This Privacy Policy concerns the processing and protection of Users' personal data in connection with the use of the online store.

Our main goal is to ensure Users of the Online Store privacy protection at least equivalent to the standards specified in the applicable legal regulations, in particular in the Act of July 18, 2002 on the provision of electronic services, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) – GDPR, and in the Act of July 16, 2004, Telecommunications Law.

Everyone who uses the Online Store remains anonymous until they decide to reveal their identity. The data administrator processes personal data, among others, on the basis of consent, where consent is also understood as checking the appropriate checkbox or any other action that clearly indicates acceptance of the proposed processing.

The Online Store and the services of the Administrator are not intended for children under 18 years of age, nor are they directed at them.

If you do not accept the content of this Policy, immediately cease using the Online Store.

  1. Definitions


  1. Internet shop - online shop in the domain, the rights to which belong to the Seller;
  2. Administrator - Medhoodie Spółka z ograniczoną odpowiedzialnością with its registered office in Warsaw at ul. Nakielska 3, 01-106 Warsaw, entered into the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, Xiii Commercial Division of the National Court Register under KRS number: 0000887658, NIP: 5272951947, REGON: 38836593300000;
  3. User - a natural person who uses the Services of the Internet Shop;
  4. Account - a part of the Internet Shop assigned to the User, by means of which he/she may carry out certain activities as part of the Internet Shop;
  5. RODO- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC;  
  6. Personal data (or "data") - means any information relating to an identified or identifiable natural person;
  7. President of the Office for the Protection of Personal Data ("PUODO") - means the data protection authority;
  8. Identifiable natural person - means a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural characteristics 

    II. Who is the Administrator of my personal data?

The administrator of your personal data is Medhoodie LLC with its registered office in Warsaw at 3 Nakielska Street, 01-106 Warsaw, registered in the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, Xiii Economic Division of the National Court Register under KRS number: 0000887658, NIP: 5272951947, REGON: 38836593300000;

You can contact about your personal data at e-mail address:, contact number: 797 048 702.


  1. The legal basis and purposes of data processing depend on the type of Services you use:



Legal basis

Purpose of processing

Data retention period

Customer Account Registration

Article 6(1)(b) RODO i.e. the performance of a contract for the provision of services by electronic means consisting in the creation and maintenance of an Account in the Online Shop and also to enable the use of the training platform.


The provision of personal data is voluntary, but necessary to set up an account.

The performance of an agreement for the provision of electronic services to enable you to set up an Account in the Online Shop and to use the training platform.

User data will be processed until the User's account is permanently deleted.

Sale of Products

Article 6(1)(b) RODO (i.e. the processing is necessary for the performance of a sales contract to which the data subject is a party) and Article 6(1)(c) RODO (i.e. performance of a legal obligation) in conjunction with the provisions of the Act of 18 July 2002 on the provision of electronic services and the Civil Code.


The provision of personal data is necessary for the conclusion and performance of the contract,

Execution of the sales contract, i.e. acceptance of the order, processing of the order, handling of complaints.

The data will be processed for the period resulting from the statute of limitations for claims arising from the sales contract, i.e. six years from the conclusion of the contract.

Complaint and withdrawal procedure

Article 6(1)(c) of the RODO i.e. performance of a legal obligation under the provisions of the Consumer Rights Act of 30 May 2014.


The provision of personal data is necessary for the processing of a complaint or withdrawal from the contract.

Handling consumer complaints and carrying out the withdrawal procedure.

Once we have dealt with an enquiry or complaint, we will retain the data for a period not exceeding three years, unless the nature of the enquiry requires a longer retention period.

Issuing of invoices

Article 6(1)(c) of the DPA, i.e. the performance of legal obligations under tax law, including the retention of accounting records.

Fulfilment of tax law obligations

Once we have invoiced you, we will process this data for a period of six years (accounting records)

Email contact

Article 6(1)(f) RODO i.e. the legitimate interest of maintaining contact with a potential customer and answering questions.


The provision of personal data is voluntary, but necessary to establish contact.

Consideration of enquiry and response.

Data will be processed for a period of two years.

Direct marketing and sending of commercial information


Article 6(1)(f) RODO i.e. legitimate interest to send commercial information and direct marketing with the prior consent of the User.


The provision of personal data is voluntary but necessary for the Newsletter service.

Sending information on current products, offers via email.

