Privacy Policy

By using the features of the Online Service at www.kids-jungle.pl—especially when ordering products offered via the Service or creating a customer account—you provide us with your Personal Data. This Privacy Policy describes the rules and purposes of processing the Personal Data of Users visiting the Online Service www.kids-jungle.pl by the Data Controller (Part I of the Privacy Policy). The document also contains information about cookies and similar technologies used within the Online Service www.kids-jungle.pl (Part II of the Privacy Policy).

If you have any questions about this Privacy Policy, you can contact the Data Controller at any time by emailing: hello@kids-jungle.pl.

Definitions

Controller – unless this Privacy Policy states otherwise, the controller of Users’ Personal Data collected in connection with the use of the Online Service is Proxa Furniture sp. z o.o. with its registered office in Nowy Sącz (33-300 Nowy Sącz), ul. Osiedlowa 2A, entered in the Register of Entrepreneurs of the National Court Register (KRS) kept by the District Court for Kraków-Śródmieście in Kraków, 12th Commercial Division of the National Court Register under number 0000892154, NIP (tax ID): 7343593894, REGON: 388610752, BDO: _____, tel.: _____, e-mail: hello@kids-jungle.pl.

Personal Data – any information relating to an identified or identifiable natural person, identifiable in particular by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person; this includes first and last name, phone number, e-mail address, delivery address for goods purchased via the Online Service, device IP address, location data, and information collected through cookies or similar technologies.

Privacy Policy – this privacy policy.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).

Online Service – the website available at www.kids-jungle.pl, through which, among other things, the Controller sells products and enables browsing of current offers and promotions.

User – any person who uses the Online Service, including placing orders, browsing the Controller’s offers, or creating a customer account.

I. PRIVACY POLICY OF THE ONLINE SERVICE

1. Purposes and legal bases for processing Personal Data

The Controller processes Users’ Personal Data for various purposes and on different legal bases—depending on which features of the Online Service the User uses. Details are set out below.

Contact form

A contact form is available in the Online Service. If the User wishes to use it to contact the Controller, the User will be asked to provide specified Personal Data (e.g., first name, last name, e-mail address). These data are necessary to receive and handle the User’s enquiry so the Controller can reply.

The Personal Data provided by the User will be processed for the following purposes:

identifying the sender, handling the enquiry, and providing a response – the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in replying and providing support to Users;
establishing, exercising or defending legal claims – the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in protecting the Controller’s rights and property and resolving any dispute with the User, as well as replying to a complaint.

Providing Personal Data is voluntary, but sending an enquiry without providing these data is not possible.

Use of the Online Service (cookies and similar technologies, system logs)

Within the Online Service, the Controller uses cookies and/or similar technologies. Even if the User does not create an account or log in, certain information may be transmitted to the Controller, such as IP address or device details. In some cases, these may constitute Personal Data. Cookies and similar technologies are used for various purposes, including ensuring the proper functioning of the Online Service, as well as for statistical, analytical and marketing purposes. Detailed information is provided in Part II of this Privacy Policy.

Data collected via cookies or similar technologies may subsequently be combined with other User data and processed for the following purposes:

analysis and Service statistics – the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in compiling statistics and analysing the activity and preferences of Users visiting the Online Service to facilitate Service management. Processing for this purpose is possible if the User consents to the use of analytical and statistical cookies;
advertising and marketing, including tailoring the Controller’s ads and offers to the User – the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in displaying offers and ads tailored to the User based on collected information, and in preparing analyses and statistics concerning the Controller’s advertising campaigns. The Controller may process Personal Data for this purpose if the User consents to the use of advertising and marketing cookies or similar technologies.

When using the Online Service, the User’s activity is automatically recorded in system logs (records of events related to the Online Service). Through these, the Controller may obtain information including Personal Data, e.g., the IP address and information about the User’s device. These data are processed for the following purposes:

ensuring the security of the Online Service, including detecting network attacks, and enabling the detection of IT system and Service errors – the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in ensuring security and the proper functioning of the Online Service and protecting the Controller’s business interests;
establishing, exercising or defending legal claims – the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in protecting the Controller’s rights and property.

