Privacy & Cookie Policy

1) Who We Are (Data Controller)

2) Changes to This Policy

We may update this Policy from time to time to reflect changes to our practices or for legal, regulatory, or operational reasons. We will post the revised Policy on the Site and update the "Last updated" date.

3) What Data We Collect

a) Information you provide directly

• Basic contact details (name, email address, phone number, billing/shipping address)
• Order and transaction data (products purchased, payment confirmation, shipping details, returns)
• Account data (username, password, preferences, wishlists)
• Communications (messages sent to customer support, product reviews, survey responses)

Providing certain information may be necessary to create an account, place an order, or receive customer support. If you choose not to provide it, some features may be unavailable.

b) Information collected automatically (Cookies & similar)

We automatically collect certain information about how you use the Site ("Usage Data"), including: IP address, device and browser type, operating system, referring/exit pages, timestamps, pages viewed, interactions, and approximate location (based on IP). We use cookies, pixels, SDKs, and similar technologies (collectively, "Cookies") to enable and improve the Services, perform analytics, provide security, and personalize content/ads (where permitted).

c) Information from third parties

We may receive information from:

• E-commerce & hosting (e.g., Shopify)
• Payment processors (payment status/confirmation; card data is handled by the processor, not stored by us)
• Marketing & analytics partners (e.g., Google, Meta, TikTok, Pinterest, Microsoft/Bing, Klaviyo, Yotpo)
• Fulfilment, logistics, and anti-fraud providers

4) Legal Bases for Processing (GDPR)

We process your personal data under the following legal bases:

• Contract: to process your orders, payments, deliveries, returns, and account
• Legal obligation: to comply with tax, accounting, consumer, and product regulations
• Legitimate interests: to operate, secure, and improve the Site; prevent fraud/abuse; personalize non-intrusive content; measure performance; and communicate service updates
• Consent: for non-essential cookies/analytics/advertising and direct marketing by email/SMS where required. You can withdraw consent at any time (see Sections 8–10)

5) How We Use Your Information

• Provide and improve the Services: process orders and payments, arrange shipping/returns, maintain your account, provide customer support, operate and secure the Site, fix errors, and improve user experience
• Communicate with you: order confirmations, shipping updates, service messages, and—where permitted—marketing communications
• Personalization & analytics: remember preferences, understand usage, and improve products and content (non-essential analytics only with your consent in the EEA)
• Marketing & advertising: send promotional messages (with consent where required); show ads on our Site and third-party platforms (ad cookies only with consent in the EEA)
• Security & fraud prevention: detect and prevent fraud, abuse, and security incidents
• Legal compliance: fulfil legal and regulatory requirements and respond to lawful requests

6) Cookies

a) What are Cookies?

Cookies are small files placed on your device to make the Site work, remember settings, perform analytics, and personalize content/ads.

b) Types of Cookies we use

• Strictly necessary (required for core functionality such as cart and checkout)
• Preferences (remember choices such as language)
• Analytics (measure and improve performance; e.g., Google Analytics)
• Advertising/retargeting (help deliver relevant ads on and off our Site)

Note for Shopify-powered stores: for Shopify-specific cookies, see Shopify's cookie policy

c) Managing Cookies

On first visit (and periodically thereafter), an EU/EEA cookie banner will allow you to accept, reject, or manage non-essential cookies. You can also manage cookies via your browser settings. Blocking or deleting cookies may impact Site functionality. Withdrawing consent does not affect the lawfulness of processing prior to withdrawal.

7) How We Disclose Personal Information

We may disclose personal data to:

• Service providers / processors: hosting (e.g., Shopify), payments, fulfilment and shipping, email/SMS and CRM (e.g., Klaviyo), reviews/UGC (e.g., Yotpo), analytics and ad tech (e.g., Google, Meta, TikTok, Pinterest, Microsoft/Bing), IT/security, cloud storage, and customer support partners
• Business partners: for aggregated insights and—where you consent—marketing/advertising
• Within our corporate group/affiliates: where necessary to run our business
• Legal and compliance: to comply with laws, enforce our terms, protect our rights, or respond to lawful requests
• Transactions: in connection with mergers, acquisitions, financing, or sale of assets (subject to safeguards)

We do not sell your personal data. We do not use or disclose sensitive data for the purpose of inferring characteristics.

8) Retention

We keep personal data only as long as necessary for the purposes described in this Policy, including to provide Services, comply with legal obligations (e.g., tax/accounting), resolve disputes, and enforce agreements. Retention periods vary by data category and legal requirements.

9) Security

We implement appropriate technical and organizational measures to protect personal data. However, no method of transmission or storage is 100% secure. If you suspect your account or data has been compromised, contact us immediately at customer@bogdaoskin.com.

10) International Data Transfers

We may transfer your data outside your country (including outside the EEA/UK), for example to service providers. Where required, we rely on lawful transfer mechanisms such as the EU Standard Contractual Clauses (SCCs) and ensure appropriate safeguards.

11) Your Rights (EEA/UK GDPR)

Subject to legal limits, you have the right to:

• Access your personal data and obtain a copy
• Rectify inaccurate or incomplete data
• Erase data ("right to be forgotten")
• Restrict processing in certain circumstances
• Portability of data you provided to us, in a structured, commonly used, machine-readable format
• Object to processing based on legitimate interests, including profiling; and to object to direct marketing at any time
• Withdraw consent at any time where processing is based on consent

To exercise your rights, email customer@bogdaoskin.com. We may need to verify your identity. You also have the right to lodge a complaint with your local authority. In Poland, this is:

12) Marketing Communications

If you subscribe to marketing emails/SMS, we will send you promotions and news. You can unsubscribe at any time via the link in our messages or by contacting us. We may still send non-marketing service emails (e.g., order updates).

13) User-Generated Content (UGC)

If you post reviews or other content publicly on the Services, that content will be visible to others. We are not responsible for how others use such information. Please avoid sharing personal or sensitive data in public posts.

14) Third-Party Websites & Links

The Site may contain links to third-party sites. We are not responsible for their privacy/security practices or content. Review their policies before providing any data.

15) Children's Data

Our Services are not intended for children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact us so we can delete it.