Login

Cart

Your cart is empty

Privacy Policy of the Bombshe.com online store

§ 1. General information

  1. This Privacy Policy (hereinafter referred to as the "Policy") describes the principles of personal data processing in the online store www.bombshe.com (hereinafter referred to as the "Store"). The Policy is for informational purposes only – it is not a contract or regulations – and fulfills the Administrator's information obligations towards data subjects.
  2. Capitalized terms (e.g. Customer , Account , Administrator ) have the meaning given to them in the Store Regulations, unless expressly stated otherwise.
  3. In the event of any discrepancies between this Policy and the consents you have granted , the voluntary consents and mandatory provisions of law shall prevail.
  4. By using the Store, you accept the terms and conditions described in the Policy. In matters not covered by this Policy, the provisions of the GDPR, the Personal Data Protection Act, the Act on the Provision of Electronic Services, and the Telecommunications Law apply.

§ 2. Personal data administrator

  1. The Controller of personal data is Katarzyna Heider-Pryjma , conducting business activity under the name Katarzyna Heider-Pryjma , ul. Jana Skrzetuskiego 22, 54-515 Wrocław, NIP: 8971715993, REGON: 362898176, e-mail: office@bombshe.com (hereinafter referred to as the "Controller").
  2. For any matters related to data protection, you can contact us at: office@bombshe.com or by post to our registered office address.
  3. The Administrator has not appointed a Data Protection Officer – please direct all correspondence regarding GDPR matters to the above contact details.

§ 3. Legal bases and principles of processing

  1. We process personal data in accordance with the GDPR (Regulation 2016/679), in particular on the basis of: Article 6 paragraph 1 letter b of the GDPR – when processing is necessary for the conclusion and performance of a contract (e.g. order fulfilment, Account management); Article 6 paragraph 1 letter c of the GDPR – when we are subject to a legal obligation (e.g. accounting, taxes, complaint handling); Article 6 paragraph 1 letter a of the GDPR – when you have given your consent (e.g. newsletter, e-mail/SMS marketing, publication of opinions if consent is required); Article 6 paragraph 1 letter f of the GDPR – legitimate interests of the Controller (e.g. pursuing claims, statistics and analytics, website security, preventing abuse, personalising content within the Store).
  2. We process data in accordance with the GDPR principles of: lawfulness, fairness and transparency; minimization; purpose limitation; accuracy; storage limitation; integrity and confidentiality; and accountability.

§ 4. Method of obtaining data

  1. We collect data directly from you when: you place an order in the Store; you create or edit an Account ; you subscribe to a newsletter or SMS communication; you fill out a contact form or write us an e-mail; you add a review of a product; you participate in a loyalty program or a promotional campaign/competition.
  2. We also collect data automatically using cookies, pixels and similar technologies (details in the Cookie Policy) – including device identifiers, IP address, session data and website activity.

§ 5. Processing purposes – description without table

  1. Order fulfillment and sales processing – order acceptance and payment, completion, shipping, after-sales service; basis: Article 6(1)(b) of the GDPR.
  2. Account management – ​​enabling logging in, reviewing order history, and redeeming points; basis: Article 6(1)(b) of the GDPR.
  3. Contact handling – responses to messages, notifications, inquiries; basis: Article 6(1)(b) and (f) of the GDPR (legitimate interest: communication with the user).
  4. Complaints, returns, warranty – fulfillment of statutory obligations; basis: Article 6(1)(c) of the GDPR.
  5. Accounting and taxes – issuing and storing accounting documents; basis: Article 6(1)(c) of the GDPR.
  6. Newsletter and marketing communications (e-mail/SMS/push) – sending information about collections, promotions, educational content; basis: Article 6, paragraph 1, letter a of the GDPR and specific provisions (Telecommunications Law, UŚUDE). You can withdraw your consent at any time.
  7. Loyalty and referral program – accruing/collecting points, handling discounts and settlements; basis: Article 6(1)(b) of the GDPR and Article 6(1)(f) of the GDPR (prevention of abuse).
  8. Product reviews – invitations after purchase, publication of reviews, verification of authenticity; basis: Article 6(1)(f) GDPR (legitimate interest: reliable information about the offer) or Article 6(1)(a) GDPR, if we require consent.
  9. Statistics, analytics and security – traffic measurement, error detection, fraud prevention; basis: Article 6(1)(f) GDPR.
  10. Inquiry and defense of claims – establishing, pursuing or defending claims; basis: Article 6(1)(f) of the GDPR.