Customer account in the Online Service

One of the features of the Online Service is the ability to register and create a customer account. By creating an account, the User concludes with the Controller a contract for account maintenance (an electronic service). During registration, the User will be asked to provide Personal Data (e.g., first name, last name, e-mail address). These data are necessary for the Controller to create and maintain the User’s account.

The data provided will be processed for the following purposes:

concluding and performing the contract for maintaining the customer account in the Online Service – the legal basis is necessity for the performance of a contract (Article 6(1)(b) GDPR) for Users who are natural persons. Where the User represents a non-natural person (e.g., acts on behalf of a company), the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in concluding and performing the account contract with the represented entity (e.g., the company);
establishing, exercising or defending legal claims – the legal basis is the Controller’s legitimate interest (Article 6(1)(f) GDPR) in protecting the Controller’s rights and property and resolving any dispute with the User.

Providing Personal Data is voluntary; however, failure to provide them will mean you cannot register and create an account in the Online Service (contractual requirement).

Marketing

The Controller carries out marketing activities through various channels to inform Users about services, offers and other relevant content available via the Online Service. These may include, among others:

contextual advertising – ads displayed to the User based on the content of the page being viewed (for example, if you browse the playgrounds section, you may see an ad for children’s slides). Contextual advertising generally does not require the processing of Personal Data;
behavioural advertising – uses information about the User’s behaviour (e.g., pages visited, clicks, products viewed in the online shop) to tailor ad content to the User’s interests. For this purpose, the Controller may process the User’s Personal Data, including sharing, with its advertising partners, data collected via cookies and similar technologies (if the User has consented to their use).

Remarketing

Remarketing is a form of marketing communication based on analysing data collected while the User interacts with the Online Service—for example during shopping or when registering an account. As part of these activities, the Controller may send the User personalised messages intended to remind them of the Controller’s offer and encourage them to get back in touch or complete a transaction (e.g., an email with a discount on accessories for a product they have already purchased, or a reminder about an unfinished order). Such messages are tailored to the User’s interaction history with the Online Service.

Remarketing messages may be sent via various channels—e.g., email, SMS or MMS—provided the User has consented to receive messages via the given communication method.

Email and SMS marketing

If the User gives consent, the Controller will send commercial information—such as offers, promotions and other marketing content—by email or SMS. For this purpose, the User will be asked to provide contact details, such as an email address or phone number. This consent also covers the Controller’s use of systems for the automated sending of messages.

The marketing content the User receives may be tailored to their preferences and prior activity within the Online Service.

Cooperation with external advertising partners

The Controller may run advertising campaigns with external service providers (e.g., ad platforms, social networks), which may include:

targeting ads to custom audiences;
targeting and personalising ad content based on User behaviour;
retargeting—showing ads again to people who have previously visited the Online Service;
displaying ads on external websites and apps, such as social networks or advertising platforms.

The personal data provided by the User will be processed by the Controller for the following purposes:

Sending the User commercial information (offers, promotions) and other marketing content via the communication channel the User has consented to (e.g., email, SMS), including offers, promotions and other content that may be automatically tailored to the User (profiling) — legal basis: User consent (Art. 6(1)(a) GDPR).
Ad/offer/promotion personalisation (including profiling) and displaying such tailored ads, offers and promotions to the User — legal basis: the Controller’s legitimate interests (Art. 6(1)(f) GDPR), i.e., showing content the User may find relevant (tailored based on information collected about the User) and creating analyses and statistics regarding the Controller’s online advertising campaigns (including measuring their effectiveness). The Controller’s legitimate interests apply where the User can reasonably expect such processing (e.g., after consenting to marketing cookies or similar technologies). In some situations (e.g., where profiling could significantly affect the User’s privacy, or where the User would not reasonably expect their data to be used for ad/offer personalisation), the Controller will seek the User’s consent (Art. 6(1)(a) GDPR).
Displaying ads to the User on external platforms (e.g., Facebook, Instagram) based on their email address or phone number (custom audiences) — legal basis: the Controller’s legitimate interests (Art. 6(1)(f) GDPR), namely promoting the Controller’s products and increasing the effectiveness of advertising campaigns.

Users who wish to receive information about news and promotions available within the Online Service can subscribe to the free newsletter. To sign up, the User must provide their first name and email address. Providing this data is voluntary but necessary to deliver the service.

