1. Introduction

   This document covers both the Privacy Policy and Cookies Policy applied by 5bonsai.com ("Service"). Our priority is to protect the privacy of our customers and users, ensuring transparency in the processing of personal data and the use of cookies. The Privacy Policy defines how the necessary personal data of users are collected, processed, and stored. The Service collects only the personal data necessary for the provision and development of the services offered. Personal data collected through the Service are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR") and the Act of 10 May 2018 on the protection of personal data (consolidated text: Journal of Laws of 2019, item 1781).

2. Data Controller

   The data controller for personal data collected by the Service and data collected through cookies is 5 Bonsai Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw (address: 02-673 Warsaw, Konstruktorska 12), entered into the National Court Register kept by the District Court for the capital city of Warsaw in Warsaw, 13th Economic Department of the National Court Register under the KRS number 1070640, NIP 521-404-58-47, email address: iod [at] 5bonsai.com ("Administrator"). Questions or requests regarding data can be sent to the email address: iod [at] 5bonsai.com. The Administrator is authorized to process personal data when at least one of the following circumstances is met: (i) the person to whom the data relates has given consent to the processing of their personal data for one or more specified purposes, (ii) processing is necessary for the performance of a legal obligation incumbent on the Administrator, (iii) processing is necessary for the purposes arising from the legitimate interests pursued by the Administrator or by a third party. Each time the purpose, legal basis, period, scope, and recipients of personal data processed by the Administrator are determined by the actions taken by the user. Personal data is processed based on the user's consent or in cases where legal regulations authorize the Administrator to process personal data based on legal provisions or to fulfill a legal obligation incumbent on the Administrator or for the legitimate interests pursued by the Administrator or by a third party. The Service performs the function of obtaining information about users and their behaviors in the following ways: (a) through voluntarily entered information in forms, (b) through the collection of "cookies" files (cookie policy). The Service collects information voluntarily provided by the user.

3. Scope of Personal Data Processing

   The Administrator may process the following personal data of users: first name, last name, email address, phone number, and data related to the use of the Service.

4. Processing Purposes

   Personal data is processed for the following purposes:

   • presenting the Administrator's offer via email or phone

   • sending newsletters containing information about the Administrator's offers and services to the specified email address

   • marketing, analytical and statistical activities, and improving the Service's services

   • in connection with the recruitment process, to the extent specified in the job advertisement

   Providing data is voluntary but may be necessary to use some functionalities of the Service.

5. Rights of Data Subjects

   Individuals whose data is processed have the right to access their personal data, rectify it, delete it, limit processing, transfer data, and object to processing, withdraw consent at any time (without affecting the legality of the processing based on consent before its withdrawal). A user who wishes to exercise their rights should send a notification to the email address: iod [at] 5bonsai.com. The user has the right to lodge a complaint with the President of the Office for Personal Data Protection if they believe that the processing violates their rights and freedoms (GDPR).

6. Data Storage Period

   Personal data is stored until the purposes of their collection are achieved or until applicable regulations require their retention.

7. Sharing of Personal Data

   User's personal data may be disclosed to entities affiliated with the Administrator, its subcontractors, cooperating entities, including entities providing courier or postal services, legal, tax, and accounting offices, entities supporting the Administrator in sending email messages and newsletters, hosting service providers or IT services, entities providing support including technical support for personal data storage, and server providers. Recipients of data are or will be entities authorized to obtain personal data under the law. In principle, personal data will not be transferred outside the European Economic Area ("EEA"). Considering the provision of services by our subcontractors supporting IT services and infrastructure, the use of certain technological solutions on the website, and the way the website functions, we may commission certain IT activities to approved subcontractors operating outside the EEA, which may involve the transfer of data outside the EEA. Data transfers are carried out to countries based on the European Commission's adequacy decisions or to countries outside the EEA based on standard contractual clauses approved by the European Commission, together with additional safeguards ensuring data security. A copy of the transferred data may be obtained by contacting the Administrator.

8. Profiling

   For the purpose of sending offers or newsletters and conducting traffic analysis, the Administrator may carry out profiling. Profiling carried out by the Administrator does not result in automated decision-making that produces legal effects or similarly significantly affects users, but only helps tailor the Service to user expectations.

9. Security

   We use technical and organizational measures to protect personal data against unauthorized access and other forms of unlawful processing.

10. Cookies Policy

    • Types of Cookies: We use session (temporary) and persistent cookies. Session cookies expire when the browser is closed. Persistent cookies remain on the device until they expire or are manually deleted.

    • Purposes of Using Cookies: Cookies are used to improve site functionality, analyze traffic, remember user preferences, and for marketing purposes.

    • Managing Cookies: Users can change cookie settings in their web browser at any time.

11. Changes to the Policy

    The Administrator reserves the right to make changes to the Privacy Policy and Cookies without limiting user rights. Any changes will be communicated on the website.

Effective Date: January 9, 2024.