Search
Close this search box.

Privacy Policy

The privacy and cookie policy describe the rules for the processing and protection of personal data provided by Users in connection with their use of the cross-stitching-patterns.com website services and the use of cookies and other technologies on the cross-stitching-patterns.com website.

Definitions

Administrator – Bartosz Dziwak, the host and owner of the cross-stitching-patterns.com website

Website – website available at cross-stitching-patterns.com

User – any entity that uses the Website.

Privacy Policy of cross-stitching-patterns.com

In the document you are reading, you will find the rules for the processing of personal data and the use of cookies and other tracking technologies in connection with the help of websites managed by the Administrator and making purchases in the store operated by the Administrator.

The Administrator is Bartosz Dziwak, managing the website: cross-stitching-patterns.com

In case of any doubts related to the privacy policy, you can contact me at any time by sending a message to the address natalia@cross-stitching-patterns.com

Personal data

The Administrator of your data is Bartosz Dziwak.

The purposes, legal grounds and period of personal data processing are indicated separately for each purpose of data processing (see the description of individual objectives of personal data processing below).

Permissions

The GDPR grants you the following potential rights related to the processing of your data:

– the right to access your data and receive a copy of it,
– the right to rectify (correct) your data,
– the right to delete data (if in your opinion there are no grounds for me to process your data, you can request that I delete it),
– the right to limit data processing (you can request that I limit the processing of data only to their storage or performance of activities agreed with you, if, in your opinion, I have incorrect data or process it unjustifiably),
– the right to object to the processing of data (you have the right to object to the processing of data based on legitimate interest; you should indicate a specific situation that, in your opinion, justifies the cessation of the processing covered by the objection. I will stop processing your data for these purposes unless I can prove that the grounds for processing my data override your rights or that your data is necessary for me to establish, assert or defend claims),
– the right to transfer data (you have the right to receive personal data from me in a structured, commonly used machine-readable format that you provided to me based on a contract or your consent; you can also commission me to send this data directly to another entity),
– the right to complain about a supervisory authority (if you find that I am processing data unlawfully, you can file a complaint with the President of the Personal Data Protection Office or another competent supervisory authority).

The rules related to the implementation of the rights mentioned above are described in detail in Art. 16 – 21 GDPR. I encourage you to read these regulations. For my part, I consider it necessary to explain that the rights mentioned above are not absolute, and you will not be entitled to all activities related to the processing of your data.

I emphasize that you always have one of the rights indicated above – if you believe that I have breached the provisions on the protection of personal data while processing your data, you have the option to complain with the supervisory body (the President of the Office for Personal Data Protection).

You can also always ask me to provide you with information about what data I have about you and for what purposes I process it. All you have to do is send a message to natalia@cross-stitching-patterns.com

However, I have made every effort to ensure that this privacy policy comprehensively presents the information you are interested in. You can also use the e-mail address provided above if you have any questions related to the processing of your data.

Security

I ensure the confidentiality of all personal data provided to me. I guarantee that appropriate security and personal data protection measures are taken, as required by the provisions on personal data protection. Personal data is collected with due diligence and adequately protected against access by unauthorized persons.

Data recipients

Your data may be processed by entities whose services I use and whose services involve or may involve the processing of personal data. It concerns, in particular, the following entities:

– hosting provider – your data is stored on the server,

– mailing system provider – your data is processed as part of the mailing system,

– supplier of the invoicing system – as part of this system, your data is processed to issue an invoice,

– the software provider for organizing webinars – as part of this software, your data is processed if you participate in a webinar,

– project management system provider – as part of this system, this provider may process your data, if they are entered into it in connection with the project being implemented,

– supplier of the customer service system – as part of this system, your data is processed if you contact us in connection with the handling of your order,

– store system provider – as part of this system, your data is processed when you place an order in the store,

– provider of the landing page management tool – this tool processes your data when you submit the form visible on the landing page,

– cloud computing provider – as part of the clouds your personal data is stored, accounting office – the office processes your data contained in invoices and other accounting documents,

– law firm – the law firm may access your personal data if it is necessary to provide legal services to me,

– an entity providing services in the field of website maintenance – this entity may access your data in connection with technical work related to those areas in which data is processed,

– entity executing orders in the online store – if you order a physical product, the logistics of the order is handled by an external entity that processes your personal data,

– courier company – physical products are delivered by a courier company that processes your personal data,

– other subcontractors – I work with various subcontractors who may have access to your personal data if they provide services related to such access.

