Privacy Policy

 

1. Legal basis for data processing

Personal data processing is carried out in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). The legal basis for personal data processing is:

  • consent of the data subject (art. 6 para. 1 lit. a GDPR),
  • necessity for the performance of a contract (art. 6 para. 1 lit. b GDPR),
  • legal obligation (art. 6 para. 1 lit. c GDPR),
  • legitimate interest of the controller (art. 6 para. 1 lit. f GDPR).
  • Note for non-EU customers: The rights and protections described in this policy may vary depending on your local jurisdiction. Customers outside the EU may have different privacy rights under their local laws.


2. Personal data controller

The personal data controller is Kseniia Novikova, conducting business activity in Warsaw, Obrzeżna 7/211, 02-691 Warsaw, NIP: 5223250156, REGON: 524511775.


3. Scope of processed data

3.1. Identification data: first name, last name, residential address, phone number, email.

3.2. Payment data: transaction information (without storing card data).

3.3. Contact data: delivery address, phone numbers.

3.4. Data related to customer account and order history.

3.5. Technical data: IP address, cookies, device and browser type.


4. Purposes of data processing

4.1. Order fulfillment (payments, shipping, complaints).

4.2. User account service.

4.3. Communication with customer (order status, inquiries).

4.4. Marketing – with user consent.

4.5. Analytics and statistics – website traffic analysis (including Google Analytics).

4.6. Fulfilling legal obligations (accounting, taxes).


5. Analytical tools and external service providers

5.1. The Store operates on the Shopify platform, which may process data as a data processor. More information: https://www.shopify.com/legal/privacy

5.2. For analytical purposes, we use Google Analytics. Data is anonymized and does not allow identification of a natural person.


6. User rights

6.1. Right of access to data.

6.2. Right to rectification of data.

6.3. Right to erasure of data ("right to be forgotten").

6.4. Right to restriction of processing.

6.5. Right to data portability.

6.6. Right to object to processing.

6.7. Right to withdraw consent at any time.

6.8. Right to lodge a complaint:

  • EU residents: with a supervisory authority (UODO in Poland)
  • US residents: with your state attorney general or relevant state privacy authority
  • California residents: with the California Privacy Protection Agency

6.9. Jurisdiction-specific rights: The rights listed above apply primarily to EU residents under GDPR. Customers in other jurisdictions may have different rights under local privacy laws:

  • California residents: Rights under CCPA/CPRA
  • Other US states: Rights may vary by state law
  • For specific rights in your jurisdiction, please contact us at [email]

 

7. Data retention period

7.1. We store data for the period necessary for contract performance and for the period required by legal provisions (e.g., tax – 5 years).

7.2. Data processed based on consent is stored until its withdrawal.


8. Personal data protection

8.1. Data is secured using appropriate technical and organizational measures (encryption, access control, audits).

8.2. In case of data transfer outside the EEA, we use appropriate safeguards, such as EU standard contractual clauses.


9. Data recipients

9.1. Payment operators (e.g., Shopify Payments, PayPal).

9.2. Courier companies (e.g., DHL, DPD, InPost).

9.3. IT and hosting service providers.

9.4. Entities supporting marketing and analytical activities.

9.5. State authorities, if we are obligated to provide data.


10. Cookies

10.1. Cookies are small text files saved on the user's device (computer, smartphone, tablet), which serve to improve website operation, remember user preferences, and analyze traffic.

10.2. Types of cookies used on the website:

  • Necessary – enable basic website functions (e.g., login, cart),
  • Analytical – collect anonymous data about website usage (e.g., most frequently visited subpages, errors),
  • Functional – remember user choices (language, location, login data),
  • Marketing – deliver personalized advertising content and may track user activity across different websites.

10.3. Consent and cookie management: During the first visit to the website, the user receives information about cookies and can give consent to all or selected types. Preferences can later be changed in web browser settings. Blocking cookies may affect website functionality.

10.4. Third-party cookies: The website may use cookies provided by external entities, such as Google Analytics, Meta, and other analytical and advertising partners. The Administrator has no control over these cookies.

10.5. Cookie policy updates: The cookie policy may be updated to reflect changes in legal provisions or the way cookies are used. Changes are published on the store website.

 

11. Privacy contact

In matters related to personal data processing, you can contact us at: k.novikova@talento.dance or by mail: ul. Obrzeżna 7/211, 02-691 Warsaw.

 

12. Privacy and cookie policy changes

12.1. The policy may be updated – the current version is always available on the store website.

12.2. Changes take effect from the moment of publication.


13. Additional information

13.1. We do not profile users nor transfer data to third parties for commercial purposes without user consent.

13.2. It is possible that user data will be transferred outside the EEA, in such case we apply standard contractual clauses or other appropriate data protection mechanisms.

13.3. US Customer Notice: For customers in the United States, additional state-specific privacy rights may apply. California residents have specific rights under the California Consumer Privacy Act (CCPA). For more information about your rights, please contact us.

13.4. Governing Law: This privacy policy is governed by Polish and EU law for EU customers. For non-EU customers, local privacy laws may provide additional protections not covered in this policy.

13.5. International transfers: If your data is transferred outside the European Economic Area (EEA), we apply appropriate safeguards in accordance with EU law. Customers outside the EU may be subject to different international data protection standards.