Privacy and cookies policy

PRIVACY & COOKIES POLICY OF THE ONLINE STORE www.lelei.earth
last updated: 13 August 2025

§ 1. PERSONAL DATA CONTROLLER, DEFINITIONS, GENERAL INFORMATION

  1. The operator of the Online Store and the Controller of the personal data of Customers and Users of the Online Store, hereinafter also referred to as the Seller or Controller, is:

    Karolina Gosiewska conducting business under the name – Lelei Earth Karolina Gosiewska, NIP: 7182174197, REGON: 541611259.

    Controller’s contact details:
    Correspondence address: Kalinowo 14A, 18-421 Piątnica Poduchowna.
    Email address: info@lelei.earth
    Telephone number: +48 731 339 700

  2. Customer – a natural person with full legal capacity, a natural person being a Consumer, a legal person, or an organisational unit without legal personality to which the law grants legal capacity, who concludes a distance sales agreement (hereinafter referred to as the “Sales Agreement”) with the Seller, and is also a User.

  3. Account – a set of data stored in the Online Store and in the Seller’s IT system regarding a given Customer and the Orders placed by them and Sales Agreements concluded using which the Customer may place Orders, conclude Sales Agreements, as well as perform other activities and actions to the extent and in the manner specified in the Terms and Conditions.

  4. Newsletter – information, including commercial information within the meaning of the Act of 18 July 2002 on the provision of services by electronic means, originating from the Seller and sent to the Customer/User electronically; receipt of the Newsletter is voluntary and requires the consent of the Customer/User.

  5. Privacy Policy – means this Privacy & Cookies Policy of the Online Store www.lelei.earth available on the website www.lelei.earth in the tab entitled “Privacy Policy”.

  6. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

  7. Online Store – the website operated by the Seller available at: www.lelei.earth, through which the User / Customer can obtain information about Products offered by the Seller and their availability and select and purchase a Product, as well as perform other actions covered by the functionalities of the Online Store and provided for in the Terms and Conditions and in this Privacy Policy.

  8. Personal Data Protection Act – the Act of 10 May 2018 on the protection of personal data (Journal of Laws of 2019, item 1781, as amended).

  9. User – a natural person visiting the page(s) of the Online Store and/or using the services and functionalities described in this Privacy Policy and in the Terms and Conditions of the Online Store (“Terms and Conditions”).

  10. The definitions contained in the Terms and Conditions apply accordingly to this Privacy Policy, unless certain expressions or phrases are directly defined in this document otherwise.

  11. Providing personal data for the purpose of processing by the Controller is voluntary, and consent to their processing may be withdrawn at any time.

  12. Users’ personal data are stored in a database, on the Controller’s servers or on servers belonging to the Controller’s service providers, using technical and organisational measures required by generally applicable law.

  13. The Controller applies security measures to protect personal data against loss, misuse, and alteration.

  14. This Privacy Policy does not cover any information, advertisements, and content regarding goods and services provided by entities other than the Seller, which have been placed on the Online Store’s pages regardless of the basis and purpose of their placement. It is recommended that the User / Customer read the privacy policy of the given third party before using or taking any action in relation to the information and content posted.

  15. The Controller makes this Privacy Policy available via a link placed on the homepage of the Online Store. The User has the opportunity to read the content of the Privacy Policy at any time they choose.


§ 2. PURPOSES, LEGAL BASES, AND PERIOD OF PROCESSING PERSONAL DATA

  1. The Controller may process the following categories of personal data and information concerning Users:

    1) Information regarding the User’s device to ensure correct provision of services: IP address of the computer, domain name, information contained in cookies or other similar technologies, session data, data and type of internet browser, type of operating system, device data, data regarding activity on the Online Store’s website, including individual subpages;

    2) Geolocation information, if the User has given consent for the Seller to access their geolocation; geolocation information is used to provide offers of Products and services supplied by the Seller more tailored to the User’s needs and capabilities;

    3) Users’ personal data: first name, last name, company name, registered office/residence address, delivery address, email address, payment details, or other personal data the provision of which is necessary to register an Account, place and pay for an Order, and complete the purchase, as required by the Seller or the payment operator via the appropriate electronic forms or established procedures.

