Back to home

Privacy Policy

Last updated: January 1, 2026

§1 General Provisions

  1. This Privacy Policy defines the rules for the processing and protection of personal data of users of the information and offer platform available at parsell.pl (hereinafter referred to as the "Platform").
  2. Using the Platform, including account registration, constitutes the provision of electronic services within the meaning of the Act of July 18, 2002 on the provision of electronic services and requires acceptance of the Regulations, of which this Privacy Policy is an integral part.
  3. We care about the privacy of users and the security of their data. We process personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 24 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "GDPR"), the provisions of the Polish Act on the Protection of Personal Data of May 10, 2018, and the Telecommunications Law Act.
  4. In accordance with the principle of data protection by design, the Platform has been created in a way that minimizes data processing, ensuring full protection of the business and personal interests of our Clients.

§2 Data Controller

The entity deciding on the purposes and means of processing your personal data is:

PARSELL SP. Z O.O.

with its registered office at: Cegielniana 3, 49-300 Brzeg, Poland

KRS: 0000980940, NIP: 7471923601, REGON: 522509372

E-mail: business@parsell.pl

§3 Contact in Matters of Data Protection

In all matters related to the processing of personal data, privacy protection, and the exercise of applicable rights, users can contact the Controller directly via e-mail at: business@parsell.pl.

§4 Purposes and Legal Bases for Data Processing

We process personal data for the following purposes, based on specific legal bases resulting from the provisions of the GDPR:

Purpose of Processing Legal Basis (GDPR)
Account registration and maintenance on the Platform enabling access to the catalog and footwear product offers. Article 6(1)(b) GDPR — necessity for the performance of a contract for the provision of services by electronic means.
Handling of requests for quotations, negotiations, and execution of orders placed outside the Platform (via e-mail, WhatsApp, or telephone). Article 6(1)(b) GDPR — necessity to take steps at the request of the data subject prior to entering into a contract and performance of the sales contract.
Ongoing commercial contact and operational handling of Customer inquiries. Article 6(1)(f) GDPR — legitimate interest of the Controller (efficient communication with users).
Marketing activities (Newsletter, commercial information, telemarketing, WhatsApp notifications). Article 6(1)(a) GDPR — voluntary and prior consent of the user.
Fulfilling legal obligations (tax, fiscal, and accounting). Article 6(1)(c) GDPR — legal obligation incumbent on the Controller.
Establishment, exercise, defense, or enforcement of possible financial and legal claims. Article 6(1)(f) GDPR — legitimate interest of the Controller.
Analytical and statistical purposes (optimization and improvement of the Platform). Article 6(1)(f) GDPR — legitimate interest of the Controller.
Ensuring the security of the ICT network and protection against abuse. Article 6(1)(f) GDPR — legitimate interest of the Controller.

§5 Scope of Processed Data

Depending on the purpose of the interaction, the Controller processes the following categories of data:

  • Account registration: Company data (full name, registered office address, unique Tax ID/NIP), first and last name of the contact person, e-mail address, mobile phone number.
  • Placing and executing orders (e-mail / WhatsApp): Data necessary for the delivery of footwear, including the delivery warehouse address, shipping address, specification of the ordered assortment, and data of the person authorized to receive the delivery.
  • Newsletter and marketing channels: E-mail address, first name (optional), and phone number assigned to the WhatsApp application.
  • Data collected automatically (usage data): IP address of the device, technical data of the web browser, information about the operating system, as well as system logs regarding the date, time, and scope of using the Platform.

Providing the aforementioned data is voluntary, but completely necessary for the purpose of account registration, gaining access to wholesale prices, and effective processing of orders outside the Platform.

§6 Data Recipients and Profiling

Users' personal data may be entrusted to third parties supporting the Controller in its current operational activities:

  • Logistics, forwarding, and courier service providers (e.g., DHL, DPD, UPS, FedEx).
  • IT service providers, hosting entities, CRM systems, and cloud software providers.
  • External accounting and bookkeeping office, law firms, and advisory companies.
  • Providers of systems and tools for automated e-mail marketing and mass messaging (in case of consent to marketing).
  • ipapi.co — an IP geolocation service used solely to automatically suggest the user's country and phone prefix during registration. The user's IP address is transmitted to this service for this purpose. No personal data is stored by this provider on our behalf. More information: ipapi.co/privacy.
  • Authorized public authorities and tax administration, if such an obligation results directly from mandatory provisions of law.

