Privacy Policy & Security

Privacy Online Shop


  1. This privacy policy sets out the rules for the protection of personal data of Users who are natural persons and other natural persons whose data is processed, their rights, as well as the type of cookies used, the manner and purpose of their use.

  2. If the User does not agree with the Policy, he is asked not to visit the Pages run by the Administrator.

  3. Definitions:

  4. Data Controller – it is the Administrator, i.e. the entity deciding on the objectives

    and the methods of data processing, as well as their use

    1. Administrator - Bumerang sp. z o.o. with its registered office in Katowice, Gliwicka 15, 40-079, KRS no.: 0000080024, NIP: 635-10-19-784, REGON: 271220875, e-mail:, tel. 695843372. Share capital in the amount of PLN 50,000.00 fully paid up. The company is registered with the General Court

      District Katowice-East in Katowice VIII Economic Division

    2. Policy – Privacy Policy of the Online Store

    3. User – any natural person shopping in the Store or using

      from services provided by the Administrator, also called the Buyer or


    4. Website  a website run by the Administrator for the Store

    5. Shop – online run by the Administrator

    6. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council

      on 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Information on the processing of personal data

  1. The following information fulfils the information obligation referred to in the GDPR.

  2. Bumerang sp. z o.o. is responsible for personal data processed by the Store, whose detailed data are given in point 3.b above, this company is the same administrator of Users' personal data .

  3. The data processed by the Administrator come directly from the Users.

  4. The Administrator processes the following data of Usersname, surname, company of persons conducting business activity, address of residence, address for service, NIP, PESEL, REGON, e-mail address, telephone number, bank account number. The above does not mean, however, that for each User he processes all types of the above-mentioned data. The scope of processing depends on the type of contract concluded or the scope of use by Users of the services offered, whether the transaction is concluded by a natural person who is an entrepreneur or a consumer, and

    of the chosen payment method.

  5. Providing data is voluntary, but necessary for the performance of the contract. Failure to provide

    the required data will block the action that was carried out. Mandatory fields

    are marked.

  6. The Administrator processes personal data in order to:

take action in order to conclude a contract (Article 6(1)(.b) of the GDPR),
- performance of the concluded contract (Article 6 (1) (.b GDPR),
fulfillment of legal obligations incumbent on the Administerator in connection with running a business and concluded contracts (Article 6(1)(.c DPB), in in particular tax and accounting,
- in other legitimate interests of the Administrator , i.e. direct marketing, statistics and analytics, protection of the Administrator's interests (pursuing claims anddefense against claims),
- on the basis 
of the consent given (Article 6 (1) (a) of the GDPR), which may be revoked at any time.

  1. The data is processed for the time needed to perform the contract, and after its implementation for the time and to the extent required by law or to secure possible claims.

  2. In connection with the processing of data, they may be made available to recipients, which in particular are: institutions and bodies of state and local government administration on the basis of regulations and their powers, accounting office, legal office, auditors, entities providing IT servicesentities providing postal, courier, e-mailing services, banks.

  3. The User whose data is processed has the following rights:

    1. to access data (Art. 15 GDPR), Users can ask if their data

      are processed to what extent,

    2. to rectify data (Article 16 of the GDPR), Users via

      Accounts can correct and update their data,

    3. to delete data from the Administrator's database, unless the Administrator can still

      process them , which will be indicated in response to the request for deletion

      data (Article 17 of the GDPR),

    4. to restrict data processing (Article 18 of the GDPR), if the data processed

      do not coincide with the purposes of their processing,

    5. for data portability (Art. 20 GDPR), under certain conditions

      Users have the right to receive in a structured, commonly used format, machine-readable set of processed data, which the Administrator will send to another, indicated entity,

    6. to object to the Inspector General of Personal Data (or his successor) to the processing of data, in the event that the User believes that the method of data processing violates the law (GDPR),

  4. Data processing will not take place in an automated manner.

  5. In the case of choosing payment by credit/ payment card, the Customer service in this respect is taken over by a designated reputable third party specializing in online payments.  In this case, only his system knows and is responsible for the data provided in his forms. The forms are located on its server and are encrypted with the appropriate technologies. In the above scope, the Administrator cooperates with the company Krajowy Integrator Płatności Spółka Akcyjna - a reputable provider of on-line payment services. When choosing payment by the Administrator does not have access to any data provided by the Customer during the payment, and only receives information about the positive or negative execution of the payment. In the case of choosing payment by bank transfer, the Administrator will additionally process the account number


  1. All data provided on the Pages in forms, as well as data provided during login are transmitted in encrypted form. The Administrator uses the RapidSSL certificate, and the data provided and the operations performed on the Pages are encrypted with a 128-bit key.

