Privacy policy

1. General Information

This Privacy Policy sets out the rules for the processing of personal data of users and customers of the online store operating under the name 333ciuszki.

The controller of personal data is:

333ciuszki
FOUMA KAMIL LAREK
Wielewska 2/10
89-600 Chojnice
Poland

VAT ID: PL5552124211
E-mail: kontakt@333ciuszki.pl

Personal data is processed in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council, hereinafter referred to as the “GDPR”.

For matters related to personal data protection, you may contact us at: kontakt@333ciuszki.pl.

2. What Personal Data We Process

Depending on how you use the store, we may process the following personal data:

  • first and last name,
  • e-mail address,
  • phone number,
  • delivery address,
  • billing address,
  • data required to issue an invoice,
  • VAT ID, if the customer requests an invoice,
  • information about placed orders,
  • payment information,
  • data related to returns, complaints and customer service contact,
  • IP address,
  • cookie identifiers,
  • technical data of the device and browser,
  • data concerning user activity on the store website.

We do not process special categories of personal data, such as health data, political opinions, religion or ethnic origin.

3. Purposes and Legal Bases for Processing Personal Data

We process personal data for the following purposes:

a) Order Fulfilment

We process data in order to accept an order, confirm the purchase, prepare the shipment, deliver the product and handle payment.

Legal basis: Article 6(1)(b) GDPR — performance of a sales contract.

b) Payment Processing

Data may be transferred to payment operators in order to process transactions, confirm payments, handle refunds and prevent abuse or fraud.

Legal basis: Article 6(1)(b) GDPR — performance of a contract, and Article 6(1)(f) GDPR — the legitimate interest of the controller consisting in ensuring secure payment processing.

c) Delivery of Orders

We process data in order to dispatch the parcel, transfer it to the carrier, handle delivery and process any delivery-related complaints.

Legal basis: Article 6(1)(b) GDPR — performance of a sales contract.

d) Customer Communication

We process data in order to respond to e-mails and inquiries regarding products, orders, payments, deliveries, returns and complaints.

Legal basis: Article 6(1)(f) GDPR — the legitimate interest of the controller consisting in communication with customers and handling inquiries.

e) Returns and Complaints

We process data in order to receive and handle returns, complaints or other requests related to purchases.

Legal basis: Article 6(1)(c) GDPR — compliance with a legal obligation imposed on the controller, and Article 6(1)(f) GDPR — the legitimate interest of the controller consisting in establishing, pursuing or defending claims.

f) Accounting and Tax Obligations

We process data in order to maintain accounting records, issue invoices, settle taxes and comply with other legal obligations.

Legal basis: Article 6(1)(c) GDPR — compliance with a legal obligation imposed on the controller.

g) Newsletter

If you subscribe to the newsletter, we process your e-mail address in order to send commercial information, promotions, discount codes, information about new products and other marketing content related to the 333ciuszki store.

Legal basis: Article 6(1)(a) GDPR — the user’s consent.

You may withdraw your consent at any time by clicking the unsubscribe link in the e-mail message or by contacting us at: kontakt@333ciuszki.pl.

h) Marketing and Online Advertising

Data may be processed for marketing and remarketing activities, measuring advertising effectiveness and adjusting advertising content using tools such as Meta Ads, Google Ads, Google Analytics and other analytical and advertising tools.

Legal basis: Article 6(1)(a) GDPR — the user’s consent to the use of cookies and similar technologies, or Article 6(1)(f) GDPR — the legitimate interest of the controller, where processing is permitted by law.

In the case of tools such as Google Analytics, Google Ads, Meta Pixel and similar technologies, data should be collected after obtaining the user’s appropriate consent via a cookie banner.

i) Analytics and Store Improvement

Technical and statistical data may be processed in order to analyse website traffic, improve store functionality, detect technical errors and improve the quality of customer service.

Legal basis: Article 6(1)(f) GDPR — the legitimate interest of the controller.

j) Store Security and Fraud Prevention

Data may be processed in order to ensure store security, detect abuse, prevent fraud, secure transactions and protect the rights of the controller.

Legal basis: Article 6(1)(f) GDPR — the legitimate interest of the controller.

4. Recipients of Personal Data

Personal data may be transferred to entities supporting the operation of the store, only to the extent necessary to provide specific services.

Recipients of data may include in particular:

  • Shopify International Ltd. and other Shopify group entities — online store platform,
  • Shopify Payments — payment processing, if this method is available and active in the store,
  • PayPro S.A. / Przelewy24 — payment processing,
  • PayPal — payment processing,
  • InPost sp. z o.o. — delivery services,
  • Google Ireland Limited / Google LLC — analytics, advertising and measurement tools,
  • Meta Platforms Ireland Limited — Meta, Facebook, Instagram advertising and Meta Pixel,
  • newsletter service providers,
  • hosting, technical and IT service providers,
  • accounting office or accounting service providers,
  • public authorities, where required by applicable law.

5. Shopify

The 333ciuszki store operates on the Shopify platform. Shopify may process users’ and customers’ data to the extent necessary for the operation of the store, order processing, shopping cart functionality, payments, customer accounts, communication and security.

