Bathtubs
Showers
Washbasins
Bathroom taps
LED mirrors
Baskets and decorations
Bathroom ceramics
Spare parts
Collections
OUTLET
Freestanding bathtubs
Wall-mounted bathtubs
Corner baths
Bath accessories
Shower panels
Shower columns
Shower sets
Shower enclosures
Bath screens
Shower accessories
Countertop washbasins
Countertop washbasins
Standing washbasins
Wall-mounted washbasins
Washbasin accessories
Bathroom taps
Washbasin taps
Shower taps
Bidet taps
Kitchen taps
Battery accessories
Oval mirrors
Round mirrors
Rectangular mirrors
Square mirrors
Laundry baskets
Baskets and organisers
Boxes and containers
Natural baskets
Technorattan accessories
Bathroom decorations
Toilet seats
Bidets, urinals, bowls
For shower panels
Heads
For the battery
Other parts
Intero
Mono
Ango
Lugo
Olvena
Trino
Privacy Policy
1. Data Controller and Definitions
- The controller of personal data of the Online Store’s Customers/Users, also referred to as the Seller, is: Corsan sp. z o.o., NIP: 7642721360, REGON: 529181360.
- You can contact the Data Controller:
- by mail at: Magazynowa 9, 64-920 Piła;
- by email at: sklep@corsan.pl.
- User – a natural person visiting the Online Store website(s) or using the services or functionalities described in this Privacy and Cookies Policy.
- Customer – a natural person with full legal capacity, a natural person acting as a Consumer, a legal person or an organizational unit without legal personality to which the law grants legal capacity, who concludes a distance Sales Agreement with the Seller.
- Online Store – an online service operated by the Seller, available at the electronic addresses (web pages): https://corsan.pl through which the Customer/User can obtain information about a Product and its availability and purchase a Product or order the provision of a service.
- Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of services by electronic means (Journal of Laws of 2020, item 344), originating from the Seller and sent to the Customer/User by electronic means; receiving it is voluntary and requires the Customer’s/User’s consent.
- Account – a set of data stored in the Online Store and in the Seller’s ICT system concerning a given Customer/User and the orders placed and contracts concluded by them, by means of which the Customer/User can place orders and conclude contracts.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
2. Purposes, Legal Bases and Retention Periods for Processing
- For the purpose of performing the distance Sales Agreement, the Seller processes:
- information regarding the User’s device to ensure services function correctly: the computer’s IP address, information contained in cookies or other similar technologies, session data, web browser data, device data, data regarding activity on the Site, including specific subpages;
- geolocation information if the User has consented to the service provider’s access to geolocation. Geolocation information is used to deliver more tailored offers of products and services;
- Users’ personal data: first name, last name, registered office address, mailing address, email address, phone number, NIP (tax ID), bank account number, or other personal data the provision of which is necessary to complete the purchase and which the Controller requires in the purchasing process.
- This information does not contain data identifying Users directly, but when combined with other information it may constitute personal data and therefore the Controller affords it full protection under the GDPR.
- This data is processed pursuant to Article 6(1)(b) GDPR for the provision of the service, i.e., the contract for the provision of electronic services in accordance with the Terms and Conditions, and pursuant to Article 6(1)(a) GDPR in connection with consent to the use of certain cookies or similar technologies expressed via the appropriate web browser settings in accordance with telecommunications law, or in connection with consent to geolocation. Data is processed until the Customer/User ceases using the Online Store.
- The Controller undertakes to take all measures required under Article 32 GDPR, i.e., taking into account the state of the art, implementation costs, and the nature, scope and purposes of processing as well as the risk to the rights or freedoms of natural persons of varying likelihood and severity, the Controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
3. Controller’s Marketing Activities
- On the Online Store website, the Data Controller may post marketing information about its products or services. The display of such content is carried out by the Data Controller pursuant to Article 6(1)(f) GDPR, i.e., the Controller’s legitimate interest consisting in publishing content related to the services provided and promotional activities in which the Data Controller is involved. At the same time, this activity does not infringe the rights and freedoms of Customers/Users. Customers/Users expect to receive content of a similar nature or even seek it out, or it is the direct purpose of their visit to the Online Store website(s).
