Privacy policy

in force at VOLO Katarzyna Łyżwa with its registered office in Warsaw

General provisions

This document, hereinafter referred to as the “Privacy policy”, defines the principles of management, protection and distribution of personal data in force at VOLO Katarzyna Łyżwa with its registered office in Warsaw, ul. Zamiejska 7/46, 03-580 Warsaw, Poland, NIP: 118-189-67-84 (hereinafter referred to as “the Company” or “Data Administrator”).

The detailed provisions contained in this Privacy Policy apply to the rules for the processing of personal data by the Company by all means, including within IT systems.

The Company respects the privacy of the persons whose data is processed and makes the utmost care so that this data is processed in accordance with the law and international principles of good practice. The Data Administrator makes special efforts to protect the privacy and information provided to the Company. The Data Administrator chooses and applies appropriate technical measures, including programming and organizational measures, ensuring protection of the processed data, in particular secures the data against unauthorized disclosure, loss and destruction, unauthorized modification as well as against their processing in violation of the applicable laws.

In order to protect the privacy of personal data, the Company applies strict internal and external safeguards. The Data Adminstrator exercises permanent control over the data processing.

While using the services of the Company, the Customer may be asked to provide his / her personal data, in particular: name, surname, address, telephone number or e-mail address, in order to perform services provided as part of the Company’s business.

Personal data collected by the Company is processed in accordance with the Regulation of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) of 27 April 2016 (Official Journal No. 119, page 1).

Providing any personal data is voluntary, with the proviso that failure to provide certain data, in particular: name, surname or address, prevents the provision of some services, and in particular the execution of an order placed by the Customer.

Personal data or information about Customers can be made available to authorities or third parties in accordance with the applicable laws.

Rules for the processing of personal data

The Company strives to ensure and make every effort to ensure that the personal data processed by the Company is:

Processed in accordance with the law

The data processing is based on at least one of the following legal grounds:

 the data subject has agreed to the processing of his / her personal data for one or more specific purposes;
 the data subject has agreed to the processing of his / her personal data for one or more specific purposes;
 processing is necessary to fulfill the legal obligation incumbent on the Data Administrator;
 processing is necessary to protect the vital interests of the data subject or another natural person;
 processing is necessary for purposes arising from legitimate interests pursued by the Data Administrator or by a third party, except when the interests or fundamental rights and freedoms of the data subject, requiring the protection of personal data, prevail over those interests.
The consent of the data subject to data processing must be expressed in a voluntary, concrete, informed and unambiguous manner. In addition, the consent must be in the nature of a clear action – statement or confirmation. Forms of consent should be formulated in clear and legible language, i.e. in a way understandable to the person whose data is about to be processed. The expression of consent takes place only through the actual selection of each option by the data subject. Consent is related to the active action of a person – therefore, there is no possibility of presuming its existence.

Consents to the processing of personal data may be placed on a form or website along with other information. In this case, if the data subject agrees in a written statement which also applies to other matters, the request for consent must be presented in a way that clearly distinguishes it from other issues, in a comprehensible and easily accessible form, clear and plain language.

If personal data is processed for several purposes, the consent of the data subject should be obtained for all of these purposes.

The Data Administrator acquires and registers consents in such a way that, for example in case of a natural person’s complaint, the Data Administrator can prove that the person actually consented to the processing of his / her personal data.

The data subject has the right to withdraw his / her consent at any time.

In this case, if the Data Administrator does not have a different processing basis (which may be, for example, a necessity to perform the contract, or a specific legal basis), data processing should be discontinued. As a result of the withdrawal of consent, subject to the second sentence above, the data is removed from all the Company’s systems. The withdrawal of consent does not affect, at the same time, the lawfulness of the processing which was carried out on the basis of consent before its withdrawal. The possibility of withdrawal of consent shall be notified before it is expressed (e.g. as part of the consent clause).

The withdrawal of consent must be as easy as expressing it, e.g. if the consent is received by phone, the same form of cancellation should be provided.

The Company ensures that personal data will not be subject to further processing in a manner inconsistent with the previously defined goals. If a decision is made about the further processing of personal data, the Company will endeavor to obtain the appropriate consent of the data subjects.

