Page header

Phone: +48 71 313 91 91        E-mail:

Home

Search

Favorites
Order
Contact
  1. Home page
  2. Privacy Policy

Privacy Policy

PRIVACY POLICY

§1
Definitions

  1. Controller - BARTEK CANDLES Małgorzata i Janusz Bryłkowscy Sp. Jawna, ul. Wójcicka 12, Bystrzyca, 55-200 Oława, KRS: 0000148740, NIP: 912-16-39-326
  2. Personal data - any information relating to a natural person identified or identifiable by reference to one or more specific identifiers such as device IP, internet identifier and information collected via cookies, or another similar technology.
  3. Policy - this Privacy Policy.
  4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  5. Website - the Internet website operated by the Controller at bartek-candles.com
  6. User - any natural person visiting the Website or using one or more of the services or functionalities described in this Policy.

 

§2
Processing of Personal Data in Connection with the Use of the Website

In connection with the User's use of the Website, the Controller collects data to the extent necessary to provide its services. The following describes specific principles and purposes of processing of Personal Data collected during the User's use of the Website.

 

§3
Scope of Personal Data Collected

  1. During User's Website visits the Controller automatically collects data related to the User's activity, such as the time spent on the website, search terms, number of sub-pages displayed, date and source of the visit, with Google Analytics tool.
  2. The User may submit their data to register an account with the online shop. The form requires the User to provide identification and contact details to the extent necessary to use the account and complete the purchase. Optionally, it is also possible to provide additional data. In particular, User's account will store orders, favourite products, payment history and complaints.
  3. If the User makes a purchase without account registration, the User will provide the data necessary to complete the purchase, payment and delivery.
  4. The Website allows the User to contact the Controller and provide them with identification and contact details, as well as message content.
  5. With the User's consent, the Controller may collect the User's contact and/or analytical data for marketing purposes.
  6. In order to protect the User's privacy, the Controller enabled the IP address anonymisation function, which truncates the User's IP address before it is stored or further processed by Google. This ensures that the IP address is not stored in its full form and that the User may not be identified solely on the basis of this identifier.
  7. The User may block Google Analytics by installing Google’s plug-in: https://tools.google.com/dlpage/gaoptout


§4
Personal Data Sources

  1. The Controller collects Personal Data provided directly by the User.
  2. The User may provide details of another person authorised to receive their order, in which case he or she is the source of the recipient's data.

 

§5
Purpose and Legal Basis for Personal Data Processing

Personal Data may be processed by the Controller to:

  1. analyse web traffic, ensure security within the Website and tailor content to the User's needs in line with legitimate interests pursued by the Controller (legal basis: Article 6(1)(f) GDPR);
  2. answer the User's questions, provide the User’s with an offer requested, and correspond with the User in order to complete their business, with User's consent, and in line with legitimate interests pursued by the Controller in fulfilling the User's requests (legal basis: Article 6(1)(a) and (f) GDPR);
  3. create and use an online shop account under an electronic services contract with the User as a service user (legal basis: Article 6(1)(b) GDPR);
  4. execute online shop purchases under a distance contract (legal basis: Article 6(1)(b) GDPR);
  5. process complaints in line with legitimate interests pursued by the Controller (legal basis: Article 6(1)(f) GDPR);
  6. promote goods and services, or provide an offer, with User's consent (legal basis: Article 6(1)(a) GDPR).

 

§6
Right to Withdraw Consent

  1. If data is processed under a consent, the User may withdraw the consent at any time using the contact details available on the Website.
  2. The withdrawal of consent does not affect the legality of prior processing.

 

§7
Mandatory or Voluntary Personal Data Provision

  1. The User’s provision of personal data is voluntary, but necessary in the following cases. Failure to provide the data will prevent, respectively:
    1. the Controller from processing an order placed by the User,
    2. the User from creating an account in the online shop,
    3. the Controller from considering a complaint,
    4. the User from receiving an offer or requested marketing material,
    5. the User from receiving an answer to a question.
  2. Provision of data necessary for the static analysis of Website users is voluntary. You may use the so-called “incognito mode” to browse the Website without providing the Controller with information about your visit. The use of the incognito mode, and therefore the User's failure to provide data, does not affect the User's ability to use the Website.

