Privacy Policy and Cookies Policy

Last Modified: October 12, 2025

For the sake of the security of the data entrusted to me, I have developed internal procedures and recommendations to prevent data from being shared with unauthorized persons. I control their implementation and constantly check their compliance with the relevant legal acts – the Personal Data Protection Act, the Act on the Provision of Services by Electronic Means, as well as all kinds of implementing acts and acts of Community law.

Definitions

Administrator / I – Patryk Lewczuk conducting business activity under the name of Comerito Patryk Lewczuk, 22/14 Falista Street, 81-331 Gdynia, NIP: 7272765097, REGON: 541171949, entered into the register of entrepreneurs – Central Register and Information on Economic Activity (CEIDG) kept by the minister responsible for the economy, e-mail address: patryk.lewczuk@comerito.com;

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Website – a website maintained by the Administrator at the following address: https://comerito.com/.

User / You – any natural person or entity visiting the Website or using one or more services or functionalities made available by the Administrator.

What do I do with your data?

When you use the Website or other services offered by the Administrator, the personal data you provide is collected, such as your name and surname, address, email address, phone number, company data (company name, tax identification number, industry) and data necessary to process payments. This is the data necessary for me to provide services to you.

When you browse the Website, I automatically receive your IP address, which provides me with information about your browser and your operating system. On my website, third parties place information in the form of cookies and other similar technologies on your end device (e.g. computer, smartphone) and gain access to them. These are my partners with whom I constantly work to tailor to your needs and interests the ads on my and theirs, as well as the services that I and my partners provide.

All personal data are processed on the basis of your consent and in cases where the law authorizes the Administrator to process personal data.

Purposes and legal bases of data processing

The personal data of all Users using the Website (including IP address or other identifiers and information collected through cookies) are processed by me:

  1. in order to provide services by electronic means in the scope of making the content collected on the Website available to Users or concluding a sales agreement – then the legal basis for the processing is the necessity of the processing for the performance of the contract (Article 6(1)(b) of the GDPR);
  2. for the purpose of establishing and pursuing claims or defending against them – the legal basis for the processing is my legitimate interest (Article 6(1)(f) of the GDPR);
  3. for the purpose of sending commercial information or contacting the User, the legal basis for the processing is the User’s consent (Article 6(1)(a) of the GDPR);
  4. in order to issue accounting documents, archive documents; compliance with tax obligations – the legal basis for processing is the fulfilment of a legal obligation (Article 6(1)(c) of the GDPR);
  5. for analytical and statistical purposes, as well as archival purposes – then the legal basis for the processing is my legitimate interest (Article 6(1)(f) of the GDPR) consisting in conducting analyses of the Users’ activity, as well as their preferences in order to improve the functionalities used and the services provided.

The activity of Users on the Website, including personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities concerning the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. I also process it for technical and administrative purposes, for the purposes of ensuring the security of the IT system and managing this system – in this respect, the legal basis for the processing is my legitimate interest (Article 6(1)(f) of the GDPR).

Cookies

The website uses „cookies”. These are short text information stored on the Users’ computer, phone, tablet or other device. They can be read by me as well as by systems owned by other entities whose services I use (such as Google). Cookies usually contain the name of the website from which they originate, the time they are stored on the end device and a unique number. For more information about cookies, please visit www.allaboutcookies.org.

I use cookies to identify the browser session, which enables the use of the Website’s functions. The use of cookie techniques does not allow the collection of any personal and address data or any confidential information from your computer.

Cookies are used for the following purposes: maintaining the security of services and preventing fraud, facilitating the performance of the Website, recording visits for marketing and statistical purposes, using social functions, supporting the personalization of websites (e.g. saving language settings). Cookies may also be used and placed by cooperating partners – they are then subject to the cookie policies or privacy policies of the entities posting them.

The scope and purpose of data collection, as well as the way of contacting and exercising rights or making settings to ensure the protection of privacy are described in the privacy policies of individual partners.

You agree to the processing of information contained in cookies by giving your consent when you first enter the Website within the displayed window. The User may agree to the processing of all data or only those that are necessary for the proper display of the Website.

If you do not want cookies to be used for the purpose described above, you can delete them manually at any time. To read detailed instructions on how to proceed, visit the website of the manufacturer of the web browser you are using.

