Skip to content
Free InPost shipping on orders over 250.00 PLN.

Privacy Policy

How we collect, use, and protect your personal data.

This is an English translation provided for convenience. In case of any discrepancies, the Polish version of this document shall prevail as the binding and authoritative text.

General provisions

This Privacy Policy (hereinafter: "Privacy Policy") sets out the rules for processing personal data collected through the website https://ceranika.pl (hereinafter: "Online Store") and is addressed to users of the Online Store.

The owner of the Online Store and the data controller is Nika Trojanowska (address: ul. Andersa 27a/81, Warsaw 00-159, registration data: NIP: 9512506842, REGON: 386931357, email: kontakt.ceranika@gmail.com, phone: +48 690 030 620 (standard call charges apply — according to the applicable operator's price list), hereinafter: "Controller"). The Controller can be contacted by post, telephone, or email.

Personal data collected by the Controller through the Online Store is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: "GDPR").

The Controller attaches great importance to protecting the privacy of Online Store users and the security of their personal data processing.

Capitalized terms used in this Privacy Policy have the meanings assigned to them in the Terms and Conditions of the Online Store available at https://ceranika.pl.

1. Purposes, legal bases for processing, categories of personal data

1. Consent

The Controller processes your data based on your consent. The Controller also processes your data if you consent to the use of cookies other than those strictly necessary for the provision of electronic services, including the installation of cookies by third parties and the transfer of data collected through these cookies to said third parties. You may withdraw your consent to the installation of cookies other than those strictly necessary at any time, through your browser settings on the device you use or from the Online Store footer by clicking the "Change privacy settings" link. Withdrawal of consent does not affect the lawfulness of processing of data collected through cookies prior to the withdrawal of consent.

We use tools that allow the display of personalized advertisements, such as Google search ads, remarketing, advertisements displayed on YouTube and social media platforms. Dedicated advertisements will be displayed if the phrase you enter in the search engine matches the list of phrases we have set in the campaign; and also if the Google algorithm matches you based on so-called targeting based on the pages you visit, videos you watch on YouTube, etc. You may withdraw your consent to our use of the aforementioned tools, including Google Marketing Platform cookies. You can do this on the Google Marketing Platform opt-out page or the Network Advertising Initiative opt-out page.

2. Conclusion and performance of a contract

The Controller processes your personal data in order to take actions at your request aimed at concluding a contract with the Controller or where it is necessary for the performance of a contract already concluded (Art. 6(1)(b) GDPR), including, among others, where it is necessary for:

  • concluding and performing agreements with the Controller for the provision of electronic services, as referred to in the Terms and Conditions of the Online Store, related to creating an Account in the Online Store,
  • concluding and performing the Sales Agreement for goods with the Controller,
  • sending submissions to the Controller via email or contact forms available on the Website.

3. Legal obligation

The Controller processes your personal data in order to fulfill legal obligations incumbent on the Controller (Art. 6(1)(c) GDPR). In practice, this means the necessity to process your personal data in connection with fulfilling obligations arising from legal provisions, in particular obligations arising from tax regulations, the Accounting Act, the Act on Providing Electronic Services, the Civil Code, and the Consumer Rights Act.

4. Legitimate interest

The Controller or a third party — the Controller may process your personal data where it is necessary for the purposes of legitimate interests pursued by the Controller or by a third party (Art. 6(1)(f) GDPR), including, among others, in the following cases:

  • Customer relationship management — The Controller analyzes past cooperation with you for internal purposes in order to compile analytical summaries and sales statistics.
  • Pursuing claims by the Controller and defending against claims directed at the Controller — In the event of your failure to fulfill or improper fulfillment of a contract concluded with the Controller, the Controller may, within the framework of applicable law, pursue claims against you, e.g., seek payment for goods sold.
  • Enabling Customers to make payments through payment services — If you choose an online payment method, the Controller transfers your personal data to the payment service provider in order to enable you to make a payment using the method you have selected.
  • Contacting the Controller — You may contact the Controller via email, telephone, or online contact forms available on the Website. In such cases, we may process your personal data in order to communicate with you and to handle the matter initiated by you.
  • Storing data to ensure accountability, i.e., to demonstrate compliance with personal data processing regulations.
  • Website operation — The Controller uses necessary cookies for the proper functioning of the Website.
  • Profiling — Based on information about you collected during prior cooperation (i.e., information about your purchase history in the Online Store, history of your activities in the Online Store), the Controller displays personalized advertisements to you on the Online Store website at https://ceranika.pl.
  • Marketing of products and services offered by the Controller — The Controller sends you marketing information about goods and services offered by the Controller, provided that you have previously given consent on the website for telephone contact (SMS messages) or for contact via email for the purpose of direct marketing. The Controller does not send spam, i.e., unsolicited commercial communications. The Controller does not transfer any personal data, in particular email addresses or telephone numbers, to third parties for the purpose of enabling them to carry out direct marketing activities concerning goods and services.

