Privacy Policy
Effective from April 24, 2026
This Privacy Policy describes the principles of personal data processing and the use of cookies on the website available at: www.krysztofiak.studio.
1. Data Controller
The personal data controller is:
Creative Studio Karolina Krysztofiak
Tax ID: PL779 222 64 26
e-mail: info@krysztofiak.studio
For matters related to personal data protection, please contact us at: info@krysztofiak.studio.
2. Scope of Processed Data
Depending on how you use the website, we may process the following data:
- data provided in the contact form, in particular: first name and last name, email address, website address, social media profile, role in the decision-making process, selected scope of cooperation, project information, planned cooperation date, source of information about the Studio, and referrer's data,
- data provided when subscribing to the newsletter, in particular email address and name, if the subscription form includes them,
- data provided when placing an order in the online store, in particular first name, last name, company name, Tax ID, billing address, delivery address, email address, phone number, order and payment details,
- data related to the customer account, if the user creates one, including login, email address, order history, and data saved in the account,
- technical data related to website usage, such as IP address, device type, browser, operating system, approximate location, visited subpages, and information stored in cookies.
3. Purposes and Legal Bases for Data Processing
Personal data is processed for the following purposes:
3.1. Contact Form Handling
Data provided in the contact form are processed to respond to inquiries, conduct correspondence, prepare offers, and take action before a potential contract is concluded.
Legal basis: Art. 6(1)(b) GDPR, if the contact aims at concluding a contract, and Art. 6(1)(f) GDPR, which is the legitimate interest of the controller consisting in handling correspondence and inquiries.
3.2. Provision of Services and Orders
Customer data is processed for the purpose of fulfilling orders, executing contracts, handling payments, delivering products or services, contacting regarding orders, and handling any complaints.
Legal basis: Art. 6(1)(b) GDPR.
3.3. Customer Account Management
Data related to the customer account are processed to enable account creation, login, viewing order history, and using store features.
Legal basis: Art. 6(1)(b) GDPR.
3.4. Payment Processing
For online payments, data necessary for transaction processing are transferred to the payment operator Przelewy24, operated by PayPro S.A. PayPro S.A. processes payer data as a separate data controller for payment processing.
Legal basis: Art. 6(1)(b) GDPR.
3.5. Issuing Accounting Documents and Fulfilling Legal Obligations
Data are processed for the purpose of issuing invoices, maintaining accounting and tax documentation, and fulfilling obligations arising from legal provisions.
Legal basis: Art. 6(1)(c) GDPR.
3.6. Newsletter
Data provided when subscribing to the newsletter are processed for the purpose of sending emails, information about content, services, offers, products, or Studio activities.
The GetResponse system is used to operate the newsletter. GetResponse S.A. acts as a provider of email marketing tools and may process data as a processor on behalf of the controller. GetResponse states that it provides marketing services and processes customer data and contacts entrusted by customers within its tools.
Legal basis: Art. 6(1)(a) GDPR, i.e., the consent of the person subscribing to the newsletter.
You can unsubscribe from the newsletter at any time by clicking the unsubscribe link in the email or by contacting us at: info@krysztofiak.studio.
3.7. Website Analytics
The website uses Google Analytics, which helps analyze website usage, measure traffic, check subpage popularity, and improve website performance. Google states that Google Analytics adheres to Google's privacy principles and processes information related to the use of Google services.
Legal basis: Art. 6(1)(a) GDPR, i.e., user consent expressed via the cookie banner — to the extent that Google Analytics uses cookies or similar technologies.
3.8. Protection Against Abuse and Ensuring Website Security
Technical data may be processed to ensure website security, detect errors, protect against spam, abuse, and unauthorized access.
Legal basis: Art. 6(1)(f) GDPR, i.e., the legitimate interest of the controller.
3.9. Claim Establishment and Defense
Data may be processed for the purpose of establishing, pursuing, or defending against claims.
Legal basis: Art. 6(1)(f) GDPR.
4. Voluntariness of Data Provision
Providing data is voluntary, but may be necessary for:
- sending an inquiry via the form,
- receiving a response,
- subscribing to the newsletter,
- creating a customer account,
- placing an order,
- processing payments,
- receiving an invoice or other accounting document.
Failure to provide required data may prevent the use of certain website functions.
5. Data Recipients
Personal data may be transferred to entities that support the controller in operating the website, customer service, sales, payments, communication, and marketing.
Such entities include, in particular:
- HashMagnet — website hosting, technical server and email support,
- Google / Gmail — email service and analytical tools,
- GetResponse S.A. — newsletter and email communication service,
- PayPro S.A. / Przelewy24 — online payment processing,
- providers of the WordPress system, WooCommerce, plugins, and technical tools, if they have access to data in connection with website operation,
- accounting office or other entities supporting the controller in settlements,
- entities authorized to obtain data based on legal provisions.
