Privacy Policy

Warsaw, June 8, 2025

Privacy policy of the online store at: biowell-labs.pl
Acting in accordance with Art. 13 section 1 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ EU .L.2016.119.1), hereinafter referred to as: "GDPR", Administrator of personal data informs that:
  1. This Privacy Policy defines the rules for the processing of personal data by Personal data administrator (Damian Krawczyk, sole proprietor of a business under the name of: BIOWELL Damian Krawczyk, entered into the Central Registration and Information on Business (CEIDG) kept by the minister responsible for the economy, with its registered office in Warsaw at ul. Krakowska 79, NIP: 5272855706, REGON: 380488671), obtained via the "BioWell" online store (hereinafter referred to as: "Online Store
  2. Personal data collected by Personal data administrator via the Online Store are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/ EC (General Data Protection Regulation) (Journal of Laws EU. L. of 2016, No. 119, p. 1, as amended), as well as the Polish Act of May 10, 2018 on the protection of personal data ( i.e. Journal of Laws of 2019, item 1781).
  3. Administrator of personal data takes special care to respect privacy customers visitors Online shop.
1. Definitions (Glossary of terms) On the basis of this Privacy Policy the indicated concepts should be understood as:
  1. Administrator of personal data– Damian Krawczyk, sole proprietorship under the name: BIOWELL Damian Krawczyk, entered into the Central Registration and Information on Business (CEIDG) kept by the minister responsible for the economy, with its registered office in Warsaw at ul. Krakowska 79, NIP: 5272855706, REGON: 380488671.
  2. Klient – any entity making purchases via the Online Store.
  3. ONLINE SHOP– online store run by the Seller at biowell-labs.pl
  4. A distance contract – a contract concluded with the Customer as part of an organized system for concluding distance contracts (within the Store), without the simultaneous physical presence of the parties, with the exclusive use of one or more means of distance communication up to and including the conclusion of the contract.
  5. Privacy Policy – this Privacy Policy of the biowell-labs.pl website
  6. Order – the Customer's declaration of will submitted using the Order Form and aimed directly at concluding a Product Sales Agreement.
  7. Account - customer account in the Store, it contains data provided by the customer and information about orders placed by him in the store.
  8. Registration form – form available in the Store, enabling the Customer to create an Account.
  9. The order form – an interactive form available in the Store enabling the Customer to place an Order, in particular by adding Products to the Cart and specifying the terms of the Sales Agreement, including the method of delivery and payment.
  10. Cart - an element of the Store's software in which the Products selected for purchase are visible, and it is also possible to determine and modify the given Order, in particular the quantity of products.
  11. Product – movable item/service available in the Store that is the subject of the Sales Agreement.
  12. Newsletter – electronic information bulletin available at biowell-labs.pl
  13. Entrepreneur - a natural person, a legal person and an organizational unit that is not a legal person, the separate law of which grants legal capacity, performs in its own name an economic activity that uses the Store.
  14. Contact form – interactive form available in the Store enabling the Customer to contact the Personal Data Administrator.
2. Type of data processed, purposes and legal basis
  1. Administrator of personal data collects information on natural persons performing a legal transaction not directly related to their business activity, natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organizational units that are not legal persons to which the act grants legal capacity, conducting business activity on their own behalf or professional, hereinafter referred to jointly Customers.
  2. Use of Personal data customers are collected in the event of:
  3. a) Registration Accounts in the Online Store – to create and manage an individual account.
  4. b) Submission Orders in the Online Store – for the purpose of execution Sales contracts.
  5. c) Subscription to the information bulletin (Newsletter) – in order to perform a contract the subject of which is a service provided electronically.
  6. d) Use of the service Contact form – in order to perform a contract provided electronically.
  7. In case of registering an Account in the Online Store, Customer provides your e-mail address.
  8. During registration Accounts in the Customer Online Store independently sets an individual password for access to your account Accounts. Client may change the password at a later date, in accordance with the principles described in §5.
  9. Transfer of personal data Personal data administrator is voluntary when registering an Account in the Online Store, provided that failure to provide the data specified in the forms in the Registration process makes it impossible to Register and set up Customer Account. Legal basis – art. 6 section 1 letter b GDPR - processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract.
  10. When placing an order in Online Store, Customer provides the following data:
  11. a) e-mail address,
  12. b) address details:
  13. post code and city;
  14. country (country);
  15. street and house/apartment number;
  16. d) name and surname;
  17. e) telephone number.