2. Recipients of personal data

In connection with the processing of your personal data, for the purposes referred to in Part I of the Privacy Policy, the Controller may share your data with the following recipients or categories of recipients:

  • Entities providing services: shipping, postal, logistics, marketing, bookkeeping, audit, legal advisory, IT, payment services, banks where the Controller holds a bank account in connection with transferring funds to your account in the event of product returns, complaints, overpayments, process representatives of the Controller, entities responsible for delivering cookies.

3. Planned data retention period

Personal data is stored for the period necessary to achieve the purposes indicated in Part I of this Privacy Policy.

  1. In the case of data processed on the basis of consent (applies to cookies) — until the consent is withdrawn or the retention periods of individual cookies expire.
  2. In the case of data processed for the purpose of concluding and performing a contract (Part I.2 of the Privacy Policy), the Controller processes personal data until the expiry of the limitation period for civil law claims arising therefrom.
  3. In the case of data processed for the purpose of fulfilling a legal obligation (Part I.3 of the Privacy Policy), the processing period results from legal provisions.
  4. In the case of data processed for the purpose of pursuing the legitimate interest of the Controller or a third party (Part I.4 of the Privacy Policy), the retention period of personal data varies depending on the specific purpose of processing:
    • In the case of data processing for customer relationship management, data is processed until you lodge an objection pursuant to Art. 21(1) of the GDPR in connection with your particular situation, but no longer than you use the Controller's services or remain in a business relationship with the Controller;
    • In the case of processing personal data for the purpose of pursuing claims by the Controller or defending against claims directed at the Controller, the Controller processes personal data for this purpose until the claimed amount is enforced or the claims become time-barred, whichever occurs first.
    • In the case of processing personal data for the purpose of securing claims related to the sale of goods, the Controller processes personal data for an indefinite period, as long as you remain in a business relationship with the Controller or there are unsatisfied claims of the Controller against you.
    • In the case of processing personal data for accountability purposes, the Controller processes personal data for as long as is necessary to document compliance with legal requirements and to enable verification of compliance by authorized public authorities.
    • In the case of data processing for profiling purposes, data is processed until you lodge an objection pursuant to Art. 21(2) of the GDPR, but no longer than you use the Controller's services or remain in a business relationship with the Controller.
    • In the case of processing personal data for the purpose of marketing products and services offered by the Controller, the Controller processes personal data for this purpose until you withdraw your consent to receiving commercial communications via email, SMS, or until you lodge an objection to the processing of personal data.

4. Rights of the data subject

  1. Right of access to data — You have the right to access your data, including the right to obtain a copy of the data, including electronically.
  2. Right to rectification of data — You have the right to request rectification of inaccurate personal data. You have the right to request completion of incomplete personal data.
  3. Right to erasure of data — You have the right to request the Controller to delete your personal data where:
    • the data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • you lodge an objection, due to your particular situation, to the processing by the Controller of your personal data based on the legitimate interest of the Controller or a third party, and there are no overriding legitimate grounds for processing;
    • you lodge an objection to the processing of your data for direct marketing purposes;
    • your personal data have been unlawfully processed;
    • the personal data must be erased for compliance with a legal obligation under European Union or Polish law to which the Controller is subject.

    However, the Controller notes that this right is subject to significant limitations. The Controller will not be able to fulfill your request if further processing is necessary for:

    • compliance by the Controller with a legal obligation requiring processing under EU or national law (e.g., the limitation period for tax obligations related to the contract concluded between the Controller and you has not yet expired, the retention period for accounting documents issued in connection with the contract concluded between the Controller and you has not yet expired);
    • the establishment, exercise, or defense of legal claims.
  4. Right to restriction of processing — You have the right to request restriction of personal data processing where:
    • you contest the accuracy of the personal data — for a period enabling the Controller to verify the accuracy of such data;
    • processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
    • the Controller no longer needs the personal data for processing purposes, but they are required by you for the establishment, exercise, or defense of legal claims;
    • you have lodged an objection due to your particular situation against the processing by the Controller of your personal data based on the legitimate interest of the Controller or a third party — pending determination of whether the legitimate grounds on the Controller's side override the grounds of the objection lodged by you.
  5. Right to data portability — You have the right to receive, in the form of a file in a commonly used machine-readable format, the data you have provided, which the Controller processes in an automated manner on the basis of a contract concluded with you or on the basis of your consent. You also have the right to request that said file be transmitted to another data controller, where technically feasible.
  6. Right to object — You have the right to object at any time — on grounds relating to your particular situation — to the processing of your personal data based on the legitimate interest of the Controller or a third party (Part I.4 of this Privacy Policy).

    The Controller has the right to refuse to cease processing your data if the Controller demonstrates:

    • the existence of compelling legitimate grounds for processing which override your interests, rights, and freedoms, or
    • the existence of grounds for the establishment, exercise, or defense of legal claims.

    You have the right to object at any time if the Controller processes your data for direct marketing purposes, including profiling. The Controller, respecting your right to privacy, gives you the opportunity to independently decide on the scope of profiling applied to you with regard to the display of personalized advertisements.

5. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with the supervisory authority, i.e., the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland).

6. Voluntary provision of data

  1. If you create an account in the Online Store as a consumer, you must provide the following data: email address, first and last name, phone number, street, house number, postal code, city. Providing this data is voluntary; however, refusal to provide it makes it impossible to create an Account in the Online Store.
  2. If you create an account in the Online Store as an entrepreneur (COMPANY), you must provide the following data: email address, first and last name, phone number, NIP (tax identification number), the name under which you conduct business activity (Field: company name), street, house number, postal code, city. Providing this data is voluntary; however, refusal to provide it makes it impossible to create an Account in the Online Store.
  3. When concluding a Sales Agreement, you may additionally provide a delivery address different from the one provided during registration. Providing this data is voluntary.
  4. If you agree to receive VAT invoices electronically, the Controller will send them to the address provided during registration of your account in the Online Store; however, you may provide a different email address at the order placement stage in the Online Store. Providing this data is voluntary; however, refusal to provide it will result in invoices being sent by default to the email address provided when creating the account in the Online Store.
  5. If you place an order through the Online Store for the collection of a returned product, the Controller processes your data to the extent necessary to perform this agreement, i.e., first and last name, phone number, email address, invoice or receipt number pertaining to the returned product, description of the returned product, address from which the returned product is to be collected. You may also provide a bank account number to which the refund for the returned product will be made. Providing this data is voluntary; however, refusal to provide it makes it impossible to place an order for the collection of a returned product.
  6. If you wish to file a complaint related to a product, you must provide the following personal data: first name, last name, company name (if applicable), correspondence address, contact phone number, email address, invoice or receipt number pertaining to the complained product, description of the complained product. You may also provide a bank account number to which the refund will be made. Providing this data is voluntary; however, refusal to provide it makes it impossible to file a complaint.
  7. If you wish to receive by telephone (SMS), email, information about promotions, new products, and discounts regarding the Controller's offer, you must give consent to telephone contact and to sending commercial information within the meaning of Art. 2(2) of the Act of 18 July 2002 on the Provision of Electronic Services, for the purpose of direct marketing. Providing this data is voluntary; however, refusal to provide it makes it impossible for the Controller to contact you by telephone (SMS) or email.

7. Sources of data acquisition

The Controller obtains your personal data directly from you.

8. Transfer of data to third countries

If you accept cookies installed on the Website by third parties, data collected through these cookies may be transferred to third countries in accordance with the information provided in the Ceranika Privacy Policy.

9. Security of personal data

  1. The Controller applies technical and organizational measures to protect personal data against unauthorized disclosure, loss, or damage, appropriate to the identified risk associated with data processing.
  2. In order to prevent unauthorized persons from obtaining and modifying personal data you transmit during registration and logging into your account in the Online Store, the Controller ensures encryption of the connection to the Controller's server using an SSL certificate.
  3. The measures taken by the Controller may prove insufficient if you do not follow security principles yourself. In particular, you should keep your login credentials and password for the Online Store account confidential and not share them with third parties. The Controller will not ask you for these details, except during the login process.
  4. In order to prevent unauthorized persons from using the Account, you should log out each time after finishing using the Online Store.
  5. This Privacy Policy is effective from January 1, 2026.