Privacy Policy

Privacy Policy

Last updated: July 31, 2025

1. Data Controller

1.1. The controller of your personal data is:
Tomasz Piłat
Tax ID (NIP): 6621826403
Email: tommyecomkontakt@gmail.com

1.2. For any matters related to the processing of personal data or product safety, please contact us at tommyecomkontakt@gmail.com.

2. Purposes and Legal Basis for Processing

2.1. We process your personal data for the following purposes:

  • Order fulfillment, including sharing data with suppliers (Article 6(1)(b) GDPR – performance of a contract),

  • Handling inquiries, complaints, and product-related reports (Article 6(1)(f) GDPR – legitimate interest of the controller),

  • Sending newsletters, if you have given your consent (Article 6(1)(a) GDPR – consent),

  • Analyzing website traffic and optimizing the store’s performance (Article 6(1)(f) GDPR – legitimate interest of the controller),

  • Processing payments through external providers (Article 6(1)(b) GDPR – performance of a contract).

3. What Data Do We Collect?

3.1. Depending on your activity on our website, we may collect the following information:

  • First and last name,

  • Email address,

  • Delivery address,

  • Phone number,

  • Transaction data (processed by payment operators such as Stripe, PayPal, etc.).

3.2. We do not store payment card details — these are processed only by secure external payment operators in accordance with their own privacy policies.
3.3. Personal data (name, surname, delivery address) may be shared with external suppliers for order fulfillment. Customers are informed about this before placing an order.

4. Recipients of Personal Data

4.1. Your personal data may be shared with the following entities:

  • Product suppliers,

  • Courier and logistics companies,

  • Payment operators (e.g., Stripe, PayPal),

  • Website and e-commerce platform providers (e.g., Shopify, WooCommerce),

  • Analytics service providers (e.g., Google Analytics).

4.2. Each of these entities processes personal data in compliance with the GDPR and under appropriate data processing agreements.

5. Data Retention

5.1. We store your data for the following periods:

  • For the duration of order processing, returns, and complaints,

  • For the period required by law (e.g., 5 years for tax purposes),

  • For marketing purposes — until consent is withdrawn,

  • For product safety monitoring and incident management.

5.2. Analytical data are retained only as long as necessary to improve and optimize the store’s performance.

6. Your Rights

6.1. You have the right to:

  • Access your data (Article 15 GDPR),

  • Rectify your data (Article 16 GDPR),

  • Erase your data (“right to be forgotten”, Article 17 GDPR),

  • Restrict processing (Article 18 GDPR),

  • Data portability (Article 20 GDPR),

  • Object to processing (Article 21 GDPR),

  • Withdraw consent at any time (Article 7(3) GDPR).

6.2. To exercise your rights, please contact us at tommyecomkontakt@gmail.com.
6.3. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO).

7. Cookies and Tracking Technologies

7.1. We use cookies for the following purposes:

  • Ensuring the correct operation of the website and store,

  • Analyzing traffic (e.g., via Google Analytics),

  • Personalizing content and advertisements.

7.2. You can manage cookie settings in your browser or directly on our website.

8. Data Transfers Outside the EEA

8.1. Due to the use of international service providers (e.g., Shopify, Google), your data may be transferred outside the European Economic Area (EEA) — for example, to Canada or the United States.
8.2. These providers implement appropriate safeguards in accordance with the GDPR, such as Standard Contractual Clauses (SCCs).

9. Product Safety

9.1. We process certain personal data to monitor product safety and manage potential recall procedures.
9.2. Any safety-related reports should be sent to tommyecomkontakt@gmail.com — we respond within 24 hours.
9.3. In the event of a product recall, customers will be notified via email and provided with detailed return instructions.

10. VAT and Customs Formalities

10.1. The customer acts as the importer of goods and is responsible for any customs or VAT-related procedures unless stated otherwise (e.g., when the IOSS system applies).
10.2. Information about applicable fees and taxes is displayed before placing an order (e.g., in the shopping cart).

11. Changes to This Privacy Policy

11.1. We reserve the right to update this Privacy Policy. The current version is always available on our website and takes effect immediately upon publication.