PRIVACY POLICY OF THE ONLINE STORE REBRANDTWEAR.COM
This Privacy Policy (hereinafter referred to as the “Policy”) sets out the rules for the processing of personal data of individuals using the online store operated by the Data Controller at www.rebrandtwear.com (hereinafter referred to as the “Store”), including in particular Store Customers, Newsletter subscribers, and persons contacting the Data Controller.
This Policy applies to all cases of personal data processing carried out in connection with the use of the Store, regardless of the country of residence of the data subject.All capitalized terms used in this Policy that are not defined otherwise shall have the meaning assigned to them in the Store’s Terms and Conditions available at: TERMS & CONDITIONS
Personal Data Controller
The controller of personal data is Karolina Buczyńska, conducting business activity under the name Karolina Buczyńska, with its registered office in Warsaw (003-289), ul. Ludwika Pasteura 6a/15, Poland,
VAT ID (NIP): 5252868781
(hereinafter referred to as the “Controller”).
The Controller processes personal data in accordance with applicable laws, in particular in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).
Contact with the Controller
In all matters related to the processing of personal data, including the exercise of the rights of data subjects, the Controller may be contacted:a) electronically – via e-mail at: contact@rebrandtwear.com
b) in writing – at the Controller’s registered office address.
Information on the Processing of Personal Data
The use of the Store involves the processing of personal data. Below you will find detailed information regarding the purposes, scope, legal bases, storage periods, and whether the provision of personal data is mandatory or voluntary.
Creation and maintenance of a Store Account
| Purpose of processing | Personal data processed | Legal basis |
| Creation and maintenance of the Client’s Account | e-mail address password data provided by the Client in the account registration form order history correspondence history conducted via the Account | Article 6(1)(b) of the GDPR (processing is necessary for the performance of a contract for the creation and maintenance of the Client’s Account, concluded at the Client’s request) |
Providing the above personal data is voluntary; however, failure to provide such data will make it impossible to create and use a Store Account.
Personal data processed in connection with the maintenance of the Account shall be processed for the duration of the Client’s Account, and after its deletion – for the period required by applicable law or until the expiry of any potential claims
Conclusion and performance of the sales agreement for Personalized Products
| Purpose of processing | Personal data processed | Legal basis |
| Conclusion and performance of the sales agreement for Personalized Products | first and last name e-mail address telephone numberresidential address or business address (street, building number, apartment/unit number, city, postal code, country) delivery address (if different from the residential or business address) optionally – company name and tax identification number (VAT ID), if the Client is an Entrepreneur or an Entrepreneur with consumer rights | Article 6(1)(b) of the GDPR – processing is necessary for the conclusion and performance of a sales agreement concluded with the data subject, or for taking steps at the data subject’s request prior to entering into the Agreement. |
Providing the above personal data is voluntary; however, failure to provide such data will make it impossible to conclude and perform the sales agreement.
The Administrator shall process the indicated personal data for the duration of the sales agreement, and after its completion – until the expiry of claims arising from the sales agreement and for the period required by applicable law.
Newsletter and marketing communications
| Purpose of processing | Personal data processed | Legal basis |
| Provision of the Newsletter service and marketing communications | Data provided by the User when subscribing to the Newsletter, in particular the e-mail address | Article 6(1)(a) of the GDPR – the data subject’s consent to receive commercial information by electronic means.Article 6(1)(f) of the GDPR – the legitimate interest of the Administrator consisting in informing about news and offers of the Store, to the extent permitted by applicable law. |
Providing the above personal data is voluntary; however, failure to provide such data will make it impossible to receive the Newsletter and marketing communications.
The Administrator shall process the indicated personal data until the User withdraws their consent or submits an effective objection to the processing of personal data – whichever occurs first.
