Privacy policy

Privacy Policy

§1 Personal Data Administration
The administrator of personal data is:

  1. Paulina Krystowska conducting business under the name SOLMATE PAULINA KRYSTOWSKA, NIP: 7773237794, REGON: 302704090,

  2. Wiktoria Kaczmarek conducting business under the name SOLMATE Wiktoria Kaczmarek, NIP: 6070098243, REGON: 541498225,
    acting within a civil partnership under the name SOLMATE S.C. with its registered office in Czerwonak (ul. Źródlana 91, 62-004 Czerwonak) with identification numbers NIP: 7773446635 and REGON: 541682609.
    Contact with the person supervising the processing of personal data within the organization is possible electronically at the email address: paulina.solmate@gmail.com, by mail sent to the Administrator’s address, or by phone at +48 666600999.
    This Policy contains the principles regarding the processing of personal data by the Administrator on the Website, including the basis, purposes, scope of personal data processing, and the rights of data subjects.
    Personal data is processed by the Administrator in accordance with applicable law, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR). Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679.
    User rights are not absolute and do not apply to all data processing activities.

§2 Definitions

  • Administrator – as defined in §1 above.

  • Personal data – information about an identified or identifiable natural person, identifiable directly or indirectly by one or more specific factors defining physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, online identifier, and information collected via cookies and similar technologies.

  • Policy – this Privacy Policy.

  • Cookies Policy – document specifying the rules for the use of cookies on the Website, available at: https://solmatebeachwear.com/?preview_privacy_banner=1.

  • Profiling – automated processing of personal data involving analysis and prediction of user behavior.

  • GDPR – Regulation (EU) 2016/679 as defined above.

  • Website – the website operated by the Administrator at solmatebeachwear.com.

  • User – any natural person visiting the Website or using one or more services or functionalities described in the Policy.

§3 Security

  1. The Administrator has implemented appropriate technical and organizational measures to ensure the security of personal data processing and is responsible for ensuring that the collected data is:

  • processed lawfully;

  • collected for specified, legitimate purposes and not further processed incompatibly with these purposes;

  • accurate and adequate in relation to the purposes for which they are processed;

  • stored in a form enabling identification of data subjects only as long as necessary to achieve the processing purpose;

  • processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, by means of appropriate technical or organizational measures.

§4 Purposes and legal bases for data processing
Based on Article 6(1)(a) GDPR (consent), personal data may be processed for purposes including:

  • Marketing of products and services of the Administrator and partners.

  • Retargeting and behavioral advertising, including displaying personalized ads based on user activity history on the Website and other internet services. Data for these purposes is collected only upon User consent given via cookie banner and may be collected through cookies or similar technologies according to the Cookies Policy.

  • Sending newsletters.

  • Moderation of content on the Website.

  • Saving data in cookies according to the Cookies Policy.

  • Publication of product or service reviews.

  • Participation in webinars or online training.

  • Contact via remote communication tools, including phone, email, or applications.

  • Participation in contests and loyalty programs.

  • Invitations to surveys and market research.

  • User account management on the Website.

  • Content personalization on the Website.

Based on Article 6(1)(b) GDPR (performance of contract), personal data may be processed for purposes including:

  • Execution of a sales contract or service agreement, or actions at the data subject’s request before concluding the contract, including warranty rights, complaints, or withdrawal from distance contracts.

  • Management of user accounts.

Based on Article 6(1)(c) GDPR (legal obligation), personal data may be processed for purposes including:

  • Issuance and storage of invoices, accounting documents, or fulfilling other tax/accounting obligations.

  • Cooperation with law enforcement and public authorities.

  • Creation of registers and other documentation mandated by GDPR or other laws.

Based on Article 6(1)(f) GDPR (legitimate interest), personal data may be processed for purposes including:

  • Proper execution of the contract and related claims (e.g., warranty). Providing data is voluntary but necessary.

  • Ensuring security and proper functioning of the Website.

  • Conducting statistics and traffic analysis.

  • Direct marketing.

  • Establishing claims against or by the Administrator.

  • Contacting Users.

  • Operating the Website solmatebeachwear.com.

  • Storing necessary data in cookies according to the Cookies Policy.

  • Managing accounts and interactions on Instagram, Facebook, YouTube, TikTok, LinkedIn, Pinterest.
    Data may be disclosed to recipients such as courier companies, postal operators, law firms, accounting firms, IT service providers.
    Data may also be processed for other purposes if the Administrator has a legal basis, especially under Article 6 GDPR, provided the purpose does not violate User rights and freedoms. The User will be informed about new processing purposes before processing begins.

§5 Profiling
The Administrator applies profiling for marketing purposes by analyzing User activity on the Website via cookies and similar technologies.
Profiling may include:

  • Personalization of ads based on browsing history.

  • Analysis of User interaction with Website content.

  • Adjusting displayed ads on external platforms (e.g., Google Ads, Facebook).
    Profiling is conducted solely on the basis of User consent.
    Users may withdraw consent at any time via settings or by contacting the Administrator at paulina.solmate@gmail.com.

§6 Data retention period
The duration of data processing depends on the type of service and processing purpose. Generally, data is processed during service provision, until consent withdrawal, or objection to processing when based on the Administrator’s legitimate interest.
Processing periods may be extended if necessary to establish or defend claims, and then only as required by law. After this, data is irreversibly deleted or anonymized.
Specific retention periods:

  • Contract-related data – retained for the duration of the contract plus limitation period (3 or 6 years).

  • Accounting and tax data – retained per tax law requirements (currently 5 years).

  • Marketing data (newsletters, behavioral ads) – retained until consent withdrawal.

  • User inquiries – retained for up to 12 months after correspondence ends.

§7 User rights
Users have the following rights concerning their personal data:

  • Access to data.

  • Rectification of data at any time.

  • Deletion of data at any time.

  • Receiving a copy of their data.

  • Restriction of data processing.

  • Objection to data processing.

  • Data portability.

  • Withdrawal of consent (does not affect lawful processing before withdrawal).

  • Objection to processing based on the Administrator’s legitimate interest, including marketing.

  • Filing a complaint with a supervisory authority.
    To exercise these rights, Users may contact the Administrator at paulina.solmate@gmail.com or by mail. The Administrator will respond within 30 days.
    In some cases, the Administrator may refuse requests if legal obligations require continued processing.

§8 Data recipients
For proper Website operation, the Administrator may share User data with external entities, including hosting providers, couriers, payment operators, postal operators, accounting firms, mailing system providers, cloud service providers, CRM and ERP systems.
The Administrator reserves the right to disclose data if required by law, including to administrative or law enforcement authorities.

§9 Personal data security
The Administrator continuously analyzes risks to ensure secure data processing. Access is limited to authorized persons only as needed for their duties.
The Administrator ensures all data operations are logged and performed by authorized entities only.
Cooperating entities must guarantee adequate security measures when processing data on behalf of the Administrator.
Technical safeguards include encryption (SSL/TLS), system access restrictions, and procedures preventing unauthorized data access.

§10 Policy changes
This Policy is regularly reviewed and updated.
The current version is effective as of 2025-06-18.