Privacy policy
Privacy Policy
PRIVACY POLICY — perfumisty.eu
1. Who we are. This Privacy Policy explains how personal data is processed when you use the online store at perfumisty.eu ("the Store"). The controller of your personal data is PERFUMISTY.EU, strivokontakt@gmail.com ("we", "us"). We are the entity that decides how and why your personal data is used, and you can contact us at the e-mail above in all matters concerning your data.
2. What we sell — and why it matters for your data. The Store sells exclusively digital products (digital content delivered by e-mail, such as digital guides and access information). No physical goods are sold or shipped. In practice this means we process less of your data than a typical online shop: we do not process home delivery addresses for shipping purposes, we do not pass your data to courier or postal companies, and the essential data we need from you is limited to what is required to take payment and deliver a file to your inbox.
3. Data we process.
- Order data: name, e-mail address, billing details (including country, and address where required for invoicing or tax purposes), the products purchased, order value and payment status.
- Payment data: processed by our payment providers. We never receive or store your full card number or banking credentials — we receive only confirmation of payment and technical transaction identifiers.
- Technical data: IP address, device and browser information, and basic usage data collected via cookies and similar technologies when you browse the Store.
- Correspondence: messages you send to us by e-mail or through contact forms, together with the contact details you provide in them.
- Marketing data: your e-mail address and consent status, only if you sign up for marketing communications.
4. Purposes and legal bases (GDPR). We process your data to: conclude and perform the sales contract and deliver your digital product to your e-mail address (Art. 6(1)(b) GDPR); comply with our legal obligations, in particular tax and accounting rules (Art. 6(1)(c)); handle complaints, enquiries, and establish, exercise or defend legal claims (Art. 6(1)(f) — our legitimate interest); analyse and improve the Store's operation and security (Art. 6(1)(f)); and send marketing e-mails only where you have given consent (Art. 6(1)(a)), which you can withdraw at any time without affecting prior processing.
5. Recipients of your data. We share data only with providers necessary to run the Store: Shopify (store hosting and infrastructure), our payment processors, our e-mail delivery provider (used to send order confirmations and deliver your digital product), our digital-delivery application, IT and analytics providers, and our accounting service. Each of these processes data on the basis of a contract or their own controller obligations. We do not sell your personal data.
6. Transfers outside the EEA. Some of our providers (for example Shopify) may process data outside the European Economic Area. Where that happens, transfers are protected by safeguards required under GDPR — the European Commission's adequacy decisions or Standard Contractual Clauses. You can contact us for more information about the safeguards applied.
7. How long we keep data. Order, invoicing and payment data: for the period required by tax and accounting law (in Poland, five full tax years from the end of the year of the transaction). Correspondence and complaint records: for the limitation period of potential claims. Marketing data: until you withdraw consent or object. Technical data: for the periods set by the individual cookie or tool, as described in section 10.
8. Is providing data mandatory? Providing order data is voluntary but necessary to buy from the Store — without your e-mail address we cannot deliver a digital product, and without billing data we cannot process the payment or issue accounting documents. Marketing consent is always optional and never a condition of purchase.
9. Cookies and similar technologies. The Store uses: (a) necessary cookies — required for the Store, cart and checkout to function; used on the basis of our legitimate interest; (b) analytics cookies — to understand how the Store is used and improve it; used only with your consent; (c) marketing cookies — to measure and improve our advertising; used only with your consent. You can set your preferences in the consent banner on your first visit, change them at any time via the cookie settings link in the Store footer, and manage or delete cookies in your browser settings. Blocking necessary cookies may prevent the Store from working correctly.
10. Automated decision-making. We do not make decisions about you based solely on automated processing that would produce legal effects concerning you. Payment providers may apply automated fraud-prevention checks under their own responsibility as required by payment regulations.
11. Minors. The Store is intended for adults. We do not knowingly process the data of persons under 18; if you believe a minor has provided us with personal data, contact us and we will delete it.
12. Changes to this Policy. We may update this Policy, for example when we change providers or when the law changes. The current version is always published at perfumisty.eu, with the "last updated" date above. Material changes will be communicated in the Store.