PRIVACY POLICY 

WEAVINGGALLERY.COM 

1. The Owner of this website attaches utmost importance to the protection of Users' personal data. The Owner exercises extensive efforts to ensure that Users feel safe when entrusting their personal information while using the website. 

2. A User is a natural person, a legal person or an organizational unit without legal personality, to which the law grants legal capacity, using the electronic services available via the website. 

3. This privacy policy explains the principles and scope of the processing of the User's personal data, their rights, as well as the obligations of the Controller of such data; it also provides information about the use of cookies. 

4. The Controller uses state-of-the-art technical measures and organizational solutions to ensure a high level of protection of the personal data processed and safeguards against unauthorized access. 

I. PERSONAL DATA CONTROLLER 

The Controller of the personal data is Papo Wraps sp. z o.o. sp. z o.o. with its registered seat at Twarda 44, entered into the Register of Entrepreneurs maintained by the District Court in Warsaw, 13th Economic Division, under the KRS number: 0000881023, NIP (Tax ID number): 5272948460 (hereinafter: "Owner"). 

II. PURPOSE OF PERSONAL DATA PROCESSING 

1. The Controller processes the User's personal data in order to: 

ensure the proper performance of sales contracts concluded through the online store available via www.weavinggallery.com 

2. This means that the data is needed for purposes that include, but are not limited to 

a. registration on the website; 

b. conclusion of a contract; 

c. making settlements; 

Page 1 of 6

d. delivering the goods or performance of services ordered by the User; 

e. allowing the User to exercise any and all consumer rights (e.g. withdrawal from the contract, statutory warranty). 

3. The User may also agree to receive information on news and promotions, which will also result in the Controller processing personal data in order to send the User commercial information regarding, among others, new products or services, promotions or sales. 

4. Personal data is also processed in the fulfillment of the data controller's legal obligations and the performance of public interest tasks, including performance of tasks related to security and defense or storage of tax records. 

5. Personal data may also be processed for the purposes of direct marketing of products, securing and asserting claims or defending claims submitted by the User or a third party, as well as marketing the services and products of third parties or our own marketing, which does not constitute direct marketing. 

III. DATA TYPE 

1. The Controller processes the following personal data, the provision of which is necessary for the following purposes: 

a. registration on the website: 

- name and surname;  

- e-mail address; 

b. making purchases through the website: 

- name and surname;  

- gender;  

- delivery address;  

- phone number;  

- e-mail address; 

c. Optional data that the User may provide: 

- date of birth;  

- Polish personal government ID number (PESEL; if an invoice is requested);  

- tax identification number (NIP; if an invoice is requested for an entrepreneur). 

Page 2 of 6

2. In the case of withdrawal from the contract or where a complaint is acknowledged, when the refund is made directly to the User's bank account, we also process information regarding the bank account number for the purposes of the refund. 

IV. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA 

1. Personal data is processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88, hereinafter referred to as the "GDPR". 

2. The Controller processes personal data only with the prior consent of the User, given at the time of registration on the website or at the time of confirmation of a transaction made via the website. 

3. Granting consent for the processing of personal data is completely voluntary, however failure to do so prevents the User from registering on the website and making purchases through the website. 

V. USER'S RIGHTS 

1. The User may at any time request information from the Controller about the extent of personal data processing. 

2. The User may request correction or rectification of their personal data at any time. Users can also do this on their own after logging into their account. 

3. The User may withdraw their consent to the processing of their personal data at any time, without giving any reason. A request not to process data may concern a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receive commercial information or cover all the purposes of data processing. Withdrawal of consent for all processing purposes will result in the removal of the User's account from the website, along with all of the User's personal data previously processed by the Controller. Withdrawal of consent will not affect the activities already performed. 

4. The User may request at any time, without giving any reason, that the Controller delete their data. Such a data deletion request will not affect the activities performed so far. Deletion of data means simultaneous deletion of the User's account, along with all the personal data stored and processed by the Controller to date. 

Page 3 of 6

5. The User may at any time object to the processing of personal data, both with respect to all of the User's personal data processed by the Controller, as well as only to a limited extent, e.g. as to the processing of data for a specifically indicated purpose. Such an objection will not affect the activities carried out so far. Filing an objection will result in the deletion of the User's account, along with all personal data stored and processed by the Controller to date. 

6. The User may request restriction of the processing of their personal data, whether for a specific period of time or without a time limit, but to a certain extent, which the Controller shall be require to comply with. This request will not affect the activities carried out so far. 

