Privacy policy

Note: This is an English translation provided for convenience only. The original Polish-language document is the sole legally binding version. In the event of any discrepancy, ambiguity, or conflict between this translation and the Polish original, the Polish original shall prevail and shall be the version relied upon for legal purposes.
§1 Administration of personal data
1. The controller of personal data is Aston Couchman, running a business under the name Supa Paws Aston Couchman, Czarna Rola 21B / 5, 61-625 Poznań. The business is registered in the Central Register and Information on Economic Activity (CEIDG) under NIP: 9721365191, REGON: 541660810.
2. Contact with the person supervising the processing of personal data within the organisation is possible electronically at the e-mail address: info@supapaws.com, in writing to the Administrator's address, or by telephone at 510257400.
3. This Policy contains the rules concerning the processing of personal data by the Administrator on the Website, including the legal bases, purposes, and scope of the processing of personal data, and the rights of data subjects.
4. Personal data is processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official text of the GDPR: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
5. The User's rights are not absolute and do not apply to all personal-data processing operations.
§2 Definitions
1. Administrator - Aston Couchman, running a business under the name Supa Paws Aston Couchman, Czarna Rola 21B / 5, 61-625 Poznań. The business is registered in the Central Register and Information on Economic Activity (CEIDG) under NIP: 9721365191, REGON: 541660810.
2. Personal data - information about an identified or identifiable natural person by reference to one or more special factors determining the physical, physiological, genetic, mental, economic, cultural, or social identity of that person, including the device's IP address, an online identifier, and information collected via cookies and other similar technology.
3. Policy - this Privacy Policy.
4. Cookie Policy – the document setting out the rules for the use of cookies on the Website, available at: https://supapaws.com/pages/cookie-policy.
5. Profiling - automated processing of personal data consisting of analysing and predicting user behaviour.
6. GDPR / GDPR Regulation - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
7. Website - the website operated by the Administrator at supapaws.com.
8. User - any natural person visiting the Website or using one or more of the services or functionalities described in the Policy.
§3 Security
1. The Administrator has implemented appropriate technical and organisational measures ensuring the security of personal-data processing, and in particular is responsible for and ensures that the data it collects is:
● processed lawfully;
● collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;
● substantively correct and adequate in relation to the purposes for which it is processed;
● stored in a form permitting identification of the data subjects for no longer than is necessary to achieve the purpose of the processing; and
● processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, by means of appropriate technical or organisational measures.
§4 Purposes and legal bases for processing data
1. On the basis of Article 6(1)(a) of the GDPR (consent), personal data may be processed for the purposes of:
● Retargeting and behavioural advertising, including displaying personalised advertisements based on the user's activity history on the Website and on other websites. Processing of data for these purposes takes place solely on the basis of the User's consent expressed in the cookie banner. Data may be collected
via cookies and similar technologies, in accordance with the Cookie Policy.
● Sending the Newsletter.
● Saving data in cookies in accordance with the Cookie Policy available at:
https://supapaws.com/pages/cookie-policy.
● Providing and maintaining a user account on the Website.
● Marketing of products and services of the Administrator's partners.
● Contacting for marketing purposes via electronic means of communication (e-mail, telephone, SMS).
2. On the basis of Article 6(1)(b) of the GDPR (performance of a contract), personal data may be processed for the purposes of:
● Managing the user account.
● Performance of a sales contract or a contract for the provision of a Service, including order handling, payment processing, and delivery.
● Taking action at the request of the data subject prior to entering into a contract.
● Exercising rights arising from the contract, in particular regarding warranty, complaints, and withdrawal from a distance contract.
3. On the basis of Article 6(1)(c) of the GDPR (legal obligation on the Administrator), personal data may be processed for the purposes of:
● Issuing and storing invoices and receipts, and fulfilling obligations arising from tax and accounting law.
● Fulfilling obligations arising from personal-data-protection regulations, including maintaining required documentation.
● Cooperating with law-enforcement authorities and other authorised public institutions to the extent resulting from legal provisions.
4. On the basis of Article 6(1)(f) of the GDPR (Administrator's legitimate interest), personal data may be processed for the purposes of:
● Operating the supapaws.com Website.
● Saving data necessary for the proper functioning of the Website in cookies in accordance with the Cookie Policy.
● Managing accounts on Meta and TikTok and interacting with Users of those platforms.
● Ensuring the security of the Website, preventing abuse, and ensuring its proper functioning.
● Keeping statistics and analysing traffic on the Website (to the extent permissible without consent).
● Moderating content and enforcing the rules for using the Website.
● Direct marketing of the Administrator's products and services.
● Establishing, pursuing, or defending claims.
● Contacting the User on matters other than marketing requiring consent.
5. Personal data may also be processed for other purposes if the Administrator has an appropriate legal basis for doing so, in particular arising from Article 6 of the GDPR, provided that such purpose does not infringe the rights and freedoms of the User. In such a case, the User will be informed of the new purpose of processing
before the processing for that purpose begins.
