1. GENERAL PROVISIONS 1.1. This Privacy Policy defines the rules for collecting, using, processing, and protecting the personal data of users (hereinafter referred to as "Users") of the endostar.eu website (hereinafter referred to as the "Service"), owned by the company under the name Poldent Spółka z ograniczoną odpowiedzialnością, with its registered office in Warsaw (postcode 00-194) at ul. Dzika 2, KRS: 0000112777, NIP: 5240004448, REGON: 006716225, and also specifies the rules for using Cookies files on the Service. 1.2. The administrator of Users' personal data within the meaning of Article 4(7) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as "GDPR") is the company under the name Poldent Sp. z o.o. (hereinafter referred to as the "Administrator"). 1.3. Contact with the Administrator is possible by phone at +48 (22) 351 76 61, by email at endostar@endostar.eu, and in writing at the Administrator's address: ul. Dzika 2, 00-194 Warsaw. 1.4. Users of the Service are individuals using the services provided by the Administrator through the Service.

2.1. The Administrator processes Users' personal data only for the following purposes: 1) enabling Users to use the Service, including the provision of services within the Service, 2) conducting marketing of services provided by the Administrator, including sending newsletters, 3) pursuing claims arising from the Administrator's business activities or defending against such claims; 4) analyzing User traffic on the Service, conducting statistics, researching opinions, and User satisfaction; 5) responding to User queries directed to the Administrator through the contact form available on the Service.

3.1. The Administrator collects, uses, and processes the following personal data of Users, provided voluntarily: 1) first and last name; 2) country of residence; 3) email address; 4) phone number; 3.2. Additionally, during the use of the Service, the servers used by the Administrator automatically record so-called system logs, i.e., anonymous information such as the User's visit time, IP address, URL address, type of web browser used, etc.

4.1. The Administrator processes Users' personal data based on the following provisions: 1) Art. 6(1)(a) of the GDPR – the data subject has given consent to the processing of their personal data for one or more specific purposes (applies to the processing of personal data for the purposes indicated in points 2.1.2, regarding newsletter delivery, and 2.1.5 of this Privacy Policy); 2) Art. 6(1)(b) of the GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (applies to the processing of personal data for the purposes indicated in point 2.1.1 of this Privacy Policy); 3) Art. 6(1)(f) of the GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Administrator (applies to the processing of personal data for the purposes indicated in points 2.1.2, 2.1.3, 2.1.4 of this Privacy Policy); 4.2. Users' consent to the processing of their personal data is voluntary but necessary to provide services within the Service by the Administrator.

5.1. The Administrator undertakes to protect Users' personal data in accordance with the following principles: 1) personal data of Users of the Service is processed in compliance with the requirements of the GDPR, the Act of 10 May 2018 on the protection of personal data, and other applicable regulations on the protection of personal data supplementing and/or implementing the GDPR, 2) the Administrator applies technical and organizational measures to protect the processed data appropriate to the threats and categories of data covered by protection, in particular, securing Users' personal data against unauthorized access, loss, or damage, 3) personal data of Users of the Service will not be disclosed by the Administrator to other entities or third parties unless: a) the User has given consent to this, b) it is necessary for the purpose of providing services by the Administrator through the Service – in this case, the Administrator provides only the personal data that is necessary for the provision of the aforementioned services; c) it is required by applicable laws or a justified request of state authorities; d) it is necessary for fraud detection and prevention, as well as solving security and technical issues; e) it is necessary to assert claims available to the Administrator or defend against such claims, 4) to the extent permitted by applicable law, Users' personal data may also be made available to trusted third parties whom the Administrator has authorized or to whom the Administrator has entrusted the processing of personal data, for purposes related to the provision of services by the Administrator, e.g., entities providing hosting services, entities conducting marketing shipments, employees, associates, etc., only to the extent necessary to achieve the purposes indicated in this Privacy Policy. 5) Users' personal data may only be used for the purposes for which they were collected; 6) Users' personal data will be processed no longer than necessary for the proper provision of services within the Service. Data processed in connection with services provided within the Service will be processed until the expiration of claims arising from sales contracts / training participation agreements or until the expiration of the obligation to store data resulting from applicable legal regulations (whichever of these events occurs later). Data processed for marketing purposes, based on the User's consent or on the basis of the necessity of processing for the purposes of the legitimate interests pursued by the Administrator, will be processed until the withdrawal of the consent to their processing or until the effective objection to their further processing is reported. After the processing period, Users' personal data will be deleted; 7) personal data will not be transferred to countries outside the European Economic Area (to countries other than the European Union, Iceland, Norway, and Liechtenstein). 8) In connection with the processing of Users' personal data, decisions regarding Users will not be made in an automated manner (without human involvement). In particular, so-called profiling of data will not be used within the Service. 9) The Service may include links to websites not operated by the Administrator but by third parties. Each time a User enters a page available under the link, the User should familiarize themselves with the privacy policy, terms of use of that page, and other policies and regulations applicable to it. The Administrator is not responsible for the processing of Users' data by entities operating these pages, which have the status of independent personal data administrators.

