Privacy and cookies policy

Last update: 26.02.2026

 
1. data controller

The administrator of your personal data is:
Sun and Shadow 

Golkowice 12

46-220 Byczyna

NIP: 9291566483
Email: [email protected]

For all privacy issues, you can contact us at: [email protected]

 
2 What data do we process and for what purpose?
A) Shop orders (WooCommerce)

Data scope: name, delivery address, e-mail address, telephone number (if required by the carrier or the chosen delivery method), invoice details (if provided), order details.
Objective: order processing, delivery, order contact, payment processing, billing.
Legal basis: Article 6(1)(b) RODO (performance of a contract) and Article 6(1)(c) RODO (legal obligations - accounting/taxation).

 
B) Customer account

Data scope: contact and account-related data, order history.
Objective: account handling, facilitating subsequent purchases.
Legal basis: Article 6(1)(b) RODO (performance of a contract).

 
C) Contact (form / e-mail)

Data scope: name, e-mail, content of the message, possibly a telephone number (if you provide one).
Objective: response to enquiries and handling of correspondence.
Legal basis: Article 6(1)(f) RODO (legitimate interest - communication) or Article 6(1)(b) RODO if the matter concerns a procurement.

 
D) Analytics and marketing (cookies)

We use analytical and marketing tools that work with cookies/online identifiers:

  • Google Analytics 4 (GA4) - statistics and analysis of website behaviour,

  • Meta Pixel (Facebook/Instagram) - measurement and optimisation of advertising campaigns,

  • Google Ads tag (conversions / remarketing) - measuring the effectiveness of advertising.

Data scope: cookie identifiers, approximate location, device and browser information, website events (e.g. viewing a product, adding to basket, purchase), IP address (often in abbreviated form or processed according to provider settings).
Objective: statistics, UX improvement, ad measurement and optimisation.
Legal basis: Article 6(1)(a) RODO (consent) - for analytical and marketing cookies.

We collect and manage cookie consents by means of Complianz.

 
3 To whom can we pass your data?

We only pass on data to entities necessary for the operation of the shop:

 
A) Payments

Depending on the payment method selected, your data may be transferred to payment operators:

  • PayPal

  • Stripe / WooPayments

  • Przelewy24

  • Revolut Pay

The extent of the data depends on the payment method (e.g. transaction ID, contact details and amount). Payment operators are independent data controllers for the processing of transactions or processors - according to their terms and conditions.

 
B) Delivery

We pass on the data necessary for delivery to carriers and logistics operators (e.g. name, address, telephone/e-mail if required).

 
C) IT services

Data may be entrusted to providers of hosting, email and IT services (shop maintenance and security).

 
D) Analytics and advertising (after consent)

After consenting to analytical/marketing cookies, data may be sent to tool providers:

  • Google (GA4, Google Ads),

  • Meta (Meta Pixel).

 
4 Transfers of data outside the EEA (EU/EEA)

Some tools (e.g. Google Analytics 4, Google Ads, Meta Pixel, PayPal) may involve the transfer of data outside the European Economic Area (e.g. to the USA). In such cases, the safeguards required by law (e.g. standard contractual clauses - SCC) and the compliance mechanisms offered by the providers are applied.

5. how long do we keep the data?

  • Procurement and accounting documents: for the period required by law (tax and accounting).

  • Customer account: until your account is deleted or for the period necessary for the handling of claims.

  • Correspondence: for the time needed to handle the case and thereafter for the period of limitation of claims.

  • Cookie/analytical/marketing data: in accordance with the tool settings and consent configuration at Complianz.

 
6. Your rights

You have the right to: access, rectification, erasure, restriction of processing, data portability, objection (where we process on the basis of legitimate interest), withdrawal of consent (for cookies/marketing) and to lodge a complaint with the President of the DPA.

 
7 Data security

We use organisational and technical measures to protect your data, including connection encryption (SSL) and security measures for access to the shop's administration panel.

 

 
Cookie policy

 

8 What are cookies?

Cookies are small text files stored on your device. They help with the operation of the shop, remembering your settings and with analysis and marketing (if you have given your consent).

 
9 What cookies do we use?
 
A) Essential (technical)

They enable the shop to function properly (e.g. shopping cart, login, security). These cookies do not require your consent.

 
B) Analytical

Allow us to analyse traffic and site performance (GA4). Require consent.

 
C) Marketing

They are used to measure and optimise advertising and remarketing (Meta Pixel, Google Ads). They require consent.

 
10. cookie management (Complianz)

During your first visit, you can accept the selected categories of cookies or refuse them. You can change your consent at any time via the cookie banner settings (Complianz) or your browser settings.

 
11. server logs

The use of the website involves sending requests to the server, which may be recorded in logs (e.g. IP address, date and time, browser information). This data is used for security and administration of the website.

 
12 Contact

For privacy issues, please contact us: [email protected].