Privacy policy



1. What personal data are we talking about?

1.1. If you want to use the full version of the ScanTheSun application available on our website at and in the Google Play store (hereinafter: the “Website”), you will be asked
to provide us with your personal data. Your data will be processed by us for the purposes
indicated below, related to the functioning of the Website and the provision of services that
we offer.

2. Who processes your personal data?

2.1.The controller of your personal data is ScanTheSun Sp. z o.o. with its registered office in
Lublin at ul. Tomasza Zana 11A, 20-601 Lublin, entered into the Register of Entrepreneurs
of the National Court Register kept by the Lublin-Wschód District Court in Lublin with its seat
in Świdnik, VI Commercial Division of the National Court Register, under KRS number
0000824707, TIN 7123398156 and REGON number 385347828, with a share capital of PLN

2.2. Your personal data are processed in accordance with the Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (OJ.EU.L No 119, p. 1) (hereinafter: “GDPR”) and
other personal data protection laws in force.

2.3. In case of any doubts related to the privacy policy, you can contact the personal data
controller electronically at the following e-mail address:, or by
correspondence by sending a letter to the following address: ScanTheSun sp. z o.o.,
ul.Tomasza Zana 11A, 20-601 Lublin.

3. What are the purposes and legal basis for processing your personal data?

3.1.Depending on what services you want to use, your personal data may be processed for the
purpose of:

a) providing services offered on the Website
b) your use of other Website functions,
c) making contact with you (at your request).

3.2. Your personal data may be processed by us based on the following legal basis:

a) conclusion and performance of a contract for the provision of services (Article 6 (1) (b)
of the GDPR)
b) our legitimate interest in the processing of data to establish, assert or defend any claims
(Article 6 (1) (f) of the GDPR)
c) Your consent expressed by contacting us (Article 6 (1) (a) of the GDPR).

3.3. In the event that you want to use the full version of the ScanTheSun application, we will have
to send you, depending on your choice, an activation key in the form of a digital code (sent
to e-mail) or an NFC Tag in the form of a proximity card (sent to the postal address).
Fulfilling these obligations will require you to provide your personal data in the form of e-mail
address and postal address, if you want to order the NFC activation Tag. In this case, your
data is processed in order to conclude and perform the contract for the provision of services
within the scope of using the Website (Article 6 (1) (b) of the GDPR).

3.4. By contacting us via e-mail, you provide us with your data: e-mail address as the sender’s
data. You can also include other personal data in the contents of the message. Providing
data is voluntary, but necessary to make contact. In this case, your data is processed in
order to contact you, and the basis for processing is Article 6 (1)(a) of the GDPR, i.e. your
consent resulting from initiating contact. The legal basis for processing after the end of
contact is the justified purpose of archiving correspondence for the purpose of showing its
course in the future (Article 6 (1) (f) of the GDPR).

3.5. The services on the Website are intended for people under 18 years of age. If we find that a
person under the age of 18 has provided us with personal data, we will delete it immediately.

4. Who can we transfer your data to?

4.1.Your personal data may be processed by our employees as well as subcontractors, i.e.
external entities whose services we use, i.e.:

a) software provider needed to run the Website,
b) provider of the software needed to run the Websit’s e-mail boxes,
c) persons who, when providing us with services related to website technical support, may
potentially gain access to your personal data,
d) provider of the software that facilitates business operations,
e) entities providing parcel delivery services,
f) relevant public authorities to the extent that the controller is obliged to provide them with
g) entities that may participate in the provision of legal or other advisory services to us,
– all entities entrusted with the processing of personal data guarantee the use of appropriate
measures for the protection and security of personal data required by law.

4.2. Your personal data may be transferred to countries/international organizations outside the
European Economic Area, when these countries/organizations, on the basis of a decision of
the European Commission, have been recognized as ensuring an adequate level of
personal data protection to the level of protection in force in the European Economic Area or
subject to the application of appropriate safeguards, which may consist in the use of binding
corporate rules, standard data protection clauses adopted by the European Commission,
standard data protection clauses adopted by the President of the Personal Data Protection
Office or contractual clauses authorized by the President of the Personal Data Protection

4.3.Your personal data may be made available to entities and bodies authorized to process such
data on the basis of legal provisions.

5. How long will we process your personal data?

5.1. Your personal data will be processed by us for as long as we have a legal basis therefor,
depending on which of the following basis applies, i.e.:

a) the legal obligation that obliges us to process your data ceases to bind us,
b) the possibility of establishing, investigating or defending any claims related to the
contract concluded between you and the Website will cease,
c) you will withdraw your consent to data processing if it was its basis,
d) your objection to the processing of your personal data will be accepted – if the basis for
the processing of your data was the legitimate interest of the controller.

5.2. The content of the correspondence may be archived and we are not able to clearly
determine when it will be deleted. You have the right to request a history of correspondence
with us (in the case of archiving it), as well as request its removal, unless its archiving is
justified due to our overriding interest, e.g. defense against potential claims on your part.

6. What are your rights in relation to your personal data?

6.1. Under the GDPR, you have the following rights related to the processing of your personal

a) the right to access your personal data,
b) the right to rectification of your personal data,
c) your right to erasure of your personal data,
d) the right to restriction of processing of your personal data,
e) the right to object to the processing of personal data, if we process your personal data
pursuant to Article 6 (1)(f) of the GDPR, i.e. on the basis of the legitimate interests
pursued by the controller, including profiling based on these provisions,
f) the right of data portability,
g) the right to withdraw consent to the processing of personal data, if you have given such
consent, and the processing of data until you withdraw your consent remains lawful,
h) the right to lodge a complaint to a supervisory body – the President of the Personal Data
Protection Office.

6.2. Providing personal data is voluntary, but in some cases it may be necessary to use the
services provided on the Website, use other Website functions or to contact you.

6.3. The result of not providing personal data, depending on the purpose for which they are
provided, may be:

a) the inability to use the services provided by the Website to the full extent,
b) no possibility of contacting you.

6.4. We guarantee the confidentiality of all personal data provided to us. We ensure that all
security and personal data protection measures required by the provisions on the protection
of personal data are taken. Personal data is collected with due diligence and properly
protected against access by unauthorized persons.

6.5. If you want to exercise your rights, please contact us using the contact details provided in
sec. 2.3. of the Privacy Policy.

6.6. You can also always ask us to provide you with information about what data we have about
you and for what purposes we process it.


1. The Website, like most websites, uses the so-called cookies. This means that these files are
saved by servers on the user’s end device, i.e. your computer, tablet, smartphone, and can
be read every time you connect from this end device. Cookies do not change the settings of
your device, and at the same time allow you to use all the functions of the Website.

2. During the first visit to the Website, you are shown information about the use of cookies. By
using the appropriate option of your browser, you can manage cookies, which means that
you can always change cookie settings or delete cookies altogether.
Remember that disabling or limiting the use of cookies may cause difficulties in using the
Website, as well as from many other websites that use cookies.
If you want to learn more about managing cookies, you can use your browser’s help file.

3. Cookies on the Website are used for the following purposes:

a) adjusting the content of the Website to the user’s preferences and optimizing its use in
particular, these files allow to recognize the Website user’s device and properly display
the Website, tailored to their individual needs,
b) creating statistics that help to understand how Website users use it, which allows
improving its structure and content,
c) providing users with advertising content more tailored to their interests.


1. The controller is entitled to change the Privacy Policy. The changes will be announced by
posting the new content of the Privacy Policy on the Website together with the information
from what date the new Privacy Policy is effective.

2. This Privacy Policy becomes effective as of June 1 st 2021.