Privacy policy

The Privacy Policy defines the rules of conduct and information regarding the processing of personal data of users of the Store. Each person using the Store remains anonymous until they choose to reveal their identity. The processing of shared personal data takes place solely on the basis of and within the limits of legal provisions. To ensure the security of user data, the Website Administrator selects technical measures to ensure the most complete protection, including, in particular, preventing unauthorized access and processing in violation of the law.

Personal Data Administrator

The personal data administrator is Aleksandra Dłutowska, conducting business under the name Aleksandra Dłutowska DŁUTEXPOL, entered into the Central Register and Information on Business, Tax Identification Number (NIP) 7252318053, National Business Registry Number (REGON) 521657863, ul. Zamenhofa 5/12, 90-139 Łódź

You can contact the Administrator by mail at the address provided above or by email at: a.dlutowska@gmail.com

Scope of Data Processing

The Administrator collects and processes identifying personal data, such as first name, last name, date of birth, business activity, Tax Identification Number (NIP), National Business Registry Number (REGON), and contact details: address, telephone number, and email address.

In addition, the website also processes non-personal information about the device on which the user uses the Store, enabling the best and most secure user experience – such as the computer's IP address, information contained in cookies or other similar technologies, session data, web browser data, data regarding information on the pages, and, if the user has provided additional consent, also geolocation information.

Purpose and legal basis of data processing

User personal data are processed in accordance with:

The Personal Data Protection Act of 10 May 2018, the Act of 18 July 2002 on the provision of electronic services,

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the GDPR),

The Telecommunications Law Act of 16 July 2014,

The Civil Code Act of 23 April 1964.

In the event of any changes to the personal data protection regulations, the Administrator undertakes to comply with their new form in this Policy.

The user's personal data will be processed for the purpose of accepting and fulfilling the Order, concluding, executing, and withdrawing from the Sales Agreement, answering questions or providing other information requested by the user, handling complaints, for marketing and statistical purposes, as well as for targeting content or advertising.

Method of Data Acquisition

Personal data is collected directly from the user by providing it via the contact form. Other data not constituting personal data, referred to in § 2, is transmitted automatically by the device used by the user when using the website.

Data Sharing

The Controller, based on a specific authorization or an agreement between the Controller and the data processor, may transfer user data to:

the Controller's employees and associates,

the Google Analytics platform operated by Google LLC, based in Menlo Park, California, USA,

the Facebook portal operated by Facebook Inc., based in Palo Alto, California, USA,

other entities, under a data processing agreement, if necessary for the performance of the Agreement.

The transfer of user personal data may only occur if necessary in connection with handling a user's request or inquiry via the contact form.

Given that the entities listed in points b) and c) are registered in countries outside the European Economic Area, the Controller also informs that for statistical purposes, advertising optimization, and the functionality of social plugins, it shares data on a very limited basis with two entities that meet the criteria for a Third Country within the meaning of the GDPR. Both entities are headquartered in the United States and have joined the Privacy Shield program. Data is transferred under agreements containing the clauses specified in European Commission Decision 2010/87/EU. Therefore, the transfer of data to them is consistent with the European Commission Implementing Decision of July 12, 2016, and the scope of the data transferred prevents the identification of a specific individual.

User Rights

The data subject whose personal data is processed by the Personal Data Controller has the following rights:

The right to access their personal data (Article 15 of the GDPR), including obtaining a copy of the data being processed, including in electronic form, and to obtain information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom the data may be disclosed, and the planned retention period of the personal data.

The right to rectification (amendment) (Article 16 of the GDPR) of their personal data if they are inaccurate or incomplete.

The right to request the erasure of personal data (Article 17 of the GDPR) if:

they are no longer necessary for the purposes for which they were collected or otherwise processed;

the data subject has withdrawn consent and there is no other legal basis for the processing;

the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

the personal data have been processed unlawfully;

Personal data must be erased to comply with a legal obligation under EU or Member State law to which the Controller is subject;

The personal data were collected in connection with the provision of information society services;

The right to request restriction of data processing (Article 18 of the GDPR) when:

The data subject contests the accuracy of the personal data – for a period enabling the Controller to verify the accuracy of the data;

The processing is unlawful and the data subject objects to the erasure of the personal data, requesting instead the restriction of their use;

The Controller no longer needs the personal data for the purposes of processing, but the data subject requires them to establish, pursue, or defend legal claims;

The data subject has objected to processing – pending the determination of whether the Controller's legitimate grounds override the data subject's objection;

The right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), Address: ul. Stawki 2, 00-193 Warsaw.

To exercise these rights, the user should contact the Controller by mail or electronically. The Controller is obligated to provide information on the actions taken in response to the request within one month; in particularly complex cases or due to a significant number of requests, this period may be extended to three months.

Data Retention Period

In accordance with applicable legal bases, the Controller will retain personal data for the duration of the Controller's legitimate interest, but no longer than the limitation period for the Controller's claims against the data subject.

Data Security

The Controller employs appropriate technical and organizational measures to fully protect the user's personal data – in particular, protecting it against unauthorized access, loss, or destruction.

Cookies

A cookie is a small piece of text that a website sends to a browser and which the browser sends back upon subsequent visits to the website. The use of cookies on websites, although legally bound by the obligation to inform users about their use, does not significantly impact data processing itself, primarily serving the convenience of the website user and, in part, the development opportunities of the website owner. Cookies are used to optimize the use of websites by giving them a personalized character tailored to the user, using, among other things:

identifying the computer and browser used to browse websites – for example, by determining whether a given computer has visited the website before;

tailoring the display of the website to the user's preferences through anonymous analysis of their online behavior;

remembering expectations regarding the website, such as language, color, and content layout;

enabling the operation of individual accounts on websites;

eliminating the burden of logging in to each individual subpage of the website;

"memory" of presented advertisements to avoid presenting users with repetitive and uninteresting content.

Cookies never change the operation of devices and are not harmful to them in any way; they do not change browser configurations and are not shared with other websites, advertisers, etc. except for the entities indicated above in § 5. On each page, the user has the option to accept or block cookies, but this may hinder or prevent access to many of the site's features and functionalities. Regardless of the choice made, each browser allows you to clear all cookies stored in it.