1. Definitions
- Service – website available at https://bartek-kruk.pl.
- User – any natural person visiting the Website or using its functionalities.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.
2. Data controller and contact details
The administrator of your personal data is Bartek Kruk with its registered office at Przytkowice 38,
34-141 Przytkowice, NIP: 5512659897, REGON: 525131490
You can contact us:
- e-mail: bartekkruk.kontakt@gmail.com
- phone: +48 518 297 751
- correspondence address: Przytkowice 38, 34-141 Przytkowice
3. Purposes, scope and basis of data processing
| Purpose of processing | Data range | Legal basis | Obligation / Voluntary |
|---|---|---|---|
| Posting comments | name/nickname, e-mail address, comment content, IP address, browser ID | Article 6(1)(f) of the GDPR (legitimate interest – protecting the website against spam and building a community) | Providing data is voluntary, but necessary to post a comment; lack of data will prevent the comment from being added |
| Contact form | name, e-mail address, message content, any attachments | Article 6(1)(f) of the GDPR (our legitimate interest in providing a response) or Article 6(1)(b) of the GDPR (actions at the request prior to concluding a contract) | Providing data is voluntary, but necessary to receive a response |
| Newsletter | e-mail address, IP address, date/time of recording | Article 6(1)(a) GDPR (your consent) | Providing data is voluntary; failure to consent will prevent the newsletter from being sent. |
| Fulfilling orders in the store | name, surname, delivery address, e-mail, telephone number, Tax Identification Number (optional), payment details | Article 6(1)(b) of the GDPR (performance of the sales contract); Article 6(1)(c) of the GDPR (legal obligation – e.g. accounting) | Providing data is a contractual requirement; failure to provide data will prevent you from placing an order |
| Settlements and accounting services | invoice data (name, surname/company, address, tax identification number) | Article 6(1)(c) of the GDPR (legal obligation – Accounting Act) | mandatory under tax law |
| Statistics analysis and marketing | IP address, cookie ID, data on activity on the Website | Article 6(1)(a) of the GDPR (consent to cookies) | voluntary; refusal of consent will prevent personalization and traffic measurement |
4. Data recipients
Data may be disclosed to the following categories of recipients:
- hosting and server provider – Hostinger;
- avatar service Gravatar – Automattic Inc. (USA);
- analytical tools provider Google Analytics – Google LLC (USA);
- newsletter operator – Mailchimp
- payment operator – Przelewy24 sp. z o. o.
- courier/logistics company – InPost SA
- public authorities to the extent required by law.
We have concluded an appropriate data processing agreement with each data processor or use another instrument that meets the requirements of Article 28 of the GDPR.
5. Data transfer outside the European Economic Area
If the recipient of the data is located outside the EEA (e.g. Automattic – USA, Google LLC – USA, Maichimp – USA), the data transfer takes place only based on:
- adequacy decision (EU‑US Data Privacy Framework) or
- Standard Contractual Clauses adopted by the European Commission and additional safeguards (Article 46 of the GDPR).
You can obtain a copy of the security measures in place by contacting us.
6. Data storage period
| Data category | Retention criterion/period |
| Comments and their metadata | indefinitely (until you delete the comment yourself or request its deletion) |
| Data from the contact form | 12 months from the last correspondence |
| Newsletter | until you withdraw your consent or unsubscribe |
| Sales data (orders) | 6 years (tax liability) |
| Accounting/Invoicing Data | 5 calendar years from the end of the tax year |
| Analytical and marketing data | up to 26 months or less – according to the tool settings + until consent is withdrawn |
7. Cookies and similar technologies
- During your first visit, we show you cookie banner, where you can accept all cookies or manage settings (enable/disable analytics or marketing).
- You can also delete or block cookies yourself at any time in your browser settings.
8. Your rights
You have the right to:
- access to your data (Article 15 of the GDPR),
- corrections data (Article 16 of the GDPR),
- removal data (Article 17 of the GDPR),
- limitations processing (Article 18 of the GDPR),
- transfer data (Article 20 of the GDPR),
- opposition (Article 21 of the GDPR) – including profiling,
- withdrawal of consent at any time (Article 7(3) of the GDPR),
- bringing complaints to the President of the Personal Data Protection Office (Article 77 GDPR).
To exercise your rights, please contact us (details in point 2). We will respond to your request no later than 1 month.
9. Obligation to provide data and consequences of failure to provide data
- Providing data for the purpose of publishing a comment, placing an order or contacting is voluntary but necessary to perform a given function. Failure to provide data will prevent you from posting a comment, completing an order, or responding to a message.
- Providing data for marketing purposes (newsletter, analytical/marketing cookies) is voluntaryRefusing consent has no negative consequences other than not receiving the newsletter and personalized content.
10. Automated decisions and profiling
We do not make automated decisions about you that would produce legal effects or significantly affect you in a similar way (Article 22 of the GDPR). We only use analytical and marketing tools (e.g., Google Analytics) that may collect statistics or show you personalized advertising content – these activities do not significantly impact your rights or freedoms.
11. Safety measures
We use appropriate technical and organizational measures to ensure data confidentiality, integrity, and accountability, including:
- encrypted SSL/TLS connection (https),
- password encryption with the bcrypt/argon2 function,
- regular data backups,
- firewall and malicious traffic detection system,
- access to the administration panel secured with strong passwords and two-factor authentication,
- minimizing the rights of employees/subcontractors.
12. Changes to the Privacy Policy
This Policy may change to reflect regulatory or technological changes. We will notify you of any significant changes via the Website or email. The current version is always available here.
Publication date: 30/04/2025
