PRIVACY POLICY
OF THE WEBSITE
For the Owner of this website, the protection of Users’ personal data is of the utmost importance. The Owner makes every effort to ensure that Users feel safe entrusting their personal data while using the website.
A User is a natural person, a legal person, or an organizational unit without legal personality, which the law grants legal capacity, using electronic services available on the website.
This privacy policy explains the principles and scope of processing User personal data, the rights they are entitled to, the responsibilities of the data controller, and informs about the use of cookies.
The Administrator applies state-of-the-art technical and organizational measures to ensure a high level of protection of processed personal data and protection against unauthorized access.
The Privacy Policy constitutes an integral part of the Terms and Conditions. By using our services, you entrust your personal data. This document informs which data is collected, for what purpose, and how it is processed and protected.
I. DATA CONTROLLER
The personal data controller is Karolina Trojanowska, with registered address: ul. Wojska Polskiego 9/22 05-220 w Zielonce, registered in the business register maintained by the District Court in Warsaw, Commercial Division, NIP: 5243010449 (hereinafter: the “Owner”).
Karolina Trojanowska can be contacted in writing at the above address or by e-mail at: contact@karodj.pl.
The Administrator has not appointed a Data Protection Officer (GDPR Art. 37).
We comply with personal data protection rules in accordance with GDPR (EU Regulation 2016/679) and the Personal Data Protection Act.
At the User’s request, the Administrator provides comprehensive information about the processing of their data, including to whom it is disclosed and how it is protected.
II. PRIVACY PRINCIPLES
We respect Users’ privacy and guarantee convenient use of our services.
Personal data is used only to the extent necessary to provide services and in a fair manner.
Users have the right to full information about what data is collected, for what purpose, and to whom it may be disclosed.
In case of questions or doubts regarding personal data, the Administrator will take appropriate clarifying actions.
Legal bases for data processing:
Art. 6(1)(a) – User consent (including marketing and profiling)
Art. 6(1)(b) – Performance of a contract (purchase of products)
Art. 6(1)(c) – Legal obligation
Art. 6(1)(e) – Tasks carried out in the public interest
Art. 6(1)(f) – Legitimate interests of the Administrator
Personal data related to order fulfillment is processed for the period required by law (max. 10 years).
Data processed for future contracts is stored until an objection is submitted.
III. PURPOSE OF PERSONAL DATA PROCESSING
1. Personal data is processed for the following purposes:
-
order fulfilment, product delivery, invoicing and payment processing,
-
direct marketing and profiling exclusively upon the User’s explicit consent,
-
website analytics (anonymised data, e.g. Google Analytics),
-
handling enquiries and contact forms,
-
creation of user accounts and login.
2. The following personal data may be processed:
-
first and last name,–
-
residential address,
-
delivery address (if different),
-
tax identification number (if applicable),
-
e-mail address,
-
telephone number,
-
information about the browser and device used,
-
other data voluntarily provided by the User.
3. Providing personal data is voluntary; however, it is necessary for the full performance of the services.
4. Personal data may be transferred to entities within the European Economic Area or to other related third parties for processing, in accordance with applicable laws and this Privacy Policy.
5. Access to personal data is granted to entities necessary for the operation of the Service, including:
-
hosting companies providing hosting or related services for the Administrator,–
-
newsletter service providers,
-
IT service and support companies performing maintenance or responsible for maintaining IT infrastructure,
-
companies acting as intermediaries in online and mobile payments for goods or services offered within the Service,
-
accounting offices,
-
companies responsible for delivering physical products to the User (postal and courier services in the case of purchase transactions carried out via the Service).
6. Personal data of Users may also be transferred to payment service providers to the extent necessary to process transactions, in particular:
-
PayU S.A., with its registered office in Poznań – for the purpose of processing card payments (Visa, Mastercard),
-
PayPal (Europe) S.à r.l. et Cie, S.C.A. – where PayPal is selected as the payment method,
-
Stripe Payments Europe Ltd. – where Apple Pay or Google Pay is selected as the payment method.
7. These entities process personal data as independent data controllers in accordance with their own privacy policies. The Seller does not process or store Users’ card payment details.
IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA
Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR).
The Administrator processes personal data only after obtaining the User’s consent.
Consent for data processing is entirely voluntary.
V. USER RIGHTS
In certain situations, the Administrator may share your personal data with other recipients if necessary for the execution of a contract or fulfillment of the Administrator’s legal obligations.
Your personal data is not processed longer than necessary to perform the related actions (e.g., accounting rules). Marketing data is not processed for more than 3 years.
User rights procedure:
The Administrator will respond within 1 month of receiving a request.
Users have the right to request from the Administrator:
Access to their personal data
Correction
Deletion
Restriction of processing
Data portability
Users can object to processing for legitimate interests, including profiling, unless there are overriding lawful grounds.
Complaints can be submitted to the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw.
Personal data provision is voluntary but necessary for service operation.
Automated decisions and profiling may occur for service provision or direct marketing purposes.
Personal data is not transferred outside the EU.
VI. SELECTED DATA PROTECTION METHODS USED BY THE ADMINISTRATOR
Login and data entry areas are protected via transmission layer security (SSL certificate).
Data entered on the website is encrypted on the User’s device and readable only on the target server.
VII. HOSTING
The website is hosted on servers by: home.pl
The hosting provider keeps server logs for technical reliability, including:
Requested URL resources
Request and response times
Client station identification via HTTP
Errors in HTTP transactions
Referrer URLs
Browser and IP information
Email-related diagnostic information
VIII. INFORMATION IN FORMS
The website collects information voluntarily provided by the User, including personal data.
Connection parameters may be logged (timestamp, IP).
Forms may include identifiers linking submitted data to the User’s email.
Data entered in forms is processed to fulfill the specific form’s function, e.g., service request handling, business contact, service registration, etc. Each form clearly explains its purpose.
IX. ADMINISTRATOR LOGS
User activity on the website may be logged for administration purposes.
X. IMPORTANT MARKETING TECHNIQUES
The Operator uses website traffic analysis via Google Analytics. Data is anonymized.
Users can view and manage preferences via: https://www.google.com/ads/preferences/
Remarketing adjusts ads based on User behavior but does not share personal data with advertisers.
Heatmaps and session recordings are anonymized; passwords and personal data are not recorded.
Automated communications may occur with User consent.
XI. COOKIES
The website uses cookies or similar technologies to collect information about User access and preferences.
Cookies are used for analytics, advertising, and customization.
Types of cookies:
Internal cookies – stored by the website system
External cookies – stored by third-party systems
Session cookies – deleted after session ends
Persistent cookies – stored until manually deleted
All cookies comply with EU law.
Explicit consent (banner) is required for marketing and analytics cookies.
Users can adjust browser settings to manage cookie preferences.
Cookies may also be used by cooperating entities, e.g., Google, Facebook, Twitter, for analytics and service optimization.
XII. SOCIAL MEDIA PLUGINS
Social media plugins may be used:
Instagram: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (Instagram Plugins)
SoundCloud: SoundCloud Ltd., 50 Berkeley Street, London W1J 8HA, UK (SoundCloud Plugins)
YouTube: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (YouTube Plugins)
Plugins transmit only data necessary for operation. If Users are logged into social accounts while browsing, some data may be shared with providers. Log out of accounts to avoid this.