7. The User may request that the Controller transfers the User's processed personal data to another entity. For this purpose, a written request should be submitted to the Controller, indicating the recipient entity (name, address) of the User's personal data and what specific data the User wishes the Controller to transfer. After the User confirms their request, the Controller will provide the User's personal data in electronic form to the designated entity. Confirmation of the request by the User is necessary for the security of the User's personal data and to be sure that the request originates from an authorized person. 

8. The Controller shall inform the User of the action taken, before the expiration of one month after receiving one of the requests listed in the preceding paragraphs. 

VI. RETENTION PERIOD OF PERSONAL DATA 

1. As a general rule, personal data is retained only for as long as is necessary to fulfill the contractual or statutory obligations for which it was collected. Data will be deleted immediately when storage is no longer necessary for evidentiary purposes in accordance with civil law provisions or in connection with a statutory data retention obligation. 

2. Information relating to the contract shall be retained for evidence purposes for a period of three years, starting from the end of the year in which the business relationship with the User was terminated. Data will be deleted after the expiration of the statutory limitation period for the assertion of contractual claims. 

3. In addition, the Controller may retain archival information relating to concluded transactions, as their storage is related to the User's claims, e.g. under statutory warranty. 

4. If no contract has been concluded between the User and the Owner, the User's personal data is stored until the User's account on the website is deleted. An account may be deleted based on the User's request, withdrawal of consent for the processing of personal data or objection to the processing of such data. 

VII. DATA PROCESSING SUBCONTRACTING 

1. The Controller may entrust the processing of personal data to entities cooperating with the Controller to the extent necessary for the execution of the transaction, e.g. for the purposes of preparing the ordered goods and delivery of shipments or transmission of commercial information originating from the Controller (the latter applies to Users who have agreed to receive commercial information). 

2. Other than for the purposes indicated in this Privacy Policy, the Users' personal data will not be shared in any way with any third parties nor transferred to other entities for the purpose of sending marketing materials of such third parties. 

3. Personal data of website users is not transferred outside the European Union. 

4. This Privacy Policy complies with the provisions of Article 13(1) and (2) of the GDPR. 

VIII. COOKIES 

1. The website uses cookies or similar technology (hereinafter collectively referred to as "cookies") to collect information about a User's access to the website (e.g. via a computer or smartphone) and preferences. They are used, among others, for advertising and statistical purposes, as well as to customize the website. 

2. Cookies are pieces of information that contain a unique reference code that a website sends to a User's device for the purpose of storing, and sometimes tracking information, about the device being used. Usually they do not allow to identify the User. Their main task is to ensure that the website is better tailored to the User. 

3. Some of the cookies present on the website are only available for the duration of a given web session and expire when the browser is closed. Other cookies are used to remember the User and ensure they are recognized when re-visiting the website. They are then preserved before a longer period of time. 

4. The Administrator may process data contained in Cookies when visitors use the Online Store for the following purposes:

• Identifying customers as logged into the Online Store and displaying that they are logged in.
• Remembering products added to the cart for order placement.
• Remembering data from filled order forms, surveys, or login data for the Online Store.
• Customizing the content of the Online Store's pages to individual customer preferences and optimizing the use of the Online Store.
• Conducting anonymous statistics illustrating the manner of using the Online Store's website.

5. All cookies used on the website are determined by the Controller. 

6. All cookies used by this website comply with the applicable laws of the European Union. 

7. Most Users and some mobile browsers automatically accept cookies. If the User does not change the settings, cookies will be stored in device memory. 

8. The User may change their preferences regarding the acceptance of cookies or change their browser so that they can receive the appropriate notification each time the cookie function is set. In order to change cookie acceptance settings, the browser settings must be adjusted. 

9. Please keep in mind that blocking or deleting cookies may prevent full use of the website. 

10. Cookies will be used for necessary session management, including: 

a. Creating a special login session for the User of the website so that the website remembers that the User is logged in and their requests are delivered in an efficient, secure and consistent manner. 

b. Recognizing a User who has visited the website before, which allows us to identify the number of unique users who have used the website and allows us to make sure that the website has enough capacity for the number of new users. 

c. Recognizing whether a website visitor is registered on the website. 

d. Recording information from the User's device, including: cookies, IP address, and information about the browser used, in order to be able to diagnose problems, administer and track site usage. 

e. Customize elements of the layout or content of the website. 

f. Collect statistical information about how Users use the website, in order to be able to improve the site and determine which areas of the site are most popular with Users.