Privacy Policy

Last updated: April 5, 2026 | GDPR Compliant

1. Data Controller

The data controller for personal data collected through kwiaciarniaonline.com ("Website") is KwiaciarniaOnline.com, operated by its registered business entity ("we", "us", "Controller"). Contact: kontakt@kwiaciarniaonline.com.

2. Legal Basis for Processing

We process personal data based on the following legal grounds under Article 6 of the General Data Protection Regulation (EU) 2016/679 ("GDPR"):

Purpose	Legal Basis (Art. 6 GDPR)
Order fulfillment and delivery	Performance of a contract (Art. 6(1)(b))
Payment processing	Performance of a contract (Art. 6(1)(b))
Account registration	Performance of a contract (Art. 6(1)(b))
Customer service and complaints	Performance of a contract (Art. 6(1)(b))
Tax and accounting obligations	Legal obligation (Art. 6(1)(c))
Fraud prevention	Legitimate interest (Art. 6(1)(f))
Marketing emails (newsletter)	Consent (Art. 6(1)(a))
Analytics and website improvement	Legitimate interest (Art. 6(1)(f))
Cookie-based tracking	Consent (Art. 6(1)(a)) — see Cookie Policy

3. What Data We Collect

Data you provide directly:

Name, email address, phone number, delivery address
Company name and tax ID (if applicable)
Account credentials (email + password hash)
Order details and purchase history
Correspondence with our support team

Data collected automatically:

IP address, browser type, operating system
Pages visited, time spent, referring URL
Device identifiers and screen resolution
Cookie data (see Cookie Policy)

4. Data Recipients and Processors

We share personal data only with trusted third-party processors who assist in operating our business:

Processor	Purpose	Location
SIX Payment Services (Saferpay)	Payment processing	Switzerland / EU
Supabase Inc.	Database and authentication	EU (Frankfurt)
Netlify Inc.	Website hosting	USA (with EU SCCs)
SendGrid (Twilio)	Transactional emails	USA (with EU SCCs)
Shipping carriers	Order delivery	EU

All processors are bound by data processing agreements (DPAs) ensuring GDPR compliance. Where data is transferred outside the EU/EEA, appropriate safeguards (Standard Contractual Clauses) are in place.

5. Data Retention

Order data: retained for 5 years after the last transaction (tax/accounting obligation).
Account data: retained until account deletion or 3 years of inactivity.
Marketing consent: retained until withdrawn.
Analytics data: anonymized after 26 months.
Support correspondence: retained for 2 years after resolution.

6. Your Rights

Under the GDPR, you have the following rights:

Right of access (Art. 15) — obtain a copy of your personal data.
Right to rectification (Art. 16) — correct inaccurate data.
Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten").
Right to restrict processing (Art. 18) — limit how we use your data.
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
Right to object (Art. 21) — object to processing based on legitimate interest, including profiling.
Right to withdraw consent (Art. 7(3)) — withdraw consent at any time without affecting prior processing.
Right to lodge a complaint with a supervisory authority (e.g., UODO in Poland, or your national DPA).

To exercise your rights, contact us at: kontakt@kwiaciarniaonline.com. We will respond within 30 days.

7. Security

We implement appropriate technical and organizational measures to protect personal data, including: TLS/SSL encryption for all data in transit, encrypted password storage (bcrypt hashing via Supabase Auth), PCI-DSS compliant payment processing, access controls and regular security reviews.

8. Children

Our Website is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us for immediate deletion.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of the Website after changes constitutes acceptance of the revised policy.

10. Contact

Data Controller: KwiaciarniaOnline.com
Email: kontakt@kwiaciarniaonline.com
Website: kwiaciarniaonline.com