Privacy policy and cookies policy

Disclaimer: The English version is a translation of the original in Polish for information purposes only.
In case of a discrepancy, the Polish original will prevail.

Privacy policy and cookies policy

The Privacy Policy is a document that may allow you to find out who is the administrator of your data, for what purpose, in what scope and for what period it will be processed. In addition, you will find out to whom and on what terms we can share your data, as well as your rights in connection with its processing. We have created this Privacy Policy so that you can find all the necessary information required by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27th, 2016 on the protection of individuals concerning the processing of data and on the free movement of such data which became effective on May 25th, 2018 (“GDPR”). Whenever we talk about data below, we mean the data provided to us by you when subscribing to the newsletter or when making a purchase of a product or your data obtained by us from other sources, e.g. name and surname, e-mail address, address, tax identification number or phone number.

General information

The operator of the website www.thewaywemakegold.com is

URSA MAIOR SP Z O. O. (Limited Liability Company)
Michniowiec 37, 38-710 Czarna Górna, Poland
KRS (National Court Register Number): 0000394985
Sąd Rejonowy w Rzeszowie, XII Wydział Gospodarczy KRS (District Court in Rzeszów, XII Commercial Division of the National Court Register)
NIP (VAT number): 689-123-23-00
REGON number (National Official Business Register): 180761021

  1. The website obtains information about users and their behaviour in the following way:
  • Through information entered voluntarily in forms.
  • Through cookie files saved in end-devices (so-called “cookies”).
  1. The administrator of personal data is URSA MAIOR SP. Z O. O., Michniowiec 37, 38-710 Czarna Górna, Poland, KRS 0000394985 (District Court in Rzeszów, XII Commercial Division of the National Court Register), NIP 6891232300, REGON 180761021.
  2. The processing of the personal data of our clients is supervised by the Personal Data Protection Inspector appointed by us – Andrzej Czech. You can contact him by e-mail at or in writing at the following address: URSA MAIOR SP. Z O. O., Michniowiec 37, 38-710 Czarna Górna, Poland; note: personal data protection.
  3. We process your data whenever you use our services, for example when you buy a product through us. Each time you report your case or complaint to us, we also process your data. We also process your data when we send you marketing information about us or our business partners.
  4. Providing your data is voluntary, but some of your data may be necessary to conclude a contract and properly provide our services, or to meet legal requirements that we must comply with.
  5. We process both the data you have provided to us and the data that we have developed ourselves (e.g. using cookies or other tools we use). We also process data provided to us by the device you use when using our services (cookies). We make sure that we process only the data that is necessary for the purpose for which we collect it (data minimisation).
  6. We process your data primarily for the purposes necessary to conclude and perform the contract, including handling complaints, for example, a user account contract. If necessary, we can contact you on our initiative in technical matters, e.g. when you have a problem with starting the service. The processing of some of your data is also necessary to fulfil our obligations under the law, regarding, for example, the obligation to store certain data for a certain time, collect certain information for user verification and identification, or transfer data to authorised bodies or entities, e.g. resulting from The Polish Payment Services Act, the tax acts, The Polish Accounting Act, The Polish Complaints Act, The Polish Act on Out-of-Court Settlement of Consumer Disputes. We also process your data for other, legally justified purposes, including:
  • monitoring your activity on our websites (e.g. using cookies and the tools we use),
  • profiling your interests and needs (also with the use of cookies) to provide you with only those services that may be of interest to you,
  • direct marketing of our products or services – thanks to this, we can inform you about our offer
  • establishing, investigating and defending any claims arising from our business,
  • monitoring, deterring and detecting possible fraud or abuse committed through the services we provide. If we decide to process your data for a different purpose than we have collected it, we will inform you about it and ask for your consent, if required by law.
  • The legal basis for data processing is:
  1. conclusion and performance of the contract, or
  2. the consent you have expressed, or
  3. implementation of legally justified interests of the administrator, or
  4. fulfilment of our obligations under applicable law, depending on the type of service we provide, these include:

– The Polish Payment Services Act of August 19th, 2011

– The Polish Accounting Act of September 29th, 1994

– The Polish Goods and Services Tax Act of March 11th, 2004

– The Polish Act on Electronically Supplied Services of July 18th, 2002

– The Polish Act on Out-of-Court Settlement of Consumer Disputes of September 23rd, 2016.

