Your cart

Your cart is empty

Continue shopping

Privacy Policy

This Privacy Policy applies to the processing and protection of Users' personal data in connection with the use of the Website www.maglieriarosaria.com

Our primary goal is to provide the Website Users with privacy protection at a level at least corresponding to the standards specified in applicable legal regulations, in particular in the Act of 18 July 2002 on the provision of services by electronic means, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.

Anyone who uses the Service remains anonymous until they decide to reveal their identity. The data administrator processes personal data, among other things, on the basis of consent, where consent should also be understood as checking the appropriate box or any other behavior that clearly indicates acceptance of the proposed processing.

The Administrator’s website and services are not intended for or directed at children under 18 years of age.

If you do not accept the content of this Policy, please immediately discontinue using the Website.

  • Definitions
    1. Website – website in the domain www.maglieriarosaria.com, made available by the Service Provider in order to provide specific services, content or functions to Users.
    2. Administrator – Marta Derewicz conducting business activity under the name of MR Marta Derewicz, ul. Langiewicza 1a, 86-300 Grudziądz, entered into the Central Register and Information on Business Activity kept in the teleinformatic system by the minister responsible for economic affairs, under the NIP number: 8762510057, REGON number: 528285519.
    3. User – a natural person with full legal capacity who uses the Services of the Website.
    4. GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
    5. Personal data (or “ data ”) – any information relating to an identified or identifiable natural person;
    6. President of the Personal Data Protection Office (“ PUODO ”) – the personal data protection authority supervising compliance with the provisions on personal data protection.
    7. Identifiable natural person – a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social characteristics; information shall not be considered as enabling identification of a person if it would require excessive costs, time or actions.
    8. Data processing – any operations performed on personal data, such as: collecting, recording, storing, developing, changing, sharing and deleting, especially those operations performed in IT systems.
    9. Purpose of processing - definition of the purpose for which personal data are collected and processed.
    10. Consent - The User's voluntary, informed and unambiguous consent to the processing of his or her personal data for a specific purpose;
    11. Right of access - the right of the User to obtain information about the personal data being processed and their source.
    12. The right to rectify data - the right of the User to correct incorrect or outdated personal data.
    13. The right to delete data ( the right to be forgotten ) - the User's right to request the deletion of his or her personal data, under certain conditions.
    14. The right to data portability - the right of the User to receive his or her personal data in a form that is transferable to another service provider.

    For definitions not regulated above, the definitions and concepts specified in the Store Regulations apply accordingly.

  • Who is the Administrator of my personal data?

    • The administrator of your personal data is Marta Derewicz, conducting business activity under the name MR Marta Derewicz, ul. Langiewicza 1a, 86-300 Grudziądz, entered into the Central Register and Information on Business Activity kept in the teleinformatic system by the minister responsible for economic affairs, under the NIP number: 8762510057, REGON: 528285519.

    For any questions regarding your personal data, you can contact us at the following e-mail address: contact@maglieriarosaria.com or by phone: +48 733 913 785.


  • The legal basis and purposes of data processing depend on the type of Services you use:

    • Service

    Legal Basis

    Purpose of processing

    Data storage period

    User Account Registration

    Art. 6 sec. 1 letter b of the GDPR, i.e. performance of a contract for the provision of services by electronic means consisting in setting up and maintaining an Account on the Website, including providing access to purchase history and access to your data.


    Providing personal data is voluntary, but necessary to create an account.

    Fulfillment of the contract for the provision of services by electronic means in order to enable the establishment of a User Account on the Website.

    User data will be processed until the User Account is permanently closed.

    Purchase of Goods

    Art. 6 sec. 1 letter b of the GDPR, i.e. processing is necessary for the performance of the Contract for the Sale of Goods to which the data subject is a party.


    Art. 6 sec. 1 letter c of the GDPR (i.e. performance of the legal obligation arising from Art. 18 of the Act of 18 July 2002 on the provision of services by electronic means and the Civil Code).


    Providing data is necessary to execute the Sales Agreement. Failure to provide data will result in the inability to execute the Agreement.

    Execution of the Sales Agreement

    The data will be processed for a period of 3 years from the date of conclusion of the contract.

    Issuing invoices and bills

    Art. 6 sec. 1 letter c of the GDPR, i.e. performance of legal obligations arising from the provisions of tax law, including the storage of accounting documentation.

    Fulfillment of obligations arising from tax law provisions

    Once the invoice has been issued, we will process this data for a period of six years (accounting documentation).

