Privacy policy

Date of last update: 15 April 2025

This Privacy Policy sets out how Bajka O Mnie (“Site” and any variation of the personal pronoun “we”) collects, uses, and discloses the personal information of a User who visits the site or uses our services from the site, or makes a purchase on the site at bajkaomnie.pl (“Site”), or otherwise communicates with us in connection with the Site (collectively, the “Services”). For the purposes of this Privacy Policy, the term “User” means a user of the Services, whether they are a customer, a website visitor, or any other individual whose information we collect in accordance with this Privacy Policy.

Please read this Privacy Policy carefully.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the updated Privacy Policy on the Site, then update the “last updated” date of this Privacy Policy, and take any other steps required by applicable law.

Collection and Use of the User’s Personal Information

To provide the Services, we collect personal information about the User from various sources, as set out below. The information we collect and use varies depending on how the User interacts with us.

In addition to the specific purposes of use set out below, we may use the information we collect about the User to communicate with the User, provide or improve the Services, comply with any applicable legal obligations, enforce any applicable terms of service, and protect or defend the Services, our rights, and the rights of our users or other individuals.

Information Collected Directly from the User

Information provided to us directly by the User through our Services may include:

  • Contact details, including the User’s first and last name, address, telephone number, and email address.

  • Order information, including first and last name, billing address, delivery address, payment confirmation, email address, and telephone number.

  • Account information, including username, password, security questions, and other information used for account security purposes.

  • Customer support information, including information that the User includes in communications with us, for example when sending messages through the Services.

Some features of the Services may require the User to provide certain information to us directly. The User does not have to provide this information, but doing so may prevent them from using or accessing those features.

Collection of Usage Information

We may also automatically collect certain information about the User’s interaction with the Services (“Usage Data”). For this purpose, we may use cookies, pixels, and similar technologies (“Cookies”). Usage Data may include information about how the User accesses and uses the Site and their account, including device information, browser information, network connection information, IP address, and other information about the User’s interaction with the Services.

Information Obtained from Third Parties

We may also obtain information about the User from third parties, including vendors and service providers who may collect information on our behalf, such as:

  • Companies that operate the Site and the Services, for example Shopify.

  • Our payment processors, who collect payment information (for example bank account details, credit or debit card details, or billing address) in order to process the User’s payments for the fulfilment of the User’s orders and to deliver products or provide services that the User has ordered, in order to fulfil our obligations under the contract entered into with the User.

  • When the User visits the Site, opens or clicks on emails we send, or interacts with the Services or our advertisements, certain information may be automatically collected by us or by third parties we work with using online tracking technologies such as pixels, web beacons, software development kits, third-party libraries, and cookies.

Any information we obtain from third parties will be processed in accordance with this Privacy Policy. Please also see the section below titled Third-Party Sites and Links.

Use of the User’s Personal Information

  • Providing products and delivering Services.
    We use the User’s personal information to provide the Services to them and to perform our contract with the User, including processing the User’s payments, fulfilling the User’s orders, sending notifications to the User relating to their account, purchases, returns, exchanges, or other transactions, creating and maintaining the User’s account and otherwise managing it, arranging deliveries, facilitating returns and exchanges, and enabling other features related to the User’s account.
    We may also enhance the User’s shopping experience by enabling Shopify to match the User’s account with other Shopify services that the User may choose to use. In such cases, Shopify will process the User’s information as set out in its Privacy Policy and Consumer Privacy Policy.

  • Marketing and advertising.
    We may use the User’s personal information for marketing and promotional purposes, including sending marketing, advertising, and promotional communications by email, SMS, or post, and displaying advertisements for products or Services.
    This may include using the User’s personal information to better tailor the Services and advertising on the Site and on other websites. If the User is a resident of the European Economic Area (EEA), the legal basis for these data processing activities is our legitimate interest in selling our products, in accordance with Article 6(1)(f) of the GDPR.

  • Security and fraud prevention.
    We use the User’s personal information to detect, investigate, or take appropriate action in relation to possible fraudulent, illegal, or malicious activity. If the User chooses to use the Services and registers an account, they are responsible for keeping their account credentials secure. We strongly recommend that the User does not share their login details with anyone, including their username and password. If the User believes that their account has been compromised, please contact us immediately.
    If the User is a resident of the European Economic Area (EEA), the legal basis for these data processing activities is our legitimate interest in ensuring the security of our website for the User and other customers, in accordance with Article 6(1)(f) of the GDPR.

