Privacy Policy

Privacy policy

General conditions

  1. This Privacy Policy informs about the methods of protecting personal data of the Users of the Website located at the electronic address (and its subdomains, including, hereinafter referred to as the "Website".
  2. The administrator (hereinafter referred to as PDA) of personal data of the Website Users, including persons using the Website or ordering goods or services from the Website is Spokey Sp. z o.o. with its registered office in Katowice (40-203), al. Roździeńskiego 188C, entered in the register of entrepreneurs of the National Court Register kept by the District Court Katowice Wschód in Katowice, with REGON statistical number 471323630, NIP tax identification number 731-11-59-686 and
    a share capital of 3,600,000.00 PLN.
  3. The content of the Website pages is the property of the Data Administrator or third parties and is legally protected.
  4. In order to use the Website the User or the Customer of the Website should have
    a computer or a device with installed software allowing for browsing websites and access to the Internet. Access to the Website may be made using the most popular Internet browsers.
  5. The Administrator declares that the pages of the Website are free from content that violates the rights of third parties or applicable laws, in particular from information that causes or poses a threat to the privacy or safety of any person, information promoting illegal activities or behaviour that is offensive, threatening, obscene, defamatory or libellous, arousing racism, persecution for ethnic, cultural or religious reasons, promoting or favouring criminal activities, violating the rights of third parties, including intellectual property rights, or constituting another form of infringement of legally protected goods.

Administration of personal data

  1. Personal data of the Users or Customers of the Website, including persons ordering the service of access to digital content of specific Products offered on the Website, are protected and processed in accordance with the applicable laws on personal data, including taking into account the provisions and requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing the Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR.
  2. The Administrator shall apply technical and organisational measures ensuring the protection of the processed data, appropriate and adequate to the risks and categories of data covered by the protection, and in particular it shall protect the personal data of Customers/Users against unauthorised persons, loss or damage.
  3. The data on the Website is encrypted with a 256-bit SSL system.
  4. With regard to their personal data, the User may contact the Administrator at the address of PDA’s registered office (Al. Roździeńskiego 188 C, 40-203 Katowice) or by sending an enquiry sent to:
  5. The Administrator collects and uses data on Customers/Users of the Website obtained from the persons to whom the data relate as a result of registering an account with the Website, placing and fulfilling orders or using certain functionalities of the Website. The source of the data is the information provided by the Customer/User, including the data provided through the forms available on the Website. The data is provided on
    a voluntary basis and under conditions of freedom of decision.
  6. During data collection and processing the Website personnel shall observe the following rules: reliability, transparency, lawfulness, limited to a specific purpose of processing, the principle of data minimisation (data necessary to achieve a specific purpose of processing is collected for the necessary time), their correctness, storage in a form allowing the identification of the User/Customer, for a period no longer than necessary for the purpose of processing (principle of limited storage), security of processing, in conditions ensuring data integrity and confidentiality.
  7. Personal data of Customers/Users of the Website in the scope of: name and surname, e-mail address, telephone, IP address, address of residence/seat, correspondence address, delivery address, bank account number or NIP are processed for the following purposes:

a/ creation of an account by the User/Customer on the Website and account’s maintenance, including enabling a User to use certain functionalities of the Website, pursuant to the Article 6(1)(a) of GDPR,

b/ perform an agreement to which the Customer of the Website/User is a party or take action at their request before concluding the agreement, pursuant to the Article 6(1)(b) of GDPR,

c/ confirmation of acceptance of the order and fulfilment of other legal obligations incumbent on the Administrator, including keeping books of account and tax records, pursuant to the Article 6(1)(c) of GDPR,

d/ to pursue claims arising from a contract or business activity which constitutes a legitimate interest in the processing of data by the PDA, pursuant to the Article 6(1)(f) of GDPR,

e/ if personal data are made available in order to receive commercial information, including the Newsletter order – to perform Administrator's legitimate interest in conducting direct marketing of their own products or services by e-mail or telephone, based on the consent of the authorised person, pursuant to the Article 6(1)(f) of GDPR.