  2. The Administrator reserves the right to send unannounced messages to persons whose contact details it processes and who have agreed with the Policy. The term unannounced messages is understood as information relating directly to the operation of the Store and which may be relevant to Klients /Users (e.g. change of the Regulations, Policy).

  3. Personal data provided on the Sklepu website when sending comments to products, replies to the forum, blog, etc. are available to all visitors to the Pages containing this data. The Store or the Administrator is not able to protect Users against other Users, which they will use to send unspecified information. Therefore, this data is not subject to the Policy.

  4. Forms placed as a guest on the Store's website and concerning services, products or other websites not supported by the Administrator are not subject to Policy (e.g. regarding advertising).


  1. Some areas of websites belonging to the Store may use cookies, i.e. small text files sent to the Internet user's computer identifying him in a way necessary to simplify a given operation. They are stored in the User's end device and are intended for using websites. Cookies usually contain the name of the website from which they originate, the time of their storage on the end device and a unique number.

  2. Cookies are harmless both to the computer and to its User and its data. The condition for the operation of cookies is their acceptance by the browser and not deleting them from the disk. Blocking the acceptance of cookies by the User may prevent the transaction and execution of the order in the Store.

  3. Cookies are used for the following purposes:

a. create statistics that help to understand how Users use websites, which allows improving their structure and content; b. maintaining the User's session (after logging in), thanks to which the User does not have to re-enter the login and password on each subpage;
c. determining the User's profile in order to display him tailored materials in advertising networks, in particular the Google network.

22. The Websites use three basic types of cookies: "session" (session cookies) and "persistent" (persistent cookies) and coockies of external entities. "Session" cookies are temporary files that are stored in the User's end device until logging out, leaving the website or turning off the software (web browser). "Persistent" cookies are stored in the User's end device for a specified period of time in the parameters of cookies or until they are deleted by the User. Third-party cookies allow third parties to store information about the number of visits and user behavior on websites. The purpose of storing and accessing this information by the server is to collect data on website traffic

Web. This is not personal data. Companies that provide analytical services and

statistical, including Gemius or Google.
Web browsing software (web browser)

usually by default it allows the storage of cookies on the User's end device. Users of the Website can change the settings in this respect. The web browser allows you to delete cookies. It is also possible to automatically block cookies Detailed information on this subject can be found in the help or documentation of the web browser.

24. Cookies placed on the User's end device may also be used by advertisers and partners cooperating with the Administrator.

25. It is recommended that you read the privacy policy of these companies to learn about the rules of using cookies used in statisticsGoogle Analytics Privacy Policy. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to the way the user uses the Website. For this purpose, they can store information about the user's navigation path or the time of staying on a given page.

26. In the scope of information about user preferences collected by the Google advertising network, the user can view and edit information resulting from cookies using the tool:

  1. Information about some user behavior is subject to server-tier logon. These data are used only for the purpose of administering the website and to ensure the most efficient service of the hosting services provided.

  2. Browsed resources are identified by URLs. In addition, the following may be recorded: the time of arrival of the query, the time of sending the response, the name of the Customer's station – identification carried out by the HTTP protocol, information about errors that occurred during the implementation of the HTTP transaction, the URL of the page previously visited by the User (referer link) – if the access to the Website was made via a link, information about the user's browser, information about the IP address.

  3. The above data is not associated with specific people browsing the pages. The above data is not used only for the purposes of server administration.

  4. A user who does not want to receive cookies can change the browser settings. Disabling cookies necessary for authentication processes, security, maintaining the User's preferences may make it difficult, and in extreme cases may prevent the use of websites.

  5. In order to manage cookie settings, please follow the instructions of the respective browser regarding privacy settings.

  1. The policy does not apply to websites and companies whose contact details are provided on the Store website.

  2. The policy is constantly updated, this version is effective from May 21, 2018.


The owner of the online store is not responsible for improper or inconsistent with the instructions use of the products that he sells. Comments and advice of other users contained on this site are not the opinions of the seller and we do not take responsibility for them, they should also be analyzed in detail, compared with their own case, possibly confronted with other similar publications and only when they present themselves as appropriate in a given case, implemented.

Opinions expressed by users in comments or otherwise may be removed by the administrator of the online store if they violate his rights or at the justified request of other persons or entities to which they relate.

The online store and its owner and administration are not responsible for the placed advertisements and for external pages to which the links are placed on the store's website.