  2. Although not all the information listed above may be considered personal data of Users, since in combination with other information it may qualify as such, the Controller provides them with full protection under the GDPR.

  3. Personal data may be processed for the following purposes and on the following legal bases:

    1) For the purpose of concluding and performing a contract for the provision of Electronic Services and the Sales Agreement (legal basis: Article 6(1)(b) GDPR) – the purpose of processing personal data is to provide the Services (by using the Online Store and accepting the provisions of the Terms and Conditions, the User enters into a contract with the Controller for the provision of Services consisting of enabling the use of the functionalities of the Online Store), register and use the Account, place and fulfil an Order, conclude and perform a Sales Agreement, receive and handle inquiries submitted by Users of the Online Store, take specific actions at the request of the data subject, receive and handle complaints and claims, as well as support and execute payment processes; without the required personal data, the Seller is unable to provide certain Services to the User, and the User cannot fully use the Online Store;

    2) For the purpose of fulfilling legal obligations incumbent on the Controller in connection with the concluded Sales Agreement (legal basis: Article 6(1)(c) GDPR in conjunction with Article 6(1)(b) GDPR) – the purpose of processing personal data is for the Controller to fulfil legal obligations related to the concluded Sales Agreement, in particular to fulfil tax and accounting obligations as well as warranty and complaint-related rights and obligations;

    3) For the purpose of defence, establishment, or assertion of claims related to the contract for the provision of Electronic Services and the Sales Agreement, which constitutes the Controller’s legitimate interest (legal basis: Article 6(1)(f) GDPR) – the purpose of processing personal data is to secure information in the event of a legal need to prove certain facts, which is the Controller’s legitimate interest;

    4) For marketing purposes, informing about news in the Online Store, based on the consent of the data subject (legal basis: Article 6(1)(a) GDPR) – the purpose of processing personal data is to provide marketing information, information about news and promotions, also in an automated manner; processing of personal data in this scope takes place solely on the basis of separate consent given by the User for the processing of personal data, the use of cookies, or other similar technologies, expressed by a statement made in the process of registering an Account or placing an Order electronically via the appropriate functionalities of the Online Store, i.e. before concluding a contract for the provision of Electronic Services and the Sales Agreement; the Controller may use electronic communication tools such as the email address provided by the User for this purpose;

    5) For direct marketing purposes (legal basis: Article 6(1)(f) GDPR) – for offering products and services of the Controller and the Controller’s partners, most often in the form of internet advertising selected according to the User’s interests, as well as via the Newsletter, which is the legitimate interest of the Controller and the Controller’s partners; the Controller may use electronic communication tools such as the email address provided by the User for this purpose;

    6) For analytical purposes (legal basis: Article 6(1)(f) GDPR) – including conducting surveys of Users’ opinions, contacting Users of the Online Store for analytical purposes; based on the analysis of the User’s activity in the Online Store, the Controller can better select content and services and tailor them to Users’ needs, compile statistics related to the use of the Online Store, assess satisfaction with the services offered and determine their quality, as well as ensure data security on the site, which constitutes the Controller’s legitimate interest.

  4. Personal data collected by the Controller will be processed for no longer than is necessary for the purposes for which they were collected, specifically:

    1) Data collected for the conclusion and performance of a contract for the provision of Electronic Services and the conclusion and performance of a Sales Agreement will be stored and processed for the duration of the contract and then for the required data archiving period provided for by law;

    2) Data collected to fulfil legal obligations incumbent on the Controller in connection with concluded contracts will be processed for the period necessary to fulfil the legal obligations incumbent on the Controller;

    3) Data collected for the purpose of defence, establishment, or assertion of claims related to concluded contracts will be processed for the duration of pursuing, defending, or establishing claims, but no longer than until the expiry of the limitation periods for claims;

    4) Data collected to handle inquiries submitted by Users of the Online Store will be processed for the period necessary to establish contact with the User and handle the matter;

    5) Data collected for marketing, analytical, and news purposes will be processed for the duration of the marketing campaign or until the consent for processing is withdrawn or an objection to such processing is raised;

    6) Data collected for the purpose of user opinion surveys will be processed during the survey and for the period of analysing its results;

    7) Data collected in connection with cookies technology will be processed until consent is withdrawn.

