Page header

Phone: +48 71 313 91 91        E-mail:

Home

Search

Favorites
Order
Contact
  1. Home page
  2. Privacy Policy

Privacy Policy

PRIVACY POLICY

§1
Definitions

  1. Controller - BARTEK CANDLES Małgorzata i Janusz Bryłkowscy Sp. Jawna, ul. Wójcicka 12, Bystrzyca, 55-200 Oława, KRS: 0000148740, NIP: 912-16-39-326
  2. Personal data - any information relating to a natural person identified or identifiable by reference to one or more specific identifiers such as device IP, internet identifier and information collected via cookies, or another similar technology.
  3. Policy - this Privacy Policy.
  4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  5. Website - the Internet website operated by the Controller at bartek-candles.com
  6. User - any natural person visiting the Website or using one or more of the services or functionalities described in this Policy.

 

§2
Processing of Personal Data 

In connection with the User's use of the Website, the Controller collects data to the extent necessary to provide its services. The following describes specific principles and purposes of processing of Personal Data collected during the User's use of the Website.

 

§3
Scope of Personal Data Collected

  1. During User's Website visits the Controller automatically collects data related to the User's activity, such as the time spent on the website, search terms, number of sub-pages displayed, date and source of the visit, with Google Analytics tool.
  2. The User may submit their data to register an account with the online platform. The form requires the User to provide identification and contact details to the extent necessary to use the account and complete the purchase. Optionally, it is also possible to provide additional data. In particular, User's account will store orders, favourite products, payment history and complaints.
  3. If the User makes a purchase without account registration, the User will provide the data necessary to complete the purchase, payment and delivery.
  4. The Website allows the User to contact the Controller and provide them with identification and contact details, as well as message content.
  5. With the User's consent, the Controller may collect the User's contact and/or analytical data for marketing purposes.
  6. In order to protect the User's privacy, the Controller enabled the IP address anonymisation function, which truncates the User's IP address before it is stored or further processed by Google. This ensures that the IP address is not stored in its full form and that the User may not be identified solely on the basis of this identifier.
  7. The User may block Google Analytics by installing Google’s plug-in: https://tools.google.com/dlpage/gaoptout


§4
Personal Data Sources

  1. The Controller collects Personal Data provided directly by the User.
  2. The User may provide details of another person authorised to receive their order, in which case he or she is the source of the recipient's data.

 

§5
Purpose and Legal Basis for Personal Data Processing

Personal Data may be processed by the Controller to:

  1. analyse web traffic, ensure security within the Website and tailor content to the User's needs in line with legitimate interests pursued by the Controller (legal basis: Article 6(1)(f) GDPR);
  2. answer the User's questions, provide the User’s with an offer requested, and correspond with the User in order to complete their business, with User's consent, and in line with legitimate interests pursued by the Controller in fulfilling the User's requests (legal basis: Article 6(1)(a) and (f) GDPR);
  3. create and use an online platform account under an electronic services contract with the User as a service user (legal basis: Article 6(1)(b) GDPR);
  4. execute online platform purchases under a distance contract (legal basis: Article 6(1)(b) GDPR);
  5. process complaints in line with legitimate interests pursued by the Controller (legal basis: Article 6(1)(f) GDPR);
  6. promote goods and services, or provide an offer, with User's consent (legal basis: Article 6(1)(a) GDPR).

 

§6
Right to Withdraw Consent

  1. If data is processed under a consent, the User may withdraw the consent at any time using the contact details available on the Website.
  2. The withdrawal of consent does not affect the legality of prior processing.

 

§7
Mandatory or Voluntary Personal Data Provision

  1. The User’s provision of personal data is voluntary, but necessary in the following cases. Failure to provide the data will prevent, respectively:
    1. the Controller from processing an order placed by the User,
    2. the User from creating an account in the online platform,
    3. the Controller from considering a complaint,
    4. the User from receiving an offer or requested marketing material,
    5. the User from receiving an answer to a question.
  2. Provision of data necessary for the static analysis of Website users is voluntary. You may use the so-called “incognito mode” to browse the Website without providing the Controller with information about your visit. The use of the incognito mode, and therefore the User's failure to provide data, does not affect the User's ability to use the Website.

 

§8
Personal Data Processing Period

  1. The personal data processing period by the Controller depends on the type of service provided and the purpose of processing.
  2. As a general rule, data will be stored:
    1. in the case of an online account creation, for the period of use, and once the account is closed, the Controller will store the settlement data for 5 years following the year in which the tax obligation related to the order occurred;
    2. settlement data - for 5 years following the year in which the tax obligation related to the order occurred;
    3. until the consent is withdrawn or until a matter is resolved, and then until the end of the limitation period for parties’ claims relating to its execution;
    4. in the event of a complaint, until the end of the limitation period for possible claims
    5. data related to web traffic analysis collected via cookies and similar technologies may be stored until the cookie expires. Some cookies never expire and therefore the duration of data storage will be equivalent to the time necessary for the Controller to fulfil the purposes of data collection, such as ensuring security and historical data analysis related to website traffic.
  3. The processing period may be extended if the processing is necessary for the establishment and pursuit of possible claims or the defence against claims, and thereafter only if, and to the extent required by law. At the end of the processing period, the data shall be irreversibly deleted or anonymised.

