Privacy policy

1. Data Administrator and Definitions

The data administrator of the Customers/Users of the Online Store and App, also referred to as the Seller, is: DMT SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, phone: 61 880 00 04, NIP: 7812007881, REGON: 38587741400000.
The Data Administrator can be contacted:

  • at the correspondence address: Budowlanych 1A, 62-081 Baranowo;
  • via email: rent@reactor.bike;
  • by phone: +48 61 678 12 28.

User - a natural person visiting the website/websites or using the app of the Online Store or using the services or functionalities described in this Privacy and Cookies Policy.
Customer - a natural person with full legal capacity, a natural person being a Consumer, a legal person, or an organizational unit without legal personality, which the law grants legal capacity, who enters into a distance sales agreement with the Seller.
Online Store and App - online services run by the Seller, available at the address: reactor.bike, and through the mobile application named: reactor rent, through which the Customer/User can obtain information about the Goods and their availability and purchase the Goods or order a service.
Newsletter - information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of electronic services (Journal of Laws of 2020, item 344) from the Seller sent to the Customer/User electronically; its receipt is voluntary and requires the consent of the Customer/User.
Account - a set of data stored in the Online Store and App and in the Seller's ICT system concerning a given Customer/User and their orders and concluded agreements, with which the Customer/User can place orders and conclude agreements.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Purposes, Legal Bases, and Duration of Data Processing

To perform the distance sales agreement, the Seller processes:

  • information about the User's device to ensure the correct functioning of the services: IP address of the computer, information contained in cookies or other similar technologies, session data, browser data, device data, activity data on the Site and App, including individual subpages and screens;
  • geolocation information, if the User has consented to the service provider's access to geolocation. Geolocation information is used to provide more tailored offers of products and services;
  • personal data of Users: name, surname, registered address, correspondence address, email address, phone number, NIP, bank account number, or other personal data necessary to complete the purchase, which the Administrator requires during the purchase process.

This information does not contain data about the Users' identities but may constitute personal data when combined with other information and is therefore fully protected under the GDPR.
This data is processed in accordance with Article 6(1)(b) of the GDPR to provide the service, i.e., the agreement for the provision of electronic services under the Terms and Conditions, and in accordance with Article 6(1)(a) of the GDPR, concerning the consent given for the use of specific cookies or other similar technologies, given through appropriate browser settings or app permissions in accordance with the Telecommunications Law or concerning consent to geolocation. Data is processed until the Customer/User stops using the Online Store and App.
The Administrator undertakes to take all measures required under Article 32 of the GDPR, i.e., taking into account the state of technical knowledge, implementation costs, nature, scope, and purposes of processing, and the risk of violating the rights or freedoms of natural persons of varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

3. Marketing Activities of the Administrator

On the Online Store and App, the Data Administrator may post marketing information about their products or services. The display of this content is carried out by the Data Administrator in accordance with Article 6(1)(f) of the GDPR, i.e., under the legitimate interest of the Data Administrator in publishing content related to the services provided and promotional activities in which the Data Administrator is engaged. At the same time, this activity does not violate the rights and freedoms of Customers/Users, as they expect or even anticipate receiving such content, or it is their direct purpose of visiting the Online Store and App.

4. Recipients of User Data

The Data Administrator discloses personal data of users only to entities processing them under data processing agreements for the purpose of providing services to the Data Administrator, e.g., hosting and website and app maintenance, IT services, marketing and PR services, including Shopify.

5. Transfer of Personal Data to Third Countries

Personal data will not be processed in third countries.

6. Rights of Data Subjects

Every data subject has the right to:

