Website privacy policy

I. Administrator's privacy policy

1. The administrator's privacy policy is information about processing personal data and other information relating to users the website , (called hereinafter the "Party"). In this privacy policy, the administrator has included at the same time, all information that data subjects apply to, should receive in accordance with the GDPR.

2. The privacy policy contains information on data processing obtained by the Website.

II. Personal Data Administrator

The administrator of Personal Data of the Website users is Grażyna Osiecka-Jaśkiewicz, running a business GoFashionDesigner, NIP 812 126 70 25, ul. Szczesliwicka 68/5, 02-353 Warsaw, managing the online store located at

You can contact the data administrator:

- at the correspondence address ul. Szczęśliwicka 68/5, 02-353 Warszawa

- at the e-mail address

III. Purposes, legal bases and time of data processing

A. Operation of the Site

1. In order to provide the Website's service, the service provider processes:

a) Information on the user's device to provide correct operation of the services: computer IP address, information contained in cookies or other similar technologies, data on session, web browser data, device data, data regarding activity on the Website, including individual subpages;

b) Information about geolocation, if the user has consented to access service providers for geolocation. Information about geolocation is used to provide you with more customized product offers i services.

2. This information does not contain data on the identity of users, but when combined with other information they may constitute personal data and in therefore, the administrator provides them with the full protection afforded to GDPR.

3. These data are processed in accordance with Art. 6 sec. 1 lit. b GDPR, in order to provision of the Website's service, i.e. the contract for the provision of electronic services and in accordance with Art. 6 sec. 1 lit. a GDPR in connection with the consent to the use of certain cookies or other similar files technologies, as expressed by appropriate browser settings Internet in accordance with the Telecommunications Law or in connection with the expression consent to geolocation. The data is processed until completion your use of the Website.

4. The content of the correspondence and information about the contact obtained via the contact form is processed for the time necessary to complete the process user matters, including sending marketing information about the products or services you choose, and for no longer than 3 months after settling the case for archiving purposes, if the need to defend against any claims against the administrator. These data will then be processed in order to provide the form service online contact, provided electronically (art.6 par.1 lit.b GDPR).

5. In the scope of sending commercial information by electronic means or direct marketing using telephone data terminal equipment will be processed on the basis of consent given by express action confirming by completing the appropriate field to enter e-mail address or telephone number in the contact form (Art.6 para. 1 lit. and in connection with with art. 4 point 11 of the GDPR).

B. The process of making purchases on the website

1. Data related to the purchase of items are stored for a period of 30 days from making a purchase.

2. When placing an order, the User is asked to provide data necessary to complete the order.

3. When placing an order, the User is asked to provide it the following data:

a) name and surname or name of the company / institution - necessary to issue sales document and address of the shipment;

b) address (street, house number / or house and apartment number, zip code and city) - necessary to address and send the package;

c) e-mail - necessary for communication related to the implementation of the contract;

d) telephone number - necessary in the case of choosing some delivery methods (required by carriers).

4. In the event that the Customer chooses to issue an order when placing an order a sales document for data other than those indicated when placing the order, is additionally asked to provide:

a) name and surname or name of the company / institution - necessary to issue proof of sale;

b) address (street, house number / or house and apartment number, zip code and city) - necessary to issue a proof of sale;

5. The data provided when placing the order are processed by and the following entities in the following scope:

a) name and surname, address, telephone number, e-mail address indicated as the delivery address are handed over to shipping companies in the form of a label / consignment note which is also an order for delivery of the parcel depending on selected type of shipment will be forwarded to the selected carrier;

b) name and surname, address, tax identification number (NIP) indicated as the data to be entered the issued sales document are transferred in the form of a document sales to the accounting system.

6. In case of using external payment payment system, all data provided after switching to the operator's website payments remain registered only in its database and are not in any way way available or stored by

7. The data is stored for 5 years from the end of the year calendar following the year in which the document was issued sale, in accordance with applicable time regulations storing accounting documents.

C. Personal data protection system

1. The Personal Data Administrator has applied technical measures and organizational ensuring protection of processed data in accordance with requirements set out in applicable data protection laws personal. In particular, the following were considered: The Act of May 10, 2018 on protection of personal data (Journal of Laws 2018, item 1000), Minister's regulation Of Internal Affairs and Administration of April 29, 2004 in the case documentation of personal data processing and technical conditions i organizational requirements that should be met by devices and systems information technology for the processing of personal data (Journal of Laws No. 100, item 1024); Regulation (EU) 2016/679 of the European Parliament and of the Council with on 27 April 2016 on the protection of natural persons in connection with processing of personal data and on the free movement of such data data and repealing Directive 95/46 / EC.

