PRIVACY POLICY OF THE KALAMAS WEBSITE

The KALAMAS online store operating at https://KALAMAS.pl is a service managed by KALAMAS Monika Bończa Tomaszewska, ul. Woziwody 40, 02-908 Warsaw, Poland, NIP: 5271661549.

This Policy defines the rules and conditions for the processing of personal data, fulfills the information obligations imposed on the personal data controller, and defines data security rules.

The obligation to include information on the processing of personal data on the website results from Regulation (EU) 2016/679 of the European Parliament and of the Council of 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the so-called “GDPR”.

§1 DEFINITIONS

Definitions applicable to the content of the Privacy Policy of the website https://kalamas.pl/:

ADMINISTRATOR (CONTROLLER) – KALAMAS Monika Bończa Tomaszewska with its registered office in Warsaw at ul. Woziwody 40, 02-908 Warsaw, NIP: 5271661549. Contact with the Administrator is possible via e-mail: kalamas.studio@gmail.com.

AFFILIATE – a natural person or an Entrepreneur with consumer rights having full legal capacity, and—on the terms and within the limits provided by generally applicable law—also a natural person with limited legal capacity, being a Consumer or an Entrepreneur with Consumer Rights, who participates in or joins the Affiliate Program.

PERSONAL DATA – information about an identified or identifiable natural person through one or more specific factors determining physical, physiological, genetic, mental, economic, cultural, or social identity, including the device’s IP, internet identifier, and information collected through cookies and other similar technology.

BUYER – a natural person visiting the Website or using one or more services or functionalities described in the Policy. A Consumer, entrepreneur, or entrepreneur with Consumer rights, who concludes a sales agreement in the KALAMAS Online Store or through KALAMAS Online Channels; the Buyer is also the SERVICE RECIPIENT.

ORGANIZER – KALAMAS Monika Bończa Tomaszewska, ul. Woziwody 40, 02-908 Warsaw, Poland, NIP: 5271661549. The Organizer is also the SERVICE PROVIDER or SELLER.

POLICY – this Privacy Policy – a document containing information addressed to Buyers about the scope of collected personal data and its use and processing in connection with the use of the KALAMAS Online Store and KALAMAS Online Channels by Buyers, including in connection with the conclusion and implementation of Sales Agreements and Product delivery. The document is available on the website of the KALAMAS Online Store at https://kalamas.pl/.

KALAMAS AFFILIATE PROGRAM – a loyalty program, the conditions of participation of which are included in the KALAMAS Affiliate Program Regulations available on the website of the KALAMAS Online Store at https://kalamas.pl/.

KALAMAS LOYALTY PROGRAM – a loyalty program, the conditions of participation of which are included in the KALAMAS Loyalty Program Regulations available on the website of the KALAMAS Online Store at https://kalamas.pl/.

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

WEBSITE – the website run by the Administrator at https://kalamas.pl/.

SELLER – KALAMAS Monika Bończa Tomaszewska, ul. Woziwody 40, 02-908 Warsaw, Poland, NIP: 5271661549. The Seller is also the SERVICE PROVIDER.

PARTICIPANT – a natural person having full legal capacity, who participates in or joins the Loyalty Program.

USER – a natural person being a Consumer or an Entrepreneur with Consumer Rights, who uses the Administrator’s Website.

§2 PROCESSING OF PERSONAL DATA

1. In connection with the use of the Website by natural persons, the Administrator collects data to the extent necessary to provide specific services offered.
2. Personal data of all persons using the Website are processed by the Administrator:a) for the purpose of providing electronic services (Art. 6(1)(b) GDPR);b) for the purpose of fulfilling legal obligations, in particular tax and accounting obligations (Art. 6(1)(c) GDPR);c) for the purpose of establishing and pursuing claims or defending against claims (Art. 6(1)(f) GDPR).
3. The Administrator provides the possibility of contact using an electronic contact form.
4. Placing an order requires providing data necessary for shipping and the implementation of the Sales Agreement.
5. To register for the Affiliate/Loyalty Program, the Organizer requires identification and contact data.
6. The Service Provider uses cookies to maintain the session and for statistical purposes.
7. Personal data processed for the purpose of handling inquiries are based on the Administrator’s legitimate interest (Art. 6(1)(f) GDPR) or consent (Art. 6(1)(a) GDPR).
8. Marketing content is directed exclusively based on the User’s separate consent (Art. 6(1)(a) GDPR).

§3 COOKIES

The Administrator uses cookies as part of the Website. The purposes and rules regarding the use of cookies can be found in the Cookies Policy made available on the Website.

§4 PERIOD OF PERSONAL DATA PROCESSING

1. Data are processed for the duration of the service provision or until consent is withdrawn/an objection is filed.
2. Data necessary for tax settlements are stored for a period of 5 years from the end of the calendar year in which the tax payment deadline expired.

§5 USER RIGHTS

1. The User has the right to access, rectify, delete, restrict processing, the right to data portability, and the right to lodge a complaint with the President of the Personal Data Protection Office.
2. The User has the right to object and the right to withdraw consent at any time.

§6 RECIPIENTS OF PERSONAL DATA

Data may be disclosed to: IT providers, an accounting office, payment operators (e.g., PayU, Stripe), and courier companies (e.g., DHL, InPost).

§7 TRANSFER OF PERSONAL DATA OUTSIDE THE EEA

The Administrator transfers data outside the EEA only if an adequate level of protection is ensured in accordance with GDPR requirements.

§8 SECURITY OF PERSONAL DATA

The Administrator applies technical and organizational data protection measures adequate to the risks.

§9 CHANGES TO THE PRIVACY POLICY

The current version of the Policy is effective as of 01.02.2026.