1. This Privacy Policy sets out the rules for processing personal data collected through the website sleemanbows.com, hereinafter referred to as the “Website”.
2. The owner of the Website and the Data Controller is Keith Sleeman, TA23 0AD Watchet, Sleeman Bows 27 Swain St., hereinafter referred to as the Controller.
3. Personal data collected by the Controller through the Website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also referred to as GDPR.
4. The Controller takes special care to respect the privacy of Clients visiting the Website.
§ 1 Types of processed data, purposes and legal basis
1. The Controller collects information about natural persons performing legal actions not directly related to their business activity, natural persons conducting business or professional activity in their own name, and natural persons representing legal entities or organizational units without legal personality that are granted legal capacity by law, conducting business or professional activity in their own name, hereinafter collectively referred to as Clients.
2. The Controller processes personal data of Clients in connection with the use of the contact form service on the Website for the purpose necessary to perform a contract or to take steps prior to entering into a contract – processing basis under Art. 6(1)(b) GDPR.
3. When using the contact form service, the Client provides the following data:
email address
first name
phone number
4. While using the Website, additional information may be collected, including: the IP address assigned to the Client’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type. Navigational data may also be collected from Clients, including information about links and references they choose to click or other actions taken on the Website for purposes related to service provision, as well as for technical, administrative, analytical and statistical purposes – in this regard, the processing basis is also Art. 6(1)(f) GDPR, i.e. necessity for purposes arising from the Controller’s legitimate interest, which is ensuring IT security and Website management, as well as improving the functionality of the Website and services provided.
§ 2 Data recipients
1. The Client’s personal data is transferred to service providers used by the Controller in operating the Website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow the Controller’s instructions regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of their processing (controllers).
1.1. Processors. The Controller uses providers who process personal data solely on the Controller’s instructions. These include, among others, providers offering hosting services, accounting services, marketing systems, website traffic analysis systems, and marketing campaign effectiveness analysis systems.
1.2. Controllers. The Controller uses providers who do not act solely on instructions and independently determine the purposes and methods of using Clients’ personal data. They provide electronic payment and banking services.
2. Location. Service providers are based mainly in Poland and in other countries of the European Economic Area (EEA).
3. Upon request, the Controller discloses personal data to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, Police, the President of the Personal Data Protection Office, the President of the Office of Competition and Consumer Protection, or the President of the Office of Electronic Communications.
§ 3 Data retention period
1. Clients’ personal data is retained:
1.1. Where the basis for processing personal data is consent, the Client’s personal data is processed by the Controller until the consent is withdrawn, and after withdrawal of consent for a period corresponding to the limitation period for claims that the Controller may raise and that may be raised against them. Unless a specific provision provides otherwise, the limitation period is six years, and for periodic performance claims and claims related to business activity – three years.
1.2. Where the basis for processing data is the performance of a contract, the Client’s personal data is processed by the Controller for as long as is necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for periodic performance claims and claims related to business activity – three years.
§ 4 Cookies mechanism, IP address
1. The Website uses small files called cookies. They are stored by the Controller on the end device of the person visiting the Website, provided the web browser allows it. A cookie file typically contains the domain name from which it originates, its “expiry time”, and an individual, randomly selected number identifying the file. Information collected using such files helps to customize the products offered by the Controller to the individual preferences and actual needs of persons visiting the Website.
2. The Controller uses two types of cookies:
2.1. Session cookies: after the browser session ends or the computer is turned off, the stored information is deleted from the device memory. The session cookies mechanism does not allow the collection of any personal data or any confidential information from Clients’ computers.
2.2. Persistent cookies: they are stored in the memory of the Client’s end device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from Clients’ computers.
3. The Controller uses its own cookies for the purpose of:
3.1. analysis, research and audience auditing, and in particular for creating anonymous statistics that help understand how Clients use the Website, which enables improvement of its structure and content.
4. The Controller uses external cookies for the purpose of:
4.1. presenting on informational pages of the Website a map indicating the location of the Controller’s office, using the maps.google.com service (external cookie controller: Google Inc based in the USA).
5. The cookies mechanism is safe for the computers of Clients visiting the Website. In particular, it is not possible for viruses or other unwanted software or malicious software to enter Clients’ computers through this method. Nevertheless, Clients have the ability in their browsers to limit or disable access of cookie files to computers. If this option is used, the use of the Website will be possible, except for functions that by their nature require cookie files.
6. The Controller may collect Clients’ IP addresses. An IP address is a number assigned to the computer of a person visiting the Website by the Internet service provider. The IP number enables access to the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes with each connection to the Internet and for this reason is commonly treated as non-personal identifying information. The IP address is used by the Controller to diagnose technical problems with the server, create statistical analyses (e.g. determining from which regions the most visits are recorded), as information useful in administering and improving the Website, as well as for security purposes and possible identification of unwanted automated programs browsing the Website content that burden the server.
