Privacy Policy

This Privacy Policy and Cookies Policy contains information regarding the processing of personal data that you may provide to the Administrator when using the Website and using Cookies. The administrator reserves the right to make changes to the privacy policy. The reasons for introducing changes may be changes in legal regulations, the development of Internet technology, the use of new tools by the Administrator and other objective reasons.

§1 Who is an administrator of your personal data?

The administrator of personal data is Agnieszka Dubowska, running a business under the name boWOOLę handmade by Agnieszka Dubowska at Wilczogóra 62-550, ul. Wrzosowa 6, NIP: 6653038264 in accordance with the document generated from the Central Registration and Information on Economic Activity system (CEIDG).

Contact with the Administrator is possible at the above-mentioned address or e-mail address: and telephone number: + 48791409209.

When contacting the Administrator via e-mail address, contact form, social media and other communication channels, you provide your personal data, for example your name and e-mail address.

The Administrator attaches great importance to the security and legality of the processing of Users’ personal data. The User’s personal data are processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC hereinafter referred to as “GDPR” and other currently applicable provisions of law on the protection of personal data.

§2 Definitions

Administrator – Agnieszka Dubowska running a business under the name boWOOLę handmade by Agnieszka Dubowska at Wilczogóra 62-550, ul. Wrzosowa 6, NIP: 6653038264 in accordance with the document generated from the Central Registration and Information on Economic Activity system (CEIDG)

Personal data – Information that identifies or allows the identification of a specific person, e.g. name and surname, residential address, telephone number, e-mail address, sensitive data such as measurements of body.

Policy – This Privacy Policy

GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Service/Shop – Website at: and all its subpages, through which the User can place orders, view its content, contact the Administrator, and order commercial and marketing information via the Newsletter service.

User – Any natural person visiting the Website, social media run by the Administrator or using one or more services or functionalities described in the Privacy Policy.

§3 What personal data is processed by the administrator while using the website?

The website allows the User to contact the Administrator and provide him with identification, contact and message data.

The Administrator collects data related to Users’ activity, such as time spent on the website, search phrases, number of subpages displayed, date and source of visits.

The Personal Data Administrator comes into possession of the User’s data in most cases due to the User’s actions, i.e. if the User contacts the Administrator, places an order, sends complaints, withdraws from the contract, subscribes to the Newsletter.

In connection with the User’s use of the Website, the Administrator collects data to the extent necessary to provide the individual services offered or conclude the Agreement, e.g. name, surname, residential address, e-mail address as well as special categories of personal data (so-called sensitive data, e.g. information about body dimensions).

In order to subscribe to the Administrator’s Newsletter, the Administrator collects the following data: name, e-mail address.

Detailed principles and purposes of processing personal data collected while using the Website are described below.

§4 For what purposes and on what legal basis is it processed by the administrator?

Personal data of all people using the Website are processed by the Administrator for the following purposes:

Preparation and implementation of the Sales Agreement – as well as the implementation of the rights arising therefrom. The data is processed pursuant to Art. 6 section 1 letter b) GDPR;

Analyzing network traffic, ensuring security within the Website and customizing content. The data is processed pursuant to Art. 6 section 1 letter f) GDPR;

Replying to correspondence, forwarding the ordered offer and conducting correspondence. Data is processed pursuant to Art. 6 section 1 letter a) and f) GDPR;

Providing and displaying content on the Website – for this purpose, the Administrator collects personal data in the form of: IP address, cookies. The data is processed pursuant to Art. 6(1)(f) GDPR;

Establishing, defending and pursuing claims – the legal basis for processing is the legitimate interest of the Administrator, consisting in the protection of his rights. The data is processed pursuant to Art. 6 section 1 letter f) GDPR;

Posting opinions by the User about the services provided by the Administrator or Goods and conducting opinion research through surveys. The data is processed pursuant to Art. 6 section 1 letter a) GDPR, i.e. consent of the data subject;

The use of cookies on the Website and its subpages pursuant to Art. 6 section 1 letter a) GDPR, i.e. consent of the data subject;