    Complaint and withdrawal procedure

    Art. 6 sec. 1 letter c GDPR, i.e. performance of a legal obligation arising from the provisions of the Act of 30 May 2014 on consumer rights.


    Providing personal data is necessary to consider a complaint or withdraw from the contract. Failure to provide data will result in the inability to consider the complaint.

    Consideration of Consumer complaints and carrying out the contract withdrawal procedure.

    Once we have processed your query or complaint, we will store your data for a period not exceeding three years, unless the nature of the query requires a longer retention period.

    Email contact

    Art. 6 sec. 1 letter f of the GDPR, i.e. the legitimate interest in maintaining contact with a potential customer and providing answers to questions asked.


    Providing personal data is voluntary, but necessary to establish contact. Failure to provide data will prevent us from responding.

    Consideration of the inquiry and response.

    The data will be processed for a period of two years.

    Direct marketing and sending of commercial information

    (Newsletter)

    Art. 6 sec. 1 letter f of the GDPR, i.e. the legitimate interest consisting in sending commercial information and direct marketing with the prior consent of the User.


    Providing personal data is voluntary, but necessary to provide the Newsletter service. Failure to provide data will prevent sending the Newsletter.

    Sending information about new products, offers, promotional campaigns, events or activities of the Service Provider in social media, via e-mail.

    We will send commercial information until you opt out of receiving it. Each commercial information contains a link by which you can opt out of receiving commercial information

    Statistical and analytical analysis of traffic on the Website

    Article 6, paragraph 1, letter f of the GDPR, i.e. the legitimate interest of the administrator in conducting analyses of the activity of the Service Users, improving the functionality of the site and determining the preferences of Users, and Article 6, paragraph 1, letter a of the GDPR, i.e. the User's consent


    Consent is voluntary (except for cookies which are necessary for the proper functioning of the Website).

    Conducting analyses of the activity of the Service Users, improving the functionality of the site and determining the preferences of Users

    Until you successfully object or withdraw your consent to cookies (you can modify your consent by managing cookies in your browser)

    Use of cookies

    Art. 6 sec. 1 let. a GDPR (User consent)

    Ensuring the proper functioning of the website, analyzing activity, adapting content to the User's preferences

    Until consent is withdrawn or depending on the User's browser settings.

    The periods indicated in the table above are counted from the end of the year in which the Administrator began the data processing process in order to facilitate the technical process of controlling these periods. After this time, personal data are permanently destroyed or deleted, unless the obligation to continue storing them results from the applicable regulations.

  • Who do we share your personal data with?

    • The Administrator may transfer your personal data to the following categories of recipients:


    • entities handling payments depending on the selected payment method – PayPro SA with its registered office in Poznań (the provider of the Przelewy24.pl payment operator);
    • carriers handling the delivery of Goods - Inpost SA based in Kraków;
    • carriers handling the delivery of goods – carriers offered within the Apaczka.pl service, depending on the delivery method chosen by the Buyer;
    • website and email hosting company - Cloudflare, Inc. based in the USA;
    • a company providing online store management services - Shopify International Ltd. based in Ireland;
    • a company providing accounting services;
    • a company providing invoicing software;
    • companies providing a tool for analysing statistics and analytical tools tracking traffic on the Website used in cooperation with the Shopify International Ltd. platform based in Ireland (the list of companies can be found at the link: https://www.shopify.com/legal/cookies ).

    All external parties may use your data only for the purpose of providing the service in question. All persons who have access to your data must handle it with care and comply with applicable laws and regulations. We do not share your data with third parties for commercial purposes and we do not sell your data to other companies.

    The Service may transfer personal data to authorized authorities, tax authorities and/or law enforcement agencies if required by law.

  • Transfer of data to third countries

    • The Controller transfers your personal data outside the EEA only when necessary and when using the services of companies with international reach. Service providers are obliged to provide the same level of protection and apply appropriate legal mechanisms to ensure the protection of personal data, such as binding corporate rules adopted by the competent supervisory authority or other international certification standards or standard contractual clauses specified by the European Commission.

    The above companies guarantee compliance with standards similar to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. The use of their technologies by the Service in the processing of personal data remains lawful.

