Privacy Policy

The data controller responsible for the processing of personal data is:
Gianmarko Robert Starczyk
169A Stobiecko Szlacheckie
Stobiecko Szlacheckie
Email: kontakt@phenomene.pl
Phone: +48 660932069

Thank you for your interest in our online store. Protecting your privacy is very important to us. Below, you will find detailed information about how we handle your data.

1. Access Data and Hosting

Our websites can be visited without providing any personal data. Each time a webpage is accessed, the server automatically saves only what are referred to as server logs, such as the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting internet service provider (so-called access logs). These logs document page access and are analyzed solely to ensure the proper functioning of our website and improve our offerings. This is done in accordance with Article 6(1)(f) of the GDPR to safeguard our legitimate interest in presenting our website and offerings correctly and optimally.

Hosting
All access data is deleted no later than seven days after your visit to our website.

The hosting and display of the website services are partially carried out by our service providers on our behalf as part of data processing agreements. Unless stated otherwise in this privacy policy, all access data and data collected via forms on our website are processed on their servers. If you have any questions regarding our service providers and the basis of our cooperation with them, please contact us. You can find our contact details in the section “Our Contact Information and Your Rights.”

2. Collection and Processing of Data for Contract Execution and Communication

2.1 Data Processing for Contract Execution

We process the personal data you voluntarily provide during the order process to execute the contract (including handling warranty claims and informing about necessary updates). The legal basis for this is Article 6(1)(b) of the GDPR. Mandatory fields are marked as such because they contain data necessary to process the order, and without them, we cannot fulfill the order. The specific data collected depends on the forms used for input.

Further details regarding how your data is processed, particularly with regard to sharing data with service providers for order fulfillment, payment, and shipping, can be found in subsequent sections of this privacy policy. After the contract has been executed, your data processing will be restricted, and your data will be deleted once the retention periods required by tax and accounting laws have expired (Article 6(1)(c) GDPR), unless you have explicitly consented to further use of your data (Article 6(1)(a) GDPR) or we reserve the right to further use your data within the scope of legally permissible cases, as outlined in this privacy policy.

2.2 Customer Account

If you consent to the creation of a customer account in accordance with Article 6(1)(a) GDPR, we will use your personal data to set up and manage the account. This will also facilitate future orders on our website. You can delete your customer account at any time by sending a request to our contact information provided in the section “Our Contact Information and Your Rights” or using the relevant function in the account settings. Once your account has been deleted, the processing of your data will be restricted, and it will be deleted after the legally required retention periods under tax and accounting laws (Article 6(1)(c) GDPR), unless you consent to further use of your data (Article 6(1)(a) GDPR) or we reserve the right to use your data for other purposes in legally permissible cases, as described in this privacy policy.

2.3 Data Processing for Communication Purposes

As part of customer communication, we process personal data to handle your inquiries (Article 6(1)(b) GDPR). You voluntarily provide this data when contacting us (e.g., via a contact form or email). Mandatory fields are marked as such because the information is required to process your inquiry. The specific data collected depends on the forms used for input. After your inquiry has been fully processed, your data will be deleted unless you consent to further use of your data (Article 6(1)(a) GDPR) or we reserve the right to use your data within the scope of legally permissible cases, as outlined in this privacy policy.

3. Data Processing for Order Delivery

To execute the contract (Article 6(1)(b) GDPR), we share your data with the shipping company selected during the order process for the delivery of ordered products. If you have questions about our service providers and the basis of our cooperation with them, please contact us. You can find our contact information in the section “Our Contact Information and Your Rights.”

4. Data Processing for Payment Execution

To process payments in our online store, we work with external service providers that handle online payment transactions. We share your data with the selected payment processing company as part of the order process. This is done to execute the contract (Article 6(1)(b) GDPR).

Data Processing to Prevent Fraud and Optimize Payments
In some cases, we may provide additional information to our service providers, which they may use in conjunction with the information necessary to process payments. These service providers act on our behalf as data processors and provide services such as fraud prevention and payment process optimization (e.g., invoicing, analysis of failed payments, accounting support). This is done in accordance with Article 6(1)(f) GDPR to safeguard our legitimate interests in fraud prevention and effective payment management.

Installment Payments
If you choose the “installment payment” option and provide the necessary consent (Article 6(1)(a) GDPR), your personal data (name, surname, address, email, phone number, date of birth, IP address, gender) and data necessary for the transaction (e.g., item details, invoice amount, due date) will be shared with our partner PayU S.A., ul. Grunwaldzka 186, 60-166 Poznań, Poland. PayU will verify the customer’s creditworthiness using publicly available databases and credit reference agencies.

Further details regarding data processing by PayU S.A., including information on creditworthiness assessments, can be found in their privacy policy at: https://poland.payu.com/prywatnosc/.