We will continue to send commercial communications until you opt out of receiving it. Each commercial communication includes a link where you can opt out of receiving commercial communications


The periods indicated in the table above are counted from the end of the year in which the Administrator started the data processing in order to facilitate the technical process of controlling these periods. After this time, the personal data shall be permanently destroyed or deleted, unless the obligation to continue storing them arises from applicable legislation.

  1. With whom do we share your personal data?

Administrator may transfer your personal data to the following categories of recipients:

- a company providing accounting services - BOOKKEEPERS SP Z O.O.
- payment service providers - PayU (PayU S.A.), Google Pay (Google LLC), Apple Pay (Apple Inc), Twisto (Twist sp. z o.o.), BLIK (Polski Standard Płatności sp. z o.o.), PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A.), banks processing your payment - depending on the chosen payment method;
- a shipping company responsible for delivering shipments - InPost (InPost sp. z o.o.), DHL (DHL Parcel Polska Sp. z o.o.), DPD (DPD Polska sp. z o.o.) - depending on the chosen delivery method;
- a company providing technical and IT support, including website hosting, data storage on a server (Cloudways Ltd.)
- a company providing a newsletter sending system (Sales Manago - Benhauer Sp. z o.o)
- companies providing access to the Facebook and Instagram platforms, where the online store's fan page is located (Meta Platforms Inc.);
- a company providing Google Analytics statistical analysis tools (Google LLC);
- a company providing analytical tools tracking traffic in the online store (Hotjar Ltd, New Relic Inc)

All external entities may use your data solely for the purpose of providing the respective service. All individuals with access to your data must handle it with care and comply with applicable laws and regulations. We do not transfer your data to third parties for commercial purposes or sell your data to other companies.

The online store may disclose personal data to competent authorities, tax authorities, and/or law enforcement authorities if required by law.

  1. Transfer of data to third countries

The controller transfers your personal data outside the European Economic Area only when necessary and resulting from the use of international companies.  Service providers are obliged to provide the same level of protection and use appropriate legal mechanisms to ensure the protection of personal data, such as, for example, binding corporate rules adopted by the competent supervisory authority or other international certification standards or standard contractual clauses defined by the European Commission.

  1. User rights


  1. The User has the right to demand from the Administrator:

     Access to their personal data - every person exercising this right has the right to obtain information about whether and what information about them the Administrator processes, as well as to receive a free copy of the data.

    Rectification of data - every person exercising this right has the right to request rectification of their data or their supplementation.

     Restriction of processing - every person exercising this right has the right to restrict the processing of their data in the event of questioning the accuracy of the data, their legality, or the necessity of processing, as well as objecting to the processing.

     Withdrawal of consent to data processing - every person exercising this right has the right to withdraw previously given consent to data processing for specific purposes covered by the consent. Note! This right concerns only the processing of data for which the User's consent is the legal basis.

     Objecting to processing - every person exercising this right will be able to object to the processing of their data based on the legitimate interest of the Administrator.

     Data portability - every person exercising this right will be able to demand the transfer of their data in PDF format to the designated Administrator.

  2. In addition to the rights indicated above, every person whose data is processed has the right to lodge a complaint with the President of the Personal Data Protection Office if they believe that their data is being processed in violation of applicable laws. The complaint is submitted to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw, or using the form on the website:
  3. The rights specified in point 1 can be exercised by contacting us using the contact details provided in the "Contact" tab. The Administrator will execute the rights by contacting the Administrator's email address within a maximum period of 30 days from receiving the request. If, due to the specific nature or complexity of the matter, it is not possible within the 30-day period, the Administrator will fulfill it within the next month and will immediately inform the entitled party of the extension of the deadline.
  4. To ensure security, we reserve the right to request specific, known information. By applying such a process, we can verify whether it is indeed the person whose data is being processed.
  5. The Administrator has the right to refuse to fulfill the above-mentioned rights only when it is in accordance with the law and due to overriding interests of the data subject. The Administrator will inform the data subject of the reasons for refusing to fulfill the request each time.


  1. Cookies


  1. In the Online Store, we use cookies, which are small text-numeric files that are saved by the telecommunications system on the User's telecommunications system (on a computer, phone, or other device from which the connection to the Online Store was made) while browsing the Online Store. They allow for the subsequent identification of the User in the event of reconnecting to the Online Store from the device (e.g., computer, phone) on which they were saved.
  2. The Administrator may use the following types of cookies:

     Temporary "cookie" - they exist on the computer only during the stay on a particular website - precisely until the browser is closed. They allow store pages to remember what customers selected on the previous page and are intended to optimize navigation in the Online Store, e.g., by remembering the settings of a logged-in User in the Online Store - so the user does not have to re-enter their login and password on each store subpage (no password or login is stored in the "cookie" - only the customer's session number, which does not identify the customer's personal data).

