1. General information & Controller

1. This Policy applies to the website: en.urbanowiczhaft.pl.
2. The website operator and personal data controller (the “Controller”) is:

   Sport Fashion Mode Teresa Urbanowicz
   Trzebnicka 52, 50-231 Wrocław, Poland.

3. Support e-mail: pomoc@urbanowiczhaft.pl
4. We process data you provide voluntarily on the website as well as data collected automatically during use of the service.

2. Categories of personal data

• Identification & contact: first name, last name, e-mail address, phone number.
• Order & delivery: shipping address, billing address, company name, tax/VAT ID (if provided).
• Transaction details: product names, quantity/size, order value/price, currency, country of order, payment status, order history.
• Newsletter & marketing preferences: consents, subscription status.
• Technical data: IP address, timestamps, device/browser information, cookies and similar identifiers.

3. Purposes & legal bases of processing

Depending on the activity, we process your data under Article 6(1) GDPR on the following bases:

• Performance of a contract or steps prior to entering into a contract — order placement, payment handling, shipping, customer service.
• Legal obligation — accounting and tax regulations, handling complaints/returns according to applicable law.
• Legitimate interests — website security, prevention of abuse/fraud, basic statistics, direct marketing of our own products (where allowed).
• Consent — newsletter subscription, certain analytics/marketing cookies and remarketing (you may withdraw consent at any time without affecting prior processing).

4. Recipients & processors

Where necessary to perform a contract or meet legal duties, we may transfer data to the following categories of recipients:

• Hosting provider (processor): JCHost.
• Couriers / delivery: DPD, DPD Pickup, FedEx, UPS, Poczta Polska.
• Payment operators: payment service providers used in our store (as applicable).
• Newsletter & marketing automation: Benhauer S.A. (SALESmanago).
• Advertising & analytics vendors: Google (Google Analytics / Google Ads), Meta (Facebook Pixel).
• Authorised employees and contractors supporting store operations (IT, fulfilment, marketing) under confidentiality/data processing arrangements.

International transfers

Some vendors may be located outside the EEA. Where such transfers occur, they rely on appropriate safeguards (e.g., Standard Contractual Clauses). Details are available in vendor policies and, for cookies, in the consent interface.

5. Retention periods

• Orders & accounting data: retained for 6 years (or longer if required by law).
• Contact form / enquiries: up to 12 months from the last meaningful interaction.
• Marketing (newsletter): until consent is withdrawn or up to 3 years from the last interaction — whichever occurs first.
• Cookies & similar identifiers: according to browser settings and cookie categories (typically up to 24 months for analytics/ads cookies).

6. Data protection methods

1. SSL/TLS for login and personal data entry points.
2. Database encryption (access only with Controller-held keys).
3. Passwords stored using one-way hashing.
4. Periodic rotation of administrative passwords.
5. Regular backups.
6. Regular updates of all software components used to process personal data.

7. Hosting

The website is hosted on servers of JCHost.

8. Information in forms

1. We collect information provided voluntarily by the user, including personal data.
2. We may store connection parameters (timestamp, IP address).
3. In some cases, for technical reasons, your e-mail may appear within the URL of a page containing a form.
4. Data submitted via forms are used solely for the explicit purpose described next to each form (e.g., service request handling, commercial contact, service registration).

9. Administrator logs

Information about user behaviour on the website may be logged and used for administration and security purposes.

