Privacy policy

MiataFamily.com Privacy Policy
Effective as of: 1 November 2025
Version: 1.0

1) Data Controller

The controller of your personal data is:
Dorota Malinowska, operating the online store MiataFamily.com
ul. Dziewanny 6/1, 20-538 Lublin, Poland
Tax ID (VAT): PL7123238205
Privacy contact email:

2) Scope, purposes and legal bases of processing (Art. 6 GDPR)

We process data only to the extent necessary:

Purchase in the store / performance of a contract
- Data: first and last name, delivery address, billing address, email, phone number, order and payment details.
- Purpose: order intake and handling, payment, delivery, handling of complaints/returns.
- Legal basis: Art. 6(1)(b) GDPR (contract), Art. 6(1)(c) GDPR (legal obligations – accounting, taxes).
Registration and maintenance of a user account
- Data: email, password (encrypted), profile data, order history.
- Purpose: creation and servicing of the account, shopping convenience.
- Legal basis: Art. 6(1)(b) GDPR.
Handling enquiries (form, email, chat)
- Data: identification and contact details, content of the enquiry.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest – providing a response).
Newsletter / electronic marketing communications
- Data: email, optionally first name.
- Legal basis: Art. 6(1)(a) GDPR (consent) and national regulations on electronic communications. You can withdraw consent at any time.
On-site marketing (e.g., content personalisation, discount codes), statistics and analytics
- Data: online identifiers (cookies/SDK), IP address, device/browser data, on-site events.
- Legal basis: Art. 6(1)(a) GDPR (consent for cookies/analytics/marketing) or, with respect to “necessary” cookies – Art. 6(1)(f) GDPR (legitimate interest) together with the ePrivacy exemption.
Security and fraud prevention (e.g., anti-fraud, server logs)
- Data: technical logs, IP address, timestamps, error information.
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

We do not use automated decision-making producing legal effects (Art. 22 GDPR). If we start using such risk assessment (e.g., anti-fraud with order refusal), we will describe the rules and significance in an update to this policy.

3) Sources of data

We obtain data:
• directly from you (registration, order, contact),
• automatically via cookies and similar technologies (details in the “Cookies” section),
• from payment partners and carriers – to the extent necessary for settlement and delivery (payment status, tracking/shipment number).

4) Data recipients (categories)

We disclose data only to entities that help us achieve the purposes set out in section 2, including:
• Hosting and IT providers (store maintenance, email, backup),
• Payment operators: Tpay, PayPal, Visa, MasterCard,
• Courier/postal services: InPost, Poczta Polska,
• Accounting office,
• Newsletter/analytics/marketing tools: Google Analytics, Mailchimp.

We conclude data processing agreements with all processors (Art. 28 GDPR).

5) Data transfers outside the EEA

If any provider is located outside the EEA (e.g., in the USA), transfers are carried out on the basis of an adequacy decision or the European Commission’s Standard Contractual Clauses (SCC), together with additional safeguards where necessary.

6) Retention periods

• Order data and accounting records: 5 years counted from the end of the calendar year in which the tax payment deadline expired (legal obligation).
• Account data: until the account is deleted or inactivity for 24 months.
• Correspondence: up to 12 months from the conclusion of the matter.
• Newsletter/marketing: until consent is withdrawn or a valid objection is lodged.
• Cookies: according to the lifespan of a given file (see “Cookies”).

7) Your rights (Arts. 15–21 GDPR)

You have the right to:
• access your data (a copy of the data),
• rectify (correct) the data,
• erase the data (“right to be forgotten”),
• restrict processing,
• data portability (within Art. 20 GDPR),
• object to processing based on legitimate interest,
• withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal).
To exercise your rights, contact: .
You also have the right to lodge a complaint with the supervisory authority:
President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland, uodo.gov.pl.

8) Cookies and similar technologies

What are cookies? Small files saved on your device by your browser.
Types we use:
• Necessary – required for the store to function (basket, login, preferences). They operate without consent, but you can always block them in your browser (this may limit functionality).
• Functional – conveniences, interface personalisation (consent required).
• Analytical/statistical – understanding how you use the store (consent).
• Marketing/advertising – measuring campaign effectiveness, remarketing (consent).
Managing consents:
• Upon entry we display a consent banner with “Accept all”, “Reject all” (except necessary) and “Customise”.
• You can change your consents at any time in [link/button “Cookie settings” in the footer].
• Consent is voluntary. Lack of consent disables the relevant cookies other than necessary.
Example cookie lifespans:
• session (until the browser is closed),
• interface preferences: up to 12 months,
• “Remember me” login: up to 2 weeks,
• analytical/marketing: typically 1–24 months.
Temporary login and screen cookies – used as described above; they do not contain sensitive data.

9) Embedded content and media

• Embedded content (e.g., videos, social posts) may collect data in accordance with the provider’s privacy policy (it behaves like a direct visit to that site). Those providers may use their own cookies/SDKs.
• Uploading images: avoid uploading photos containing location metadata (EXIF). Visitors can read location data from images published on the site.

10) Comments, reviews and user-generated content

If you add a comment or a product review:
• The content and metadata of the comment/review may be stored indefinitely to recognise and automatically approve subsequent comments/reviews and to defend against claims/spam (Art. 6(1)(f) GDPR).
• Users with an account can view and modify profile data (except the username if the platform does not allow it to be changed).

11) Children

The store is not directed at children. Where processing is based on consent, in Poland the consent of a guardian is required for persons under 16 years of age.

12) Security measures

We apply appropriate technical and organisational data protection measures (including TLS encryption, access control, regular updates and backups). In the event of a data breach, we will fulfil the notification obligations arising from the GDPR.

13) Payments and delivery – additional information

• We disclose billing data to payment operators Tpay, PayPal, Visa, MasterCard solely for the purpose of processing payments.
• We disclose address data to carriers InPost, Poczta Polska for the purpose of delivery.
• Operators act as separate controllers or processors – in accordance with their own terms and privacy policies.

14) International marketing and external platforms

If we use external advertising platforms (e.g., Meta Ads, Google Ads), they may act as separate controllers of online identifiers.

15) Changes to this policy

We may update the policy when laws or technologies change. The latest version is always available at www.miatafamily.com. We will inform you of material changes (e.g., change of purpose, new partner) in a visible manner on the site or by email, where appropriate.

Others
Other cookies are those that are being analyzed and have not yet been classified into a specific category.
Necessary	Necessary
Necessary cookies are absolutely essential for the proper functioning of the website. These cookies ensure the operation of basic functionalities and security features of the site. They are stored anonymously.
Advertisement
Advertising cookies are used to deliver relevant ads and marketing campaigns to users. These cookies track users across websites and collect information to provide customized advertisements.
Analytics
Analytics cookies are used to understand how visitors interact with the website. These cookies help collect information on metrics such as the number of visitors, bounce rate, traffic source, and more.
Functional
Functional cookies support certain functionalities such as sharing website content on social media, collecting feedback, and other third-party features.
Performance
Performance cookies help understand and analyze the website’s key performance indicators, which in turn helps provide a better user experience.

Basket