  18. In the case of Entrepreneurs, the above scope of data is additionally extended by:
  19. a) company name Entrepreneurs;
  20. b) NIP number;
  21. Transfer of personal data Personal data administrator is voluntary upon submission Individualw online store, provided that failure to provide the data specified in the forms prevents submission Orders in the Online Store. Legal basis – art. 6 section 1 letter b GDPR - processing is necessary for the performance of a contract to which the data subject is a party, or to take action at the request of the data subject before concluding the contract.
  22. If you use the service Newsletter, Klient he only provides his e-mail address.
  23. Transfer of personal data Personal data administrator is voluntary when using newsletter, with the reservation that failure to provide the data specified in the forms in Newsletter prevents writing to Newsletter and receiving an electronic newsletter. Legal basis – art. 6 section 1 letter b GDPR - processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract.
  24. If you use the service Contact form, customer provides the following data:
  25. a) e-mail address,
  26. b) name and surname.
  27. Transfer of personal data Personal data administrator is voluntary when using Contact form, with the reservation that failure to provide the specified in contact form, makes it impossible to contact this way Personal data administrator. Legal basis – art. 6 section 1 letter b GDPR - processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject before concluding the contract.
  28. When using Web page additional information may be collected, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time and operating system type.
  29. Od customers navigational data may also be collected, including information about the links and references you choose to click or other actions you take in Online Store. Legal basis - legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and in improving the functionality of these services.
  30. For the purpose of determining, pursuing and enforcing claims, some personal data provided by The customer as part of using the functionality in the Online Store, such as: name, surname, data regarding the use of services, if claims result from the way in which Klient uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest (Article 6, paragraph 1, letter f of the GDPR), consisting in the determination, pursuit and enforcement of claims and defense against claims in proceedings before courts and other state authorities.
3. To whom does the Personal Data Administrator share or entrust the data and how long are they stored?
  1. Use of Personal data The customer are transferred to the service providers used Administrator of personal data when driving Online Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to instructions Personal data administrator as to the purposes and methods of processing this data (processors) or independently determine the purposes and methods of processing (controllers):
  2. a) Processors – Administrator of personal data uses suppliers who process personal data only on instructions Personal data administrator. These include, among others: suppliers providing hosting services, accounting services, carriers, providing marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns.
  3. b) Administrators – Administrator of personal data uses suppliers who do not act solely on instructions and determine the purposes and methods of using customers' personal data themselves. They provide electronic payment and banking services.
  4. Use of Personal data customers are stored:
  5. a) If the basis for the processing of personal data is consent The customer – then personal data The customer are processed by Personal data administrator until the consent is revoked, and after the consent is revoked, for a period of time corresponding to the limitation period for claims that may be raised by Administrator of personal data and what may be brought against him. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years.
  6. b) If the basis for data processing is the performance of a contract, then personal data The customer are processed by Personal data administrator for as long as it is necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years.
  7. If you make a purchase in the Online Store, personal data may be transferred, depending on your choice client, the following entities to deliver the ordered goods:
  8. a) the courier company responsible for transport Product do client,
  9. b) Poczta Polska SA with its registered office in Warsaw.
  10. If Klient chooses payment via the Paynow system, his personal data is transferred to the extent necessary for payment via Paynow, which system belongs to Mbank spółka akcyjna, registered office: ul. Prosta 18, 00-850 Warsaw, KRS: 0000025237, NIP: 5260215088, REGON: 001254524.
  11. If Klient will subscribe to the information bulletin (Newsletter) to his e-mail address Administrator of personal data will send electronic messages containing commercial information about promotions and new products available in Online Store.
  12. If a request is made Administrator of personal data provides personal data to authorized state authorities, in particular organizational units of the Prosecutor's Office, the Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
4. Cookies policy
  1. Administrator of personal data I inform that Online shop uses small files called cookies. They are saved by Personal data administrator on the visitor's end device Online shop, if the web browser allows it. Cookies usually contain the name of the domain they come from, their "expiration time" and an individual, randomly selected number identifying the file. The information collected by these types of cookies helps tailor the services offered by you Personal data administrator Products to the individual preferences and actual needs of visitors Online shop, and also provide the opportunity to develop general statistics of visits to the presented products in online shop.
  2. Klient while visiting Web page is informed about collection by Personal data administrator cookies in the form of a message on the website biowell-labs.pl Based on such information Klient decides whether he wants to continue browsing the website and agree to the collection of these files, or whether he prefers to leave the website.