Users' personal data are not subject to automated decision-making processes or profiling within the meaning of the GDPR regulations.

§7 Data Processing Outside the European Economic Area (EEA)

In connection with the use of external communication tools in the Customer service process (e.g., WhatsApp messenger provided by Meta Platforms Inc.), part of the user's personal data may be processed outside the European Economic Area. In such cases, the Controller guarantees that the data transfer takes place with the highest security standards, based on adequacy decisions of the European Commission or Standard Contractual Clauses (SCC) approved by the European Commission, in accordance with the requirements of Chapter V of the GDPR.

§8 Data Retention Period

Personal data are stored for the period necessary to achieve specific purposes, in accordance with the principle of storage limitation (Article 5(1)(e) GDPR):

  • Data related to the account on the Platform — for the entire period of holding an active account by the Client, until a request for its deletion is submitted, and thereafter until the expiry of the limitation period for possible civil claims.
  • Data related to the execution of orders (e-mail / WhatsApp) — for the time necessary to fully perform the sales contract, and after its completion for the period required by tax and accounting regulations (standardly 5 years) and until the expiry of the limitation periods for contractual claims.
  • Data processed on the basis of consent (marketing, newsletter) — continuously until the user withdraws the previously granted consent.

§9 Rights of the Data Subject

Every user is entitled to full and inalienable rights resulting from the GDPR regulations:

  1. The right of access to data and to obtain a copy thereof (Article 15 GDPR).
  2. The right to rectify and correct data (Article 16 GDPR) — if they are incorrect or incomplete.
  3. The right to erase data ("the right to be forgotten") (Article 17 GDPR).
  4. The right to restrict data processing (Article 18 GDPR).
  5. The right to data portability (Article 20 GDPR) — provided that the processing is carried out by automated means based on a contract or consent.
  6. The right to object (Article 21 GDPR) — to processing based on the legitimate interest of the Controller.
  7. The right to withdraw consent at any time — without affecting the lawfulness of processing based on consent before its withdrawal.
  8. The right to lodge a complaint with a supervisory authority — The authority in Poland is the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

To exercise your rights, please send an appropriate e-mail notification to: business@parsell.pl.

§10 Cookies Policy

  1. The Platform uses cookies, which are small text files saved and stored on the user's end device.
  2. Cookies are used for the purpose of:
    • Ensuring the correct and stable technical functioning of the Platform and maintaining the session of the logged-in user (necessary cookies).
    • Analyzing traffic, behavior, and preparing audience statistics (analytical cookies).
    • Adjusting personalized marketing content (marketing cookies).
  3. Storing cookies and gaining access to them requires obtaining the user's prior, informed consent, in accordance with Art. 173 of the Telecommunications Law. This consent can be expressed or withdrawn by configuring the settings of the web browser or via a dedicated cookie management banner on the website.

§11 Data Security and Liability

  1. The Controller implements and applies advanced technical and organizational measures in accordance with Article 32 of the GDPR, ensuring a level of security appropriate to the risk of violating the rights or freedoms of natural persons. All data transmission on the Platform is strictly encrypted using the SSL protocol.
  2. The Controller undertakes to fully respect the secrecy of electronic communication (telecommunications secrecy), covering user data and the content of commercial arrangements conducted electronically.
  3. According to the Polish penal provisions of the Act on the Protection of Personal Data, processing data in an unacceptable manner or by an unauthorized person is subject to criminal liability (a fine, restriction of liberty, or imprisonment for up to two years).
  4. Sending unsolicited commercial information and using telecommunications terminal equipment for direct marketing purposes without obtaining the user's prior consent constitutes an act of unfair competition and is subject to legal sanctions.

§12 Final Provisions

  1. The Controller reserves the right to introduce modifications to this Privacy Policy in order to adapt it to legal or technological changes. The current version of the document will be constantly published and available within the structure of the Platform.
  2. In matters not regulated by this document, the relevant provisions of the GDPR, the Civil Code, and other applicable acts of Polish law shall apply.