Privacy policy

1) Information about the collection of personal data and contact details of the data controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about the handling of your personal data when using our website. Personal data refers to any information that can be used to identify you personally.

1.2 The controller for data processing on this website, within the meaning of the General Data Protection Regulation (GDPR), is WickerPL Radomska Joanna, Łętownia 454, 37-312 Łętownia, Polen, Tel.: +48 885062620, E-Mail: shop@wickerstories.com. The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the data controller). You can recognize an encrypted connection by the "https://" string and the padlock symbol in your browser's address bar.

2) Data collection when visiting our website

When you use our website for informational purposes only, meaning when you do not register or provide us with information in any other way, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically required to display the website to you:

  • The website you visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/referral from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (possibly in anonymized form)

The processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR, based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used for other purposes. However, we reserve the right to review the server log files later if there are concrete indications of illegal use.

3) Cookies

To make your visit to our website more attractive and enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow your browser to be recognized on your next visit (so-called persistent cookies). When cookies are set, they collect and process certain user information such as browser and location data as well as IP address values on an individual basis. Persistent cookies are automatically deleted after a pre-defined period, which may vary depending on the cookie. You can view the duration of cookie storage in the cookie settings overview of your web browser.

Some cookies are used to simplify the order process by saving settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If some of the cookies we use also process personal data, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 Para. 1 lit. a GDPR in the case of consent, or in accordance with Art. 6 Para. 1 lit. f GDPR for the protection of our legitimate interests in ensuring the best possible functionality of the website and a user-friendly and effective design of the site visit.

Please note that you can configure your browser to be informed about the setting of cookies and decide individually whether to accept them, or to exclude the acceptance of cookies for specific cases or generally. Each browser differs in how it manages cookie settings. These settings are described in the help menu of each browser, which explains how you can change your cookie settings. You can find them for the respective browsers at the following links:

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting Us

When contacting us (e.g., via a contact form or email), personal data is collected. The specific data collected when using a contact form can be found in the respective contact form. These data are stored and used solely for the purpose of responding to your inquiry or for contact purposes and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Article 6(1)(f) GDPR. If your contact aims to conclude a contract, the additional legal basis for processing is Article 6(1)(b) GDPR. Your data will be deleted after the final processing of your request. This is the case when it is clear from the circumstances that the matter has been conclusively resolved, and there are no legal retention obligations preventing the deletion.

5) Data Processing for Creating a Customer Account and Contract Execution

In accordance with Article 6(1)(b) GDPR, personal data will also be collected and processed when you provide it to us for the execution of a contract or for the creation of a customer account. The data collected is evident from the respective input forms. Deletion of your customer account is possible at any time and can be carried out by sending a message to the above address of the responsible party. We store and use the data you provide for contract execution. After the full completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods expire, unless you have expressly consented to further use of your data or further data use has been legally reserved on our part.

6) Comment Function

As part of the comment function on this website, alongside your comment, the time of its creation and the commentator name you chose will also be stored and published on the website. Additionally, your IP address will be recorded and stored. This storage of the IP address is done for security reasons and in case the person concerned violates the rights of third parties or posts illegal content through a comment. We need your email address to contact you if a third party should contest your published content as illegal. The legal bases for storing your data are Articles 6(1)(b) and (f) GDPR. We reserve the right to delete comments if they are contested by third parties as unlawful.

7) Use of Customer Data for Direct Marketing

7.1 Subscription to Our Email Newsletter
When you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory data required for sending the newsletter is your email address. Providing additional data is voluntary and is used to address you personally. We use a so-called Double Opt-in procedure for sending the newsletter. This means that we will only send you an email newsletter after you have explicitly confirmed that you agree to receive the newsletter. We will then send you a confirmation email, asking you to confirm your subscription by clicking on a corresponding link.
By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) GDPR. When registering for the newsletter, we store your IP address assigned by your Internet Service Provider (ISP) as well as the date and time of registration in order to trace any potential misuse of your email address at a later time. The data we collect during the newsletter registration will only be used for the purpose of advertising communication through the newsletter. You can unsubscribe from the newsletter at any time using the designated link in the newsletter or by sending an appropriate message to the administrator mentioned at the beginning. After unsubscribing, your email address will be promptly deleted from our newsletter distribution list, unless you have explicitly consented to further use of your data or we have reserved the right to use your data in a way that is legally permitted and which we inform you about in this declaration.