  3. Administrator of personal data uses two types of cookies:
  4. a) Session cookies: after ending the browser session or turning off the computer, the saved information is deleted from the device's memory. The session cookies mechanism does not allow downloading any personal data or any confidential information from computers Customers.
  5. b) Persistent cookies: they are stored in the memory of the end device The customer and remain there until they are deleted or expire. The persistent cookies mechanism does not allow downloading any personal data or any confidential information from the computer Customers.
  6. Administrator of personal data uses its own cookies to:
  7. a) authentication Customer in the Online Store and ensuring the session Customer in the Online Store (after logging in), thanks to which Klient does not have to be on every subpage Online Store re-enter your login and password;
  8. b) analyzes and research as well as audience audits, in particular to create anonymous statistics that help understand how customers they use Web page store, which enables improvement of its structure and content.
  9. Administrator of personal data uses external cookies to:
  10. a) popularization Online Store using the social networking site facebook.com (external cookie administrator: Facebook Inc based in the USA or Facebook Ireland based in Ireland);
  11. b) presenting opinions on websites Online store, which are downloaded from an external website opineo.pl (external cookie administrator: Opineo Sp. z o. o. based in Wrocław).
  12. The cookie mechanism is safe for computers Online Store Customers. In particular, it is not possible to get to computers this way customers viruses or other unwanted software or malware. However, in your browsers customers have the ability to limit or disable access of cookies to computers. If you use this option, the use of Online Store will be possible, except for functions that by their nature require cookies.
  13. Administrator of personal data may collect Customers' IP addresses. The IP address is a number assigned to the computer of a person visiting the Online Store by the Internet service provider. The IP number allows you to access the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes every time you connect to the Internet, and for this reason it is generally treated as non-personal identifying information. The IP address is used by Personal data administrator when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we receive the most visits), as information useful in administering and improving Online Store, as well as for security purposes and the possible identification of unwanted automatic content viewing programs that burden the server Online Store.
  14. Online shop contains links and references to other websites. Administrator of personal data is not responsible for the privacy policies applicable to them.
5. Rights of data subjects Administrator of personal data informs about:
  1. The right to withdraw consent - legal basis: art. 7 section 3 GDPR:
  2. a) Klient has the right to withdraw any consent he has given Personal data administrator at any time.
  3. b) Withdrawal of consent takes effect from the moment of withdrawal of consent.
  4. c) Withdrawal of consent does not affect the processing carried out by Personal data administrator in accordance with the law before its withdrawal.
  5. d) Withdrawal of consent does not result in: The customer no negative consequences, however, it may prevent you from further using services or functionalities that are permitted by law Administrator of personal data can only testify with consent.
  6. The right to object to data processing - legal basis: art. 21 GDPR:
  7. a) Klient has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data, including profiling, if Administrator of personal data processes his data based on legitimate interests, e.g. marketing of products and services Personal data administrator, keeping statistics on the use of individual functionalities of the Online Store and facilitating the use Online Store.
  8. b) Opting out by e-mail from receiving marketing messages regarding products or services will constitute an objection The customer to the processing of his personal data, including profiling for these purposes.
  9. c) If objection The customer will prove to be justified and Administrator of personal data will have no other legal basis for the processing of personal data, personal data The customer towards the processing of which Klient has raised an objection, they will be deleted.
  10. The right to delete data (“right to be forgotten”) – legal basis: Art. 17 GDPR:
  11. a) Klient has the right to request the deletion of all or some of your personal data.
  12. b) Klient has the right to request the deletion of personal data if:
  13. the personal data are no longer necessary for the purposes for which they were collected or processed;
  14. withdrew specific consent, to the extent that personal data were processed based on his consent;
  15. objected to the use of his data for marketing purposes;
  16. personal data is processed unlawfully;
  17. personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which it is subject Personal data administrator,
  18. the personal data has been collected in relation to the offering of information society services.
  19. c) Despite the request to delete personal data in connection with raising an objection or withdrawing consent, Administrator of personal data may retain certain personal data to the extent that processing is necessary for the establishment, exercise or defense of legal claims, as well as for compliance with a legal obligation requiring processing under Union law or the law of the Member State to which it is subject Administrator of personal data. This applies in particular to personal data including: name, surname, e-mail address, which data is retained for the purposes of considering complaints and claims related to the use of services. Personal data administrator, or residential address / mailing address, order number, which data are retained for the purpose of handling complaints and claims related to concluded sales contracts or the provision of services.
