Privacy Policy

Last updated: November 10, 2025

​

§1. Data Controller and Contact Information

The controller of your personal data is Patrycja Ridha Hassan, conducting business under the name “Own-designed” Patrycja Ridha Hassan,
ul. Wapienicka 36, 43-382 Bielsko-Biała, Poland,
NIP (Tax ID): 6792885358, REGON: 541841545, registered in CEIDG.

The Controller operates the online store TEAZEN.pl (hereinafter referred to as the “Store”) and acts as the Seller and Service Provider.

Contact regarding personal data: biuro@teazen.pl (preferred channel)
or by post to the business address listed above.

​

Data Protection Officer: not appointed (no legal obligation).

​

All processing of personal data complies with the GDPR (EU Regulation 2016/679) and the Polish Personal Data Protection Act of May 10, 2018.

​

​

§2. Scope, Purposes, and Legal Bases for Processing

We process personal data that you provide voluntarily or that are generated during your use of the Store.

1. Purchase and contract fulfillment – name, delivery address, e-mail, phone number, invoice data.
   Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

2. Account registration – e-mail, password, and optionally delivery/profile details.
   Legal basis: Art. 6(1)(b) GDPR (provision of account services).

3. Contact (form/e-mail) – e-mail address and data contained in the message (e.g., name, surname, order number).
   Legal basis: Art. 6(1)(f) GDPR (legitimate interest: user communication) or Art. 6(1)(b) if related to a contract.

4. Newsletter – e-mail address.
   Legal basis: Art. 6(1)(a) GDPR (consent) in conjunction with Art. 10 of the Electronic Services Act and Art. 172 of the Telecommunications Law.
   You may withdraw your consent at any time.

5. Direct marketing to customers (after purchase) – e-mail / information about similar products.
   Legal basis: Art. 6(1)(f) GDPR (legitimate interest: promoting own products). You have the right to object.

6. Post-purchase opinions/surveys – one-time review requests.
   Legal basis: Art. 6(1)(f) GDPR (improving service quality).

7. Technical data / logs / cookies – e.g., IP address, browser or device identifiers, site activity.
   Legal basis:
   • for essential website functionality and security – Art. 6(1)(f) GDPR (legitimate interest: administration and security),
   • for analytics/marketing – Art. 6(1)(a) GDPR (consent via the cookie banner).

Legitimate interests (Art. 6(1)(f) GDPR): IT security, fraud prevention, handling inquiries, asserting or defending claims, own marketing, and basic analytics on anonymized/aggregated data.

​

Is providing data mandatory?
• For purchase, delivery, and payment – yes, without these we cannot fulfill the order (contractual requirement).
• For account registration/newsletter – voluntary, but necessary to provide those services.

​

Data sources (if not provided directly): payment operator (payment status), carrier (delivery status).

​

​

§3. Data Retention Periods

• Contracts/orders: retained for the duration of performance and until the expiry of limitation periods (generally 6 years; 3 years for recurring or business-related claims).
• Accounting documents (invoices): 5 years, counted from the beginning of the year following the fiscal year concerned (Accounting Act).
• Customer accounts: until deleted (with retention of accounting/claim data as above).
• Newsletter/marketing (based on consent): until consent is withdrawn (with retention of consent record for proof purposes).
• Technical logs: up to 2 years, or longer if needed for security or legal claims.
• Cookies: retained according to browser settings or until deleted by you.

​

​

§4. Data Recipients

Your data may be shared with entities processing data on our behalf (data processors) and independent controllers where necessary to provide services, such as:

• Carriers (e.g., InPost, DPD) – for delivery of orders.

• Payment Operator – To process online payments, your data (e.g., name, surname, email address, payment amount) is transferred to the entity handling online payments in our store.
  • Fondy Europe Limited (Fondy.eu) – operator płatności, odpowiedzialny za realizację płatności online (Fondy jest niezależnym administratorem danych w tym zakresie).
  • Przelewy24 (PayPro S.A.) – pośrednik płatności działający w ramach integracji z Fondy.eu

• Hosting / e-commerce platform provider: [home.pl, Wix] – for IT infrastructure maintenance.
• Analytics and marketing partners: Google (Analytics/Ads), Meta Platforms Ireland (Pixel/Ads) – only with your consent via the cookie banner.
• Accounting office, legal/IT advisors, CRM/newsletter tools – only to the extent necessary for service provision.
• Public authorities – solely under and within the limits of applicable law (e.g., courts, police, Data Protection Authority).

​

Data transfers outside the EEA:
If data are transferred to third countries (e.g., the USA via Google/Meta services), we apply appropriate safeguards such as the EU–US Data Privacy Framework or Standard Contractual Clauses (SCCs), and additional measures where required.

​

​

§5. Your Rights under GDPR

You have the right to:
• access your data (Art. 15),
• rectification (Art. 16),
• erasure (“right to be forgotten”) (Art. 17),
• restriction of processing (Art. 18),
• data portability (Art. 20),
• object to processing (Art. 21) – including direct marketing,
• withdraw consent at any time (without affecting prior lawful processing),
• lodge a complaint with the President of the Polish Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw.

To exercise your rights, please contact: biuro@teazen.pl.
We respond without undue delay, and no later than within 1 month (extendable to 2 months in complex cases — you will be informed).

​

​

§6. Profiling and Automated Decision-Making

We may carry out limited marketing profiling (e.g., product recommendations or personalized content) based on purchase history and site activity/cookies.
We do not make decisions that produce legal effects or similarly significant impacts on you (no fully automated decision-making).
You can withdraw consent for marketing cookies or object to direct marketing at any time.

​

​

§7. Cookies and Similar Technologies

Details are available in the Cookie Policy on TEAZEN.pl.

• Essential cookies – necessary for website functionality and security (basis: Art. 6(1)(f) GDPR).
• Analytical/marketing cookies – used only with your consent (Art. 6(1)(a) GDPR). You can manage consent in the cookie banner.

For Google Analytics, we use IP anonymization and retention settings in line with Google’s configuration options.

​

​

§8. Minors

The Store’s services are not intended for persons under 16 years of age.
If we become aware that we have processed a child’s data without parental consent, we will delete such data immediately.

​

​

§9. Policy Updates

This Privacy Policy may be updated due to legal or operational changes.
The current version is always available at TEAZEN.pl.
Significant updates will be announced on the website or by e-mail (for newsletter subscribers).

​

​

§10. Contact

Questions about data protection: biuro@teazen.pl
Postal address: ul. Wapienicka 36, 43-382 Bielsko-Biała, Poland