If you use Google Chrome, the instructions can be found here – link

If you are using Mozilla Firefox, the instructions can be found here – link

If you are using Microsoft Edge, the instructions can be found here – link

In the case of using Internet Explorer, I suggest changing the tool to one of the above, and the instructions can be found here – https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

If you are using Safari, the instructions can be found here – https://support.apple.com/en-gb/105082.

I feel obliged to warn you that disabling or limiting the use of cookies may cause difficulties in using the Website and limiting its functionality.

Processing of your data - third parties

The third-party providers I use will only collect, use and disclose your information for the purpose necessary to provide the services they provide to me. However, some third-party service providers, such as payment gateways or other electronic payment processors, have their own privacy policies regarding the information I am required to share with them to carry out purchase-related transactions. Regarding these providers, I recommend that you read their privacy policies to understand how they will handle your personal data.

In particular, please note that some suppliers may be located or located in an area that is subject to a different jurisdiction than ours or yours. Therefore, if you choose to make a transaction that involves the services of third-party providers, then your data may be subject to the laws of the jurisdiction of the place where the supplier is located or is headquartered. Once you leave my website and are redirected to a third-party website or application, you are not bound by this privacy policy or our terms and conditions.

The Administrator informs the Users that, apart from the cases indicated above, it entrusts the processing of personal data to the following entities:

Outside the EEA:

Due to the fact that some entities cooperating with the Administrator have their registered offices outside the European Union, and therefore in the light of the provisions of the GDPR they are treated as the so-called third countries. The Administrator ensures that the data is transferred to entities from the United States that use standard contractual clauses.

Google Inc. (registered office: 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – providing Google Analytics for monitoring website traffic. The collected data generally makes it impossible to identify a specific person, and more information about the privacy standards of the tool is available at the link www.google.com/intl/pl/policies/privacy/partners/. In addition, by using the following link: https://tools.google.com/dlpage/gaoptout it is possible to disable the activity measured by Google Analytics.

Thus, I guarantee compliance with standards analogous to the GDPR in the field of personal data protection, and the use of their technology by me when processing personal data is in accordance with the law.

Data processing period

The period of data processing depends on the type of service provided and the purpose of the processing. As a rule, data are processed for the duration of the provision of the service, until the consent is withdrawn or an effective objection to data processing is filed in cases where the legal basis for data processing is the legitimate interest of the Administrator.

Accounting documents are stored in accordance with the regulations for a period of 5 years from the end of the tax year in which the tax obligation arose. Within this period, you cannot object to the processing of your data and request the deletion of your data. Such a possibility is obtained after the expiry of the period of storage of documents imposed by the applicable law and after the expiry of the limitation period for claims under the concluded agreement.

The content of correspondence may be archived, and it is not possible to determine in advance an unambiguous deadline for its deletion (Article 6(1)(f) of the GDPR). You can demand that the history of correspondence with me be presented (if it was archived), as well as request its deletion, unless its archiving is justified due to my overriding interests, e.g. defense against potential claims.

The period of processing of other data may be extended if the processing is necessary to establish and pursue possible claims or to defend against them, and after this time only if and to the extent required by law. After the expiry of the processing period, the data is irreversibly deleted or anonymised.

Your rights

As a User, you have the right to:

  1. access to the content of the data and request their rectification,
  2. delete data,
  3. restriction of processing,
  4. the right to data portability,
  5. the right to object to data processing,
  6. the right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection, 2 Stawki Street, 00-193 Warsaw.

To the extent that the data is processed on the basis of consent, it can be withdrawn at any time, by contacting me, e.g. at the e-mail address: patryk.lewczuk@comerito.com.

You have the right to object to the processing of your data for marketing purposes if the processing is carried out in connection with my legitimate interest, as well as for reasons related to the User’s particular situation in other cases (e.g. in connection with the implementation of analytical and statistical purposes

Contact

Contact with the Administrator is possible at the e-mail address: patryk.lewczuk@comerito.com or in writing to the address of the Administrator’s registered office (22/14 Falista Street, 81-331 Gdynia).

Data security

In order to ensure the security of the processed data, the Administrator uses technical measures in the form of data encryption in transmission (SSL), security of IT systems, regular backup and security monitoring. In addition, the Administrator applies organizational measures in the form of drawing up a security policy and procedure, employee training, access control and confidentiality obligations.

Policy changes

The policy is reviewed on an ongoing basis and updated if necessary. The current version of the Policy has been adopted and has been in force since October 12 2025. 

Join the waitlist

Get notification when extension will be ready!

Your email will only be used for Customer Scoring Extension communications and won’t be shared with third parties.