Privacy policy

 

Dear User,

We are glad that you trusted us and provided us with your personal information. We would like to assure you that we will take all reasonable measures to protect your personal data. Below you will find information about our processing of your personal data (collectively referred to as the "Privacy Policy") in situations where:

1. you visit the website of the internet service Olga Sitnik, available under the domain: https://olgasitnik.com (including each of its subpages - hereinafter this internet service and its subpages collectively referred to as the "Internet service"), 

2. you complete the Registration and then use the Account;

3. you express your desire to receive marketing materials; 

4. you place an Order through the Internet service;

5. you contact Us through the contact forms or chat boxes available on the website, or you contact Us using the contact information available on the website or provide us with your information so that We may contact you about a specific matter. 

Terms indicated by a capital letter have the meaning established in the Terms and Conditions.

Data Controller

1. The Data Controller of your personal data processed in accordance with this Privacy Policy is Olga Sitnik Designs LLC based in Washington, USA, e-mail: info@olgasitnik.com (hereinafter: "Controller" or "We”).

2. In matters concerning your personal data, you may contact US by e-mail: info@olgasitnik.com.

Purpose and legal basis of personal data processing

We will process your personal data that we obtain in situations covered by this Privacy Policy for the following purposes: 

1. setting up an Account within the Internet service - based on the necessity of the processing for the performance of the contract for the Electronically Supplied Service (based on Article 6(1)(b) GDPR);

2. execution of an Order - based on the necessity of processing for the performance of a contract to which you may be a party (based on Article 6(1)(b) GDPR);

3. settlement of contracts concluded with you - based on the performance of the Data Controller's legal obligation under tax and accounting regulations (based on Article 6(1)(c) GDPR),

4. to respond to inquiries sent to us via contact forms or contact information provided on the Internet service, or to provide us via forms with requests to contact us on a given matter - based on our legitimate interest as the Data Controller (based on Article 6(1)(f) GDPR),

5. to perform legal obligations incumbent on the Data Controller - based on US and European Union laws imposing such obligations, including those governing the provision of electronic services, distance and off-premises sales (based on Article 6(1)(c) GDPR)),

6. to analyze how you use the Internet service and improve its operation and security, as well as to analyze how you use our social media accounts - based on our legitimate interest as a Controller (based on Article 6(1)(f) GDPR),

7. to assert and defend against claims, before and outside the courts and administrative authorities - based on our legitimate interest as a Data Controller of your personal data (based on Article 6(1)(f) GDPR),

8. data archiving and backup - in connection with the obligation imposed on us as a Data Controller to properly secure the data and based on our legitimate interest as a Data Controller (based on Article 6(1)(f) GDPR);

9. marketing or promotional purposes - if you have given your consent to the processing of personal data for these purposes (pursuant to Article 6(1)(a) of the GDPR). 

Data processed in connection with the use of the Internet service

A. When you use the Internet service, we record data such as your IP address, the type and version of the device and browser you are using, your region, your website settings, the choices you have made regarding cookies, and how you use the website. In most cases, we will not be able to identify you as a user, and this data will be anonymous to us. However, in situations where we are able to associate them with you, which may be the case if we have additional data from another source (e.g., we record such data when you contact us using the contact form available on the Internet service), they will become your personal data for us. We process this data:

I. for the purpose of providing Electronically Supplied Services in terms of providing users with access to the content collected on the Internet service - on the basis of necessity for the performance of the contract for the provision of electronic services,

II. on the basis of necessity for the purposes arising from the legitimate interests pursued by us, i.e. in particular:

1. 1. 1. adjusting the display of the Internet service and its personalization,

      2. saving data from forms in order to maintain the session and facilitate the use of the Internet service,

      3. to analyze the use of the Internet service in order to improve its operation and protect it from abuse. 

Providing personal data is voluntary, but may be necessary to use the Internet service and its functionality.