Newsletter
| Purpose of processing | Personal data processed | Legal basis |
| Provision of the Newsletter service | email address | Article 6(1)(a) of the GDPR (consent of the data subject to receive commercial information by electronic means) |
Providing the above personal data is voluntary; however, failure to provide such data will make it impossible to receive the Newsletter.
The Administrator will process the indicated personal data until the User withdraws their consent.
Processing of complaints
| Purpose of processing | Processed personal data | Legal basis |
| Processing complaints and exercising the related rights of the Client | first and last name email address other data provided by the Client in the complaint submission | Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interest of the Controller, consisting in conducting the complaint procedure and examining the submitted claims) |
Providing the above personal data is a condition for receiving a response to the complaint and for exercising the Client’s rights arising from legal provisions.
The Controller will process the specified personal data for the duration of the complaint procedure and, after its completion, until the claims related to the complaint become time-barred.
Handling inquiries submitted by Clients
| Purpose of processing | Processed personal data | Legal basis |
| Handling inquiries addressed to the Controller and corresponding with Clients | email address other personal data included in the message sent to the Controller | Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interest of the Controller, consisting in responding to received inquiries and corresponding with Clients) |
Providing the above personal data is voluntary; however, failure to provide them will make it impossible to respond to the submitted inquiry.
The Controller will process the specified personal data for the period necessary to respond and complete the correspondence, and thereafter – for the period required by applicable law or until any potential claims become time-barred.
Sharing Product Reviews
| Purpose of processing | Processed personal data | Legal basis |
| Publishing and sharing Product Reviews in the Store and in the Controller’s informational and promotional materials | first name or nickname provided by the Client optionally – other personal data voluntarily included in the content of the Review | Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interest of the Controller, consisting in presenting Product Reviews for informational and promotional purposes) |
Providing the above personal data is voluntary; however, failure to provide them will make it impossible to submit a Review.
The Controller will process the specified personal data until an effective objection to the processing is lodged or until the purpose of processing is achieved – whichever occurs first.
Compliance with tax and accounting obligations
| Purpose of processing | Processed personal data | Legal basis |
| Compliance with tax and accounting obligations, in particular issuing accounting documents and storing tax records | First and last name or company name Residential or registered address Amount of liability Tax Identification Number (TIN) | Art. 6(1)(c) GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in particular obligations arising from tax and accounting law) |
Providing the above personal data is voluntary; however, failure to provide them will prevent the Controller from fulfilling its tax and accounting obligations.
The Controller will process the specified personal data for the period required by law, in particular for 5 years from the end of the calendar year in which the tax payment deadline expired.
Establishing, pursuing, or defending claims
| Purpose of processing | Processed personal data | Legal basis |
| Establishing, pursuing, or defending claims that may arise in connection with the performance of Agreements concluded with the Controller | Personal data related to a specific claim, in particular identification data, contact details, and information concerning the performance of the Agreement | Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interest of the Controller, consisting in establishing, pursuing, or defending claims) |
Providing the above personal data is voluntary; however, failure to provide them may prevent the Controller from taking actions to establish, pursue, or defend claims.
The Controller will process the specified personal data until the expiration of the limitation periods for claims that may arise in connection with the performance of Agreements concluded with the Controller.
Analysis of Users’ activity in the Store (cookies and statistics)
| Purpose of processing | Processed personal data | Legal basis |
| Analysis of Users’ activity in the Store to ensure its proper functioning, improve service quality, and generate statistics | Date and time of visit Device IP address Type of device operating system Approximate location Type of web browser Time spent in the Store Viewed Products Visited subpages and other actions performed within the Store | Art. 6(1)(f) GDPR (the legitimate interest of the Controller, consisting in ensuring the security and proper functioning of the Store and conducting basic statistics)and – with regard to analytical and marketing cookies –Art. 6(1)(a) GDPR (User’s consent given via the cookies tool) |
Providing the above personal data is voluntary. Refusal to consent to the use of analytical or marketing cookies may limit the functionality of certain elements of the Store, but does not prevent the use of its basic functions.The Controller will process the specified personal data until consent is withdrawn or an effective objection to the processing is lodged – depending on the legal basis for processing.