    8)  Personal data will also be processed until the expiry of statutory limitation periods for claims or the expiry of archiving obligations arising from applicable law, in particular in respect of accounting, tax, and financial documents.

  5. The Controller will cease processing personal data collected on the basis of the Controller’s legitimate interest whenever the person whose data is being processed objects to the processing of their personal data and, in addition, when the consent on the basis of which the data was collected and is being processed is withdrawn, or the Controller determines that the data has become outdated.

  6. Information and personal data about Users are obtained through the voluntary entry of personal data and information into the Online Store systems via electronic forms available on its pages, as well as automatically, via cookies stored on end devices and through the collection of www server logs by the hosting operator of the Service (necessary for the proper operation of the Online Store).

  7. The User may visit the Online Store without registering and providing any personal data and, in such a mode, browse the Online Store’s pages, subject to data collected automatically, which mainly includes: IP address, domain name, type and version of the browser, type of operating system, interests, age, and gender of the Service user. These data are collected automatically mainly via cookies.

  8. Although providing personal data is voluntary and consent to their processing can be withdrawn at any time, in cases where providing personal data is required due to an existing legal obligation or for the purpose of concluding and performing a contract for the provision of Services and/or the Sales Agreement and taking necessary steps before its conclusion, failure by the User to provide the required personal data may result in the inability to conclude and perform the contract for the provision of Services and/or the Sales Agreement.

  9. Personal data may be subject to automated decision-making, including profiling, for the purpose of providing services under the concluded contract and for direct marketing purposes. Profiling involves, in particular, tailoring the display of content to Users’ preferences based on their previous choices.

  10. The User consents to the processing of personal data:

    1) Upon entering the Online Store’s website by selecting the “ACCEPT ALL” option from the available options in the message concerning cookies and the Privacy Policy;

    2) Upon entering the Online Store’s website by selecting the “PERMISSION SETTINGS” option from the available options in the message concerning cookies and the Privacy Policy, and then selecting the “BASIC” cookies collection option and confirming the selection by clicking “SAVE”;

    3) Before registering an Account via the Online Store by ticking the appropriate checkbox;

    4) Before placing an Order via the Online Store by ticking the appropriate checkbox;

    5) Before subscribing to the Newsletter via the Online Store’s functionality by ticking the appropriate checkbox;

    6) Before sending feedback and information to the Seller via the Online Store’s functionality by ticking the appropriate checkbox.


§ 3. RECIPIENTS OF USER DATA

  1. The Controller may transfer personal data to entities processing personal data on behalf of the Controller, i.e. external entities providing services to the Controller, based on contracts for the entrustment of personal data processing, for the purpose of providing services to the Controller and in accordance with the Controller’s instructions.

  2. Users’ personal data may be transferred to the following categories of entities, which provide sufficient guarantees of implementing appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and the Personal Data Protection Act and protects the rights of data subjects:

    1) Subcontractors – external companies providing services for the Controller, in particular such as: hosting, server maintenance, including email servers, database maintenance, sending automated information to Users, service, diagnostic and repair works, marketing, analytics, accounting, providing widgets for embedding on the website, providing helpdesk systems, providing an e-commerce platform, creating and providing backups, courier services, postal services, services related to quality testing of services provided, hosting, technical / IT support, marketing and PR support, legal and advisory services, insurance companies, payment processors, banks, advertisers, and similar entities, and in addition, to the extent resulting from legal obligations – public authorities. These entities are data recipients, processors acting on behalf of and at the instruction of the Controller;

    2) Payment intermediaries – in the case of using paid services, personal data related to payments are transferred to payment operators and intermediaries. The Controller has access to personal data transferred to the payment operator and transactions made with its participation;

    3) Advertisers – entities which, on the basis of information contained in cookies or other similar identifiers (if they contain personal data), participate in the process of selecting advertising content displayed to Users in the Online Store. More information on what cookies are and how they work, and how to adjust browser settings in this regard, can be found in §7 of this Privacy Policy.