Your personal data may also be transferred to tax offices to the extent necessary to fulfill tax, accounting and accounting obligations. It concerns, in particular: all declarations, reports, statements and other accounting documents in which your personal data is located.

In addition, if necessary, your personal data may be made available to entities, bodies or institutions authorized to obtain access to data on the basis of legal provisions, such as the police, security services, courts, prosecutor’s offices.

Transferring personal data to third countries

I do not share your data with third countries.

Profiling and behavioural advertising

I do not make decisions for you based solely on automated processing, including profiling, which would have legal effects on you or significantly affect you.

I use tools that can take specific actions depending on the information collected as part of the tracking mechanisms, but I believe that these actions do not have a significant impact on you because they do not differentiate your situation as a customer, do not affect the terms of the contract you can with me to include.

By using specific tools, I can, for example, direct personalized advertisements to you based on your previous actions on my websites or suggest products that may be of interest to you. I am talking about so-called behavioural advertising. I encourage you to learn more about behavioural advertising, in particular regarding privacy issues. Detailed information, including the ability to manage your behavioural advertising settings, can be found here: http://www.youronlinechoices.com.

As part of the tools I use, I do not have access to information that would allow your identification. The information we are talking about here is, in particular:

– information about the operating system and web browser you use,

– subpages viewed,

– time spent on the site,

– transitions between individual subpages,

– the source from which you go to my website,

– the age range you are in,

– your gender,

– your approximate location limited to the city,

– your interests based on your online activity.

I do not combine the information indicated above with your personal data, which is in my database. This information is anonymous and does not allow me to identify you. This information is stored on the servers of the suppliers of individual tools, and these servers can most often be located all over the world.

Purposes and activities of personal data processing

Shopping in the store

When placing an order in the store, you must provide the data necessary to complete the order, such as name and surname, billing address, e-mail address, telephone number, tax identification number. Providing data is voluntary but necessary to place an order.

The data provided to us in connection with the order are processed in order to perform the contract concluded by placing an order (Article 6 (1) (b) of the GDPR), issuing an invoice (Article 6 (1) (c) of the GDPR), including the invoice in the documentation accounting (Article 6 (1) (c) of the GDPR) and for archival and statistical purposes, including to identify a returning customer (Article 6 (1) (f) of the GDPR).

Data about orders will be processed for the time necessary to perform the order and then until the expiry of the limitation period for claims under the contract. In addition, after this deadline, the data may still be processed by us for archival and statistical purposes, in particular, to identify a returning customer. Also, remember that I must store invoices with your personal data for five years from the end of the tax year in which the tax obligation arose.

You cannot object to the processing of data and demand the deletion of data until the expiry of the limitation period for claims under the contract. Similarly, you cannot object to the processing of data and request the deletion of data contained in invoices. After the expiry of the limitation period for claims under the contract, you can object to the processing of your data by me for statistical and archival purposes, as well as request the removal of your data from the database.

User account in the store

When creating a user account in the store, you must provide the data necessary to set up an account, such as e-mail address and password. Providing data is voluntary but necessary to create an account. As part of editing your account details, you can provide further information. The data provided in connection with the creation of an account is processed to provide you with an electronic service consisting of providing you with the possibility of using the user account. This service is provided based on an agreement concluded on the terms described in the regulations, which means that in this respect, the legal basis for the processing of your data is art. 6 sec. 1 lit. b GDPR.

You can decide to delete your account at any time, but it will not delete your data from my database because it is necessary for me to possibly establish, defend or pursue claims related to the contract for the provision of electronic services.

In addition, your data is stored in the database after the account is deleted to identify you as a returning user in the future if you decide to use the store again as a registered user. In this regard, the legal basis for processing your personal data is my legitimate interest – art. 6 sec. 1 lit. f GDPR.

