klavo
Legal information

Privacy Policy

1. Introduction

We care about your privacy and the security of your personal data. This policy explains:

  • what data we collect,
  • for what purpose we process it,
  • what rights you have,
  • how we protect your data.

We comply with GDPR (Regulation of the European Parliament and Council (EU) 2016/679), the Personal Data Protection Act, the Electronic Services Act, and the Telecommunications Law.

2. Data Controller

  • The personal data controller is:

  • Karol Parfienczyk, ul. Hebanowa 4F, 15-523 Grabówka, Polska, NIP: PL8461565833

  • E-mail: kontakt@klavo.studio

3. Purposes and Legal Bases for Data Processing

Processing PurposeData ScopeLegal Basis
Order and contract fulfillmentfirst name, last name, email address, phone number, delivery address, payment data (through payment operator)Art. 6(1)(b) GDPR – necessary for contract performance
Handling inquiries, complaints, returnsfirst name, last name, email address, phone number, order historyArt. 6(1)(f) GDPR – legitimate interest of the controller
Direct marketing to customersfirst name, last name, email, purchase historyArt. 6(1)(f) GDPR – legitimate interest (informing customers about offers), with right to object
Newsletter and consent-based marketingemail addressArt. 6(1)(a) GDPR – user consent
Website traffic statistics and analysisIP address, device identifier, website activity dataArt. 6(1)(f) GDPR – legitimate interest of the controller
Advertising profiling (remarketing)IP address, cookie data, activity historyArt. 6(1)(a) GDPR – consent for advertising cookies

4. Data Provision Obligation

  • Providing data is voluntary, but in some cases necessary:

    • for order fulfillment – lack of data will prevent purchase and delivery,
    • for newsletter delivery – lack of email will prevent sending marketing content.

  • We process data for analytical and advertising purposes only after consent is given in the cookie banner.

5. Data Retention Period

  • Order-related data – min. 5 years (in accordance with tax regulations).
  • User account – until its deletion.
  • Consent-based marketing data – until consent is withdrawn.
  • Analytical data – maximum 24 months.
  • Marketing data based on legitimate interest – until objection is raised.

6. Data Recipients

We may share data with:

  • payment operators (Stripe, PayU),
  • courier and logistics companies,
  • IT and hosting service providers,
  • marketing and analytics service providers (e.g. Google, Meta),
  • public authorities, if required by law.

7. Data Transfer Outside the EEA

Some providers (e.g. Google LLC, Meta Platforms Inc.) may process data in the USA. In such cases, we use standard contractual clauses of the European Commission, which ensure an adequate level of data protection.

8. Profiling and Automated Decisions

Your data may be used for marketing profiling, e.g. to match ads in Google or Facebook to your interests. However, we do not make decisions that have legal effects in an automated manner.

9. User Rights

You have the right to:

  • access your data,
  • rectify data,
  • delete data ("right to be forgotten"),
  • restrict processing,
  • data portability to another controller,
  • object to marketing and profiling,
  • withdraw consent at any time.

Contact for data matters: kontakt@klavo.studio

10. Data Security

We use:

  • encryption of sensitive data,
  • limited access to data only for authorized persons,
  • regular backups,
  • SSL certificate for the entire website.

11. Cookies

Details can be found in our Cookie Policy.

In brief:

  • Essential cookies – store operation,
  • Analytical cookies – traffic measurement (e.g. Google Analytics),
  • Marketing cookies – ad personalization.

12. Complaints

If you believe that your data is being processed unlawfully, you can file a complaint to the President of the Personal Data Protection Office:

Personal Data Protection Office ul. Stawki 2, 00-193 Warsaw www.uodo.gov.pl

Privacy Policy · KLAVO.studio