Privacy policy




1. This Privacy Policy governs the processing of personal data of users of the website operating at 2. The Policy provides information on the categories of personal data collected, the purposes and means of processing personal data, their further transfer, as well as the rights and possibilities of Users with respect to the processing of their personal data.

3. Furthermore, the Policy contains detailed information on the cookies used and the options available to users of the website in this respect.




1. Policy – this Privacy Policy, drawn up to ensure that your personal data is processed in a manner that complies with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the “GDPR”), as well as with national legislation that supplements that Regulation. 2. Website – the online website located at, run by Ewa Macheta, a sole proprietorship under the name “EWA MACHETA – PRACOWNIA ARTYSTYCZNA”, with registered office at ul. Gen. Mariana Kukiela 47, 31-358 Cracow, Poland, TAX-ID 6121749929.

3. User – any person who uses the website or the Website’s profile in social media, regardless of entering into a sales agreement or making use of the services provided by the Controller by electronic means, as well as a person contacting the Controller by e-mail. 4. Personal data – information about an identified or identifiable natural person based on one or more factors, e.g. based on an identifier such as name, identification number, location data, internet identifier or data collected through cookies. 5. Cookies – text files containing information on the user’s behaviour, placed on the terminal equipment he/she uses (e.g. computers, tablets, etc.) by websites he/she connects to.




The personal data of Website Users is administered by Anna Krawczyk, a sole proprietorship under the name “EWA MACHETA – PRACOWNIA ARTYSTYCZNA”, with registered office at ul. Gen. Mariana Kukiela 47, 31-358 Cracow, Poland, TAX-ID 6121749929, .




1. The Controller may process the following categories of Users’ Personal Data: – Name and surname; – Shipping address; – Residence/business address; – Contact telephone number; – E-mail address; – Tax ID (if self-employed). 2. The Controller may also process Personal Data to the extent provided by Users on social networks. In particular, the Controller may process first name, surname, pseudonym, data about education, employment, place of residence, as well as image (photograph) and others. 3. The data referred to in item 2 is processed solely for the purpose of enabling the use of the Controller’s profile through the following User activities: a) liking/watching/sharing the Controller’s profile or post; b) adding a comment, sending a private message and other activities on the Controller’s profile. 4. The basis for the processing of the Users’ personal Data is: a) the necessity to transfer the Data in order to perform the contract connecting the parties (art. 6(1)(b) of the GDPR) – in case the User uses the individual account registered on the website, as well as in case of concluding a sales contract by the Controller and the User without registering the individual account and in case of servicing any possible User requests within the framework of complaint, guarantee and statutory right of withdrawal, as well as in case of using other services provided by the Controller electronically; b) consent to data processing (art. 6(1)(a) of the GDPR) – in the case of consent for the installation of cookies, as well as for the Controller’s marketing activities, and also in the case of electronic enquiries addressed to the Administrator, as well as in the case of User’s activity on the Controller’s social networking profiles; c) protection of the Controller’s legitimate interests (art. 6(1)(f) of the GDPR) – in order to assert claims by the Controller or to secure against third-party claims and fulfilment of obligations imposed by law. 5. Personal data provided by Website Users will be processed for the following purposes: a) service of an individual account of a registered User; b) service of electronic correspondence addressed to the Controller; c) performance of a sales agreement, including order completion and dispatch and possible complaint handling, guarantee or statutory right to withdraw from the agreement; d) issuance of a sales document (personal invoice); e) for contact purposes; f) enabling the use of the Controller’s social media profiles. 6. The above personal data, after obtaining the User’s prior consent, may also be used for the Controller’s marketing and promotional activities, including through the receipt of commercial information by e-mail (Newsletter), whereby in the case of using the Controller’s profile in social media, activity on that profile alone shall constitute consent to receive marketing content posted by the Controller on that profile. 7. Consent for participation in the Controller’s marketing or promotional actions, including receiving commercial information by e-mail, may be withdrawn at any time by sending a request to the Controller’s e-mail address or by deleting activity on the Controller’s social media profile or by ceasing to observe that profile. 8. After receiving the notification referred to in item 7 the Controller shall permanently remove User data from the Newsletter database. 9. The provision of Personal Data by Users is voluntary and necessary for the purposes of processing. 



