background

WEBSITE PRIVACY POLICY

WWW.WALDIN.PL



1. The website administrator www.waldin.pl exercises the utmost care to ensure the protection of personal data of Users visiting this website. It guarantees that data processing is carried out in accordance with applicable legal regulations, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council (the "GDPR"), respecting the principles of transparency, fairness, and security.

2. A User is a natural person using the website, including those acting on behalf of and for the benefit of a legal entity or an organizational unit without legal personality.

3. This privacy policy explains the principles and scope of the User’s personal data processing, their rights, as well as the obligations of the data administrator, and also provides information on the use of cookies.

4. The Administrator applies appropriate technical and organizational measures, including solutions ensuring a high level of personal data security adequate to the risk of violation of the rights and freedoms of the data subjects. These measures are intended to protect data against unauthorized access, loss, destruction, modification, or unlawful disclosure.


I. PERSONAL DATA ADMINISTRATOR


The administrator of your personal data is the entrepreneur Mr. Waldemar Zawada, conducting business activity under the company name: Waldin Kolekcja Dziecięca Waldemar Zawada, with registered office at: Rozbórz Długi 66B, Tax ID (NIP): 792-000-22-77 (hereinafter referred to as the “Administrator”). You can contact the Administrator regarding any matter related to personal data processing via the contact form available on the website: https://waldin.pl/pl/, by phone: +48 668 892 335, or by email: sklep@waldin.pl


II. PURPOSES AND LEGAL BASES FOR PERSONAL DATA PROCESSING


The Administrator processes Users’ personal data for the following purposes:

1. The Administrator processes Users’ personal data for the following purposes:

Users' personal data, including automatically collected data (IP address, identifiers, data obtained through cookies or similar technologies), are processed:

a) to provide services by electronic means, including content display and form availability – Art. 6(1)(b) GDPR;

b) to handle orders placed without registration – Art. 6(1)(b) GDPR;

c) to handle complaints and User inquiries – Art. 6(1)(b) GDPR;

d) for statistical, analytical, and reporting purposes – Art. 6(1)(f) GDPR (legitimate interest of the Administrator: improving service quality and tailoring services to User needs);

e) to establish, pursue, or defend against claims – Art. 6(1)(f) GDPR;

f) for marketing purposes of the Administrator or third parties (including contextual advertising) – Art. 6(1)(f) GDPR;

g) for direct marketing or behavioral (profiled) advertising – Art. 6(1)(a) GDPR (User's consent).

2. Account Registration on the Website

Personal data of Users who register an account on the Website are processed:

a) for account creation and management – Art. 6(1)(b) GDPR;

b) regarding additional data provided voluntarily – Art. 6(1)(a) GDPR (consent);

c) for statistical and analytical purposes – Art. 6(1)(f) GDPR;

d) for marketing purposes (e.g., contextual ads, newsletters) – Art. 6(1)(f) or (a) GDPR, depending on the nature of the activity;

e) to pursue or defend against claims – Art. 6(1)(f) GDPR.

3. Order Fulfillment

Personal data is processed:

a) for the purpose of accepting and fulfilling the order – Art. 6(1)(b) GDPR;

b) to fulfill legal obligations, in particular in the field of taxes and accounting – Art. 6(1)(c) GDPR in conjunction with the Accounting Act and tax regulations;

c) for analytical, statistical, and purchasing purposes – Art. 6(1)(f) GDPR;

d) to conduct customer satisfaction surveys – Art. 6(1)(f) GDPR;

e) to establish, pursue, or defend against claims – Art. 6(1)(f) GDPR.

4. Newsletter and Electronic Marketing Communication

Personal data (especially the email address) is processed:

a) for the purpose of sending commercial and marketing information regarding products, services, promotions, or news – based on the User’s consent, i.e., Art. 6(1)(a) GDPR, and based on:

  • Art. 10 of the Act on the Provision of Electronic Services,
  • Art. 172(1) of the Telecommunications Law;

b) to analyze the effectiveness of marketing campaigns – Art. 6(1)(f) GDPR.

