Hotline:
+48 668 884 074
CONTENTS
1. GENERAL PROVISIONS
2. BASICS OF DATA PROCESSING
3. PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
4. RECIPIENTS OF DATA IN THE ONLINE STORE
5. PROFILING IN THE ONLINE STORE
6. RIGHTS OF THE DATA SUBJECT
7. COOKIES IN THE ONLINE STORE AND ANALYTICS
8. FINAL PROVISIONS
Last updated: December 16, 2025
1. GENERAL PROVISIONS
1.1.
This Online Store Privacy Policy is for informational purposes only, meaning it does not constitute a source of obligations for Service Users or Customers of the Online Store. The Privacy Policy primarily defines the principles of personal data processing by the Controller in the Online Store, including the basis, purposes, and periods of personal data processing, as well as the rights of data subjects. It also contains information regarding the use of cookies and analytical tools in the Online Store. The Online Store is operated using Shopify technology, which enables the Controller to provide the functionality of the Online Store, including the checkout process, order processing, and integration. This Privacy Policy describes how personal data is collected, used, and disclosed when you visit, use, or make a purchase through the Online Store.
1.2.
The Controller of personal data collected via the Online Store https://splinx-glow.com/ is JACEK BISIOREK, conducting business activity under the name SPLINX JACEK BISIOREK, entered into the Central Register and Information on Business Activity of the Republic of Poland kept by the minister responsible for economy, with its registered office and correspondence address: ul. Kościelna 1, 05-126 Kąty Węgierskie, NIP 5361019897, REGON 011787951, e-mail address: [email protected], hereinafter referred to as the "Controller", who is both the Service Provider of the Online Store and the Seller.
1.3.
Personal data in the Online Store are processed by the Controller in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as "GDPR" or "GDPR Regulation".
Official text of the GDPR:
http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
1.4.
Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by a Service User or Customer using the Online Store is voluntary, subject to two exceptions:
1.5.
The Administrator takes special care to protect the interests of the persons whose personal data it processes, and in particular ensures and is responsible for ensuring that the data collected by it are:
1.6.
Taking into account the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, the Controller implements appropriate technical and organizational measures to ensure and demonstrate compliance with the GDPR. These measures are reviewed and updated as necessary. The Controller implements technical security measures to prevent unauthorized access or modification of personal data transmitted electronically.
1.7.
All terms, expressions and abbreviations used in this Privacy Policy and beginning with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with the definitions contained in the Online Store Regulations available on the Online Store website.
1.8.
The Online Store is hosted and operated using Shopify technology. Shopify may collect and process personal data related to your access to and use of the Online Store to provide and improve its services and the technical functionality of the Online Store (including hosting, checkout, and payment integration). Information shared through the Online Store may be transferred to and processed by Shopify and third-party service providers integrated with the Online Store, including providers located outside your country of residence.
2. BASICS OF DATA PROCESSING
2.1.
The Controller is entitled to process personal data if – and to the extent that – at least one of the following conditions is met:
2.2.
The processing of personal data by the Controller always requires the existence of at least one of the grounds indicated in section 2.1 of this Privacy Policy. Detailed grounds for the processing of personal data of Service Users and Customers of the Online Store by the Controller are provided in the next chapter of this Privacy Policy – with reference to the specific purpose of data processing by the Controller.
3. PURPOSE, BASIS AND PERIOD OF DATA PROCESSING IN THE ONLINE STORE
3.1.
In each case, the purpose, legal basis, period and recipients of personal data processed by the Controller result from the actions undertaken by a given Service User or Customer in the Online Store or by the Controller.
3.2A. Scope of personal data processed
Depending on the functionality of the Online Store used, the Administrator processes the following categories of personal data:
a) Account details – in the case of creating and maintaining an Account:
– name and surname or company name,
– address (street, building/apartment number, postal code, city, country),
– email address,
– telephone number,
– password (stored in encrypted form),
– VAT number (if applicable).
b) Order details – in the case of placing and fulfilling an Order:
– delivery address,
– billing data,
- country,
– order details,
– payment confirmation and transaction reference data,
– correspondence related to the Order, complaints, returns or withdrawal from the contract.
c) Newsletter data – in the case of subscription to the Newsletter:
– email address.
