Politik om beskyttelse af persondata

Privacy Policy of UNWONTED Online Store

Including Article 13 GDPR Requirements

Last Updated: October 1, 2025
Effective Date: October 1, 2025

1. General Information

1.1 Nature of This Policy

This Online Store Privacy Policy (hereinafter referred to as the "Policy") is informative only, meaning that it is not a source of obligations for the Customers of the Online Store and it is not a contract nor terms and conditions.

1.2 Definitions

Any words, expressions and abbreviations appearing on this website and beginning with a capital letter (e.g., Seller, Online Store, Electronic Services) should be understood in accordance with the definitions laid down in the Online Store's Terms and Conditions available at unwonted.dk

1.3 Hierarchy of Consent

Should there be any doubts or discrepancies between the Policy and the consents granted by a given person, irrespectively of the provisions of the Policy, the voluntarily given consents or the provisions of law shall always be the basis for the Controller's actions or for the determination of the scope of actions by the Controller.

2. Personal Data Controller

2.1 Controller Identity

In line with our obligation resulting from Article 13 of the General Data Protection Regulation (EU) 2016/679 (GDPR), we hereby inform that the Controller of the personal data collected is:

UNWONTED sp. z o.o. (limited liability company)
Registered Office: ul. Słoneczna 2, 83-332 Dzierżążno, Poland
Tax ID (NIP): 5892097950
(hereinafter referred to as the "Controller")

2.2 Contact Information

You can contact the Controller in cases concerning personal data protection and the exercise of your rights:

The above contact details may also be used to contact the data protection officer.

2.3 Third-Party Controllers

In the case of additional consent, our trusted partners will also be the controllers of the data obtained on the basis of your online activity using technologies such as cookies.

3. Purpose and Legal Basis of Personal Data Processing

3.1 Categories of Personal Data

The Controller may process the following personal data:

  • Account and Order Data: Name and surname, email address, contact phone number, address (street, apartment number, postal code, town, country), alternative addresses, bank account number, and for business customers: company name and tax identification number

  • Communication Data: Information submitted in contact forms or while filing complaints

  • Transparency Data: Farm partnership information for traceability purposes, preferences for farm story sharing and product origin tracking

  • Sustainability Data: Environmental preferences and impact tracking data

  • Online Activity Data: Data obtained from your Internet activity or mobile applications, including data obtained through our Online Store using cookies or similar technologies

3.2 Processing Purposes

Contract Performance and Services

  • Account Management: Maintaining your Account for easy reordering, order history access, and consent management

    Legal basis: Article 6(1)(b) GDPR

  • Order Processing: Completing orders, confirming shipments, and related communications

    Legal basis: Article 6(1)(b) GDPR

Product Traceability and Transparency

  • Providing complete product traceability from farm to customer

  • Sharing farm origin information and sustainability impact data

    Legal basis: Article 6(1)(b) and 6(1)(f) GDPR

Legal Obligations

  • Receiving and handling complaints

    Legal basis: Article 6(1)(c) GDPR

  • Fulfilling tax and accounting obligations

    Legal basis: Article 6(1)(c) GDPR

Marketing and Communication

  • Presenting offers and promotions for alpaca duvets and sustainable products

    Legal basis: Article 6(1)(a) GDPR

  • Responding to customer enquiries

    Legal basis: Article 6(1)(a) GDPR

Analytics and Improvement

  • Analyzing customer activity to improve services and customize offers

    Legal basis: Article 6(1)(f) GDPR

Legal Protection

  • Exercise and defence of claims

    Legal basis: Article 6(1)(f) GDPR

Enhanced Personalization (with additional consent)

  • Creating highly customized offers through automated decision-making

    Legal basis: Article 6(1)(a) GDPR

3.3 Data Recipients

Personal data may be transferred to:

  • Service providers (courier services, accounting, legal services)

  • Alpaca farm partners (for traceability)

  • Sustainability certification bodies

  • Shopify Inc. (e-commerce platform provider)

  • IT infrastructure providers

  • Authorized state administration bodies (when legally required)

3.4 Legal Basis for Transfers

Each case of personal data disclosure is conducted on the basis of:

  • Consent given by the data subject

  • Data processing agreement

  • Legal obligation

3.5 Data Retention Periods

  • General Rule: No longer than 6 years from contract termination (per Article 118 of the Civil Code)

  • Specific periods listed in Section 8

3.6 External Links

Our website may contain links to other websites. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

4. Shopify Partnership and Data Processing

4.1 Shopify as Data Processor

Our Services are hosted by Shopify Inc., which acts as our data processor. Shopify processes information about your access to and use of our Services to provide and improve them for you.

4.2 Data Sharing

Information you submit will be transmitted to and shared with Shopify and third parties that may be located in countries other than where you reside.

4.3 Enhanced Features

We use certain Shopify enhanced features that incorporate data from your interactions with our Store, other merchants, and Shopify.

