Privacy Policy of majsterplus.shop

1. Personal Data Controller

The controller of personal data collected through the majsterplus.shop online store is:

ÓSMA TRZYDZIEŚCI KAMIL CICHOŃ
ul. Wiktora Gorzołki 9/13
44-100 Gliwice
Tax ID: 9691471881, REGON: 360140630
e-mail: zamowienia@majsterplus.shop

(hereinafter: “Controller”)

2. Purposes and Legal Bases for Data Processing

Customers’ personal data is processed for the following purposes and on the following legal bases:

  1. Order fulfillment – processing is necessary for the performance of a sales contract (Article 6(1)(b) GDPR).
  2. Customer account management – based on a contract for the provision of electronic services (Article 6(1)(b) GDPR).
  3. Issuing invoices and maintaining accounting records – based on legal obligation (Article 6(1)(c) GDPR).
  4. Handling complaints and returns – based on legal obligation and contract performance (Article 6(1)(b) and (c) GDPR).
  5. Direct marketing of own products – based on the Controller’s legitimate interest (Article 6(1)(f) GDPR).
  6. Newsletter – based on the Customer’s voluntary consent (Article 6(1)(a) GDPR).
  7. Pursuing or defending against claims – based on the Controller’s legitimate interest (Article 6(1)(f) GDPR).
  8. Analytics and improvement of Store functionality – based on the Controller’s legitimate interest (Article 6(1)(f) GDPR).

3. Scope of Collected Data

The Controller collects the following personal data of Customers:

  • first and last name,
  • e-mail address,
  • phone number (optional),
  • delivery address,
  • residential address / company headquarters,
  • Tax ID – for business purchases,
  • order data (purchase history, transaction details).

Providing data marked as required is necessary to place an order or use a given service. Providing other data is voluntary.

4. Data Recipients

Customers’ personal data may be transferred to the following entities:

  • courier companies and postal operators – for order delivery,
  • payment operators – for transaction processing,
  • hosting and IT service providers – for maintaining the Store’s infrastructure,
  • accounting office – for maintaining accounting records,
  • analytical and marketing tool providers – for traffic analysis and Store optimization.

The Controller does not sell or share personal data with third parties for marketing purposes without the Customer’s consent.

5. Data Retention Period

Personal data is stored for the period necessary to achieve the purposes for which it was collected:

  • Order-related data – for the duration of the contract and the limitation period for claims (generally 6 years from the end of the calendar year in which the payment deadline expired).
  • Data for accounting purposes – for 5 years from the end of the tax year in which the tax obligation arose.
  • Data processed based on consent – until consent is withdrawn.
  • Data for direct marketing purposes – until an objection is raised.
  • Customer account data – until the account is deleted.

6. Rights of Data Subjects

Each Customer whose personal data is processed by the Controller has the right to:

  1. Access to data – obtain information about processed data and a copy of the data.
  2. Rectification of data – request correction of inaccurate or completion of incomplete data.
  3. Erasure of data (“right to be forgotten”) – in cases provided for in GDPR.
  4. Restriction of processing – in cases provided for in GDPR.
  5. Data portability – receive data in a structured format and transfer it to another controller.
  6. Object – to data processing based on the Controller’s legitimate interest, including direct marketing.
  7. Withdraw consent – at any time, without affecting the lawfulness of processing carried out before consent withdrawal.

To exercise the above rights, contact the Controller at: zamowienia@majsterplus.shop

The Customer also has the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw) if they believe that data processing violates GDPR provisions.

7. Data Security

The Controller applies appropriate technical and organizational measures to ensure the protection of processed personal data, in particular:

  • connection encryption (SSL certificate),
  • access control to data,
  • regular software updates,
  • data backups.

8. Data Transfer Outside the EEA

Customers’ personal data is generally not transferred outside the European Economic Area (EEA). If tools from providers outside the EEA are used (e.g., Google Analytics), data transfer may only occur based on appropriate safeguards provided for in GDPR, such as standard contractual clauses approved by the European Commission.

9. Changes to the Privacy Policy

The Controller reserves the right to change this Privacy Policy to adapt it to changes in legal regulations or changes in the manner of personal data processing. The current version of the Privacy Policy is always available on the Store’s website.

Last updated: April 13, 2026

Updating
Cart
  • No products in the cart.

Continue shopping