You may object to the processing of your data for creditworthiness checks by contacting PayU S.A. directly. You can withdraw your consent to data sharing at any time with future effect.

5. Marketing Channels: Email Communication

If you subscribe to our newsletter, we will use the data provided by you to regularly send you our newsletter electronically, based on your consent (Art. 6(1)(a) GDPR).

You may unsubscribe from the newsletter at any time. To do so, send a message to our contact address provided in the “Our Contact Information and Your Rights” section or use the unsubscribe link included in the newsletter. Once you unsubscribe, your email address will be deleted unless you explicitly consent (Art. 6(1)(a) GDPR) to further use of your data for other purposes or we reserve the right to continue using it as permitted by law, as detailed in this privacy policy.

5.1 Sending the Newsletter

The newsletter is sent on our behalf by an external service provider under a data processing agreement. If you have questions about our service providers or the legal basis of our cooperation with them, please contact us. You can find our contact information in the “Our Contact Information and Your Rights” section.

5.2 Sending Purchase Review Invitations

If you have given consent during or after placing an order (Art. 6(1)(a) GDPR), we will use your email address to send you an invitation to review your purchase in our store. The review process is facilitated through a review system we use.

You can withdraw your consent at any time by sending a message to our contact address provided in the “Our Contact Information and Your Rights” section. Alternatively, you may use the unsubscribe link included in the invitation email. Upon withdrawal of consent, we will delete your email address unless you explicitly agree (Art. 6(1)(a) GDPR) to further processing or we reserve the right to continue its use as permitted by law, as specified in this privacy policy.

Review invitations are sent through our service provider Trusted Shops SE, Subbelrather Str. 15C, 50823 Cologne, Germany (“Trusted Shops”). We receive status updates from Trusted Shops about whether review invitations were sent and delivered. This is based on Art. 6(1)(f) GDPR to fulfill our legitimate interest in monitoring review invitations for optimization purposes and Trusted Shops’ interest in providing this service.

We and Trusted Shops are jointly responsible for sending invitations and managing reviews or status updates. If you have questions about data protection or wish to exercise your rights, contact Trusted Shops. Their contact details and further privacy information are available on their website. Alternatively, you can contact us, and we will forward your inquiry to Trusted Shops if necessary.

6. Cookies and Similar Technologies

General Information

To enhance your experience on our website and enable core functionalities, we use technological tools, including cookies. Cookies are small text files stored automatically on your device. Some cookies (session cookies) are deleted after you close your browser. Others (persistent cookies) remain on your device to recognize your browser during future visits.

Protection of End-User Devices

For essential website functions, storing or accessing information on your device does not require user consent.

For non-essential functions, consent is required to store or access information on your device. Without consent, certain features may not be fully accessible. Granted consents remain valid until withdrawn, settings are adjusted, or the device is reset.

Data Processing with Cookies and Other Technologies

We use technologies that are essential for optimal website functionality (e.g., shopping cart features). These technologies process data such as IP addresses, session times, device/browser information, and site usage to fulfill our legitimate interest in presenting our services (Art. 6(1)(f) GDPR).

We also use technologies for legal obligations, web analytics, and marketing. Details on these tools and legal bases are in later sections of this privacy policy.

Browser settings can adjust cookie preferences:

Microsoft Edge™, Safari™, Chrome™, Firefox™, Opera™

You may withdraw consent (Art. 6(1)(a) GDPR) at any time by contacting us via the “Our Contact Information and Your Rights” section.

7. Use of Cookies and Similar Technologies

We use the cookies and tools listed below. Unless stated otherwise, they rely on your consent under Art. 6(1)(a) GDPR. After the tool’s purpose is fulfilled, the collected data is deleted. Consent can be withdrawn at any time. Further details are available in the “Cookies and Similar Technologies” section or on the providers’ websites.

7.1 Use of Google Services

We use tools from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Data collected by Google tools is generally transferred to and stored on Google LLC servers in the USA. Unless stated otherwise, data processing is based on joint data controller agreements under Art. 26 GDPR. Details on Google’s data processing are in their privacy policy.

Our service providers may operate in non-EU/EEA countries with adequate data protection decisions from the European Commission or under standard contractual clauses.

Google Analytics: Tracks usage data (e.g., IP address, session time) to create pseudonymized user profiles for web analytics. Data is processed under a data processing agreement with Google.

Google Ads: Uses cookies for interest-based advertising and retargeting.

Google Fonts: Processes user data to display consistent typography across our website.

YouTube Video Plugin: Processes user data when embedding video content.

7.2 Use of Facebook Services

Facebook Pixel: Collects user data for analytics and advertising (e.g., IP address, session time, site activity). Based on joint controller agreements (Art. 26 GDPR).

Facebook Ads: Manages advertising campaigns on Facebook and associated platforms. Data processing by Facebook Ireland adheres to joint responsibility for data collection and transfer.