Consent to receive the newsletter can be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5. Managing Social Media Profiles

The Administrator maintains social media profiles, including on Facebook, Instagram, TikTok, and YouTube. Data of individuals visiting these profiles (e.g., account name, comments, likes) is processed:

a) to enable User activity on the profiles and to conduct communication – Art. 6(1)(f) GDPR;

b) to promote the Administrator’s services, products, and brand – Art. 6(1)(f) GDPR;

c) for statistical and analytical purposes – Art. 6(1)(f) GDPR;

d) to pursue or defend against claims – Art. 6(1)(f) GDPR.

In the case of Facebook, data is also processed under joint controllership with Meta Platforms Ireland Ltd. Details: https://www.facebook.com/priva...

6. Contact with the User

Personal data is processed:

a) for the purpose of communication and responding to inquiries – Art. 6(1)(f) GDPR (legitimate interest of the Administrator);

b) if the contact concerns actions aimed at concluding a contract – Art. 6(1)(b) GDPR.

7. Conclusion and Execution of Contracts with Contractors/Institutions

The Administrator processes personal data of individuals representing contractors for the purpose of:

a) concluding and executing a contract – Art. 6(1)(f) GDPR, and for verifying representation authority – Art. 6(1)(c) GDPR;

b) handling complaints and inquiries – Art. 6(1)(b) and (f) GDPR;

c) fulfilling tax and accounting obligations – Art. 6(1)(c) GDPR.

8. Data of Contractor’s Personnel

Personal data of individuals acting on behalf of a contractor (e.g., contact persons, individuals carrying out orders) is processed:

a) for the proper execution of the contract – Art. 6(1)(f) GDPR;

b) for complaint handling and claims – Art. 6(1)(f) GDPR;

c) for tax and accounting purposes – Art. 6(1)(c) GDPR.


III. TYPE OF DATA


1. The Administrator processes the following personal data, the provision of which is necessary for:

a. Registering on the website:

  • first and last name;
  • email address;

b. Making purchases through the website:

  • first and last name;
  • gender;
  • delivery address;
  • phone number;
  • email address;

c. Data optionally provided by the User:

  • date of birth;
  • PESEL number (if requesting an invoice);
  • NIP number (if requesting an invoice for a business).

2. In the case of withdrawal from the contract or approval of a complaint when the refund is made directly to the User’s bank account, we also process information regarding the bank account number in order to process the refund.


IV. RIGHTS OF THE USER

  1. Right of access to data – The User has the right to request information from the Administrator at any time regarding the scope of processing of their personal data, including access to such data and information on, among other things, the purposes of processing, categories of data, data recipients, and the planned period of data storage.
  2. Right to rectification – The User has the right to request the correction or rectification of their personal data if it is incorrect or incomplete. The User may also make changes independently by logging into their account on the Website.
  3. Right to withdraw consent – If personal data is processed based on consent, the User has the right to withdraw it at any time, without giving a reason. Withdrawal of consent may apply to a specific purpose of processing (e.g., consent to receive commercial information) or all purposes for which consent was given. Withdrawal of consent for all purposes results in the deletion of the User's account on the Website along with all their personal data. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
  4. Right to erasure ("right to be forgotten") – The User has the right to request the deletion of their personal data without giving a reason. If this right is exercised, the User's account and all saved and processed personal data will be deleted. Deletion does not affect the lawfulness of processing that occurred before the request was fulfilled.
  5. Right to object to data processing – The User has the right to object to the processing of their personal data at any time, either entirely or in relation to a specific purpose. A valid objection may result in the deletion of the User's account and all stored personal data if further processing would breach the law or the Administrator’s interests. Objection does not affect the legality of earlier processing.
  6. Right to restrict processing – The User has the right to request a restriction on the processing of their personal data, either for a specific period or within a defined scope. The Administrator is obliged to comply with such a request, subject to exceptions provided by law. Restriction does not affect the legality of prior actions.
  7. Right to data portability – The User has the right to request that the Administrator transfers the processed personal data to another controller. To do so, the User should submit a relevant request indicating the recipient (name and address) and the scope of data to be transferred. The Administrator may require identity verification to ensure the security and authenticity of the request. The data will be provided in an electronic format, provided this is technically feasible.
  8. Right to information about actions taken in relation to requests – The Administrator shall inform the User about actions taken in relation to the exercise of the above rights, no later than within 1 month of receiving the request. In justified cases, this period may be extended by an additional 2 months, in which case the User will be informed.
  9. Right to lodge a complaint with the supervisory authority – The User has the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office, if they believe that the processing of their personal data violates GDPR provisions.


