Privacy Policy

General Information

This document sets out the rules of the Privacy Policy in the Online Store (hereinafter referred to as the “Online Store”).

The Administrator of the Online Store is Loft Shop Manufacture Krystian Dymkowski, with its registered office in Nadolice Wielkie, ul. Wrocławska 15, 55-003 Nadolice Wielkie, NIP: 898 202 51 11, REGON: 020786893.

Words capitalized have the meaning assigned to them in the Regulations of this Online Store.

Personal data collected by the Administrator of the Online Store are processed in accordance with the provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR.

The Administrator of the Online Store makes every effort to protect the privacy and information provided by the Clients of the Online Store. The Administrator exercises due diligence in selecting and applying appropriate technical and organizational measures to ensure the protection of processed data, in particular securing data against unauthorized access, disclosure, loss, destruction, unauthorized modification, or processing in violation of applicable laws.

The services available on the website (in particular the ability to place an order) are not intended for persons under 16 years of age. The Administrator does not intentionally collect data concerning persons under 16 years old.

Personal Data

Data Controller

The controller of your personal data is:

Loft Shop Manufacture Krystian Dymkowski

ul. Wrocławska 15, 55-003 Nadolice Wielkie

You may contact the Data Controller regarding your personal data via:

  • Email: [email protected]

  • Post: ul. Wrocławska 15, 55-003 Nadolice Wielkie

  • Phone: +48 790 528 555

Purposes and Legal Basis of Data Processing

The Administrator processes your personal data for the following purposes and to the following extent:

 

  • To take action prior to concluding a contract at your request (e.g., creating an Account) — such as your email address and password, gender; if you register while purchasing Goods, we collect your first and last name and the data necessary to fulfill the Order, such as shipping address.

  • To provide services not requiring an Account, such as browsing the website or using the search engine — we process data about your activity on the website, including products viewed, session data, operating system, browser, location, unique ID, and IP address.

  • To execute the sales contract, including the delivery of ordered Goods — we process personal data provided during purchase: name, email address, postal address, and payment data.

  • For statistical and security purposes — to analyze the use of the Store’s functionalities, improve usability, and ensure IT security, we process data regarding your activity, session length, search history, location, IP address, device ID, browser, and operating system.

  • To establish, pursue, and defend claims — we may process data provided during purchases or registration, as well as data necessary to prove claims or comply with legal obligations.

  • To handle complaints and inquiries — we process data provided in complaint forms, correspondence, or customer service messages, along with order-related data.

  • For marketing purposes, including remarketing — we process data provided in your Account and data about your activity (order history, search history, clicks, logins, communication interactions). In the case of remarketing, we use your activity data to reach you with marketing messages outside the Online Store, using external service providers.

  • To organize contests and loyalty programs — to send notifications about points, prizes, or promotional offers, using data provided in your Account and during registration.

  • To conduct market and opinion research — we process order data, account data, or email addresses. The data collected for these purposes are not used for advertising.

Categories of Processed Data

The Administrator processes the following categories of data:

  • Contact data

  • Data regarding activity in the Online Store

  • Order data

  • Complaint and request data

  • Marketing data

Voluntary Data Submission

Providing the required personal data is voluntary, but it is a condition for the provision of services by the Administrator through the Online Store.

Data Retention Period

Personal data are processed for the time necessary to fulfill orders, provide services, marketing activities, or other services performed for the Client. The data will be deleted when:

  • The data subject requests deletion or withdraws consent;

  • The data subject remains inactive for over 10 years;

  • It becomes known that the stored data are outdated or inaccurate.

Certain data (email address, name, surname) may be kept for up to 3 years for evidence purposes, complaint handling, and legal claims but will not be used for marketing.

Data related to paid orders, contests, or loyalty programs necessary for accounting will be retained for 5 years from the end of the tax year.

Data of non-logged-in Clients will be stored for the duration of cookie life or until deleted from the user’s device.

Your personal data related to preferences, behavior, and marketing content selection may be used as the basis for automated decision-making to determine sales opportunities in the Online Store.

Data Recipients

We share your personal data with:

  • Public authorities (e.g., Prosecutor’s Office, Police, PUODO, President of UOKiK) upon official request;

  • Service providers we use to operate the Online Store and fulfill orders — depending on contractual arrangements, they act on our behalf or determine their own processing purposes. The list of such providers is available on our website at: www.loft-shop.com

Your Rights under the GDPR

You have the right to:

  • Request access to your personal data;

  • Request rectification of your data;

  • Request deletion of your data;

  • Request restriction of processing;

  • Object to processing;

  • Request data portability.

The Administrator shall respond to your request without undue delay — and in any case within one month of receiving it. In complex cases, this period may be extended by up to two additional months, with an explanation provided within the first month.

Right of Access (Art. 15 GDPR)

You have the right to know whether your personal data are being processed and to obtain:

  • Access to your data;

  • Information on processing purposes, data categories, recipients, storage periods, your rights, complaint options, and safeguards for international transfers;

  • A copy of your personal data.

Requests should be sent to: [email protected]

Right to Rectification (Art. 16 GDPR)

If your data are incorrect, you may request their rectification or completion.

Requests should be sent to: [email protected]

If you have an Account, you may correct or update your data after logging in.

Right to Erasure (“Right to be Forgotten”) (Art. 17 GDPR)

You have the right to request the deletion of your personal data when:

  • They are no longer necessary for the purposes they were collected;

  • You withdraw consent;

  • They were processed unlawfully;

  • You object to processing for direct marketing purposes;

  • You object to processing carried out in the public interest or under legitimate interest.

Even after deletion, the Administrator may retain your data to establish or defend legal claims.

Requests should be sent to: [email protected]

Right to Restrict Processing (Art. 18 GDPR)

You may request restriction of processing when:

  • You contest the accuracy of the data;

  • Processing is unlawful and you oppose erasure;

  • The data are no longer needed but are required to establish or defend claims;

  • You object to processing pending verification of legitimate grounds.

Requests should be sent to: [email protected]

Right to Object (Art. 21 GDPR)

You may object at any time to the processing of your data, including profiling, related to:

  • Processing in the public interest or under legitimate interest;

  • Direct marketing purposes.

Requests should be sent to: [email protected]

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, machine-readable format and to transmit them to another controller. You may also request direct transfer between controllers, if technically feasible.

Requests should be sent to: [email protected]

Right to Withdraw Consent

You may withdraw your consent to data processing at any time. Withdrawal does not affect the legality of prior processing.

Requests should be sent to: [email protected] or through your Account settings.

Right to Lodge a Complaint

If you believe your data are processed in violation of the GDPR, you have the right to lodge a complaint with the supervisory authority — in Poland, this is the President of the Personal Data Protection Office (PUODO).