Privacy Policy

Privacy Policy of the https://ts2.store/en/ Online Store

1. Data Controller

The controller of personal data processed in connection with the operation of the https://ts2.store/en/ online store is:

TS2 SPACE limited liability company
Aleje Jerozolimskie 65/79, unit 15.03
00-697 Warsaw, Poland
KRS: 0000635058
NIP: 7010612151
REGON: 365328479
e-mail: [email protected]
phone: +48 22 364 58 00

This privacy policy explains what personal data we process, for what purposes, on what legal grounds, to whom we may transfer it, and what rights are granted to data subjects.

2. Contact regarding personal data

For matters concerning personal data, you can contact the Controller:

  • by e-mail: [email protected],
  • in writing: TS2 SPACE sp. z o.o., Aleje Jerozolimskie 65/79, unit 15.03, 00-697 Warsaw, Poland.

3. Key principles of data processing

  1. We process data lawfully, fairly, and transparently.
  2. We collect data only for specific and legitimate purposes.
  3. We do not require data that is not necessary for the operation of the store, orders, payments, delivery, complaints, or legal obligations.
  4. We store data only as long as necessary or required by law.
  5. We apply appropriate technical and organizational measures to protect data.

4. What data we may process

Depending on how you use the store, we may process the following categories of data:

  • identification data: first name, last name, company name, NIP (tax ID), entity identification number if required for invoicing or order processing,
  • contact data: e-mail address, phone number, delivery address, billing address,
  • customer account data: login, e-mail address, order history, data provided in the account,
  • order data: products, order value, currency, payment method, delivery method, order status, correspondence regarding the order,
  • payment data: payment status information, transaction ID, data required by payment operators; as a rule, we do not store full payment card details,
  • complaint and return data: description of the claim, documents, photos, correspondence, bank account number for refunds if needed,
  • technical data: IP address, cookie identifiers, device type, browser type, operating system, activity data on the website, server logs,
  • data related to export, sanctions, customs, or telecommunications restrictions if necessary to assess the possibility of fulfilling the order.

We do not collect PESEL numbers for regular orders unless exceptionally required by law or necessary for a specific procedure.

5. Purposes, legal bases, and data retention periods

Purpose of processingLegal basisRetention period
Order processing, conclusion and performance of the sales contract Art. 6(1)(b) GDPR for the duration of the contract, then for the period of limitation of claims
Customer account management Art. 6(1)(b) GDPR for the duration of the account, then for the period necessary to secure claims or fulfill legal obligations
Payment processing Art. 6(1)(b) and (f) GDPR for the duration of payment processing, then for the period required for settlements, complaints, and claims
Order delivery Art. 6(1)(b) GDPR for the duration of delivery, then for the period of limitation of claims
Issuing and storing invoices and accounting documents Art. 6(1)(c) GDPR for the period required by tax and accounting regulations
Handling complaints, returns, and withdrawal from the contract Art. 6(1)(b), (c), and (f) GDPR for the duration of handling the claim, then for the period of limitation of claims
Contact with the customer or person interested in the offer Art. 6(1)(f) GDPR for the duration of correspondence, then for the period needed to secure claims
Ensuring store security, log management, and fraud prevention Art. 6(1)(f) GDPR for the period necessary to ensure security, detect abuse, and pursue claims
Store analytics and functionality improvement Art. 6(1)(f) GDPR or Art. 6(1)(a) GDPR if consent is required until cookies expire, consent is withdrawn, or a valid objection is raised
Marketing of own products or services, if conducted Art. 6(1)(f) GDPR or Art. 6(1)(a) GDPR if consent is required until consent is withdrawn or a valid objection is raised
Verification of export, sanctions, customs, or legal restrictions Art. 6(1)(c) and (f) GDPR for the period necessary to fulfill legal obligations, document compliance, and secure claims

6. Is providing data mandatory

  1. Providing data is voluntary, but some data is necessary to place and process an order, create an account, make a payment, arrange delivery, issue an invoice, or handle a complaint.
  2. Failure to provide data required for a given purpose may prevent the provision of the service, order fulfillment, or response.
  3. Providing data for marketing purposes is voluntary and requires consent if required by law.

