Privacy policy

Privacy Policy Unsung Heroes

1 Data controller and definitions

  • The administrator of the personal data of the Customers / Users of the Internet Shop, also referred to as the Seller, is: Unsung Heroes Foundation with its registered office in Warsaw (00-825) at ul. Sienna 64, REGON 524608894 KRS 000102054 NIP 527-30-45-234
  • ¬†
  • The Data Controller can be contacted:
    • at the mailing address: Sienna 64, 00-825 Warsaw
    • at the following e-mail address:¬†
  • User – a natural person accessing the website/pages of the Online Shop or using the services or functionalities described in this Privacy and Cookies Policy.
  • Customer – a natural person with full legal capacity, a natural person who is a Consumer, a legal person or an organisational unit without legal personality, which is granted legal capacity by the law, who concludes a distance sales agreement with the Seller.
  • Online Shop – the online service operated by the Seller, available at the electronic addresses (sites):, through which the Customer/User can obtain information about the Goods and their availability and buy the Goods or order a service.
  • Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on electronic service provision (Journal of Laws of 2020, item 344) originating from the Seller sent to the Customer/User electronically; its receipt is voluntary and requires the Customer/User’s consent.
  • Account – a set of data stored in the Online Store and in the Seller’s IT system concerning a given Client/User and the orders he/she places and contracts he/she concludes, using which the Client/User may place orders and conclude contracts.
  • RODO – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2. purposes, legal basis and duration of data processing

  • In order to perform the Distance Sales Contract, the Seller processes:
    • information relating to the User’s device in order to ensure the correct operation of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, browser data, device data, data relating to activity on the Site, including on individual pages;
    • geolocation information if the user has consented to the service provider’s access to the geolocation. Geolocation information is used to provide more tailored offers of products and services;
    • the Users’ personal data: name, surname, registered office address, correspondence address, e-mail address, telephone number, Tax Identification Number, bank account number or other personal data which is necessary to complete the purchase and which the Administrator requires to be provided in the purchase process.
  • This information does not contain data concerning the identity of Users, but in combination with other information may constitute personal data and therefore the Administrator covers it with the full protection afforded under the RODO.
  • This data is processed in accordance with Article 6(1)(b) of the RODO, for the purpose of providing the service, i.e. the contract for the provision of electronic services in accordance with the Terms and Conditions, and in accordance with Article 6(1)(a) of the RODO, in relation to the consent for the use of certain cookies or other similar technologies, expressed through the relevant settings of the Internet browser in accordance with the Telecommunications Law, or in relation to the consent for geolocalisation. The data is processed until the end of the Customer/User’s use of the Online Shop.
  • The Administrator undertakes to take all measures required under Article 32 of the RODO, i.e., taking into account the state of the art, the cost of implementation and the nature, scope and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and seriousness, the Administrator implements appropriate technical and organisational measures to ensure a degree of security appropriate to that risk.

3. marketing activities of the controller

  • On the website of the Online Shop, the Data Controller may post marketing information about its products or services. The display of this content is carried out by the Data Controller in accordance with Article 6(1)(f) of the RODO, i.e. in accordance with the legitimate interest of the Data Controller to publish content related to the services provided and promotional content of campaigns in which the Data Controller is involved. At the same time, this action does not violate the rights and freedoms of Customers/Users, Customers/Users expect to receive content of similar content and even expect it or it is their direct purpose to visit the website/pages of the Online Shop.

4 Recipients of user data

  • The Data Controller shall only disclose users’ personal data to processors under concluded personal data processing entrustment agreements in order to perform services for the Data Controller, e.g. hosting and maintenance of the Site, IT services, marketing and PR services.

5. transfer of personal data to third countries

  • Personal data will not be processed in third countries.