  • access (Article 15 GDPR) - obtain confirmation from the Data Administrator whether their personal data is being processed. If the data of the person is being processed, they are entitled to access it and obtain the following information: the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data has been or will be disclosed, the period of data storage or criteria for determining it, the right to request rectification, erasure, or restriction of personal data processing granted to the person, and to object to such processing;
  • obtain a copy of the data (Article 15(3) GDPR) - obtain a copy of the data undergoing processing, with the first copy being free of charge, and for further copies, the Data Administrator may charge a reasonable fee based on administrative costs;
  • rectification (Article 16 GDPR) - request the rectification of their inaccurate personal data or complete incomplete data;
  • erasure (Article 17 GDPR) - request the erasure of their personal data if the Data Administrator no longer has a legal basis for processing or the data is no longer necessary for the purposes of processing;
  • restriction of processing (Article 18 GDPR) - request the restriction of processing personal data when:
    • the data subject contests the accuracy of the personal data - for a period allowing the Data Administrator to verify the accuracy of the data,
    • the processing is unlawful, and the data subject opposes its erasure, requesting instead the restriction of its use,
    • the Data Administrator no longer needs the data, but it is required by the data subject for establishing, exercising, or defending claims,
    • the data subject has objected to processing - pending verification of whether the legitimate grounds of the Data Administrator override those of the data subject;
  • data portability (Article 20 GDPR) - receive the personal data concerning them, which they have provided to the Data Administrator, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another Data Administrator without hindrance from the current Data Administrator, where the processing is based on consent or on a contract and is carried out by automated means;
  • object (Article 21 GDPR) - object to the processing of their personal data for legitimate purposes of the administrator, on grounds relating to their particular situation, including profiling. In such a case, the Data Administrator will assess the existence of compelling legitimate grounds for processing, overriding the interests, rights, and freedoms of the data subjects, or grounds for establishing, exercising, or defending claims. If, according to the assessment, the interests of the data subject are more important than those of the administrator, the Data Administrator will be obliged to stop processing the data for those purposes;
  • withdraw consent at any time without providing reasons, but the processing of personal data carried out before the withdrawal of consent will remain lawful. Withdrawal of consent will result in the cessation of data processing by the Data Administrator for the purpose for which the consent was given.

To exercise the above rights, the data subject should contact the Data Administrator using the provided contact details and inform them of which right and to what extent they wish to exercise.

7. President of the Office for Personal Data Protection

The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection, located in Warsaw, ul. Stawki 2, who can be contacted as follows:

8. Data Protection Officer

In any case, the data subject can also contact the Data Protection Officer directly by email or in writing at the address of the Data Administrator provided in section 1, point 2 of this Privacy and Cookies Policy.

9. Changes to the Privacy Policy

The Privacy and Cookies Policy may be supplemented or updated in accordance with the current needs of the Administrator to provide up-to-date and reliable information to Customers/Users.

10. Cookies and Similar Technologies

The online store and app perform the functions of obtaining information about Customers, Users, and their behavior in the following ways:

  • through information voluntarily entered in forms for purposes resulting from the function of a specific form;
  • by storing cookies (so-called "cookies") on end devices;
  • by collecting web server and app logs by the hosting operator of the Online Store and App (necessary for the proper functioning of the service).

Cookies are IT data, in particular text files, which are stored on the end device of the Customer/User and are intended for the use of the Online Store's and App's website. Cookies usually contain the name of the website they come from, the time they are stored on the end device, and a unique number.

The online store and app use cookies only with the prior consent of the Customer/User of the Store. Consent to the use of all cookies by the Online Store and App is given by clicking the "Close" button during the display of the message about the use of cookies by the Online Store and App or by closing this message.

If the Customer/User of the Online Store and App does not consent to the use of cookies by the Online Store and App, they can use the "I do not consent" option, also available in the message about the use of cookies by the Online Store and App, or make changes to the settings of the internet browser or app permissions they are currently using (this may, however, result in the improper functioning of the Online Store's and App's website).

To manage cookie settings, select from the list of internet browsers/systems and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.

The legal basis for processing personal data from cookies is the legitimate interests of the Data Administrator, consisting of ensuring high-quality services and ensuring the security of services.

The Online Store and App use two main types of cookies: "session" cookies and "persistent" cookies. "Session" cookies are temporary files stored on the User's end device until logging out, leaving the Online Store and App, or turning off the software (internet browser or app). "Persistent" cookies are stored on the Customer/User's end device for the time specified in the parameters of cookies or until they are deleted by the Customer/User.

Internal cookies

Files placed and read from the User's Device by the Service's ICT system.

External cookies

Files placed and read from the User's Device by the ICT systems of external services. Scripts of external services that can place cookies on the User's Devices have been deliberately placed in the Service through scripts and services provided and installed in the Service.