As part of the user account, the history of your orders placed using the account is stored. In this regard, the processing of personal data is described in the point above – shopping in the store. The deletion of the user account will not be equivalent to the deletion of information about orders placed using the account if I still have a legal basis for processing this information.

You can modify the data contained in your account at any time.

Recovering abandoned carts 

If you start the ordering process but do not complete it, this fact will be recorded by my system, and you will receive a notification to your e-mail address that the order can be finalized. For this purpose, your personal data was collected by us in connection with the commencement of your order being processed. In this case, the data processing is based on my legitimate interest (Article 6 (1) (f) of the GDPR), which you can object to at any time.

Complaints and withdrawal from the contract

If you submit a complaint or withdraw from the contract, you provide personal data contained in the content of the complaint or the statement of withdrawal from the contract, which includes your name and surname, address, telephone number, e-mail address, bank account number. Providing data is voluntary but necessary to submit a complaint or withdraw from the contract.

The data provided in connection with the submission of a complaint or withdrawal from the contract are used to implement the complaint procedure or the procedure for withdrawing from the contract (Article 6 (1) (b) of the GDPR), and then for archival purposes, which is my legitimate interest (Article 6 (1) (f) of the GDPR).

The data will be processed for the time necessary to implement the complaint procedure or the withdrawal procedure. Complaints and statements of withdrawal from the contract may also be archived in order to be able to demonstrate the course of the complaint process or withdraw from the agreement in the future.

In the case of data contained in complaints and declarations of withdrawal from the contract, you cannot rectify this data. You also cannot object to the processing of data and demand the deletion of data until the expiry of the limitation period for claims under the contract. After the expiry of the limitation period for claims under the contract, you can, however, object to the processing of your data by us, as well as request the removal of your data from the database.

Newsletter

By subscribing to the newsletter, you provide me with your name and e-mail address. Providing data is voluntary, but necessary to subscribe to the newsletter.

The data provided to me when subscribing to the newsletter is used to send you a newsletter, and the legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) expressed when subscribing to the newsletter. In addition, the MailerLite tracking code embedded in my pages collects information about your activity on the pages and saves this information in your user profile. I can use this data to decide what content will be sent to you as part of e-mail communication. In this regard, I rely on my legitimate interest (Article 6 (1) (f) of the GDPR).

You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each message sent as part of the newsletter or by simply contacting me. Despite unsubscribing from the newsletter, your data will still be stored in my database for the purpose of possible defence of claims related to sending you the newsletter, in particular for the purpose of demonstrating that you have given your consent to receive the newsletter and the moment of its withdrawal, which is my legitimate interest, o referred to in Art. 6 sec. 1 lit. f GDPR.

You can correct your data stored in the newsletter database at any time. In a situation where you object to the processing of your personal data while requesting the removal of your data from my database, I will be forced to inform you that due to my legitimate interest referred to in the preceding paragraph, I will not delete your data from the database. The deletion of such data would prevent me from demonstrating, if necessary, that you have given your consent to receive the newsletter in the past.

The mailing system I use tracks your actions taken in connection with the messages sent to you. Therefore, I have information about which messages you have opened, in which messages you clicked on links, etc.

Lists of interested parties

Regardless of the newsletter, you can subscribe to the lists of people interested in specific products, services and courses. The subscription requires a name and e-mail address. Providing data is voluntary but necessary to subscribe to the list.

The data provided to me when subscribing to the list is used to send you information related to a given product, service or course, and the legal basis for their processing is your consent (Article 6 (1) (a) of the GDPR) expressed when subscribing to the list.

You can unsubscribe at any time by clicking on the dedicated link included in each message or by simply contacting me. Despite unsubscribing from the list, your data will still be stored in my database for the purpose of possible defence of claims related to sending you mailings, in particular for the purposes of demonstrating the fact that you consented to receive the message and the moment of its withdrawal, which is my legitimate interest, referred to in art. 6 sec. 1 lit. f GDPR.