Processed correctly and reliably

The Data Administrator ensures that the collected personal data is correct and up-to-date and that its processing proceeds smoothly.

The Data Administrator implements technical and organizational measures that enable data correction, reduce the risk of errors and remove incorrect data. It covers the implementation of appropriate processes and functionalities at the application as well as database levels.

The data subject is entitled to request the rectification and completion of its personal data.

Processed in accordance with the purpose limitation principle

The purpose limitation principle means that personal data can only be collected in a specific,

explicit and legitimate purpose that cannot be achieved by other means.

The purpose of data processing is determined at the moment of obtaining it.

If the basis for data processing is consent, it only refers to the specifically designated processing purpose. The new purpose of data processing requires obtaining new consent.

The Data Administrator informs the persons about the purposes of processing their personal data.

Processed in accordance with the principle of data minimization

The scope of acquired data must be adequate and limited to the minimum necessary to achieve the indicated goal.

Minimization consists in selecting only data that is necessary for the Company’s activity and limiting the period of data storage.

Before starting the process of obtaining and then processing data, the Company precisely defines the objectives and corresponding types of data and sets the date of removal and periodical review of the data.

The Company stores personal data for a period not longer than necessary for the purposes for which these data were collected.

Processed in accordance with the principle of integrity and confidentiality

The Data Administrator processes the data in a way that guarantees an adequate level of security.

The principle of integrity refers to ensuring that data has not been modified, deleted, supplemented or destroyed in an unauthorized manner.

In accordance with the principle of confidentiality, the Company prevents situations in which personal data is publicly disclosed or disclosed to unauthorized entities or processes.

The Data Administrator has analyzed the risks specific to the data processing and nature of the data to be protected, and then adapted and implemented appropriate technical measures to ensure the integrity and confidentiality of the data.

The Data Administrator has analyzed the risks specific to the data processing and nature of the data to be protected, and then adapted and implemented appropriate technical measures to ensure the integrity and confidentiality of the data.

Processed in accordance with the principle of accountability

The Data Administrator seeks to have documented and periodically verified knowledge of personal data, including:

 the inventory of processed data;
 the location of data;
 defining and monitoring data processing procedures;
 defining and monitoring data processing procedures;
 processes that support detecting and responding to security incidents.
The Data Administrator is obliged to notify the supervisory body about any violations of personal data found.

Processed according to the principle of information transparency

The Data Administrator ensures that all information addressed to natural persons will be formulated in a simple and transparent language.

The principle of transparency of information means the prohibition of placing relevant information “in small print”, inserting it into complicated text, or placing it among other, less important information.

Personal data will not be sent outside the European Union, unless an adequate level of protection of the rights and freedoms of data subjects in relation to the processing of exported data is created.

The information obligation and rights of the data subject

Due to the voluntary nature of the Customer’s provision of personal data, the Company provides and informs persons who data relate to about their rights, i.e. about:

 the right to access data and information,
 the right to demand the rectification and completion of data,
 the right to oppose data processing,
 the right to transfer data,
 the right to be forgotten (the right to delete data),
 the right to withdraw consent at any time.
At the request of an authorized entity, the Data Administrator is obliged to provide a copy of the data processed and make appropriate changes to the system.

The Data Administrator is obliged to provide to a natural person, during the collection of its data, and before the processing of such data, in particular the following information:

 the identity and contact details of the Data Administrator,
 the purpose of processing personal data,
 information about recipients of personal data,
 the period during which personal data will be processed, and if it cannot be accurately determined, criteria for determining this period (e.g. for the duration of the contract),
 information about the use of data for profiling,
 information about the right to request access to personal data from the Data Administrator,
 the right to rectify, delete or limit processing of the data, and the right to object to the processing, as well as the right to transfer data,
 the right to file a complaint to the supervisory body,
 where applicable – information about the intention to provide personal data outside the European Union and information about the appropriate safeguards of personal data used by the entity to which the relevant data is transferred.
The purposes of data processing should be specific, explicit and legally justified.

The data subject may request from the Data Administrator not only information about what data about him / her the Data Administrator possesses, but also – in the case of data processed electronically – receiving them in a commonly used format and transfering them to another service provider without any obstacles.