We process your data under the applicable provisions on the protection of personal data, including the GDPR.

  • We will process your data in the shortest time possible. For individual cases, the data processing time is as follows:
  1. If we process your data based on a contract, the processing will continue as long as the contract between us and the period of limitation of any claims lasts.
  2. If you have consented to the processing for a specific purpose, we will process your data until you withdraw your consent.
  3. We will process the data that we process as part of the implementation of a legally justified interest as long as this interest lasts. In special cases, which are data processing for direct marketing purposes, including profiling, we may process your data until you object.
  4. We will process the data processed to fulfil our obligations under applicable law as long as it results from these provisions.
  • We do not share your data with third parties or persons. The exception to this rule is when:
  1. You give your voluntary consent to such sharing. Your consent may be revoked at any time.
  2. The provision of access is necessary for the performance of the service. The recipients of your data may be: Bank or other payment service provider – data necessary to provide the payment service; In special cases, your data may be made available to entities authorised to do so based on generally applicable provisions of law (e.g. law enforcement authorities, other payment service providers). Each request for disclosure is thoroughly examined by us, and the transfer of data takes place only if, as a result of this analysis, we find that there is a valid and effective legal basis for requesting disclosure of your data to these entities.
  3. At the same time, you need to know that we use the help of external entities in the implementation of some tasks, e.g. data storage, accounting services, marketing services. In this case, we entrust personal data to subcontractors for a specific purpose, while still being the administrator of your data and responsible for its security. We do not transfer your data to third countries.
  • We use automated decision-making processes for some services. Automated decision-making, including profiling, also takes place for reasons of online payment security when such payment services are provided.
  • You have the right to obtain information from us whether we process your data, for what purpose we process it, what categories of your data we have, what are the categories of recipients of your data and the period of storage of your data planned by us.
  • You always have the option to access the data we process, rectify data that is incorrect or supplement incomplete data.
  • You have the option to request the deletion of the data we process. Your request will be fulfilled by us immediately unless we are required by law to further process your data, there is no legal obligation that we must fulfil, or if your data is not necessary for us to establish, assert or defend claims. We will delete your data when:
  1. it is no longer necessary for the purposes for which it was collected or otherwise processed,
  2. we processed it based on your consent, which you have withdrawn, and there is no other legal basis for data processing,
  3. you have objected to the processing of your data as part of the legitimate interest of the administrator, and at the same time there are no other circumstances that justify further data processing,
  4. personal data has been processed unlawfully,

5.personal data must be removed due to the obligation arising from legal regulations.

  • You can withdraw your consent to the processing of your data at any time, provided that the basis for processing it is your consent. Therefore, data processing will be legal until you withdraw your consent.
  • You have the right to request us to limit the processing of your data if:
  1. you report that the data processed by us is incorrect; the restriction takes place until the time allowing for the verification of the correctness of the data;
  2. there is no legal basis for the processing, and you oppose the definitive erasure of your data;
  3. we no longer need your data for the purposes for which we collected it, but you need it to defend your interests or pursue claims;
  4. you have objected to the processing of your data; the restriction takes place until it is determined whether there is a basis for processing overriding your objection.
  • You have the right to object to the processing of data by us as part of the legitimate interest of the administrator.
  1. We will immediately cease such processing unless there is a ground that overrides the objection made.
  2. Your objection will always be taken into account concerning the processing of data for direct marketing purposes, including profiling, to the extent that profiling is related to direct marketing.
  • Please be advised that as a result of your exercising the rights indicated above, we may cease to provide you with some services (in whole or part), for the provision of which it is necessary to process certain personal data of you.
  • You have the right to receive the personal data that you provided to us in a machine-readable format and to transfer this data to another administrator. This applies to data processed in an automated manner:
  1. which we process based on your consent, or
  2. which we process based on a contract concluded with you.
  • If you believe that your rights have been violated, you have the option to complain with the supervisory body, i.e. the Inspector General for Personal Data or its successor, i.e. the President of the Office for Personal Data Protection.
  • You have the right not to be subjected to the process of automated decision-making, including profiling if such activities have legal effects on you or otherwise significantly affect you. However, we may use an automated decision-making process when such a decision:
  1. is necessary for the conclusion or performance of a contract,
  2. is allowed under separate provisions of law, or
  3. takes place after your consent.
  • If you will be subjected to the process of automated decision-making, including profiling, you have the right to receive the intervention of our employee who will additionally verify your situation and the decision made, you can present your position or question the decision made.

