Privacy policy

  • PRIVACY POLICY – https://splinx-glow.com

    CONTENTS
    1. General provisions
    2. Basics of data processing
    3. Purpose, basis and period of data processing
    4. Recipients of data
    5. Profiling
    6. Rights of the data subject
    7. Cookies and analytics
    8. Final provisions

    Last updated: December 16, 2025

  • 1. GENERAL PROVISIONS

    1.1. This Privacy Policy is for informational purposes only and does not constitute a source of obligations for Service Users or Customers. It defines the principles of personal data processing, including basis, purposes and periods of processing, rights of data subjects, and information on cookies and analytical tools. The Online Store operates using Shopify technology.

    1.2. The Controller of personal data collected via https://splinx-glow.com/ is JACEK BISIOREK, conducting business under the name SPLINX JACEK BISIOREK, registered in CEIDG, with registered office: ul. Kościelna 1, 05-126 Kąty Węgierskie, NIP: 5361019897, REGON: 011787951, e-mail: store@splinx-glow.com

    1.3. Personal data processed in accordance with GDPR (Regulation EU 2016/679).
    Official text: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

    1.4. Providing personal data is voluntary, except:
    - when data is required to conclude a Sales Agreement or Electronic Services Agreement;
    - when required by statutory obligations of the Controller (e.g. tax or accounting purposes).

    1.5. The Controller ensures that collected data is processed lawfully, collected for specified purposes, factually correct, stored no longer than necessary, and appropriately secured.

    1.6. The Controller implements appropriate technical and organizational measures to ensure GDPR compliance and reviews them regularly.

    1.7. Terms used in this Privacy Policy should be understood in accordance with definitions in the Online Store Terms and Conditions.

    1.8. The Online Store is hosted on Shopify Inc. (Canada) / Shopify International Ltd. (Ireland). More information: Shopify Consumer Privacy Policy

  • 2. BASICS OF DATA PROCESSING

    2.1. The Controller processes personal data when at least one of the following conditions is met:
    - the data subject has consented to processing;
    - processing is necessary for the performance of a contract or pre-contractual steps;
    - processing is necessary to comply with a legal obligation;
    - processing is necessary for the legitimate interests of the Controller or a third party.

    2.2. Detailed grounds for processing are specified in chapter 3.

  • 3. PURPOSE, BASIS AND PERIOD OF DATA PROCESSING

    3.1. The purpose, legal basis, period and recipients of data result from the actions taken by Service Users or Customers in the Online Store.

    3.2A. The Controller processes the following categories of personal data:
    - Account data: name/company name, address, e-mail, phone, password, VAT number (if applicable).
    - Order data: delivery address, billing data, order details, payment confirmation, correspondence.
    - Newsletter data: e-mail address.

    3.2. Purposes and legal bases for data processing:

    Performance of Sales Agreement
    Legal basis: Article 6(1)(b) GDPR
    Period: for the time necessary to execute, terminate or expire the Agreement.

    Direct marketing
    Legal basis: Article 6(1)(f) GDPR (legitimate interest)
    Period: until expiry of limitation period for claims (generally 3 years for business activity, 2 years for Sales Agreements). Controller may not process data after an effective objection.

    Marketing based on consent
    Legal basis: Article 6(1)(a) GDPR
    Period: until withdrawal of consent.

    Maintaining tax records
    Legal basis: Article 6(1)(c) GDPR
    Period: for the period required by tax law.

    Establishing, pursuing or defending claims
    Legal basis: Article 6(1)(f) GDPR
    Period: until expiry of limitation period (generally 6 years).

    Running and maintaining the Online Store
    Legal basis: Article 6(1)(f) GDPR
    Period: until expiry of limitation period (2–3 years).

    Statistics and traffic analysis
    Legal basis: Article 6(1)(f) GDPR
    Period: until expiry of limitation period (2–3 years).

    3.3. Territorial scope: the scope of data processing and retention periods may vary depending on the Customer's country of residence, particularly in connection with EU and third-country requirements.

  • 4. RECIPIENTS OF DATA

    4.1. The Controller uses external processors that guarantee GDPR compliance. The Controller uses the Shopify platform (Shopify Inc., Canada and Shopify International Ltd., Ireland).

