§1. Data Controller

The controller of Customers’ personal data is Anna Bera The Whole Elements, located in Lechów, 26-004 Bieliny, ul. Lechów 104D, NIP: 6572745804, REGON: 260776928
(hereinafter referred to as the “Controller” or “The Whole Elements”).
The Controller can be contacted via email at: anna@annabera.com.

§2. Scope and Purposes of Data Processing

The Controller processes Customers’ personal data for the following purposes and on the following legal bases:

Performance of a sales contract (including order processing, payments, shipping, and complaints) –
Legal basis: Article 6(1)(b) of the GDPR (does not require separate consent).
Compliance with legal obligations of the Controller (e.g. tax, accounting, or evidentiary obligations) –
Legal basis: Article 6(1)(c) of the GDPR.
Communication with the Customer (responding to inquiries, handling contact requests) –
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the Controller).
Marketing and commercial purposes (e.g. sending newsletters, informing about offers, promotions, events) –
Legal basis: Article 6(1)(a) of the GDPR (voluntary consent of the Customer).
Analytical, statistical, and website security purposes –
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the Controller).

§3. Data Recipients

The Controller shares personal data only with entities cooperating in the execution of orders, i.e.:

courier and postal companies,
payment operators (e.g. Stripe, PayPal),
IT, hosting, and website service providers,
accounting and legal service providers (if necessary).

In some cases, data may be transferred outside the European Economic Area (EEA) – for example, to payment operators or IT service providers (Stripe, Google).
Such transfers are carried out only on the basis of European Commission decisions or standard contractual clauses (Article 46 GDPR), ensuring an adequate level of data protection.

§4. Data Retention Period

Personal data will be processed:

for the period necessary to perform the sales contract and fulfill accounting obligations (at least 5 years from the end of the calendar year in which the purchase was made),
until consent is withdrawn – for data processed on the basis of consent,
until the limitation period for claims arising from the contract or civil law expires.

§5. Customer Rights

Each individual whose data is processed has the right to:

access their data and receive a copy of it,
rectify (correct) their data,
erase their data (“right to be forgotten”),
restrict processing,
transfer their data to another controller,
object to the processing of their data,
withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

Individuals also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if they believe their data is being processed in violation of the GDPR.

§6. Profiling

The Controller may use profiling of Customers’ personal data for marketing purposes (e.g. to tailor offers based on purchase history).
Profiling is carried out only with the Customer’s consent and does not produce legal effects or significantly affect the Customer’s rights or situation (Article 22(1)–(4) GDPR).
The Customer may object to profiling at any time by contacting the Controller via the contact form or email: anna@annabera.com.

§7. Cookies

The website www.annabera.com uses cookies and similar technologies for the following purposes:

ensuring the proper functioning of the website (necessary cookies – Article 6(1)(f) GDPR),
analytical, statistical, and marketing purposes – based on user consent (Article 6(1)(a) GDPR).

Cookies are small text files stored on the user’s device.
Users can change their cookie settings in their browser at any time.
Restricting the use of cookies may affect some website functionalities.

§8. Data Security

The Controller processes personal data in accordance with the principles of:

accountability,
adequacy,
integrity, and confidentiality.

Data is protected against unauthorized access and processed using appropriate technical and organizational measures compliant with the GDPR.

§9. Changes to the Privacy Policy

The Controller reserves the right to amend this Privacy Policy if required by applicable law or due to changes in the operation of the store.
All changes will be published on the website www.annabera.com in the “Privacy Policy” section.
Changes will not adversely affect Customers’ rights under the GDPR.

Last updated: November 2025

§1. Data Controller

§2. Scope and Purposes of Data Processing

The Controller processes Customers’ personal data for the following purposes and on the following legal bases:

Performance of a sales contract (including order processing, payments, shipping, and complaints) – Legal basis: Article 6(1)(b) of the GDPR (does not require separate consent).

Compliance with legal obligations of the Controller (e.g. tax, accounting, or evidentiary obligations) – Legal basis: Article 6(1)(c) of the GDPR.

Communication with the Customer (responding to inquiries, handling contact requests) – Legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the Controller).

Marketing and commercial purposes (e.g. sending newsletters, informing about offers, promotions, events) – Legal basis: Article 6(1)(a) of the GDPR (voluntary consent of the Customer).

Analytical, statistical, and website security purposes – Legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the Controller).

§3. Data Recipients

The Controller shares personal data only with entities cooperating in the execution of orders, i.e.:

courier and postal companies,

payment operators (e.g. Stripe, PayPal),

IT, hosting, and website service providers,

accounting and legal service providers (if necessary).

§4. Data Retention Period

Personal data will be processed:

for the period necessary to perform the sales contract and fulfill accounting obligations (at least 5 years from the end of the calendar year in which the purchase was made),

until consent is withdrawn – for data processed on the basis of consent,

until the limitation period for claims arising from the contract or civil law expires.

§5. Customer Rights

Each individual whose data is processed has the right to:

access their data and receive a copy of it,

rectify (correct) their data,

erase their data (“right to be forgotten”),

restrict processing,

transfer their data to another controller,

object to the processing of their data,

withdraw consent at any time (without affecting the lawfulness of processing before withdrawal).

Individuals also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) if they believe their data is being processed in violation of the GDPR.

§6. Profiling

§7. Cookies

The website www.annabera.com uses cookies and similar technologies for the following purposes:

ensuring the proper functioning of the website (necessary cookies – Article 6(1)(f) GDPR),

analytical, statistical, and marketing purposes – based on user consent (Article 6(1)(a) GDPR).

Cookies are small text files stored on the user’s device. Users can change their cookie settings in their browser at any time. Restricting the use of cookies may affect some website functionalities.

§8. Data Security

The Controller processes personal data in accordance with the principles of:

accountability,

adequacy,

integrity, and confidentiality.

Data is protected against unauthorized access and processed using appropriate technical and organizational measures compliant with the GDPR.

§9. Changes to the Privacy Policy

Last updated: November 2025

Performance of a sales contract (including order processing, payments, shipping, and complaints) –
Legal basis: Article 6(1)(b) of the GDPR (does not require separate consent).

Compliance with legal obligations of the Controller (e.g. tax, accounting, or evidentiary obligations) –
Legal basis: Article 6(1)(c) of the GDPR.

Communication with the Customer (responding to inquiries, handling contact requests) –
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the Controller).

Marketing and commercial purposes (e.g. sending newsletters, informing about offers, promotions, events) –
Legal basis: Article 6(1)(a) of the GDPR (voluntary consent of the Customer).

Analytical, statistical, and website security purposes –
Legal basis: Article 6(1)(f) of the GDPR (legitimate interest of the Controller).

Cookies are small text files stored on the user’s device.
Users can change their cookie settings in their browser at any time.
Restricting the use of cookies may affect some website functionalities.