Subscribing to the newsletter constitutes the User’s consent to receive commercial information (including offers and promotions) and other marketing content about the Controller, including via systems that automate message sending.

The User may withdraw consent to receive the newsletter at any time—by clicking the unsubscribe link in any message or by emailing hello@kids-jungle.com with an unsubscribe request. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

The personal data provided for newsletter subscription will be processed for:

Sending the newsletter — legal basis: User consent (Art. 6(1)(a) GDPR).

Company social media profiles (Facebook and Instagram)

The Controller operates company profiles of the Online Service on social media platforms such as Facebook (link), Instagram (link), TikTok (link), Threads (link), Pinterest (link), and also a channel/profile on YouTube (link). When the User visits any of these profiles or channels and posts comments, likes, or follows the profile, the Controller processes the User’s personal data. The scope includes both information the User provides and data obtained from the platform operator, such as the User’s platform identifier (name or profile name) and profile photo. Providing personal data is voluntary, but without it certain platform features (e.g., commenting, messaging the Controller) cannot be used. Independently of the Controller, each platform operator processes the User’s personal data to provide its services in accordance with that platform’s terms. Details can be found in the platform’s privacy notice.

Within the Online Service, the User may find links to the Controller’s social profiles (e.g., Facebook, Instagram, TikTok, Pinterest). Clicking such a link redirects the User to the relevant platform. From that point, the operator of the platform also becomes a controller of the User’s data. The operator may use collected information—e.g., that the User visited the Controller’s profile from the Online Service—for its own purposes such as advertising, market research or preference analysis. The Controller has no influence over how the platform operator processes personal data, as the operator acts as an independent controller. For details, see:

Facebook: https://www.facebook.com/privacy/policy/?entry_point=comet_dropdown

Instagram: https://privacycenter.instagram.com/policy

TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/pl

Pinterest: https://policy.pinterest.com/pl/privacy-policy#section-residents-of-the-eea

Facebook, Instagram and Threads

The Controller processes the Personal Data of individuals who interact with our business profiles on Facebook, Instagram and Threads—for example by liking, commenting or otherwise engaging. The data processed by the Controller include the user name on Facebook/Instagram/Threads (including profile photo), comments posted on the business profile, aggregate statistics, and other information necessary to handle requests or to clearly identify visitors.

The operator of Facebook, Instagram and Threads is Meta Platforms Ireland Limited (Serpentine Avenue, Block J, Dublin 4, Ireland). Meta processes Users’ personal data in accordance with its privacy policies available at:

Facebook: https://www.facebook.com/privacy/policy/

Instagram: https://privacycenter.instagram.com/policy

Threads: https://help.instagram.com/515230437301944

Joint controllership with Meta

The Controller uses anonymous statistical data (Page Insights) that Meta provides about visitors to our business profiles on Facebook, Instagram and Threads. These data do not allow us to identify specific individuals or access their profiles. More information: https://www.facebook.com/legal/terms/information_about_page_insights_data.

The Controller and Meta Platforms Ireland Limited (Serpentine Avenue, Block J, Dublin 4, Ireland) act as joint controllers with respect to processing for Page Insights (statistics data). Joint controllership covers the aggregate analysis of data to display statistics on User activity on the Controller’s business profile.

Details of the arrangements between the joint controllers are available here: https://www.facebook.com/legal/terms/page_controller_addendum.

TikTok

The Controller processes the Personal Data of individuals who interact with our business profile on TikTok—for example by liking, commenting or otherwise engaging. The data processed include the user name on TikTok (including profile photo), comments posted on the business profile, and other information necessary to handle requests or to clearly identify visitors.

Personal data of Users visiting the Controller’s TikTok business profile are processed by TikTok Technology Limited (Ireland) and TikTok Information Technologies UK Limited (UK), which are jointly responsible for collecting and processing data on this platform. TikTok companies process Users’ Personal Data in accordance with their privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/pl.

