Privacy Policy

1. General Information

This Privacy Policy outlines the principles of collecting, processing, and using personal data of users who visit the website www.malesa.shop (hereinafter referred to as the “Service”).

2. Data Controller

The data controller is Damian Malesa, operating under the business name Malesa, registered in the Central Registration and Information on Business (CEIDG), NIP: 7011206772, REGON: 528711850. The controller can be contacted via:

  • Email: damian@malesa.shop
  • Phone: +48 881 445 773
  • Address: Ul. Wspólna 41 m. 77, 00-519 Warsaw, Poland

3. Scope of Collected Data

We collect personal data that users voluntarily provide when using the Service, including:

  • Full name
  • Email address
  • Phone number
  • Delivery address
  • Payment information

4. Purposes of Data Processing

Personal data is processed for the following purposes:

  • Fulfilling orders placed via the Service.
  • Communicating with users regarding order fulfillment.
  • Providing information on order status.
  • Handling complaints and returns.
  • Sending newsletters (based on prior consent).

5. Cookies

The www.malesa.shop website uses cookies to:

  • Facilitate the use of the Service and tailor it to user preferences.
  • Analyse site traffic and improve the quality of services.
  • Enable functions related to orders and user login.

Users have the right to manage cookie settings through their web browser. Depending on the browser, it is possible to block or delete cookies. More information about cookies can be found in the browser settings.

6. Legal Basis for Data Processing

The processing of users’ personal data is based on:

  • Article 6(1)(b) of the GDPR – necessity for the performance of a contract.
  • Article 6(1)(a) of the GDPR – user consent (for newsletters).

7. Data Sharing

Users’ personal data may be shared with:

  • Courier companies for order delivery.
  • Payment service providers (e.g., PayU) for processing payments.
  • Other entities that support our business activities, provided appropriate safeguards are in place.

8. User Rights

Users have the right to:

  • Access their personal data.
  • Rectify personal data.
  • Erase personal data (“right to be forgotten”).
  • Restrict the processing of personal data.
  • Transfer personal data.
  • Object to the processing of personal data.

9. Data Retention

Users’ personal data will be stored for the period necessary to fulfil the order and until the user withdraws consent for data processing (in cases where consent is the basis for processing).

10. Data Security

We ensure the security of users’ personal data by implementing appropriate technical and organisational measures to protect data against unauthorised access, disclosure, or destruction.

11. Changes to the Privacy Policy

We reserve the right to make changes to this Privacy Policy. Any changes will be published on the Service, and users will be informed of any significant changes. It is recommended to regularly review the Privacy Policy to stay informed of any updates.

12. Contact

If you have any questions or concerns regarding the Privacy Policy or the processing of personal data, users can contact the Data Controller using the contact details provided above.

13. Final Provisions

This Privacy Policy is effective as of 20 September 2024. By using the Service, the user accepts the terms contained in this Privacy Policy.