data is available in our [Transparency Policy](https://onsen.eu/polityka-transparentnosci).
13. Cookies
13.1 Cookies are small text files stored on devices used to browse the Service. They facilitate the use of the Service, for example, by remembering user visits and actions. Our cookies are safe for the user's device and cannot be a source of viruses or unwanted software. They enable the identification of the software used and customization of the Service to the individual needs of each user. We use various types of cookies listed below:
13.1.1 Necessary cookies are essential for the proper functioning of the Service, enabling secure transactions, remembering logged-in users, or automatically completing address data during purchases. Blocking them may disrupt the functioning of the Service.
13.1.2 Analytical cookies are used to analyze user behavior and improve the functionality of the Service. Data collected by these cookies is anonymous.
13.1.3 Personalization cookies analyze user behavior and purchasing preferences, helping to tailor product offers and improve the functionality of the Service.
13.1.4 Advertising cookies enable the customization of displayed ads to user preferences, including enabling behavioral advertising.
13.2 Cookies are divided into session cookies, which are deleted after closing the browser, and persistent cookies, which are stored on the device until they are deleted or for up to 60 days from insertion.
13.3 The Service requires the use of only necessary cookies. For other types of cookies, the user has the option to consent to their use. Managing consents for various types of cookies is possible at any time through the tool available on the Service.
13.4 Some cookies are placed in our Service by external entities with whom we cooperate. More information about these cookies and the rules of their processing is available in the privacy policies of individual partners. The current list of our partners, along with the types of cookies and their duration of operation, can be found below:
PARTNER |
TYPE |
DURATION |
Google Ads |
Advertisement |
60 days |
Google Analytics |
Analytics |
60 days |
Google Optimize |
Personalization |
60 days |
Microsoft Ads |
Advertisement |
60 days |
Microsoft Clarity |
Analytics |
60 days |
Pinterest |
Advertisement |
60 days |
LinkedIn |
Advertisement |
60 days |
Facebook |
Advertisement |
60 days |
Instagram |
Advertisement |
60 days |
TikTok |
Advertisement |
60 days |
Opineo |
Advertisement |
60 days |
Ceneo |
Advertisement |
60 days |
FreshMail |
Advertisement |
60 days |
AlleKurier |
Advertisement |
60 days |
14. Collaborating Entities
14.1 We may transfer your Personal Data to entities with whom we cooperate in the provision of our services.
14.2 Depending on the chosen method of delivery or return of purchased goods, we will provide your data necessary for the delivery or return of goods to one of the entities with whom we cooperate in this regard. In case of using geolocation service when searching for stationary delivery points, your personal data will also be transferred to entities providing location services.
14.3 Your data necessary for payment for purchased goods will be transferred to the payment service provider chosen by us, depending on the payment method you choose.
14.4 If you consent to receiving commercial information at the email address or phone number provided by you, we will transfer your data to entities providing commercial information shipping services at our request.
14.5 Your data will also be transferred to entities that process customer personal data on our behalf for hosting the websites of the Store.
14.6 We may also transfer your personal data to other entities with whom we establish cooperation, including legal advisors, tax advisors, as well as those providing accounting, IT, logistics, and marketing services.
14.7 We reserve the right to disclose certain information about our users to competent authorities or other third parties who request access to such information, based on an appropriate legal basis and in accordance with applicable law.
15. Data Retention Period
15.1 The period during which we process your data depends on the type of service offered and the purpose of processing. Typically, data is processed for the duration of the service provision or order fulfillment, until consent is revoked or objection to data processing is made, if processing is based on the legitimate interest of the Administrator.
15.2 The data processing period may be extended if necessary to resolve any claims or defend against them. After this period, data may be stored only to the extent and for the time required by applicable law. Then, the data is permanently deleted or anonymized.
16. Your Rights
16.1 You have a number of rights related to the processing of your personal data, especially those listed below:
16.1.1 Right to be informed about the processing of your personal data, including providing information about the purposes and legal bases of processing, the scope of data held, recipients of the data, and the expected time of their retention.
16.1.2 Right to receive a copy of the processed data, allowing you to obtain a copy of your personal data processed by the Administrator.
16.1.3 Right to rectify data, which allows you to correct inaccuracies or errors in your personal data and supplement data if they are incomplete.
16.1.4 Right to erasure of data ("right to be forgotten"), which allows you to request deletion of data if their processing is no longer necessary for the purposes for which they were collected.
16.1.5 Right to restrict processing, which means ceasing processing of your personal data, except for storage, until any issues regarding processing are resolved.
16.1.6 Right to data portability, allowing you to receive and transfer your data to another data controller in a format that enables computerized reading.
16.1.7 Right to object to data processing for marketing purposes, allowing you to object at any time to the processing of your data for direct marketing purposes.
16.1.8 Right to object to processing based on the legitimate interest of the Administrator, which must be justified by your particular situation.
16.1.9 Right to withdraw consent to data processing at any time, where processing is based on your consent.
16.1.10 Right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates data protection laws.
16.2 Some of the above rights you can exercise independently. If you have an account on the Website, you always have access to your personal data, so you can correct and update it. You can submit a request regarding all of the above rights by contacting us at the email address biuro@onsen.eu, using the contact form provided on the Website, as well as by mail or correspondence to the Administrator's registered office.
16.3 We will make every effort to respond to your request as soon as possible and resolve any doubts regarding the processing of your data. You will receive a response within 30 days of receiving your inquiry from us. If, due to the complexity of the request or a large number of inquiries, we are unable to respond within this period, we will inform you of the need to extend the deadline.
16.4 To confirm your identity, we may ask additional questions. While providing this data is not mandatory, failure to do so may result in refusal to fulfill your request. We may also need more information to fully understand the content of your request.
16.5 You can make a request personally or through an authorized representative. For data security, we recommend using a notarized power of attorney or one issued by a legal advisor or lawyer, which will facilitate the verification of the authenticity of your request.
16.6 If you submit a request electronically, we will respond in the same form, unless you prefer to receive a response through a different channel. In other cases, we will respond in writing. If the short deadline for fulfilling the request precludes a written response, and we have your data enabling electronic contact, we will respond electronically.
16.7 We retain information about the submitted request and the requesting person to provide evidence of compliance with the law and to establish, defend, or assert any claims. The register of requests is stored in a manner ensuring the integrity and confidentiality of the information contained therein.
17. Making Changes
17.1 The policy is regularly reviewed and updated as needed. The latest version of the Policy was approved and has been in effect since February 29, 2024.