Providing the above data is voluntary, but necessary to use the appropriate functionalities of the Online Store, conclude a Sales Agreement or receive the Newsletter.
3.2.
The Administrator may process personal data in the Online Store for the following purposes, on the following legal bases and for the periods indicated in the table below:
| Purpose of data processing | Legal basis for data processing | Data storage period |
| Execution of a Sales Agreement or an Agreement for the provision of Electronic Services or taking action at the request of the data subject before concluding such agreements | Article 6(1)(b) of the GDPR (performance of a contract) – processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at his or her request before entering into a contract | The data is stored for the period necessary to execute, terminate or otherwise expire the concluded Sales Agreement or Agreement for the Provision of Electronic Services. |
| Direct marketing | Article 6(1)(f) of the GDPR (legitimate interest of the controller) – processing is necessary to pursue the legitimate interests of the Controller, consisting in taking care of the interests and good image of the Controller, its Online Store and striving to sell Products | Data is stored for the duration of the Controller's legitimate interest, but no longer than until the expiration of the limitation period for the Controller's claims against the data subject arising from the data subject's business activity. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to business activity is three years, and for Sales Agreements – two years). The Controller may not process data for direct marketing purposes in the event of an effective objection by the data subject. |
| Marketing | Article 6(1)(a) of the GDPR (consent) – the data subject has consented to the processing of his or her personal data for marketing purposes by the Controller | The data is stored until the data subject withdraws consent to further processing of the data for this purpose. |
| Maintaining tax records | Article 6, section 1, letter c of the GDPR in conjunction with Article 86, section 1 of the Act of 17 January 2017 – Tax Ordinance (Journal of Laws of 2017, item 201, as amended) – processing is necessary to fulfil a legal obligation to which the Controller is subject | The data is stored for the period required by law imposing on the Controller the obligation to store tax documentation (until the expiry of the limitation period for the tax liability, unless tax law provides otherwise). |
| Establishing, pursuing or defending claims that may be filed by or against the Administrator | Article 6(1)(f) of the GDPR (legitimate interest of the controller) – processing is necessary to pursue the legitimate interests of the Controller, consisting in establishing, pursuing or defending claims that may be filed by the Controller or against the Controller | The data is stored for the duration of the legitimate interest pursued by the Controller, but no longer than until the expiry of the limitation period for claims that may be brought against the Controller (the basic limitation period for claims against the Controller is six years). |
| Using the Online Store website and ensuring its proper functioning | Article 6(1)(f) of the GDPR (legitimate interest of the controller) – processing is necessary to pursue the legitimate interests of the Controller, consisting in running and maintaining the Online Store website | Data is stored for the duration of the Controller's legitimate interest, but no longer than until the expiration of the limitation period for the Controller's claims against the data subject arising from its business activities. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for Sales Agreements – two years). |
| Maintaining statistics and analyzing traffic in the Online Store | Article 6, paragraph 1, letter f of the GDPR (legitimate interest of the Controller) – processing is necessary to pursue the legitimate interests of the Controller, consisting in keeping statistics and analysing traffic in the Online Store in order to improve its operation and increase sales of Products | Data is stored for the duration of the Controller's legitimate interest, but no longer than until the expiration of the limitation period for the Controller's claims against the data subject arising from its business activities. The limitation period is specified by law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for Sales Agreements – two years). |
3.3.
Territorial scope (international sales)
The scope of personal data processing and applicable data retention periods may vary depending on the Customer's country of residence, in particular in connection with statutory consumer rights, tax and accounting obligations and customs requirements applicable in the European Union and third countries.
4. RECIPIENTS OF DATA IN THE ONLINE STORE
4.1.