7.2 Sending the Email Newsletter to Existing Customers
If you provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services to those you have already purchased from our range via email. For this, we do not need to obtain separate consent from you according to § 7(3) of the German Unfair Competition Act (UWG). Data processing in this case is solely based on our legitimate interest in personalized direct marketing in accordance with Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send you any emails. You have the right to object to the use of your email address for this marketing purpose at any time with effect for the future by contacting the administrator mentioned at the beginning. For this, you will only incur transmission costs based on basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be immediately discontinued.

8) Data Processing for Order Fulfillment

8.1 - Transmitting Image Files for Order Fulfillment via Upload Function
On our website, we offer customers the opportunity to personalize products by submitting image files via an upload function. The submitted image is used as a template for personalizing the selected product.
Through the upload form on the website, the customer can send one or more image files from the storage of their device directly to us via automated, encrypted data transfer. We collect, store, and use the transmitted files solely for the purpose of creating the personalized product as described on our website. If the transmitted image files are shared with specific service providers for the production and processing of the order, you will be explicitly informed about this in the following paragraphs. No further disclosure will take place. If the transmitted files or digital motifs contain personal data (especially images of identifiable individuals), all of the aforementioned processing activities will take place solely for the purpose of fulfilling your online order in accordance with Article 6(1)(b) GDPR. After the completion of the order, the transmitted image files will be automatically and fully deleted.

- Transmitting Image Files for Order Fulfillment via Email
On our website, we offer customers the opportunity to personalize products by submitting image files via email. The submitted image is used as a template for personalizing the selected product.
Through the email address provided on the website, the customer can send one or more image files from the storage of their device to us. We collect, store, and use the transmitted files solely for the purpose of creating the personalized product as described on our website. If the transmitted image files are shared with specific service providers for the production and processing of the order, you will be explicitly informed about this in the following paragraphs. No further disclosure will take place. If the transmitted files or digital motifs contain personal data (especially images of identifiable individuals), all of the aforementioned processing activities will take place solely for the purpose of fulfilling your online order in accordance with Article 6(1)(b) GDPR. After the completion of the order, the transmitted image files will be automatically and fully deleted.

8.2 To fulfill your order, we work with the following service providers who assist us in whole or in part with the execution of the contracts concluded. Certain personal data will be transmitted to these service providers according to the information provided below.
The personal data we collect will be passed on to the transport company commissioned with the delivery of the goods, to the extent necessary for the delivery of the goods. Your payment data will be passed on to the bank we have commissioned for the payment processing, to the extent necessary for payment processing. If payment service providers are used, we will explicitly inform you about this below. The legal basis for the transfer of data is Article 6(1)(b) GDPR.

8.3 To fulfill our contractual obligations to our customers, we work with external shipping partners. We will only pass on your name, delivery address, and, if necessary for delivery, your phone number, exclusively for the purposes of the delivery of goods, in accordance with Article 6(1)(b) GDPR, to a shipping partner selected by us.

8.4 Transfer of Personal Data to Shipping Service Providers

  • DPD If the delivery of goods is carried out by the transport service provider DPD Polska Sp. z o.o. (Mineralna 15, 02-274 Warsaw), we will transfer your email address and telephone number to DPD prior to delivery of the goods, according to Art. 6(1)(a) GDPR, for the purpose of coordinating a delivery date or announcing delivery, provided that you have given your explicit consent for this during the order process. Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to DPD in accordance with Art. 6(1)(b) GDPR. Data will only be transferred as far as necessary for the delivery of the goods. In this case, prior coordination of the delivery date with DPD or delivery notifications are not possible. You can revoke your consent at any time with effect for the future, either to the responsible party indicated above or to the transport service provider DPD.
  • GLS If the delivery of goods is carried out by the transport service provider GLS (General Logistics Systems Poland Sp. z o.o., ul. Tęczowa 10, Głuchowo, 62-052 Komorniki), we will transfer your email address to GLS prior to delivery of the goods according to Art. 6(1)(a) GDPR, for the purpose of coordinating a delivery date or announcing delivery, provided that you have given your explicit consent for this during the order process. Otherwise, for the purpose of delivery, we will only provide the recipient's name and delivery address to GLS in accordance with Art. 6(1)(b) GDPR. Data will only be transferred as far as necessary for the delivery of the goods. In this case, prior coordination of the delivery date with GLS or transmission of shipment status information is not possible. You can revoke your consent at any time with effect for the future, either to the responsible party indicated above or to the transport service provider GLS.