Joint controllership with TikTok

TikTok provides the Controller with anonymous statistical data about our business profile (so-called insights). The Controller uses these data solely to analyse User behaviour in order to tailor offers to visitors’ needs and interests. The Controller and TikTok Technology Limited (2 Cardiff Lane, Grand Canal Dock, Dublin 2, D02 E395, Ireland) and TikTok Information Technologies UK Limited (6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom) act as joint controllers with respect to processing for profile statistics. Joint controllership covers the aggregate analysis of data to display statistics on User activity on the Controller’s profile.

Details of the joint controller addendum: https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en.

YouTube

The Controller processes the Personal Data of Users who visit or subscribe to our YouTube channel, as well as those who leave comments/reactions under published videos. Such data may include the YouTube user name, comments posted on the Controller’s channel, and activity on the channel (YouTube provides statistics and information, e.g. channel visits, average watch time, posts, country and city of visitors, and gender statistics of channel visitors).

The operator of YouTube is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland – “Google”). If a User visits the Controller’s channel, Google collects and processes their Personal Data in accordance with Google’s privacy policy: https://policies.google.com/privacy?hl=pl.

The Controller processes the Personal Data of individuals who interact with our business profile on Pinterest—for example by liking, commenting or otherwise engaging. The data processed include the user name (including profile photo), comments posted on the business profile, aggregate statistics, and other information necessary to handle requests or to clearly identify visitors.

The controllers of Personal Data collected on Pinterest are Pinterest Europe Ltd. (Waterloo Exchange, 3rd Floor, Waterloo Road, Dublin 4, Ireland) and Pinterest, Inc. (651 Brannan St., San Francisco, CA 94107, USA). More information on their processing is available here: https://policy.pinterest.com/pl/privacy-policy#section-residents-of-the-eea.

Purposes of processing in connection with our profiles/pages

In connection with maintaining profiles (business pages) on the above platforms, the Controller may process a User’s Personal Data for the following purposes:

Running the profile on the social platform/online service, including communicating with Users via the platform/service and informing about the Controller’s activities — legal basis: legitimate interests of the Controller (Article 6(1)(f) GDPR), i.e. responding to Users’ messages and enquiries and building the Controller’s brand image.
Compiling statistics and analyses concerning the Controller’s profile — legal basis: legitimate interests of the Controller (Article 6(1)(f) GDPR), i.e. improving and optimising the Controller’s profile on the platform and better tailoring it to Users.
Running advertising campaigns on the social platform — legal basis: legitimate interests of the Controller (Article 6(1)(f) GDPR), namely increasing sales of the products offered, or consent of the User (Article 6(1)(a) GDPR) where required by law or by the platform’s rules.
Establishing, exercising or defending legal claims — legal basis: legitimate interests (Article 6(1)(f) GDPR), i.e. protecting the Controller’s rights and property interests and resolving any dispute with a User.

Contract formation

Through the Online Service, the User can purchase products offered by the Controller. To conclude and perform a sales contract, the User will need to provide the necessary Personal Data. The Controller will process the Personal Data provided for the following purposes:

Conclusion and performance of the contract – legal basis: Article 6(1)(b) GDPR.
Compliance with legal obligations imposed on the Controller, in particular obligations under tax and accounting laws and consumer protection regulations – legal basis: Article 6(1)(c) GDPR.
Establishment, exercise or defence of legal claims – legal basis: the Controller’s legitimate interests (Article 6(1)(f) GDPR), namely the protection of the Controller’s rights and assets and the resolution of any dispute with the User.
Providing Personal Data is voluntary, but failure to provide it will make it impossible to conclude a contract with the User.

2. Personal Data retention period

The period for which the Controller processes the User’s Personal Data depends on the type, purpose and legal basis of the processing. The Controller stores Personal Data:

On the basis of legitimate interests (e.g. defence or pursuit of claims) – for the time necessary to achieve those interests (e.g. for pecuniary claims, until such claims become time-barred), unless the User lodges an effective objection to processing earlier.
Where processing is necessary for the conclusion and performance of a contract – for the duration of that contract.
Where processing is required by law – for the period resulting from legal provisions (e.g. data contained in tax-related documents, such as invoices, are generally stored for 5 years from the end of the year in which the tax became due).
Where processing is based on the User’s consent – until the consent is withdrawn, unless the data are no longer needed by the Controller to achieve the purpose for which the consent was obtained earlier.

