Privacy policy

Ensuring the protection of your data is of utmost importance to us. We want to provide you with the key information about the principles and scope of processing your data, as well as your rights and obligations related to this.

I. General Information

What are personal data, and what does processing mean?

Personal data refers to information about an identified or identifiable individual. Processing personal data includes any action performed on this data, whether automated or not, such as collection, storage, organization, modification, viewing, use, sharing, restriction, erasure, or destruction.

When does this Privacy Policy apply?

This privacy policy applies to all situations in which we act as the controller and process personal data. This includes both cases where we process data obtained directly from the person to whom it relates and cases where data is acquired from external sources.

II. Who We Are – Controller and Website

Our website address is:

The controller of your data is Hania Bulczyńska, operating a sole proprietorship entered into the Central Register and Information on Economic Activity under the name LALLU CHIC HANNA BULCZYŃSKA, conducting business at ul. Konopacka no. 16, 03-428, Warsaw, NIP 9291592345, REGON 385696428.

You can contact the controller at any time:

III. What Personal Data We Collect and Why


When visitors leave comments on the site, we collect the data visible in the comment form, the visitor’s IP address, and the browser user-agent string to help spam detection.

Contact Forms

If you use one of our online forms on the website, we collect and process:

  • Contact form: first and last name, email address, phone, and other data provided in the message.
  • Collaboration form: first and last name, address, email or phone, and other data provided in the message.

Online Store Orders

When placing an order, we ask for:

  • First and last name
  • Company name and tax identification number (for companies)
  • Shipping address
  • Email and phone
  • Other data provided in the message


If you leave a comment on our site, you can choose to save your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded Content from Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Statistics Analysis

Even if you haven’t used an electronic form or registration, for analysis purposes and improving our services, we collect data such as IP address, logs, location data, and device information when you visit our site.

IV. Why We Process Data and Legal Basis

  • To fulfill or prepare a contract: Such as purchasing from the online store, order processing, etc. Legal basis: Art. 6 (1) lit. b GDPR – processing necessary for the performance of a contract.
  • For marketing purposes: Offering goods or services, including electronic communication (promotional campaigns, customer cards, email marketing, newsletters, etc.). Legal basis: Art. 6 (1) lit. a GDPR – consent of the data subject.
  • For financial settlements under tax law: Legal basis: Art. 6 (1) lit. c GDPR – processing is necessary for compliance with a legal obligation.
  • For statistical purposes: Monitoring website visits, activity, location information, and device data to better tailor products and services to your needs and improve cooperation conditions. Legal basis: Art. 6 (1) lit. f GDPR – legitimate interest of the controller to improve services.
  • For maintaining and conducting commercial contacts: This includes ongoing correspondence related to business activities, using available electronic forms. Legal basis: Art. 6 (1) lit. f GDPR – legitimate interest of the controller in maintaining contacts and cooperation.
  • For determining, asserting, or defending against claims: Legal basis: Art. 6 (1) lit. f GDPR – legitimate interest of the controller in establishing, asserting, or defending against claims.
  • For data archiving and security: Legal basis: Art. 6 (1) lit. f GDPR – legitimate interest of the controller in ensuring the continuity of IT system operation in case of failure.

V. Is Providing Data Necessary?

Providing your data is voluntary, but in some cases, it is necessary. Failure to provide us with the required data may then prevent the provision of services and fulfillment of the contract, such as making a purchase or contacting you to respond to an inquiry.

Not providing data marked as voluntary does not entail any consequences.

VI. How Long Do We Store Your Data?

Depending on the legal basis for processing data:

a) If the basis is the performance of a contract or preparation for its conclusion (e.g., making a purchase, order processing), data is stored until the contract is performed or expires.

b) If the basis is the consent of the data subject, data is stored until withdrawn, but not longer than two years from the last activity.

c) If the basis is the legitimate interest of the controller, data is generally stored until the resolution of the case initiated due to an objection, or for the limitation period of claims arising from legal relationships.

d) If the basis is the fulfillment of obligations arising from legal provisions, data is stored for the time necessary to fulfill these obligations, especially the tax obligation.

VII. With Whom Do We Share Data?

We provide personal data to others only to the extent necessary for daily operations and when allowed by applicable law:

  • In connection with the conducted business, e.g., IT, postal operators, couriers, electronic payment systems, legal services, provision of marketing services.
  • To meet the requirements of applicable law, regulations, legal processes, or lawful requests from state institutions.
  • After obtaining your consent to provide data.
  • To carry out actions by third parties based on agreements signed with them.

Your personal data may be transferred and stored in a destination outside the European Economic Area (“EEA”). It may also be processed by entities operating outside the EEA working for the controller or one of its subcontractors. In such cases, provisions and security mechanisms are applied to protect data and maintain EU standards for data protection, confidentiality, and security.

VIII. Your Rights to Your Data

According to the GDPR, you have the right to:

  • Request access to your personal data.
  • Correct your personal data.
  • Delete personal data (“right to be forgotten”).
  • Restrict the processing of data.
  • Object to the processing of personal data based on the legitimate interest of the controller.
  • Data portability.
  • Lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection.
  • Withdraw consent to the processing of personal data (withdrawal does not affect the lawfulness of processing before withdrawal).

IX. Contact Details – Exercise of Rights

Any reports or requests regarding personal data can be sent to us via:

  • Email:
  • Postal address: ul. Konopacka no. 16, apt. 3, 03-428, Warsaw
  • Contact form on the website

X. Additional Information

How do we protect your data?

To protect against unauthorized access, modification, disclosure, and destruction of personal data, we implement security measures such as SSL encryption, physical security measures, and controlled access to personal data.

Automated Processing Using User Data

While personal data may be processed automatically when using our website, it is not subject to profiling and will not have legal effects on you or impact your situation.

XI. Changes to the Privacy Policy

This privacy policy may change, but it will not affect the rights of individuals whose data we process without their explicit consent. Any changes to the privacy policy will be made available on the website. Last update: May 26, 2022.