For analytical and statistical purposes – consisting in conducting analyzes of Users’ activity on the Website in order to improve the functionalities used. The data is processed pursuant to Art. 6 section 1 letter f) GDPR;

Sending ordered marketing information electronically (Newsletter). The data is processed pursuant to Art. 6 section 1 letter a) GDPR);

In order to contact the Administrator, you can contact him using the electronic contact form. Using the form requires providing personal data necessary to establish contact. The user may also provide other data to facilitate contact or handling of the inquiry. Providing data marked as mandatory is required to accept and handle the inquiry, and failure to provide it results in the inability to process it. Providing other data is voluntary. Personal data is processed to identify the sender and handle his inquiry sent via the form provided. The data is processed pursuant to Art. 6 section 1 letter b GDPR; in the scope of optional data, the legal basis for processing is consent (Article 6(1)(a) of the GDPR).

§5 User rights related to the processing of their personal data

The GDPR grants the following rights related to the processing of personal data:

  • The right to be informed about the processing of personal data and to receive a copy thereof (Article 12 of the GDPR);
  • The right to access your personal data (15 GDPR);
  • The right to correct, supplement, update and rectify personal data (16 GDPR);
  • The right to delete data (right to be forgotten) (Article 17 of the GDPR);
  • The right to restrict processing referred to in (Article 18 of the GDPR);
  • The right to object to the processing of personal data (Article 21 of the GDPR);
  • The right to lodge a complaint with the supervisory authority (i.e. the President of the Personal Data Protection Office) (Article 77 of the GDPR);

Not all of these rights will be available to the User always and in every case. This is related to the nature of the law. Failure to provide the required data prevents the execution of a distance contract, the issuance of a bill or invoice, or contact at the request of the data subject.

§6 How long we retain personal data?

The period of processing of the User’s personal data by the Administrator depends on the type of service provided and the purpose of processing.

The User’s personal data will be stored until the consent is withdrawn or until the matter is resolved or the implementation of the Agreement is completed.

Conclusion and implementation of the Sales Agreement, including distance sales – for the period necessary to document the completed contract, including issuing an invoice or invoice – 5 years from the end of the calendar year in which the tax payment deadline expired.

Data related to web traffic analysis collected via cookies and similar technologies may be stored until the cookie expires. Some cookies never expire, therefore the data storage time will be equivalent to the time necessary for the Administrator to achieve the purposes of data collection, such as ensuring security and analyzing historical data related to website traffic.

The data processing period may be extended if processing is necessary to establish and pursue possible claims or defend against claims, and after that time only if and to the extent required by law. After the processing period has expired, the data is irreversibly deleted or anonymized.

§7 Data safety

The User’s personal data is stored and protected with due care, in accordance with the Administrator’s implemented internal procedures. The Administrator processes information about the User using appropriate technical and organizational measures that meet the requirements of generally applicable law, in particular the provisions on the protection of personal data. These measures are primarily intended to protect Users’ personal data against access by unauthorized persons. In particular, only authorized persons who are obliged to keep this data secret have access to Users’ personal data.

At the same time, the User should exercise due diligence in securing his/her personal data transmitted via the Internet, in particular not disclosing his/her login data to third parties, using anti-virus protection and updating the software.

§8 Transfer of data to third parties

The User’s personal data may be transferred to third parties whose services the Administrator uses in connection with running the Website, for example:

  • website hosting;
  • Providing legal services;
  • Conducting accounting services;
  • Courier services broker
  • Maintaining and sending the newsletter;
  • Operating the payment system and electronic transactions;
  • Service and maintenance of IT systems in which data is processed, including for the purpose of automating the Newsletter, issuing invoices, handling orders, etc.;

Personal data may be processed outside the European Economic Area in the so-called a third country, in particular in the United States of America in connection with the Administrator’s use of IT solutions whose servers are located outside the European Economic Area. The basis for data processing in third countries will be the European Commission Decision 2021/914 on standard contractual clauses for the transfer of personal data to third countries. The data administrator and the service provider will provide the highest guarantees of protection of the entrusted data. Data processing will not violate the privacy of individuals.