§ 5 Rights of data subjects
Persons whose data is processed are entitled to:
1. The right to withdraw consent to data processing at any time:
1.1. The Client has the right to withdraw any consent they have given.
1.2. Withdrawal of consent takes effect from the moment of withdrawal.
1.3. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
1.4. Withdrawal of consent does not entail any negative consequences for the Client, but may prevent further use of services or functionalities that the Controller may legally provide only with consent.
2. The right to object to data processing:
2.1. The Client has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. The Controller may no longer process such personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims.
2.2. Opting out by email from receiving marketing communications about products or services shall constitute the Client’s objection to the processing of their personal data, including profiling for those purposes.
3. The right to erasure of data (“right to be forgotten”):
3.1. The Client has the right to request the erasure of all or some of their personal data.
3.2. The Client has the right to request the erasure of personal data if:
3.2.1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
3.2.2. they have withdrawn the specific consent, to the extent that the personal data was processed on the basis of their consent;
3.2.3. they have objected pursuant to Art. 21(1) GDPR to the processing and there are no overriding legitimate grounds for the processing, or they have objected pursuant to Art. 21(2) GDPR to the processing;
3.2.4. the personal data has been unlawfully processed;
3.2.5. the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
3.2.6. the personal data has been collected in relation to the offer of information society services.
3.3. Despite a request for erasure of personal data, in connection with an objection or withdrawal of consent, the Controller may retain certain personal data to the extent that processing is necessary for the establishment, exercise or defence of legal claims, as well as for compliance with a legal obligation requiring processing under Union or Member State law to which the Controller is subject. This applies in particular to personal data including: first name, last name, email address, which data is retained for the purposes of handling complaints and claims related to the use of the Controller’s services, or additionally residential address/correspondence address, order number, which data is retained for the purposes of handling complaints and claims related to concluded sales contracts or provision of services.
4. The right to restriction of processing:
4.1. The Client has the right to request restriction of the processing of their personal data. Filing such a request, until it is resolved, prevents the use of certain functionalities or services the use of which involves processing of data covered by the request. The Controller will also not send any communications, including marketing ones.
4.2. The Client has the right to request restriction of the use of personal data in the following cases:
4.2.1. when they contest the accuracy of their personal data – the Controller restricts their use for the time needed to verify the accuracy of the data, but for no longer than 7 days;
4.2.2. when data processing is unlawful and instead of erasure, the Client requests restriction of their use;
4.2.3. when the personal data is no longer necessary for the purposes for which it was collected or used, but it is needed by the Client for the establishment, exercise or defence of legal claims;
4.2.4. when the data subject has objected to the processing of their data – until it is determined whether the legitimate grounds on the Controller’s side override the grounds of the data subject’s objection.
5. The right to request access to personal data and to receive a copy thereof:
5.1. The Client has the right to obtain from the Controller confirmation as to whether personal data is being processed, and where that is the case, the Client has the right to:
5.1.1. obtain access to their personal data;
5.1.2. obtain information about the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients of such data, the planned period of storing the Client’s data or the criteria for determining that period (where it is not possible to determine the planned processing period), the rights available to the Client under GDPR and the right to lodge a complaint with a supervisory authority; where personal data has not been collected from the data subject – any available information about its source; information about automated decision-making, including profiling referred to in Art. 22(1) and (4) GDPR, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; and information about safeguards applied in connection with the transfer of personal data outside the European Union;
5.1.3. obtain a copy of their personal data. The right to obtain a copy must not adversely affect the rights and freedoms of others.
6. The right to rectification (correction) of data:
6.1. The Client has the right to request that the Controller rectify without undue delay inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement, by directing a request to the email address in accordance with §6 of the Privacy Policy.
7. The right to data portability:
7.1. The Client has the right to receive their personal data which they have provided to the Controller, and then to transmit it to another data controller of their choice. The Client also has the right to request that the personal data be transmitted by the Controller directly to such controller, where technically feasible. In such a case, the Controller will transmit the Client’s personal data in a CSV file format, which is a commonly used, machine-readable format that allows the received data to be transmitted to another data controller.
8. The right to lodge a complaint with a supervisory authority:
8.1. The Client has the right to lodge a complaint with the President of the Personal Data Protection Office regarding any violation of their data protection rights or other rights granted under GDPR.
9. Where the Client exercises a right arising from the above rights, the Controller fulfils the request or refuses to fulfil it without undue delay, but no later than within one month of receipt. However, if – due to the complex nature of the request or the number of requests – the Controller is unable to fulfil the request within one month, it shall fulfil it within the next two months, informing the Client in advance within one month of receipt of the request of the intended extension and its reasons.
10. The Client may submit complaints, enquiries and requests to the Controller regarding the processing of their personal data and the exercise of their rights.
§ 6 Changes to the Privacy Policy
1. The Privacy Policy may be changed, and the Controller is not obliged to inform about such changes.
2. Questions related to the Privacy Policy should be directed to the following email address:
keith@sleemanbows.com3. Date of last modification: April 10, 2026