Session cookies

Files placed and read from the User's Device by the Service during a single session of a given Device. After the session ends, the files are deleted from the User's Device.

Persistent cookies

Files placed and read from the User's Device by the Service until they are manually deleted. The files are not deleted automatically after the end of the Device session unless the User's Device configuration is set to delete cookies after the end of the Device session.

Cookies are used for the following purposes:

  • creating statistics that help to understand how Customers/Users of the Online Store and App use websites and apps, which allows improving their structure and content;
  • maintaining the session of the Customer/User (after logging in), thanks to which the Customer/User does not have to re-enter the login and password on each subpage of the Online Store and App;
  • determining the profile of the Customer/User to display product recommendations and tailored materials in advertising networks, in particular, the Google network.

Web browsing software (internet browser) and app settings usually allow cookies to be stored on the end device of the Customer/User by default. Customers/Users can change the settings in this regard. The internet browser and app settings allow you to delete cookies. It is also possible to block cookies automatically.

Restrictions on the use of cookies may affect some functionalities available on the websites and apps of the Online Store.

Cookies placed on the end device of the Customer/User and used may also be used by advertisers and partners cooperating with the Online Store and App.

Cookies may be used by the Google network to display advertisements tailored to how the Customer/User uses the Online Store and App. To this end, they may retain information about the user's navigation path or time spent on a given page: https://policies.google.com/technologies/partner-sites.

We recommend that Customers/Users read the privacy policies of these companies to understand the rules for the use of cookies used in statistics: Privacy Policy of Google Analytics.

In terms of information about the preferences of the Customer/User collected by the Google advertising network, the Customer/User can view and edit the information resulting from cookies using the tool: https://www.google.com/ads/preferences/.

On the Online Store's and App's website, there are plugins that can transmit data of Customers/Users to Administrators such as Google Maps, Google Analytics, Meta (Facebook), Google Ads, PayPal, TradeTracker, Google reCAPTCHA, Shopify, Google.

To correctly perform the distance sales agreement, the Data Administrator may share Customer/User data with courier companies. The currently available delivery methods in the Online Store are available at: https://reactor.bike/delivery.html.

To correctly perform the distance sales agreement, the Administrator may share Customer/User data with online payment systems. The currently available prepayment methods in the Online Store are available at: https://reactor.bike/payments.html.

11. Newsletter

The Customer can consent to receive commercial information electronically by selecting the appropriate option in the registration form or later in the appropriate tab. If such consent is given, the Customer/User will receive information (Newsletter) of the Online Store to the provided email address, as well as other commercial information sent by the Seller.

The Customer can unsubscribe from the Newsletter at any time by deselecting the appropriate field on their Account page or by visiting the form https://reactor.bike/newsletter.html, clicking the appropriate link included in each Newsletter, or through the Customer Service Office.

12. Account

The Customer/User may not place or provide unlawful content, including opinions and other data, to the Seller in the Online Store and App.
The Customer/User gains access to the Account after registration.
As part of the registration, the Customer/User provides the type of account or gender, name, surname, company name, NIP, data for issuing a sales document, shipping data, email address, and chooses a password. The Customer/User ensures that the data provided by them in the registration form is accurate. Registration requires thorough reading of the Terms and Conditions and checking the box on the registration form that the Customer/User has read the Terms and Conditions and fully accepts all its provisions.
At the moment the Customer/User is granted access to the Account, an agreement for the provision of electronic services concerning the Account is concluded between the Seller and the Customer for an indefinite period. The Consumer may withdraw from this agreement under the Terms and Conditions.
Registering an Account on one of the Online Store's and App's websites simultaneously allows access to other websites and the app under which the Online Store and App are available.
The Customer/User may terminate the electronic service agreement at any time with immediate effect by informing the Seller via email or in writing at the address of the Data Administrator provided in section 1, point 2 of this Privacy and Cookies Policy.
The Seller has the right to terminate the electronic services agreement regarding the Account in case of cessation of the service or transfer of the Online Store and App service to a third party, violation of the law or the Terms and Conditions by the Customer/User, as well as in the case of inactivity of the Customer/User for a period of 6 months. The termination of the agreement is with a seven-day notice period. The Seller may stipulate that re-registration of the Account will require the Seller's permission.