6. Transfer of Data Outside the European Economic Area
In connection with the use of tools such as Google, Gmail, Google Analytics, or GetResponse, data may be transferred outside the European Economic Area if the respective provider uses infrastructure or subcontractors located outside the EEA.
In such cases, data transfer takes place based on appropriate safeguards provided by the GDPR, in particular standard contractual clauses or other mechanisms compliant with personal data protection regulations.
7. Data Retention Period
Data are stored for the period necessary to achieve the purpose for which they were collected.
In particular:
- data from the contact form are stored for the time needed to handle the inquiry and further correspondence, and then for a maximum period necessary to secure any claims,
- data related to the performance of contracts, orders, and services are stored for the duration of the contract, and then for the period required by law or the limitation period for claims,
- accounting and tax data are stored for the period required by law,
- data related to the customer account are stored for the duration of the account, unless earlier deletion of data is impossible due to the controller's legal obligations,
- data processed for newsletter purposes are stored until consent is withdrawn or subscription is canceled,
- data processed based on cookie consent are processed until consent is withdrawn, cookie settings are changed, or the specific cookie expires,
- data processed for the purpose of pursuing or defending against claims are stored for the limitation period of claims.
8. User Rights
The data subject has the following rights:
- right of access to data,
- right to rectification of data,
- right to erasure of data,
- right to restriction of processing,
- right to data portability,
- right to object to data processing,
- right to withdraw consent at any time, if data are processed based on consent.
Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
To exercise your rights, you can contact us at: info@krysztofiak.studio.
The data subject also has the right to lodge a complaint with the President of the Personal Data Protection Office.
9. Cookies
The website uses cookies and similar technologies.
Cookies are small files saved on the user's device that enable the proper functioning of the website, remembering settings, conducting statistics, and analyzing website usage.
The following types of cookies may be used on the website:
9.1. Essential Cookies
They are necessary for the proper functioning of the website, handling forms, shopping carts, customer accounts, payments, security, and basic service functions.
These types of cookies may be saved without the user's separate consent, as they are essential for providing the service electronically.
9.2. Analytical Cookies
They are used to analyze website traffic, check subpage popularity, measure content effectiveness, and improve website performance.
Google Analytics is used on the website.
Analytical cookies are used with the user's consent expressed in the cookie banner.
9.3. Functional and External Cookies
The website may contain links to external services, such as Instagram, Facebook, Pinterest, HashMagnet, Elegant Themes, Moyo Studio, or other partner sites. Upon navigating to an external service, the user is subject to the privacy policies of that service.
10. Managing Cookies
The user can manage cookie consents using the cookie banner available on the website.
The user can also restrict or delete cookies in their internet browser settings. Restricting cookies may affect the functionality of some website features, particularly the store, shopping cart, customer account, forms, or payments.
11. Contact Forms
The contact forms on the website operate based on the Divi Contact Form module.
Data provided in the form are sent to the administrator's email address and are not saved in the WordPress panel.
The form may use simple anti-spam protection in the form of a mathematical operation. No external reCAPTCHA service is used.
12. Online Store and Customer Account
The website features a store based on WooCommerce.
Within the store, users can place orders, make payments, and create a customer account. Data provided during order placement are used for sales fulfillment, payment processing, customer contact, issuing accounting documents, and fulfilling the administrator's legal obligations.
If a user creates a customer account, the data saved in the account are processed to manage that account and enable the use of store functions.
13. Newsletter
Newsletter subscription is voluntary.
To send the newsletter, the administrator uses the GetResponse tool. Subscriber data are processed for sending emails, information about content, offers, services, products, or Studio activities.
Subscribers can unsubscribe from the newsletter at any time by clicking the unsubscribe link available in the email or by contacting the administrator at: info@krysztofiak.studio.
14. Social Media and External Links
The website contains links to social media profiles and links to affiliate partner sites.
Clicking an external link leads to a service operated by another entity. From that moment, the privacy policies of that external service apply.
The administrator is not responsible for the data processing policies applied by external services to which links from the website lead.
15. Profiling and Automated Decisions
User data are not used to make decisions about them solely by automated means that would produce legal effects or similarly significantly affect them.
Within Google Analytics or newsletter tools, basic statistical analyses or audience segmentation may be conducted, but these are not used to make automated decisions about specific individuals.
16. Data Security
The administrator applies technical and organizational measures aimed at protecting personal data against loss, unauthorized access, alteration, disclosure, or destruction.
Access to data is granted only to individuals and entities who require it in connection with the provision of specific services or obligations.
17. Changes to the Privacy Policy
The Privacy Policy may be updated in the event of changes in website operation, tools used, service providers, legal provisions, or data processing methods.
The current version of the Privacy Policy is always available on the website.