  3. Personal data will not be processed in third countries.


§ 4. RIGHTS OF DATA SUBJECTS

  1. Each person whose personal data is processed has the right to:

    1)     Access (Article 15(1) GDPR) – to obtain confirmation from the Controller as to whether personal data concerning them is being processed. If such personal data is being processed by the Controller, they are entitled to access it and obtain the following information: the purposes of processing, categories of personal data, recipients or categories of recipients to whom the data have been or will be disclosed, the storage period or criteria for determining that period, the right to request rectification, erasure, or restriction of processing of personal data, as well as to object to such processing, information on the right to lodge a complaint with a supervisory authority, and additionally, if the personal data were not collected from the data subject – any available information as to their source, information on automated decision-making, including profiling;

    2) Receive a copy of the data (Article 15(3) GDPR) – to obtain a copy of the data undergoing processing, with the first copy being free of charge, and for any subsequent copies the Controller may charge a reasonable fee based on administrative costs;

    3) Rectification (Article 16 GDPR) – to request the rectification of personal data concerning them that is inaccurate, or the completion of incomplete data by providing an additional statement;

    4) Erasure (Article 17 GDPR) – to request the erasure of personal data concerning them if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, the data subject has withdrawn consent on which the processing is based and there is no other legal ground for the processing, the data subject objects to the processing and there are no overriding legitimate grounds for the processing, the personal data have been unlawfully processed, the personal data must be er…

    5) Restriction of processing (Article 18 GDPR) – to request restriction of processing of personal data concerning them where:

    I. the data subject contests the accuracy of the personal data – for a period enabling the Controller to verify the accuracy of the data,
    II. the processing is unlawful and the data subject opposes the erasure of the personal data, requesting instead the restriction of their use,
    III. the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defence of legal claims,
    IV. the data subject has objected to processing – pending the verification whether the legitimate grounds of the Controller override those of the data subject;

    6) Data portability (Article 20 GDPR) – to receive, in a structured, commonly used, and machine-readable format, the personal data concerning them which they have provided to the Controller, and to transmit those data to another controller, where the processing is based on consent or on a contract with them and the processing is carried out by automated means;

    7) Objection (Article 21 GDPR) – to object to the processing of their personal data for the Controller’s legitimate purposes on grounds relating to their particular situation, including profiling. In such a case, the Controller will no longer be entitled to process those personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning them for such marketing, including profiling to the extent that it is related to such direct marketing;

    8) Withdraw consent at any time and without giving reasons, it being understood that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Withdrawal of consent will result in the Controller ceasing to process personal data for the purpose for which the consent was granted;

    9) Lodge a complaint with the President of the Personal Data Protection Office whenever the User considers that the Controller’s actions infringe the provisions on the protection of personal data.

  2. To exercise the above rights, the data subject should contact the Controller using the contact details indicated in §1(1) of this Privacy Policy and inform the Controller which right and to what extent they wish to exercise. Please note that fulfilling the User’s request will require verification of their identity, which may require additional activity on the part of the User.


§ 5. PRESIDENT OF THE PERSONAL DATA PROTECTION OFFICE

A person whose personal data is being processed has the right to lodge a complaint with the supervisory authority, which in Poland is the President of the Personal Data Protection Office, based in Warsaw, who can be contacted as follows:

     1) by post: ul. Stawki 2, 00-193 Warsaw;

     2) via the electronic submission box available at: https://www.uodo.gov.pl/pl/p/kontakt;

     3) by telephone via the helpline, at: 606-950-000.

More about how to lodge a complaint with the supervisory authority can be found on the website: https://uodo.gov.pl/pl/83/155.