Information in the forms

  1. The website collects information provided voluntarily by the user.
  2. The website may also save information about connection parameters (timestamp, IP address)
  3. The data in the form is not made available to third parties other than with the consent of the user.
  4. The data provided in the form may constitute a set of potential customers, registered by the Website Operator
  5. The data provided in the form is processed for the purpose resulting from the function of a specific form, e.g. to register a given person on the Platform and to create their Customer’s account.
  6. The data provided in the forms may be forwarded to entities that technically provide certain services – in particular, this applies to the transfer of information about the owner of a registered domain to entities that are operators of internet domains (primarily the Scientific and Academic Computer Network – NASK), payment services or other services entities with which the Website Operator cooperates in this respect.

Information about cookies

  1. The website uses cookies.
  2. Cookie files (so-called “cookies”) are IT data, in particular text files, which are stored on the Website User’s end device and are intended for using the Website’s pages. Cookies usually contain the name of the website they come from, the storage time on the end device and a unique number.
  3. The entity placing cookies on the Website User’s end device and accessing them is the Website operator.
  4. Cookies are used for the following purposes:
  • creating statistics that help to understand how Website Users use websites, which allows improving their structure and content;
  • maintaining the Website User’s session (after logging in), thanks to which the User does not have to re-enter the login and password on every subpage of the Website;
  • determining the user’s profile to display him matched materials in advertising networks, in particular the Google network.
  1. The Website uses two basic types of cookies: session cookies and persistent cookies. Session cookies are temporary files that are stored on the User’s end device until logging out, leaving the website or turning off the software (web browser). Persistent cookies are stored on the User’s end device for the time specified in the cookie file parameters or until they are deleted by the User.
  2. Software for browsing websites (web browser) usually allows cookies to be stored on the User’s end device by default. Website users can change the settings in this regard. The web browser allows you to delete cookies. It is also possible to automatically block cookies. Detailed information on this subject can be found in the help or documentation of the web browser.
  3. Restrictions on the use of cookies may affect some of the functionalities available on the Website pages.
  4. Cookies placed on the Website User’s end device may also be used by advertisers and partners cooperating with the Website operator.
  5. We recommend that you read the privacy protection policies of these companies to learn about the rules of using cookies used in statistics: Google Analytics Privacy Policy
  6. Cookies may be used by advertising networks, in particular the Google network, to display advertisements tailored to how the user uses the Website. For this purpose, they may keep information about the user’s navigation path or the time spent on a given page.
  7. In terms of information about user preferences collected by the Google advertising network, the user can view and edit information derived from cookies using the tool: https://www.google.com/ads/preferences/

Server logs

  1. Information about some of the behaviours of users is subject to logging in to the server layer. Such data is used only to administer the website and to ensure the most efficient service of the hosting services provided.
  2. The browsed resources are identified by URL addresses. In addition, the following may be saved:
  • time of arrival of the enquiry,
  • response sending time,
  • name of the client’s station – identification carried out by the HTTP protocol,
  • information about errors that occurred during the implementation of the HTTP transaction,
  • URL address of the page previously visited by the user (referrer link) – if the Website was accessed via a link,
  • information about the user’s browser,
  • Information about the IP address.
  1. The above data is not associated with specific people browsing the website.
  2. The above data is used only for server administration.

Provision of data

  1. The data can be made available to external entities only within the limits permitted by law.
  2. Data enabling the identification of a natural person is made available only with the consent of that person.
  3. The operator may be required to provide information collected by the Website to authorised bodies based on lawful requests to the extent resulting from the request.

Managing cookies – how to express and withdraw consent in practice?

  1. If the user does not wish to receive cookies, he/she may change the browser settings. We reserve that disabling cookies necessary for authentication processes, security, maintaining user preferences may make it difficult, and in extreme cases may prevent the use of websites.
  2. To manage cookie settings, select the web browser/system from the list below and follow the instructions: