top of page

Privacy Policy and GDPR of the Website

arrow

§1. General provisions

1. This Privacy Policy sets out the principles for the processing and protection of personal data of users of the Wizards of Art website, available at [INSERT WEBSITE ADDRESS].

2. The personal data controller (hereinafter referred to as the "Controller") is:

Legal form: Veronika Koval Wizards of Art,

Registered office address: Warsaw, ul. Żurawia 32/34, unit 26, and ul. Wiolinowa 8, office 150 (class 1),

NIP: 5252920518, REGON: 52289938000000

Email address: wizardofart2022@gmail.com

Contact telephone number: +48 576 119 840

3. The Administrator processes personal data in accordance with:

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),

Act of 10 May 2018 on the Protection of Personal Data,

Act of 18 July 2002 on the provision of services by electronic means.

4. Use of the Website constitutes acceptance of this Privacy Policy.

§2. Scope and purpose of data processing

1. The Controller processes personal data only to the extent necessary for:


fulfilling orders for products and services (sale of ceramics, courses, vouchers, certificates),

processing payments and invoicing,

contacting the Customer (contact forms, class registration),

maintaining a user account on the Website,

sending newsletters or marketing information – with the Customer's consent,

analyzing Website traffic, improving service quality and security,

fulfilling the Controller's legal obligations (e.g., tax and accounting).

2. The legal basis for data processing is:

Article 6, paragraph 1, letter b of the GDPR – performance of a contract or taking steps prior to entering into a contract,

Article 6, paragraph 1, letter c of the GDPR – legal obligation of the Controller,

Article 6, paragraph 1, letter a of the GDPR – User consent (e.g., marketing, newsletter),

Article 6, paragraph 1, letter e of the GDPR – processing of personal data, f GDPR – legitimate interest of the Administrator (e.g. statistical analysis, defense against claims).

§3. Categories of data processed

1. The following User personal data may be processed within the Website:

name and surname,

email address,

telephone number,

residential or delivery address,

payment data (e.g., transaction number, payment method – without full card details),

data contained in electronic correspondence,

user account data (login, password – encrypted),

data about activity on the Website (IP address, system logs, cookies).

2. Data required to fulfill the order is required – failure to provide it prevents the conclusion of the contract.

3. The Controller does not process special categories of data (so-called sensitive data).

§4. Data recipients and processors

1. Personal data may only be shared with:

the Controller's employees and associates within the scope of the contract;

payment processors (e.g., Fondy, Stripe, BLIK via Fondy);

courier companies carrying out deliveries (e.g., InPost, Poczta Polska);

IT service providers (hosting, server, CMS system, mailing systems);

accounting offices and entities authorized by law.

2. All data processors operate under personal data processing agreements and guarantee an adequate level of protection in accordance with the GDPR.

§5. Data Storage

1. Personal data is stored:

for the duration of the contract, and then for the period required by tax regulations (usually 5 years);

marketing data – until consent is withdrawn;

user account data – until the account is deleted or the relationship is terminated.

2. After the above periods, the data is permanently deleted or anonymized.

§6. User rights

  1. The user has the right to:

  • access their data and receive a copy,

  • correct (amend) their data,

  • delete data (“right to be forgotten”),

  • restrict the processing of their data,

  • transfer data to another controller,

  • object to the processing of their data,

  • withdraw consent at any time,

  • lodge a complaint with the President of the Personal Data Protection Office (UODO).

  1. To exercise these rights, a message should be sent to the Administrator’s email address: wizardofart2022@gmail.com

§7. Data Security

  1. The Administrator implements technical and organizational measures to ensure the protection of personal data, including:

  • encrypted connections (SSL / HTTPS),

  • encryption of user passwords (hashing),

  • access and login control,

  • creating backups,

  • regular security audits of systems.

  1. Personal data is not transferred outside the European Economic Area (EEA), unless necessary and with appropriate safeguards in place.

