Hi there!

If you have found your way to this page, it means the protection of your personal data matters to you. I want to assure you that I care deeply about your privacy. To protect it, I have implemented not only legal measures but also technical safeguards to further enhance security.

In accordance with GDPR, below I present the principles for processing your personal data. Please, review the key points regarding your data, and if you have any questions about this Privacy Policy, feel free to contact me at: maryla@swedishness.se

§1 Who is the Controller of your personal data?

The Controller of your personal data is Maryla Denka, operating the business activity registered under the name Maryla Denka (trading under the brand: Swedishness), NIP (Polish VAT identification number): 9512455754, REGON: 369494772, address: Husarii 29, 02-951 Warszawa.

You can contact the Controller by emailing: maryla@swedishness.se

§2 For what purpose do we collect your data and how long do we store it?

We may process your data for the following purposes:

1. Communication with you, including responding to inquiries submitted via contact forms, email, etc.

Data is processed based on the Controller’s legitimate interest in communicating with Website Users (Art. 6(1)(f) of the GDPR). Data will be processed no longer than until you object or the business purpose ceases. Providing this data is voluntary but necessary for communication. Data may also be processed while archiving for internal purposes based on legitimate interest of the Controller (Art. 6(1)(f) of the GDPR) until an objection is raised or the business purpose ceases.

2. Entering into and performing contracts (placing an order);

3. Establishing, defending, and pursuing claims;

4. Fulfilment of the Controller’s legal obligations (e.g., tax and archiving duties);

Data necessary for entering and performing a contract will be processed for the duration of the contract and the period of exercising rights under the contract, e.g., warranty rights (Art. 6(1)(b) and (f) of the GDPR). Providing such data is voluntary but necessary to enter and perform the contract.

Additional data provided, among others, to enhance performing a contract will be processed no longer than until you object or the business purpose ceases, based on legitimate interest in form of customer service (Art. 6(1)(f) of the GDPR).

After this period, the data will be processed for the duration of the limitation period for claims, based on the Controller’s legitimate interest in defending against claims, as well as for the purpose of establishing and pursuing claims (Article 6(1)(f) of the GDPR).

Data required for compliance with legal obligations of the Controller (e.g., issuing and retaining invoices, compliance with procedures stipulated by the Digital Services Act) will be processed for up to 6 years (statutory archiving obligations related to accounting document) unless legal regulations specify otherwise (Art. 6(1)(c) of the GDPR).

Personal data may also be retained for internal administrative and statistical purposes until an objection is raised or the business purpose ceases, based on legitimate interest of the Controller (Art. 6(1)(f) of the GDPR).

5. Providing marketing/commercial information (hereinafter referred to as Marketing Information) including, among others, the delivery of newsletters, information about services, products, promotions, free content);

a. Data is processed based on the Controller’s legitimate interest in marketing its products and services (Art. 6(1)(f) of the GDPR).

Under Article 398 of the Electronic Communications Act, your consent is required for maintaining commercial / marketing communications. You can withdraw your consent at any time:

– by clicking the link in the email footer or contacting me at the email address provided above (for email communications).

Providing data is voluntary but necessary to receive Marketing Information. Withdrawal from receiving Marketing Information prevents the delivery of Marketing Information to you.

b. Data collected under your consent for the delivery of Marketing Information including, among others, automatically collected data (e.g., IP address) will also be processed based on the Controller’s legitimate interest (Art. 6(1)(f) of the GDPR), namely the analysis of behaviors for the purpose of optimizing marketing efforts. Data is processed for analytical and statistical purposes.

c. Your data may also be archived to establish, pursue, or defend claims, ensuring that marketing activities were conducted lawfully (Art. 6(1)(f) of the GDPR).

d. Data processed pursuant to Article 6(1)(f) of the GDPR will be processed no longer than until you object or the business purpose ceases — whichever occurs first.

6. Administering and managing the website and social media groups (e.g., Facebook (Meta), Instagram, LinkedIn), in the case of data processing on social media platforms, including communication and targeting of marketing content.

Data will be processed only if you like the page / join the group / select the 'Follow’ option or leave your data on the platform under my management in any other way, e.g., by leaving a comment/post. Data will be processed for the lifetime of the page/group or until you object by unliking/unfollowing or deleting the comment/post or by any other means provided within the platform/page, or by contacting me. Please note that the rules related to the page/fanpage/group are established by the Controller, while the terms of use of the social media platform hosting the page/fanpage/group are determined by the entity managing those platforms.

7. Analytical and statistical purposes;

Data processing for analytical and statistical purposes involves, in particular, the analysis of data automatically collected during the use of the Website, including cookies. The data are processed based on the legitimate interest of the Controller, which consists of tailoring the website content to the User’s preferences and optimizing the use of the Website; creating statistics that help understand how Users interact with the website, enabling improvements to its structure and content (Article 6(1)(f) of the GDPR). Data may also be archived for internal and statistical purposes based on the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), until you object or the business purpose ceases to exist.

8. Recovering abandoned carts;

If you do not complete your order, you will receive a reminder about the order that was started but not finalized. The data will be processed on the basis of the Controller’s legitimate interest in servicing potential and actual customers (Article 6(1)(f) of the GDPR). This data will be processed for as long as necessary to achieve business purposes or until an objection is raised.

9. Posting comments;

The data visible on our Website alongside a posted comment are processed by us for the purpose of administering and operating the Website, as well as for communication with you, based on the Controller’s legitimate interest (Article 6(1)(f) of the GDPR). The data will be processed for as long as necessary to achieve business purposes or until an objection is raised.