     Statistical "cookie" - this type of cookie is used to provide important information about traffic on the pages and how visitors use it. Tools such as Google Analytics, Hotjar, New Relic are used to collect this data. These cookies are used solely to collect statistics on website traffic and to determine the user's profile to display them tailored materials in advertising networks, especially in the Google network.

  3. The above-mentioned companies guarantee compliance with standards regarding the protection of personal data, analogous to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. The use of their technologies by the Online Store in data processing is in accordance with the law.
  4. No personal information of Users of the Online Store is stored in cookie files. Cookies are not used to determine the identity of the User. The legal basis for the use of cookies is the legitimate interest of the Administrator.
  5. Cookies are used in the Online Store with the User's consent.
  6. Cookies placed on the user's end device may also be used by advertisers and partners cooperating with the store operator, and may also be used by advertising networks, especially the Google network, to display ads tailored to the way the user uses the store. To achieve this, they may retain information about the user's navigation path or time spent on a particular page.
  7. The Administrator analyzes the browsing history of the Online Store and traffic on the site in an automated manner. Data analysis does not have any legal consequences for Users and is only aimed at adapting the content presented by the Administrator to User preferences.
  8. The User may withdraw or change the scope of previously given consent to the use of cookies in the Online Store at any time and delete them from their browser.
  9. Consent can be given by the User through appropriate settings of the software, especially the internet browser, installed on the telecommunications device used by the User to browse the content of the Online Store.
  10. The User may also restrict or disable cookies in their browser at any time by adjusting its settings to block cookies or warn the User before saving a cookie file on the device they use to browse the content of the Online Store. In this case, however, the User may not be able to use all the functionalities of the Online Store.


  1. Social media plug-ins


  1. We would like to inform you that the Internet Shop may contain links allowing its Users to directly reach other websites for which the owner of the Internet Shop is not responsible. We have no influence on the privacy policy and the use of cookies of the administrators of these websites. We recommend that, before using the services offered by other websites, each User should read the document concerning privacy policy and the use of cookies, if they have been made available, and, if they have not, contact the administration of the given website in order to obtain information on this subject.


  1. Privacy principles of third party services:



The Administrator shall place Facebook-related buttons on the pages of his Internet Shop. For this purpose, a button referring to Facebook is placed in relevant sections and pages. By using the button the User logs into Facebook, which has a Facebook privacy policy. This policy can be accessed via the link:



The administrator places plug-ins on his website that refer to the Instagram service. By using this plug-in, the User logs in to the Instagram service, where Instagram's privacy policy applies. This policy can be consulted at the link:


  1. How do we secure your personal data?

The controller does everything possible to keep your data secure. To this end, it implements appropriate technical and organisational measures so that the processing is carried out in accordance with the law and in a manner that ensures security, including but not limited to the use of an encrypted https connection, password authentication, firewall on the server.

The IT systems used by the Administrator have appropriate security measures in place to guarantee the confidentiality and integrity of the personal data processed.

  1. Where can I raise concerns/comments about what processing of personal data?

  • via e-mail:

  1. Final provisions

The Administrator Implements Technical And Organizational Measures Aimed At Ensuring The Protection Of Processed Personal Data Appropriate To The Risks And Categories Of Data Subject To Protection, Particularly Securing Data Against Unauthorized Disclosure, Seizure By An Unauthorized Person, Processing In Violation Of Applicable Laws, As Well As Alteration, Loss, Damage, Or Destruction.

The Administrator Reserves The Right To Change The Privacy Policy For Important Reasons (Such As Changes In Applicable Laws, Introduction Of New Functionalities, Modification Of It Systems). The Administrator Will Inform Users About Any Changes To The Privacy Policy By Placing Information About The Change On The Homepage. Users With User Accounts Will Additionally Be Notified By The Administrator By Sending Information About The Change In The Privacy Policy To The Email Address Provided By Them In The Registration Form.

Changes To The Privacy Policy Take Effect Within 14 Days From The Date Of Publication On The Online Store. Archived Versions Of The Policy Are Published On The Online Store's Website In The "Privacy Policy" Section.

In The Case Of Agreements Concluded Before The Change In The Privacy Policy, The Privacy Policy In Force On The Date Of Conclusion Of The Agreement Shall Apply.