6.1. Each User has the right to: 1) access to the personal data concerning them processed by the Administrator; 2) request the correction of personal data if they believe that the personal data stored by the Administrator is outdated, incomplete, or inaccurate; 3) request the limitation of the processing of personal data; 4) request the deletion of personal data; 5) object to the processing of personal data in cases specified in Art. 21 of the GDPR (including regarding the processing of Users' personal data based on the legal basis of the Administrator's legitimate interest, especially in relation to direct marketing, including profiling – in such a case, the objection raised is binding for the Administrator); 6) request the transfer of personal data to another personal data administrator in a structured, commonly used, machine-readable format, if technically possible (applies to data processed for the purpose of concluding and performing a contract or processed based on the User's consent); 7) withdraw consent at any time, with the withdrawal of consent not affecting the lawfulness of 6.2. Exercising the rights of the User, listed above, is done by submitting the relevant declaration of will by the User by post to the Administrator's address or via email to endostar@endostar.eu. 6.3. The User also has the right to lodge a complaint with the supervisory authority responsible for the protection of personal data, i.e. the President of the Office for Personal Data Protection, address: ul. Stawki 2, 00-193 Warsaw.

7.1. The website of the Service uses text files called cookies. 7.2. Cookies are computer data, in particular text files, which are stored on the User's end device and are intended for using the websites of the Service. Cookies usually contain the name of the website from which they come, the time of storing them on the end device, and a unique number. Cookies do not contain information allowing the identification of individual Users and are not used to collect their personal data. 7.3. The entity placing cookies on the User's end device and accessing them is the Administrator. 7.4. To use the Service, it is necessary to allow the storage of cookies on the User's end device. Failure to give consent may mean the inability or difficulty in using the Service. 7.5. Cookies do not change the configuration of the User's end device, do not serve to install or uninstall any software, do not interfere with the integrity of the system or User data. 7.6. The Administrator reserves the right to use the services of third parties to develop statistics on the use of the Service. In such a case, no identifying data of Users will be provided to such entities. 7.7. Cookies are used for: a) adjusting the content of the Service's websites to the preferences of Users and optimizing the use of websites; in particular, these files allow recognizing the User's device and displaying a website tailored to their individual needs; b) creating statistics that help understand how Users use the Service's websites, enabling improvement of their structure and content. The statistics are created in a way that does not allow the identification of individual Users. c) maintaining the User's session (after logging in), thanks to which the User does not have to re-enter their login and password on each subpage of the Service. 7.8. The following types of cookies may be used or may be used within the Service: 1) "necessary" cookies - enabling the use of services available within the Service, 2) cookies used to ensure security, e.g., used to detect abuses in the field of authentication within the Service; 3) "performance" cookies, enabling the collection of information on the use of the Service; 4) "functional" cookies, enabling the "remembering" of User-selected settings and personalization of the User interface, e.g., in terms of the selected language or region, font size, appearance of the Service, etc.; 5) "advertising" cookies, enabling the delivery of advertising content more tailored to Users' interests. 7.9. In accordance with the applicable provisions of the Act of 16 July 2004 on Telecommunications Law (consolidated text Journal of Laws of 2018, item 1954), the User has the right to decide on the scope of access to cookies to their computer by making their prior choice in their browser window. "In many cases, software for browsing websites (web browser) allows the storage of cookies on the end device of the User by default. Users can change cookie settings at any time. These settings can be changed, in particular, in such a way as to block the automatic handling of cookies in the web browser settings or inform about their placement in the User's device each time. Detailed information on the possibilities and ways of handling cookies is available in the software settings (web browser). 7.10. The Administrator informs that limiting the use of cookies may affect some functionalities available on the Service.

8.1. The Administrator reserves the right to make changes to this Privacy Policy if required by legal provisions or changes introduced in the Service. The Administrator will inform Users about the planned change and its effective date through the Service, and in relation to registered Users, information will also be provided through the User's account. 8.2. The User using the Service is bound by the current Privacy Policy made available by the Administrator.