Privacy policy

Privacy Policy – Konzept Zeit

Last Updated: April 8, 2026

§1 General Provisions

This Privacy Policy explains how we collect, process, and protect your personal data when you visit our website (konzept-zeit.com) and purchase products from us. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Polish data protection laws.

Data Controller:

  • Name: Radosław Michalski
  • Business Form: Sole Proprietorship ("Indywidualna działalność gospodarcza" under Polish law)
  • Address: ul. Synów Pułku 34, 09-410 Płock, Poland
  • Tax ID (NIP): 7741426977
  • Registration Number (REGON): 611366811
  • Email: zeit@werkkonzept.com
  • Website: konzept-zeit.com

If you have questions about this Privacy Policy or how we handle your data, please contact us at the above email address.

§2 Legal Bases for Data Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

  1. Performance of a Contract (Article 6(1)(b)): Processing necessary to fulfill your orders, deliver products, and manage your account.

  2. Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable laws, including tax, accounting, and consumer protection regulations.

  3. Legitimate Interests (Article 6(1)(f)): Processing for fraud prevention, security, analytics, and improving our services.

  4. Consent (Article 6(1)(a)): Processing for marketing communications (newsletter/waitlist) is based on your explicit consent, which you may withdraw at any time.

§3 Purpose, Scope, and Duration of Data Processing

3.1 Data Processing Purposes

We collect and process personal data for the following purposes:

A. Order Fulfillment and Delivery

  • Data collected: Name, email address, postal address, phone number, payment information, order history
  • Purpose: Processing your order, confirming receipt, delivering your purchase, and providing customer support
  • Legal basis: Performance of contract (Article 6(1)(b))
  • Duration: We retain order and delivery data for the period required by Polish tax law (minimum 5 years for accounting and tax purposes)

B. Payment Processing

  • Data collected: Payment card details (processed by Shopify Payments), billing address, transaction history
  • Purpose: Processing payment through Shopify Payments, fraud prevention, and financial record-keeping
  • Legal basis: Performance of contract (Article 6(1)(b)) and legal obligation (Article 6(1)(c))
  • Duration: As required by tax and accounting regulations (minimum 5 years); payment card data is managed by Shopify and subject to PCI-DSS standards

C. Newsletter and Waitlist Communications

  • Data collected: Email address, name, subscription preferences
  • Purpose: Sending newsletters, product updates, promotional content, and waitlist notifications (only with your consent)
  • Legal basis: Consent (Article 6(1)(a))
  • Duration: Until you unsubscribe or withdraw consent. You may unsubscribe from our mailing list at any time by clicking the unsubscribe link in any email or contacting us directly.

D. Customer Inquiries and Support

  • Data collected: Name, email address, phone number, message content
  • Purpose: Responding to your inquiries, providing customer support, and managing complaints
  • Legal basis: Performance of contract (Article 6(1)(b)) and legitimate interests (Article 6(1)(f))
  • Duration: We retain correspondence for 3 years after the last communication or until the matter is resolved

E. Analytics and Website Optimization

  • Data collected: IP address, browser type, pages visited, time on site, referring domain, Google Analytics tracking identifiers
  • Purpose: Understanding user behavior, improving our website, optimizing user experience, and measuring marketing effectiveness
  • Legal basis: Legitimate interests (Article 6(1)(f)) and consent for analytics cookies
  • Duration: Analytics data is typically retained for 26 months by Google Analytics and 13 months by default in our systems

F. Fraud Prevention and Security

  • Data collected: IP address, transaction patterns, device information, payment information
  • Purpose: Detecting and preventing fraudulent transactions, protecting our platform, and ensuring security
  • Legal basis: Legitimate interests (Article 6(1)(f)) and legal obligation (Article 6(1)(c))
  • Duration: As long as necessary for security and fraud prevention purposes

§4 Data Recipients

Your personal data may be shared with the following third parties to fulfill the purposes described above:

4.1 Shipping and Logistics Partners

  • Purpose: Delivery of your orders
  • Data transferred: Name, address, phone number, order details
  • Recipients: Shipping carriers and logistics providers operating within the EU
  • Basis for transfer: Necessary for contract performance and legitimate business interests
  • Data Protection: Shipping carriers are contractually obligated to process data only for delivery purposes

4.2 Shopify Payments

  • Purpose: Processing your payments
  • Data transferred: Payment information, billing address, transaction details
  • Recipient: Shopify Inc. (USA-based payment processor)
  • Basis for transfer: Necessary for contract performance
  • Data Protection: Shopify complies with PCI-DSS standards and has adopted appropriate safeguards for international data transfers
  • Further information: See Shopify's Privacy Policy at https://www.shopify.com/legal/privacy

4.3 Hosting and IT Service Providers

  • Purpose: Website hosting, security, and technical maintenance
  • Data transferred: Website usage data, server logs, technical information
  • Recipient: Shopify (USA-based hosting provider)
  • Basis for transfer: Necessary for legitimate business interests and contract performance
  • Data Protection: Shopify has implemented appropriate safeguards for data protection
  • Further information: See Shopify's Privacy Policy at https://www.shopify.com/legal/privacy

4.4 Accounting and Tax Advisors

  • Purpose: Tax compliance, accounting, and financial record-keeping
  • Data transferred: Transaction data, billing information, seller information
  • Recipient: Polish accounting and tax professionals retained by our business
  • Basis for transfer: Legal obligation to maintain tax records
  • Data Protection: Bound by professional confidentiality and data protection obligations

4.5 Google Analytics

  • Purpose: Website analytics and user behavior tracking
  • Data transferred: IP address, cookie identifiers, page views, user interactions
  • Recipient: Google LLC (USA-based analytics provider)
  • Basis for transfer: Legitimate interests in understanding website performance
  • Data Protection: Google Analytics is configured with IP anonymization enabled
  • Further information: See Google's Privacy Policy at https://policies.google.com/privacy

4.6 Legal and Law Enforcement

  • Purpose: Compliance with legal obligations, court orders, or law enforcement requests
  • Data transferred: As required by law
  • Recipient: Government authorities, law enforcement, or courts
  • Basis for transfer: Legal obligation (Article 6(1)(c))

Important Note: We do not sell, rent, or lease your personal data to third parties for marketing purposes. All data sharing is limited to the purposes described above and is contractually protected.

§5 Data Subject Rights Under GDPR

You have the following rights regarding your personal data. To exercise any of these rights, please contact us at zeit@werkkonzept.com:

5.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether we process your data and to receive a copy of the personal data we hold about you, along with additional information about the processing.

5.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data. You can often update your information directly through your account dashboard on our website.

5.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the original purpose). However, we may retain data as required by law (tax and accounting requirements).

5.4 Right to Restrict Processing (Article 18)

You have the right to request that we limit how we use your personal data while we verify or address your concerns.

5.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider.

5.6 Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or direct marketing. You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

5.7 Right to Not Be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions made solely by automated means (such as profiling) that produce legal or similarly significant effects. We do not engage in such automated decision-making.

5.8 How to Exercise Your Rights

To exercise any of these rights, please send a written request to zeit@werkkonzept.com. We will respond to your request within 30 days (or up to 90 days for complex requests as permitted by GDPR). We may request identification information to verify your identity before processing your request.

§6 Cookies and Analytics

6.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you and remember your preferences when you visit our website.

6.2 Types of Cookies We Use

Essential Cookies

These cookies are necessary for the website to function properly. They include:

  • Session cookies (for login and cart functionality)
  • Security cookies (for fraud prevention)
  • Preference cookies (for language and currency settings)

Essential cookies do not require consent and are automatically placed when you visit our site.

Analytics Cookies

We use Google Analytics to understand how visitors use our website. These cookies collect:

  • Pages visited
  • Time spent on site
  • Links clicked
  • Referral source
  • Geographic location and device information

Cookie Details:

  • Provider: Google LLC
  • Duration: Up to 2 years
  • Purpose: Analyzing website traffic and user behavior to improve our site
  • Opt-out: You can opt out of Google Analytics tracking by installing the Google Analytics opt-out browser extension at https://tools.google.com/dlpage/gaoptout

Functional Cookies

These cookies enhance your browsing experience by remembering your choices:

  • Currency preference
  • Language preference
  • Browsing history on our site

Marketing Cookies

We may use cookies to track the effectiveness of our advertising campaigns and to display targeted content.

6.3 Shopify Cookies

As a Shopify-based store, our website uses Shopify's own cookies for:

  • Maintaining your shopping cart
  • Processing transactions
  • Preventing fraud
  • Analyzing website performance

For detailed information about Shopify's cookie usage, see https://www.shopify.com/legal/privacy

6.4 Cookie Management

Most browsers allow you to:

  • View what cookies are stored
  • Delete individual cookies
  • Block cookies from specific websites
  • Block all cookies or third-party cookies

Note that disabling cookies may affect your ability to use certain features of our website, such as the shopping cart or account login.

6.5 Consent to Analytics Cookies

When you first visit our website, we ask for your consent to place non-essential cookies, including analytics cookies. You may withdraw this consent at any time by adjusting your cookie settings or contacting us directly.

§7 Data Transfers Outside the EU/EEA

Some of the data recipients mentioned above (Shopify, Google Analytics) are based in the United States and process data outside the EU/EEA. These transfers are made under appropriate safeguards:

  • Standard Contractual Clauses: We use contractual mechanisms (Standard Contractual Clauses as approved by the European Commission) to ensure data protection during transfers
  • Data Processing Agreements: Our contracts with all data processors include GDPR-required provisions
  • Adequacy: We rely on the data processors' own compliance frameworks and certifications (e.g., Shopify's international data transfer mechanisms)

For more information about data transfers, please contact us.

§8 Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data in transit (HTTPS/SSL)
  • Secure payment processing through Shopify Payments (PCI-DSS compliant)
  • Regular security assessments
  • Restricted access to personal data by employees and service providers
  • Contractual obligations binding all third parties to confidentiality and data protection

However, please be aware that no method of data transmission over the internet is entirely secure. While we use industry-standard security measures, we cannot guarantee absolute security.

§9 Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by applicable law:

Data Type Retention Period Reason
Order and delivery data Minimum 5 years Tax and accounting requirements
Payment information As per payment processor policy PCI-DSS compliance; typically 5+ years for tax purposes
Customer communications 3 years after final contact Customer service and dispute resolution
Newsletter subscribers Until unsubscription Consent-based processing
Analytics data 26 months (Google Analytics default) Website improvement and performance analysis
Website logs 3 months Security and fraud prevention

After the retention period ends, data is securely deleted or anonymized, except where longer retention is required by law.

§10 Children's Data

Our website and products are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it immediately. If you believe we have collected data from a child, please contact us at zeit@werkkonzept.com.

§11 Data Protection Authority

You have the right to lodge a complaint with the Polish Data Protection Authority if you believe we have violated your rights:

Urząd Ochrony Danych Osobowych (UODO)

  • Address: ul. Stawki 2, 00-193 Warsaw, Poland
  • Email: uodo@uodo.gov.pl
  • Website: https://www.uodo.gov.pl
  • Telephone: +48 22 5310100

§12 Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of our website following publication of changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed about how we protect your data.

§13 Contact Us

If you have questions about this Privacy Policy or our data protection practices, please contact us:

  • Email: zeit@werkkonzept.com
  • Mailing Address: ul. Synów Pułku 34, 09-410 Płock, Poland
  • Website: konzept-zeit.com

We will respond to your inquiry within 30 days of receipt.

This Privacy Policy is effective as of April 8, 2026, and applies to all personal data collected through konzept-zeit.com.