You can correct your data stored in the database at any time. In a situation where you object to the processing of your personal data while requesting the removal of your data from my database, I will be forced to inform you that due to my legitimate interest referred to in the preceding paragraph, I will not delete your data from the database. Removal of such data would prevent me from demonstrating, if necessary, that you have given your consent to receive messages in the past.

The mailing system I use tracks your actions taken in connection with the messages sent to you. Therefore, I have information about which messages you have opened, which messages you clicked on links, etc.

Contact

By contacting me, you naturally provide me with your data contained in the correspondence, in particular your e-mail address and name. Providing data is voluntary but necessary to make contact.

In this case, your data is processed in order to contact you, and the basis for processing is art. 6 sec. 1 lit. f GDPR, i.e. my legitimate interest. The legal basis for processing after the end of contact is also my justified purpose in the form of archiving correspondence for internal purposes (Article 6 (1) (f) of the GDPR).

The content of the correspondence may be archived, and I am not able to clearly determine when it will be deleted. You have the right to request a history of correspondence with me (if it was archived), as well as request its removal unless its archiving is justified due to my overriding interests, e.g. defence against potential claims on your part.

Social Media

By observing cross-stitching-patterns.com social profiles, interacting, adding comments, etc., you make me see your personal data collected as part of your social profile. You decide what is available on your profile using the privacy settings of a given social network. I do not copy data from social profiles to my databases. I process them on social networks by the functions that are available on these social networks.

Cookies and other tracking technologies

All websites managed by the Administrator, like almost all other websites, use cookies.

Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by my ICT system (own cookies) or the ICT system of third parties (third-party cookies).

Some of the cookies I use are deleted after the end of the web browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow me to recognize your browser the next time you visit the site (persistent cookies).

If you want to learn more about cookies as such, you can see, for example, this material: https://pl.wikipedia.org/wiki/HTTP_cookie.

However, below you will find detailed information on cookies used on my website.

Consent to cookies

During the first visit to the website, you are shown information about the use of cookies. By using my website with cookies enabled in your browser, you consent to the use of cookies. You can always change cookie settings from your browser or delete cookies altogether. Browsers manage cookie settings in various ways. In the auxiliary menu of the web browser, you will find explanations on how to change cookie settings.

You can also manage cookie settings by installing special add-ons that allow you to control cookies, such as Ghostery (https://www.ghostery.com).

Remember that disabling or limiting the use of cookies may cause difficulties in using my website and many other websites that use cookies.

Own cookies

I use my cookies to ensure the proper functioning of the website, in particular, to handle the login process, order and user account.

Third-party cookies

My website, like most modern websites, uses functions provided by third parties, which involves the use of cookies from third parties. The use of such cookies is described below.

Google Analytics

I am using the Google Analytics tool provided by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. I carry out activities in this area based on my legitimate interest, consisting of the creation of statistics and their analysis in order to optimize my websites.

Google Analytics automatically collects information about your use of our website. The information collected in this way is most often transferred to a Google server in the United States and stored there. User and event data does not expire automatically.

I emphasize that as part of Google Analytics, I do not collect any data that would allow your identification. Therefore, the data collected as part of Google Analytics is not personal data. The information I have access to as part of Google Analytics is, in particular:

– information about the operating system and web browser you use,

– subpages you browse on my website,

– time spent on my website and its subpages,

– transitions between individual subpages within my website,

– the source from which you go to my site.

In addition, as part of Google Analytics, I use the following Advertising Functions:

– demographic and interest reports,

– remarketing,

– advertising reporting functions, user-ID.

As part of the Advertising Functions, I also do not collect personal data. The information I have access to is, in particular:

– the age range you are in,

– your gender

– your approximate location limited to the city,

– your interests based on your online activity.

In order to use Google Analytics, I have implemented a special Google Analytics tracking code in the code of my website. The tracking code uses Google LLC cookies for the Google Analytics service. You can also block the Google Analytics tracking code at any time by installing the browser add-on provided by Google: https://tools.google.com/dlpage/gaoptout.

