Home Privacy Policy

Privacy Policy

Document version: 1.1 dated 09.04.2026

VersionDateChanges
1.001.04.2026First publication
1.109.04.2026Added section on Google Reviews



Privacy and Cookie Policy
Magemar Polska Sp. z o.o.

  1. Who is the controller of your personal data
    The controller of your personal data is Magemar Polska Sp. z o.o., registered at ul. Bytomska 7, 70-603 Szczecin, Poland, tel. +48 669 331 331, e-mail: of****@*********om.pl.

    This means that we decide the purposes and means of processing your data when you use our website, contact form, e-mail, telephone, or our social media profiles.

    For matters related to personal data protection, you may contact our Data Protection Officer: Tomasz Łubiński, tel. 508 242 606.
  2. Why we have prepared this document
    This Policy explains what happens to your personal data when you visit our website, send a message via the contact form, contact us by phone or e-mail, or interact with our social media profiles.

    The GDPR requires that the data subject receives clear information about, among other things, the controller, purposes of processing, legal bases, recipients of data, retention periods, and their rights. In the case of cookies and similar technologies, additional rules stem from the Electronic Communications Law: the user should be informed in advance in an unambiguous, easy and understandable way about the purpose of storing or accessing information on their device, and as a rule should also give consent.
  3. When this Policy applies
    This Policy applies when you:
    use our website,
    browse its subpages,
    fill in the contact form,
    send us an e-mail,
    contact us by phone,
    interact with our social media profiles,
    give or refuse consent to certain cookies.
  4. What data we may process
    Depending on how you use our website or contact us, we may process in particular:
    your name and surname,
    e-mail address,
    telephone number,
    company name, if you provide it,
    the content of a message sent via the form or e-mail,
    contact and correspondence data,
    IP address,
    approximate technical data concerning your device, operating system, browser and browsing behaviour,
    information stored in cookies or similar technologies.

    We do not always process the full scope of data listed above. The scope depends on which features of the website you use and what data you voluntarily provide.
  5. The purposes for which we process data

    5.1. Responding to a message from the contact form or e-mail

    If you send us a message, we process your data in order to receive it, read its content, reply to you, and carry on further correspondence regarding the matter you raised.

    The legal basis for such processing is most often our legitimate interest, namely the ability to handle correspondence and respond to persons who initiate contact themselves.

    If your message concerns the conclusion of a contract or pre-contractual steps, the legal basis may also be the necessity to take steps at your request prior to entering into a contract, pursuant to Article 6(1)(b) of the GDPR.

    5.2. Telephone contact

    If you call us or ask us to contact you by phone in connection with your enquiry, we may process your phone number and information provided during the call in order to handle the matter, provide a response, or continue contact related to your enquiry.

    If telephone contact is solely related to handling your enquiry, it is not based on a marketing consent but on the basis connected with handling the enquiry or our legitimate interest. The situation is different when a phone number is to be used for marketing purposes — in that case a separate consent required by electronic communications regulations is necessary. Under the Electronic Communications Law, using terminal equipment or automated calling systems to send commercial information without prior consent is subject to sanctions.

    5.3. Direct marketing

    If we wish to use your data for direct marketing purposes, e.g. sending commercial information by e-mail or making marketing phone calls, we will do so on an appropriate legal basis and — where required — only after obtaining prior consent.

    We do not currently run a newsletter or any marketing activities using advertising pixels (Meta Pixel, TikTok Pixel).

    The GDPR permits direct marketing as a possible legitimate interest of the controller, but the data subject has a particularly strong right to object to processing of their data for direct marketing purposes.

    5.4. Operating the website and ensuring its security

    When you visit the website, technical data may be processed, such as IP address, date and time of the request, browser and operating system information, or technical errors.

    The website is hosted on servers of an external hosting provider: ADMIN.NET.PL S.C. (mydevil.net).

    Such data is necessary, among other things, for the correct display of the website, connection handling, error diagnostics, abuse detection, and ensuring system security.

    5.5. Analytics and improving the website

    The website is planned to use Google Analytics, a tool that enables analysis of how the website is used (e.g. subpages visited, time spent on the site).

    Additionally, the website uses or will use embedded external content:

    Google Maps (map on the contact subpage),
    YouTube (embedded video material).