10. Analytics & marketing technologies

1. 1. Statistical analysis and analytical tools
      The Operator uses analytical tools such as Google Analytics (Google Ireland Ltd. and Google LLC in the USA) to analyze website traffic. This tool uses cookies stored on the user’s end device. When using Google Analytics, personal data may be processed, and the Operator may transfer it to the service provider to the extent necessary to perform the analysis. You can manage your Google advertising preferences at: https://www.google.com/ads/preferences/ For more information on how Google processes data, please visit: https://policies.google.com/technologies/partner-sites
   2. Advertising, remarketing, and marketing activities
      Users’ personal data may be used for marketing activities, such as:
      – displaying ads tailored to the user’s interests,
      – targeting ads to specific audiences (remarketing),
      – analyzing the effectiveness of advertising campaigns,
      – creating advertising audience lists (e.g., Customer Match) within advertising systems, in particular Google Ads.
      The operator does not provide advertising providers with personal data in a form that allows them to be used independently – the exception is encrypted data necessary for the provision of the service, which is provided only with the user’s consent.
   3. Sharing data with third parties
      Users’ personal data may be shared with marketing and analytics providers (e.g., Google Ireland Ltd.) to the extent necessary to display personalized ads, conduct marketing campaigns, and measure their effectiveness. These entities process data in accordance with applicable laws and their own privacy policies.
   4. Facebook pixel and other tracking technologies
      The operator uses the Facebook pixel (Meta Platforms Ireland Ltd.). This technology informs Facebook that a user registered with it has visited the Website. Facebook processes this data as its controller. The operator does not transfer any additional personal data to Facebook other than the technically necessary information resulting from cookies.
   5. Heat maps and user behavior analysis
      The operator uses tools to analyze user behavior on the website (e.g., heat maps, session recordings). The information transmitted is anonymized before being sent to the service provider. Data such as passwords or sensitive fields are not recorded.
   6. Automation of marketing activities
      The operator uses tools that automate communication with users, e.g., sending emails after visiting a specific subpage. These functions are only active for users who have agreed to receive commercial correspondence.
   7. User consent as the basis for processing
      The basis for the processing of personal data for marketing, analytical, and advertising purposes is the user’s consent. Consent may be given by actively accepting the settings in the cookie banner or by selecting the appropriate consents when using the Website. The user may withdraw their consent at any time – withdrawal of consent does not affect the lawfulness of the processing that was carried out before its revocation.
   8. Data processing in Google Ads / Customer Match
      As part of its advertising activities, the Operator may send encrypted contact details (e.g., email address) to Google’s advertising systems in order to create lists of advertising recipients (Customer Match).The data is encrypted before being sent, and Google uses it solely to match advertisements to recipients who have given their consent.
   9. Cookies
      The use of the above services requires cookies to be enabled. You can manage your cookie settings in your browser or through the consent panel available on the Website.

11. Cookies

1. Our website uses cookies (small text files stored on your device).
2. Cookies typically contain the website name, storage duration, and a unique identifier.
3. Cookies are set and accessed by the website operator and, where applicable, by our partners (Google, Meta, etc.).
4. We use cookies to:
   1. maintain user sessions after login, and
   2. support analytics and advertising features described above (subject to your consent where required).
5. Types:
   • Session cookies — deleted when you log out/leave the site/close the browser,
   • Persistent cookies — stored for a defined period or until you delete them.
6. Your browser usually allows cookies by default. You can change settings, delete or block cookies (see vendor help pages).
7. Disabling essential cookies may affect certain functionalities of the website.

12. Manage cookies

You can manage cookies in your browser settings. Disabling cookies necessary for authentication, security or preference storage may hinder or prevent use of the website.

Help pages:
Edge ·
Chrome ·
Safari ·
Firefox ·
Opera

Mobile:
Android (Chrome) ·
iOS (Safari)

Open cookie settings (if available).

13. Children’s data

Our website and services are not intended for persons under 16 years of age. We do not knowingly collect data from children under 16.

14. Your rights

You have the right to request: (i) access to your data, (ii) rectification, (iii) erasure, (iv) restriction of processing, and (v) data portability. You may object to processing based on our legitimate interests (including profiling). We will cease such processing unless we demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or for the establishment, exercise, or defence of legal claims.

Providing personal data is voluntary but necessary to use certain features of the website and to conclude/perform a contract (orders, shipping, invoicing).

15. Supervisory authority & complaints

You may lodge a complaint with the Polish supervisory authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

16. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date indicates the latest version. We publish changes on this page (no e-mail notification is required).

17. Contact details

This page is provided for information purposes and should be adjusted to reflect your specific setup (payment providers, cookie categories, retention schedules). Consider obtaining legal review.