Privacy Policy

I. Data Controller

Identification Data:
Name: Uniforma Michał Mierzwa Maciej Mach S.C.
Headquarters: Staszica 9/5, 60-528 Poznań

Contact Information:
Contact Person: Maciej Mach
E-mail: hello@uniforma.pl

Registration Data:
NIP: 7811980651
REGON: 381205126
Date of Registration: September 4, 2018
Legal Form: Civil Partnership

The Controller is responsible for the lawful processing of users’ personal data and for implementing appropriate protective measures.

II. Scope of Data Processing, Purposes, and Legal Bases

Types of Data Collected:

Data provided directly by users: first name, last name, e-mail address, phone number, correspondence address – provided during registration, inquiries, or contact form submissions.
Data collected automatically: IP address, browser information, session data, metadata enabling content customization, and cookies.

Purposes of Processing:

Service Delivery:
Data necessary for concluding and performing contracts (providing services, handling inquiries, fulfilling orders).
Marketing:
Sending commercial information and promotional offers (based on user consent) and running advertising campaigns, including via Meta Ads and Google Ads.
Statistics and Analytics:
Monitoring website traffic and analyzing user behavior to optimize the functionality of the service.
Research and Development:
Profiling and data analysis to better tailor offers to users’ needs and implement improvements.

Legal Bases and Processing Conditions:

Personal data is processed in accordance with the General Data Protection Regulation (GDPR), the Polish Personal Data Protection Act of 10 May 2018, and the Act on Electronic Services of 18 July 2002.

Processing based on a user’s inquiry or complaint (via email) is carried out under Article 6(1)(b) GDPR – necessary to take action at the user’s request.
With separate consent, data may also be processed for marketing purposes, including electronic commercial communication (Article 6(1)(a) GDPR).
When concluding or performing a contract, the other party must provide necessary data (Article 6(1)(b) GDPR).
For research and analysis, processing is based on Article 6(1)(f) GDPR (legitimate interest).

Data is stored no longer than necessary to achieve its purpose — until consent is withdrawn, claims expire (usually 2 years), or the inquiry/complaint is resolved.

To ensure proper website functionality and payment operations, the site uses metadata (device configuration data not enabling identification). Users may withdraw consent to metadata processing via browser settings or plugins.

The Controller may use profiling for direct marketing (e.g., discount offers, cart reminders). Profiling is based on behavioral analysis, but the final decision always belongs to the user.

Additional collected information may include:

IP address,
device, hardware, and software identifiers (e.g., IDFA or AAID),
platform type, settings, plugins,
approximate geolocation data,
browser type and language.

The Controller applies appropriate technical and organizational measures to ensure compliance and prevent unauthorized access. These safeguards are regularly reviewed and updated.

III. Cookies

Definition and Purpose:
Cookies are small text files stored on a user’s device, enabling personalization, statistics, and functionality optimization.

Purposes:

Personalization: adjust website content to user preferences.
Analytics: collect anonymous data on website usage.
Marketing: display personalized ads (Meta Ads, Google Ads).
Security: maintain proper service operation and facilitate logins.

Technical Details and Types:

Cookies typically contain:

domain name,
storage duration,
unique browser identifier.

Cookies are used to:

adapt website content to user preferences,
create anonymous statistics,
provide ads relevant to user interests.

Cookies do not identify users personally.

Main categories:

Necessary cookies: essential for the site’s proper functioning and security.
Functional cookies: enhance functionality; without them, the site may not adapt to preferences.
Business cookies: enable the business model (e.g., advertising cookies).
Configuration cookies: manage website functions and settings.
Security cookies: verify authenticity and optimize performance.
Authentication cookies: identify logged-in users.
Session cookies: store session information.
Process cookies: ensure smooth operation.
Advertising cookies: personalize ads on and off the site.
Location cookies: tailor content to location.
Analytical cookies: anonymously understand user preferences.
Harmless cookies: required for basic operation, not used for tracking.
Tracking cookies: monitor behavior without personal identification.

Cookies are encrypted and safe for users and their devices. Users can modify cookie settings in their browsers; however, this may affect site functionality.

The website may use tracking pixels (e.g., GIF files) and web logs to monitor traffic and prevent fraud. The site does not respond to DNT (Do Not Track) signals, but users can disable tracking via browser settings or consent tools.

Instructions for managing cookies are available in major browsers (Chrome, Firefox, Opera, Safari, Edge) and mobile device documentation.

IV. Data Sharing

Rules for Sharing:

Personal data may be shared only when necessary for:

Subcontractors: hosting providers, IT service providers, marketing agencies, payment operators.
Business Partners: administrative, accounting, legal, or consulting service providers.
International Transfers: when using analytics or advertising tools (with safeguards such as Standard Contractual Clauses).

The Controller ensures that data is shared only:

with prior consent, or
when required by law (e.g., to law enforcement authorities).

Potential Recipients:

Technical and organizational service providers: hosting, email, CRM, marketing, delivery.
Accounting, legal, and advisory providers: bookkeeping, legal offices, debt collection.

Anonymous (non-identifiable) data may be shared with third-party providers for analytical purposes.

Key partners include:

Google LLC (Google Analytics, Tag Manager, Ads) – Mountain View, CA, USA
Facebook Inc. (Meta Pixel) – Palo Alto, CA, USA

Google Analytics data may be processed on US servers; users can opt out via Google’s plugin.

Transfers outside the EEA are based on EU Standard Contractual Clauses and appropriate safeguards, in line with the CJEU decision of 16 July 2020.

V. Data Retention Period

Contract performance: until claims expire (usually 2 years).
Marketing and analytics: until consent withdrawal or completion of the purpose.

After this period, data is deleted or anonymized.

VI. Data Subject Rights

Users have the right to:

access, correct, restrict, delete, or transfer their data;
withdraw consent at any time (without affecting prior lawful processing);
file a complaint with the President of the Personal Data Protection Office (UODO);
object to processing based on legitimate interest or direct marketing.

To exercise these rights, users should send a request via e-mail or by post to the Controller’s address.

VII. Data Breach Procedures

In case of a personal data breach, the Controller will:

take immediate corrective actions,
notify supervisory authorities (e.g., UODO),
inform affected users,
investigate and update internal security procedures.

XIII. Changes to the Privacy Policy

This document may be updated to reflect legal or operational changes. Updates will be published on the website, and users who consented to email communication will be notified.

IX. Contact Information

For data protection matters:
Contact Person: Maciej Mach
E-mail: hello@uniforma.pl
Address: Staszica 9/5, 60-528 Poznań

Summary

This Privacy Policy complies with GDPR and represents the company’s comprehensive approach to data protection, describing how user data is processed, shared, and secured. Users are encouraged to review the latest version regularly, as legal or procedural updates may lead to revisions.

‍