    If such technologies are not essential to the operation of the website, their use requires prior user notification and, as a rule, their consent (e.g. via a cookie banner).

    Google Analytics may use mechanisms that limit user identification, such as IP address anonymisation.
  6. The legal basis on which we process data
    Depending on the situation, the legal basis for processing may be:
    Article 6(1)(b) GDPR – when processing is necessary to take steps prior to entering into a contract or to perform a contract,
    Article 6(1)(c) GDPR – when processing is necessary to comply with a legal obligation,
    Article 6(1)(f) GDPR – when processing is necessary for the purposes of the legitimate interests of the controller, e.g. handling correspondence, defending against claims, ensuring website security,
    Article 6(1)(a) GDPR – when we ask for your consent, e.g. for certain cookies or the use of analytical tools (e.g. Google Analytics) and embedded content (e.g. YouTube, Google Maps).

    In the area of cookies and similar technologies, Articles 399–400 of the Electronic Communications Law are also relevant. According to these provisions, the user should be informed in advance in a clear, easy and understandable way about the purpose of storing or accessing information on their device, the possibility of specifying conditions for such actions in software settings, and as a rule should thereafter give consent. An exception applies to solutions necessary for transmitting a communication or delivering a service requested by the user.
  7. Whether providing data is mandatory
    Providing data is, as a rule, voluntary, but in practice some data may be necessary to handle your matter.

    For example:
    if you do not provide an e-mail address or phone number, it may not be possible to reply to your message,
    if you do not consent to certain non-essential cookies (e.g. analytical or embedded content-related), the website will still function, but statistical features and some external elements (e.g. Google Maps or YouTube) will not be active.
  8. How long we retain data
    We do not retain data for longer than is necessary for the purpose for which it was collected.

    In practice this means that:
    data from the contact form and correspondence (stored in the WordPress database via the Flamingo plugin) is retained for the time necessary to handle the matter, and then for the period necessary to defend against potential claims or demonstrate the course of contact, for no longer than 12 months from the last contact,

    data processed on the basis of consent is retained until the consent is withdrawn or until it is no longer needed for the purpose for which consent was given,

    technical data and server logs are retained for a period justified by security, diagnostics and system administration requirements (hosting: ADMIN.NET.PL S.C. – mydevil.net),

    information stored in cookies is retained for the period specified for a given type of cookie (e.g. Google Analytics up to 2 years, Complianz up to 1 year) or until it is deleted by the user, unless you withdraw your consent earlier.

    The GDPR requires that the data subject be informed of the retention period or the criteria for determining it.
  9. Who may receive your data
    Your data may be shared with entities that support us in operating the website and our business, but only to the extent necessary for the performance of their services. These may include in particular:

    the hosting provider – ADMIN.NET.PL S.C. (mydevil.net),
    the e-mail service provider,
    IT support or website maintenance provider,
    the contact form operator (WordPress / Flamingo),
    providers of analytical tools or external content — Google LLC (Google Analytics, Google Maps, YouTube).

    Where a given entity processes data on our behalf, it should do so on the basis of an appropriate agreement and only in accordance with our instructions. The GDPR distinguishes between the roles of controller and processor and places on the controller the obligation to use processors providing sufficient guarantees of data protection.
  10. Do we transfer data outside the European Economic Area
    As a rule, we seek to limit transfers of data outside the EEA. However, the use of certain online tools and embedded content may result in data being transferred outside the European Economic Area, including to the United States.

    This applies in particular to Google services such as:
    – Google Analytics (planned implementation),
    – Google Maps (embedded map),
    – YouTube (embedded video).

    Where such transfer occurs, it takes place in compliance with GDPR requirements, e.g. on the basis of an adequacy decision or appropriate safeguards such as standard contractual clauses.

    Data transfers related to these services generally take place after user consent has been obtained (e.g. through cookie settings or by playing embedded content).

    The website does not use marketing tools such as Meta Pixel or TikTok Pixel.
  11. What rights you have
    You have the right to:

    access your data,
    receive a copy of your data,
    rectify your data,
    erase your data, where permitted by law,
    restrict processing,
    data portability, where processing is based on consent or a contract and is carried out by automated means,
    object to processing of your data based on our legitimate interest,
    withdraw consent at any time, where processing is based on consent.

