Privacy Policy

Privacy Policy of the www.embassyinteriors.pl Website (“Website”)

I. General Information

1. This Privacy Policy defines the rules for processing and protecting personal data provided by Users in connection with their use of the Website, including the blog.
2. For the purposes of this Privacy Policy, a User is defined as a natural person, legal person, or an organizational unit without legal personality but granted legal capacity by law, who uses electronic services provided through the Website.
3. To ensure the security of the data entrusted to us, we have developed internal procedures and guidelines to prevent unauthorized access. We monitor their implementation and continuously verify compliance with relevant legal acts — including the Personal Data Protection Act, the Act on Providing Electronic Services, as well as implementing regulations and European Union law. Personal data is processed in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”).
4. The Website’s Privacy Policy defines the responsibilities of the Administrator, the rights of the User, the scope and principles of personal data processing, the use of cookies, and the rules for sending newsletters.

II. Personal Data Administrator

1. The administrator of the personal data collected on the Website is:
   Embassy227 Katarzyna Będzińska-Kowalczyk, ul. Sudecka 139B, 53-128 Wrocław, NIP 899-159-74-27

III. Purpose of Personal Data Processing

The Administrator processes User personal data for the following purposes:

1. Proper performance of sales agreements concluded through the Website, including: concluding agreements, registering the User, accounting, delivering ordered goods, and enabling the exercise of consumer rights, e.g., complaints or withdrawal from the agreement.

2. Personal data provided in forms are processed according to the function of each form:
   a) Contact form – to handle informational inquiries
   b) Newsletter form – to send newsletters with the Administrator’s current offers
   c) Comment form in the Blog section – to publish comments

3. To fulfill legal obligations of the Administrator, e.g., storing tax documentation

4. For sending the User commercial information, including promotions, products, offers, or updates, if the User has given prior consent

5. For direct marketing of products, pursuing claims, or defending against claims

IV. Types of Data

1. The Administrator processes the following types of personal data of Users, necessary for:

Website registration:

• • First and last name

  • Email address

Purchases on the Website:

1. • First and last name

   • Delivery address

   • Phone number

   • Email address

2. Optional data provided by the User:

   • Tax ID number (NIP), required for issuing invoices to businesses

3. For refunds, in case of withdrawal or complaint resolution, if the refund is made directly to the User’s bank account:

   • First and last name

   • Email address

   • Phone number

   • Bank account number

V. Legal Basis for Processing Personal Data

1. Personal data are processed on the basis of Article 6(1)(a) of the GDPR, i.e., the consent given by the User at the time of registration on the Service, confirmation of a transaction, or for the purpose of handling a contact form – responding to a message sent via the contact form, or subscribing to the newsletter.

   Providing consent for the processing of personal data is entirely voluntary; however, failure to give consent prevents registration on the Service, making purchases through the Service, subscribing to the newsletter, or sending an inquiry via the contact form.

2. Personal data of Users (data subjects) are also processed for the purpose of managing cookies on the Website. The processing of personal data in this context is based on the data subject’s consent pursuant to Article 6(1)(a) of the GDPR, which may be withdrawn at any time. Detailed information regarding the processing of personal data in connection with cookies is provided in the Cookie Policy available below.

3. The processing of personal data for the purpose of sending newsletters is based on the consent of the data subject. The legal basis for processing personal data in connection with newsletter distribution is the data subject’s consent pursuant to Article 6(1)(a) of the GDPR and the provisions of the Act on the Provision of Electronic Services (consent).

   Subscribing to the newsletter signifies that the User agrees to this Privacy Policy and consents to the receipt of marketing and commercial information by electronic means from the Administrator, in accordance with Article 10(1) of the Act of 18 July 2002 on the Provision of Electronic Services (Journal of Laws of 2020, item 344, as amended), and to the use of telecommunications terminal equipment for the purpose of presenting marketing and commercial information by the Administrator pursuant to Article 172(1) of the Telecommunications Law Act of 16 July 2004 (Journal of Laws of 2021, item 576, as amended).

   The User has the right to decide whether to receive the newsletter and to provide explicit consent for the processing of their personal data for this purpose. For the purpose of sending the newsletter, we collect certain personal data such as an email address, name, and preferences regarding the content or topics of the newsletter. This data is necessary for the proper delivery of the newsletter and for providing personalized content.