The processing period may be extended where processing is necessary for the establishment, exercise or defence of potential claims or to comply with legal obligations incumbent on the Controller; after that, data will be retained only if and to the extent required by law.

3. Rights of data subjects

Users whose Personal Data are processed by the Controller have the following rights:

Right of access – the User can obtain information about the processing of their Personal Data (including purposes, legal bases, scope of data, recipients) and request a copy of the data processed by the Controller.
Right to rectification – if the User finds that their Personal Data are incomplete, inaccurate or have changed, they may request correction.
Right to erasure (“right to be forgotten”) – the User may request deletion of their Personal Data, in particular where the data are no longer necessary for the purposes for which they were collected, the User withdraws consent, objects to processing, or other GDPR grounds apply.
Right to restriction of processing – the User may request that their Personal Data be processed only to a limited extent, e.g. pending the Controller’s assessment of an objection, pending verification of a rectification request, or where the User wishes the Controller to store the data in connection with claims or suspected unlawful processing.
Right to data portability – where the Controller processes the User’s Personal Data on the basis of consent or a contract and by automated means, the User may request receipt of the data they provided to the Controller in a structured, commonly used and machine-readable format (e.g. XML), and may transmit those data to another controller. Where technically feasible and subject to appropriate security standards, the Controller may transmit the data directly to another controller at the User’s request. This right must not adversely affect the rights and freedoms of others.
Right to object – where Personal Data are processed on the basis of the Controller’s legitimate interests, the User may object on grounds relating to their particular situation. The Controller will assess whether there are compelling legitimate grounds for processing which override the User’s interests, rights and freedoms, or whether the processing is needed for the establishment, exercise or defence of legal claims. If the objection is effective, the Controller will no longer process the data concerned. Where Personal Data are processed for direct marketing, including profiling for marketing purposes, the User may object at any time without giving reasons; in such case, the Controller will cease processing the User’s data for direct marketing.
Right to lodge a complaint with a supervisory authority – if the User believes their Personal Data are processed unlawfully, they may lodge a complaint with the data protection authority. In Poland, this is the President of the Personal Data Protection Office (PUODO).
Right to withdraw consent – where processing is based on consent, the User may withdraw it at any time with effect for the future. This does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, the User may, for example, contact the Controller at: hello@kids-jungle.pl.

4. Data recipients

In operating the Online Service and providing services, the Controller cooperates with third parties (sub-processors and suppliers). Consequently, recipients of the User’s Personal Data may include: IT service providers (e.g. hosting), banks and payment operators, accounting service providers (for issuing invoices/receipts), carriers or shipping intermediaries handling order deliveries, and entities processing electronic or card payments in the Controller’s online store.

Personal Data may also be disclosed to courts or competent public authorities (e.g. law enforcement) or other authorised third parties, but only where there is an appropriate legal basis (e.g. a law requiring disclosure) and in accordance with applicable regulations.

5. Transfers outside the EEA

As a rule, the Controller does not transfer the User’s Personal Data outside the European Economic Area (EEA). However, due to the tools used by the Controller and cooperation with certain entities, Users’ Personal Data may be transferred to countries outside the EEA. The Controller ensures that any transfer outside the EEA takes place only where an adequate level of protection of Personal Data is guaranteed.

Within the Online Service, the Controller uses tools provided by companies headquartered in the USA (e.g. Meta Platforms Inc.). Therefore, even if the Controller does not directly transfer the User’s Personal Data to the USA, the data may be stored on servers located in the USA. By European Commission Decision of 10 July 2023, the USA was recognised as providing an adequate level of protection for Personal Data in relation to companies participating in the EU–U.S. Data Privacy Framework. The Controller uses services of U.S.-based companies that participate in this programme.

6. Source of Personal Data

The Controller obtains Personal Data directly from Users. Where appropriate, the Controller may also obtain data about Users from publicly available sources (e.g., KRS, CEIDG).

7. Profiling

Based on the Personal Data processed, the Controller does not make decisions solely by automated means, including profiling as referred to in Article 22(1) and (4) GDPR.

8. Security

This Privacy Policy is reviewed and updated periodically.

9. Contact details

Users may contact the Controller by post at: PROXA FURNITURE, ul. Osiedlowa 2A, 33-300 Nowy Sącz, Poland, or by e-mail at: hello@kids-jungle.pl.