For the proper functioning of the Online Store, including the execution of concluded Sales Agreements, the Controller must utilize the services of external entities (such as software providers, courier companies, or payment processors). The Controller only uses processors that provide sufficient guarantees to implement appropriate technical and organizational measures to ensure that the processing meets the requirements of the GDPR and protects the rights of data subjects. The Controller uses the Shopify e-commerce platform, operated by Shopify Inc. (Canada) and Shopify International Ltd. (Ireland), which acts as a data processor on behalf of the Controller. Shopify provides the technological infrastructure necessary to operate the Online Store, including hosting, order processing, customer accounts, the checkout process, and payment integration.
4.2.
Personal data may be transferred by the Controller to a third country. When transferring personal data outside the European Economic Area or the United Kingdom, such transfers are based on appropriate safeguards, in particular the European Commission's Standard Contractual Clauses (SCCs) or other legally recognized data transfer mechanisms, unless the transfer takes place to a country that ensures an adequate level of protection under applicable law. This may apply in particular to processing carried out in connection with the use of the Shopify platform and integrated service providers. The Controller ensures that data subjects have the right to obtain a copy of their data. The Controller only transfers collected personal data if and to the extent necessary to achieve the data processing purposes in accordance with this Privacy Policy.
4.3.
The Controller does not transfer data in every case or to all recipients or categories of recipients indicated in this Privacy Policy – the Controller transfers data only when it is necessary to achieve a specific purpose of personal data processing and only to the extent necessary to achieve that purpose.
4.4.
The personal data of Service Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
4.4.1. Carriers / freight forwarders / courier brokers / entities handling warehousing and/or shipping processes
In the case of a Customer who uses the delivery of the Product by post or courier, the Administrator transfers the collected personal data of the Customer to the selected carrier, forwarder or intermediary carrying out the shipment on behalf of the Administrator, and if the shipment is from an external warehouse - to the entity handling the storage and/or shipment process - to the extent necessary to deliver the Product to the Customer.
4.4.2. Entities handling electronic or card payments
For Customers who use electronic or card payments, the Administrator transfers the Customer's collected personal data to payment service providers that process such payments, in particular Shopify Payments (operated by entities within the Shopify group) and other payment methods displayed during the ordering process (checkout), to the extent necessary to process the Customer's payment. The Administrator does not store or process payment card data. Payment card data is processed directly by certified payment service providers in accordance with applicable security standards, including PCI DSS.
4.4.3. Service providers providing the Controller with technical, IT and organizational solutions
They enable the Controller to conduct business activities, including running an Online Store and providing Electronic Services through it (in particular, suppliers of software for running the Online Store, e-mail and hosting providers, as well as suppliers of company management software and technical support for the Controller).
The Administrator transfers the collected personal data of the Customer to a selected supplier acting on his behalf only when and to the extent necessary to achieve the purpose of data processing in accordance with this Privacy Policy.
4.4.4. Accounting, Legal, and Advisory Service Providers
These entities provide the Controller with accounting, legal or advisory support (in particular accounting offices, law firms or debt collection companies).
The Administrator transfers the collected personal data of the Customer to a selected supplier acting on his behalf only when and to the extent necessary to achieve the purpose of data processing in accordance with this Privacy Policy.
4.4.5. Providers of plug-ins, scripts and similar tools placed on the Online Store website
They enable the browser of the visitor to the Online Store website to download content from the providers of these plug-ins (e.g. logging in using data from a social networking site) and to transmit the visitor's personal data to these providers for this purpose, including in particular:
4.4.5.1. Meta Platforms Ireland Ltd.
The Administrator uses Facebook social plugins on the Online Store website (e.g. the "Like", "Share" buttons or logging in using Facebook data) and therefore collects and transfers personal data of the Service User using the Online Store website to Meta Platforms Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to the extent and on the terms specified in the privacy policy available here: https://www.facebook.com/about/privacy/.
This data includes information about activity on the Online Store website – including information about the device, pages visited, purchases, displayed advertisements and use of services – regardless of whether the Service User has a Facebook account and is logged in to Facebook.
4.4.6. Customs authorities, tax authorities and international carriers (international sales)
In connection with international sales and deliveries outside the Customer's country, personal data may be transferred to customs authorities, tax authorities and international carriers or logistics partners in the destination country, to the extent required by applicable laws and regulations, in particular for the purposes of customs clearance, settlement of taxes and duties and delivery of Products.