The right to transfer the data also allows the Customer to request that the Data Administrator send it to another administrator, but only in so far as it is technically possible.

If the data subject uses the right to be forgotten (the right to delete data), the Data Administrator, without undue delay, removes this person’s data from all its systems. The indicated obligation to delete data at the request relates only to data obtained on the basis of granted consent. If the basis for data processing is a contract, the performance of which requires processing of data, then the right to be forgotten will not apply. In this situation, the request to delete the data will require an early termination of the contract.

The right to limit processing provides for the possibility of requesting data processing restrictions from the Data Administrator when the data subject:

 questions the accuracy of personal data;
 the processing is unlawful and the data subject opposes deletion of personal data, requesting instead a limitation of their use;
 the Data Administrator no longer needs personal data for processing, but it is needed by the data subject to determine, assert or defend his / her claims.
In automated processing of data files, processing should in principle be limited by technical means in such a way that personal data cannot be further processed or changed.

Examples of methods for limiting processing are, for example, temporarily transferring selected personal data to another processing system.

The data subject, if he / she thinks that his / her data is being processed unlawfully, has the right to:

 lodge a complaint to the supervisory body,
 an effective judicial remedy against a legally binding decision of the supervisory authority regarding the data subject,
 effective means of legal protection before a court, against the Data Administrator.
The initiation of court proceedings against the Data Administrator is possible regardless of complaints submitted to the supervisory authority.


Profiling is any form of automated processing of personal data, which involves the use of personal data to assess some of the person’s individual factors, in particular to analyze or forecast aspects relating to personal preferences of the individual, his / her interests, credibility, behavior, location or movement.

The data subject has the right not to be subject to a profiling mechanism which assesses his personal factors, based solely on automated processing.

Prohibited is profiling for which no explicit consent has been given.

Additionally, the Company:

Additionally, the Company:
 will regularly evaluate the manner of managing personal data.
The Company uses IP addresses collected during internet connections for technical purposes related to the administration of servers and in order to collect general statistical demographic information (e.g. about the region from which the connection takes place), as well as for security purposes, including possible identification of automatic browsing programs that overload the server.

What personal data we collect and why we collect it

Collection and processing of data to fulfill the contract and create a customer account

We collect personal data only if you provide it to us when placing your order, contacting us (e.g. using the contact form or e-mail) or creating a customer account. Mandatory fields are marked as such, because the data they contain are necessary for us to perform the contract or consider the case in which you contacted us, or to set up a customer account. Without providing them, you cannot complete the order or create a customer account or contact us. What data is collected results from the forms into which the data is entered. We use the transferred data to perform the contract and answer your inquiries. After the performance of the contract or deletion of the customer account, the processing of the data will be limited, and after the retention periods specified in the tax regulations and the Accounting Act, the data will be deleted, unless you expressly consent to further use of this data for other purposes. Your customer account can be deleted at any time. For this purpose, please send a message to our contact address or use the appropriate function in your customer account.


When visitors to the site leave a comment, we collect the data shown in the commenting form, as well as the IP address of the visitor and the signature of his browser as an aid in the detection of spam.

An anonymized string created based on your email address (the so-called hash) can be sent to Gravatar to check if you are using it. The Gravatar privacy policy is available here: After the comment is approved, your profile picture is publicly visible in the context of your comment.


If you are a registered user and upload images to your site, you should avoid sending images with EXIF location tags. Visitors to the site can download and read the full location data from the images on the site.


If you leave a comment on our site, you will be able to choose the option of saving your name, email address and website address in cookies, so that when writing subsequent comments, the above information will be conveniently supplemented. These cookies expire after a year.

If you have an account and log in to this site, we will create a temporary cookie to check if your browser accepts cookies. This cookie does not contain any personal data and will be discarded when you close your browser.

During logging in, we create additional cookies needed to save your login information and selected screen options. Login cookies expire after two days and screen options after one year. If you check the “Remember me” option, the login cookie will expire after two weeks. If you log out of your account, the login cookies will be deleted.

