Efento
Efento / Privacy policy

Privacy policy

PRIVACY AND COOKIES POLICY OF THE WEBSITE AND MOBILE APPLICATIONS OF EFENTO

Date of Update: May 27, 2026

Respecting your privacy and ensuring the security of your personal data, the Administrator hereby implements this Privacy Policy. This document defines the rules, purposes, legal bases, and periods of processing personal data in connection with the use of the website https://efento.pl (hereinafter: “the Website”) and mobile applications: Efento Inspector, Efento Logger, and Efento Transport (hereinafter: “the Applications”).

1. PERSONAL DATA ADMINISTRATOR

The Administrator of your personal data is Efento Sp. z o.o. with its registered office in Kraków, ul. Przemysłowa 12, 30-701 Kraków, entered into the Register of Entrepreneurs of the National Court Register under KRS number: 0000941769, NIP: 6762499917, REGON: 363515645 (hereinafter: “the Administrator”).

In all matters related to the protection of personal data, including the exercise of your rights, you can contact the Administrator via e-mail at: gdpr@efento.pl or by mail to the address of the registered office.

2. PURPOSES, LEGAL BASES, AND PERIODS OF DATA PROCESSING

Your personal data is processed solely for specific, legally justified purposes, in accordance with the following table:

No. Purpose of processing Legal basis according to GDPR Data retention period
1. Account registration in the online store and order fulfillment (including shipping of goods). Art. 6(1)(b) GDPR – necessity for the performance of a contract to which the User is a party. For the duration of holding an account on the Website, and in the case of purchases – for the period necessary to fulfill the order and the time required to defend or pursue claims arising from the contract (in accordance with statutory limitation periods).
2. Fulfillment of legal obligations (e.g., issuing invoices, bookkeeping, and financial reporting). Art. 6(1)(c) GDPR – legal obligation incumbent on the Administrator under tax and accounting laws. For a period of 5 years, counting from the end of the calendar year in which the tax payment deadline expired.
3. Handling inquiries via the contact form, testing requests, and technical support. Art. 6(1)(f) GDPR – legitimate interest consisting of handling correspondence and resolving technical issues. For the period necessary to provide an answer or resolve the issue, no longer than 2 years from the end of the contact.
4. Analytics and traffic statistics on the Website and within the Applications (behavior analysis, performance optimization). Art. 6(1)(a) GDPR – voluntary consent of the User to the use of analytical cookies / identifiers. Until the User withdraws consent or until the expiration of cookies/identifiers (up to a maximum of 14 months).
5. Establishment, exercise, or defense of claims related to the use of the Website or Applications. Art. 6(1)(f) GDPR – legitimate interest of the Administrator consisting of protecting its property rights and reputation. Until the expiry of the statutory limitation periods for claims resulting from the Civil Code.

3. SPECIFICS OF PROCESSING IN MOBILE APPLICATIONS

  1. Using the Applications (Efento Inspector, Efento Logger, Efento Transport) may require access to certain functions of your end device (e.g., Bluetooth module for communication with data loggers, device memory for saving logs).

  2. In the event of an Application error, third-party tools (e.g., Firebase Crashlytics) collect so-called Log Data (including device model, operating system version, time of the crash). This data is used exclusively to fix bugs and optimize the performance of the Application.

  3. The Applications are not intended for children under 16 years of age, and the Administrator does not knowingly collect data from such individuals.

4. RECIPIENTS OF PERSONAL DATA

Your personal data may be transferred only to trusted processors who provide services to the Administrator based on data processing agreements:

  • IT service providers, hosting, and cloud system providers,

  • Entities providing accounting, legal, and logistics services (couriers),

  • Providers of analytical and diagnostic tools (Google LLC – regarding Google Analytics, Firebase, Crashlytics),

  • Entities handling electronic payments in the online store (payment operators).

5. DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

In connection with the use of analytical tools provided by Google LLC, your data (such as an IP address anonymized to the highest possible extent, online identifier) may be transmitted to the United States. This transfer is based on:

  • The European Commission’s adequacy decision regarding the level of personal data protection (the EU-US Data Privacy Framework program), under which Google LLC is a certified participant,

  • If necessary – Standard Contractual Clauses approved by the European Commission.

6. USER RIGHTS (RIGHTS OF THE DATA SUBJECTS)

In connection with the processing of personal data by the Administrator, you are entitled to the following rights:

  1. The right to access your data and receive a copy of it (Art. 15 GDPR).

  2. The right to rectify (correct) your data (Art. 16 GDPR).

  3. The right to erasure (“the right to be forgotten”) (Art. 17 GDPR) – in situations specified by law.

  4. The right to restriction of processing (Art. 18 GDPR).

  5. The right to data portability (Art. 20 GDPR) – if the processing is based on a contract or consent and is carried out by automated means.

  6. THE RIGHT TO OBJECT (Art. 21 GDPR) – to the processing of data based on the Administrator’s legitimate interest (including marketing or analytics).

  7. The right to withdraw consent at any time (if processing was based on consent) without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise the above rights, please contact us via the e-mail address provided in Section 1.

You also have the right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection (ul. Stawki 2, 00-193 Warsaw, Poland), if you consider that the processing of your data violates the provisions of the GDPR.

7. COOKIE POLICY

  1. The Website uses cookies (small text files saved on your device).

  2. Categories of cookies:

    • Necessary (Technical): Enable the proper functioning of the Website, security, and session maintenance. They are launched automatically and do not require your consent (basis: Art. 173(3) of the Polish Telecommunications Law).

    • Analytical / Statistical (optional): Used to study website traffic and user behavior (e.g., Google Analytics). We use the IP anonymization feature. These files are blocked by default and run only after you express your active consent.

  3. Consent Management: During your first visit to the Website, a dedicated window (CMP platform) is displayed allowing you to adjust cookie settings. The User can accept all cookies, reject optional cookies, or configure permissions manually. Consent can be withdrawn at any time by clicking the privacy settings icon visible in the lower-left corner of the page.

  4. Changing cookie settings is also possible directly in your web browser options, however, completely blocking necessary cookies may hinder or prevent the use of the Website.

8. PROFILING

Your data will not be used for automated decision-making, including profiling that produces legal effects concerning you.

9. CHANGES TO THE PRIVACY POLICY

The Administrator reserves the right to make changes to this Privacy Policy to adapt it to new legal requirements or technological changes. Users will be informed of each change by publishing the new version of the document on the Website with the current effective date.