4. Recipients of Users’ Data
- The Data Controller discloses users’ personal data only to processors under concluded data processing agreements for the purpose of providing services to the Data Controller, e.g., hosting and Site maintenance, IT services, marketing and PR support.
5. Transfer of Personal Data to Third Countries
- Personal data will not be processed in third countries.
6. Rights of Data Subjects
- Every data subject has the right:
- of access (Article 15 GDPR) – to obtain confirmation from the Data Controller as to whether their personal data are being processed. Where data concerning the person are processed, they are entitled to access them and obtain the following information: the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, the period for which the data will be stored or the criteria used to determine that period, the right to request rectification, erasure or restriction of processing of personal data relating to the data subject, and to object to such processing;
- to obtain a copy of the data (Article 15(3) GDPR) – to obtain a copy of the data undergoing processing, with the first copy being free of charge; the Data Controller may charge a reasonable fee for any further copies based on administrative costs;
- to rectification (Article 16 GDPR) – to request rectification of inaccurate personal data concerning them or completion of incomplete data;
- to erasure (Article 17 GDPR) – to request erasure of personal data where the Data Controller no longer has a legal basis for processing them or the data are no longer necessary for the purposes of processing;
- to restriction of processing (Article 18 GDPR) – to request restriction of processing where:
- the data subject contests the accuracy of the personal data – for a period enabling the Data Controller to verify the accuracy of the data,
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead,
- the Data Controller no longer needs the data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims,
- the data subject has objected to processing – pending the verification whether the Controller’s legitimate grounds override those of the data subject;
- to data portability (Article 20 GDPR) – to receive the personal data concerning them, which they have provided to the Data Controller, in a structured, commonly used and machine-readable format and to request that those data be transmitted to another controller, where the processing is based on the data subject’s consent or a contract with them and the processing is carried out by automated means;
- to object (Article 21 GDPR) – to object to the processing of their personal data for the Controller’s legitimate interests on grounds relating to their particular situation, including profiling. The Data Controller will then assess whether there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defense of legal claims. If, according to the assessment, the data subject’s interests prevail over the Controller’s interests, the Data Controller will be obliged to cease processing the data for these purposes;
- to withdraw consent at any time and without giving reasons, without affecting the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent will result in the Data Controller ceasing to process personal data for the purpose for which the consent was given.
- To exercise the above rights, the data subject should contact the Data Controller using the contact details provided and specify which right they wish to exercise and to what extent.
7. President of the Personal Data Protection Office
- The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office (PUODO), based in Warsaw, ul. Stawki 2, who can be contacted as follows:
- by post: ul. Stawki 2, 00-193 Warsaw;
- via the electronic inbox available at: https://www.uodo.gov.pl/pl/p/kontakt;
- Helpline: 606-950-000.
8. Data Protection Officer
- In all cases, the data subject may also contact the Controller’s Data Protection Officer directly by email or in writing at the Data Controller’s address provided in Section 1 point 2 of this Privacy and Cookies Policy.
9. Changes to the Privacy Policy
- The privacy and cookies policy may be supplemented or updated as needed by the Controller to provide Customers/Users with current and reliable information.
10. Cookies
- The Online Store collects information about Customers, Users and their behavior in the following ways:
- through information voluntarily entered in forms for purposes arising from the function of a given form;
- by storing cookies (so-called “cookies”) on end-user devices;
- by collecting web server logs by the Online Store’s hosting operator (necessary for the proper operation of the service).
- Cookies are IT data, in particular text files, which are stored on the Customer’s/User’s end device and are intended for use with the Online Store website. Cookies usually contain the name of the website they come from, the time they are stored on the end device and a unique number.