    For more information on data transfers outside the EEA, please visit: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_pl

  • User Rights

    1. The User has the right to demand from the Administrator:

    • access to their personal data - every person exercising this right has the right to receive information whether and what information about them is processed by the Administrator and to obtain a free copy of the data,
    • rectification of data - every person exercising this right has the right to request the rectification of their data or its completion,
    • processing restrictions - every person exercising this right has the right to restrict the processing of their data in the event of questioning the accuracy of the data and the legality or necessity of their processing and filing an objection.
    • withdrawal of consent to data processing - each person using this right has the right to withdraw previously expressed consent to the processing of data for the purposes specified in the consent. Consent does not have a retroactive effect, which means that data processing before the withdrawal of consent remains legal. Note! The above right only applies to data processing based on the User's consent.
    • to file an objection - any person exercising this right will be able to file an objection to the processing of their data based on the legitimate interest of the Administrator,
    • data transfer - each person exercising this right will be able to request the transfer of his or her data in pdf format to the indicated Administrator.
    1. In addition to the rights indicated above, each person whose data is processed has the right to lodge a complaint with the President of the Personal Data Protection Office, if they believe that their data is being processed in breach of applicable regulations. A complaint should be lodged with the President of the Personal Data Protection Office, ul. Stawki 2, 00-193 Warsaw or via the form on the website: https://uodo.gov.pl/
    2. The rights specified in point 1 can be exercised by contacting us using the contact details, e.g. to the e-mail address: contact@maglieriarosaria.com . The Administrator will implement the rights by contacting the Administrator's e-mail address within a maximum of 30 days of receiving the request. If, due to the special nature or complexity of the case, it is not possible to do so within 30 days, then the Administrator will implement them within the next month and will immediately inform the entitled person about the extension of the deadline.
    3. For security purposes, we reserve the right to provide certain information known to us. By using this process, we can verify that it is actually the person whose data it is.
    4. The Administrator has the right to refuse to implement the above-mentioned rights only if it is in accordance with the law and due to grounds that override the interests of the entitled person. The Administrator will always inform the entitled person of the reasons for refusing to implement the request.

  • Automated decision-making, profiling

    • The Administrator analyzes the personal data of Users by analyzing traffic on the Website, the history of activity on the Website. Data analysis does not cause any legal effects or in any way affects the rights and freedoms of the User, and this data is processed only for the purposes of determining User preferences and adapting the content and offers created by the Administrator to the preferences of Users.


  • Cookies

    1. The Website uses cookies, i.e. small text and numeric files that are saved by the IT system in the User's IT system (on the computer, telephone or other device of the User from which the connection to the Website was made while browsing the Website) and allow for the subsequent identification of the User in the event of a reconnection to the Website from the device (e.g. computer, telephone) on which they were saved.
    2. The Administrator may use the following types of cookies:
    1. temporary cookies - exist on the computer only while you are on a given website - more precisely, until you close your browser. They allow the Service pages to remember what customers have selected on the previous page and are designed to optimize navigation on the Service , e.g. by remembering the settings of the User logged into the Service - thanks to which the user does not have to re-enter their login and password on each subpage of the Service (the password and login are not saved in the "cookie" - only the customer's session number, which does not identify the customer's personal data).
    2. statistical cookies - this type of cookie is used to provide important information about website traffic and how visitors use it. To collect this data, (among others, Google Analytics tools) are used. These cookies are used exclusively to collect statistics on website traffic and to define the User's profile in order to display tailored materials in advertising networks, in particular the Google network,
    3. functional cookies - they exist on the computer only while you are on a given website - more precisely, until you close your browser. They allow the Service pages to remember what customers have selected on the previous page and are designed to optimize navigation on the Service , e.g. by remembering the settings of the User logged into the Service - thanks to which the user does not have to re-enter data on each subpage of the Service (only the customer's session number is saved in the "cookie", which does not identify the customer's personal data),
    4. necessary cookies - installed by the Administrator via the Website in order to provide Users with services offered on the website and their proper functioning,
    5. analytical cookies - this type of cookie is used to provide important information about website traffic and how visitors use it. These cookies are used solely to collect statistics on website traffic and to define the User's profile in order to display tailored materials in advertising networks,
    6. marketing cookies - installed by the Administrator or third parties whose services are used by the Administrator in order to adapt the displayed marketing content to the Users' preferences,
    7. other cookies - other cookies that are not necessary for the functioning of the Website and which are used by social media.
    1. The above companies guarantee compliance with standards similar to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. The use of their technologies by the Service in the processing of personal data remains lawful.
    2. Cookies do not store any information that constitutes personal data of the Service Users. Cookies are not used to determine the identity of the User. The basis for the use of cookies is the legitimate legal interest of the Administrator.
    3. Cookies are used on the Website with the User's consent.
    4. Cookies placed on the end device of the Service User may also be used by advertisers and partners cooperating with the Administrator, and may also be used by advertising networks, in particular the Google network, to display advertisements tailored to the way in which the user uses the Service. For this purpose, they may store information about the User's navigation path or the time spent on a given page.
    5. The Administrator analyzes the history of browsing the Service and traffic on the site in an automated manner. Data analysis does not produce any legal effects in relation to Users and is only intended to adapt the content presented by the Administrator to the preferences of Users.
    6. The User may at any time withdraw or change the scope of previously expressed consent to the use of cookies on the Website and delete them from their browser.
    7. Consent may be expressed by the User through appropriate software settings, in particular the web browser, installed on the telecommunications device used by the User to view the contents of the Website.
    8. The User may also at any time limit or disable cookies in their browser by setting it to block cookies or warn the User before saving a cookie file on the device they are using to view the contents of the Service. In such a case, however, it may happen that the User will not be able to use all the functionalities of the Service.
  • Analytical, marketing tools, social media plugins

