Privacy policy

PRIVACY AND COOKIES POLICY OF THE MYRAW.EU STORE

§ 1. General Provisions

  1. This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with the use of the MyRaw online store available at www.myraw.eu (hereinafter: the "Store").

  2. The document also defines the rules for the use of cookies.

  3. The Controller of the personal data contained in the service is POLIMER Prosta Spółka Akcyjna with its registered office in Marki, ul. Piłsudskiego 123c, 05-270 Marki, Poland, VAT ID (NIP): 1251769394, REGON: 528836557, entered into the National Court Register (KRS) under number: 0001109711 (hereinafter: the "Controller").

  4. Contact with the Controller regarding data protection is possible via e-mail at: kontakt@myraw.eu.

  5. The Controller processes personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

§ 2. Purposes and Legal Bases for Data Processing

The Controller processes Users' personal data for the following purposes:

  1. Performance of the sales contract and order processing

    • Scope of data: Name, surname, delivery address, phone number, e-mail address.

    • Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract).

  2. Provision of electronic services (maintaining a User Account)

    • Scope of data: Data provided during registration, order history.

    • Legal basis: Art. 6(1)(b) GDPR (performance of a contract for the provision of services).

  3. Fulfillment of statutory obligations (Accounting and Tax)

    • Scope of data: Data necessary to issue an invoice/bill.

    • Legal basis: Art. 6(1)(c) GDPR (legal obligation incumbent on the Controller resulting from tax regulations).

  4. Handling complaints and pursuing claims

    • Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller).

  5. Own marketing (Newsletter) – only in the case of voluntary consent.

    • Scope of data: E-mail address, name.

    • Legal basis: Art. 6(1)(a) GDPR (consent).

  6. Analytical and statistical purposes

    • Legal basis: Art. 6(1)(f) GDPR (legitimate interest of the Controller consisting of analyzing User activity to optimize the offer).

§ 3. Data Recipients (Trusted Partners)

For the proper functioning of the Store, it is necessary to use the services of external entities. The Controller transfers data only when necessary to achieve a specific processing purpose. The recipients of the data are:

  1. Store platform provider:

    • Shopify International Ltd. – for the purpose of storing data on servers and technical support of the store.

  2. Payment operators:

    • Krajowy Integrator Płatności S.A. (Tpay) – for handling online payments (BLIK, transfers).

  3. Logistics service providers:

    • InPost Sp. z o.o. – for order delivery (Parcel Lockers, Courier).

  4. Providers of analytical and marketing tools:

    • Google Ireland Ltd. – regarding Google Analytics and Google Ads services.

  5. Accounting office:

    • For the purpose of fulfilling tax obligations.

§ 4. Data Transfer Outside the European Economic Area (EEA)

Due to the use of the Shopify platform and Google tools, User's personal data may be transferred outside the EEA zone (e.g., to Canada or the USA).

  1. In the case of Shopify, Canada holds a European Commission decision finding an adequate level of data protection.

  2. In the case of other transfers (e.g., USA), the Controller ensures that they take place based on appropriate legal safeguards, such as Standard Contractual Clauses (SCC) approved by the European Commission or under the Data Privacy Framework (for certified entities in the USA).

§ 5. Data Retention Period

  1. Data related to order processing are stored for a period of 5 years calculated from the end of the calendar year in which the tax payment deadline expired (requirement of tax regulations).

  2. Marketing data (Newsletter) are stored until the User withdraws consent.

  3. Data associated with the User Account are processed until the User deletes the account, subject to transactional data which must be archived for accounting reasons.

§ 6. Rights of the Data Subject

According to the GDPR, every User has the following rights:

  1. Right of access (Art. 15 GDPR) – obtaining information about processing and a copy of the data.

  2. Right to rectification (Art. 16 GDPR) – correcting incorrect or completing incomplete data.

  3. Right to erasure ("right to be forgotten") (Art. 17 GDPR) – requesting the deletion of data if there are no legal grounds for their further processing.

  4. Right to restriction of processing (Art. 18 GDPR).

  5. Right to data portability (Art. 20 GDPR).

  6. Right to object (Art. 21 GDPR) – objection to processing based on the Controller's legitimate interest (e.g., analytics).

  7. Right to withdraw consent – at any time (concerns e.g., Newsletter), without affecting the lawfulness of processing based on consent before its withdrawal.

In order to exercise the above rights, please contact the Controller via e-mail at: kontakt@myraw.eu. The User also has the right to lodge a complaint with the supervisory authority – the President of the Personal Data Protection Office (UODO) (ul. Stawki 2, 00-193 Warsaw, Poland).

§ 7. Cookies Policy

The Store uses cookies, i.e., small text information stored on the User's end device (computer, tablet, smartphone).

  1. Types of cookies used in the Store:

    • Essential (technical): Necessary for the proper functioning of the website (e.g., maintaining the login session, remembering the contents of the cart). User consent is not required for these files.

    • Analytical (statistical): Used to analyze traffic on the website (Google Analytics). They help understand how Users use the Store, which allows for improving its functionality. They require User consent.

    • Marketing (advertising): Allow for displaying advertisements tailored to User preferences (Google Ads, remarketing). They require User consent.

  2. Consent management: upon the first visit to the Store's website, a banner informing about cookies is displayed. The User has the option to:

    • Accept all cookies.

    • Reject non-mandatory cookies.

    • Make detailed settings (selection of categories).

  3. The User can change cookie settings in their web browser or clear browsing history at any time.

§ 8. Data Security

  1. The Store uses an encrypted connection (SSL certificate), which ensures the confidentiality of data transmitted between the User's browser and the Store's server.

  2. The Controller applies technical and organizational measures ensuring the protection of processed data appropriate to the threats and categories of data protected.

§ 9. Changes to the Privacy Policy

The Controller reserves the right to introduce changes to the Privacy Policy in order to adapt it to legal requirements or changes in the functioning of the Store. The current version of the Policy is always available at myraw.eu.

Date of last update: 09/02/2026