  1. Collected IT data (such as: IP address, browser type and computer's operating system) allows the Administrator to adjust the Website pages to the device used by the User/Customer and ensures transaction security.
  2. The provision of data for the performance of the contract is a legal requirement and
    a necessary condition for the conclusion of the service contract or the sale and performance of the contract by the PDA.
  3. The provision of personal data in order to fulfil Administrator's legitimate interest to conduct direct marketing of Administrator's products or services is voluntary.
  4. Direct marketing is carried out in accordance with the Article 172(1) et seq. of the Telecommunications Act of July 16, 2004 and in accordance with the Act of July 18, 2002 on the provision of electronic services.
  5. Providing data to create and maintain an account on the Website is voluntary but necessary to achieve this goal. Failure to provide data will make it impossible to create an account. Providing data in order to use other functionalities of the Website is voluntary and not providing such data will prevent the use of certain rights or functionalities.
  6. The recipients of Users' personal data shall be entities related to the Administrator, including employees, associates and persons providing services to the Administrator and related entities to whom the Administrator will entrust data processing or whom the Administrator will authorize to process them, in particular persons supporting the Administrator in running the Website, in providing the ICT infrastructure, in performing the contract of sale of goods, the contract for provision of digital content, including in the scope of IT services, transport services and payment operations, etc.
  7. In order to perform the contract and in connection with making available on the Website certain forms of payment for sold goods/services PDA may transfer personal data to other recipients or categories of recipients related to a certain method of payment chosen by the Customer/ Service User, including:

1) to ING Bank Śląski S.A. ("Bank") in connection with:

  1. provision by the Bank to the Website Owner of the service of providing access to infrastructure for handling payments via the Internet (pursuant to the Article 6(1)(f) of GDPR).
  2. handling and settlement by the Bank of payments made by the Customers of the Website via the Internet using payment instruments (pursuant to the Article 6(1)(f) of GDPR).
  3. verification by the Bank of the proper performance of agreements concluded with the Website, in particular to ensure protection of the interests of the payers in connection with their complaints (pursuant to the Article 6(1)(f) of GDPR).

2) to Twisto Polska sp. z o.o. in connection with:

  1. the possibility of proposing payment for access to the Product or e-service by Twisto Polska Sp. z o.o. under a contract of mandate including the "Buy from Twisto" or "Twisto Pay" purchase option and making that purchase option available through the Online Shop, and for Twisto Polska Sp. z o.o. to verify the proper performance of such contracts (pursuant to the Article 6(1)(f) of GDPR).
  1. In the case referred to in the paragraph 14, where the provision of data is a condition for the conclusion of the Agreement, the provision of such data is voluntary, however, the consequence of failure to provide such data shall be the impossibility of concluding the Agreement and the provision of the ordered service/services by the Website. Where the provision of personal data by the Client/User of the Website is made for the purpose of and in connection with the provision of data to Twisto Polska sp. z o.o. prior to the conclusion of a service sales agreement the provision of data is
    a condition of concluding an agreement in connection with the business model of business activity adopted by the Website.
  2. In the case of transferring personal data to the Bank for the purpose and in connection with the handling and settlement of payments made to the Service using Internet payment instruments providing of data is required in order to execute the payment and to send confirmation of its execution by the Bank on behalf of the Website. If the data are provided to the Bank in order to have the Bank verify the proper performance of agreements concluded with the Service, in particular to ensure protection of payers' interests in connection with their complaints, the provision of such data is required to enable the performance of an agreement concluded between the Website and the Bank.
  3. If the personal data of Website’s Customer are transferred to Twisto Polska sp. z o.o. in connection with an offer to pay the price for the service purchased by Twisto Polska sp. z o.o. under an order agreement covering the "Buy from Twisto" or "Twisto Pay" purchase option and the Website makes this formula available, providing such data and processing them for this purpose is required in connection with the business model of business activity adopted by the Website and in order to perform the agreement concluded between the Website and Twisto Polska sp. z o.o.
  4. Personal data of Customers/Users may also be made available to entities entitled to receive them under the applicable law, in particular the competent judicial authorities.
  5. The administrator does not intend to transfer personal data to a third country or international organisation.
  6. No automated decision-making, including through profiling, will be made based on the personal data of the Customers/Users of the Service.