§ 6. Scope of data processing

Depending on the function used, we process, among others: name and surname; e-mail address; telephone number; delivery and/or residential address; invoicing details (company name, Tax Identification Number); bank account number (in the case of returns); order history and activity in the loyalty program; online identifiers (IP address, cookie/pixel identifiers), device and browser data, server logs.

§ 7. Data recipients

  1. We share data only when necessary and in accordance with the law. Recipients may include: courier companies and logistics operators (e.g., InPost , Poczta Polska , other carriers), payment operators (e.g., Przelewy24 / PayPro SA ), IT service providers, hosting and Store maintenance providers, analytical and marketing tool providers (in accordance with the Cookie Policy), newsletter and SMS system providers (e.g., mailing tool), opinion system operator ( TrustMate SA ), accounting offices, legal advisors, and public authorities authorized by law.
  2. All providers operate under data processing agreements (Article 28 GDPR) and process data in accordance with our instructions.

§ 8. Transfer of data outside the EEA

As a rule, we store and process data in the European Economic Area (EEA) . If, in exceptional cases, data is transferred outside the EEA (e.g., to a SaaS provider), we will ensure an adequate level of protection, in particular through the use of EU standard contractual clauses and additional security measures.

§ 9. Data storage periods

  1. Data related to the sales contract and complaints – for the duration of the contract, and then until the expiry of the limitation periods for claims and for the period required by tax and accounting regulations ( usually up to 8 years from the end of the financial year).
  2. Customer account data – until the Account is deleted or an objection is raised, and then for the period necessary for accountability (usually up to 3 years).
  3. Newsletter/SMS – until consent is withdrawn or the service is terminated.
  4. Data from contact forms and correspondence – up to 3 years to ensure accountability.
  5. Data related to claims – up to 6 years or until the final conclusion of the proceedings.
  6. Cookies/online identifiers – until deleted by the user or the file expires; you can object at any time.

§ 10. Your rights

  1. You have the rights under the GDPR: access to data; rectification; erasure; restriction of processing; data portability; objection to processing based on Article 6(1)(f) of the GDPR; withdrawal of consent at any time (without affecting the lawfulness of prior processing).
  2. To exercise your rights, please contact us at office@bombshe.com . We will respond promptly, no later than within 30 days .
  3. You have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw).

§ 11. Automated decision-making and profiling

  1. We do not make decisions with legal effects in relation to you solely in an automated manner .
  2. We may conduct marketing profiling (e.g., newsletter segmentation, content customization) based on your activity in the Store or your purchase history to tailor our communications. This is based on our legitimate interest (Article 6, paragraph 1, letter f, GDPR) or consent, if required by specific provisions. You may object to such processing or withdraw your consent at any time.

§ 12. Cookie Policy and Similar Technologies

  1. The store uses cookies and similar technologies (e.g. Meta Pixel , Google Analytics/Ads ) to provide functionality, measurement and marketing.
  2. Upon your first visit, we display a consent banner that allows you to decide which cookie categories you accept. You can change your consent at any time from the footer ("Cookie Settings").
  3. Detailed information about the types of cookies, purposes, storage time and suppliers is included in a separate Cookies Policy available in the Store.

§ 13. Additional information

  1. Voluntary provision of data: providing data is voluntary, but necessary to conclude a contract, manage an Account or send a newsletter; failure to provide data may prevent you from using a given function.
  2. Children : The Store is intended for adults; we do not knowingly process the data of children under 16 years of age without the consent of their legal representative.
  3. External links : The Store may contain links to other websites; we are not responsible for their privacy policies – please review the relevant policies of these websites.

§ 14. Changes to the Policy

  1. We may update this Policy due to changes in regulations, technology, or processes. The new version will be published on the Store with an updated date.
  2. In the event of significant changes, we will inform you about them in a visible place in the Store and – if you have an Account or subscribe to the newsletter – by e-mail.

§ 15. Contact

For matters relating to personal data protection, please contact us:
Bombshe / Katarzyna Heider‑Pryjma
Jana Skrzetuskiego 22, 54‑515 Wroclaw
e-mail: office@bombshe.com
phone: +48 883 188 089

With the same care we take when making our clothes, we ensure the security of your data – transparently and in accordance with the law.