  20. The right to limit data processing - legal basis: Art. 18 GDPR:
  21. a) Klient has the right to request restriction of the processing of his personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request. Administrator of personal data it will not send any messages, including marketing ones.
  22. b) Klient has the right to request restriction of the use of personal data in the following cases:
  23. when you question the accuracy of your personal data - then Administrator of personal data will limit their use for the time needed to check the accuracy of the data, but no longer than 7 days;
  24. when data processing is unlawful, and instead of deleting the data Klient requests restrictions on their use;
  25. when personal data are no longer necessary for the purposes for which they were collected or used, but they are still needed To the customer to establish, pursue or defend claims;
  26. when he has objected to the use of his data - then the restriction occurs for the time needed to consider whether - due to the special situation - protection of interests, rights and freedoms The customer outweighs the interests it pursues Administrator of personal data, processing personal data Administrator of personal data
  27. Right to access data – legal basis: art. 15 GDPR:
Klient has the right to obtain from Personal data administrator confirmation whether personal data is processed and, if so, Klient has the right:
  1. a) gain access to your personal data;
  2. b) obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of this data, planned data storage period The customer or about the criteria for determining this period (when it is not possible to determine the planned data processing period), about the rights To the customer under the GDPR and on the right to lodge a complaint with the supervisory authority, on the source of this data, on automated decision-making, including profiling, and on the safeguards used in connection with the transfer of this data outside the European Union;
  3. c) obtain a copy of your personal data.
  4. The right to rectification of data – legal basis: Art. 16 GDPR:
Klient has the right to demand from Personal data administrator immediately rectify any inaccurate personal data relating to him. Taking into account the purposes of processing, Client, the data subject has the right to request completion of incomplete personal data, including by submitting an additional statement, sending a request to the e-mail address in accordance with § 6 of the Privacy Policy.
  1. The right to transfer data - legal basis: art. 20 GDPR:
Klient has the right to receive his personal data provided by him Personal data administrator and then send them to another personal data administrator of your choice. Klient also has the right to request that personal data be sent by Personal data administrator directly to such an administrator, if technically possible. In this case Administrator of personal data will send personal data The customer in the form of a file in the CSV format, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data administrator.
  1. Information on how data is stored – Customer data will be stored and processed only in an electronic system.
  2. If the Customer exercises the right resulting from the above rights, Administrator of personal data will comply with the request or refuse to comply with it immediately, but no later than within one month after receiving it. However, if - due to the complexity of the request or the number of requests - Administrator of personal data will not be able to fulfill the request within a month, it will fulfill it within the next two months by informing you The customer within one month of receiving the request - about the intended extension of the deadline and its reasons.
  3. Klient may report to Personal data administrator complaints, inquiries and requests regarding the processing of his personal data and the exercise of his rights.
  4. Klient has the right to demand from Personal data administrator providing a copy of standard contractual clauses by submitting an inquiry in the manner indicated in § 6 of the Privacy Policy.
  5. To the customer you have the right to lodge a complaint with the President of the Office for Personal Data Protection regarding a violation of your rights to the protection of personal data or other rights granted under the GDPR.
6. Security management – ​​password
  1. Administrator of personal data ensure customers secure and encrypted connection when transmitting personal data and when logging in to Customer Account in the service. Administrator of personal data uses an SSL certificate issued by one of the world's leading companies in the field of security and encryption of data transmitted via the Internet.
  2. If Klient having an account in Online Store has lost the access password in any way, Online shop allows you to generate a new password. Administrator of personal data does not send password reminders. The password is stored in an encrypted form, making it impossible to read. To generate a new password, please provide your e-mail address in the form available under the "Forgot your password" link provided next to the account login form in the Online Store. Klient to the e-mail address provided during registration or saved in the last profile change Accounts, will receive an e-mail containing a redirection to a dedicated form available at Website, where Klient will be able to set a new password.
  3. Administrator of personal data never sends any correspondence, including electronic correspondence, asking for login details, in particular the access password to the Customer's account.
7. Changes to the Privacy Policy
  1. Privacy Policy subject to change, about what Administrator of personal data will inform customers at least 7 days in advance.
  2. Any questions related to the Privacy Policy may be directed to the e-mail address Personal data administrator: info@biowell-labs.pl
  3. This Privacy Policy enters into force on 6 June 2025.