Privacy Policy

Personal Data Privacy Policy (GDPR)

STITCHE.PL

§1 Identity of the Data Controller

The controller of personal data provided during the use of the Online Store operated under the name stitche.pl is Tomasz Muszyński, conducting business activity under the name Tomasz Muszyński CentrumOfertowe , NIP: 9512296505, REGON: 529912266, ul. Związku Walki Młodych 6/82, 02-786 Warsaw.
Data are processed in accordance with the currently applicable legal provisions: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), the Act of 10 May 2018 on data protection and the Act of 18 July 2002 on the provision of services by electronic means.
The following Privacy Policy covers the principles of processing the data of Website Users, persons concluding agreements with the Data Administrator, as well as data collected through contact with the Administrator (e-mail address, telephone) or traditional correspondence.

§2 Definitions Used

  1. Website/Store – the website available at stitche.pl , through which the User can browse its contents, contact the data administrator, place orders for products and order commercial and marketing information (newsletter).
  2. Personal data administrator – Tomasz Muszyński, running a business under the name Tomasz Muszyński CentrumOfertowe .
  3. User – a natural person whose data is processed and who uses the services available on the Website/Store.
  4. Personal data – any information that may enable the identification of a natural person, including identification, address and contact data.

§3 Purposes of Personal Data Processing

The Administrator processes personal data only when it is in accordance with applicable law, including:

  1. In order to execute the sales contract via the online store, pursuant to Article 6 paragraph 1 letter b) of the GDPR.
  2. For the purpose of maintaining accounting and tax documentation pursuant to Article 6(1)(c) of the GDPR.
  3. In order to answer questions asked via electronic means of communication, pursuant to Article 6 paragraph 1 letter b) of the GDPR.
  4. For the purpose of sending marketing information by electronic means (newsletter) based on consent, Article 6 paragraph 1 letter a) of the GDPR.
  5. For the purpose of registration and creation of an Account in the Store, based on consent, Article 6 paragraph 1 letter a) of the GDPR.
  6. For the purpose of marketing our own products through traditional channels, pursuant to Article 6 paragraph 1 letter f) of the GDPR.
  7. For the purpose of obtaining opinions on services and products based on consent, Article 6 (1) (a) of the GDPR.
  8. In order to pursue rights and claims, pursuant to Article 6 paragraph 1 letter f) of the GDPR.

Providing personal data is necessary for the execution of the contract and the issuance of an accounting document; in the remaining scope it is voluntary.

§4 Methods of Data Collection

Personal data is collected directly from Users through:

  1. Contact form on the website.
  2. Newsletter subscription form.
  3. Online store order form.
  4. Registering an account on the Website.
  5. Direct contact with the data administrator.

§5 Scope of Processed Data

The following data are processed:

  1. To submit an inquiry: name, e-mail address, telephone number.
  2. To subscribe to the newsletter: name, e-mail address.
  3. To place an order: name and surname, e-mail address, telephone number, delivery address.
  4. To register an account: name and surname, e-mail address, password, login.
  5. To issue an invoice: name and surname or name of the entity, address, Tax Identification Number.

§6 Data Processing Period

  1. Data related to the performance of the contract are processed for 5 years from the end of the calendar year in which the tax payment deadline expired.
  2. Marketing data (newsletter) is processed until consent is withdrawn.
  3. Data related to contact enquiries – for a maximum of 6 months.
  4. Data for the purpose of pursuing claims – for 3 or 6 years depending on the nature of the claims.

§7 Data Recipients

Personal data may be transferred to entities that provide services to the Administrator, such as:

  1. Website hosting.
  2. IT systems service, including newsletter automation, order processing.
  3. Accounting services.
  4. Broker of courier services and dropshipping.

Data may be processed outside the European Economic Area, in accordance with European Commission Decision 2021/914 on standard contractual clauses.

§8 Data Administrator's Fanpage on Social Media

The data administrator is a co-administrator of the data of its followers on the stitche.pl fanpage in social media. In the remaining scope, the data administrator is Shopify.

§9 Data Subject Rights

Data subjects have the right to:

  1. Access to the content of your data.
  2. Correcting data.
  3. Deletion of data, unless archiving regulations apply.
  4. Transferring data if the processing is based on a contract or consent.
  5. Withdrawal of consent to data processing.
  6. Object to data processing.
  7. Data processing control.

The data subject also has the right to lodge a complaint with the Office for Personal Data Protection (UODO), ul. Stawki 2, 00-193 Warsaw.

§10 Final Provisions

In the event of a change to the Privacy Policy, the Administrator will implement appropriate modifications, which will be effective within 14 days of publication on the stitche.pl website.