Entities processing data in the European Economic Area:

  • Katarzyna Madej, Pabianicka 27/29/81, 93-506 Łódź, NIP 9820278041 in the field of accounting services;
  • zenbox sp. z o. o. 42-200 Częstochowa, ul. Dąbrowskiego 7, NIP: PL9492191021 in the scope of obtaining technical and administrative support in the field of running the website, including the online store;
  • Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland (previously Facebooka Ireland Limited) in the field of social media management;
  • Facebook Ireland Ltd. – in the use of Meta Platforms (Facebook) advertising tools and entrusting data within a group of custom recipients;
  • ING Usługi dla Biznesu S.A., based in Katowice 40-121, ul. Chorzowska 50, entered into the register of entrepreneurs at the District Court Katowice-Wschód, 8th Commercial Division of the National Court Register, under KRS number: 0000408358, REGON: 242834901, NIP: 6342805313 – in the scope of issuing accounting documents;
  • Other contractors or subcontractors engaged in technical and administrative services or providing legal assistance to the Administrator and its clients, e.g. accounting assistance, lawyers, etc.
  • Offices, e.g. the tax office – in order to fulfill legal and tax obligations related to settlements and accounting.

Entities processing data outside the European Economic Area:

  • Google Analytics by Google LLC – regarding the use of Website security tools and statistics analysis tools (Google Analystics).
  • Google Analytics by Google LLC – regarding marketing tools;
  • As part of the Administrator’s business, social media plug-ins have also been embedded on the website. The purpose and scope of data collection and its further processing and use by service providers are described in the privacy policies indicated below:
  • Facebook –
  • Instagram-
  • Pinterest –
  • Etsy –

§9 Cookies and tracking technologies

This website uses cookies.

During your first visit to the Website, information about the use of cookies is displayed. Not changing your browser settings is tantamount to consenting to their use.

The website enables the collection of information about the user via cookies and similar technologies, the use of which most often involves installing this tool on the user’s device (computer, smartphone, etc.). This information is used to remember the user’s decisions (selection of font, contrast, acceptance of the policy), maintain the user’s session (e.g. after logging in), remember the password (with consent), collect information about the user’s device and his visit to ensure security, but also analysis of visits and adjustment of content.

Information obtained through cookies and similar technologies is not combined with other data of website users, nor is it used to identify them by the Administrator.

Cookies are short text information saved on the device the User uses to browse websites.

They can be read by the Administrator (“own cookies”, which the Administrator uses to ensure the proper operation of this website), as well as by systems belonging to other entities whose services the Administrator uses (“external cookies”).

The user has the right to change cookie settings from his browser or delete them.

The user can also use the website in the so-called incognito mode, which blocks the possibility of collecting data about his visit.

This website uses the following tracking technologies:
social plug-ins such as: Facebook, Instagram, Pinterest, Etsy;
analytical and marketing tools such as: Google Analytics, Facebook Pixel.

§10 Server logs

Using the website involves sending queries to the server on which the website is located. Each query sent to the server is saved in the server logs, which include, among others: the IP address of the computer from which the query came; language; request arrival time; browser information; access hours and address of the website from which the User was redirected; information about the web browser or information system used by the User.

The data saved in the server logs are not associated with specific people using the website and are used as auxiliary material for administrative purposes.

Logs are saved and stored on the server

The Administrator does not use server logs in any way to identify the User.

§11 Social media

The administrator has profiles on the social media Facebook and Instagram (referred to as “fan pages”). Content, offers and product recommendations are regularly published and shared on fanpages.

The administrator of social networking sites records user behavior using cookies and other similar technologies during each interaction with our fan pages and other Facebook and Instagram websites.

Administrators of social networking sites have access to general statistics regarding the interests and demographic data (such as age, gender, place of residence) of users visiting fan pages. As part of the use of social networking sites, the scope and purposes of data processing on social networking sites are determined by the administrators of these sites.

Scroll to Top