    It is particularly important to note that if your data were to be used for direct marketing, you have the right at any time to object to such processing. Once an objection is raised, the data should no longer be processed for that purpose.

    We currently do not carry out direct marketing activities or user profiling.

    You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO). The GDPR grants data subjects the right to lodge a complaint with a supervisory authority; in Poland this authority is the President of the UODO. Contact details of the UODO are published on the authority’s website.
  12. How you can exercise your rights
    For matters concerning personal data, you may contact us in writing, by e-mail or by phone, using the contact details provided at the beginning of this Policy.

    For security purposes, we may ask for additional information needed to verify that it is indeed you making the request. We do this to avoid disclosing data to an unauthorised person.
  13. Cookies and similar technologies
    Cookies are small pieces of information stored on your device, e.g. computer or phone, when you use a website. They allow the website to “remember” certain settings or recognise that a user has previously visited the site.

    Not all cookies work the same way. Some are needed solely for the technical operation of the website. Others are used to measure traffic, remember settings, or display embedded content (e.g. Google Maps or YouTube). The website does not use marketing cookies or advertising tools (e.g. Meta Pixel, TikTok Pixel).

    The Electronic Communications Law provides that storing information or accessing information already stored on a user’s device is permitted if the user has been previously informed in an unambiguous, easy and understandable way about the purpose of such action and the possibility of settings, and has thereafter as a rule given consent. Consent may also be expressed through software settings or service configuration. At the same time, the Act provides an exception for solutions necessary for transmitting a communication or providing a service requested by the user.

    The user may withdraw consent to cookies at any time by changing settings in the cookie banner or in their browser settings. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
  14. What types of cookies may be used

    14.1. Strictly necessary cookies

    These are files needed for the website to function correctly, e.g. to maintain sessions, protect against abuse, remember basic settings or operate the form. They generally do not require separate consent if they are genuinely necessary for delivering the service requested by the user.

    The following are used on the website, among others:

    – wpEmojiSettingsSupports — WordPress
    – adobeCleanFontAdded — WordPress
    – wp-settings-time-1 — WordPress
    – pll_language — Polylang

    14.2. Functional cookies

    These help remember user settings, e.g. preferred language, display preferences or other elements improving the browsing experience.

    This category may also include cookies that remember the user’s choice in the cookie banner (Complianz – cmplz_). Depending on their nature, they may require consent.

    14.3. Analytical or statistical cookies

    These allow us to understand how users interact with the website: which subpages they visit, how much time they spend on the site, which devices they use, and whether errors occur. The website plans to use Google Analytics (ga, _ga* — retention period up to 2 years).

    If not strictly necessary, they should be activated only after user consent. The UODO emphasises that consent to cookies must be informed and based on clear information.

    14.4.Marketing cookies

    These are used to tailor advertisements, measure campaign effectiveness, or link user activity across different services.

    ⚠️ The website does not use marketing cookies or advertising tools (e.g. Meta Pixel, TikTok Pixel).

    14.5. Cookies related to embedded content

    The website uses embedded external content that may store cookies:

    – Google Maps (map on the contact page),
    – YouTube (embedded video: GPS, VISITOR_INFO1_LIVE, YSC, PREF).

    These cookies are loaded as a rule after user consent has been obtained.
  15. How to manage cookies
    During your first visit to the website you may see a cookie banner (Complianz) which allows you to accept all cookies, reject non-essential ones, or manage your settings.

    The banner allows you to reject cookies in the same way as accepting them and blocks cookies requiring consent until it is given.

    Regardless of this, you can usually change your settings later — both in the banner itself and in your browser settings.

    The Electronic Communications Law provides that the user may specify the conditions for storing or accessing information through the settings of software installed on their device or the configuration of the service.

    Disabling certain cookies may cause some features of the website to stop working correctly (e.g. Google Maps or YouTube content).
  16. Contact form
    If you use the contact form, we only ask for data that is necessary to handle your message.

    Data from the form is used solely to contact you in response to your enquiry and to carry on correspondence regarding the same matter.

    Data is stored in the WordPress database (Flamingo plugin) and retained for the period specified in this Policy.

