Privacy policy

  • General Provisions

Capitalized terms not defined herein shall have the meanings assigned to them in the Terms of Service available at: https://quicklaces.pl/regulamin.

This document sets out the principles for the processing and protection of personal data of Clients of the website available at https://quicklaces.pl ("Privacy Policy").

The Controller of personal data ("Personal Data") of Clients – natural persons – and users (Data Subjects) of the website is Mateusz Dziuda, ul. Targowa 161, 95-015 Głowno, Poland. Tax ID (NIP): 7331323261.

The Controller has not appointed a Data Protection Officer.

Personal Data referred to in this Privacy Policy means information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

The Service Provider processes Personal Data in accordance with applicable law, particularly Polish law and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

Processing, as used in this Privacy Policy, means any operation or set of operations performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, etc.

  • Scope and Purpose of Data Collection

Personal Data is processed by the Controller in order to enable use of the website’s functionality, including automatically while using the website, for the following purposes:

  • Registration on the website – data processed: name, email address, password, IP address, cookies;
  • Concluding agreements and placing orders – data processed: name, address (street, house number, city and postal code), phone number, order number, IP address, cookies or other data provided by the Client;
  • Efficient operation and security of the website and online store, detection of abuse, analytics – data processed: same as above;
  • Fulfilling Service Provider's obligations, especially complaints handling – data processed: name, email, phone number, address, IP, cookies, bank account number;
  • Publication of content – data processed: name, email, nickname, IP address, cookies;
  • Marketing and automated decision-making (e.g., remarketing) – data processed: name, email, nickname, IP address, cookies.
  • Legal Basis for Data Processing

The legal bases for processing Personal Data are:

  • Consent of the data subject;
  • Necessity to perform a contract or take steps prior to entering into a contract;
  • Legal obligation of the Controller;
  • Legitimate interests pursued by the Controller or a third party (e.g., payment operators). This basis does not apply to children.

Where consent is the basis and concerns children, data is only processed if the child is at least 16 years old.

  • Data Retention Period

Personal Data collected on the website will be retained for accounting purposes for up to 5 years from the end of the calendar year in which the tax payment deadline occurred. In other justified cases, data will be retained as long as there is a legal basis unless a longer period is required by law (e.g., for proceedings).

Marketing data is stored until consent is withdrawn or an objection is submitted.

After the specified periods, data will be deleted or anonymized.

  • Voluntary Provision of Data

Providing Personal Data is voluntary but necessary to achieve one or more purposes described above. If not provided, certain services cannot be performed.

  •  Profiling

Personal Data may be processed automatically, including profiling, based on purchase behavior, activity in the Service Provider’s sales channels (e.g., IP address, cookies), sociodemographic data (e.g., gender, age, location) to tailor marketing content to individual preferences.

Profiling does not result in decisions that produce legal effects or similarly significantly affect the user.

  • Cookies

When using the website, data is also automatically collected in system logs through cookies.

Cookies collect IP address, device type, connection time, and other data used to adjust the site to user preferences and to compile anonymous statistics.

Cookies are used to:

  • maintain user sessions;
  • adjust and optimize the site to user needs;
  • personalize marketing content;
  • ensure site security.

Session cookies (deleted after closing the browser) and persistent cookies (stored for a defined period) are used.

Users can change their cookie settings at any time via their browser. Blocking cookies may impact some site functionalities.

Cookies from Service Provider’s partners may be used for marketing personalization. This Policy does not govern third-party cookie use. For details, refer to the partners’ websites.

The website may also use web beacons (invisible graphics) to collect analytics data (e.g., IP, URL, browser type).

  • Rights and Duties of the Service Provider

The Service Provider reserves the right to disclose selected Personal Data to authorities or third parties based on a legal obligation.

Data may be entrusted under written agreements to hosting providers, analytics services, campaign managers, and providers of services necessary to fulfill orders and complaints, including couriers, banks, insurance, and financial institutions.

  • Data Processing by Processors

Processors are entities processing Personal Data on behalf of the Controller.

They may process data:

  • only for purposes specified by the Controller;
  • only within the EU, EEA, or in countries ensuring adequate data protection;
  • under legal, technical, and organizational safeguards ensuring confidentiality and availability;
  • under obligation not to use or disclose data for other purposes.

If a Data Subject contacts a Processor directly, the Processor must forward the request to the Controller within 5 business days.

Processors are liable for damages caused by their acts or omissions.

  • Data Subject Rights

Each Client has the right to:

  • access their Personal Data;
  • rectify, delete or restrict processing;
  • object to processing or withdraw consent at any time (without affecting past lawful processing);
  • data portability;
  • lodge a complaint with the relevant supervisory authority (in Poland: President of the Personal Data Protection Office).

To exercise these rights, contact: kontakt@quicklaces.pl.

When posting data of third parties (e.g., name, address, phone, email), the Client must ensure compliance with their rights and applicable laws.

  • Data Security

The Service Provider:

  • applies security measures required by law;
  • ensures continuous confidentiality, integrity, availability and system resilience;
  • performs regular security tests and monitoring.

Security incidents or suspicious activity should be reported to: kontakt@quicklaces.pl.

  • Final Provisions

In matters not covered by this Privacy Policy, applicable data protection laws, including the GDPR, shall apply.