Change and deleting of personal data; Users' rights

  1. The User or Customer of the Website has the right to access and correct their data, if they are incorrect. In cases specified by law they have the right to demand the deletion of their data, to demand the restriction of their processing, the right to transfer them and the right to object to their processing.
  2. For reasons related to the specific situation of the Customer/User of the Website they have the right to object to the processing of their data, if the basis for their processing is a legitimate legal interest of the PDA (Article 6(1)(f) of GDPR).  They may also object to the processing of their data for direct marketing purposes, including profiling.
  3. The personal data will be stored by the Administrator for the period resulting from the provisions of law, until the statute of limitations on possible claims resulting from the concluded agreement or from conducting business activity. Within the scope of obligations connected with keeping accounting books and tax records, personal data will be processed for the period of keeping accounting and tax records resulting from legal regulations. The data made available for marketing purposes or for the purpose of maintaining an account on the Website shall be stored until the withdrawal of consent. Withdrawal of consent for data processing shall affect neither the lawfulness of the processing which was carried out on the basis of authorised person's consent prior to its withdrawal, nor the correctness of activities constituting the realisation of
    a specific processing purpose.
  4. Once the processing of personal data for the original purpose has been completed the data will not be processed for any other purpose.
  5. The personal data collected by the Administrator of the Customer/User of the Website are visible after logging in to the account. It is possible to have them edited and deleted by Website’s personnel. In order to see, change, correct, update or delete the personal data one should contact via an appropriate e-mail to: or by post to the address of PDA’s headquarters. The request should include the name of the Customer/User. PDA may request the Customer/User to indicate also additional identification data (e.g. address of residence) in case of doubts about the person submitting the request.
  6. In case the ADO, when processing personal data, violates the provisions on personal data protection, the authorized data owner has the right to lodge a complaint to the supervisory authority - the President of the Office for Personal Data Protection.

Cookie mechanism

  1. The service automatically collects data concerning visits of all Users, such as IP address, browser type, operating system type, etc. These data are used for statistical analysis of Users' behaviour on the Website.
  2. The Website uses cookies to identify Users who have visited the Website to personalize content and advertising (Google Adwords, Remarketing), to offer social features (Facebook, Instagram, Youtube) and to analyse traffic on our website (Google Analytics).
  3. Cookies do not contain any personal data.
  4. The Partners of the Administrator or the Customer/User of the Website may combine this information with other data received from the User or obtained while using their services.
  5. Cookies used by the Website:







It stores the number of visits to the website by a given user. Time of first visits, previous and current. (Google Analytics)


__utmc __utmb


It checks how quickly the visitor leaves the website. (Google Analitycs)




It stores information about whether the visitor has accessed the page from a search engine (if so, the word they used to find the page) or from another website (the link from which they accessed the page).




User authentication after login



  1. In accordance with the applicable provisions of the Telecommunications Act of July 16, 2004 (Journal of Laws no. 171, item 1800, as amended) the User has the right to decide on the access of cookies to their device by selecting them in the window of their browser.
  2. Detailed instructions of individual web browser manufacturers on how to manage cookies can be found at the following addresses:

-Mozilla Firefox:

-Internet Explorer:

- Google Chrome:

- Safari:

- Opera:  

Final provisions

  1. This Privacy Policy does not cover any information about services or Products of other entities than the Administrator, which have been placed on Website's pages commercially, as a guest, on a reciprocal or non-commercial basis.
  2. The Data Administrator shall not be liable for the actions or omissions of the Users as a result of which the Data Administrator processes the personal data provided by them in the manner specified in this Privacy Policy.
  3. The Data Administrator reserves the right to introduce changes, withdraw or modify the functions or properties of the Website, as well as to discontinue the activity with appropriate protection of the rights acquired by individual Customers/Users, transfer the rights to the Website and perform all legal actions permitted by the applicable laws. Any actions performed by the Data Administrator must not violate the rights of the Customer/User.

Changes in the Privacy Policy

The data administrator reserves the right to introduce changes to the Privacy Policy, if required by law or changes introduced on the Website. They shall notify the Users on the relevant changes and their effective date, in particular by placing an appropriate message on the Website or by sending information to the e-mail address made available by the User.