  • Communication with the User and improvement of the Services.
    We use the User’s personal information to provide them with appropriate support and to improve our Services. It is in our legitimate interest to respond to the User’s needs, provide effective services to them, and maintain a business relationship with them, in accordance with Article 6(1)(f) of the GDPR.

Cookies

Our Site, like many other websites, uses cookies. More information about the cookies we use in connection with operating our shop through Shopify can be found at: https://www.shopify.com/legal/cookies. We use cookies to make our Site and Services available and to improve them (including to remember the User’s actions and preferences), to carry out analytics, and to better understand the User’s interaction with the Services (in our legitimate interest related to administering the Services and improving and optimising them). In addition, we may allow third parties and service providers to use cookies on the Site in order to better tailor services, products, and advertising on the Site and on other websites.

Most browsers automatically accept cookies by default, but the User can set their browser to remove or reject cookies using the available browser controls. Please note that removing or blocking cookies may negatively affect the User’s experience and may cause some Services, including certain features and general functionality, to work incorrectly or become unavailable. In addition, blocking cookies may not fully prevent us from sharing information with third parties, such as our advertising partners.

Disclosure of Personal Information

In certain circumstances, we may disclose the User’s personal information to third parties for purposes related to the performance of a contract, for lawful purposes, and for other reasons in accordance with this Privacy Policy. These circumstances may include sharing personal information:

  • With vendors or other third parties who provide services on our behalf (for example IT management services, payment processing, data analytics, customer support, cloud data storage, fulfilment, and delivery services).

  • With business and marketing partners in order to provide services and display advertisements to the User. Our business and marketing partners will use the User’s information in accordance with their own privacy notices.

  • When the User instructs us to disclose, or otherwise consents to our disclosure of, certain User information to third parties, for example for the purpose of shipping the User’s products, or in connection with the User’s use of social media widgets or login integrations, with the User’s consent.

  • With our affiliates or otherwise within our corporate group, in our legitimate interest of running a successful business.

  • In connection with a business transaction, such as a merger or bankruptcy, to comply with any applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce any applicable terms of service, and to protect or defend the Services, our rights, and the rights of our users or other individuals.

We disclose the following categories of personal information and sensitive personal information about users for the purposes set out above in the sections “How We Collect and Use the User’s Personal Information” and “How We Disclose Personal Information”:

Category Kategorie odbiorców
  • Identifiers, for example basic contact details and certain information about orders and accounts.
  • Commercial information, for example information about orders, purchase information, and customer support information.
  • Internet or other similar network activity, for example Usage Data.
  • Geolocation information, for example locations determined based on IP address or other technical measures.
  • Vendors and third parties who provide services on our behalf (for example internet service providers, payment processors, partners involved in fulfilling orders or providing customer support, and data analytics service providers).
  • Business and marketing partners.
  • Affiliates / associated entities.

We do not use or disclose the User’s sensitive personal information without their consent, or for the purpose of inferring characteristics about the User.

With the User’s consent, we share personal information for advertising and marketing activities in the following ways.

Third-Party Sites and Links

The Site may contain links to websites or other online platforms operated by third parties. If the User uses these links to visit websites that are not operated by our affiliates or associated entities, they should review the privacy and security policies and other applicable terms of those websites. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or reliability of the information on those websites.

Information that the User posts in public or semi-public places, including information the User shares on third-party social media platforms, may also be visible to other users of the Services or of those platforms without limitation as to use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on those platforms or of their owners or operators, unless expressly stated within the Services.

Children’s Data

Our Services include the creation of personalised products (books) that are intended for children. In order for us to create such a personalised product at your request, it is necessary for you (as an adult User – a parent, legal guardian, or another person acting with the consent of a parent/guardian) to provide certain information about the child for whom the product is intended.

Who is a User of the Services:
We emphasise that our Services are intended for use by adults only. Minors may not use our Services independently, create an account, or place orders.

What data about the child we collect and for what purpose:
When placing an order for a personalised product, we will ask you (the adult User) to provide the data necessary to personalise it. This may include information such as:

  • The child’s first name

  • The child’s gender

  • The child’s age

This data about the child is collected solely for the purpose of creating and delivering the personalised product, in accordance with the order you have placed (legal basis: Article 6(1)(b) of the GDPR – performance of a contract). This data is provided to us directly by you as the adult User. We do not knowingly collect data directly from children.

Your responsibility:
By placing an order and providing data about the child, you confirm that you are authorised to provide us with this data (for example as a parent, legal guardian, or with the consent of a parent/legal guardian) for the purpose of fulfilling the order.