    If the form is used solely to respond to an enquiry, submitting the form does not automatically mean consent to marketing.

    We do not currently carry out marketing activities or run a newsletter.
  17. E-mail and telephone contact
    If you write to us directly at our e-mail address or call us, we process the data contained in the correspondence or provided during the call in order to respond to your message, handle the matter, and maintain a record of contact where necessary for its proper handling.

    Such processing is typically based on our legitimate interest or the need to take steps prior to entering into a contract.
  18. Social media profiles
    We operate profiles on platforms such as Facebook, Instagram and TikTok. If you visit our profiles, react to published content, send a private message or comment on our posts, we may process data visible in your profile and the content of your activity in order to communicate, respond to messages, moderate discussions and promote our activities.

    At the same time, the operators of these platforms process user data under their own terms as set out in their privacy policies. In practice this means that by using our social media profiles, you share data not only with us but also with the operator of the given platform, who acts according to its own rules and may process data for purposes related to, among other things, the operation of the service, security, analytics and advertising. Meta refers to its Privacy Policy and describes its own legal bases for data processing, while TikTok indicates that its privacy policy sets out what personal data it collects and how it uses it. (transparency.meta.com)

    If we use statistical features provided by social media platforms, we may receive aggregate or statistical data concerning the audience of our profile and the effectiveness of our posts. Facebook describes tools such as Insights in Meta Business Suite as serving to understand the results of organic and paid activity on Facebook and Instagram. (web.facebook.com)
  19. Hosting and server logs
    Our website is hosted on a server of an external hosting provider: ADMIN.NET.PL S.C. (mydevil.net).

    Every website needs such technical infrastructure to be accessible on the internet.

    In connection with the use of the hosting service, the server provider may automatically record server logs, i.e. technical information about requests directed to the server. These may include, among other things, IP address, date and time of the request, browser and operating system information, the requested URL, server response status and the amount of data transferred.

    Such information is standardly used for technical purposes, security, abuse detection and problem diagnostics.
  20. Do we use profiling
    As a rule, we do not make decisions about users based solely on automated processing that would produce legal effects or similarly significantly affect them.

    We currently do not apply profiling or use marketing or advertising tools.

    However, should external advertising or marketing tools appear on the website in the future, some data may be used by the providers of those tools for content or advertisement personalisation in accordance with those providers’ policies. In such a case, this section of the Policy should be updated to reflect the tools actually in use.
  21. How we protect data
    We apply technical and organisational measures appropriate to the risk in order to protect data against loss, destruction, unauthorised disclosure, alteration or access by unauthorised persons.

    The GDPR indicates that appropriate security measures may include, among other things, pseudonymisation and encryption, as well as measures to ensure the confidentiality, integrity and resilience of systems. Specific measures are selected based on the type of data, the scale of processing and the level of risk.
  22. User reviews and links to external services (e.g. Google)
    The website or materials made available by the controller (e.g. in the form of QR codes) may contain links leading to external services that allow users to add reviews or ratings of the controller’s business, in particular to Google services (Google Reviews).

    Following such a link results in the user being redirected to an external service. In that case, the operator of that service (e.g. Google LLC) becomes the controller of the personal data, and processing takes place in accordance with the rules set out in that operator’s privacy policy.

    The controller has no influence over the scope and manner of data processing by these entities, including the rules for publishing reviews, moderating them or retaining them.

    Adding a review on an external service is voluntary. Users should read the privacy policy of the relevant provider before using this feature.

    In connection with the use of such services, data may be transferred outside the European Economic Area, in accordance with the rules set out by the operator of the given service.
  23. Changes to the Policy
    We may update this Policy if the law, the way the website operates, the tools used (e.g. introduction of new analytical or functional services) or the scope of services provided changes. The current version will always be published on the website.

    Changes will not restrict users’ rights arising from applicable regulations.
  24. Contact details
    For all matters related to privacy and personal data, you may contact us:

    Magemar Polska Sp. z o.o.
    ul. Bytomska 7
    70-603 Szczecin
    tel. +48 669 331 331
    e-mail: of****@*********om.pl

    Data Protection Officer: Tomasz Łubiński, tel. 508 242 606.