Echo Sense Logo

Privacy Policy

Last updated: November 11, 2025

Table of Contents

§1. General Provisions

This Privacy Policy defines the rules for the processing and protection of personal data of Users of the website https://echosense.pl belonging to Echo Sense Sp. z o.o. with its registered office in Stalowa Wola at ul. Eugeniusza Kwiatkowskiego 9, 37-450 Stalowa Wola, entered in the National Court Register under KRS number 0001199133, NIP 8652590799, REGON 542532409.

The data controller is Echo Sense Sp. z o.o. Contact with the Controller is available at the e-mail address: hello@echosense.eu

The protection of Users' personal data is our priority. Data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and the Personal Data Protection Act.

§2. Scope of Processed Data

The Controller processes the following categories of Users' personal data:

  • Identification data: first name, last name
  • Contact data: e-mail address, phone number
  • Order data: delivery address, order history
  • Technical data: IP address, browser type, operating system
  • Website usage data: cookies, system logs

Providing personal data is voluntary but necessary for the delivery of services offered by the website.

Users' personal data is processed for the following purposes:

  • Performance of a sales contract for products or provision of services (Article 6(1)(b) GDPR)
  • Handling inquiries and contact requests (Article 6(1)(f) GDPR - legitimate interest of the Controller)
  • Sending newsletters and marketing information - based on consent (Article 6(1)(a) GDPR)
  • Fulfillment of legal obligations incumbent upon the Controller, including tax and accounting obligations (Article 6(1)(c) GDPR)
  • Establishment, pursuit, or defense of claims (Article 6(1)(f) GDPR)
  • Statistical analysis and improvement of website functionality (Article 6(1)(f) GDPR)

§4. Data Retention Period

Personal data is retained for the following periods:

  • Data related to contract performance - for the period necessary for contract performance and for the period required by law (e.g., tax regulations - 5 years)
  • Data processed on the basis of consent (e.g., newsletter) - until the User withdraws consent
  • Marketing data - until an objection is raised or consent is withdrawn
  • Cookie data - according to browser settings or up to 12 months

§5. Data Recipients

Personal data may be transferred to the following categories of recipients:

  • Payment operators (Przelewy24) - for the purpose of processing payment transactions
  • Hosting and server service providers (Vercel) - for the purpose of ensuring website operation
  • E-mail service providers (Resend) - for the purpose of sending e-mail messages
  • Courier companies - for the purpose of delivering ordered products
  • Entities providing accounting and legal services - to the extent necessary for the provision of these services
  • Public and state authorities - in cases provided for by law

All data recipients are obliged to maintain confidentiality and process data in accordance with the GDPR.

§6. User Rights

The User has the right to:

  • Access to data - the User may request information about processed personal data
  • Rectification of data - the User may request correction of inaccurate or completion of incomplete data
  • Erasure of data ("right to be forgotten") - in cases provided for in the GDPR
  • Restriction of processing - in cases specified in the GDPR
  • Data portability - receiving data in a structured format and transferring it to another controller
  • Objection to processing - in the case of data processing based on legitimate interest
  • Withdrawal of consent - at any time, without affecting the lawfulness of processing carried out before its withdrawal

To exercise the above rights, please contact the Controller at: hello@echosense.eu

The User has the right to lodge a complaint with the supervisory authority - the President of the Personal Data Protection Office, when they believe that the processing of their personal data violates GDPR provisions.

§7. Marketing Consents

Consent for e-mail communication:

"I consent to the processing of my personal data by Echo Sense sp. z o.o. with its registered office in Stalowa Wola, entered in the National Court Register under KRS number: 0001150313, NIP 8652507099, REGON: 542534909, for the purpose of sending commercial and marketing information by electronic means (e-mail). The consent may be withdrawn at any time by contacting the Organizer at the e-mail address hello@echosense.eu."

Consent for phone communication:

"I consent to the processing of my personal data by Echo Sense sp. z o.o. with its registered office in Stalowa Wola, entered in the National Court Register under KRS number: 0001150313, NIP 8652507099, REGON: 542534909, for the purpose of sending commercial and marketing information by telephone contact. The consent may be withdrawn at any time by contacting the Organizer at the e-mail address hello@echosense.eu."

§8. Cookies

The website uses cookies - small text files stored on the User's device to ensure proper operation of the website and to analyze traffic.

Cookies are used for the following purposes:

  • Ensuring proper operation of the website (essential cookies)
  • Remembering user preferences (functional cookies)
  • Analyzing visit statistics (analytical cookies)
  • Tailoring advertisements to user interests (marketing cookies)

The User may change cookie settings in their web browser at any time. Restricting the use of cookies may affect some functionalities available on the website.

§9. Data Security

The Controller applies appropriate technical and organizational measures to ensure the protection of processed personal data, in particular securing data against unauthorized access, loss, destruction, or unauthorized modification.

Security measures include, among others:

  • HTTPS (SSL) connection encryption
  • Regular software updates
  • Restriction of data access to authorized personnel only
  • Regular data backups
  • Application of cybersecurity protections

Payment card data is not stored by the Controller - payments are handled by an external payment operator (Przelewy24).

§10. Changes to Privacy Policy

The Controller reserves the right to make changes to this Privacy Policy.

Users will be informed of any changes through the publication of a new version of the Privacy Policy on the website, indicating the date of the last update.

Changes take effect on the date of their publication on the website, unless otherwise specified.

We recommend regularly reviewing the contents of the Privacy Policy to stay informed about data processing practices.

§11. Final Provisions

In matters not regulated by this Privacy Policy, the provisions of the GDPR and other applicable provisions of Polish and European law shall apply. Detailed rules for using the website are set out in the Terms of Service.

This Privacy Policy is effective from the date of its publication on the website.