7. Data recipients

We may transfer personal data to entities that help us operate the store and fulfill orders, in particular:

  • courier, postal, shipping, and logistics companies,
  • payment operators, banks, and financial service providers,
  • hosting providers, IT infrastructure, store systems, and security tools,
  • e-mail providers and communication tool providers,
  • accounting office, tax advisors, legal advisors, and auditors,
  • manufacturers, distributors, warranty services, and satellite service operators if needed for order fulfillment, activation, complaints, or warranty,
  • public authorities, courts, offices, services, or other authorized entities if required by law.

These entities process data based on appropriate agreements or as independent controllers, depending on the nature of the services they provide.

8. Transfer of data outside the European Economic Area

  1. Some data may be transferred outside the European Economic Area, especially when we use global providers of IT, payment, analytics, hosting, communication, manufacturers, satellite operators, or logistics companies.
  2. Data transfer outside the EEA takes place only when there is an appropriate legal basis, in particular a European Commission decision on adequate protection, standard contractual clauses, additional safeguards, or another basis provided for in the GDPR.
  3. The data subject may obtain more information about the safeguards applied by contacting the Controller.

9. Rights of data subjects

The data subject has rights specified in the GDPR, in particular:

  • the right to access data,
  • the right to rectify data,
  • the right to erase data,
  • the right to restrict processing,
  • the right to data portability,
  • the right to object to data processing,
  • the right to withdraw consent at any time if data is processed on the basis of consent,
  • the right to lodge a complaint with the President of the Personal Data Protection Office.

Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

10. How to exercise your rights

  1. To exercise your rights, you can contact the Controller at [email protected].
  2. The Controller will respond to the request without undue delay, no later than within one month of receiving it.
  3. If necessary, due to the complexity of the request or the number of requests, the response time may be extended by a further two months. The Controller will inform the requester of this.
  4. The Controller may ask for additional information needed to confirm the identity of the requester.

11. Cookies and similar technologies

  1. The store uses cookies and similar technologies.
  2. Cookies are small files saved on the user's device when using the website.
  3. We use cookies necessary for the operation of the store, in particular for cart handling, login, user session, security, and remembering settings.
  4. We may also use analytical, functional, and marketing cookies if the user gives consent or if regulations allow their use without consent.
  5. The user can manage cookie consents via a banner or cookie settings panel if such a panel is available in the store.
  6. The user can also restrict or delete cookies in the web browser settings. Restricting necessary cookies may affect the operation of the store.

12. Analytics, advertising, and external tools

  1. The store may use analytical, advertising, and security tools provided by third parties, in particular tools from Google, Meta, payment operators, hosting providers, anti-fraud systems, and tools for measuring the effectiveness of marketing activities.
  2. The scope of such tools depends on the store's configuration and the consents given by the user.
  3. If external tools use cookies or similar technologies for purposes other than necessary, they are activated after obtaining the required consent.
  4. Providers of external tools may process data in accordance with their own privacy policies if they act as independent controllers.

13. Newsletter and customer reviews

  1. The store does not operate a newsletter under this privacy policy.
  2. The store does not publish customer reviews of products.
  3. If a newsletter, review system, loyalty program, or similar function is launched in the future, the Controller will appropriately update the privacy policy or publish additional information about data processing.

14. Social media

  1. The store may contain links to the Controller's profiles on social media or allow access to such services.
  2. After clicking a link to an external service, the user is redirected to a site managed by another entity, which may process data in accordance with its own privacy policy.
  3. The Controller is not responsible for the privacy policies of external websites.

15. Automated decision-making and profiling

  1. Data may be used for basic analytics or tailoring marketing content if the user has given appropriate consent or if permitted by law.
  2. The Controller does not make decisions affecting users legally or similarly significantly solely in an automated manner.

16. Data security

  1. The Controller applies technical and organizational measures appropriate to the risk, in particular securing access to systems, encrypting transmissions, access control, backups, and procedures limiting access to data.
  2. Only persons and entities who need access to perform specific tasks have access to the data.
  3. The Controller regularly analyzes the applied safeguards and adjusts them to the nature of the processed data and risks.

17. Changes to the privacy policy

  1. The Controller may change the privacy policy, in particular in the event of changes in the law, the way the store operates, tools used, service providers, or the scope of data processing.
  2. The current version of the privacy policy is available on the store's website.
  3. If the change is significant for customers with an account, the Controller may inform them of the change in an appropriate way, for example by e-mail or a notice in the store.

18. Final provisions

  1. In matters not regulated by this privacy policy, the GDPR and relevant provisions of Polish law and European Union law apply.
  2. The privacy policy constitutes information on the processing of personal data in the https://ts2.store/en/ online store.