Privacy policy

1. General provisions
This Privacy Policy sets out the rules for processing personal data of users of the thermo-sauna.com website. The purpose of this document is to explain what data is collected, how it is used, to whom it may be disclosed, and what rights are granted to visitors of the website. The data controller is Wellness Manufacturing Sp. z z o.o. with its registered office at Os. Przemysłowe 16, 69-100 Słubice in KRS, hereinafter referred to as the Controller.

2. Scope of data collection
Personal data is collected in connection with the use of the website, including when placing orders, sending inquiries via contact forms, subscribing to the newsletter, as well as during browsing of the website. This may include identification data such as name and surname, address details, e-mail address or telephone number, as well as technical data related to the use of the service, including IP address, device type, browser type and information stored in cookies.

3. Purposes of data processing
Personal data is processed for the purpose of providing services through thermo-sauna.com. This includes, in particular, handling orders, fulfilling deliveries, maintaining correspondence with users, enabling registration in the service or newsletter subscription. Data may also be used for marketing purposes if the user has given prior consent, as well as for statistical and analytical purposes related to the operation of the website. In addition, processing may be necessary to comply with legal obligations of the Controller or to protect the Controller’s legitimate interests, such as ensuring the security of services, preventing abuse or pursuing claims.

4. Legal basis for processing
The processing of personal data is carried out in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR). Depending on the circumstances, the legal basis for processing may be the necessity of performing a contract, the user’s consent, legal obligations of the Controller, or the Controller’s legitimate interests.

5. Data recipients
Personal data may be transferred to entities cooperating with the Controller only to the extent necessary to provide services. This concerns in particular courier and transport companies, payment operators, IT and hosting providers, marketing service providers and accounting firms. In each case, the transfer of data takes place in compliance with the law and with the application of appropriate safeguards. Data is not sold or made available to third parties for purposes unrelated to the provision of services.

6. Transfer of data outside the EEA
Where personal data is transferred outside the European Economic Area, the Controller ensures the application of appropriate safeguards provided by law, including standard contractual clauses approved by the European Commission.

7. Data retention period
Personal data is stored for as long as necessary to achieve the purposes for which it was collected. For data related to the performance of a contract, storage lasts for the duration of the contract and the limitation period for claims under civil law. Data processed on the basis of consent is stored until such consent is withdrawn. Accounting and tax documentation is retained for the period required by law.

8. User rights
Each user has the right to access their personal data, to rectify, delete or restrict processing. The user also has the right to data portability and the right to object to processing, in particular to marketing activities. If data is processed on the basis of consent, this consent may be withdrawn at any time without affecting the lawfulness of processing carried out prior to withdrawal. The data subject also has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection, and in France CNIL.

9. Data security
The Controller applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration or destruction. Security procedures have been implemented, including encrypted connections, access control and regular system updates. The Controller undertakes to continuously monitor the level of security and to adapt it to current threats.

10. Changes to the privacy policy
The Controller reserves the right to amend this Privacy Policy in the event of introducing new services, changes in the law, or other circumstances affecting the content of this document. Changes come into effect upon publication of the updated version of the policy on thermo-sauna.com.