§ 6. CHANGES TO THE PRIVACY POLICY

  1. The content of this Privacy Policy as set out in this document is effective from the date indicated on the first page of the Privacy Policy, under the title, in the “last updated (…)” section.

  2. The Privacy Policy may be supplemented or updated in accordance with the current needs of the Controller in order to ensure up-to-date and reliable information for Users of the Online Store and to take into account any changes in the factual and legal situation. The currently applicable Privacy Policy is available to Customers / Users via the relevant link in the Online Store.


§ 7. COOKIES

  1. The Online Store collects information about Customers, Users, and their behaviour in the following ways:

    1) through information voluntarily entered by the Customer / User into electronic forms made available by the Seller within the Online Store and for purposes arising from the function of a given form, as well as in another manner and for other purposes as provided for in the Online Store;

    2) through cookies stored on the Customer’s / User’s end devices – by using the Online Store’s website, the User / Customer accepts that cookies will be installed on their end device to enable the Seller to provide services;

    3) through the collection of web server logs by the Online Store’s hosting operator (necessary for the proper functioning of the service).

  2. Cookies are IT data, in particular text files, which are sent while browsing the Online Store’s website and stored on the Customer’s / User’s end device and are intended for use on the Online Store’s website. Cookies usually contain the name of the website from which they originate, the time they are stored on the end device, and a unique number.

  3. The entity placing cookies on the Customer’s/User’s end device and accessing them is the Controller. The legal basis for processing personal data derived from cookies is the Controller’s legitimate interests, consisting in ensuring high quality and security of the services provided.

  4. The Online Store uses cookies after the Customer/User of the Online Store has given prior consent in this respect. Consent to the use by the Online Store of all cookies is given by selecting the appropriate option from those available in the message regarding the use of cookies by the Online Store, which appears upon the first visit to the Online Store’s website, by clicking the “ACCEPT ALL” button, with two options available: “ACCEPT ALL” or “PERMISSION SETTINGS”. Choosing the “PERMISSION SETTINGS” option allows the User to limit the use of cookies by selecting the “Basic” option and then confirming it by clicking the “SAVE” button.

  5. If the Customer/User of the Online Store does not consent to the use of cookies by the Online Store, they may change the settings of the web browser they are currently using (however, this may result in the Online Store’s website not functioning correctly).

  6. The process of giving consent and disabling cookies may vary depending on the web browser used by the User. Detailed information on this is provided in the help section or documentation of the web browser. To manage cookie settings, select your browser/system from the list and follow the instructions: Internet Explorer, Chrome, Safari, Firefox, Opera, Android, Safari (iOS), Windows Phone.

  7. The Online Store uses two main types of cookies: “session” cookies and “persistent” cookies. “Session” cookies are temporary files stored on the User’s end device until they log out, leave the Online Store, or turn off the software (web browser). “Persistent” cookies are stored on the Customer’s/User’s end device for the time specified in the cookie parameters or until they are deleted by the Customer/User. Additionally, we distinguish between first-party cookies (originating directly from the Online Store) and third-party cookies (originating from a third party’s site via the Online Store). In the latter case, it is recommended to read the privacy and cookies policy of the given third party.

  8. Cookies are used for the following purposes:

    1) remembering the User’s preferences, which allows for improving the quality of services provided and increasing the relevance of search results;
    2) creating statistics that help understand how Customers/Users of the Online Store use the websites, which enables improvements to their structure and content;
    3) maintaining the Customer’s/User’s session (after logging in), thanks to which the Customer/User does not have to re-enter their Login and Password on each subpage of the Online Store;
    4) determining the Customer’s/User’s profile in order to display product recommendations and tailored advertising materials, in particular from the Google network.

  9. Browser software (web browser) usually allows cookies to be stored on the Customer’s/User’s end device by default. Customers/Users may change the settings in this regard. The web browser allows cookies to be deleted. It is also possible to automatically block cookies via the appropriate settings of the web browser.