B. We also use third parties on the Internet service. As a rule, they will be our processors, but in some limited cases they may process your personal data as a separate data controller. This may include data about your use of our Internet service that has first been anonymized or aggregated and does not directly identify you. This may happen when you start using our Internet service and consent to cookies placed by a third party on our website (based on your consent) or when you engage in further interaction with us, such as by contacting us or becoming our customer (based on our legitimate interest or the legitimate interest of a third party). The purpose of the third party's processing (in addition to providing services to us) is to operate certain functions of third party products and services whose solutions and services we use (which is the legitimate interest of third parties).

Data processed in connection with the Registration and subsequent use of the Account 

In case you decide to make a Registration, we save such data that you provide to us as necessary for the Registration of your User Account:

1. e-mail address,

2. first and last,

3. address of residence (municipality, postal code, street, building number)

Provision of data is voluntary, but the consequence of their failure will be the inability to conclude an agreement for the Electronically Supplied Services, in the form of Registration, and subsequent use of the Account .

In addition, during Account Registration you may provide:

1. phone number,

2. address of residence.

The processing of the aforementioned data is carried out on the basis of Article 6(1)(b) GDPR, based on the necessity of the processing of such data to conclude and perform the contract for the Electronically Supplied Services concluded with you. 

Data processed in connection with the placement and execution of an Order through the Internet service

We process your personal data in connection with placing and fulfilling an Order on the basis of Article 6(1)(b) of the GDPR, i.e. on the basis that the processing of personal data is necessary for the performance of the contract.

When you have an Account, we use the personal data you provided during Registration to process the Order. When you have provided only the data necessary to create an Account during Registration, you will also be asked to provide your telephone number and/or apartment number (if any) when placing an Order.

In case you do not have an Account, at the time of completing the Order Form, you will be asked to provide such data as:

1. Country of origin;

2. e-mail address;

3. phone number;

4. first and last name;

5. address of residence (municipality, postal code, street, building number, apartment number – if any).

Provision of personal data is in any case voluntary, but failure to provide such data makes it impossible to place and execute the Order. 

In the course of processing an Order, the Data Controller uses the services of third parties, i.e.:

1. payment service providers – Apple Pay, Meta Pay, Shopify Payments, Stripe, Google Pay, PayPal, ShopPay

2. shipping providers - USPS or DHL:

The Data Controller makes every effort to ensure that the third parties it uses provide adequate protection and security for the processing of personal data. It is recommended to read the privacy policies of the third parties mentioned above, available at the following addresses:

• Apple Pay: https://www.apple.com/pl/legal/privacy/data/pl/apple-pay/ 

• Meta Pay: https://www.facebook.com/payments_terms/privacy?_rdr 

• Stripe: https://stripe.com/en-pl/privacy 

• GooglePay: https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=privacynotice&ldl=pl 

• PayPal: https://www.paypal.com/us/legalhub/privacy-full 

• ShopPay: https://www.shopify.com/legal/privacy 

Data processed for contact and marketing purposes 

A. If you choose to contact us via the contact form available on the Internet service or using our email addresses, telephone numbers or traditionally by mail or in person, and in situations where we have the right to contact you (e.g. for marketing purposes when you have given your consent, we have established a business relationship with you, or you have made a request to us to contact you about a particular matter), we will process personal data that you provide to us or that is necessary for us to respond to your inquiry (including identification and contact information, as well as your IP address if you use the contact form on our website), or that we have in connection with the relationship between us or that we have collected from publicly available sources. We process this data:

I. because they are necessary for the purposes of legitimate interests pursued by us, i.e. in particular:

1. in order to respond to a message sent to us and to further contact you,

2. in order to respond to your request to get in touch with you on a specific matter,

3. for direct marketing of our own products and services, if we have an established business relationship,

4. for the purpose of archiving and backing up your data in connection with our obligation as Data Controller to adequately protect your data,

II.. based on your consent - if the data is used for marketing purposes and we do not have an existing business relationship or if it is collected for the purpose of providing it to third parties.

