Publication date: 01/06/2025

This Privacy Policy sets out the principles for processing personal data of users of the website www.7sun.eu. The document contains information required by the General Data Protection Regulation (GDPR) and takes into account relevant provisions of European law, including the Directive on Privacy and Electronic Communications (ePrivacy Directive) and applicable national laws.

1. Personal data administrator

The data controller of your personal data is Paweł Sternal, conducting business under the name 7SUN Paweł Sternal, with a registered office at: Wojska Polskiego 8, 41-208 Sosnowiec, NIP 6443163595, REGON 240990583, email: orders@7sun.eu, phone: +48 534 991 991 (hereinafter referred to as “Controller” or “we”).

2. Data Protection Officer

The Administrator has appointed a Data Protection Officer (DPO), Gabriel Gatner. If you have any questions regarding the processing of personal data or the exercise of privacy rights, please contact the Data Protection Officer:

3. Legal Basis for Data Processing

Your personal data is processed in accordance with applicable legal regulations, including:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),
  • The applicable national data protection laws of EU Member States implementing the GDPR,
  • The Directive 2002/58/EC (ePrivacy Directive) as amended, which regulates the principles of sending commercial information and the use of telecommunications terminal equipment and cookies.

4. Purpose, Scope, and Legal Basis for Processing

We process your data for the following purposes:

  1. Contract Execution and Performance (e.g., order fulfillment, customer account management)
    • Scope: name, surname, email address, correspondence address, VAT number (if applicable), phone number, payment details.
    • Legal Basis: Article 6(1)(b) GDPR (necessary for contract performance).
    • Retention Period: Until the expiration of claims arising from the contract.
  2. Handling Inquiries and Correspondence (e.g., contact form, chat support)
    • Scope: data provided in the inquiry (e.g., name, surname, email, phone number).
    • Legal Basis: Article 6(1)(f) GDPR (legitimate interest in maintaining user communication).
    • Retention Period: Until the objection is raised or the matter is resolved.
  3. Legal Compliance (e.g., accounting and tax obligations)
    • Scope: necessary data for compliance (e.g., invoice details: name, surname, company name, address, VAT number).
    • Legal Basis: Article 6(1)(c) GDPR (legal obligation of the Controller).
    • Retention Period: As required by tax and accounting laws.
  4. Direct Marketing (Newsletter, Commercial Information)
    • Scope: email address, name, surname, phone number (if provided), IP address.
    • Legal Basis: Article 6(1)(a) GDPR (consent). In addition, per the ePrivacy Directive, sending commercial communications electronically requires prior consent.
    • Retention Period: Until consent is withdrawn.
  5. Establishing, Exercising, and Defending Claims
    • Scope: necessary data for claims (e.g., identification and contact details, transaction history).
    • Legal Basis: Article 6(1)(f) GDPR (legitimate interest in legal protection).
    • Retention Period: Until the limitation period for claims expires.
  6. Analytics, Statistics, and Personalized Offers (Profiling)
    • Scope: data on user behavior on the website, IP address, order data, preferences.
    • Legal Basis: Article 6(1)(f) GDPR (legitimate interest in improving the service) or Article 6(1)(a) GDPR (consent) for marketing profiling.
    • Retention Period: Until objection is raised or consent is withdrawn.

5. Data Recipients

Your data may be shared with entities supporting us in providing services, such as:

  • IT service providers (hosting, analytics services),
  • Courier and transport companies (order delivery),
  • Accounting offices, legal firms (legal compliance, claims handling),
  • Entities managing newsletters and marketing campaigns,
  • Entities providing analytical and advertising tools.

When transferring data to third countries (e.g., the USA), we apply appropriate safeguards, such as standard contractual clauses.

6. Rights of Data Subjects

You have the following rights:

  • Right of access to data (Article 15 GDPR): Obtain information on processing and a copy of your data.
  • Right to rectification (Article 16 GDPR): Correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten,” Article 17 GDPR): Delete data when no longer needed or processed unlawfully.
  • Right to restriction of processing (Article 18 GDPR): Limit processing in specific cases.
  • Right to data portability (Article 20 GDPR): Receive data in a structured format and transfer it to another controller.
  • Right to object (Article 21 GDPR): Object to data processing based on legitimate interest or direct marketing.
  • Right to withdraw consent (Article 7(3) GDPR): You can withdraw consent at any time, which does not affect the lawfulness of processing before withdrawal.

To exercise your rights, contact us at orders@7sun.eu. We will respond without undue delay, no later than within one month from receiving your request.

You have the right to lodge a complaint with the relevant supervisory authority for data protection in your country. A list of EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/board/members_en if you believe that we process your data unlawfully.

7. Voluntary Nature of Data Submission

Providing data is voluntary, but in some cases, it is necessary to fulfill a contract or provide services (e.g., we cannot process an order without address details).

8. Automated Decision-Making and Profiling

We may process data in an automated manner, including profiling, to tailor offers or display advertisements according to your preferences. Profiling does not result in legal effects for you or otherwise significantly affect you without your consent.

9. Cookies and Similar Technologies

Before storing information or accessing information already stored on your device, we will inform you of the purpose and obtain your consent, in accordance with applicable regulations. Cookies are small text files stored on your device. We use them to ensure the proper functioning of the site, analyze traffic, and tailor content and advertisements. We use session cookies (deleted after closing the browser) and persistent cookies (remain on your device until deleted). We may use third-party cookies (e.g., Google Analytics, Meta Pixel, Microsoft Advertising) for analytics, advertising, and marketing purposes. Detailed privacy policies of these providers can be found on their websites. You can manage your cookie settings in your browser (block, delete). Not changing your settings constitutes consent to their use.

10. Changes to the Privacy Policy

The Privacy Policy may be updated due to changes in regulations or service provision. We will notify you of significant changes via the website or email (if you have an account and provided an email address). We recommend reviewing the Privacy Policy regularly.

Privacy Policy valid until 31/05/2025:

Privacy Policy – 31-05-2025Pobierz