Polityka prywatności

Lifted Clothing Privacy Policy

Last updated: May 26, 2026

1. Who we are (Data Controller)

This Privacy Policy applies to personal data processed in connection with the online store "Lifted Clothing" available at lifted.clothing (the "Store"). The controller of your personal data is:
Miro Nowa Perspektywa Sp. z o.o.
ul. Podolska 21, 81-321 Gdynia, Poland
NIP: 7011177154
EU VAT: PL7011177154
EORI: PL701117715400000
KRS: 0001072476
REGON: 527070337
Email: [email protected]
Phone: +48 571 669 028

2. What personal data we collect

Depending on how you use the Store, we may collect and process:

  • Contact and delivery details: name, email, shipping address, billing address, phone number (if provided).
  • Order and transaction data: items purchased, order history, returns/exchanges/cancellations, communications about orders.
  • Payment-related data: payment status, payment confirmations, transaction identifiers, and limited payment details provided via our payment providers (we do not typically receive full card numbers).
  • Account data (if you create an account): login credentials and preferences.
  • Device and usage data: IP address, browser/device identifiers, pages viewed, interactions with the Store.
  • Cookies and similar technologies: used for functionality, analytics, and marketing (see Section 10).

3. Sources of personal data

  • Directly from you (checkout forms, contact emails, account creation).
  • Automatically (cookies and similar technologies, server logs).
  • From service providers (Shopify platform/hosting, payment providers, shipping providers, analytics and marketing partners where enabled).

4. Whether providing data is required

Providing certain data is necessary to use the Store and complete an order. If you do not provide required data, we may not be able to process your order.

  • Required for purchase/fulfillment: name, email, shipping address, and payment-related information needed to complete checkout.
  • Optional: phone number (unless needed by a carrier in a specific country), account creation details (if you choose to create an account), marketing preferences.

5. Why we use your data (Purposes) and legal bases (GDPR)

We process your personal data for the following purposes:

  • Order processing, delivery, and customer support – to perform a contract or take steps at your request before entering into a contract (GDPR Art. 6(1)(b)).
  • Payments – to perform the contract (GDPR Art. 6(1)(b)) and to process transactions through payment providers.
  • Security and fraud prevention – our legitimate interests in securing the Store, preventing abuse, and protecting customers (GDPR Art. 6(1)(f)). Our legitimate interest consists of maintaining the security and integrity of the Store and protecting our customers from fraudulent activity, which we consider to outweigh any impact on your rights given the security measures in place.
  • Legal and tax compliance (e.g., record-keeping obligations) – legal obligation (GDPR Art. 6(1)(c)).
  • Marketing communications (email) – where required by law, we send marketing communications only based on your consent, which you can withdraw at any time (GDPR Art. 6(1)(a)). You provide this consent through a clear affirmative action — for example, by submitting your email address through a newsletter or discount sign-up form (including pop-up forms) or by selecting a marketing opt-in at checkout. We do not use pre-checked boxes.
  • Analytics and improving the Store – our legitimate interests in improving performance and user experience (GDPR Art. 6(1)(f)). Our legitimate interest consists of understanding how customers interact with the Store and using this insight to improve its performance, usability, and content, which we consider to outweigh the limited impact on your rights given that analytics data is used in aggregated form and only for internal purposes. Where required (e.g., for certain cookies/trackers), analytics processing is based on your consent (GDPR Art. 6(1)(a)).

6. Marketing, profiling, and targeted advertising

We may use marketing and analytics tools to understand how customers use the Store and to show more relevant ads. This can involve profiling — specifically, we may group customers into segments based on browsing behavior (such as pages viewed and products clicked) and purchase history (such as past orders and product categories). This profiling is used to deliver more relevant advertisements and marketing communications through our advertising partners.

You can opt out of marketing emails at any time using the unsubscribe link in our emails or by contacting us at [email protected]. You can also control whether advertising partners receive data about your browsing activity by adjusting your cookie consent preferences (see Section 10).

We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you, as described in GDPR Art. 22.

7. Who we share your data with (Recipients / Partners)

We share personal data only as needed to operate the Store, provide services to you, comply with law, and run marketing/analytics. Depending on your interactions and settings (including cookie/consent settings), recipients include:

  • Ecommerce platform / hosting: Shopify (our Store is powered by Shopify). Shopify acts as a data processor on our behalf under a Data Processing Agreement in accordance with GDPR Art. 28.
  • Payment processing: Shopify Payments, Skrill, and Przelewy24. Payment providers act as independent data controllers for the purpose of processing your payment.
  • Shipping and logistics: carriers and logistics partners to deliver orders.
  • Email marketing and customer communications: Klaviyo.
  • Analytics and advertising partners: Meta, Google, TikTok, and Pinterest (e.g., pixels/ads/measurement tools), used only if you have given your consent via the cookie banner.
  • Analytics and attribution: Triple Whale (marketing analytics and attribution), used to measure Store performance and the effectiveness of our marketing. Where this relies on non-essential cookies or similar technologies, it is used only with your consent (see Section 10).
  • IT and operational service providers: hosting, security, analytics, and other tools that process data on our behalf under appropriate Data Processing Agreements (GDPR Art. 28).
  • Authorities / legal parties: where required by law or valid legal process, or to protect rights and prevent fraud/abuse.

