Privacy policy

Effective from 1 February 2026
Controller EDUstick Sp. z o.o.
Original language Polish

This Privacy Policy describes how EDUstick® collects, uses, and discloses personal data of users (Consumers, natural persons) of our online store at edustick.eu, and how we use cookies. It is provided in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR"). In case of any discrepancy between this English translation and the original Polish version, the Polish text prevails.

§ 1Data Controller

We are the controller of the User's (Consumer's) personal data:

Controller EDUstick Sp. z o.o.
ul. Żegańska 15
04-713 Warsaw, Poland
Registration KRS 0001116158
NIP 9522258570
REGON 529170439
Share capital: PLN 50,000
Data protection contact iod@edustick.eu
Court of registration District Court for the Capital City of Warsaw, 14th Commercial Division of the National Court Register

Hereinafter referred to as "EDUstick".

§ 2About This Policy

EDUstick operates this store and website, including all related information, content, features, tools, products, and services, in order to provide the User with a tailored shopping experience (the "Services"). The EDUstick store is powered by Shopify technology, which enables us to offer the Services to the User. This Privacy Policy describes how we collect, use, and disclose personal data of Users who visit and use the Services, make purchases through them, or otherwise communicate with us. In case of conflict between our Terms of Service and this Privacy Policy, this Privacy Policy applies to the collection, processing, and disclosure of the User's personal data.

Please read this Privacy Policy carefully. By using and accessing the Services, the User confirms familiarity with this Privacy Policy and understanding of the rules governing the collection, use, and disclosure of their data as described herein.

§ 3Personal Data We Collect and Process

When we use the term "personal data", we refer to information that identifies the User or can reasonably be linked to them. Personal data does not include information collected anonymously or that has been anonymised in a manner that prevents identification of the User or linking it to the User.

We may collect or process the following categories of personal data, including conclusions drawn from them, depending on how the User uses the Services and their place of residence, and to the extent permitted or required by applicable law:

  1. Contact data — including first and last name, address, billing address, shipping address, telephone number, and email address (Article 6(1)(a, b) GDPR).
  2. Financial data — including credit card numbers, debit card numbers, financial account numbers, payment card details, financial account details, transaction details, payment forms, payment confirmations, and other payment data (Article 6(1)(b) GDPR).
  3. Account information — including username, password, security questions, preferences, and settings (Article 6(1)(b) GDPR).
  4. Transaction information — including items the User views, adds to cart, adds to wishlist, purchases, returns, exchanges, or cancels, as well as past transactions (Article 6(1)(f) GDPR).
  5. Communications with us — including information provided in communications with us, e.g. when sending an enquiry to customer service (Article 6(1)(b) GDPR).
  6. Device information — including information about the customer's device, browser or network connection, IP address, and other unique identifiers (Article 6(1)(b) GDPR).
  7. Usage information — including information regarding the customer's interactions with the Services, including how and when the Services are used or navigated (Article 6(1)(b) GDPR).

§ 4Sources of Personal Data

We may collect personal data from the following sources:

  1. Directly from the customer — including at the time of account creation, when visiting or using our Services, when communicating with us, or where the User provides personal data to us in any other way.
  2. Automatically through the Services — including from the User's device when using our products or services or visiting our websites, and through the use of cookies and similar technologies.
  3. From service providers — including where we cooperate with them to operate certain technology and where they collect or process the User's personal data on our behalf.
  4. From our partners or other third-party companies — in accordance with applicable law.

§ 5How We Use the Customer's Personal Data

Depending on how the User interacts with us and the Services used, we may use the User's personal data for the following purposes:

  1. Providing, customising, and improving the Services. We use the User's personal data to provide the Services, including to perform the contract concluded with the User, process payments, fulfil orders, remember preferences and products of interest to the User, send notifications related to the User's account, process purchases, returns, exchanges, and other transactions, create, maintain, and manage the User's account, arrange shipping, enable returns and exchanges, enable posting of reviews, and create personalised shopping experiences, for example by recommending products related to the User's previous purchases. This may include using the customer's personal data to personalise and improve the Services.
  2. Marketing and advertising. We may use the User's personal data for marketing and promotional purposes such as sending marketing, advertising, and promotional communications via email, text message, or postal mail, and to display online advertisements to the User promoting products or services on our Services or on other websites, including based on items purchased or added to cart by the User or other User activity on the Services.
  3. Security and fraud prevention. We use the User's personal data to authenticate the User's account, ensure secure payments and purchases, detect and investigate potentially fraudulent, illegal, unsafe, or malicious activity, take appropriate steps to combat such activity, and protect public safety and the security of our services. If the User chooses to use the Services and register an account, they will be responsible for keeping their account credentials secure. We strongly advise against sharing the username, password, and other authentication credentials with anyone.
  4. Communicating with the User. We use the User's personal data to provide customer service, answer questions, deliver effective services, and maintain a business relationship.
  5. Legal reasons. We use the User's personal data to ensure compliance with applicable law or to respond to legitimate legal processes, including requests from law enforcement or government authorities, and to conduct investigations or participate in evidentiary proceedings in civil matters, potential or actual litigation, or other adversarial proceedings, and to enforce or investigate potential violations of our terms or policies.