- The Online Store uses cookies only after the Store’s Customer/User has given prior consent. Consent to the Online Store’s use of all cookies is given by clicking the “Close” button when the cookie notice is displayed by the Online Store or by closing that notice.
- If the Customer/User of the Online Store does not consent to the Online Store’s use of cookies, they may select the “I do not consent” option, also available in the cookie notice displayed by the Online Store, or change the settings of the web browser they are currently using (however, this may cause the Online Store website to function incorrectly).
- To manage cookie settings, select your web browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.
- The legal basis for processing personal data from cookies is the Data Controller’s legitimate interests, consisting in ensuring high-quality services and service security.
- The Online Store uses two basic types of cookies: “session” cookies and “persistent” cookies. “Session” cookies are temporary files stored on the User’s end device until they log out, leave the Online Store or turn off the software (web browser). “Persistent” cookies are stored on the Customer’s/User’s end device for the time specified in the cookie parameters or until they are deleted by the Customer/User.
Analytical cookies
Pinterest tag: cookie
Analytical cookies allow us to check the number of visits and traffic sources in our store. They help us determine which pages are more or less popular and understand how users navigate the site. This enables us to analyze statistics and improve our store’s performance. The information collected by these cookies is aggregated and is not intended to identify you. If you do not allow these cookies, we will not know when you have visited our site.
IAI S.A.
__IAI_AC2: 45 days, cookie
Conversion tracking identifier (Activity Tracking) used to collect the history of sources preceding an order placement, as well as the source through which the order was placed, in line with the last-click attribution model.
Google Ads
*-*: 14 days, cookie
Stores information on whether the “Google Customer Reviews” popup requesting consent to send a post-purchase survey has already been displayed.
Google Maps
SID: 3650 days, cookie
Contain digitally signed and encrypted records of a user’s Google account ID and the most recent sign-in time. The combination of these cookies (SID, HSID) allows Google to block many types of attacks, such as attempts to steal the contents of forms submitted in Google services.
Functional cookies (required)
corsan.pl
monit_token: 365 days, cookie
Identifies the store customer.
shop_monit_token: 30 minutes, cookie
Identifies the store customer.
client: 1 day, cookie
Identifies a logged-in customer / the cart of a non-logged-in customer.
affiliate: 90 days, cookie
Stores information about the partner ID from which the store visit originated.
ordersDocuments: cookie
Stores information about the document printout status.
__idsui: 1095 days, cookie
A file required for the so-called light login functionality on the site.
__idsual: 1095 days, cookie
A file required for the so-called light login functionality on the site.
__IAI_SRC: 90 days, cookie
Stores only the source from which the site was accessed.
login: cookie
Stores information on whether the user has logged in to the site.
CPA: 28 days, cookie
Contains information on variables for CPA/CPS programs in which the site participates.
__IAIRSABTVARIANT__: 30 days, cookie
Variant identifier for A/B testing and IdoSell RS engine configuration.
basket_id: 365 days, cookie
Website user’s cart identifier, assigned for the duration of the session.
page_counter: 1 day, cookie
Counter of visited pages.
LANGID: 180 days, cookie
Stores information about the language selected by the site user.
REGID: 180 days, cookie
Stores information about the user’s region.
CURRID: 180 days, cookie
Stores information about the currency selected by the site user.
__IAIABT__: 30 days, cookie
Stores the identifier of A/B tests for testing and improving store functionality.
__IAIABTSHOP__: 30 days, cookie
Stores the identifier of the store participating in an A/B test.
