Privacy Policy

The personal data controller responsible for their processing is:

Maciej Rogulski
Jana Kasprowicza 12d
Lodz 92-781
Poland
rodo@kokietki.pl

Thank you for your interest in our online store. Protecting your privacy is very important to us. Below you will find detailed information on how we handle your data.

1. Access data and hosting

You can visit our websites without providing any personal data. Each time you access a website, the server automatically saves only so-called server log files, such as the name of the requested file, your IP address, the date and time of the request, the amount of data transferred, and the requesting internet service provider (so-called access logs), and documents the page access. This data is analyzed solely to ensure the proper functioning of our website and to improve our offer. This serves to safeguard our legitimate interest in the optimal and correct presentation of our websites and offers, in accordance with Article 6 (1) (f) of the GDPR.

Hosting

2. Collection and processing of data for the purposes of contract execution and contact

2.1 Data processing for the purposes of contract performance

We also use an external merchandise management system to process orders and fulfill contracts. Our service providers provide these services to us under a data processing agreement. If you have any questions about our service providers and the basis of our cooperation with them, please contact us. Their contact details can be found in the section "Our Contact Details and Your Rights."

2.2 Customer account

If, in accordance with Article 6(1)(a) of the GDPR, you consent to the creation of a customer account, we will process your personal data required for this purpose. This data will also be used for future orders on our website. Your customer account can be deleted at any time. To do this, please send a message to our contact address provided in the section "Our Contact Details and Your Rights" or use the appropriate function in your customer account settings. After deletion of your customer account, the processing of your data will be restricted, and after the retention periods specified in tax regulations and the Accounting Act have elapsed, the data will be deleted (Article 6(1)(c) of the GDPR), unless you expressly consent (Article 6(1)(a) of the GDPR) to the further use of this data or, in accordance with applicable law, we reserve the right to continue using the data for other purposes, of which we inform you in this privacy policy.

2.3 Data processing for contact purposes

As part of customer communication, we process personal data to process your enquiries (Article 6, Paragraph 1, Letter b GDPR). You provide this data voluntarily when contacting us (e.g., via a contact form or email). Mandatory fields are marked as such because they contain data required to process your enquiry. The data collected is clearly visible in the forms. Once your enquiry has been fully processed, your data will be deleted, unless you expressly consent (Article 6, Paragraph 1, Letter a GDPR) to further use the data for other purposes or we reserve the right to further use it in legally permitted cases.

Live Chat Tawk.to

When you use the chat tool to contact us Tawk.To, the data provided voluntarily (name, e-mail address, message content) will be processed by us in order to respond. The above serves to pursue our legitimate interests (Article 6, paragraph 1, letter f of the GDPR) consisting in ensuring effective communication. The tool is provided by an external service provider (Tawk.to inc.)

3. Data processing for the purpose of delivery

To fulfill the contract (Article 6, Section 1, Letter b of the GDPR), we transfer your data to the shipping company selected in the order. Contact details for inquiries about service providers can be found in the section "Our Contact Details and Your Rights."

4. Data processing for the purpose of payment processing

In order to process payments, we cooperate with external service providers handling e-payments and transfer data to the selected payment operator (Article 6, paragraph 1, letter b of the GDPR).

Data processing for the purpose of fraud prevention and payment optimization

In certain situations, we provide service providers with additional information for anti-fraud purposes and billing optimization (Article 6, paragraph 1, letter f, GDPR).

5. Marketing channels: e-mail

After subscribing to the newsletter, we will send you a newsletter based on your consent (Article 6, Section 1, Letter a of the GDPR). You can unsubscribe at any time (link in the footer or contact us). After unsubscribing, we will delete your email address unless you provide new consent or the law permits further use of your data.

Sending an invitation to leave a review of products,

Within a few days of receiving your shipment, our system may send a request for a review of your purchased products to the email address you provided during the order process. Invitations are sent exclusively through our online store management system. Personal data is not shared with third parties. Adding a review is entirely voluntary, and the reviews received are used solely to improve our offerings and help other customers choose products.

6. Cookies and similar technologies

6.1 General information

7. Use of cookies and similar technological tools

We use external tools – generally based on consent (Article 6, paragraph 1, letter a of the GDPR). Once the purpose has been achieved, the data is deleted. Details below.

7.1 Use of Google services

Google Tools (Google Ireland Ltd.). Data may be transferred to Google LLC (USA). Depending on the tool, processing may be entrusted to the data controller or jointly controlled (Art. 26 GDPR). Google Policy: policies.google.com/privacy.

Google Analytics

Behavioral analytics; the IP address of EU users is first processed in the EU to determine location, then deleted. Google Signals and data sharing settings can be enabled. Without consent, no Analytics cookies and no processing in this regard will occur.

Google Ads

Remarketing and conversion tracking. Without consent, cookies cannot be saved/read; statistical gaps can be modeled based on technical data.

Google reCAPTCHA

Form protection against spam/abuse (JS scripts, cookies). Form field content is not read or saved.

Google Fonts

Ensuring typographic consistency ("Google Fonts" script).

YouTube Video Plugin

Integration of video content; during playback, Google processes technical data of the visit.

7.2 Use of Facebook services

Facebook Pixel

Facebook Pixel (Meta Platforms Ireland Ltd.) – measurement, remarketing, extended data matching (email/phone hash). Data may be linked to your Facebook account and used to personalize ads. Details in Meta's privacy policy.

Facebook analytics tools

Activity statistics (Facebook Business). Processing based on entrustment.

Facebook Ads (ad management)

Advertising campaigns, audience groups (Custom Audience), remarketing (Pixel Remarketing), conversions (Pixel Conversions).

8. Social media

8.1 Social media plug-ins: Facebook (by Meta), Instagram (by Meta), Pinterest

Plugins as HTML links – when clicked, a new tab with the website opens.

8.2 Our activity: X (formerly Twitter), Instagram (by Meta), YouTube

With the consent of the services, data may be processed for analytics and marketing purposes by individual platforms. Privacy policies: X, , Instagram, , YouTube.

9. Our contact details and your rights

9.1 State law

Persons whose data are processed have the rights of: access (Article 15), rectification (Article 16), erasure (Article 17), restriction (Article 18), portability (Article 20) and complaint to the Personal Data Protection Office (Article 77).

9.2 Contacting us

In matters relating to the collection, processing and use of personal data, requests for information, rectification, restriction, deletion of data, withdrawal of consent or objection – please contact the data controller indicated at the beginning.