§ 6How We Disclose Personal Data

In certain circumstances, we may disclose the User's personal data to third parties for legitimate purposes, in accordance with this Privacy Policy. These circumstances may include:

  1. In the case of Shopify, we may disclose data to vendors and other third parties who provide services on our behalf (e.g. IT management, payment processing, data analysis, customer service, cloud storage, order fulfilment, and shipping).
  2. In the case of business and marketing partners, in order to provide marketing services and present advertisements to the User. For example, we use Shopify to deliver personalised advertisements through third-party services based on the User's online activity across different merchants and websites. Our business and marketing partners will use the User's data in accordance with their own personal data processing policies. Depending on the User's place of residence, the User may have the right not to share their data for the purposes of displaying personalised advertisements and marketing based on online activity across different merchants and websites.
  3. Where the User instructs us to disclose certain data to third parties, i.e. requests this or consents to it, for example for the purpose of shipping products or in connection with the use of social media widgets or login integrations.
  4. Our affiliates or within our corporate group.
  5. In connection with a business transaction such as a merger or insolvency, in order to fulfil obligations arising from applicable law (including in response to court summons, search warrants, and similar requests), to enforce applicable terms of service or policies, and to protect and defend the Services, our rights, the User's rights, or the rights of others.

§ 7Relationship with Shopify

The Services are hosted by Shopify in accordance with its terms. Shopify collects and processes personal data concerning the User's access to and use of the Services, in order to provide and improve them. Data provided through the Services will be transferred to and made available to Shopify, as well as to third parties that may be established in countries other than the User's country of residence, in order to provide services to the User.

Furthermore, in order to secure, develop, and improve our business, we use certain advanced features of Shopify that include data and information obtained from the User's interactions with our Store, with other merchants, and with the Shopify platform. In order to provide these advanced features to the User, Shopify may use personal data collected during the User's interactions with our Store, with other merchants, and with the Shopify platform. In such circumstances, Shopify is responsible for processing the User's personal data, including responding to the User's requests regarding the exercise of their rights related to the use of personal data for these purposes.

To learn more about how Shopify uses personal data and about any rights the User may have, please visit Shopify's privacy section: Shopify Consumer Privacy Policy. Depending on the User's place of residence, the User may exercise applicable rights regarding their personal data here: Shopify Privacy Portal.

§ 8Third-Party Websites and Links

The Services may contain links to websites and other online platforms operated by third parties. When transferring to websites not affiliated with us or not controlled by us, the User should review their privacy and security policies and other terms and conditions. We do not guarantee the privacy or security of such websites, nor are we responsible for them. This includes, but is not limited to, the accuracy, completeness, and reliability of information found on these websites. Information that the User provides in public or semi-public places, including data shared on third-party social media platforms, may also be visible to other users of the Services and/or users of such third-party platforms without restrictions on its use by us or by the third party. Our inclusion of such links does not in itself imply endorsement of the content on such platforms or of their owners or operators, except as explained in the Services.

§ 9Cookies

  1. Cookies (so-called "cookies") are IT data, in particular text files, that are stored on the User's end device and intended for use with the Shopify platform. Cookies typically contain the name of the website they originate from, the time of storage on the end device, and a unique number.
  2. The Shopify platform uses two fundamental types of Cookies: "session" (session Cookies) and "persistent" (persistent Cookies). "Session" Cookies are temporary files that are stored on the User's end device until they leave the website or close the software (web browser). "Persistent" Cookies are stored on the User's end device for the time specified in the Cookie parameters or until they are deleted by the User. A detailed description of Shopify platform cookies is available at: shopify.com/pl/legal/cookies
  3. Please note that you can control and manage cookies in various ways. We remind you that deleting or blocking cookies may negatively affect the user experience, and some parts of our website may not be fully accessible. Most browsers automatically accept cookies, but you can decide whether to accept them by using the browser function, often located in the "Tools" or "Preferences" menu. More information on how to modify browser settings or block, manage, or filter cookies can be found in the browser's help file or on websites such as: allaboutcookies.org.
  4. Many advertising services and other third parties provide the option to opt out of their systems. You can read more about the information they collect and how to opt out via the links to the privacy policies listed at: shopify.com/pl/legal/cookies

§ 10Children's Data

The Services are not intended for use by children. We do not knowingly collect any personal data concerning children below the age of majority in the User's jurisdiction. If the User is a parent or guardian of a child who has provided us with their personal data, the User may contact us using the contact information below to request its deletion. As of the effective date of this Privacy Policy, we have no actual knowledge of "sharing" or "selling" (as those terms are defined in applicable law) personal data of persons under 16 years of age.