__IAIABTVARIANT__: 30 days, cookie
Stores the identifier of the variant assigned in the ongoing A/B test.
toplayerwidgetcounter[]: cookie
Stores the number of times a pop-up message has been displayed.
samedayZipcode: 90 days, cookie
Stores the site user’s postal code necessary to offer SameDay courier delivery service.
applePayAvailability: 30 days, cookie
Stores information on whether Apple Pay is available for the user.
paypalMerchant: 1 day, cookie
PayPal account identifier.
toplayerNextShowTime_: cookie
Stores information about the time when the next pop-up message should be displayed.
rabateCode_clicked: 1 day, cookie
Stores information about closing the bar informing about an active discount.
freeeshipping_clicked: 1 day, cookie
Stores information about closing the free delivery information bar.
redirection: cookie
Stores information about closing the pop-up suggesting a store language.
filterHidden: 365 days, cookie
After clicking the “collapse filter” option for products, it saves which filter should remain collapsed after refreshing the product list.
toplayerwidgetcounterclosedX_: cookie
Stores information about closing a pop-up message.
cpa_currency: 60 minutes, cookie
Contains information about the currency for CPA/CPS programs in which the site participates.
basket_products_count: cookie
Stores information about the number of items in the cart.
wishes_products_count: cookie
Stores information about the number of items on the wishlist.
remembered_mfa: 365 days, cookie
Stores information about a remembered user for multi-factor authentication (MFA) purposes.
HOMELANDID: 180 days, cookie
Stores information about the visitor’s country.
IAI S.A.
iai_accounts_toplayer: 30 days, cookie
Ensures correct display of the pop-up message about the IdoAccounts login service (https://www.idosell.com/pl/tysiace-gotowych-do-uzycia-funkcji/logowanie-do-sklepu-z-konta-w-innym-serwisie/).
IdoSell
platform_id: cookie
Stores information on whether the site is displayed in a mobile application.
paypalAvailability_: 1 day, cookie
Stores information on whether PayPal is available for the user.
ck_cook: 3 days, cookie
Stores information on whether the site user has consented to cookies.
IdoAccounts
accounts_terms: 365 days, cookie
Stores information on whether the user has accepted the consent to use the IdoAccounts service.
express_checkout_login: 365 days, cookie
CookieNameExpressCheckoutLogin
NID: 180 days, cookie
These cookies (NID, ENID) are used to remember user preferences and other information, such as preferred language, the number of results displayed on a search results page (e.g., 10 or 20), and whether the user wants to have Google SafeSearch filter enabled. This file is also necessary to offer the Google Pay payment service.
Google reCAPTCHA
_GRECAPTCHA: 1095 days, cookie
This cookie is set by Google reCAPTCHA, which protects our site from spam submissions via contact forms.
PayPal
ts: cookie
This cookie is typically provided by PayPal and supports payment services on the website.
ts_c: 1095 days, cookie
This cookie is typically provided by PayPal and is used to prevent fraud.
x-pp-s: cookie
This cookie is typically provided by PayPal and supports payment services on the website.
enforce_policy: 365 days, cookie
This cookie is typically provided by PayPal and supports payment services on the website.
tsrce: 3 days, cookie
This cookie is typically provided by PayPal and supports payment services on the website.
l7_az: 60 minutes, cookie
This cookie is necessary for PayPal login functionality on the website.
LANG: 1 day, cookie
This cookie is typically provided by PayPal and supports payment services on the website.
nsid: cookie
Used in the context of website transactions. The cookie is required for secure transactions.
Advertising cookies
Meta (Facebook)
fbsr_: cookie
Contains a signed request for a Facebook App user.
fbss_: 365 days, cookie
Facebook shared session.
fbs_: 30 minutes, cookie
Facebook session.
Meta Pixel: 999 days, tracking pixel
Meta Pixel is a piece of code that allows you to measure advertising effectiveness by understanding actions taken by website users and helps ensure your store’s ads are shown to the right people.
_fbp: 90 days, cookie
Cookie used for profiling users and tailoring ads to the user’s profile as precisely as possible.
fr: 90 days, cookie
Cookie used for profiling users and tailoring ads to the user’s profile as precisely as possible.