 

§9
Cookies

  1. Controller uses cookies on the Website. The Administrator uses cookies to ensure the proper functioning of the Website, enhance its functionality, tailor content to the User’s preferences, and conduct analytical and marketing activities. The use of cookies also allows the Website to remember selected settings and ensure the security of the User’s experience. The Website allows information about the User to be collected through cookies and similar technologies, the use of which usually involves the installation of such tool on the User's device (computer, smartphone, etc.). This information is used to remember User decisions (font selection, contrast, policy acceptance), maintain User sessions (e.g. after logging in), remember passwords (with consent), collect information about the User's device and visit for security purposes, but also to analyse visits and adapt content.
  2. Essential cookies are necessary for the proper functioning of the Website and for providing the services available through it. Among other things, they enable the maintenance of the User’s session, ensure security, support authentication mechanisms, and remember privacy preferences. Due to their nature, cookies cannot be disabled, and their use does not require the User’s consent.
  3. Cookies used to store accessibility settings allow the website to be customized to the User’s individual needs, particularly with regard to font size, contrast, and other parameters that affect the user experience. Thanks to these cookies, it is possible to ensure compliance with digital accessibility guidelines, including the Web Content Accessibility Guidelines (WCAG) standards, and to improve the usability of the website for people with diverse needs.
  4. Since the Administrator uses Google Analytics, the User will be provided with information on the Website regarding cookies from third-party analytics scripts (Information about cookies added by third-party analytics scripts, e.g., Analytics, Matomo).
  5. Because the Administrator uses Google Tag Manager, the User will be provided with information on the Website regarding cookies from targeting scripts (Information about cookies added by third-party targeting scripts, such as Google Tag Manager and Facebook Pixel).

§10
User Rights

  1. The User has the right to access the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to lodge a complaint with the President of the Personal Data Protection Authority, against the processing of the User's personal data carried out by the Controller.
  2. The User also has the right to object to data processing that takes place in line with the legitimate interest of the Controller.
  3. To the extent that User’s data is processed under a consent, this consent may be withdrawn at any time by contacting the Controller as described in §14 of this Policy.

 

§11
Personal Data Recipients

  1. In connection with provision of services, Personal Data may be transferred to banks, software providers, audit service providers, law firms, IT service and solution providers (including IT service providers enabling the proper use of the Website), accounting service providers, postal and courier service providers, payment processors to process payments, payment service providers, and other entities authorised by law.
  2. Personal Data may be also received by the provider of the Google Analytics tool, Google Ireland Ltd.
  3. With the User's consent, the User’s data may also be made available to other entities for their own purposes, including marketing purposes.
  4. The Controller reserves the right to disclose certain information about the User to competent authorities or to third parties that request such information on an appropriate legal basis and in accordance with applicable laws.

 

§12
Transfer of Personal Data Outside the EEA

  1. The Personal Data protection level outside of the European Economic Area (EEA) differs from that provided by European law. For this reason, the Controller shall transfer Personal Data outside the EEA only when necessary and with an adequate degree of protection, involving primarily:
    1. cooperation with Personal Data processors in countries with a relevant decision of the European Commission stating that those countries ensure an adequate level of Personal Data protection;
    2. use of standard contractual clauses issued by the European Commission;
    3. application of binding corporate rules approved by the competent supervisory authority.
  2. User data may be transferred outside the European Economic Area (EEA), in particular to Google LLC, based in the USA.
  3. Google LLC is part of he EU-US Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of personal data protection (EC decision of 10.07.2023).
  4. In situations of data transfer to third countries not covered by a decision of the European Commission stating an adequate level of protection, the Controller shall apply appropriate safeguards such as standard contractual clauses (in accordance with Article 46 GDPR).
  5. The Controller shall always inform of its intention to transfer Personal Data outside the EEA at the stage of collection./ The Controller shall not transfer Personal Data outside the European Economic Area (EEA).

 

§13
Personal Data Safety

  1. On an ongoing basis the Controller conducts a risk analysis to ensure that Personal Data is processed by the Controller in a secure manner - ensuring, in particular, that only authorised persons have access to the data and only on the need-to-know basis. The Controller ensures that all Personal Data operations are recorded and carried out by authorised personnel and associates only.
  2. The Controller takes all necessary measures to ensure that also its subcontractors and other cooperating entities guarantee the application of appropriate security measures whenever they process Personal Data on behalf of the Controller.

 

§14
Contact details

Contact the Controller:

  1. by letter at: ul. Wójcicka 12, Bystrzyca, 55-200 Oława,
  2. by e-mail: biuro@bartek-candles.com,
  3. by telephone: 71 313 91 91.

 

§15
Privacy Policy Changes

  1. This Policy is being reviewed from time to time and updated as necessary.
  2. The current version of the Policy was adopted by the Controller and is effective as of 14 April 2026.
Cookies are small text files stored on a user’s device when they visit a website. These files enable the website to recognise the user’s device and tailor the displayed content to their preferences. Cookies are widely used to ensure websites function correctly, to improve their performance, and to provide content that is better suited to users’ expectations.
Basic (required)
Functional