7.3 Other Tools

Vimeo Video Plugin: Embeds video content from Vimeo, processing user data (e.g., IP address, session time). Integrates Google Analytics for user profiling under pseudonyms for analytics.

For questions regarding service providers or their data processing, please contact us.

9. Social Media
Our activity on social media platforms: Instagram (by Meta), YouTube, Pinterest.

If you have granted your consent to the respective social media platform (Article 6(1)(a) GDPR), your data will be automatically collected and stored for web analytics and marketing purposes when you visit our account/profile on the mentioned platforms. Based on this data, pseudonymized user profiles are created, which may be used, for example, to display so-called personalized advertisements on and off the platforms that likely match your interests. Cookies are typically used for this purpose.

Detailed information about the processing and use of your data by each social media platform, as well as information about your rights, privacy settings, and contact information for inquiries, is described in the privacy policies linked below. Should you require assistance, you may also contact us directly.

Instagram (by Meta) is a social media platform offered by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (“Meta Platforms Ireland”). Automatically processed information about your activity and usage of our fan page on Instagram is typically transmitted to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, where it is stored. Data processing during visits to the Instagram fan page is carried out under Article 26 GDPR based on joint controller arrangements. Further information about the processing of your personal data during visits to the Instagram fan page (including details on the page statistics feature) can be found [here].

Our service providers are headquartered and/or use servers in countries for which the European Commission has issued adequacy decisions confirming an appropriate level of data protection. These include: the USA, Canada, Japan, South Korea, New Zealand, the United Kingdom, and Argentina.

The adequacy decision for the USA serves as the basis for data transfers to third countries, provided the respective service provider is certified. A certificate has been obtained.

Our service providers are headquartered and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, and Mexico. For these countries, the European Commission has not issued adequacy decisions. Data transfers as part of our cooperation with service providers from these countries rely on standard contractual clauses adopted by the European Commission.

YouTube is a social media platform offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Automatically processed information about your activity and usage of our YouTube profile is typically transmitted to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, where it is stored.

Our service providers are headquartered and/or use servers located in non-EU/EEA countries for which the European Commission has issued adequacy decisions confirming an appropriate level of data protection.

Our service providers are headquartered and/or use servers located in non-EU/EEA countries. For these countries, the European Commission has not issued adequacy decisions. Our cooperation is based on standard contractual clauses adopted by the European Commission.

Pinterest is a social media platform offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (“Pinterest”). Automatically processed information about your activity and usage of our Pinterest profile is typically transmitted to a server of Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107, USA, where it is stored.

Our service providers are headquartered and/or use servers located in non-EU/EEA countries for which the European Commission has issued adequacy decisions confirming an appropriate level of data protection.

Our service providers are headquartered and/or use servers located in non-EU/EEA countries. For these countries, the European Commission has not issued adequacy decisions. Our cooperation is based on standard contractual clauses adopted by the European Commission.

10. Our Contact Details and Your Rights

10.1 Your Rights
Individuals whose data is processed are entitled to the following rights:

Pursuant to Article 15 GDPR: the right to access information about data processing as specified in this article;

Pursuant to Article 16 GDPR: the right to rectify incorrect or incomplete personal data;

Pursuant to Article 17 GDPR: the “right to be forgotten,” i.e., the right to request the deletion of your personal data stored by us, provided further processing is not required:

To exercise the right to freedom of expression and information;

To comply with a legal obligation;

For reasons of public interest;

To establish, exercise, or defend legal claims;

Pursuant to Article 18 GDPR: the right to restrict data processing if:

You dispute the accuracy of the personal data;
The processing is unlawful, and you oppose its deletion;
We no longer need the data, but you require it for establishing, exercising, or defending legal claims;
You have objected to processing pursuant to Article 21;
Pursuant to Article 20 GDPR: the right to receive data you have provided to us in a structured, commonly used, and machine-readable format and to transfer it to another controller;
Pursuant to Article 20 GDPR: the right to receive data you have provided to us in a structured, commonly used, and machine-readable format and to transfer it to another controller;

Right to Object

If we process personal data to protect our legitimate interests as described in this privacy policy, you may object to the processing of your data for this purpose, with effect for the future. If the processing is for direct marketing purposes, you can exercise your right to object at any time. For other purposes, you have the right to object only for reasons arising from your particular situation.

Once you exercise your right to object, we will cease processing your personal data unless we demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend legal claims.

The previous sentence does not apply if the processing is for direct marketing purposes. In such cases, we will cease processing your personal data immediately after receiving your objection.

10.2 Contact Us
If you have any questions regarding the collection, processing, or use of your personal data, or if you wish to request information, rectification, restriction of processing, or deletion of your data, or to revoke consents or object to specific uses of data, please contact the data controller indicated at the beginning of this privacy policy.