Privacy Policy

 

Privacy Policy

 

 

 

 

1) Information Regarding the Collection of Personal Data and Contact Details of the Controller

 


1.1 We are pleased with your interest in our website. In this document, we inform you about how we handle your personal data when you use our site. Personal data means all information that can be used to identify a natural person.


1.2 The controller of personal data within the meaning of the GDPR (General Data Protection Regulation) is Anna & Maria. The controller is a natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.


1.3 To ensure the security and protection of the transmission of personal data and confidential content (e.g., orders, inquiries), this website uses SSL or TLS encryption. An encrypted connection can be recognized by the “https://” prefix in the address bar and the padlock symbol in your browser.

 

 

 

2) Collection of Data During a Website Visit

 


When you visit our website purely for informational purposes, only the data transmitted by your browser to our server (so-called server log files) are processed. These data include, among others:

 

  • the page visited,

  • date and time of access,

  • amount of data transferred,

  • the source/referrer from which you accessed the site,

  • the browser used,

  • operating system,

  • IP address (in anonymized form).

 


Processing takes place on the basis of Art. 6 (1) (f) GDPR to ensure the stability and security of the operation of the site.

 

 

 

3) Cookies

 


To make the use of our site more attractive and to enable the operation of certain functions, we use cookies. These may include:

 

  • Session cookies (deleted after closing the browser),

  • Persistent cookies (allowing the browser to be recognized upon return visits).

 


These files may process information such as: browser data, location, IP address. Some of them are used to simplify the ordering process (e.g., saving the contents of the shopping cart).


The legal basis is Art. 6 (1) (b) GDPR (performance of a contract) and Art. 6 (1) (f) GDPR (legitimate interest of the controller).


You can configure your browser to notify you about the use of cookies, allow you to block them, or completely disable them. Please note, however, that refusing cookies may limit the functionality of the website.

 

 

 

4) Contacting Us

 


When contacting us (e.g., via the contact form or email), we collect personal data to the extent necessary to respond. The legal basis is Art. 6 (1) (f) GDPR (legitimate interest) or – in the case of inquiries aimed at concluding a contract – Art. 6 (1) (b) GDPR.

 

 

 

5) Data Processing When Creating an Account and Executing a Contract

 


When registering an account or placing an order, the data are processed for the purpose of fulfilling the contract (Art. 6 (1) (b) GDPR). We store the data until the expiry of statutory tax and commercial obligations, after which they are deleted, unless you consent to further use.

 

 

 

6) Newsletter / Direct Marketing

 


You can subscribe to our newsletter by providing your email address. The sending of newsletters is based on your consent (Art. 6 (1) (a) GDPR). You may withdraw your consent at any time by clicking the unsubscribe link in the footer of the newsletter.

 

 

 

7) Data Processing for Order Fulfillment

 


We transfer data only to entities necessary for the fulfillment of the order: courier companies and payment service providers.


Examples of payment providers:

 

  • PayPal – For payments by card or transfer via PayPal, the data are transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.

  • SOFORT / Klarna – For this method, data are transmitted to Sofort GmbH (part of the Klarna Group).

 

 

 

 

8) Rights of Data Subjects

 


You have the right to:

 

  • Access your data (Art. 15 GDPR),

  • Rectification (Art. 16 GDPR),

  • Erasure (Art. 17 GDPR),

  • Restriction of processing (Art. 18 GDPR),

  • Data portability (Art. 20 GDPR),

  • Object to processing (Art. 21 GDPR),

  • Withdraw consent (Art. 7 (3) GDPR),

  • Lodge a complaint with a supervisory authority (in Poland: UODO).

 

 

 

 

9) Duration of Data Storage

 


Data are stored for the period required by law (e.g., tax regulations). After this period, the data are deleted unless you have consented to further use.