 

§8
Personal Data Processing Period

  1. The personal data processing period by the Controller depends on the type of service provided and the purpose of processing.
  2. As a general rule, data will be stored:
    1. in the case of an online account creation, for the period of use, and once the account is closed, the Controller will store the settlement data for 5 years following the year in which the tax obligation related to the order occurred;
    2. settlement data - for 5 years following the year in which the tax obligation related to the order occurred;
    3. until the consent is withdrawn or until a matter is resolved, and then until the end of the limitation period for parties’ claims relating to its execution;
    4. in the event of a complaint, until the end of the limitation period for possible claims
    5. data related to web traffic analysis collected via cookies and similar technologies may be stored until the cookie expires. Some cookies never expire and therefore the duration of data storage will be equivalent to the time necessary for the Controller to fulfil the purposes of data collection, such as ensuring security and historical data analysis related to website traffic.
  3. The processing period may be extended if the processing is necessary for the establishment and pursuit of possible claims or the defence against claims, and thereafter only if, and to the extent required by law. At the end of the processing period, the data shall be irreversibly deleted or anonymised.

 

§9
Cookies

  1. Controller uses cookies on the Website. The Website allows information about the User to be collected through cookies and similar technologies, the use of which usually involves the installation of such tool on the User's device (computer, smartphone, etc.). This information is used to remember User decisions (font selection, contrast, policy acceptance), maintain User sessions (e.g. after logging in), remember passwords (with consent), collect information about the User's device and visit for security purposes, but also to analyse visits and adapt content.
  2. Information obtained through cookies and similar technologies is not combined with other data of Website users, nor is it used to identify users by the Controller.
  3. User may set the browser to block certain types of cookies and other technologies, by specifying, for example, that only those necessary for the correct display of website will be allowed. By default, most browsers allow all cookies, but the User may change these settings at any time and may also delete any cookies already installed. Each browser allows this to be done via options available in settings or preferences.
  4. The User may also use the website in the so-called “incognito mode”, which blocks the collection of data about the User’s visit.
  5. In addition, the Controller may use cookies and similar technologies for marketing and analytics purposes, but only with the user's voluntary and explicit consent (Art. 6(1)(a) GDPR), which is requested through relevant technical solutions available on the Website. The User may change the settings for the use of cookies at any time.

 

§10
User Rights

  1. The User has the right to access the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to lodge a complaint with the President of the Personal Data Protection Authority, against the processing of the User's personal data carried out by the Controller.
  2. The User also has the right to object to data processing that takes place in line with the legitimate interest of the Controller.
  3. To the extent that User’s data is processed under a consent, this consent may be withdrawn at any time by contacting the Controller as described in §14 of this Policy.

 

§11
Personal Data Recipients

  1. In connection with provision of services, Personal Data may be transferred to banks, software providers, audit service providers, law firms, IT service and solution providers (including IT service providers enabling the proper use of the Website), accounting service providers, postal and courier service providers, payment processors to process payments, payment service providers, and other entities authorised by law.
  2. Personal Data may be also received by the provider of the Google Analytics tool, Google Ireland Ltd.
  3. With the User's consent, the User’s data may also be made available to other entities for their own purposes, including marketing purposes.
  4. The Controller reserves the right to disclose certain information about the User to competent authorities or to third parties that request such information on an appropriate legal basis and in accordance with applicable laws.

 

§12
Transfer of Personal Data Outside the EEA

  1. The Personal Data protection level outside of the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller shall transfer Personal Data outside the EEA only when necessary and with an adequate degree of protection, involving primarily:
    1. cooperation with Personal Data processors in countries with a relevant decision of the European Commission stating that those countries ensure an adequate level of Personal Data protection;
    2. use of standard contractual clauses issued by the European Commission;
    3. application of binding corporate rules approved by the competent supervisory authority.
  2. User data may be transferred outside the European Economic Area (EEA), in particular to Google LLC, based in the USA.
  3. Google LLC is part of he EU-US Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of personal data protection (EC decision of 10.07.2023).
  4. In situations of data transfer to third countries not covered by a decision of the European Commission stating an adequate level of protection, the Controller shall apply appropriate safeguards such as standard contractual clauses (in accordance with Article 46 GDPR).
  5. The Controller shall always inform of its intention to transfer Personal Data outside the EEA at the stage of collection./ The Controller shall not transfer Personal Data outside the European Economic Area (EEA).

 

§13
Personal Data Safety

  1. On an ongoing basis the Controller conducts a risk analysis to ensure that Personal Data is processed by the Controller in a secure manner - ensuring, in particular, that only authorised persons have access to the data and only on the need-to-know basis. The Controller ensures that all Personal Data operations are recorded and carried out by authorised personnel and associates only.
  2. The Controller takes all necessary measures to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller.

 

§14
Contact details

Contact the Controller:

  1. by letter at: ul. Wójcicka 12, Bystrzyca, 55-200 Oława,
  2. by e-mail: biuro@bartek-candles.com,
  3. by telephone: 71 313 91 91.

 

§15
Privacy Policy Changes

  1. This Policy is being reviewed from time to time and updated as necessary.
  2. The current version of the Policy was adopted by the Controller and is effective as of 11 December 2025.