10. Promoting and marketing products;

If you provide us with your data, in particular in the form of a review concerning a product or service, including image data, it will be processed based on the Controller’s legitimate interest in marketing, for the purpose of improving the quality of services and products, as well as promoting the Controller’s services and products. The data will be processed for as long as necessary to achieve business purposes or until an objection is raised. Providing data is voluntary.

§3 Who can your data be shared with?

We share your data only when necessary to achieve the processing purposes outlined in §2 and only to the extent required to achieve this purpose. Typically, we collect and process only the data you voluntarily provide, except for automatically collected data (cookies). More about cookies is in §7.

If necessary, your data may be shared with entities we cooperate with in order to achieve the above-mentioned purposes, in particular with the hosting provider, IT service provider / the entity managing the website, accounting and bookkeeping service provider, newsletter service provider, cloud service provider, marketing service providers, administrative service providers, legal advisors, couriers or postal operators, social media platforms, appointment scheduling platforms, platforms for product sharing or service delivery, and other entities supporting the Controller in achieving the purposes of data processing.

As a rule, data will not be transferred outside the EEA, subject to the situations described below. In other cases, if data are transferred outside the EEA, such transfer will take place based on your consent, standard contractual clauses, or other safeguards provided for under the GDPR, following, among other things, the fulfillment of the information obligation.

Services provided by Google and Facebook (Meta) are generally hosted within the EU, but due to the global nature of their operations, data may be transferred to the USA due to its storage on U.S. servers (in whole or in part). Google and Facebook have implemented GDPR-compliant safeguards via standard contractual clauses. More details are available in their respective Privacy Policies.

§4 What are your rights?

Under GDPR, you have the right to access your personal data, rectify your data, delete your data, restrict data processing, object to data processing, data portability, withdraw your consent to the processing of data; the withdrawal of consent does not affect the lawfulness of the processing carried out before its withdrawal. Detailed information regarding these rights can be found in the GDPR, i.e., Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

If you believe your data is processed unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO). In such a case, I encourage you to contact me first to clarify any concerns.

§5 Is your data subject to profiling?

The Controller processes personal data in an automated manner using tools provided by software vendors (e.g., through statistics, history), solely to the extent that does not produce any legal effects for you or significantly affect your situation, including your guaranteed rights and freedoms. The purpose of automated data processing is to understand Users’ preferences (more information about the analysis can be found in §7 of the Cookie Policy).

§6 Applicable law for personal data matters

Where not regulated, applicable laws include relevant European legislation (especially GDPR).

§7 Cookie Policy

The Website does not automatically collect any information except for information contained in cookies. These data are collected in a manner that prevents the identification of the User, so-called anonymous data.

Cookies are IT data, particularly text files, which are stored on the User’s end device and are intended for use with the Website. Cookies typically contain the name of the website from which they originate, the duration of their storage on the end device, and a unique number.

Cookies are used to: tailor the content of the Website to the User’s preferences and optimize the use of the Website, as well as to create statistics that help understand how Users use the Website, which enables improving its structure and content.

You can independently change the settings regarding cookies. In many cases, the web browser by default allows the storage of cookies on the User’s end device. Detailed information about the possibilities and methods of handling cookies is available in the software settings (web browser). Not consenting to cookies may limit the functionality of some features on the Website.

The Controller uses technologies that monitor actions taken by the User within the Website:

– Facebook conversion pixel (Meta) provided by Meta Platforms Ireland Limited – for managing advertisements on Meta and conducting remarketing activities; the Facebook Pixel is a piece of code published on the website that allows reaching the target group based on data from people who used the website. Through the Facebook Pixel function, it is possible to display published ads on Meta platforms only to portal users who showed interest in products or services or have common factors with the aforementioned persons. These data are processed based on the Controller’s legitimate interest (Article 6(1)(f) of the GDPR). Detailed information about the Facebook Pixel can be found in Facebook’s (Meta) Privacy Policy.

– Google tools, including Google Analytics, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data collected through the use of this tool is used for analyzing the Website’s statistics. Google Analytics uses its own cookies to analyze Users’ actions and behavior on the Website. These cookies store information such as from which site the User arrived at the current website. They help improve the Website. These data are processed based on the Controller’s legitimate interest (Article 6(1)(f) of the GDPR). Detailed information about Google Analytics can be found on the Google tools usage policy page.

§8 Social Media Plugins

The Website uses plugins, widgets, and tools provided by platforms like Facebook (Meta), Instagram, YouTube, LinkedIn. Data processing principles are outlined in the Privacy Policies of those platforms.

§9 Joint Controllership

Data processed for statistical purposes within the Facebook (Meta) platform are jointly controlled by the Controller and Meta Platforms Ireland Limited, located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as the Joint Controller. Detailed rules regarding joint data control, including information about the rights you are entitled to, are described in the Privacy Policy.

Data processed within the LinkedIn platform are jointly controlled by the Controller and LinkedIn Ireland Unlimited Company, located at Legal Dept. (Privacy Policy and User Agreement), Wilton Place, Dublin 2, Ireland, hereinafter referred to as the Joint Controller. Detailed rules regarding joint data control, including information about the rights you are entitled to, are described in the Privacy Policy.

The Controller processes data based on legitimate interest for analysis the Users’ activity, as well as preferences, in order to improve the functionalities and services provided by the Controller. You may contact both the Controller and the Joint Controllers regarding personal data matters.

—

This Privacy Policy is effective as of May 17, 2025.