1. The Controller shall not process Personal Data for longer than is necessary. 2. In particular, the Controller processes data of: – Users who have a registered account with the Website – until they submit a request to delete the account, with the reservation that the data on orders placed may be processed longer (for a period of 6 years from the last order); – Users who place an order with the Website without creating an account – for a period of 6 years from the last order; – Newsletter recipients – until the User withdraws their consent to such processing; – persons who contact the Controller – immediately after the purpose for which the contact was made ceases to exist, or longer due to the Controller’s legitimate interest, but no longer than 6 years (the period of the statute of limitations for claims). 3. The processing time for Users’ Personal Data in social media depends on the form of the User’s activity within the Controller’s profile and is as follows: – until the deletion of the User’s activity within the profile (e.g. deletion of comments, posts, ceasing to observe the profile, etc.); – until the storing of the statistical data by the given portal, in accordance with the regulations of the given portal (e.g. 2 years in the case of Facebook); – until the settling of the matter of the contacting person – in the case of a private message; – until the expiry of the period of the statute of limitations for claims or other statutory periods (e.g. in connection with the need to store invoices) – in the case of a possible conclusion of an agreement between the User and the Controller. 4. Users’ personal data may be transferred to the following external entities only to the extent necessary for the provision of services to the Controller: – an on-line payment service provider; – a hosting service provider; – a shipping/courier/postal service provider; – a financial/accounting service provider; – a software/website maintenance service provider.




 1.      Users whose Personal Data is processed as part of the Website’s activities have the following rights: a) the right to access their data; b) the right to receive a copy of their data; c) the right to rectify their data; d) the right to restrict its processing; e) the right to object to the processing of their data; f) the right to request data to be deleted; g) the right to lodge a complaint to the supervisory authority – the President of the Office for Personal Data Protection. 2. The right to request the erasure of data may be delayed due to the necessity of the processing to establish, assert or defend claims in connection with the concluded sales contract – due to the legitimate interest of the Controller. 3. The rights referred to in items 1 or 2 may be exercised by contacting the Controller at the following e-mail address or traditional correspondence addressed to the Controller’s postal address: ul. Gen. Mariana Kukiela 47, 31-358 Cracow, Poland. 4. The copy of data referred to in item 1(b) shall be provided in electronic form, unless the User indicates that it should be provided in another form. The first copy of the data is free of charge. 5. The Controller shall consider the User’s request immediately, but no later than within 1 month of its receipt. Within the same period, it shall inform the User of the manner in which its case has been handled, including the circumstances referred to in item 2, if any.  



1. The Controller uses cookies on the Website. 2. Cookies are necessary to ensure the proper functioning of the Website and thus to fulfil orders placed through it, and they enable the Controller to systematically improve the Website. 3. Acceptance of the use of cookies is made by giving a voluntary, explicit consent during the first visit to the Website by pressing the “I accept” button. 4. The User can change the decision regarding the use of cookies by changing the relevant settings in the web browser they use. 5. You can change your decision regarding the cookie referred to in § 9(b) by viewing your Facebook ad settings and changing your cookie preferences.




1. From the point of view of longevity, the cookies used by the Controller’s website can be divided into: – session cookies – allowing efficient use of the website within a given session on the Controller’s website, deleted after the session ends; – permanent cookies – stored for a longer period of time, they are not automatically deleted after the session on the Controller’s website ends. 2. From the point of view of origin, the cookies used by the Controller’s website can be divided into: – first party cookies – cookies placed on the User’s device by the Controller; – third party cookies – cookies placed on the User’s device by a third party, whose services are used by the Controller (e.g. a social network, advertising content provider). 3. The Controller’s website may contain links to other websites, such as social networks or payment systems. External cookies, which come from third parties, are independent of the Controller and their use is regulated in the privacy policies applied by these entities.




The Controller uses cookies resulting from:

a) Google Analytics – used for analytical purposes of the Controller, allowing for the analysis of User behaviour, including the creation of statistics, the data is collected in order to improve the functioning of the Controller’s website, more information at;

b) Facebook Pixel – used for analytical and advertising purposes of the Administrator (allowing for analysis of User behaviour, display of advertisements or offers to appropriate recipients and allowing for measurement of advertisement effectiveness);c) Functional cookies, originating from the WooCommerce platform, on which the Internet Shop is based, facilitating the use of the shop by Users by, among others, making it possible to remember the User’s order basket and to determine changes in it, as well as to identify the User and to link his/her person with the basket, or to present recently viewed products, more information at 



1. The Controller shall ensure the security of the personal data entrusted to him by applying appropriate internal procedures, work organisation as well as appropriate equipment and IT solutions. 2. The Controller shall implement a procedure to deal with possible personal data protection incidents and familiarise staff with it. 3. The Controller shall ensure that the data are processed only for legitimate purposes, to the minimum extent possible and within the shortest time possible, respecting the rights of the Users in this regard. 4. In particular, the Controller ensures that the transmission of information between the Controller and the User is of a confidential nature by encrypting the connections through the use of an SSL (Secure Socket Layer) Certificate.




1. This Policy shall enter into force on 9.06.2021. 2. The Controller reserves the right to update this Policy on a regular basis. Any changes will be published on an ongoing basis on the website of the Controller’s Store.