V. DATA RETENTION PERIOD

  1. Personal data is stored for the period necessary to achieve the purposes for which it was collected, including the performance of the contract, fulfillment of legal obligations incumbent on the Administrator, and for archiving and evidentiary purposes arising from civil and tax law regulations.
  2. In particular:
  3. data processed for the purpose of performing a contract with the User will be stored for the duration of the contract and for the period of limitation of claims arising from that contract, i.e., generally for 3 years from the end of the calendar year in which the commercial relationship ended;
  4. data related to the fulfillment of accounting and tax obligations will be stored for the period required by law (e.g., 5 years from the end of the financial year in which the tax obligation arose);
  5. data processed based on consent will be stored until the consent is withdrawn; withdrawing consent may also result in the deletion of the User’s account and associated personal data;
  6. User account data is stored until it is deleted – either at the initiative of the User (via a request, objection, or withdrawal of consent) or at the initiative of the Administrator (e.g., due to inactivity);
  7. data processed for marketing purposes (e.g., newsletter) will be stored until the consent is withdrawn or an objection to processing for this purpose is raised.
  8. The Administrator may retain data for a longer period if it is necessary to defend against or pursue claims – until the potential claims are time-barred.
  9. After the expiry of the indicated periods, personal data will be deleted or anonymized, unless further storage is justified by another legal basis.


VI. DISCLOSURE OF PERSONAL DATA

  1. The Administrator may share Users' personal data with external entities cooperating with the Administrator, solely to the extent necessary to fulfill the purposes defined in this Privacy Policy and in connection with the provision of services through the Service.
  2. Personal data may be shared, in particular, with the following categories of recipients:
  3. courier and logistics companies, for the purpose of delivering ordered goods,
  4. entities providing accounting and bookkeeping services,
  5. law firms, for the purpose of pursuing claims or defending against them,
  6. IT service providers, hosting companies, and technical infrastructure providers,
  7. operators of mailing and marketing systems – in the case of Users who have consented to receiving commercial information.
  9. The User may use online payments provided through external payment service providers. In order to facilitate the transaction, the Administrator may share the necessary personal data with these entities. The currently available payment operators are:
  10. Przelewy24 (PayPro S.A. based in Poznań),
  11. BLIK (Polski Standard Płatności sp. z o.o.),
  12. PayPo (PayPo sp. z o.o.),
  13. PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A.).

The choice of a specific provider is available during the order placement process. Each operator acts as an independent data controller and processes the data in accordance with its own privacy policy.

  1. Users' personal data is not shared with third parties for their marketing purposes, unless the User has given explicit and separate consent for this.
  2. In principle, Users' personal data is not transferred outside the European Economic Area (EEA). In cases where it is necessary to transfer data outside the EEA (e.g., when using services from providers based outside the EEA), the Administrator will ensure that such transfer occurs in compliance with applicable regulations, in particular based on appropriate security mechanisms, such as standard contractual clauses adopted by the European Commission.
  3. This Privacy Policy has been prepared based on Article 13(1) and (2) of the European Parliament and Council Regulation (EU) 2016/679 (GDPR).

