PRIVACY POLICY / POLITYKA PRYWATNOŚCI / ПОЛІТИКА КОНФІДЕНЦІЙНОСТІ
This Privacy Policy is compliant with: EU GDPR (Regulation 2016/679) · Polish RODO · Ukrainian Law «On Personal Data Protection» No. 2297-VI.
🔒 We value your privacy. We collect only the data we need to process your order and improve your experience. We never sell your personal data to third parties. This Policy explains what data we collect, why, and what rights you have.
§1. Data Controller (Administrator Danych / Контролер Даних)
The controller of your personal data is:
| Field | Details |
|---|---|
| Name | Parla della morale |
| Contact email | [email protected] |
| Website | parladellamorale.com |
| Data protection requests | [email protected] |
If you have questions about how we handle your data, please contact us via email. We will respond within 30 days.
§2. What Personal Data We Collect
We collect the following categories of personal data:
| Category | Data Collected | Source |
|---|---|---|
| Order Data | Full name, phone number, email address, delivery address, city | Provided by you during checkout |
| Transaction Data | Order value, products purchased, payment method (not card details) | Generated during purchase |
| Technical Data | Language preference, theme preference (stored locally) | localStorage in your browser |
| Cookie Data | Cookie consent flag, cart contents | Your browser localStorage |
| Communication Data | Email content if you contact us | Provided by you |
We do not collect: payment card numbers (handled by payment processors), passwords, sensitive personal data (health, political views, etc.), or data from minors under 16 years of age.
§3. Legal Basis for Processing (Podstawa prawna / Правова підстава)
| Purpose | Legal Basis | GDPR Article |
|---|---|---|
| Processing your order | Performance of contract | Art. 6(1)(b) |
| Sending order notifications via Telegram | Legitimate interest of the Seller | Art. 6(1)(f) |
| Responding to enquiries / complaints | Legitimate interest / legal obligation | Art. 6(1)(c)(f) |
| Fulfilling legal obligations (accounting, tax) | Legal obligation | Art. 6(1)(c) |
| Cookie consent | Consent | Art. 6(1)(a) |
| Improving the Store (analytics) | Legitimate interest | Art. 6(1)(f) |
§4. How We Use Your Data
- To process, confirm, and fulfil your order
- To send order notifications to the Store operator via Telegram
- To handle your complaints, returns, and enquiries
- To comply with legal obligations (accounting records, tax purposes)
- To protect against fraud and abuse
We do not use your data for automated profiling or decisions that produce legal effects.
§5. Data Retention (Okres przechowywania / Термін зберігання)
| Data Type | Retention Period |
|---|---|
| Order and transaction data | 5 years from end of tax year (legal obligation) |
| Complaint and return records | 3 years from resolution |
| Email correspondence | 2 years from last communication |
| Cookie consent | Until withdrawn or browser data cleared |
| Cart & preferences (localStorage) | Stored locally on your device only; cleared by browser |
§6. Third-Party Data Sharing (Udostępnianie danych / Передача даних)
We do not sell your personal data. We share data only with trusted partners necessary for business operations:
- Delivery providers (InPost, DPD, Poczta Polska, Nova Poshta) — name and address to fulfil delivery
- Payment processors (Przelewy24, Apple Pay, Google Pay) — payment data is handled directly by the processor; we do not receive card details
- Telegram — order notifications are sent to the Store operator via Telegram Bot API; your name, phone, and order details are transmitted. Telegram's Privacy Policy applies.
- Cloudflare — our website is protected by Cloudflare (DDoS protection, DNS). IP addresses may be processed by Cloudflare under their Privacy Policy.
- DeepL — if you switch language, translatable UI text (not your personal data) is sent to DeepL API for translation and cached on our server.
- Hosting provider — server logs may contain IP addresses for security purposes
All third-party processors are contractually obligated to protect your data in compliance with GDPR.
§7. International Data Transfers
Some of our service providers (Telegram, Cloudflare, DeepL) may process data outside the European Economic Area (EEA). In such cases, appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions), as required by GDPR Chapter V.
Ukrainian users: Cross-border data transfers comply with the requirements of the Law of Ukraine «On Personal Data Protection» (Art. 29). Data may be transferred to countries that ensure an adequate level of protection.
§8. Your Rights (Twoje prawa / Ваші права)
Under GDPR and applicable national law, you have the following rights:
You can request a copy of the personal data we hold about you.
You can request correction of inaccurate or incomplete data.
You can request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
You can request restriction of processing in certain circumstances.
You can receive your data in a structured, machine-readable format.
You can object to processing based on legitimate interest.
Where processing is based on consent, you may withdraw it at any time.
You may complain to a supervisory authority (see §9).
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
§9. Supervisory Authorities (Organy nadzorcze / Наглядові органи)
Poland (RODO): You have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych — UODO), ul. Stawki 2, 00-193 Warsaw. Website: uodo.gov.pl
Ukraine: You have the right to lodge a complaint with the Commissioner for Human Rights of the Verkhovna Rada of Ukraine (Уповноважений Верховної Ради України з прав людини) or the Commissioner for Personal Data Protection.
§10. Cookies and Local Storage
Our website uses browser localStorage (not traditional server-set cookies) to store:
| Key | Purpose | Type |
|---|---|---|
| cart | Your shopping cart contents | Functional (necessary) |
| lang | Your preferred language | Functional (necessary) |
| theme | Your preferred colour theme | Functional (necessary) |
| cookiesAccepted | Record of cookie notice acceptance | Functional (necessary) |
| deepl_trans_* | Cached DeepL translations for performance | Performance |
All data is stored locally in your browser. We do not use tracking cookies, advertising cookies, or third-party analytics (Google Analytics, Facebook Pixel, etc.).
Cloudflare may set necessary security cookies for DDoS protection. These are technical and do not track personal behaviour.
You can clear all locally stored data at any time through your browser settings.
§11. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- HTTPS encryption for all data transmitted between your browser and our server
- Access restrictions — only necessary staff have access to order data
- Server-side protection of configuration files and sensitive data
- Regular security reviews
Despite these measures, no internet transmission is 100% secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours, as required by GDPR Art. 33.
§12. Children's Privacy
Our Store is not directed at persons under the age of 16. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete such data promptly.
§13. Changes to This Policy
We may update this Privacy Policy from time to time. The current version is always published on this page with the effective date clearly marked. Significant changes will be communicated via a notice on our website. Your continued use of the Store after changes constitutes acceptance of the updated Policy.
§14. Contact
For any privacy-related questions, data access requests, or complaints:
- 📧 Email: [email protected]
- 🕐 Response time: within 30 calendar days