§8. Cookies and Tracking Technologies

  1. The Wizards of Art website uses cookies and other tracking technologies (such as local storage, tracking pixels, JavaScript tags, mobile device identifiers) to ensure proper functionality, security, content personalization, as well as for analytics and marketing purposes.

  2. Cookies are small text files stored on the user’s device (computer, tablet, smartphone) by the web browser when visiting the website.

Cookies do not identify an individual, but they may allow recognition of the device or browser in order to adapt the website’s operation to individual preferences.

  1. The following types of cookies are used on the website:

  • Technical (essential) cookies – enable proper website functionality, including navigation, logging into the user account, placing orders, saving items in the cart, maintaining sessions, completing forms, and ensuring secure data transmission.

  • Functional cookies – remember selected user settings, such as site language, region, saved login data, or cart contents for future visits.

  • Analytical and statistical cookies – collect information about website usage, traffic sources, number of visits, time spent on the site, device and browser types. This data is processed anonymously to improve service quality.

  • Marketing and advertising cookies – used for remarketing, ad personalization, measuring ad effectiveness, and showing users content relevant to their interests.

  1. Analytical and advertising tools used on the website may include:

  • Google Analytics (Google LLC) – used to analyze website traffic statistics; data is anonymized and does not identify individuals.

  • Facebook Pixel (Meta Platforms Ireland Ltd.) – used to measure advertising campaign effectiveness and run remarketing on Facebook and Instagram.

  • Wix.com Ltd. tools – integrated with the platform hosting the website, enabling basic traffic analysis, identifying traffic sources, and improving site performance.

  • Fondy and Stripe – payment operators may use their own cookies necessary for completing transactions and ensuring online payment security.

  1. Managing cookies:

  • Users can change cookie settings in their web browser at any time — including limiting or completely disabling cookies.

  • Limiting cookies may affect some site functions, such as logging in, placing orders, saving preferences, or using the cart.

  • Detailed instructions for changing cookie settings are available in the help menu of each browser (e.g., Chrome, Safari, Firefox, Edge, Opera).

  1. Cookie retention periods:

  • Session cookies – temporary, deleted automatically when the browser is closed.

  • Persistent cookies – stored for a set period or until manually deleted by the user. Retention depends on the purpose (e.g., analytical cookies may be stored up to 24 months).

  1. Consent to cookies:

  • On the first visit, users see a banner informing them about cookies and can accept or reject specific categories.

  • Continuing to use the website after seeing the cookie notice, without changing browser settings, is equivalent to giving consent.

  • Users can withdraw consent at any time by changing settings or deleting stored cookies.

  1. Data collected via cookies may be shared with technology partners, including Google LLC, Meta Platforms Ireland Ltd., Wix.com Ltd., Fondy Europe Sp. z o.o., Stripe Payments Europe Ltd., solely to ensure proper website operation, analytics, and payment security. This data is not used for profiling in a way that violates user privacy.

  2. The Administrator applies appropriate technical and organizational measures to protect cookie data from unauthorized access, disclosure, modification, or destruction.

  3. Any questions regarding the use of cookies and tracking technologies on the website can be sent to wizardofart2022@gmail.com.

§9. Profiling

  1. The website may use profiling for marketing purposes or content personalization (e.g., product suggestions).

  2. Decisions are not made automatically and do not have legal consequences for the user.

§10. User Panel

  1. Registered users can use the panel, where they have access to:

  • order history,

  • contact and address information,

  • notification settings,

  • account deletion options.

  1. Deleting the account is equivalent to ending the processing of data related to that account, except for data required by law (e.g., accounting purposes).

§11. Changes to the Privacy Policy

  1. The Administrator reserves the right to change the Privacy Policy at any time, particularly in the event of:

  • changes in the law,

  • introduction of new website functionalities,

  • changes in the way data is processed.

  1. The current version of the Privacy Policy is always available on the website.

§12. Contact

Any questions regarding personal data protection and privacy can be sent to the email address:

wizardofart2022@gmail.com

bottom of page