II. COOKIES

The Online Service uses cookies and other, similar technologies (e.g., tracking pixels, local data files, tags, markers, identifiers) to obtain information about Users and their devices. Collectively, these are referred to as “cookies.”

What are cookies?

Cookies are small data files that the Online Service sends to the browser, which the browser sends back on subsequent visits. They are stored on the User’s device (e.g., computer or smartphone memory). Among other things, they allow the User’s device to be recognised and pages to be displayed correctly (including adapting them to the User’s preferences), as well as collecting various information related to the User’s browsing of the Online Service. Cookies typically contain the name (domain) of the website they come from, their storage time on the device, and a unique identifier.

What are cookies used for?

Cookies serve different functions. Some are necessary for the proper operation of the Online Service; others help the Controller collect information about how the Online Service is used, e.g., by remembering visits and actions taken.

The Controller uses cookies for the following purposes:

Facilitating login to the customer account and authenticating the User within the Online Service;
Adapting content of the Online Service to the User’s preferences and end device, and optimising use of the Online Service;
Remembering settings during and between visits;
Analytics and statistics to better understand how Users use the Online Service and to improve it;
Marketing, e.g., identifying which ads are shown to a User and tailoring offers and ads to the User.

Are cookies Personal Data?

The information the Controller collects via cookies does not directly identify the User—these data are anonymous. However, in combination with other information, cookies may enable the identification of a specific person. For this reason, the use of cookies may involve the processing of Personal Data.

How long are cookies stored on the User’s device?

Cookies have different lifespans depending on whether they are session or persistent cookies. Session cookies are temporary—stored only for the duration of the User’s session in the Online Service and automatically deleted after the browser is closed or the User logs out. Persistent cookies are not deleted when the browser is closed (they remain for several months or even years) and can be deleted via the browser settings.

Where do cookies come from?

Some cookies are placed by the Controller (so-called first-party cookies). Others originate from external domains/servers and are stored by third parties with whom the Controller cooperates (so-called third-party cookies). Data collected by third-party cookies are transmitted to those other companies (e.g., advertising networks).

Cookies used by the Controller

Necessary cookies: essential for the proper and secure functioning of the Online Service. Under the law (Article 399(3) of the Polish Electronic Communications Law), their use does not require the User’s consent.

Functional cookies: remember choices made when using the Online Service (e.g., login details or language preferences) to personalise settings and avoid re-entering preferences. The Controller also uses these data to improve the shopping experience, prevent errors, test new features, and analyse user experience. If you do not consent to their use, the Online Service will still function, but may be less convenient to use.

Analytics/statistics cookies: allow the Controller to monitor how Users use the Online Service and which pages they view, analyse traffic data, IP address, general geolocation, browser and device type, ISP information, and actions taken in the Online Service. This enables the Controller to create aggregate reports and statistics to improve the Online Service and fix potential errors.

Marketing cookies: allow the Controller to collect information in order to display ads tailored to Users (e.g., based on pages viewed in the Online Service), personalise online ads, display ads outside the Online Service, and compile advertising statistics.

Third-party tools

Google Analytics

Within the Online Service, the Controller uses Google Analytics provided by Google (Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland). Information collected by Google Analytics is used to create general, aggregate analyses and statistics. Google Analytics does not use the collected data to identify the User or combine information to enable such identification.

Independently of cookie consent (see below), the User can disable Google Analytics cookies in the browser. Collection/processing by Google Analytics can also be blocked by installing the browser add-on available at: https://tools.google.com/dlpage/gaoptout/.

More information: https://support.google.com/analytics/answer/6004245?hl=pl and Google’s privacy policy: www.google.com/policies/privacy/partners/.

Meta Ads

For marketing, the Controller uses Meta Ads (Meta Platforms Ireland Limited) to display ads for its products on Meta platforms (Facebook, Instagram, Messenger) and across Meta’s partner network in various formats (text, image, video, carousel).

Meta may process Personal Data such as device and browser identifiers (e.g., IP address, cookies, device ID), activity on the Online Service, and demographic/interests data (based on Meta activity). These data are used for ad personalisation, retargeting, and campaign performance analysis.