  10. Cookies do not cause configuration changes to the User’s / Customer’s devices or software installed on their devices.

  11. Restrictions on the use of cookies may affect some of the functionalities available on the Online Store’s websites, and in some cases completely prevent the use of some of its functions and options.

  12. Cookies placed on the Customer’s/User’s end device may also be used by advertisers and partners cooperating with the Online Store.

  13. Cookies may be used by the Google network to display advertisements tailored to the manner in which the Customer / User uses the Online Store. For this purpose, they may retain information about the User’s navigation path or time spent on a given page: https://policies.google.com/technologies/partner-sites.

  14. The Service uses statistical traffic analysis on the site via Google Analytics (Google Inc., based in the USA). The Google Analytics system, which automatically collects data about the User, is a web analytics tool that enables the Controller to gain insight into the traffic data of the Online Store and Users’ demographic data, used for marketing purposes. Users are encouraged to review Google Analytics’ privacy policy to learn about the rules for using cookies in statistics: https://policies.google.com/privacy?hl=en. To block the operation of Google Analytics, cookies must be disabled.

  15. Regarding information on the Customer’s/User’s preferences collected by Google’s advertising network, the Customer/User can view and edit the information resulting from cookies using the tool: https://www.google.com/ads/preferences/.

  16. The Online Store’s website includes plugins that may transfer Customer/User data to the administrators of portals such as Facebook, Google, Instagram, LinkedIn, YouTube, Salesmanago, Gemius, and others. These tools enable the indicated portals to identify persons visiting the Online Store as a target group to whom advertisements with appropriate content may then be displayed. To avoid transferring such data to the indicated portals, it is advisable to avoid clicking on links directing to these portals or to log out of your account on the given portal before clicking on the link. The processing of personal data by the above-mentioned portals is based on the rules and policies applied by these portals. The Controller recommends that Users read these documents before performing the actions described above.

  17. For the correct performance of the Sales Agreement, the Controller may share Customer/User data with courier companies.

  18. For the correct performance of the Sales Agreement, the Controller may share Customer/User data with online payment systems.


§ 8. NEWSLETTER

  1. The Customer/User may consent to receiving commercial information by electronic means by selecting the appropriate option in the registration form during the Account registration process in the Online Store, when placing an Order, or via the appropriate functionalities of the Online Store. In the event of such consent, the Customer/User will receive to the email address they have provided commercial information regarding the Seller, the Online Store, and the Products offered by the Seller (Newsletter), as well as other commercial information sent by the Seller.

  2. The Customer/User may unsubscribe from the Newsletter at any time by unchecking the appropriate box on their Account page, by selecting the relevant link in the content of each Newsletter, or by contacting the Seller via the contact details indicated in §1(1) of this Privacy Policy.


§ 9. SECURITY OF PERSONAL DATA PROCESSING

  1. The Controller applies security measures to protect personal data against loss, misuse, and unauthorised modification.

  2. Taking into account the state of technical knowledge, the nature, scope, and purposes of processing, and the risk of infringement of the rights or freedoms of natural persons of varying likelihood and severity, the Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in particular by applying the following measures:

    1) Minimising the required, collected, and processed personal data;

    2) The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

    3) The ability to quickly restore the availability of personal data and access to them in the event of a physical or technical incident;

    4) Regular testing, measuring, and assessing the effectiveness of technical and organisational measures to ensure the security of processing;

    5) By default, only those personal data that are necessary to achieve each specific purpose of processing are processed;

    6) Collecting personal data for specified, lawful purposes and not further processing them in a manner incompatible with those purposes;

    7) Storing personal data in a form that permits identification of the data subjects for no longer than is necessary to achieve the purpose of processing;

    8) Processing personal data in a factually correct and adequate manner in relation to the purposes for which they are processed;

    9) Keeping records of persons authorised to process personal data. Persons authorised to process data are obliged to keep personal data and the means of securing them strictly confidential;

    10) Regular updating of all software used by the Controller to process personal data, which in particular means regular updates of software components.
Scroll to Top