Privacy Policy

Privacy Policy

maliwojownicy.com

Update date: 29/09/2025

1) Data controller

The administrator of your personal data is:
BaseElektric – Artur Idasiak , ul. Leszczyńskiego 4/29, 50-078 Wrocław , NIP 8952003168 , REGON 387702759 .
Contact e-mail: modernwallartcompany@gmail.com .
(“ Administrator ”, “ we ”, “ our store ”).

2) Scope, purposes and basis of processing

We process data only to the extent necessary for the following purposes:

  • Fulfillment of the order/sales contract (including payment, delivery, handling of complaints and returns) – Article 6(1)(b) of the GDPR .
    Data: name and surname, delivery/billing address, e-mail, telephone number, payment details, order number.

  • Maintaining a customer accountArticle 6(1)(b) of the GDPR .
    Data: e-mail/login, password (encrypted), profile data.

  • Contact and support (replies to messages, forms) – Article 6(1)(f) GDPR (our legitimate interest: handling enquiries).
    Data: e-mail, name, content of inquiry, telephone number (if provided).

  • Issuing accounting documents and fulfilling legal obligations (e.g. storing documentation) – Article 6(1)(c) of the GDPR .

  • Newsletter/marketing communications (if you subscribe or consent) – Article 6(1)(a) GDPR (consent) and/or Article 6(1)(f) GDPR (legitimate interest: own marketing). You can unsubscribe at any time.

  • Analytics, statistics, website security and content personalisation (including cookies, server logs, analytical tools) – Article 6(1)(f) of the GDPR (legitimate interest: website development and security).
    In practice, this is an approach typical for online stores; the solutions and description of transfers to supplier tools are in line with established market standards.

Providing data is voluntary, but necessary to conclude a contract, create an account or receive the newsletter.

3) Categories of data processed

  • Identification data (name, surname, company name and Tax Identification Number – if you are buying on behalf of a company).

  • Contact details (address, email, telephone).

  • Transaction data (order number, products, amounts, payment status).

  • Technical and activity data (IP address, cookie/SDK identifiers, logs, device/browser information).

4) Data recipients (processors and other controllers)

In connection with running the store, we entrust or share data with entities that help us operate:

  • Store platform and hosting : Shopify (store infrastructure, maintenance, security).

  • Online payments : e.g. Tpay/Przelewy24/PayU/Stripe/PayPal (depending on the chosen method).

  • Shipping : e.g. InPost, DPD, DHL, Poczta Polska (delivery).

  • Analytics and marketing : Google Analytics / Google Ads , Meta (Facebook/Instagram) Pixel , TikTok Pixel , [optional] Klaviyo (newsletter/automations).

  • Accounting and consulting : accounting office and legal advisors (when necessary).

The scope and logic of these disclosures and the mention of Shopify/Google/Meta/TikTok correspond to the practice described in reliable e-commerce policy templates, including the mechanics of transfers outside the EEA (more in point 5).

5) Transfer of data outside the EEA

If we use tools from providers with servers or affiliated companies located outside the European Economic Area (e.g. Shopify – Canada, Google , Meta , Microsoft , Klaviyo – USA; TikTok – UK), the data is transferred in accordance with the GDPR, including on the basis of:

  • decisions establishing an adequate level of protection (e.g. Canada, UK) and/or

  • Standard Contractual Clauses (SCCs) and additional safeguards required by EU law, and/or

  • current mechanisms under the EU–US Data Privacy Framework for US providers (if they are certified).
    This approach to transfers and legal bases reflects the recommended, practical standard in online store privacy policies.

6) Data storage period

  • Data related to the contract and settlements – for the duration of the contract and for the limitation period for claims (usually up to 6 years) and for the period required by tax/accounting regulations.

  • Account data – until the account is deleted.

  • Marketing data (newsletter, marketing/analytical cookies) – until consent/objection is withdrawn or cookies expire/cleared.

  • Correspondence – until the end of the case and for the period necessary to defend against claims.

7) Your rights

You have the right to:

  • access your data and obtain a copy,

  • rectification (correction) of data,

  • deletion (“being forgotten”) – when the data is no longer needed or consent has been withdrawn,

  • processing restrictions ,

  • data transfer (to the extent technically possible),

  • object to processing based on our legitimate interests (including direct marketing),

  • withdraw consent at any time (without affecting the lawfulness of previous processing).

You also have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

8) Automatic decision-making and profiling

We do not make fully automated decisions about you that would have legal consequences. We may use basic marketing segmentation (e.g., targeting advertising audiences based on website events), which is standard in e-commerce and does not have any legal consequences for you. If you do not wish to do so, you can object or change your cookie settings.

9) Cookies and similar technologies

Our store uses our own and third-party cookies (analytics, advertising, functional).
On your first visit, we display a consent banner – you can accept immediately or manage categories.
Detailed information (cookie types, lifespans, providers) is published in a separate document, "Cookie Policy" (tab in the footer). The layout and logic of this section correspond to practices described in credible templates for online stores.

10) Data sources

We obtain data directly from you (forms, orders, contact) and also indirectly from analytical/advertising tools (cookies/SDK) in accordance with your consent settings.

11) Safety measures

We use appropriate technical and organizational measures, including transmission encryption (HTTPS), access control, backups and the principle of data minimization.

12) Policy Changes

We may update this Policy, including as the law, tools, or scope of services change. We will always post the current version and the date of the change.

13) Contact

For matters relating to personal data, please contact us: modernwallartcompany@gmail.com .
If possible, please include in the body of the text what the matter concerns (e.g. "access to data", "objection", "deletion of data") – this will facilitate quick handling.