2. We collect and process only the necessary personal data and through the shortest possible time, and for all activities not related to implementation of the purchase and sale agreement, the user must give separate consent.

3. Only authorized persons have access to the user's personal data trained in the protection of personal data, guaranteeing them safety.

4. IT system and procedures in-house meet all standards of personal data protection.

5. The Personal Data Administrator thus complied with all the laws provided obligations regarding the protection of personal data.

D. Complaints

1. In order to consider complaints, the service provider processes personal data users submitting complaints, in particular e-mail address, name, the content of the complaint, the circumstances of the event giving rise to the complaint, information obtained in the course of considering the complaint, including clarification the event giving rise to it. In the course of considering the complaint the service provider may process a variety of other information, including name and user's name, information about the user's use of services, cookies or other similar technologies, information about devices.

2. These data are processed in accordance with Art. 6 sec. 1 lit. b GDPR, in order to provision of the Website's service, i.e. the contract for the provision of electronic services in accordance with the regulations and are processed for the time necessary to consideration of the complaint and no longer than 3 months after completion complaint procedure for archiving purposes, if necessary defend against possible claims against the service provider in accordance with the information below.

E. Explanatory proceedings, pursuing claims

1. In the event of undertaking an investigation into possible violation of the provisions of the regulations or provisions of law, rules social coexistence or good manners, conduct in order pursuing claims by the administrator or by other users or entities, defense against claims of users or other entities, the administrator may process the personal data of certain users up to the end of the pending proceedings and the deadline limitation of the administrator's claims against the user, which usually is 3 years according to the Civil Code, but in special cases provided for by law may be longer.

2. If the administrator needs to pursue claims or defending against claims, the administrator may process personal data specific users included in the online contact form pending completion of the pending proceedings and until the expiry of the limitation period administrator claims against the user, which is usually 3 years in accordance with Art. 118 of the Civil Code, but in special cases provided for by law may be longer.

3. In the event that personal data that is not provided is provided necessary for the performance of a contract or a legal obligation, e.g. in correspondence, in forms of withdrawal from the contract, warranty or guarantee the data will be immediately deleted or made anonymous and will not be processed.

4. If personal data will be processed in order to pursue claims of others users, the data may be made available for this purpose to another user or entity or authorized by law public authority, e.g. courts, police, prosecutor's office.

5. The data will then be processed, including made available in accordance with Art. 6 paragraph 1 lit. c GDPR, i.e. to fulfill the obligation resulting from legal provisions regarding the obligation to consider complaints, in accordance with the act on the provision of electronic services or in accordance with art. 6 sec. 1 lit. f GDPR, i.e. in the legitimate interest of the administrator consisting in pursuing your claims against the user. Legally the legitimate interest of the administrator will then be an overriding goal the rights and freedoms of the recipient.

F. Service usage statistics

1. In order to improve the quality of its services, the controller processes information statistical information on the use of the Website, including session information, IP number, amount of time spent on individual pages i subpages, use of individual service functionalities, information about the device and web browser. The administrator uses cookies or other similar technologies and tools Analytics statistical data provided by

2. These data are processed in accordance with Art. 6 sec. 1 lit. f GDPR in law the administrator's legitimate interest in facilitating use on the part of improving the quality and functionality of the services provided, a the processing of these data does not violate the rights and freedoms of users. Information about users is not used in any additional purposes, and due to the specificity of the website service customizing the way the page content is displayed, making it easier using the website and improving the quality of website services website is not only a market standard, but also an expectation users against website providers.

3. Moreover, the user may at any time withdraw his consent via changing the web browser settings in terms of admissibility the use of cookies or other similar technologies.

4. These data are processed as part of the controller's ongoing activities, but not longer than 60 days from receiving the information. After this time the controller may further process general statistical data as will devoid of any individual information users.

5. The period of availability of statistical data in the Analytics tools provided by may be longer, however 60 days, but it is beyond the administrator's decision. The administrator will no longer use them, but will have them potential access to them until they are removed by the provider of the above-mentioned tools.