   The data subject has the right to withdraw their consent to receive the newsletter at any time. To unsubscribe, the User may use the unsubscribe option included in every newsletter or contact us directly to withdraw their consent.

4. Personal data are processed on the basis of Article 6(1)(b) of the GDPR for the purpose of performing a contract to which the User is a party, or in order to take steps at the request of the User prior to entering into a contract, as well as for the handling of complaints. The provision of personal data is voluntary; however, it is necessary in order to place an order.

5. Personal data are processed on the basis of Article 6(1)(c) of the GDPR where processing is necessary for compliance with a legal obligation to which the Administrator is subject, for example, obligations related to accounting. The provision of personal data is mandatory where such an obligation arises from the provisions of the Accounting Act or tax law (in particular, with respect to the issuance and retention of accounting documents).

6. Personal data are processed on the basis of Article 6(1)(f) of the GDPR where processing is necessary for the purposes of the legitimate interests pursued by the Administrator. Such legitimate interests include protection against attempted fraud, the establishment, exercise or defence of legal claims in judicial proceedings, as well as interaction with Users on social media platforms such as Facebook, Instagram, and Pinterest via the Administrator’s official accounts, the plugins of which are embedded in the Website.

   Personal data provided by the User on the aforementioned social media platforms — such as profile name or image — are processed for the purposes of administering and managing these accounts and communicating with the User.

7. The User’s personal data are processed for the purpose of posting and managing comments on the blog, pursuant to Article 6(1)(f) of the GDPR (legitimate interest – enabling and administering comments on the blog). The provision of personal data is voluntary; however, it is necessary for the achievement of this purpose, i.e., for posting and managing comments on the blog.

VI. Data Submission and Collection

1. Data submission is voluntary but may be required for contract conclusion

2. Data is collected via:
   a) Voluntarily completed forms
   b) Cookies (see Cookies Policy)

VII. Outsourcing Data Processing

1. The Administrator may entrust the processing of personal data to entities cooperating with it, where this is necessary for the following purposes:  

a) fulfillment of an order (preparation of the ordered goods and delivery of shipments),
b) transmission of commercial information from the Administrator, where the User has previously given consent,
c) provision of accounting services,
d) provision of marketing services,
e) provision of software for the operation of the online store,
f) provision of hosting services,
g) provision of IT services,
h) entities authorized to receive data under applicable law,
i) [other]. 

1. The User’s personal data, apart from the purposes indicated in Section 1 above, will not be sold or otherwise made available   to third parties, in accordance with the provisions of the GDPR.
2. The Administrator takes all necessary precautions to ensure that all recipients of personal data comply with the applicable data protection regulations and guarantee an adequate level of protection of personal data. 

VIII. Social Media Plugins

1. When using social media plugins such as Facebook (Meta Platforms Ireland Limited), Pinterest (Pinterest Inc.), and Instagram (Meta Platforms Ireland Limited), we inform you that the Administrator is not responsible for the processing of personal data by these social media platforms. Personal data processed through these plugins are subject to the privacy policies and terms of use of the respective platforms.
2. We encourage you to review the privacy policies of Facebook, Pinterest, and Instagram to learn more about how these platforms process personal data. The Administrator is not responsible for the actions of these social media platforms or for the processing of personal data by them.
3. When using social media plugins, the User’s interactions and activities on these platforms may be visible to other users of those platforms as well as to the administrators of the website. We encourage caution and adherence to privacy rules when using these social media platforms.
4. In the event of any questions or concerns regarding the processing of personal data by social media plugins, please contact the relevant platform directly.

IX. Transfer of Data to Third Countries

1. The Administrator may transfer data to entities outside the European Union. An appropriate level of personal data protection and the application of suitable safeguards are ensured by the participation of these entities in the EU-U.S. Data Privacy Framework (“DPF”), established by the European Commission’s implementing decision as a set of principles guaranteeing adequate protection of personal data processing.
2. The Administrator uses tools such as Google Analytics, Google Ads, and Facebook services. Consequently, User data may be transferred to the United States of America (storage of data on U.S. servers). Google LLC and Facebook implement compliance mechanisms provided under GDPR (e.g., certifications). These entities are covered by the EU-U.S. Data Privacy Framework, which constitutes the legal basis for the transfers. Please refer to the privacy policies of these providers for more information:

• • Google LLC: https://policies.google.com/privacy?hl=pl

  • Meta Platforms Ireland Limited (Facebook, Instagram): https://www.facebook.com/privacy/explanation

X. Data Retention

1. Personal data of Users who are not our Clients and have not used the forms available on the Service will be stored for a period corresponding to the lifecycle of the cookies saved on their devices. Detailed information on the use of cookies is available in the Cookies Policy.
2. Personal data of individuals subscribed to our newsletter, or who have consented to receive marketing materials, will be processed until they unsubscribe from receiving the newsletter or materials.
3. Personal data of Users, such as:

• • first name,
  • last name,
  • address,
  • email address,
  • history of Service usage,
  • information about given consents,

will be processed only for the period during which there is a legal basis for processing, necessary for the following purposes:

a) handling complaints and objections – until the matter is resolved, and afterwards for the duration of the statute of limitations for any claims;
b) ensuring compliance with tax and accounting regulations – until the legal obligation to process the data expires;
c) handling claims related to a contract concluded via the Service – until the possibility of pursuing claims expires;
d) until withdrawal of consent to the processing of personal data, if consent was the basis for processing;
e) for the period necessary to respond to messages sent via the contact form, and afterwards for the duration of the statute of limitations for any claims.

4. In all cases of data storage, the Administrator ensures appropriate technical and organizational measures to protect the data against unauthorized access, loss, alteration, or unauthorized disclosure.

XI. User Rights

1. The User has the right at any time to access their personal data and request information from the Administrator regarding the processing of their personal data.
2. The User has the right at any time to correct or update their personal data by logging into their account on the Service or by requesting the Administrator to correct or update their personal data.
3. The User has the right at any time to request the deletion of their personal data by the Administrator without providing a reason. Such a request does not affect actions already taken. Deletion of data is equivalent to the deletion of the User’s account and all personal data processed up to that point by the Administrator.
4. The User has the right at any time to request the restriction of the processing of their personal data. The request may concern the restriction of data processing indefinitely within a specified scope or for a specified period. The request does not affect actions already taken.
5. The User has the right at any time to object to the processing of their personal data. The objection may relate to all personal data processed by the Administrator, or it may be limited to specific purposes, e.g., processing data for a particular purpose only. The objection does not affect actions already taken. An objection is equivalent to the deletion of the User’s account and all personal data processed up to that point by the Administrator, provided that the data are no longer required to fulfill legal obligations, e.g., handling complaints.
6. The User has the right at any time to request the transfer of their personal data by the Administrator. The transfer of personal data will occur upon a written request from the User, specifying the recipient and the scope of data to be transferred. For security reasons, after confirming the request, the Administrator will transfer the User’s personal data to the designated recipient electronically. This request does not affect actions already taken. The transfer of personal data is equivalent to the deletion of the User’s account and all personal data processed up to that point by the Administrator, provided that the data are no longer required to fulfill legal obligations, e.g., handling complaints.
7. The User has the right at any time to access and modify their personal data, as well as to request that the Controller promptly delete them (“right to be forgotten”).

XII. Withdrawal of Consent

1. If the processing is based on the User’s consent, the User may withdraw their consent to the processing of personal data at any time. The withdrawal may concern a specific purpose, e.g., withdrawing consent to receive the newsletter, or it may concern all consents previously given. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal. Withdrawal of all consents to the processing of personal data is equivalent to the deletion of the User’s account and all personal data processed up to that point by the Administrator, provided that the data are no longer necessary to fulfill legal obligations, e.g., handling complaints.

XIII. Right to Lodge a Complaint

1. The client has the right to lodge a complaint with the supervisory authority responsible for personal data protection, which is the President of the Personal Data Protection Office.

XIV. Profiling

1. Personal data will not be subject to automated processing, including profiling. This means that no decisions will be made solely based on the automated processing of the User’s personal data.
2. However, the Administrator may, within the Service, automatically tailor content to the needs of Users, i.e., apply profiling using the personal data provided by the User.
3. The User must give prior consent before any profiling is carried out that results in decisions producing legal effects or similarly significant effects on the User. The User has the right to withdraw their consent at any time. Processing of data up to the moment of withdrawal of consent by the User remains lawful.
4. The website applies profiling in order to personalize the content displayed to the User.