Details: https://www.facebook.com/privacy/policy.

Meta Pixel

The Controller uses tools provided by Meta Platforms Ireland Limited to analyse marketing effectiveness, measure campaigns, and reach Users potentially interested in the Controller’s products.

For technologies such as the tracking pixel, the Controller and Meta act as joint controllers for the collection and transmission of Personal Data to Meta. Joint controllership does not cover processing after data are transmitted to Meta (Meta acts alone) nor the preparation of aggregated, anonymised reports (performed for the Controller by Meta as a processor).

Details of joint controllership: https://www.facebook.com/legal/controller_addendum

How Meta processes data and users’ rights: https://www.facebook.com/about/privacy

TikTok

The Controller uses TikTok tools to analyse campaign effectiveness, measure results, and better reach users potentially interested in the Controller’s products.

After consent to relevant cookies, the User’s browser connects to TikTok’s servers via the TikTok pixel, informing TikTok that a given User visited a page or clicked an ad. TikTok may also collect IP address, device data, visit time, and on-site activity, which may be linked to a TikTok account for personalised ads and profiles based on activity/interests.

Data provided by TikTok to the Controller are anonymised and used only for campaign analysis. The Controller and TikTok Technology Limited (Ireland) and TikTok Information Technologies UK Limited are jointly responsible for collecting and transmitting data via TikTok tools. Joint processing does not cover processing TikTok conducts independently (e.g., ad matching/optimisation, user security, service development).

Joint controllership terms: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms

TikTok privacy policy: https://www.tiktok.com/legal/page/eea/privacy-policy/pl

Google reCAPTCHA

The Online Service uses Google reCAPTCHA (Google Ireland Limited) to detect automated/bot activity and protect forms from malicious use. reCAPTCHA may ask the User to complete a simple test and processes device/browser data and uses its own cookies to function. Data collected are used to provide, maintain, improve reCAPTCHA and for general security.

More: https://policies.google.com/privacy

Google Tag Manager

Google Tag Manager enables the Controller to manage snippets (“tags”) on the Online Service (e.g., to trigger Google Analytics). Tag Manager itself does not collect Personal Data or set cookies; data are processed only by the specific tools it triggers.

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Hotjar

The Controller uses Hotjar to better understand User behaviour (e.g., heatmaps, scroll analysis) and improve the Online Service. The tool does not identify Users. Details about Hotjar’s data collection and how to opt out: https://www.hotjar.com/legal/policies/privacy/

Consent to the use of cookies

Using cookies (and similar technologies) requires the User’s consent (except for necessary cookies). The Online Service displays a cookie banner explaining cookie use; the User may consent to cookies for specified purposes or refuse. If consent is not given, the Controller will use only necessary cookies required for the proper and secure operation of the Online Service—these do not require consent because, without them, the Online Service would not function correctly (Article 399(3) of the Polish Electronic Communications Law).

Where the use of consent-based cookies (analytics, functional, marketing) involves processing Personal Data, the legal basis is the User’s consent (Article 6(1)(a) GDPR). Further processing of Personal Data originally collected via cookies may take place on the basis of the Controller’s legitimate interests (Article 6(1)(f) GDPR—e.g., marketing products/services, compiling statistics and analyses), as described in the previous section of this Privacy Policy.

For third-party cookies, the User’s consent also covers the transfer of data collected via such cookies to the relevant external provider.

The User may withdraw consent at any time (e.g., via browser settings). The browser can also be set to automatically block all or some cookies.

Cookie list

Provider | Name | Storage period | Type | First-party or third-party

Nowy Sącz, 22 July 2025

Cookie name	Provider	Purpose	Expiry
cookiesplus	https://kids-jungle.com	Stores your cookie preferences.	1 year
PrestaShop-#	https://kids-jungle.com	This cookie helps keep user sessions open while they are visiting a website, and help them make orders and many more operations such as: cookie add date, selected language, used currency, last product category visited, last seen products, client identification, name, first name, encrypted password, email linked to the account, shopping cart identification.	480 hours

Cookie name	Provider	Purpose	Expiry
fr	Facebook	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	3 months
tr	Facebook	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	Session
_fbp	Facebook	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.	3 months