8.5 Use of Payment Service Providers (Payment Services)

  • PayPal If you pay via PayPal, credit card via PayPal, direct debit via PayPal, or, if offered, "purchase on account" or "installment payment" via PayPal, we will pass on your payment data as part of the payment processing to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), in accordance with Art. 6(1)(b) GDPR and only to the extent necessary for the payment processing. For payment methods such as credit card via PayPal, direct debit via PayPal, or, if offered, "purchase on account" or "installment payment" via PayPal, PayPal reserves the right to conduct a credit check. For this purpose, your payment data may be transferred to credit agencies in accordance with Art. 6(1)(f) GDPR, based on PayPal's legitimate interest in determining your creditworthiness. The result of the credit check regarding the statistical probability of default is used by PayPal for the purpose of deciding on the provision of the respective payment method. The credit check may include probability values (so-called score values). If score values are included in the result of the credit check, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other factors, may be included in the calculation of score values. For further information on data protection, including the credit agencies used, please refer to PayPal's privacy policy: PayPal Privacy Policy You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractual payment processing.

9) Contact for Review Reminder
Own Review Reminder (No Use of Customer Review System)
We use your email address to send a one-time reminder to submit a review for your order in the review system we use, provided that you have given us your explicit consent during or after your order in accordance with Art. 6(1)(a) GDPR.
You can withdraw your consent at any time by sending a message to the data controller responsible for processing.

10) Rights of the Data Subject
10.1 The applicable data protection law grants you comprehensive rights concerning the processing of your personal data by the Controller (rights of access and intervention), which we inform you about below:
Right of access according to Art. 15 GDPR: You have the right to obtain information about your personal data processed by us, the purposes of processing, the categories of processed personal data, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage duration or the criteria for determining the storage duration, the existence of the right to rectification, erasure, restriction of processing, objection to processing, filing a complaint with a supervisory authority, the source of your data if it has not been collected by us from you, the existence of automated decision-making, including profiling, and if applicable, meaningful information about the involved logic, the scope concerning you, and the intended effects of such processing, as well as your right to be informed about the guarantees in accordance with Art. 46 GDPR in case of the transfer of your data to third countries;
Right to rectification according to Art. 16 GDPR: You have the right to have inaccurate data concerning you rectified without undue delay and/or to complete incomplete data stored by us;
Right to erasure according to Art. 17 GDPR: You have the right to request the erasure of your personal data where the conditions of Art. 17(1) GDPR are met. However, this right does not apply, particularly if the processing is necessary for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
Right to restriction of processing according to Art. 18 GDPR: You have the right to request the restriction of processing of your personal data as long as the accuracy of your data is contested, if you refuse the erasure of your data due to unlawful processing and instead request the restriction of processing, if you need your data for the establishment, exercise, or defense of legal claims after we no longer require this data for the purposes of processing, or if you have objected to processing due to your particular situation, as long as it is not yet determined whether our legitimate reasons override your interests;
Right to notification according to Art. 19 GDPR: If you have exercised your right to rectification, erasure, or restriction of processing against the Controller, they are required to notify all recipients to whom your personal data has been disclosed about the rectification, erasure of data, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients;
Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, or to request the transfer to another Controller, insofar as this is technically feasible;
Right to withdraw consent according to Art. 7(3) GDPR: You have the right to withdraw your consent to the processing of your data at any time with future effect. In the event of withdrawal, we will delete the affected data without undue delay, unless further processing can be based on a legal ground for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;
Right to lodge a complaint according to Art. 77 GDPR: If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work, or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.

10.2 Right to Object
If we process your personal data based on our overriding legitimate interest as part of a balancing of interests, you have the right to object to this processing at any time, for reasons arising from your particular situation, with effect for the future.
If you exercise your right to object, we will cease processing the affected data. However, further processing may be allowed if we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.
If your personal data is processed by us for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes. You can exercise your right to object as described above.
If you exercise your right to object, we will cease processing the affected data for direct marketing purposes.

11) Duration of Storage of Personal Data
The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and – where applicable – by the respective statutory retention periods (e.g., commercial and tax law retention periods).
When processing personal data based on explicit consent in accordance with Article 6(1)(a) GDPR, the data will be stored as long as the data subject does not withdraw their consent.
If statutory retention periods exist for data processed in the context of contractual or similar obligations based on Article 6(1)(b) GDPR, the data will be routinely deleted after the expiration of the retention periods, unless they are still needed for the performance of the contract or pre-contractual measures and/or we no longer have a legitimate interest in retaining the data.
When processing personal data based on Article 6(1)(f) GDPR, the data will be stored until the data subject exercises their right to object under Article 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing is necessary for the establishment, exercise, or defense of legal claims.
When processing personal data for direct marketing purposes based on Article 6(1)(f) GDPR, the data will be stored until the data subject exercises their right to object under Article 21(2) GDPR.
Unless otherwise specified in the additional information in this statement about specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.