| Purpose of processing | Processed personal data | Legal basis |
| Administration of the Store, ensuring its proper functioning and security, and detecting potential abuses | Device IP address Server date and time Information about the web browser Information about the operating system | Art. 6(1)(f) GDPR (processing is necessary for the purposes of the legitimate interest of the Controller, consisting in ensuring the proper and secure operation of the Store) |
The above personal data are automatically recorded in the server logs each time the Store is used. Administration of the Store would not be possible without using server logs and the automatic recording of this data.
Providing the specified personal data is voluntary; however, failure to provide them may prevent the proper functioning of the Store.
The Controller will process the specified personal data for the period necessary to achieve the purpose of processing, and thereafter until an effective objection is lodged or until the limitation periods for any potential claims expire.
Recipients of personal data
Recipients of personal data may include external entities cooperating with the Controller to the extent necessary for the proper functioning of the Store and the performance of Agreements, in particular:
- entities providing hosting services and IT infrastructure maintenance,
- logistics operators and courier companies delivering orders,
- providers of electronic payment systems,
- entities providing Newsletter services,
- providers of analytical and marketing tools used in the Store (including, among others, Google Analytics),
- entities providing accounting and bookkeeping services.
Personal data may also be disclosed to public or private entities if such an obligation arises from applicable law, a final court judgment, or a final administrative decision.
The Controller discloses personal data only to entities that ensure appropriate technical and organizational measures to protect personal data, in accordance with applicable law.
Transfer of personal data to third countries
Due to the Controller’s use of services provided by external entities, in particular Google LLC, personal data may be transferred to third countries, including, among others:
the United Kingdom, Canada, the United States of America, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia.
The basis for transferring personal data to third countries is as follows:**
a) for the United Kingdom, Canada, Israel, Japan, and South Korea – European Commission decisions confirming an adequate level of personal data protection;
b) for the United States of America – Commission Implementing Decision (EU) 2023/1795 of 10 July 2023, confirming an adequate level of personal data protection under the EU–US Data Privacy Framework;
c) for other third countries – standard contractual clauses ensuring an adequate level of personal data protection, in accordance with Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
The data subject has the right to obtain from the Controller a copy of the personal data transferred to a third country.
Rights of data subjects
In connection with the processing of personal data, you have the following rights:
the right of access to personal data, including the right to obtain information on whether data are being processed and to receive a copy of the data (the first copy is free of charge);
the right to rectification of personal data if they are inaccurate or incomplete;
the right to erasure of personal data (‘the right to be forgotten’) in cases provided for by the GDPR;
the right to restriction of processing of personal data;
the right to data portability if the processing is based on consent or an Agreement;
the right to withdraw consent at any time if processing is based on consent (without affecting the lawfulness of processing prior to consent withdrawal);
the right to object to the processing of personal data based on the legitimate interest of the Controller;
the right to lodge a complaint with the competent supervisory authority for personal data protection.
Google Analytics – Analytics and statistics
| Purpose of processing | Processed personal data | Legal basis |
| Analysis of website traffic, monitoring user activity on the Store’s website, creation of statistical data, and improvement of the functionality, usability, and quality of the Store, as well as optimization of marketing activities. | IP address (anonymized), information about the device and browser used, operating system, approximate location, pages visited, date and time of visit, source of traffic, and information regarding user behavior on the Store’s website. | Article 6(1)(a) of the GDPR (consent of the data subject expressed via cookie consent settings). |
Providing the above personal data is voluntary. The User may withdraw consent at any time by changing cookie settings. Withdrawal of consent does not affect the lawfulness of processing carried out prior to its withdrawal.
Personal data processed using Google Analytics shall be processed for the period specified in Google Analytics settings or until the User withdraws consent.