Privacy Policy

1. Personal Data Controller

The controller of your personal data is Marta Dwojak, conducting unregistered business activity, with its registered office at: ul. Osiedlowa 14b, 87-134 Przysiek, Poland. You may contact the Controller via email at: kontakt@made4u.art.

2. Source, Purposes, and Legal Basis for Data Processing

Personal data is collected directly from the data subjects, in particular through forms available on the website, the ordering process, and email contact. Providing personal data is voluntary but necessary to conclude a sales contract and fulfill an order. Failure to provide data may result in the inability to process an order or respond to an inquiry. We process your personal data for the following purposes:

• Conclusion and Execution of the Sales Contract (Order Fulfillment):
  • Purpose: Order acceptance, shipping of goods, payment processing, and handling potential complaints or returns.
  • Data Types: First and last name, delivery address, email address, phone number.
  • Legal Basis: Art. 6(1)(b) GDPR (processing is necessary for the performance of a contract).
• Financial and Accounting Settlements:
  • Purpose: Maintaining sales records and complying with tax law requirements.
  • Data Types: First name, last name, address, billing/invoice details.
  • Legal Basis: Art. 6(1)(c) GDPR (compliance with a legal obligation to which the Controller is subject).
• Handling Inquiries (Contact Form / Email):
  • Purpose: Responding to messages sent directly to us or via the website form.
  • Data Types: First name, last name, email address, phone number (if provided).
  • Legal Basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller – communication with users).
• Technical and Statistical Purposes (Server Logs):
  • Purpose: Ensuring the stability, security, and proper functioning of the website.
  • Data Types: IP address, server date and time, browser, and operating system information.
  • Legal Basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller).

3. Data Retention Period

• Data related to order fulfillment and tax settlements are stored for 5 years, starting from the end of the calendar year in which the tax payment deadline expired (in accordance with Polish tax regulations).
• Data from contact inquiries are stored for the period necessary to provide a response and potentially secure claims (no longer than 3 years).

4. Data Recipients

We care about the confidentiality of your data. It may be transferred only to entities that support us in providing services:

• Payment Service Providers: To pay for the order, your data is transferred to the payment operator (e.g., [insert name, e.g., PayU, Przelewy24, Stripe]).
• Courier and Logistics Companies: To deliver the order, we share your data with delivery companies (e.g., [insert name, e.g., InPost, DPD]).
• Accounting Tools: If necessary to issue an invoice, data may be processed in the accounting system [insert system name, e.g., Fakturownia, wFirma].
• Hosting Provider: The website is maintained on the servers of Netlify, Inc., based in the USA. Netlify ensures an adequate level of data protection by participating in Data Privacy Framework programs recognized by the EU as secure. In the case of transferring data outside the EEA, the Controller ensures the use of appropriate safeguards required by GDPR, including standard contractual clauses or mechanisms recognized by the European Commission.
• Email Provider: Email is handled by Home.pl.

5. Local Data Storage and Cookies

The website uses data storage technologies:

• Necessary Cookies (Technical): Used by the server and the store system for the proper functioning of the website, e.g., to maintain the user session, save the shopping cart status, and finalize the ordering process.
• Local Storage (localStorage): Saves preferences regarding theme (light/dark) and language. This data remains exclusively on your device. The website does not use cookies for marketing or analytical purposes that require user consent. You can delete saved data at any time by clearing your browser data.

6. User Rights

According to GDPR, you have the following rights:

• The right to access your data and receive a copy.
• The right to rectify (correct) your data.
• The right to erase data (the "right to be forgotten") – provided it does not violate the obligation to store accounting documentation.
• The right to restrict data processing.
• The right to object to processing – especially regarding data processed based on the Controller's legitimate interest (Art. 6(1)(f) GDPR).
• The right to data portability (for data processed based on a contract).
• The right to lodge a complaint with the President of the Personal Data Protection Office (PUODO).

7. Security and Profiling

The website uses secure SSL encryption, ensuring the confidentiality of data transmitted between your browser and the server. Your personal data is not subject to automated decision-making, including profiling.

8. Changes to the Privacy Policy

The Controller reserves the right to make changes to the Privacy Policy, particularly in the event of changes in the law or data processing methods. The current version of the document is always available on the store's website.