Privacy Policy

Privacy Policy of the You-Nick.pl Online Store

Effective date: November 12, 2025

§1. General information and the Data Administrator

  1. This Privacy Policy sets out the rules for the collection, processing and protection of Customers' personal data in connection with the use of the Online Store https://you-nick.pl .
  2. The personal data controller (PDC) is: You-Nick spółka z ograniczoną odpowiedzialnością with its registered office in Wrocław, address: ul. Ślężna 148, 53-111 Wrocław, entered into the Register of Entrepreneurs of the National Court Register under the number 0000417827, Tax Identification Number (NIP) 8992735469 (hereinafter referred to as the "Controller" or "Seller").
  3. Contact with the Administrator: e-mail: contact@you-nick.pl , tel.: +506 746 648.
  4. Personal data are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

§2. Purposes and Legal Basis for Data Processing

Customers' personal data are processed for the following purposes:

2.1. Order Fulfillment (Sales Agreement)

  • Purpose: Acceptance and execution of orders, issuance of accounting documents, payment processing, shipment of goods, handling returns and withdrawals from contracts.
  • Legal basis: Article 6(1)(b) of the GDPR (performance of the sales contract).
  • Data scope: Name and surname, residential/delivery address, e-mail address, telephone number, in the case of entrepreneurs – Tax Identification Number and company name.

2.2. Legal Obligations

  • Purpose: Fulfillment of tax and accounting obligations arising from legal provisions.
  • Legal basis: Article 6(1)(c) GDPR (legal obligation).
  • Scope of data: Data contained in invoices and accounting documentation.

2.3. Complaints and Claims

  • Purpose: Consideration of complaints, pursuit of claims or defense against claims related to the contract.
  • Legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the Controller).
  • Retention period: Until the statute of limitations for potential claims expires.

2.4. Maintaining a Customer Account

  • Purpose: Maintaining the Customer account, enabling viewing of order history.
  • Legal basis: Article 6(1)(b) of the GDPR (performance of the contract for the provision of the account service).
  • Data scope: First name, last name, e-mail address, password (stored in encrypted form).

2.5. Marketing Communications (Newsletter)

  • Purpose: Sending commercial, promotional and marketing information.
  • Legal basis: Article 6 paragraph 1 letter a of the GDPR (Customer's consent), expressed by subscribing to the Newsletter.
  • Data scope: E-mail address.

§3. Data Recipients and Storage Period

  1. Data recipients: Customer data may be transferred to entities processing data on behalf of the Controller, in particular: IT service providers (hosting, Shopify store system), payment operators (e.g. Shopify Payments, Klarna), courier and postal companies (InPost, DPD), entities providing accounting and legal services.
  2. Data transfer outside the EEA: In connection with the use of the Shopify system and other IT tools, data may be transferred outside the European Economic Area (EEA), which is done on the basis of standard contractual clauses adopted by the European Commission, ensuring an adequate level of protection.
  3. Storage period:
    • Order data – for the period necessary to perform the contract and for the period resulting from the provisions of tax and accounting law (usually 5 years from the end of the financial year).
    • Customer account data – until the Customer requests its deletion.
    • Data processed on the basis of consent (Newsletter) – until consent is withdrawn.
    • Data for claims purposes – until the claims expire.

§4. Rights of Data Subjects

Every data subject has the right to:

  • Access your data and receive a copy thereof;
  • Rectify (correct) your data;
  • Deletion of data (right to be forgotten) if there is no legal basis for their further processing;
  • Data processing restrictions ;
  • Data transfer ;
  • Object to data processing (when the basis is a legitimate interest);
  • Withdraw consent at any time (if processing is based on consent), without affecting the lawfulness of processing carried out before its withdrawal.

To exercise their rights, the Customer should contact the Controller (§1). The Customer also has the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO).

§5. Cookies and Usage Data

  1. The Store uses "cookies" – small text files sent by the web server and stored on the Customer's end device.
  2. Cookies are used for the following purposes:
    • Maintaining the Client's session (no need to log in on every subpage).
    • Adapting the content of the Store to the Customer's preferences.
    • Maintaining anonymous statistics and analysis of how the Store is used (e.g. Google Analytics, Shopify tools).
    • Ensuring the proper functioning of the shopping cart and ordering process.
  3. The following types of cookies are used:
    • Necessary (functional): enabling the use of services available in the Store (e.g. authentication, security).
    • Analytical (statistical): helping to understand how Customers use the Store (e.g. measuring traffic, traffic sources).
    • Marketing: enabling the tailoring of advertisements to the Customer’s preferences (applies only to situations where the Customer has given consent).
  4. Customers can independently change cookie settings in their web browser. However, disabling certain cookies may affect the operation of the Store.
  5. For detailed information about the cookies used by the Shopify platform, please read the Shopify Cookie Policy .

§6. Final Provisions

  1. The Administrator reserves the right to make changes to the Privacy Policy, of which Customers will be informed in due time on the Store's website.
  2. In matters not covered by this Privacy Policy, the provisions of the GDPR and Polish law shall apply.