§5 Profiling
1. The Administrator uses profiling for marketing purposes, consisting of analysing the User's activity on the Website using cookies and similar technologies.
2. Profiling may include:
● personalisation of advertisements based on browsing history,
● analysis of the User's interactions with content on the Website,
● adjustment of displayed advertising content on external services (e.g. Google Ads, Facebook).
3. Profiling takes place solely on the basis of the User's consent.
4. Profiling does not produce legal effects for the User, nor does it similarly significantly affect their situation.
5. The User may withdraw consent to profiling at any time by changing settings or by contacting the Administrator at the e-mail address: info@supapaws.com.
§6 Period of processing of Personal data
1. The period during which the Administrator processes data depends on the type of service provided and the purpose of the processing. As a rule, data is processed for the duration of the service provision, until consent is withdrawn, or until an effective objection is raised to the processing of data in cases where the legal basis for the
processing is the Administrator's legitimate interest.
2. The processing period may be extended where processing is necessary to establish and pursue possible claims or to defend against claims, and after that time only to the extent and for as long as required by law. After the processing period has elapsed, data is irreversibly deleted or anonymised.
3. Detailed data-retention periods depending on purpose, e.g.:
● Data related to the performance of a contract – stored for the duration of the contract, and then until the limitation period for claims expires (3 or 6 years).
● Accounting and tax data – stored for the period required by tax law (currently 5 years).
● Data obtained on the basis of consent given – stored until the consent is withdrawn.
● Data related to user enquiries – stored for a period of up to 12 months from the end of the correspondence.
§7 User's rights
1. With regard to their personal data, the User has the following rights:
● access to their personal data,
● rectification of personal data at any time,
● erasure of their personal data at any time,
● obtaining a copy of their data,
● restriction of the processing of personal data,
● objection to the processing of personal data,
● data portability,
● withdrawal of consent; withdrawal of consent does not affect the lawfulness of processing carried out before it was withdrawn,
● objection to the processing of personal data on the basis of the Administrator's legitimate interest for marketing purposes, direct marketing, and for purposes other than marketing,
● lodging a complaint with the supervisory authority.
2. To exercise the above rights, the User may contact the Administrator by sending a message to the e-mail address info@supapaws.com or correspondence to the Administrator's registered address. The Administrator undertakes to process the request within 30 days of its receipt.
3. In certain cases, the Administrator may refuse to fulfil the User's request if legal provisions impose an obligation to continue processing the data.
§8 Recipients of personal data
1. In order to properly operate the Website, the Administrator transfers the User's personal data to other external entities, in particular: a hosting company, an IT company, courier companies, payment operators, a postal operator, law and debt-collection firms, accounting firms, insurers, banks, marketing companies, business
partners and suppliers, a mailing system, cloud-service providers, CRM and ERP systems, and analytics-service providers. Hosting company, courier companies, payment operators: packing company As You Wish Sp. z o.o.,
and courier: DPD.
2. The Administrator reserves the right to disclose personal data where this results from applicable law, including the obligation to provide information to the relevant administrative authorities or law-enforcement authorities.
§9 Transfer of personal data outside the EEA
1. The level of protection of Personal data outside the European Economic Area (EEA) may differ from that guaranteed by European law. For this reason, the Administrator transfers Personal data outside the EEA in the
following cases:
● Where necessary for the performance of a contract.
● Where the Administrator uses technology and infrastructure providers from outside the EEA, such as, among others: providers of marketing, analytics, and advertising services, cloud services, and CRM systems.
2. The Administrator ensures an adequate level of protection, in particular by:
● cooperating with entities processing Personal data in countries for which the European Commission has issued a relevant adequacy decision confirming an adequate level of protection of Personal data;
● applying binding corporate rules approved by international certification standards and the competent supervisory authority;
● applying standard contractual clauses issued by the European Commission pursuant to Art. 46 of the GDPR.
Personal data may also be transferred outside the EEA on the basis of the User's consent. The User is informed of this beforehand.
§10 Security of Personal data
1. The Administrator continuously carries out risk analysis to ensure that Personal data is processed by it in a secure manner. Through its actions, it ensures above all that only authorised persons have access to the data, and only to the extent necessary for the tasks they perform.
2. The Administrator is obliged to take all legally permissible steps to ensure that all operations on Personal data are logged and carried out only by an authorised entity.
3. The Administrator is also obliged to ensure that other entities cooperating with the Administrator guarantee the application of appropriate security measures whenever they process Personal data on the Administrator's behalf.
4. The Administrator applies technical safeguards such as encryption of data transmission (SSL/TLS), restriction of access to systems, and procedures to protect against unauthorised access to data.
§11 Changes to the Privacy Policy
1. The Policy is reviewed and updated on an ongoing basis.
2. The current version of the Policy was adopted and has been in force since 2026-07-01.
The legal compliance of this document is guaranteed by the lawyers of Kancelaria KZ.