These data are transferred only to the extent necessary to fulfil statutory obligations and fulfil the Order.
5. PROFILING IN THE ONLINE STORE
5.1.
The GDPR imposes on the Controller an obligation to provide information about automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and – at least in such cases – an obligation to provide meaningful information about the principles of such processing, as well as the significance and envisaged consequences of such processing for the data subject. With this in mind, the Controller presents information regarding possible profiling below.
5.2.
The Controller may use profiling in the Online Store for direct marketing purposes; however, decisions made by the Controller on this basis do not concern the conclusion or refusal to conclude a Sales Agreement or the ability to use Electronic Services in the Online Store. Profiling in the Online Store may result in, for example, granting a discount, sending a discount code, reminding about unfinished purchases, sending a product suggestion that may suit the individual's interests or preferences, or offering better terms compared to the standard Online Store offer. Despite the use of profiling, the individual decides whether to take advantage of such a discount or preferential terms and make a purchase in the Online Store.
5.3.
Profiling in the Online Store involves the automated analysis or prediction of a person's behavior on the Online Store website—for example, by adding a specific Product to the shopping cart, viewing a specific Product page in the Online Store, or analyzing the history of previous purchases in the Online Store. The condition for such profiling is that the Administrator has the person's personal data so that it can then send, for example, a discount code.
5.4.
The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar manner.
6. RIGHTS OF THE DATA SUBJECT
6.1. Right to access, rectify, restrict, delete or transfer data
The data subject has the right to request from the Controller access to, rectification, erasure ("right to be forgotten"), or restriction of processing of their personal data, as well as the right to object to processing and the right to data portability. Detailed conditions for exercising these rights are set out in Articles 15–21 of the GDPR.
6.2. Right to withdraw consent at any time
If the processing of personal data by the Controller is based on the consent given by the data subject (pursuant to Article 6 paragraph 1 letter a or Article 9 paragraph 2 letter a of the GDPR), the data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
6.3. Right to lodge a complaint with the supervisory authority
The person whose personal data are processed by the Controller has the right to lodge a complaint with the supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act.
The supervisory authority in Poland is the President of the Personal Data Protection Office (PUODO).
6.4. Right to object
The data subject has the right to object at any time, on grounds relating to his or her particular situation, to processing of his or her personal data based on point (e) (public interest or exercise of official authority) or point (f) (legitimate interest of the controller), including profiling based on those provisions. In such a case, the Controller may no longer process the personal data unless he or she can demonstrate compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
6.5. Right to object to direct marketing
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of his or her personal data for such marketing purposes, including profiling to the extent that it is related to such direct marketing.
6.6. Exercise of rights
In order to exercise the rights referred to in this chapter of the Privacy Policy, the data subject may contact the Controller by sending an appropriate message in writing or by e-mail to the Controller's address indicated at the beginning of this Privacy Policy or by using the contact form available on the Online Store website.
7. COOKIES IN THE ONLINE STORE AND ANALYTICS
7.1.
Cookies are small pieces of information in the form of text files sent by the server and stored on the device of a visitor to the Online Store (e.g., on the hard drive of a computer, laptop, or smartphone's memory card – depending on the device used by the visitor). Detailed information about cookies, including their history, can be found here: https://en.wikipedia.org/wiki/HTTP_cookie.
7.2.
Cookies that may be sent by the Online Store website can be divided into different types according to the following criteria:
By supplier:
7.3.
The Administrator may process data contained in cookies when visitors use the Online Store website for the following specific purposes:
The purpose of using cookies in the Administrator's Online Store:
– identifying Service Users as logged in to the Online Store and indicating that they are logged in (essential cookies);
– remembering Products added to the basket in order to place an Order (essential cookies);
– remembering data entered in order forms, surveys or login details to the Online Store (necessary and/or functional/preference cookies);
– adapting the content of the Online Store website to the individual preferences of the Service User (e.g. colours, font size, page layout) and optimising the use of the Online Store websites (functional/preference cookies);
– preparing anonymous statistics showing how the Online Store website is used (analytical and performance cookies);
– displaying and rendering advertisements, limiting the number of ad displays, skipping unwanted advertisements, measuring the effectiveness of advertisements and personalising advertisements – i.e. examining the behavioural characteristics of visitors to the Online Store by anonymously analysing their activities (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and deliver advertisements tailored to their presumed interests, also when they visit other websites within the advertising networks of Google Ireland Ltd. and Meta Platforms Ireland Ltd. (marketing, advertising and social media cookies).