_fbc: 730 days, cookie
Last visit to the store.
tr: cookie
Cookie used for profiling users and tailoring ads to the user’s profile as precisely as possible.
sb: 402 days, cookie
This cookie helps identify and apply additional security measures if someone tries to access a Facebook account without authorization, e.g., by entering random passwords. It is also used to store information that enables Facebook to recover a user’s account if they forget their password, or for additional authentication when account compromise is suspected. This includes cookies like “sb” and “dbln,” which help securely identify the user’s browser.
usida: cookie
Collects a combination of the user’s browser and a unique identifier, used to match ads to users.
wd: 9 days, cookie
This cookie helps direct traffic between servers and analyze load times of Meta products for different users. Using cookies, Meta can also record users’ screen ratios and window sizes and whether high-contrast mode is enabled, to correctly display its websites and apps. For example, it may use “dpr” and “wd” cookies to provide optimal device screen parameters.
locale: 9 days, cookie
This cookie stores the locale of the most recently logged-in user in this browser.
datr: 7 days, cookie
The purpose of the “datr” cookie is to identify the web browser used to connect to Facebook, independently of the logged-in user. This cookie plays a key role in Facebook’s site security and integrity functions.
corsan.pl
RSSID: 180 days, cookie
IdoSell RS user identifier used to display tailored product recommendations on the site.
__IAIRSUSER__: 60 minutes, cookie
IdoSell RS user identifier used to display tailored product recommendations on the site.
Google Ads
_gcl_au: 90 days, cookie
Used by Google AdSense to experiment with ad efficiency on websites using their services.
FPAU: 90 days, cookie
Cookie that collects information about users and their activity on the site through embedded elements for analytics and reporting purposes.
FPGCLAW: 90 days, cookie
Contains user information related to a campaign.
FPGCLGB: 90 days, cookie
Contains user information related to a campaign.
_gcl_gb: 90 days, cookie
Contains user information related to a campaign.
_gac_gb_<>: 90 days, cookie
Contains user information related to a campaign.
_gcl_aw: 90 days, cookie
Contains user information related to a campaign.
IDE: 730 days, cookie
This cookie is used to display Google ads on non-Google websites.
1P_JAR: 30 days, cookie
This cookie is used to collect website statistics and track conversion rates. It sets a unique identifier to remember your preferences and other information such as website statistics and conversion tracking.
test_cookie: 1 day, cookie
Used to test whether the permissions to set cookies in the user’s browser are enabled.
AEC: 138 days, cookie
These cookies prevent malicious sites from acting on a user’s behalf without their knowledge.
APISID: 193 days, cookie
This cookie is stored on a computer to remain connected to the Google account when revisiting their services. While this session is active and using add-ons on other websites, such as ours, Google will use these cookies to improve the user experience.
CONSENT: 559 days, cookie
This cookie is stored on a computer to remain connected to the Google account when revisiting their services. While this session is active and using add-ons on other websites, such as ours, Google will use these cookies to improve the user experience.
DSID: 10 days, cookie
The ‘DSID’ cookie is used to identify a logged-in user on non-Google sites and to remember whether the user has consented to ad personalization.
OTZ: 23 days, cookie
This cookie is used to remember user preferences and other information, such as preferred language, the number of results displayed on a search results page (e.g., 10 or 20), and whether the user wants Google SafeSearch filter enabled.
SAPISID: 28 days, cookie
This cookie is stored on a computer to remain connected to the Google account when revisiting their services. While this session is active and using add-ons on other websites, such as ours, Google will use these cookies to improve the user experience.
SEARCH_SAMESITE: 176 days, cookie
Enables servers to reduce the risk of CSRF attacks and information leakage by ensuring that a given cookie is only sent with requests initiated from the same registered domain.
SIDCC: 393 days, cookie
Retrieves certain tools from Google and saves preferences, such as the number of search results per page or enabling the SafeSearch filter. Adjusts ads appearing in Google search.
SSID: 393 days, cookie
This cookie is stored on a computer to remain connected to the Google account when revisiting their services. While this session is active and using add-ons on other websites, such as ours, Google will use these cookies to improve the user experience.