    • The Shopify-based website uses various analytics tools and third-party services to monitor user interactions with our site. This data helps us analyze site traffic, improve user experience, and tailor our offerings to your needs.

    How do analytical tools work?

    Analytical tools use cookies and similar technologies to collect data such as:

    • Information about the pages you visit and your activities on the page (e.g. clicks, time spent on the page).
    • User device type, operating system, browser, and location.
    • Demographic data and preferences (if available).

    Companies that support analytics

    Shopify works with a number of analytics providers. These may include:

    • Google Analytics – for analysing traffic and user activities.
    • Facebook Analytics – to monitor the effectiveness of marketing campaigns.

    The list of analytics companies may change and be updated from time to time. For more information about the cookies used by Shopify, see their Cookie Policy .

    Anonymity and data security

    The collected data is anonymized and used solely for analytical and statistical purposes. In no case does it enable the identification of a specific user.

  • Social media plugins

    • We inform you that the Service may contain links (plug-ins) enabling its Users to directly access other websites for which the owner of the Service is not responsible, such as Instagram.

    We have no influence on the privacy policy and use of cookies conducted by the administrators of these websites. We recommend that before using the services offered by other websites, each User reads the document regarding the privacy policy and use of cookies, if they have been made available, and in the absence of such, contacts the administration of the given website to obtain information on this subject.

    Use of social plugins:

    When you use these plugins, you consent to the transfer of certain personal data to social media operators such as Instagram. The operators of these platforms act as joint controllers of personal data with us in relation to the information transferred via these plugins.

    The data transmitted to social media administrators may include information such as your email address, user ID, profile data, preference information and other data necessary for login and user authentication processes.

    Data transferred to social media administrators is used, among other things, to enable Users to log in to our website using their social media platform account. Social media administrators may also use this data to customize content, provide personalized services, and analyze User behavior.

  • How do we protect your personal data?

    • The Administrator makes every effort to ensure that your data is safe. To this end, it implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with the law and in a manner that ensures security, including, among others, the use of an encrypted connection - SSL (https:// protocol).

    The IT systems used by the Administrator have appropriate security measures that guarantee the confidentiality and integrity of the personal data being processed.

  • Where can I submit objections/comments regarding the processing of personal data?

    • We would like to emphasize that your privacy is important to us, and we take all possible steps to protect your data. If you have any questions or concerns about the processing of your data on our Service, please contact us:

    • via email: contact@maglieriarosaria.com
    • via telephone number: +48 733 913 785.
    • Final provisions

    The Administrator applies technical and organizational measures aimed at ensuring the protection of processed personal data appropriate to the threats and categories of data subject to protection, and in particular protects data against disclosure to unauthorized persons, removal by an unauthorized person, processing in violation of applicable regulations and change, loss, damage or destruction.

    The Administrator reserves the right to change the Privacy Policy for important reasons (such as changes to generally applicable regulations, introduction of new functionalities, modification of IT systems). The Administrator will inform Users about any change to the Privacy Policy by placing information about the change to the Privacy Policy on the home page. Users with a User Account will be additionally notified by the Administrator by sending information about the change to the Privacy Policy to the e-mail address provided by them in the registration form.


    Changes to the Privacy Policy come into effect within 14 days from the date of publication on the Website. Archived versions of the regulations are published on the Website in the "Privacy Policy" tab.


    In the case of agreements concluded before the change of the Privacy Policy, the Privacy Policy in the version in force on the date of conclusion of the Agreement shall apply.