Protection of the child’s data:
We apply appropriate technical and organisational measures to protect the data about the child that you entrust to us for the purpose of personalising the product. This data is not used for any purpose other than fulfilling the order.

Rights in relation to the child’s data:
As the adult person providing the child’s data, you are entitled, in relation to this data, to the rights listed in the section “User Rights” of this Privacy Policy (for example the right of access, rectification, and erasure), because you are the party to the contract with us and the controller of this data in the relationship with the child. You may exercise these rights by contacting us in the manner described below.

Security and Retention of the User’s Information

Please note that no security measures are perfect or impenetrable and that we cannot guarantee “perfect security”. In addition, any information that the User sends to us may not be secure while it is being transmitted. We recommend avoiding the use of unsecured channels to send us confidential or sensitive information.

The length of time for which we retain the User’s personal information depends on various factors, such as whether we need the information to maintain the User’s account, provide the Services, comply with legal obligations, resolve disputes, or enforce other applicable agreements and policies.

User Rights

Depending on the User’s place of residence, they may have some or all of the rights listed below in relation to their personal information. However, these rights are not absolute and may apply only in certain circumstances, and where permitted by law, we may refuse the User’s request.

  • Right to know / right of access to personal information. The User may have the right to submit a request for access to the personal information we hold about them, including information about the ways in which the User’s information is used and shared by us.
  • Right to delete personal information. The User may have the right to submit a request for the deletion of their personal information that we hold.
  • Right to correct personal information. The User may have the right to submit a request to correct inaccurate personal information that we hold about them.
  • Right to data portability. The User may have the right to receive a copy of the personal information we hold about them and to submit a request to transfer it to a third party, in certain circumstances and with certain exceptions.
  • Right to opt out of sale, sharing, or targeted advertising. The User may have the right to direct us not to “sell” or “share” their personal information, or to opt out of the processing of their personal information for purposes considered to be “targeted advertising”, as defined under applicable privacy laws. Please note that if the User visits the Site with the Global Privacy Control (GPC) opt-out preference signal enabled, then depending on the User’s location, we will automatically treat such a signal as a request to opt out of the “sale” or “sharing” of information for the device and browser the User uses to visit the Site.
  • Restriction of processing. The User may request that we stop or limit the processing of their personal information.
  • Withdrawal of consent. Where we require the User’s consent to process their personal information, the User may have the right to withdraw that consent at any time.
  • Appeal. If we refuse to act on the User’s request, the User may have the right to appeal our decision. To do so, the User should respond directly to our refusal.
  • Managing communication preferences. We may send the User promotional emails, and the User may opt out of receiving them at any time by using the unsubscribe option displayed in our emails. If the User opts out, we may still send them non-promotional emails, such as emails relating to the User’s account or orders.

The User may exercise any of these rights where indicated on the Site or by contacting us using the contact details provided below.

We will not discriminate against the User for exercising any of these rights. Before providing a substantive response to a request, we may need to collect information from the User (for example an email address or account information) in order to verify their identity. In accordance with applicable law, the User may appoint an authorised agent to submit a request on the User’s behalf to exercise their rights. Before accepting such a request from an agent, we will require the agent to provide appropriate authorisation to act on the User’s behalf, and we may also require the User to verify their identity directly with us. We will respond to the User’s request in a timely manner, in accordance with the requirements of applicable law.

Complaints

If you have any complaints about how we process the User’s personal information, please contact us using the contact details provided below. If the User is not satisfied with our response to their complaint, then depending on their place of residence, they may have the right to appeal our decision (by contacting us using the contact details provided below) or to lodge a complaint with the relevant data protection authority. A list of the relevant supervisory authorities for data protection in the European Economic Area (EEA) can be found here.

International Users

Please note that we may transfer, store, and process the User’s personal information outside the User’s country of residence. The User’s personal information is also processed by our employees and external service providers and partners in those countries.

If we transfer the User’s personal information outside Europe, we will rely on recognised data transfer mechanisms, such as the Standard Contractual Clauses adopted by the European Commission or any equivalent documents adopted by the relevant authority in the United Kingdom, unless the data is transferred to a country that has been recognised as providing an adequate level of protection.

Contact

If you have any questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of the User’s rights, please contact us by phone or email at support@bajkaomnie.pkl or write to us at:
Kuczków 19, Kuczków, 99-300, PL.

For the purposes of applicable data protection laws, and unless expressly stated otherwise, we are the controller of the User’s personal information.