8. International transfers (outside the EEA/UK)

Some of our service providers process personal data outside the European Economic Area. In particular:

  • Canada (Shopify): The European Commission has issued an adequacy decision for Canada (for recipients subject to PIPEDA), meaning Canadian data protection is considered equivalent to the EU standard.
  • United States (Meta, Google, TikTok, Pinterest, Klaviyo, Triple Whale): Where the recipient is certified under the EU-US Data Privacy Framework (DPF), we rely on the European Commission's adequacy decision for the DPF. For recipients not certified under the DPF, or where otherwise required, we rely on the European Commission's Standard Contractual Clauses (SCCs) and assess the level of data protection in the recipient country, implementing supplementary measures where necessary to ensure an adequate level of protection for your personal data.

9. How long we keep your data (Retention)

We keep personal data only as long as necessary for the purposes described in this Policy. In practice:

  • Orders and customer support: we keep order-related information for as long as needed to fulfill the order and handle returns, complaints, and disputes, and then for the period required or justified by legal obligations or limitation periods.
  • Legal/tax records: we retain information for the period required by applicable law (in Poland, accounting and tax records must be kept for 5 years from the end of the calendar year in which the tax obligation arose, in accordance with the Accounting Act and tax regulations).
  • Fraud prevention and security: we may retain certain data for up to 3 years to protect the Store and customers, unless a longer period is justified by ongoing proceedings.
  • Marketing (email): we keep marketing-related data until you withdraw consent/unsubscribe, unless we need to keep minimal evidence of consent/unsubscribe status to comply with law.
  • Cookies/analytics/ads: retention depends on the cookies/technologies used and your consent settings; details may be shown in the cookie banner/settings.

10. Cookies and similar technologies

We use cookies and similar technologies for: (1) Store functionality and security, (2) analytics and performance measurement, and (3) marketing and advertising.

When you visit the Store, cookie choices are presented through a cookie consent banner. Analytics and advertising cookies/pixels (including those associated with Meta, Google, TikTok, Pinterest, and Triple Whale) are used only if you give your consent via the cookie banner. Your choices affect whether these partners receive data via cookies/pixels. You can withdraw your cookie consent at any time through the cookie settings accessible on our website. Disabling non-essential cookies will not affect the core functionality of the Store.

11. Your rights (GDPR)

You have the right to request:

  • Access to your personal data, and a copy of it
  • Correction of inaccurate data
  • Deletion of data (in certain cases)
  • Restriction of processing (in certain cases)
  • Data portability (in certain cases)
  • Objection to processing based on legitimate interests (including direct marketing)
  • Withdrawal of consent at any time (where processing is based on consent)

To exercise your rights, contact us at [email protected]. We may need to verify your identity before completing your request.

12. How long we take to respond to rights requests

We will act on your request without undue delay and, in any event, within 1 month of receiving it. For particularly complex requests or where we receive a large number of requests simultaneously, we may extend the response time by up to 2 additional months (total up to 3 months). If we extend, we will inform you within the initial 1 month and explain the reasons for the delay.

13. Complaints to a supervisory authority

If you believe we process your personal data unlawfully, you have the right to lodge a complaint with the relevant supervisory authority. In Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO), ul. Moniuszki 1A, 00-014 Warszawa, https://uodo.gov.pl. If you are located in another EU/EEA country, you may also lodge a complaint with the supervisory authority in your country of residence.

14. Security

We use appropriate technical and organizational measures to protect personal data.

15. Children

The Store is intended for persons aged 16 and over. We do not knowingly collect personal data from children under 16 years of age. If you believe a child under 16 has provided us personal data without appropriate authorization, contact us at [email protected] and we will delete such data promptly.

16. Shopify relationship

The Store is hosted by Shopify. Shopify may collect and process personal information about your access to and use of the Store to provide and improve Shopify services. Shopify processes this data under a Data Processing Agreement with us. To learn more about Shopify's processing, you can review Shopify's consumer privacy information here: https://www.shopify.com/legal/privacy.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is published on our website and the "Last updated" date indicates when changes were made.

18. Contact

Questions or requests about privacy should be sent to [email protected]. You also have the right to contact the supervisory authority (UODO) directly — see Section 13.