G. Marketing and PR activities of the administrator

On the Website, the administrator may post marketing information about his own products or services. The display of this content is made by administrator in accordance with art. 6 sec. 1 lit. f GDPR, in accordance with the law legitimate interest of the administrator consisting in publishing the content related to the services provided and the content of promotional campaigns in which the administrator is involved. At the same time, this action does not infringe the rights and user freedom, users expect to receive content similar content, and sometimes they even expect it or it's theirs the direct purpose of visiting the Website.

H. Marketing activities of other products or services

1. The administrator may also post marketing information regarding products or services of its contractors with whom it has concluded a contract for cooperation in the field of marketing.

2. Displaying these contents is made by the administrator in accordance with art. 6 sec. 1 lit. f GDPR, in accordance with the legitimate interest administrator consisting in product marketing activities or services of their contractors. At the same time, this action does not violate the rights and the freedom of users, especially because of the sporadic nature of these actions, and users expect to receive similar content content due to the subject of the Website. The user has the right to report object to the processing of his personal data for purposes marketing.

IV. Recipients of user data

1. The administrator discloses personal data of users only to entities processors under concluded data processing agreements personal data for the purpose of providing services to the administrator, e.g. hosting and operation of the Website, IT services, marketing and PR services, legal services and consultants, couriers and carriers to ship the ordered goods.

2. Personal data contained in the online contact form are disclosed only entities processing data for the administrator on on the basis of a written contract for entrusting the processing of personal data providing website hosting or service, IT service, marketing and PR.

V. Sending personal data to third countries

Personal data will not be processed in third countries.

VI. Rights of persons whose personal data relates

1. Every data subject has the right:

a) access - obtain confirmation from the administrator, whether her personal data is processed. If the data about the person is processed, it is entitled to access and obtain them the following information: about the purposes of processing, data categories personal data, recipients or categories of recipients to whom the data has been or will be disclosed about the period of data storage or the criteria for them determining the right to rectify, delete or limit processing of personal data due to the data subject and to object to such processing (Article 15 of the GDPR);

b) to receive a copy of the data - to obtain a copy of the data subject to processing, the first copy is free, and for the administrator may impose a reasonable fee for subsequent copies, resulting from administrative costs (Article 15 (3) of the GDPR);

c) to be rectified - requests for rectification concerning her personal data that is incorrect or incomplete data (Article 16 of the GDPR);

d) to delete data - request to delete its data personal data, if the controller no longer has a legal basis for them processing or the data is no longer necessary for the purposes of the processing (Art GDPR);

e) to restrict processing - request restriction processing of personal data (Article 18 of the GDPR) when:

¾ the data subject questions the accuracy of the personal data - for a period allowing the administrator to check the correctness of this data;

¾ the processing is unlawful and the data subject, opposes their removal, requesting restriction of their use;

¾ the administrator no longer needs these data, but they do the data subject to establish, assert or defend claims;

¾ the data subject has objected to the processing - to time to determine whether there are legitimate grounds on the side the administrator overrides the grounds for objection of the data subject relate to;

f) to transfer data - receive in a structured, commonly used, readable format machine personal data concerning her that she provided administrator, and requests to send this data to another the administrator, if the data is processed on the basis of the consent of the person, to whom the data relate, or the contract concluded with it, and if the data is processed in an automated manner (Article 20 of the GDPR);

g) to object - to object to the processing of her personal data for the legitimate purposes of the administrator, for reasons related to her particular situation, including profiling. Then, the administrator assesses the existence of valid, legitimate grounds for processing, overriding the interests, rights and freedoms of data subjects, or the grounds for establishing, investigating or defending claims. If, according to the assessment, the interests of the data subject are more important than those of the controller, the controller will be obliged to stop processing the data for these purposes (Article 21 of the GDPR);

h) to withdraw consent at any time and without giving it the reasons, but the processing of personal data carried out before the withdrawal consent is still legal. Withdrawal of consent will result cessation of the processing of personal data by the administrator for the purpose of which consent was given.

2.To exercise the above-mentioned rights, the data subject, should contact, using the contact details provided, with administrator and inform him of which rights and to what extent he wants to use.

VII. Cookies

1. To facilitate the use of the Website, "cookies" are used, ie small text files that a website places on disk the user or in their browser. A cookie usually contains a name the website it comes from, its lifetime and randomly generated unique number used for identification the browser used to connect to the website.