Shopify may process and transfer personal data in accordance with its own privacy policy and applicable data protection mechanisms.

6. Transfers of Data Outside the European Economic Area

Due to the use of services such as Shopify, Google, Meta, PayPal or other technology providers, personal data may be transferred outside the European Economic Area, in particular to Canada or the United States.

In such cases, data transfers take place on the basis of appropriate legal mechanisms provided for by the GDPR, such as European Commission adequacy decisions, standard contractual clauses or other safeguards required by law.

7. Cookies and Similar Technologies

The store uses cookies and similar technologies, such as pixels, tags and online identifiers.

Cookies may be used for the following purposes:

  • ensuring proper operation of the store,
  • handling the shopping cart and purchase process,
  • remembering user preferences,
  • analysing website traffic,
  • measuring advertising effectiveness,
  • remarketing,
  • personalising advertising content.

The store may use both first-party cookies and third-party cookies, in particular cookies from Shopify, Google, Meta, PayPal or other technology service providers.

The user may manage cookie consents through the cookie banner available on the store website and through the settings of their web browser.

Some cookies are necessary for the operation of the store. Other cookies, such as analytical and advertising cookies, should be used after obtaining the user’s consent.

8. Meta Pixel, Google Analytics and Advertising

The store may use advertising and analytical tools such as:

  • Meta Pixel,
  • Meta Ads,
  • Facebook Ads,
  • Instagram Ads,
  • Google Analytics,
  • Google Ads,
  • Google Tag Manager.

These tools may process data regarding user activity on the website, such as visited pages, clicks, purchase events, adding a product to the cart, starting checkout or completing a purchase.

This data may be used to:

  • measure advertising effectiveness,
  • create audience groups,
  • conduct remarketing,
  • analyse user behaviour,
  • optimise advertising campaigns.

To the extent required by law, these tools should operate only after obtaining the user’s consent to analytical or marketing cookies.

9. Newsletter

Subscription to the newsletter is voluntary.

As part of the newsletter, we may send information about new products, promotions, discount codes, marketing campaigns and products available in the 333ciuszki store.

The user may unsubscribe from the newsletter at any time by clicking the unsubscribe link included in the e-mail message or by contacting the controller at: kontakt@333ciuszki.pl.

Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.

10. Data Retention Period

We store personal data for the period necessary to achieve the purposes for which it was collected.

In particular:

  • data related to order fulfilment is stored for the duration of the contract and for the limitation period of possible claims,
  • accounting and tax data is stored for the period required by law,
  • data related to complaints and returns is stored for the time necessary to handle the request and for the limitation period of claims,
  • data processed on the basis of consent is stored until consent is withdrawn,
  • data used for marketing purposes based on legitimate interest is stored until an effective objection is raised,
  • technical and analytical data is stored for the period resulting from the settings of a given tool or until cookies are deleted by the user.

11. Rights of Data Subjects

The person whose data is concerned has the right to:

  • access their personal data,
  • receive a copy of their data,
  • rectify their data,
  • erase their data,
  • restrict processing,
  • data portability,
  • object to processing,
  • withdraw consent at any time,
  • lodge a complaint with the President of the Personal Data Protection Office.

To exercise these rights, you may contact the controller at: kontakt@333ciuszki.pl.

12. Right to Object

The user has the right to object to the processing of personal data if the data is processed on the basis of the controller’s legitimate interest.

This applies in particular to data processing for direct marketing, analytics, establishing or defending claims and improving the operation of the store.

13. Voluntary Provision of Data

Providing personal data is voluntary, but in some cases it is necessary to use specific store functions.

Failure to provide data required for order fulfilment may prevent the conclusion or performance of the sales contract.

Failure to consent to the newsletter will prevent receiving marketing messages.

Failure to consent to analytical or marketing cookies should not prevent making a purchase, but may limit ad personalisation and measurement of marketing effectiveness.

14. Automated Decision-Making and Profiling

User data may be used for marketing profiling, consisting of analysing user activity in the store in order to adjust advertisements, measure campaign effectiveness and create advertising audience groups.

Profiling may take place using tools such as Meta Pixel, Google Ads, Google Analytics, Shopify or other marketing tools.

Profiling does not produce legal effects concerning the user and does not similarly significantly affect the user within the meaning of Article 22 GDPR.

15. Data Security

The controller applies appropriate technical and organisational measures to protect personal data against loss, unauthorised access, disclosure, alteration or destruction.

Data transmitted in the store is protected using appropriate technical safeguards available within the Shopify platform and external service providers.

However, please note that no method of data transmission over the Internet or electronic data storage provides a complete and absolute guarantee of security.

16. External Links

The store may contain links to external websites, such as websites of payment operators, carriers, social media platforms or other service providers.

The controller is not responsible for the personal data processing practices used by external websites. Before using such services, it is recommended to read their privacy policies.

17. Changes to the Privacy Policy

The controller may update this Privacy Policy, in particular in the event of changes in the law, technological changes, changes of service providers or changes in the operation of the store.

The current version of the Privacy Policy is always available on the store website.

18. Contact

For matters concerning personal data and this Privacy Policy, you may contact us at:

kontakt@333ciuszki.pl