§ 11Security and Retention of User Data

  1. Please note that no security measures are perfect or impenetrable, and we cannot guarantee "complete security". Furthermore, any data transmitted to us may not be secure during transmission. We advise against using insecure channels to transmit sensitive or confidential data to us.
  2. The length of time we retain the User's personal data depends on various factors, such as whether we need this information to operate the User's account, provide the Services to the User, meet legal requirements, resolve disputes, or enforce other applicable contracts and policies. As a rule, we are obliged to retain transaction data for no less than 5 years, as required by the Polish Accounting Act.

§ 12User Rights and Choices

Depending on the User's place of residence, the User may be entitled to all or some of the following rights related to their personal data. However, these rights are not absolute, may apply only in certain circumstances, and in some cases we may refuse the User's request to the extent permitted by law. These rights are:

  1. Right of access. The User may have the right to access the personal data we hold about them.
  2. Right to erasure. The User may have the right to request the erasure of personal data we hold about them.
  3. Right to rectification. The User may have the right to request the rectification of inaccurate personal data we hold about them.
  4. Right to data portability. The User may have the right to obtain a copy of the personal data we hold about them and to request its transfer to a third party in certain circumstances and with certain exceptions.
  5. Managing communication preferences. We may send the User promotional emails, and the User may opt out of receiving them at any time using the unsubscribe option displayed in our emails to the User. If the User opts out, we may still send non-promotional emails, for example concerning the User's account or orders placed.
  6. If the User is a resident of the United Kingdom or the European Economic Area and subject to exceptions and limitations provided by local law, in addition to the rights described above, the User may exercise the following rights:
    1. Objection to processing and restriction of processing: The User has the right to ask us to stop or restrict the processing of their personal data for certain purposes.
    2. Withdrawal of consent: Where we need the User's consent to process their personal data, the User has the right to withdraw that consent. If the User withdraws consent, this will not affect the lawfulness of any processing based on their consent prior to its withdrawal.
  7. The User may exercise any of these rights where indicated in the Services or by using the contact information below. To learn more about how Shopify uses the User's personal data and about the rights that may apply to them, including rights related to data processing by Shopify, please visit privacy.shopify.com/pl.
  8. We will not discriminate against the User for exercising any of these rights. We may need to verify the User's identity before proceeding with their request, in accordance with applicable law. In accordance with applicable regulations, the User may authorise a representative to submit requests on their behalf relating to the exercise of their rights. Before accepting such a request submitted by a representative, we will require proof that the representative has been authorised by the User to act on their behalf, and we may ask the User to directly confirm their identity. We will respond to the User's request within the timeframe provided by applicable law.

§ 13Complaints

In case of complaints regarding the way we process personal data, please contact us using the contact information below. Depending on the User's place of residence, the User may have the right to appeal our decision by contacting us using the contact information below, or to lodge a complaint with the local data protection authority. A list of the relevant data protection supervisory authorities in the EEA can be found here.

In Poland, the competent supervisory authority is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych — UODO), uodo.gov.pl.

§ 14International Data Transfers

We may transfer, store, and process the User's personal data outside the User's country of residence. If we transfer the User's personal data outside the European Economic Area or the United Kingdom, we rely on recognised data transfer mechanisms, such as the European Commission's Standard Contractual Clauses or equivalent agreements issued by the relevant supervisory authority in the United Kingdom, unless the data is transferred to a country that has been recognised as providing an adequate level of protection.

§ 15Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Policy on this website, update the "Last updated" date, and notify the User of changes in accordance with applicable law.

§ 16Contact

If you have any questions about our personal data protection practices or this Privacy Policy, or wish to exercise any of the rights to which you are entitled, please contact us:

Postal address EDUstick Sp. z o.o.
ul. Żegańska 15
04-713 Warsaw, Poland

In accordance with applicable personal data protection regulations, we are the controller of the User's personal data.

EDUstick Sp. z o.o. · ul. Żegańska 15, 04-713 Warsaw, Poland

KRS 0001116158 · NIP 9522258570 · REGON 529170439 · Share capital: PLN 50,000

Last updated: 1 February 2026. The Polish version of this Privacy Policy is the binding original; this English translation is provided for convenience only. References to "GDPR" mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.