Help Center - Privacy Policy

The Controller of your personal data is Tokko company established in Poznan (registered office address: ul.  ul. Romana Dmowskiego 85, 60-204), entered in the register of entrepreneurs of the National Court Register kept by the District Court Poznan, Poznan Commercial Division of the National Court Register under KRS number: 0001069706, with a VAT number: 7792562779, REGON number: 526968131, with a share capital of 5 000 zł (five thousand zlotys) paid in full (hereinafter: "Controller").

In all matters related to the processing of personal data, you can contact the Controller using e-mail - at: contact@tokko.design.

With the Data Protection Officer appointed by the Controller You can contact us using: e-mail - at: contact@tokko.design.

The Controller uses modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter:  "GDPR"), the Act of 10 May 2018 on the protection of personal data and other provisions on the protection of personal data.

To create your profile for marketing purposes and direct marketing tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling them – however, this will not cause any legal effects for you or similarly significantly affect your situation.

The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity in the Store and the data you save on the Account.

The legal basis for the processing of personal data for the above purpose is art. 6 par. 1 lit. f GDPR, according to which the Controller may process personal data to implement his legitimate interest, in this case to conduct marketing activities tailored to the preferences of recipients. Providing the above-mentioned personal data is voluntary, but necessary to achieve the above-mentioned purpose (the consequence of not providing them will be the inability of the Controller to conduct marketing activities tailored to the preferences of recipients).

The Controller will process personal data for the purpose of profiling until an objection is effectively raised or the purpose of processing is achieved.

The recipients of personal data will be the following external entities cooperating with the Controller:

1. hosting company;
2. logistics operator and courier companies;
3. providers of online payment systems;
4. newsletter service provider;
5. companies providing tools for analyzing activity in the Store and directing direct marketing to people using it (m.in. Google Analytics);
6. a company providing accounting services;

In addition, personal data may also be transferred to public or private entities, if such an obligation results from generally applicable law, a final court judgment or a final administrative decision.

In connection with the Administrator's use of services provided by Google LLC, your personal data may be transferred to the following third countries: Great Britain, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia. The basis for the transfer of data to the above-mentioned third countries are:

1. in the case of the United Kingdom, Canada, Israel, Japan and South Korea - decisions of the European Commission stating an adequate level of protection of personal data in each of the above-mentioned third countries;
2. in the case of the USA - Commission Implementing Decision EU 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework;
3. in the case of the Chile, Brazil, Saudi Arabia, Qatar, India, China, Singapore, Taiwan (Republic of China), Indonesia and Australia - contractual clauses ensuring an adequate level of protection, in accordance with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to a Regulation of the European Parliament and of the Council (EU) 2016/679.

You can obtain from the Administrator a copy of the data transferred to a third country.

In connection with the processing of personal data, you have the following rights:

1. the right to information about what personal data concerning you is processed by the Controller and to receive a copy of this data (the so-called right of access). Issuing the first copy of the data is free, for the next one the Controller may charge a fee;
2. if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request its rectification;
3. in certain situations, you can ask the Controller to delete your personal data, e.g. when:
4. the data will no longer be needed by the Controller for the purposes of which he informed;
5. you have effectively withdrawn your consent to the processing of data - unless the Controller has the right to process data on another legal basis; 
6. the processing is unlawful;
7. the need to delete data results from the Controller's legal obligation.
8. if personal data are processed by the Controller on the basis of consent to processing or for the purpose of performing the Agreement concluded with him, you have the right to transfer your data to another Controller;
9. if personal data is processed by the Controller on the basis of your consent to processing, you have the right to withdraw this consent at any time (withdrawal of consent does not affect the lawfulness of processing that was made on the basis of consent before its withdrawal);
10. if you consider that the processed personal data is incorrect, their processing is unlawful, or the Controller no longer needs certain data, you can request that for a specific, necessary time (e.g. checking the correctness of data or pursuing claims) the Controller does not perform any operations on the data, but only stores them;
11. you have the right to object to the processing of personal data whose basis for processing is the legitimate interest of the Controller. In the event of an effective objection, the Controller will cease to process personal data for the above-mentioned purpose;
12. you have the right to lodge a complaint with the President of the Office for Personal Data Protection if you believe that the processing of personal data violates the provisions of the GDPR.

1. The Controller informs that the Store uses "cookies" installed on your end device. These are small text files that can be read by the Controller's system, as well as by systems belonging to other entities whose services are used by the Controller (e.g. Facebook, Google).
2. The Controller uses cookies for the following purposes:
   ensuring the proper operation of the Store – thanks to cookies, it is possible to operate efficiently the Store, use its functions and conveniently move between individual subpages;
   increasing the comfort of browsing the Store – thanks to cookies, it is possible to detect errors on some subpages and their constant improvement;
   creating statistics – cookies are used to analyze how users use the Store. Thanks to this, it is possible to constantly improve the Store and adapt its operation to the preferences of users;
   conducting marketing activities – thanks to cookies, the Controller may direct advertisements tailored to users' preferences.
3. Your Controller can place both permanent and temporary (session) files on your device. Session files are usually deleted when you close the browser, but closing the browser does not delete persistent files.
4. Information about cookies used by the Controller is displayed in the panel located at the bottom of the Store's website. Depending on your decision, you can enable or disable cookies of individual categories (except for necessary cookies) and change these settings at any time.
5. Data collected using cookies do not allow the Controller to identify you.
6. The Controller uses the following cookies or tools using them:

TOOL

SUPPLIER

FUNCTIONS AND SCOPE OF DOWNLOADED DATA

PERIOD OF OPERATION

Necessary cookies

Controller

The operation of these files is necessary for the proper functioning of the Store's website, so you can not disable them. Thanks to these files (collecting, m.in. the IP number of your device), it is possible, m.in. to inform you about cookies operating on the Store's website

most of the necessary cookies are session cookies, but some remain on your device for a period of [...] months or until they are deleted

Google Analytics

Google

This tool allows you to collect statistical data on how customers use the Store, m.in. the number of visits, the duration of visits, the search engine used, location. The collected data helps to improve the Store and make it more friendly to customers.

up to 2 years or until they are removed (whichever occurs first)

Facebook Pixel

Facebook

This tool also allows you to determine that you have visited the Store, to direct ads displayed on Facebook and Instagram social networks to you and measure their effectiveness.

up to 3 months or until they are removed (whichever occurs first)

7. Through most used browsers, you can check whether cookies have been installed on your end device, as well as delete installed cookies and block them from being installed by the Store in the future. Disabling or limiting the use of cookies may, however, cause quite serious difficulties in using the Store, e.g. in the form of the need to log in to each subpage, a longer loading period of the Store's website, restrictions on the use of certain functionalities.

To the extent not regulated by the Policy, generally applicable provisions on the protection of personal data shall apply. 

This policy is effective from 06.05.2024.