XV. Changes to the Policy

1. We reserve the right to make changes to the Service’s Privacy Policy, which may result from the development of internet technologies, possible changes in data protection law, or the development of our online Service. We will inform Users of any changes in a clear and visible manner. All changes take effect from the moment they are published on the Service’s website. The current version of the Privacy Policy and the Cookies Policy will always be available on this website, so we recommend regularly reviewing the latest version.

XVI. Contact with the Administrator

1. In case of any doubts regarding any provision of this Privacy Policy, we are at your disposal – our contact information can be found in the “CONTACT” website.

Cookies Policy

1. The Cookies Policy is integrated with the Service’s Privacy Policy and defines the rules for processing personal data using cookies on the website embassy.pl. The Service uses cookies or similar technology (collectively, “cookies”). Like other commercial websites, we may send one or more cookies to your device (small text files sent to your browser; they can be stored on your device, e.g., computer or smartphone, so that we can recognize you when you visit again).
2. In particular, we use two categories of cookies:
   a) Session cookies – automatically deleted when you close your browser; mainly used to determine the login status of users of our services. They ensure that our users have access to pages visible only to them while using our website or services. A session cookie is assigned during the user login process and deleted upon logout.
   b) Persistent cookies – remain on your device even after closing the browser and can be manually deleted.

Types of cokies we use:

• • Cookies necessary for website operation: These cookies are essential for the proper functioning of the website. Without them, some site features may not work correctly.
  • Analytical cookies: We use analytical cookies to help us analyze how users interact with our website. They allow us to collect information about visited pages, time spent on the site, user preferences, etc. These data are anonymous and serve solely to improve the quality of our services.
  • Advertising cookies: We use advertising cookies to provide personalized content and advertisements that match users’ interests. These cookies may track users’ activities on our website and other sites to deliver personalized ads.

3. By enabling the option to accept cookies in your browser settings, you consent to the use of cookies by the Administrator in relation to you. If you do not agree to the use of cookies by the Administrator, you can block them by selecting the appropriate option in your browser settings. Please note, however, that if you choose not to accept our cookies, you may not be able to use all of our functionalities; we also do not guarantee that our website will operate optimally.

4. Cookies are used for the following purposes:

• Collecting information about users of the Service and their behavior, or
• Creating a login session for the User,
• Recognizing whether the User is registered on the Service and whether they have previously visited the site,
• Recording information from the User’s device, including IP address, cookies, and information about the browser used, for diagnosing problems and tracking the User on the Service,
• Creating statistics and analyses that allow us to better understand how Users interact with the Service and what we can improve in the content, sections, or functionalities of the Service,
• Advertising purposes, to deliver personalized content and advertisements aligned with users’ interests.

5. To monitor traffic on the Service’s pages, we may use Google Analytics, and for advertising purposes, Facebook Pixeland Google Ads. We encourage you to review the privacy policies of these providers.
6.The processing of personal data using cookies is carried out in accordance with applicable data protection laws, including the GDPR.
7. The retention period of personal data obtained through cookies depends on the type of cookie and the purpose for which it is used. Typically, cookies are stored on the User’s device for a specified period, which may vary depending on the specific browser settings.

Newsletter Privacy Policy

1. The Newsletter Privacy Policy is integrated with the Service’s Privacy Policy and defines the rules for processing personal data for the purpose of sending commercial and marketing information about the Administrator’s current offer, products, promotions, news, and important events such as participation in trade fairs and other events.
2. By subscribing to our newsletter, you consent to the processing of your personal data (name and email address) in accordance with section 5.3 of the Privacy Policy for the purpose of sending commercial and marketing information about the Administrator’s current offer, products, promotions, news, and important events such as participation in trade fairs and other events.
3. To best tailor the content of our emails to your preferences, we will monitor which emails you open and which links contained in our emails you click. You can unsubscribe from receiving our newsletter at any time by clicking the appropriate link at the end of each email we send or by contacting us directly.
4. Personal data processed for the purpose of sending the newsletter will be stored for the period necessary to achieve this purpose. After withdrawing consent or unsubscribing, the data will be deleted, unless there are other legal grounds for further processing or data retention requirements arising from applicable laws.