Google Analytics and Google Analytics 360 services have been certified by the independent security standard ISO 27001. ISO 27001 is one of the most recognized standards in the world and certifies compliance with the relevant requirements by systems that support Google Analytics and Google Analytics 360.

If you are interested in details related to the data processing as part of Google Analytics, I encourage you to read the explanations prepared by Google: https://support.google.com/analytics/answer/6004245.

Facebook Ads and Insights

I use marketing and analytical tools available on Facebook. The provider of these tools is Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. I carry out activities in this area based on my legitimate interest, consisting of the marketing of my products or services and analysis and statistics.

In order to send you personalized ads in terms of your behaviour on my website, I have implemented Pixel Facebook as part of my website, which automatically collects information about your use of my website in terms of pages viewed. The information contained in this way is most often transferred to a Facebook server in the United States and stored there.

The information collected as part of Facebook’s Pixel is anonymous, i.e. it does not allow me to identify you. I only know what actions you have taken on my website. I can also check your age range, gender, where you are connecting to the Internet. Facebook Insights may also provide us with more information about you, but it is never information to allow me to identify you.

However, I would like to inform you that Facebook may combine the collected information with other information collected about you as part of your use of Facebook and use it for its own purposes, including marketing. Such Facebook activities are no longer dependent on me, and you can search for information about them directly in Facebook’s privacy policy: https://www.facebook.com/privacy/explanation. You can also manage your privacy settings from your Facebook account. Here you will find helpful information in this regard: https://www.facebook.com/help/568137493302217.

Content from external websites

I embed content from external websites on my pages, in particular videos from YouTube. Therefore, Google LLC cookies related to the YouTube service, including DoubleClick cookies, are used.

By playing a video or reading other embedded material, Google receives information about it, even if you do not have a profile with a given service provider or are not logged in at the moment. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.

If you have logged in to the website of a given service provider, this service provider will be able to directly assign a visit to my website to your profile on a given social network. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy are described in the privacy policy of individual service providers.

If you do not want service providers to assign the data collected during video playback or reading other content on my website directly to your profile on a given website, you must log out of this website before visiting my website. You can also completely prevent the loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.

YouTube-related cookies are not loaded until the video is played, so if you do not want this to happen, please refrain from watching the video.

Social tools

My website uses plugins and other social tools provided by social networks such as Facebook.

By displaying my website containing such a plugin, your browser will establish a direct connection with the servers of social network administrators (service providers). The plugin’s content is transferred by the given service provider directly to your browser and integrated with the website. Thanks to this integration, service providers receive information that your browser has displayed my website, even if you do not have a profile with a given service provider or are not logged in at the moment. Such information (along with your IP address) is sent by your browser directly to the server of a given service provider (some servers are located in the USA) and stored there.

If you have logged in to one of the social networking sites, this service provider will be able to directly assign a visit to my website to your profile on a given social networking site.

If you use a given plugin, for example, by clicking on the “Like” or “Share” button, the relevant information will also be sent directly to the server of the given service provider and stored there.

In addition, this information will be published on a given social network and will appear to people added as your contacts. The purpose and scope of data collection and their further processing and use by service providers, as well as the possibility of contact and your rights in this regard and the possibility of making settings to protect your privacy, are described in the privacy policy of individual service providers.

Facebook – https://www.facebook.com/legal/FB_Work_Privacy,

Twitter – https://twitter.com/en/privacy,

LinkedIn – https://www.linkedin.com/legal/privacy-policy,

Instagram – https://help.instagram.com/155833707900388.

If you do not want social networks to assign the data collected during your visit to my website directly to your profile on a given website, you must log out of this website before visiting my website. You can also completely prevent the loading of plugins on the website by using appropriate extensions for your browser, e.g. blocking scripts.

MailerLite

I use the MailerLite mailing system. The company processes personal data following the privacy policy: https://www.mailerlite.com/legal/privacy-policy

Server logs

Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in the server logs.

Logs include Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.

The data stored in the server logs are not associated with specific people using the website and are not used by us to identify you.

The server logs are an only auxiliary material used to administer the website, and their content is not disclosed to anyone except those authorized to administer the server.

Date of the last update of the Privacy Policy: 22/08/2024