B. Provision of personal data is voluntary, but may be necessary to answer your question and/or contact you.

Data processed in connection with cooperation with our Suppliers and Contractors

A. In the event that the Data Controller enters into cooperation with its Suppliers and Contractors, the Data Controller shall process the personal data of their designated representatives and staff members who enter into contracts on their behalf, who are involved in the performance of such contracts and with whom the Data Controller is in contact in the context of such cooperation.

B. Accordingly, if you are a representative or staff member of our Supplier or Contractor, we will process your personal data that has been provided by your employer or principal: name, surname, the company for which he works or performs orders, position and contact information.

C. We process this data: 

1. 1. 1. for the purpose of executing and settling the contract concluded with your employer or principal- on the basis of our legitimate interest in the proper performance of contractual obligations (Article 6(1)(f) GDPR); 

      2. for the purpose of establishing and maintaining good business relations with your employer or principal - based on our legitimate interest of maintaining business relations with our Suppliers and Contractors (Article 6(1)(f) GDPR); 

      3. for archiving purposes, to the extent necessary to comply with legal requirements, in particular those under tax and accounting regulations - based on our legitimate interest to store evidence related to the conclusion or performance of a contract with our Supplier or Contractor (Article 6(1)(f) GDPR); 

      4. for the purposes of potentially establishing, investigating or defending against claims - based on our legitimate interest of protecting and asserting our rights (Article 6(1)(f) GDPR).

D. Provision of personal data is voluntary, but may be necessary, e.g. to perform a contract or to contact you.

Data processed in connection with the use of our social media 

A. We maintain pages/channels/fanpages on Facebook (Meta) and Instagram in order to promote our business.

B. We process personal data of individuals who on our social media profiles: 

1. 1. 1. 1. subscribed to the profile by clicking the "Like", "Observe", "Share" or "Subscribe" icon, etc.; 

         2. have performed an action/reaction on the profile on social media, e.g. by clicking "like," "comment," "share," "save post," "forward," etc.; and.; 

         3. sent us a private message through the "send message" function. 

C. We obtain personal data from the service controllers of Meta Platforms Ireland Limited from your public profile and posts on the aforementioned social media sites. 

D. Due to the nature of the operation of the aforementioned social networks, information about users' activities on these sites is public. The data that are available to all users of the aforementioned social networks, including us, include: identification data such as, for example, the user's name, nickname, address data and other data available on the profile; data in the form of image captured in published photos; data contained in published comments and posts. 

E. The scope of the data that may be processed by us as a profile provider and social media providers is as follows: 

1. 1. 1. Facebook and Instagram

We only have access to the aggregate statistics of the website (number of observers of the fanpage/profile, age and gender of users with a percentage breakdown among the observers, names of cities and countries from which users observe with a percentage breakdown, reach of the fanpage/profile and individual posts, number of likes and reactions, number of comments and shares, number of clicks on the link, as well as aggregate and anonymized reports on campaigns conducted through the self-service advertising system). 

Details of the principles of joint processing of data for page statistics with Facebook Ireland Limited are available at: https://pl-pl.facebook.com/legal/terms/page_controller_addendum. 

The data processing rules set by the provider of Facebook, Instagram, Messenger and other products and features offered by Facebook Ireland Limited will be found in the Privacy Policy of Facebook and Instagram available at: 

https://www.facebook.com/privacy/policy/ 

If you access our Profile from outside the EU/EEA the controller of your data may be Meta Platforms Inc, 1601 Willow Road, Menlo Park, California. 

F. Your personal data will be processed for: 

1. 1. 1. maintaining our profiles on Facebook and Instagram social networks in order to inform you through them about our business, promote events, inform you about our offer (providing information about products and services provided, conducting sales activities), conduct marketing and promotional activities, and to communicate through the available functionalities of these services; 

      2. to conduct statistical analyses carried out through the tools provided by the applications of the respective social networks, regarding the popularity and use of the social media sites belonging to us. 

