Privacy Policy

How do we process and secure data?

Privacy Protection Principles

[effective date: 23rd August 2018]

I. Cookies

Cookies are alphanumeric (text) files constituting IT data, which are saved on terminal devices of users when they visit our website or updated when they revisit it. This website uses two types of cookies: 1) session cookies: they are stored on the users’ devices and they remain there until the end of a given browser session; upon a completed session, the stored information is permanently deleted from the users’ device memory; 2) permanent cookies: they are stored on terminal devices of users and they remain there until manually deleted.

Cookies are not associated with specific persons browsing our website. We use cookies in order to conduct remarketing activities using Facebook. Additionally, cookies may be used by us to ensure the highest possible site quality through log file analysis. These measures allow us to determine which websites are visited most often, which web browsers are used, whether the website structure contains any errors, etc.

Cookies are collected automatically, however website users may at any time disable cookies storage. To this end, the users’ web browsers must be configured accordingly.

II. Protection of personal data

Data controller

The site administrator and the controller of personal data of persons sending requests via the contact form, contacting us using the contact data provided in the “Contact” tab, and commenting our blog posts, is Sales Pistols Sp. z o.o. with its registered office in Warsaw, ul. Marcina Flisa 4 (02-247 Warsaw), entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 13th Commercial Division of the National Court Register, under number KRS 0000396313, having NIP (tax identification number):  1132846786, having share capital of PLN 6,000 (hereinafter: we/us. 

Personal data processing

The personal data provided to us are processed by us in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)(Official Journal of the European Union L 119, 2016, p.1), hereinafter: GDPR, the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018. item 1000), hereinafter: PDPA, as well as other national and European Union legislation.

To ensure the transparency of personal data processing, and respecting the information autonomy of people whose data are processed by us, in accordance with Article 13 of GDPR, the information in relation to the processing is provided below.

Purposes of the processing, legal basis and period for which the personal data will be stored

Purposes of the processing
for which the personal data are intended

Legal basis

Period for which the personal data will be stored

conducting marketing activities, including sending commercial information by electronic means

– consent of the data subject (Article 6(1)(a) of GDPR)

– legitimate interest of the controller (Article 6(1)(f) of GDPR)

– consent referred to in Article 10(2) of the Act on Providing Services by Electronic Means (consolidated text Journal of Laws of 2017, item 1219, as amended; hereinafter: APSEM)

until somebody objects to further processing of data or the consent is withdrawn

responding to a request, depending on the needs – taking steps according to the request of the contacting person

legitimate interest of the controller (Article 6(1)(f) of GDPR)

as long as necessary to respond to a request or to take steps according to the request of the contacting person

writing a blog, including enabling comments and content management

legitimate interest of the controller (Article 6(1)(f) of GDPR)

until somebody objects to further data processing


The provision of personal data is voluntary, but it is necessary to pursue the above-mentioned purposes.

Recipients of personal data

The personal data provided to us are made available by us exclusively to three groups of entities. Firstly, these include our employees and associates who inter alia handle the requests addressed to us and must have access to the collected data in order to perform the job duties entrusted to them. Every person that deals with personal data processing is duly authorised by us to do so. The personal data provided to us are also made available to processors that are our long-term partners, whose services we use in order to more effectively perform the undertaken activities, e.g. IT service providers, website maintenance. In such a case, the data is transferred in accordance with the signed personal data processing agreements by means of which we oblige our suppliers to ensure an appropriate level of security. In certain cases, we may also transfer the data processed by us to other recipients. We do so, however, only to the extent necessary and in justified cases. 

Rights related to personal data processing

In connection with personal data processing, the persons contacting us have the following rights:


Legal basis for processing

consent (Article 6(1)(a) of GDPR)

legitimate interest of the controller (Article 6(1)(f) of GDPR)

consent to receive information by electronic means (Article 10(2) of APSEM)

right to withdraw the consent given



right of access to the content of one’s personal data

rights of rectification or erasure of personal data or restriction of processing YES YES


right to data portability NO NO


right to object to the processing of personal data NO YES


right to lodge a complaint with the President of the Office for Personal Data Protection YES YES



The right to withdraw the consent may be exercised at any time. Withdrawing one’s consent does not affect, however, the lawfulness of processing prior to its withdrawal. In order to exercise the above powers, feel free to contact us using the contact data provided below.

Security of personal data

Ensuring the security of the personal data processed by us is our priority objective. Therefore, we provide our best efforts to duly secure the processed personal data. The technical and organisational measures for securing the personal data comply with the requirements of the GDPR provisions currently in force, and are also adequate to the level of the potential risk of their violation, which is being assessed by us on an on-going basis.

Final provisions

The provisions of these Privacy Protection Principles may be amended from time to time. New Privacy Protection Principles will be published on our website including the indication of their effective date.

In matters not covered by these Privacy Protection Principles, the provisions of GDPR, PDPA, APSEM, the Telecommunications Law Act of 16 July 2014 (consolidated text Journal of Laws of 2016, item 542), and the Act of 23 April 1964 – the Civil Code (consolidated text Journal of Laws of 2017, item 459, as amended), shall apply.

Any questions or doubts relating to these Privacy Protection Principles should be sent to the following address:, or addressed by phone by calling +48 728 882 798 or by correspondence to the address of our registered office.

Kajetan IżyckiPrivacy Policy