6 Rights of data subjects

  • Every data subject has the right:
    • access (Article 15 RODO) – to obtain confirmation from the Data Controller as to whether or not personal data about him or her is being processed. If data about a person is being processed, he or she is entitled to access it and to obtain the following information: the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the data have been or will be disclosed, the duration of data retention or the criteria for determining it, the data subject’s right to request rectification, erasure or restriction of the processing of personal data and to object to such processing;
    • to obtain a copy of the data (Article 15(3) RODO) – to obtain a copy of the data undergoing processing, the first copy being free of charge and for subsequent copies the Data Controller may charge a reasonable fee based on administrative costs;
    • to rectification (Article 16 RODO) – to request the rectification of personal data concerning him/her which is incorrect or the completion of incomplete data;
    • to erasure (Article 17 of the DPA) – to request the erasure of her personal data where the Controller no longer has a legal basis for the processing or the data are no longer necessary for the purposes of the processing;
    • to restrict processing (Article 18 RODO) – to request the restriction of processing of personal data when:
      • the data subject questions the accuracy of the personal data – for a period allowing the Data Controller to verify the accuracy of the data,
      • the processing is unlawful and the data subject objects to the erasure by requesting a restriction of use,
      • The controller no longer needs the data, but it is needed by the data subject to establish, assert or defend a claim,
      • the data subject has objected to the processing – until it is established whether the legitimate grounds on the part of the controller override the grounds of the data subject’s objection;
    • to data portability (Article 20 RODO) – to receive in a structured, commonly used, machine-readable format the personal data concerning him or her which he or she has provided to the Controller, and to request that these data be sent to another Controller where the data are processed on the basis of the data subject’s consent or a contract with him or her and where the data are processed by automated means;
    • to object (Article 21 RODO) – to object to the processing of his/her personal data for the legitimate purposes of the controller on grounds relating to his/her particular situation, including profiling. The Controller shall then assess the existence of valid legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for establishing, asserting or defending claims. If, according to the assessment, the interests of the data subject outweigh the interests of the controller, the Controller shall be obliged to cease processing for these purposes;
    • to withdraw consent at any time and without giving any reason, but the processing of personal data carried out prior to the withdrawal of consent will continue to be lawful. Withdrawal of consent will result in the Administrator ceasing to process the personal data for the purpose for which the consent was given.
  • In order to exercise the aforementioned rights, the data subject should contact, using the contact details provided, the Data Controller and inform him/her of which right and to what extent he/she wishes to exercise it.

7. the President of the Office for Personal Data Protection

  • The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for the Protection of Personal Data with its seat in Warsaw, ul. Stawki 2, who can be contacted as follows:
  • by post: ul. Stawki 2, 00-193 Warsaw;
  • via the electronic mailbox available at:;
  • Hotline: 606-950-0000.

8 Data Protection Officer

  • In any case, the data subject may also directly contact the Data Protection Officer of the Controller by email or in writing to the address of the Controller as set out in section 1, point 2 of this Privacy and Cookies Policy.

9. Changes to the Privacy Policy

  • The Privacy and Cookies Policy may be supplemented or updated according to the current needs of the Administrator in order to provide up-to-date and reliable information to Customers/Users.

10 Cookies

  • The online shop performs the functions of obtaining information about Customers, Users and their behaviour in the following ways:
    • through the information voluntarily entered in the forms for purposes arising from the function of the specific form;
    • by storing cookies (so-called “cookies”) on terminal equipment;
    • through the collection of web server logs by the webshop’s hosting operator (necessary for the correct operation of the website).
  • Cookies are IT data, in particular text files, which are stored on the Customer’s / User’s terminal device and are intended for the use of the website of the Internet Shop. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.
  • The Online Shop uses cookies only after the Customer/User of the Shop has given their prior consent in this respect. Consent to the Online Shop’s use of all cookies is given by clicking on the button: “Close” while the message about the use of cookies by the Online Shop is displayed or by closing this message.
  • If the Customer/User of the Online Store does not agree to the Online Store’s use of cookies, he/she can use the option: “I do not give my consent”, also available in the message about the use of cookies by the Online Shop or make changes in the settings of the Internet browser he/she is currently using (however, this may result in incorrect operation of the Online Shop website).
  • To manage your cookie settings, select your browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
  • The legal basis for the processing of personal data derived from cookies is the legitimate interests of the Data Controller to provide high quality services, to ensure the security of the services.
  • The Online Shop uses two main types of cookies: “session” (session cookies) and “permanent” (persistent cookies). “Session” cookies are temporary files which are stored on the User’s terminal device until they log off, leave the Online Shop or switch off the software (web browser). “Persistent” cookies are stored on the Client/User’s terminal device for the time specified in the parameters of the cookies or until they are deleted by the Client/User.