Privacy policy
Last updated: 9 February 2026
This Privacy Policy defines the principles for the processing of personal data by Esencja Zapachu, operating through the website available at esencjazapachu.com (hereinafter: the “Website”, the “Controller”, “we”). This document applies to all natural persons using the Website, services provided through it, making purchases, or contacting the Controller in connection with the operation of the Website (collectively: the “Services”).
For the purposes of this Privacy Policy, a “User” means any natural person whose personal data is processed by the Controller, regardless of whether they are a customer, account holder, or a visitor to the Website.
Changes to the Privacy Policy
The Controller reserves the right to amend this Privacy Policy, in particular in the event of changes to applicable law, the scope of business activity, applied technologies, or the functioning of the Website. The updated Privacy Policy is published on the Website together with its effective date.
Scope and purposes of personal data processing
The Controller processes Users’ personal data for the purpose of providing Services, performing sales contracts, handling orders, managing user accounts, responding to inquiries and complaints, fulfilling legal obligations, as well as for security purposes and preventing abuse.
The scope of processed personal data depends on how the User uses the Website.
Personal data provided by the User
The Controller processes personal data provided directly by the User, in particular identification and contact data, address data, order and payment data, user account data, and the content of correspondence with the Controller.
Providing personal data is voluntary; however, failure to provide such data may prevent the conclusion of a contract or the use of certain Website functionalities.
Data processed automatically
While using the Website, the Controller processes automatically collected data, including IP address, end device data, web browser, operating system, and information about activity on the Website. This data is processed in particular to ensure the proper functioning of the Website, its security, statistical analysis, and optimization of Services.
For the purpose of analyzing how the Website is used and optimizing it, the Controller uses the Hotjar analytics tool, belonging to Contentsquare S.A.
The Hotjar tool enables analysis of User behavior on the Website, including interactions with its elements, such as clicks, page scrolling, and navigation patterns. This data is collected in an anonymized manner and is not used to identify Users.
The Controller applies automatic data masking mechanisms that prevent the recording of Users’ personal data, in particular data entered into forms and on checkout pages.
Data obtained from third parties
The Controller may receive Users’ personal data from third-party entities such as e-commerce platforms (e.g., Shopify), payment operators, delivery companies, analytics and marketing service providers. Such data is processed in accordance with this Privacy Policy.
Legal basis for data processing
Personal data is processed in accordance with Article 6(1) of the GDPR, in particular:
for the performance of a contract or taking steps prior to entering into a contract (point b),
for compliance with legal obligations imposed on the Controller (point c),
for the purposes of legitimate interests pursued by the Controller, such as ensuring Website security, handling inquiries, or pursuing claims (point f),
based on the User’s consent – where such consent has been given (point a), in particular for marketing purposes and the use of marketing cookies.
Marketing
Users’ personal data may be used for marketing purposes only on the basis of granted consent or within the limits permitted by law. The User has the right to withdraw consent to the processing of personal data for marketing purposes at any time, without affecting the lawfulness of processing carried out before withdrawal.
Cookies
The Website uses cookies to ensure its proper functioning, conduct statistical analysis, and – upon User consent – for marketing purposes. Cookies necessary for the functioning of the Website are used based on the Controller’s legitimate interest.
The User may manage cookies through their web browser settings and via the consent management tool available on the Website. Detailed information regarding cookies used by Shopify is available on the Shopify website.
Sharing of personal data
Personal data may be transferred to entities processing data on behalf of the Controller, in particular IT service providers, payment operators, accounting firms, courier companies, and marketing service providers. Personal data may also be disclosed to public authorities where required by law.
The Controller does not sell Users’ personal data.
Data concerning children
The Services are not intended for individuals under the age of 16. The Controller does not knowingly process children’s personal data.
Data security and retention period
The Controller applies appropriate technical and organizational measures to protect personal data. Personal data is stored for the period necessary to achieve the purposes of processing or for the period required by applicable law.
User rights
The User has the right to access their data, rectify it, erase it, restrict processing, transfer data, object to processing, withdraw consent at any time, and lodge a complaint with the President of the Personal Data Protection Office.
Transfer of data outside the European Union
In the event of transferring personal data outside the European Union, the Controller ensures appropriate safeguards provided under the GDPR, in particular standard contractual clauses or transfers to countries deemed to provide an adequate level of protection.
Data Controller and contact
The data controller is:
EUROTOM Tomasz Parzybót
ul. Olimpijczyków 13a/14
42-612 Tarnowskie Góry
NIP: 6262411196
REGON: 276417482
Contact regarding personal data protection:
Email: esencjazapachu@op.pl
Phone: 501 747 679