Privacy Policy

Last updated: February 5, 2025

Introduction

1.1. This Privacy Policy explains how we collect, use, share, and protect your personal data when you visit our website, use our online shop, or communicate with us.

1.2. The online shop operates under the brand name “WillyWally”. WillyWally is a trademark owned by WILLYWALLY Sp. z o.o. (Bohaterów Warszawy 23/2, 02-495 Warsaw, Poland, VAT: PL5223274903).

1.3. The entity responsible for processing personal data (the “data controller”) is:
WILLYWALLY Sp. z o.o.
Bohaterów Warszawy 23/2
02-495 Warsaw
Poland
VAT: PL5223274903

1.4. In this Privacy Policy, references to “WillyWally”, “we”, “us” or “our” mean WILLYWALLY Sp. z o.o. operating under the WillyWally brand.

1.5. By using our website or placing an order, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the website.

Personal Data We Collect

2.1. Data you provide directly:
– Contact details: name, surname, email address, phone number, billing and shipping address;
– Account data: username and password if you create an account;
– Order data: products ordered, order ID, payment method, delivery details;
– Communications: information you provide when contacting us (for example, through email or contact forms).

2.2. Data collected automatically:
– Technical data: IP address, browser type and version, device information, operating system;
– Usage data: pages visited, time spent on pages, actions taken on the site, referrer URL, click paths;
– Approximate location based on IP address.

2.3. Data from third parties:
– Payment providers may share limited data such as payment status or transaction ID;
– Shipping carriers may provide updated delivery information or confirmation of delivery;
– Analytics and advertising partners (for example, Google Analytics or Meta) may provide aggregated or pseudonymised data about interactions with our site and campaigns, subject to your cookie preferences.

2.4. We do not intentionally collect special categories of data (such as health data or religious beliefs) or data relating to children. Our website is not directed at children.

Purposes and Legal Bases

3.1. We process personal data for the following purposes and on the following legal bases:

(a) Order fulfilment
To process and deliver your orders, manage payments, provide invoices, and handle returns or complaints.
Legal basis: performance of a contract (Article 6(1)(b) GDPR).

(b) Customer service
To respond to your enquiries, provide support, and handle issues relating to your orders.
Legal basis: performance of a contract or our legitimate interest in providing good customer service (Article 6(1)(b) and 6(1)(f) GDPR).

(c) Account management
To set up and manage user accounts and preferences.
Legal basis: performance of a contract (Article 6(1)(b) GDPR).

(d) Marketing communications
To send newsletters or promotional communications if you choose to receive them.
Legal basis: your consent (Article 6(1)(a) GDPR). You may withdraw consent at any time.

(e) Analytics and website improvement
To understand how the website is used and improve its performance, layout, and content.
Legal basis: your consent for analytics cookies (Article 6(1)(a) GDPR) and, where allowed, our legitimate interest in improving our services (Article 6(1)(f) GDPR).

(f) Security and fraud prevention
To protect our website, systems, and customers against fraud, misuse, and security incidents.
Legal basis: our legitimate interest in ensuring security (Article 6(1)(f) GDPR), and where applicable, legal obligations.

(g) Legal compliance
To comply with legal obligations, including tax, accounting, and consumer protection laws, and to respond to lawful requests from authorities.
Legal basis: compliance with legal obligations (Article 6(1)(c) GDPR).

Cookies and Tracking

4.1. We use cookies and similar technologies to:
– enable basic site functionality;
– remember your preferences;
– analyse site usage;
– provide personalised advertising (only where you consent).

4.2. When you first visit the website, we will ask for your consent to non-essential cookies (such as analytics and advertising cookies). You can change your preferences at any time in your browser settings and, where available, via our cookie management interface.

How We Share Personal Data

5.1. We do not sell your personal data. We may share data with:

(a) Service providers (processors)
– E-commerce platform providers (for example, Shopify);
– Payment service providers;
– Shipping platforms (for example, ShippyPro, EasyShip);
– Shipping carriers (DHL, FedEx, UPS, postal services and others);
– IT hosting and cloud providers;
– Email and customer support tools.

These providers only process personal data on our instructions and under written contracts.

(b) Analytics and advertising partners
With your consent, certain data may be shared with analytics and advertising partners to measure performance and display relevant ads. These partners may act as independent controllers for some of their processing.

(c) Legal and compliance
We may disclose data if required by law, court order, or request from authorities, or when necessary to protect our rights or the rights and safety of others.

(d) Business transfers
If we undergo a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity under appropriate safeguards.

International Transfers

6.1. Some service providers may be located outside the European Economic Area (EEA). When we transfer personal data outside the EEA to a country that does not have an adequacy decision from the European Commission, we implement appropriate safeguards, such as Standard Contractual Clauses or other lawful mechanisms.

Data Retention

7.1. We keep personal data only as long as necessary for the purposes described above, including to meet legal, accounting, or reporting requirements.

7.2. Order and invoice data may be stored for several years, as required by applicable tax and accounting laws.

7.3. Marketing data is kept until you withdraw your consent or unsubscribe. We may keep a minimal record (for example, your email on a suppression list) to ensure we do not send further marketing.

7.4. When personal data is no longer needed, we delete it or anonymise it. Where complete deletion is not immediately possible (for example, data in backups), we will securely store and isolate it until deletion is feasible.

Your Rights

8.1. Under applicable data protection law, including GDPR, you have the right to:
– access your personal data;
– request correction of inaccurate data;
– request deletion of your data in certain circumstances;
– request restriction of processing;
– receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (data portability);
– object to processing based on legitimate interests and to object at any time to processing for direct marketing;
– withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

8.2. To exercise these rights, contact us at:
care@willywally.com

8.3. We may need to verify your identity before handling certain requests. We will respond within the timeframes required by law.

8.4. You also have the right to lodge a complaint with a supervisory authority, in particular in your country of residence, place of work, or where an alleged infringement occurred.

Security

9.1. We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or damage.

9.2. These measures include encryption, access controls, secure hosting, and internal policies and training.

9.3. No system is completely secure. If we become aware of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.

Changes to this Privacy Policy

10.1. We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations.

10.2. When we make significant changes, we will update the “last updated” date and may provide additional notice where appropriate.

10.3. Your continued use of the website after a change means you accept the updated policy. If you do not agree, you should stop using the site.

Contact

11.1. For any questions, comments, or requests regarding this Privacy Policy or our data practices, please contact:
care@willywally.com