7.4.
You can check in the most popular browsers which cookies (including their lifetime and provider) are currently being sent by the Online Store website as follows:
• In Chrome:
(1) click the lock icon on the left side of the address bar;
(2) go to the "Cookies" tab.
• In Firefox:
(1) click the shield icon on the left side of the address bar;
(2) go to the "Allowed" or "Blocked" tab;
(3) click "Cross-site tracking cookies," "Social media trackers," or "Content with trackers."
• In Internet Explorer:
(1) click the "Tools" menu;
(2) go to "Internet Options";
(3) open the "General" tab;
(4) go to "Settings";
(5) click "View files".
• At the Opera:
(1) click the lock icon on the left side of the address bar;
(2) go to the "Cookies" tab.
• In Safari:
(1) click the "Preferences" menu;
(2) open the "Privacy" tab;
(3) click "Manage website data".
Regardless of the browser, you can also use the tools available, for example, at https://www.cookiemetrix.com/ or https://www.cookie-checker.com/.
7.5.
Essential Cookies are required for the proper functioning of the Online Store (e.g., maintaining your shopping cart and completing the ordering process). Refusing to accept non-essential Cookies (e.g., analytical or marketing cookies) should not prevent you from placing an Order. You can also restrict or disable Cookies in your browser settings; however, disabling essential Cookies may affect some key functionalities of the Online Store.
7.6.
Browser settings allow you to manage cookies, including deleting them or blocking their storage. Detailed information on changing cookie settings and deleting cookies in the most popular browsers is available in your browser's help section or on the following websites:
• Chrome
• Firefox
• Internet Explorer
• Opera
• Safari
• Microsoft Edge
7.6A.
To the extent required by applicable law, the Administrator collects consent to the use of non-essential cookies via a cookie consent banner/consent management tool displayed upon first visit to the Online Store. Consent may be withdrawn or changed at any time via the cookie settings available on the website (e.g., via the dedicated cookie settings link in the footer) or in the consent banner interface.
7.7.
The Administrator may use Google Analytics 4 (GA4), a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to compile statistics and analyze traffic on the Online Store. To the extent required by applicable law, GA4 is used only after you have consented to analytical Cookies via the cookie consent banner/consent management tool. The collected data is processed as part of these services to generate statistics that aid in the administration of the Online Store and traffic analysis. The data is aggregated. By using these services on the Online Store, the Administrator collects data such as the sources and means of acquiring visitors to the Online Store, their behavior on the website, device and browser information, IP and domain data, geographic and demographic data (age, gender), and interests.
7.8.
It is possible for the user to easily block Google Analytics from sharing information about their activity on the Online Store website – for example, by installing a browser add-on provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=en.
7.9.
In connection with the possible use by the Controller of advertising and analytical services provided by Google Ireland Ltd., the Controller informs that full information on the principles of processing data of visitors to the Online Store (including information stored in cookies) by Google Ireland Ltd. can be found in the privacy policy of Google services at: https://policies.google.com/technologies/partner-sites.
8. FINAL PROVISIONS
8.1.
The Online Store website may contain links to other websites. The Administrator encourages users to review their privacy policies after visiting other websites. This Privacy Policy applies solely to the Administrator's Online Store.
8.2.
The Online Store may contain links to websites or online services operated by third parties. The Administrator is not responsible for the privacy practices, content, or security of such third-party websites or services. After leaving the Online Store and navigating to third-party websites, Customers are encouraged to review the applicable privacy policies and terms of use of those websites. This Privacy Policy applies solely to personal data processed by the Administrator in the Online Store.