If you modify or publish an article, an additional cookie will be saved in your browser. This cookie does not contain any personal data, simply indicating the ID you just edited. It expires after 1 day.

Embedded content from other websites

The articles on this site may contain embedded content (e.g., movies, pictures, articles, etc.). Embedded content from other websites behaves analogously to the user’s direct visit to a specific site.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

E-Mail and Newsletter

If you subscribe to our newsletter, we will use your e-mail address to regularly send our newsletter by e-mail based on your consent.

You can unsubscribe from receiving the newsletter at any time by sending us a message with relevant information or by using the appropriate link in the newsletter. Upon receipt of this message, we will delete your e-mail address, unless you have expressly consented to further use of your data for other purposes. The newsletter is sent as part of entrusting data processing on our behalf by the service provider, to whom we provide your e-mail address for this purpose. This service provider is based in a country belonging to the European Union or the European Economic Area.

Google Analytics

Our website uses Google (Universal) Analytics, a web analytics tool from Google Inc. ( The above serves to protect our legitimate interest, consisting in the optimal presentation of our offer. Google (Universal) Analytics uses methods that make it possible to analyze the use of the website, such as cookies. The automatically collected information on the use of this website is usually transferred to a Google server in the United States and stored there. Due to the IP anonymization activated on this website, your IP address is shortened before being forwarded within the Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the United States and shortened there. The anonymized IP address provided by your browser as part of Google Analytics is, as a rule, not combined with other Google data.

Google LLC ma siedzibę główną w USA i posiada certyfikat EU-US-Privacy Shield. Aktualny certyfikat dostępny jest pod tym linkiem. W ramach umowy pomiędzy USA a Komisją Europejską ta ostatnia stwierdziła odpowiedni poziom ochrony danych w przypadku przedsiębiorstw posiadających certyfikat Privacy Shield.

You can prevent the recording of data collected by cookies regarding the use of our website (including your IP address) by Google, as well as the processing of this data by Google, if you download and install the browser plug-in available at the link: .com / dlpage / gaoptout? hl = en

How long we keep your data

If you leave a comment, its content and metadata will be kept indefinitely. Thanks to this, we are able to recognize and approve subsequent comments automatically, without sending every of them to moderation.

For users who have registered on our website (if they exist), we also store personal information entered in the profile. Each user can inspect, correct or delete their personal information at any time (except for the username which cannot be changed). Site administrators can also view and modify this information.

What are your rights to your data

If you have a user account or have added comments on this site, you can request delivery of a file with an exported set of your personal data in our possession, including all of those provided by you. You can also request that we delete all of your personal data in our possession. This does not apply to any data that we are obliged to keep for administrative, legal or security reasons.

You have the following rights:

the right to obtain information about the processing of your data in the scope specified in Art. 15 GDPR
in accordance with Art. 16 GDPR – the right to rectify incorrect or incomplete personal data concerning you;
in accordance with Art. 17 GDPR – the right to delete (“right to be forgotten”) your personal data stored with us, unless further processing is necessary: ​​- to exercise the right to freedom of expression and information; – to comply with a legal obligation; – for reasons of public interest; – to establish, assert or defend claims;
in accordance with Art. 18 GDPR – the right to limit the processing of your personal data, provided that: – the accuracy of the personal data is contested by you; – the processing is unlawful and you object to their deletion; – we no longer need the personal data, but you need them to establishing, investigating or defending claims; – you have objected pursuant to Art. 21 against processing;
in accordance with Art. 20 GDPR – the right to receive your data provided to us in a structured, commonly used machine-readable format and to send it to another administrator (“right to data portability”);
in accordance with Art. 77 GDPR – the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence, workplace or our company headquarters.

Data transfer

For the performance of the contract, we pass on your data to the shipping company responsible for the delivery, insofar as this is necessary for the delivery of ordered goods. Depending on which payment service provider you choose during the ordering process, we transfer the payment data collected for this purpose to the credit institution that handles the payment and, if applicable, to the payment service provider selected by us or by you. Some payment service providers collect data themselves if you create an account with them. In such cases, you must log in with the payment service provider selected in the ordering process, providing your access data. The privacy policy of the respective payment service provider also applies.