VII. COOKIES AND SIMILAR TECHNOLOGIES

  1. The website waldin.pl uses cookies and similar technologies to ensure the proper functioning of the Service, analyze website traffic, and conduct marketing and advertising activities, including direct marketing.
  2. The User can manage cookies through the cookie consent bar that appears upon the first visit to the Service, as well as by changing the settings in their web browser.
  3. Cookies may be used primarily for remembering the User's preferences, analytical and statistical purposes, website functionality, and conducting marketing and advertising campaigns.
  4. The User has the ability to control and/or delete cookies at their discretion. They can delete all cookies stored on the device, configure the web browser to prevent their automatic storage, and also withdraw or change consent for cookies using the consent bar visible on the site. However, disabling cookies may cause some functionalities of the Service to stop working properly.

Google Analytics

This service by Google Inc. is an analytical tool that stores information in cookies to generate statistics regarding traffic to our Service. This feature is not essential for browsing but is used to monitor the performance of the website and improve it. By using Google Analytics, we do not process any personal data or other identifiers useful for indirect identification (e.g., IP address) of the individuals concerned. However, this does not mean that your personal data is not processed by Google Inc., the data controller of Google Analytics. The primary cookie used by Google Analytics is the _ga file. More information about the types of cookies used by Google Inc. can be found here:

https://policies.google.com/technologies/types?hl=pl

In addition to reporting usage statistics of our Service, Google Analytics, along with some advertising cookies, may be used to display more relevant ads from Google Inc. (based on search history and activity on our website), as well as to measure interactions with display ads from Google Inc. Google Analytics also uses cookies on our website to analyze your behavior, which are stored on the end user's device (computer, tablet, smartphone). Google anonymizes part of the end user's IP address as soon as it is collected, thus increasing your privacy. Google Inc. uses the information collected during the use of the website to evaluate usage, provide us with website activity reports, and provide other services related to website usage and internet usage.

Data processing by Google Analytics can be prevented by appropriately configuring your web browser, where you can install a browser plugin (available at the following link): https://tools.google.com/dlpage/gaoptout?hl=pl. Clicking this link will save the opt-out cookie in your browser, which will prevent access to data in the future when visiting our Service. For more information about how Google Inc. processes personal data when using Google Analytics, you can consult their privacy policy available at:

https://policies.google.com/technologies/partner-sites?hl=pl

Google Ads (cookies)

Google Ads uses "cookies" technology, which are text files placed on your device, to assess the correctness and effectiveness of the advertising activities conducted through the AdWords network.

Google collects data on its servers from the placement of cookies on devices and uses this information to generate reports and provide other services related to web traffic and usage.

Google may also share this information with third parties if required by law or when those parties process such information on behalf of Google

These data are never combined with the data provided in Section III and are solely used for statistical analysis and system error correction mechanisms.

If you do not agree to the placement of cookies on your device, you can block their placement by appropriately configuring your web browser. Instructions on how to do this can be found in the help files of your web browser. Unfortunately, if you block cookies, we cannot guarantee that the website will function properly.

If you agree to the placement of cookies by Google but wish to delete them after visiting waldin.pl, you can do so without risk. Information on how to do this can also be found in the help files of your web browser.

How to disable cookies in the browser?

How to disable cookies on mobile devices?

VIII. FINAL PROVISIONS

  1. This Privacy Policy is for informational purposes and serves to fulfill the obligations arising from Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
  2. The Administrator reserves the right to make changes to the Privacy Policy, in particular in the case of:
  3. changes in laws regarding personal data protection,
  4. technological changes affecting data processing,
  5. introduction of new services or functionalities on the Website.
  6. Any changes to the Privacy Policy will be published on the website www.waldin.pl, and in the case of significant changes – Users will be informed about them via communication channels provided to the Administrator (e.g., email).
  7. For matters not regulated by this Privacy Policy, the provisions of generally applicable law shall apply, in particular the GDPR, the Act of 18 July 2002 on the provision of electronic services, and the Act of 16 July 2004 – Telecommunications Law.
  8. This Policy is effective as of April 18, 2025.