📦 Darmowa dostawa od 299 PLN 📦
Zapisz się do newslettera i odbierz zniżkę na zakupy!

Privacy policy

Privacy Policy

This document defines the rules for the processing of personal data of Users using the website www.yosoy.pl and informs about the use of cookies and similar technologies. The Privacy Policy is an integral part of the Online Store Terms and Conditions www.yosoy.pl The document meets the requirements of the GDPR.


I. Data Controller

The personal data controller is JIM Sp. z o.o., ul. Zamkowa 36, 95-200 Pabianice, NIP 7312048842, REGON 361326207, KRS 0000554757 (hereinafter referred to as the "Administrator"). Contact: hello@yosoy.pl or at the correspondence address provided above.


II. Scope and sources of data

We process the following categories of data:
(1) account data (email address, activity history),
(2) order data (name and surname, contact details, delivery address, payment details to the extent necessary),
(3) contact data from forms/emails, including IP address,
(4) data related to the use of the website (IP address, device/browser identifiers, cookies and similar technologies). The data comes directly from the User or is collected automatically when using the website.


III. Purposes and legal basis of processing

1) Provision of services electronically, account management and execution of sales contracts - Art. 6 sec. 1 lit. b GDPR.

2) Handling inquiries and correspondence, including via contact forms - Art. 6 sec. 1 letter f GDPR (the Controller's legitimate interest in providing answers and conducting communication), and when circumstances indicate preparation for the conclusion of a contract - Art. 6 sec. 1 letter b GDPR.

3) Direct marketing of products/services, including "Automated Marketing Campaigns" (description in Chapter IV) - Art. 6 sec. 1 letter f GDPR. In the case of channels requiring consent to commercial communication (e.g. e-mail/SMS) - activities are carried out only after obtaining the User's consent based on separate provisions.

4) Conducting analyses, statistics and measuring the effectiveness of activities on the website - Art. 6 sec. 1 letter f f GDPR.

5) Complaint handling, pursuing and defending against claims - Art. 6 sec. 1 letter f GDPR.

6) Fulfillment of legal obligations (accounting, taxes) - Art. 6 sec. 1 letter c GDPR.


IV. Automated Marketing Campaigns

The Administrator runs automated marketing campaigns, including:
(a) reminders about products left in the cart,
(b) information about product availability or price changes,
(c) sending discount codes,
(d) requests for reviews after purchases. Campaigns may be directed:
(1) to Users subscribed to the newsletter and (2) to Users recognized in the system (e.g., those with an account or who have previously made a purchase), unless they have objected to direct marketing.

The legal basis is the Administrator's legitimate interest (Article 6, paragraph 1, letter f of the GDPR) in conducting marketing activities and developing customer relationships. In the case of channels requiring consent to send commercial information (e.g., email/SMS), communication is carried out after obtaining consent. The user may object to direct marketing at any time.


V. Profiling and Automated Decision-Making

Users' personal data is not used to make automated decisions, in particular through profiling.


VI. Cookies and Similar Technologies

The website uses cookies: (1) necessary — they ensure the proper functioning of the website, (2) analytical — for creating statistics and research, (3) functional — they facilitate the use of the website, (4) marketing — they allow us to measure the effectiveness of activities and tailor content. You can manage your cookie preferences through the appropriate consent panel on the website and your browser settings. Disabling necessary cookies may make it difficult to use the website.

VII. Data Security

The Administrator uses appropriate technical and organizational measures to ensure e protection of data against unauthorized access, loss, destruction, or unauthorized modification.

VIII. Data Recipients and Subcontractors

Data may be transferred to: hosting and IT solution providers, marketing automation and analytical tool providers, payment operators, carriers, courier/postal companies, entities providing accounting and legal services, as well as dropshipping entities – only to the extent necessary to achieve the purposes indicated in this policy. The Controller concludes data processing agreements with these processors.


IX. User Rights

The User has the right to access data, rectify, erase, limit processing, transfer data, object to processing (including direct marketing), and file a complaint with the President of the Personal Data Protection Office. To exercise your rights, please contact hello@yosoy.pl. The exercise of your rights is generally free of charge.


X. Data Transfer Outside the EEA

If, as part of the use of tools from providers based outside the European Economic Area, data is transferred to third countries, the Controller will ensure appropriate compliance mechanisms (e.g., standard contractual clauses, decisions confirming an adequacy level of protection) and inform Users thereof.


XI. Data retention periods

Data is stored for the period necessary to achieve the purpose: (1) contractual data - for the performance of the contract and the expiry of the limitation periods for claims, (2) marketing data - until an objection is raised or consent is withdrawn (if required), (3) accounting data - for the period required by law (at least 5 years from the beginning of the year following the financial year in which the documents were settled), (4) data from forms - for the time needed to respond and process the case.


XII. Social plugins and social media profiles

The website may contain social media plugins (e.g., Facebook, Twitter, WhatsApp, LinkedIn) that can transmit information about the IP address and browser identifier to providers. Even if you don't have an account or are not logged in, providers receive information that our website has been viewed. The Administrator also maintains social media profiles, processing data provided by Users for informational and promotional purposes pursuant to Article 6(1)(f) of the GDPR.


XIII. Opt-out Mechanisms

The User may at any time: (1) unsubscribe from the newsletter using the link in the message or through their account settings, (2) object to direct marketing at hello@yosoy.pl, (3) change cookie settings in the preference panel.


XIV. Policy Changes

The Administrator may change this policy. Significant changes will be announced on the website and/or via email to Users who have an account or have subscribed to the newsletter. Last updated: December 2, 2025.