G. Personal data will be processed for the purposes mentioned above, based on Article 6(1)(f) of the GDPR, i.e. based on the necessity to fulfill the purposes arising from the legitimate interests pursued by the Data Controller. 

H. In case you choose to provide us with additional personal data by using the functionality offered by the provider of a given social network, your personal data will be processed on the basis of the consent you have given based on Article 6(1)(a) GDPR. 

I. Providing personal data is voluntary, but may be necessary to use our social network profiles.

Period of data processing 

Your personal data will be processed:

1. or the purpose of using the User Account - until the deletion of the User Account,

2. for the purpose of executing the agreement concluded within the Internet service - for the time necessary for its execution, and in case it is paid also for its settlement, but no longer than until the statute of limitations for claims arising from this agreement,

3. to conduct marketing activities - for a period no longer than until you withdraw the consent you have given, 

4. for the purpose of contacting you - from the date of their collection until the end of correspondence on the matter on which you have made contact or the expiration of the time when we can reasonably assume that we will need to contact you,

5. for the purposes of investigating and defending against claims - for a period not exceeding the period of limitation of claims, 

6. for the purpose of performing obligations imposed by law - for a period no longer than necessary to demonstrate that these obligations were properly performed by us, 

7. for the purpose of improving the operation, security of the Internet service - for the time that the data is necessary for this purpose, 

8. for the purpose of archiving and backup - for the period determined in accordance with the Data Controller's backup and archiving policy,

9. for the purpose of establishing and maintaining business relationships with Suppliers and Contractors - for the duration of such relationships;

10. on the basis of your consent - until you withdraw it, but this does not affect the correctness of the Data Controller's processing of your personal data prior to your withdrawal,

11. on the basis of the Data Controller's legitimate interest - for the duration of this interest, but no longer than until you make an effective objection to such processing. 

Recipients of data 

A. We will exercise due diligence in selecting the entities to which we will transfer your data, and in the case of such selected entities, we will require them to protect your data with appropriate technical and organizational measures. 

B. Your personal data may be disclosed to:

1. to third parties providing services to us that are needed for the purposes for which we process your data (e.g. IT services, accounting, electronic communications, data hosting, services to ensure the operation of the Service, including acting as a moderator, if any)

2. to recipients to whom disclosure is required by applicable law or order of a court or other authority,

3. to other recipients if you have given your consent to them or if the transfer of data to them is necessary to protect your vital interests or the vital interests of others.

 

1.  

Amendment of the Privacy Policy 

1. The Privacy Policy shall be reviewed on an ongoing basis and updated as necessary.

2. The current version of the Privacy Policy has been adopted and is effective as of September 8, 2024

 

COOKIES POLICY

I. WHO ARE WE?

1.  When you visit and use the Internet service available at https://olgasitnik.com (hereinafter: the " Internet service "), the Controller of your personal data is Olga Sitnik Designs limited partnership with its registered office in Lake Forest Park, Washington, USA.  You exercise the ability to change your settings to reject, delete or block certain Cookies. Your consent from the Platform to the use of optional Cookies by the Controller and its trusted partners does not deprive you of the ability to change your Cookie settings from the level of your Internet browser. The Cookie handling settings of the most popular browsers are available at the following links:

1.1 Mozilla Firefox: https://support.mozilla.org/pl/kb/ciasteczka

1.2 Microsoft Edge: https://support.microsoft.com/pl-pl/microsoft-edge/usuwanie-plików-cookie-w-przeglądarce-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09

1.3 Google Chrome: https://support.google.com/chrome/answer/95647?hl=pl

1.4 Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac

1.5 Opera: https://help.opera.com/pl/latest/web-preferences/#cookies

2. Some Cookies are necessary for the functioning of the Internet service, so changing the settings of your browser may make some services not work properly or even prevent the use of the Internet service altogether. 

VIII. CHANGE OF COOKIES POLICY

1. The Policy is reviewed by the Controller on an ongoing basis and amended as necessary.

2. The current version of the Cookie Policy has been adopted and is effective from September 8, 2024