2. uses cookies in the following purposes:

Ø providing access to the services you are looking for on the Site;

Ø improving the Website and the services provided;

Ø ensuring security on the Website;

Ø better presentation of services for marketing purposes.

3. For the implementation of the service, there are cookies:

Ø Necessary for the proper functioning of the website or functionality, z which you want to use;

Ø functional, which allow for the analysis of how the user is uses the Website, e.g. what links he clicks on and what settings the browser uses;

Ø advertising / business that allow you to better assess the effectiveness of activities advertising and marketing. These cookies come from partners, z whose services uses for analyze and track visits to the Site and the effectiveness of the use ads. The administrator does not share personal data with the suppliers of these services except for data collected directly by cookies advertising / business. Data collected in this way can be combined with data otherwise collected by suppliers. Such external processing will be subject to the privacy policies of the partners.

4. If the user leaves a comment on the Website, he will be able to choose an option save your name, email address and website address in cookies, thanks to which when writing further comments the above the information will be conveniently completed. These cookies will last for a year.

5. Articles on this Site may contain embedded content (e.g. videos, pictures, articles etc.). Embedded content from other websites behaves as if the user visited a specific one directly site. Sites can collect information about the user, use cookies, attach additional external tracking systems and monitor interactions with embedded material, including tracking interactions with an inmate material if the user has an account and is logged in to that account site.

6. Necessary cookies are closely related to the operation of the Website and they allow incl. for correct page display. Opt-out: Can be configured browser in such a way that it does not use any cookies. Resignation may have a negative impact on the operation and functionality of the Website.

7. Functional cookies: The website uses Google Analytics provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google will analyze the use of Pages by users, which will allow for its improvement. Information collected by Google in connection with the use of the Website (e.g. visited subpages, language settings, operating systems used) will be sent to a Google server located in the USA, where they will be stored and analyzed. Relevant results will then be shared the administrator in an anonymised form. The collected data will not associated with the user's full IP address as part of this process. also Google is an organization certified under the agreement between the EU and the US confidentiality agreement (EU-US Privacy Shield), which guarantees the maintenance an adequate level of data protection with regard to data processing by Google in the US. Additional information about the Google Analytics service is provided available on the pages of Google Analytics Terms of Use (terms of use services), Privacy and Data Protection Guidelines of Google Analytics ( privacy and data protection) and Google Privacy Policy (regulations privacy). Opt-out: You can download and install the plugin in your browser allowing you to disable Google Analytics cookies.

8. Advertising / business cookies: The website uses Google AdWords for the purpose advertising of products and services w The Internet. Adwords will display ads on others you visit by pages based on what part of the Website they have read user. For this, cookies will be used, which will remain placed on the user's device. These cookies in no way allow to be identified user or to access the user's device. Opt-out: W To opt out of these cookies, click on the Google's Ads link Settings and follow the instructions.

VIII. President of the Personal Data Protection Office

The data subject has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Office for Personal Data Protection with its seat in Warsaw, ul. Stawki 2, which can be contacted as follows way:

a) by post: ul. Stawki 2, 00-193 Warsaw

b) via the electronic inbox available on the website

c) by phone: (22) 531 03 00.

IX. Changes to the privacy policy

1. The privacy policy may be supplemented or updated in accordance with the current needs of the administrator in order to provide current and reliable information to users regarding their personal data and information about them. Users will be informed about any changes to the privacy policy on the Website.

2. This privacy policy is valid from January 2019.

X. Legal acts referred to in the clause

1. GDPR - Regulation of the European Parliament and of the Council (EU) 2016/679 z on 27 April 2016 on the protection of natural persons in connection with processing of personal data and on the free movement of such data data and repealing Directive 95/46 / EC (Journal of Laws UE L 2016 No. 119, p. 1);

2. The Act of May 10, 2018 on the protection of personal data (Journal of Laws 2018, item 1000),

3. Art. 8 of the Act of July 18, 2002 on the provision of electronic services (ie Journal of Laws of 2017, item 1219 as amended);

4. Art. 118 et seq. Of the Act of 23 April 1964 - Civil Code (ie Journal of Laws of 2018, item 1025, as amended).

5. Art. 173 par. 2 of the Act of July 16, 2004 Telecommunications Law (i.e. Journal of Laws of 2017, item 1907 as amended).