    4.2. Data may be transferred to third countries based on Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms.

    4.3. The Controller transfers data only when necessary to achieve a specific processing purpose.

    4.4. Categories of recipients:
    - Carriers, freight forwarders, courier companies — to the extent necessary for delivery.
    - Payment service providers (Shopify Payments) — to the extent necessary to process payment. Controller does not store card data. Processing in accordance with PCI DSS.
    - IT, hosting and e-mail service providers.
    - Accounting firms, law firms, debt collection companies.
    - Meta Platforms Ireland Ltd. — in connection with Facebook plugins on the Store. Privacy policy: https://www.facebook.com/about/privacy/
    - Customs authorities, tax authorities, international carriers — for international sales.

  • 5. PROFILING

    5.1. The Controller may use profiling for direct marketing purposes. Decisions based on profiling do not concern the conclusion or refusal of a Sales Agreement.

    5.2. Profiling may result in e.g. a discount, discount code or product recommendation. The individual decides whether to take advantage of such offers.

    5.3. Profiling involves automated analysis of behavior on the Store website (e.g. adding products to cart, purchase history).

    5.4. The data subject has the right not to be subject to a decision based solely on automated processing producing legal effects or significantly affecting them.

  • 6. RIGHTS OF THE DATA SUBJECT

    6.1. Right to access, rectify, erase, restrict processing, object and data portability (Articles 15–21 GDPR).

    6.2. Right to withdraw consent at any time — without affecting the lawfulness of processing before withdrawal.

    6.3. Right to lodge a complaint with the supervisory authority — in Poland: President of the Personal Data Protection Office (PUODO).

    6.4. Right to object to processing based on Article 6(1)(e) or (f) GDPR.

    6.5. Right to object to direct marketing at any time.

    6.6. To exercise your rights, contact the Controller: store@splinx-glow.com

  • 7. COOKIES AND ANALYTICS

    7.1. Cookies are text files stored on the user's device. More information: wikipedia.org/wiki/HTTP_cookie

    7.2. Types of cookies:
    - By provider: own (first-party) and external (third-party).
    - By storage period: session and persistent.
    - By purpose: essential, functional/preferential, analytical and performance, marketing and advertising.

    7.3. Purposes of using cookies:
    - identifying logged-in users;
    - remembering cart contents;
    - remembering form data;
    - adapting content to user preferences;
    - compiling anonymous statistics;
    - displaying personalized ads (Google and Meta networks).

    7.4. How to check cookies in your browser:
    - Chrome: lock icon in address bar → Cookies
    - Firefox: shield icon → Allowed/Blocked
    - Safari: Preferences → Privacy → Manage website data
    - Opera: lock icon in address bar → Cookies
    Online tools: cookiemetrix.com, cookie-checker.com

    7.5. Essential cookies are required for the proper functioning of the Store. Refusing non-essential cookies should not prevent placing an Order.

    7.6. Cookie management available through browser settings: Chrome, Firefox, Internet Explorer, Opera, Safari, Microsoft Edge.

    7.6A. Consent for non-essential cookies is collected via a consent banner on first visit. Consent may be withdrawn or changed at any time.

    7.7. The Controller may use Google Analytics 4 (GA4) — Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. GA4 used only after consent to analytical cookies.

    7.8. Block GA4: Google Analytics Opt-out

    7.9. Full information on Google's data processing: policies.google.com

    7.10. The Controller may collect data based on interactions with the Store and share it with advertising partners for purposes described in this Policy.

    7.11. Sharing data for targeted advertising may be considered "selling" or "sharing" personal data under applicable privacy laws. Opt-out available by withdrawing consent to marketing cookies.

    7.12. The Global Privacy Control (GPC) signal is treated as an opt-out request from actions considered sale or sharing of personal data, to the extent required by applicable law.

  • 8. FINAL PROVISIONS

    8.1. The Online Store may contain links to other websites. This Privacy Policy applies solely to the Controller's Online Store.

    8.2. The Controller is not responsible for the privacy practices of third-party websites. After leaving the Store, customers are encouraged to review the applicable privacy policies of those websites.