**PRIVACY POLICY**
---
### General Information
1. This Privacy Policy defines the rules for the use and processing of personal data of Users of the website available at: thornfit.pl
2. This Privacy Policy applies to all websites, online services, mobile applications, and social media accounts managed by the THORN FIT brand (hereinafter collectively referred to as the “Service” or “Services”).
---
### Processing of Personal Data
1. The controller of Users’ personal data is **MJST Sp. z o.o.**, based in Gdynia, ul. Wendy 15 (81-341), entered into the Register of Entrepreneurs maintained by the District Court Gdańsk-Północ, VIII Commercial Division of the National Court Register under KRS number 0000122302, NIP 5850000785, REGON 00284413300000 (hereinafter the “Controller”).
2. The protection of Users’ private information is a priority for the Controller. The Controller makes every effort to ensure that Users feel safe while using the Services.
3. This Privacy Policy applies to all private information, including personal data collected and processed via the Services.
4. To properly provide services, the Controller processes personal data such as: name, surname, gender, residential and shipping address, bank account number, email address, IP address, tax identification number (for VAT invoices), and phone number.
5. While using the Services, the Controller may also collect information about the User’s device to ensure proper functionality, including: IP address, cookies and similar technologies, session data, browser data, device data, activity on the website, and geolocation data (if consent is given). Geolocation is used to provide more personalized offers.
6. Personal data is processed to enable Users to use all functionalities of the Services. Providing data is voluntary but necessary for certain features (e.g., placing orders).
In order to fulfill orders, the Controller uses third-party services:
**A) Payment processing:**
* Dotpay Sp. z o.o.
* PayPo sp. z o.o.
* Stripe
**B) Delivery services:**
* UPS Polska Sp. z o.o.
* InPost Paczkomaty Sp. z o.o.
Data is shared only to fulfill orders and in compliance with applicable laws. The Controller does not sell personal data.
7. During registration or ordering, Users may consent to receive marketing content. Consent can be withdrawn at any time via email: [pdo@thornfit.com](mailto:pdo@thornfit.com) or in writing.
8. Users may also subscribe to a newsletter and unsubscribe at any time via email or written request.
---
### User Rights
1. Each User has the right to:
* access their personal data
* correct their data
* restrict processing
* request deletion (if not required by law)
* data portability
2. Users have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO).
3. To exercise these rights, Users may contact the Controller via email: [pdo@thornfit.com](mailto:pdo@thornfit.com) or by post.
---
### Cookies
1. The Service uses cookies (small text files stored on the User’s device).
2. Cookies are used to create statistics and improve the Services.
3. Types of cookies:
* **Session cookies** – temporary, deleted after leaving the site
* **Persistent cookies** – stored for a defined period or until deleted
4. By using the Service, the User consents to the use of cookies.
5. Users may disable cookies in their browser settings.
---
### Google Analytics, Facebook Pixel, HotJar
1. The Controller uses tools such as Google Analytics, Facebook Pixel, and HotJar for statistical and analytical purposes.
2. These tools provide anonymized data on traffic, behavior, and demographics.
3. The data is used solely to improve and optimize the Services and cannot be linked to individual Users.
---