4.4 Shopify as Independent Controller

For enhanced features, Shopify may process personal information as an independent controller for specific purposes.

4.5 Shopify Privacy Rights

Learn more about how Shopify uses your personal information:

4.6 Shop App and Shop Pay

If you use Shop app or Shop Pay:

  • Order tracking information is shared with Shop

  • Payment details are processed by Shop Pay

  • Manage preferences in your device settings

5. Farm Partnership and Transparency Data

5.1 Information We Collect

As part of our commitment to complete product traceability:

  • Preferences for receiving farm stories and origin information

  • Interest in specific farm partnerships or sustainability initiatives

  • Participation in transparency programs

5.2 How We Use This Information

  • Provide complete traceability from Polish alpaca farms

  • Share relevant farm stories and partnership updates

  • Demonstrate positive impact on animal welfare and farmer livelihoods

  • Support circular economy and sustainability reporting

5.3 Legal Basis

  • Article 6(1)(b) GDPR (contract performance)

  • Article 6(1)(f) GDPR (legitimate interest in transparency and sustainability)

6. Rights of Data Subjects

6.1 Your Rights

You have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Delete data (right to be forgotten)

  • Restrict processing

  • Port your data to another service

  • Object to processing (Article 21 GDPR)

  • Lodge a complaint with supervisory authorities

6.2 How to Exercise Your Rights

Contact us at:

6.3 Response Time

We will respond within one month of receipt, or inform you if we need additional time.

7. International Data Transfers

7.1 Transfer Locations

Your Personal Data may be transferred outside the European Economic Area to:

  • United States of America

  • Israel

  • Other countries where service providers operate

7.2 Protection Measures

We ensure proper protection through:

  • Standard contractual clauses adopted by the European Commission

  • Contracts compliant with GDPR requirements

7.3 Your Right to Information

You may request a copy of the security measures applied for international transfers.

8. Data Retention

8.1 Retention Periods

We retain personal data for different periods:

Data Type

Retention Period

Account and transaction data

6 years from contract termination

Marketing consent data

Until consent is withdrawn

Farm traceability data

10 years to maintain product history

Cookies and analytics data

As specified in Cookie Policy

9. Profiling and Automated Decision-Making

9.1 How We Use Profiling

We may use automated processing to:

  • Customize product recommendations for sustainable luxury goods

  • Present relevant farm stories and transparency information

  • Provide personalized sustainability impact reports

9.2 Your Protection

This automated processing does not significantly affect your legal rights unless you've provided specific consent for enhanced personalization.

9.3 Your Rights

You have the right to:

  • Object to profiling

  • Request human intervention in automated decisions

10. Cookie Policy

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better shopping experience and enable website functionality.

10.2 Types of Cookies We Use

Cookie Type

Purpose

Legal Basis

Essential

Shopping cart, checkout, account access

Article 6(1)(b) - Contract

Analytics

Understanding visitor behavior (Google Analytics, Shopify Analytics)

Article 6(1)(a) - Consent

Marketing

Relevant advertisements and campaign measurement

Article 6(1)(a) - Consent

Preference

Remember choices and settings

Article 6(1)(f) - Legitimate Interest

10.3 Third-Party Cookies

Partners like Google, Facebook, and Shopify may place cookies on your device. These partners are independent data controllers for their cookie usage.

10.4 Managing Cookies

  • Browser settings: Control cookies through your browser

  • Cookie banner: Manage preferences on our website

  • Note: Disabling certain cookies may limit functionality

10.5 Legal Basis

  • Essential cookies: Article 6(1)(b) GDPR (contract performance)

  • Other cookies: Article 6(1)(a) GDPR (consent) or Article 6(1)(f) GDPR (legitimate interest)

11. Security Measures

11.1 Technical and Organizational Measures

We implement appropriate measures including:

  • SSL encryption for all data transmission

  • Secure payment processing through certified providers

  • Regular security assessments and updates

  • Access controls and staff training on data protection

11.2 Security Limitations

While we strive to protect your personal data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

12.1 Age Restrictions

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

12.2 Parental Action

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately so we can delete such information.

13. Changes to This Privacy Policy

13.1 Updates

We may update this Privacy Policy to reflect changes in:

  • Our practices

  • Legal requirements

  • Service offerings

13.2 Notification

For material changes, we will notify you by:

  • Email (if provided)

  • Website notice

13.3 Effectiveness

Changes become effective immediately upon posting the updated Privacy Policy.

14. Contact Information

14.1 Data Controller Contact

UNWONTED sp. z o.o.
ul. Słoneczna 2
83-332 Dzierżążno, Poland
Email: info@unwonted.dk

14.2 Supervisory Authority

You have the right to lodge a complaint with the Polish data protection authority:

Urząd Ochrony Danych Osobowych (PUODO)
ul. Stawki 2
00-193 Warszawa
Phone: +48 22 531 03 00

This Privacy Policy is effective as of October 1, 2025