__Secure-*: 730 days, cookie
These cookies are used to deliver ads better tailored to the user and their interests.
- Cookies are used for the following purposes:
- to create statistics that help understand how Customers/Users of the Online Store use the websites, which enables improving their structure and content;
- to maintain the Customer’s/User’s session (after logging in), thanks to which the Customer/User does not have to re-enter their login and password on each subpage of the Online Store;
- to determine the Customer’s/User’s profile to display product recommendations and tailored materials on advertising networks, in particular the Google network.
- Web browsing software (web browser) generally allows cookies to be stored on the Customer’s/User’s end device by default. Customers/Users can change these settings. The web browser allows cookies to be deleted. It is also possible to automatically block cookies.
- Restrictions on the use of cookies may affect some of the functionalities available on the Online Store’s websites.
- Cookies placed on the Customer’s/User’s end device may also be used by advertisers and partners cooperating with the Online Store.
- Cookies may be used by the Google network to display ads tailored to the way the Customer/User uses the Online Store. For this purpose, they may retain information about the user’s navigation path or the time spent on a given page: https://policies.google.com/technologies/partner-sites.
- We recommend that the Customer/User read the privacy policies of these companies to learn the rules for the use of cookies used in statistics: Google Analytics Privacy Policy.
- With regard to information about the Customer’s/User’s preferences collected by the Google advertising network, the Customer/User can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/.
- The Online Store website includes plugins that may transfer Customers’/Users’ data to controllers such as: Google Maps, Meta (Facebook), Google Ads, PayPal, Google reCAPTCHA, IdoAccounts, IdoSell, IAI S.A., Google.
- For the proper performance of the distance Sales Agreement, the Data Controller may share Customers’/Users’ data with courier entities. The currently available delivery methods in the Online Store are available at: https://corsan.pl/pol-delivery.html.
- For the proper performance of the distance Sales Agreement, the Controller may share Customers’/Users’ data with online payment systems. The currently available prepayment methods in the Online Store are available at: https://corsan.pl/pol-payments.html.
11. Newsletter
- The Customer may consent to receive commercial information by electronic means by selecting the appropriate option in the registration form or later in the relevant tab. If such consent is given, the Customer/User will receive the Online Store’s information (Newsletter) and other commercial information sent by the Seller at the email address provided.
- The Customer may unsubscribe from the Newsletter at any time by unchecking the relevant field on their Account page, going to the form https://corsan.pl/newsletter.php, clicking the appropriate link included in each Newsletter, or through the Customer Service Office.
12. Account
- The Customer/User may not post in the Online Store or provide to the Seller content of an unlawful nature, including opinions and other data.
- The Customer/User gains access to the Account after registration.
- As part of registration, the Customer/User provides the account type or gender, first name, last name, company name, NIP (tax ID), data for issuing a sales document, shipping details, email address, and chooses a password. The Customer/User warrants that the data they provide in the registration form is true. Registration requires carefully reading the Terms and Conditions and checking on the registration form that the Customer/User has read and fully accepts all its provisions.
- When access to the Account is granted to the Customer/User, a contract for the provision of electronic services regarding the Account is concluded between the Seller and the Customer for an indefinite period. The Consumer may withdraw from this contract under the rules set out in the Terms and Conditions.
- Registering an Account on one of the Online Store’s websites simultaneously enables access to the other websites on which the Online Store is available.
- The Customer/User may terminate the contract for the provision of electronic services at any time with immediate effect by informing the Seller by email or in writing at the Data Controller’s address provided in Section 1 point 2 of this Privacy and Cookies Policy.
- The Seller has the right to terminate the contract for the provision of services regarding the Account in the event of discontinuing the Online Store service or transferring it to a third party, the Customer’s/User’s violation of the law or the provisions of the Terms and Conditions, as well as in the event of the Customer’s/User’s inactivity for a period of 6 months. Termination takes effect with seven days’ notice. The Seller may stipulate that re-registering an Account will require the Seller’s permission.