1. General information
This Privacy Policy describes the rules for processing personal data in connection with the use of the online store at miniaturia.eu the "Store"). The Policy has been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR").
2. Data controller
The controller of your personal data is:
MINIATURIA X AIRLAB Spółka z ograniczoną odpowiedzialnością
ul. Stanisławowska 47, 54-611 Wrocław, Polska
KRS: 0001192690, NIP: 8943268068, REGON: 542660024
Contact for personal data matters:
- E-mail: info@miniaturia.eu
- Phone: +48 724 370 325
- Postal address: as above.
The Controller has not appointed a Data Protection Officer. For all matters relating to the processing of personal data, please use the contact details above.
3. Personal data we process
Depending on how you use the Store, we may process the following categories of personal data:
a) identification and contact data: first name, surname, e-mail address, telephone number;
b) address data: delivery address, billing address (street, house/flat number, postal code, city, country);
c) business invoice data: company name, tax ID, registered office address;
d) transaction data: order history, amounts, chosen payment and delivery methods;
e) login data: e-mail address and encrypted password (if an account is created);
f) technical and behavioural data: IP address, device identifier, browser type and version, operating system, cookie data, information about pages visited;
g) correspondence content: messages sent to us via the contact form or by e-mail;
h) marketing data: marketing consents, newsletter subscription history, campaign interactions.
We do not process special categories of personal data (e.g., data on health, religious beliefs, political views).
4. Purposes and legal bases of processing
We process your personal data for the following purposes and on the following legal bases:
Purpose | Legal basis (GDPR) | Retention period |
Conclusion and performance of the sales contract, including order handling, delivery, payment processing, communication about the order | Art. 6(1)(b) GDPR — performance of a contract | Until the limitation period of contractual claims expires (generally 6 years) |
Operating a Customer account in the Store | Art. 6(1)(b) GDPR — performance of a contract for electronic services | Until the Customer deletes the account |
Issuing and storing invoices and other accounting documents, tax settlements | Art. 6(1)(c) GDPR — legal obligation (Polish Tax Ordinance, Accounting Act, VAT Act) | 5 years from the end of the calendar year in which the tax payment deadline expired |
Handling complaints and returns | Art. 6(1)(b) and (c) GDPR | Until the limitation period expires (generally 6 years) |
Newsletter distribution and marketing of our own products and services | Art. 6(1)(a) GDPR — consent | Until consent is withdrawn |
Handling enquiries sent via the contact form or e-mail | Art. 6(1)(f) GDPR — legitimate interest (responding to enquiries) | Up to 12 months after correspondence ends |
Ensuring the security of the Store, fraud detection, traffic analysis, statistics | Art. 6(1)(f) GDPR — legitimate interest | Up to 12 months |
Pursuit and defence of claims | Art. 6(1)(f) GDPR — legitimate interest | Until the limitation period expires |
5. Recipients of personal data
We may share your personal data with the following categories of recipients, only to the extent necessary to achieve the purposes listed above:
a) payment service providers — Stripe Payments Europe Ltd. (1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland) — to the extent necessary for payment processing;
b) carriers and courier companies — InPost S.A., DPD Polska Sp. z o.o., DHL Parcel Polska Sp. z o.o., Poczta Polska S.A. — to the extent necessary for delivery;
c) store platform and hosting provider — Odoo S.A. (Chaussée de Namur 40, 1367 Grand-Rosière, Belgium);
d) CDN and security provider — Cloudflare, Inc. (101 Townsend Street, San Francisco, CA 94107, USA);
e) accounting firm — to the extent necessary to maintain accounting documentation and tax settlements;
f) e-mail service provider — Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland;
g) marketing and analytics tool providers — if used (e.g., Google Analytics — Google Ireland Limited);
h) public administration and judicial authorities — in cases provided for by law.
All recipients listed above process data on the basis of data processing agreements (art. 28 GDPR) or on the basis of legal provisions.
6. International transfers (outside the EEA)
Some of our service providers are located or process data outside the European Economic Area, in particular in the United States (Cloudflare, potentially Google). In such cases, data transfers are carried out on the basis of:
a) European Commission adequacy decisions — for providers registered under the EU-U.S. Data Privacy Framework;
b) Standard Contractual Clauses (SCC) approved by the European Commission — in other cases.
A copy of the relevant safeguards can be obtained by contacting us at info@miniaturia.eu.
7. Your rights
In connection with the processing of personal data, you have the following rights:
a) right of access (art. 15 GDPR) — the right to obtain information about whether and what of your data we process and to receive a copy;
b) right to rectification (art. 16 GDPR);
c) right to erasure ("right to be forgotten", art. 17 GDPR);
d) right to restriction of processing (art. 18 GDPR);
e) right to data portability (art. 20 GDPR);
f) right to object (art. 21 GDPR) — including against profiling, for processing based on legitimate interest;
g) right to withdraw consent (art. 7(3) GDPR) — at any time, without affecting the lawfulness of processing carried out before the withdrawal (applies only to data processed on the basis of consent, e.g., newsletter);
h) right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych), ul. Stawki 2, 00-193 Warsaw, Poland, www.uodo.gov.pl.
To exercise the above rights, please contact: info@miniaturia.eu. We will respond without undue delay and no later than within 1 month of receipt of the request (this period may be extended by another 2 months in justified cases).
8. Voluntariness of providing data
Providing personal data is voluntary, but it is necessary to conclude and perform the sales contract, to create an account, to issue an invoice, or to receive the newsletter. Failure to provide the required data will make it impossible to carry out the indicated activities.
9. Automated decision-making and profiling
We do not make decisions in a fully automated manner, including by profiling, that would produce legal effects or similarly significantly affect you (within the meaning of art. 22 GDPR).
10. Cookies
Information about cookies used by the Store can be found in the Polityce Cookies available at: miniaturia.eu/cookie-policy.
11. Changes to the Privacy Policy
We reserve the right to amend this Privacy Policy. We will inform you of changes by publishing a new version on the Store's website and — in justified cases — by e-mail. The current version of the Policy is always available at miniaturia.eu/privacy-policy
12. Contact
If you have any questions about this Privacy Policy or the way we process your personal data, please contact:
- E-mail: info@miniaturia.eu
- Postal address: MINIATURIA X AIRLAB Sp. z o.o., ul. Stanisławowska 47, 54-611 Wrocław