At cswbk.com (operated by Daniel Szczygielski, with a registered address at Jana Olbrachta 112/110, 01-373 Warszawa PL), we are committed to protecting the privacy and personal information of all users who access our website (https://cswbk.com/) and purchase our children’s toys. This Privacy Policy outlines how we collect, use, store, disclose, and safeguard your personal information, in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. By using our website or services, you acknowledge that you have read, understood, and agree to the practices described herein.​

1. Information We Collect​

We only collect personal information that is necessary to provide our services, process orders, and enhance your shopping experience. The information we collect falls into two categories: information you voluntarily provide, and information automatically collected during your use of our website.​

1.1 Information You Voluntarily Provide​

  • Account Registration Information: When you create an account on cswbk.com, we collect your full name, email address, and a password (which is encrypted for security). This information allows us to authenticate your account, track your order history, and provide personalized services (e.g., saving your shipping preferences).​
  • Order and Payment Information: To process your purchases, we collect details such as your shipping address (including the option to save addresses for future orders), billing address, phone number (to facilitate delivery updates), and payment method details (e.g., credit card number, debit card information, or digital wallet credentials). Note: We do not store full payment card information—this data is securely processed by our third-party payment service providers (e.g., Stripe, PayPal) in compliance with Payment Card Industry Data Security Standard (PCI DSS).​
  • Communication Information: When you contact our customer service team (via email at service@cswbk.com, contact forms, or other channels), we collect your name, email address, and the content of your inquiry (e.g., order issues, product questions, feedback). This helps us respond to your needs effectively and maintain a record of our communication.​
  • Newsletter and Marketing Consent: If you opt to subscribe to our newsletter or marketing communications, we collect your email address to send updates about new children’s toy releases, exclusive promotions, and playtime tips. You can unsubscribe at any time (see Section 5.3 for details).​

1.2 Automatically Collected Information​

  • Log Data: When you visit our website, our servers automatically collect standard log data, including your IP address, browser type and version (e.g., Chrome, Safari), operating system (e.g., Windows, macOS), the pages you view on cswbk.com, the time and date of your visit, the duration of your session, and the links you click. This data helps us analyze website traffic, identify technical issues, and improve the performance and usability of our platform.​
  • Cookies and Similar Technologies: We use cookies, web beacons, and pixel tags to enhance your browsing experience. Cookies are small text files stored on your device that allow us to:​
  • Remember your account login status (so you don’t have to re-enter credentials on every visit);​
  • Save your shopping cart items;​
  • Track your browsing behavior to personalize product recommendations (e.g., suggesting 3D-printed action figures based on your past views);​
  • Measure the effectiveness of our marketing campaigns.​

You can manage cookie preferences through your browser settings (e.g., blocking non-essential cookies), but disabling certain cookies may limit functionality (e.g., preventing you from saving items to your cart).​

  • Device Information: We may collect details about the device you use to access our website, such as the device model, screen resolution, and mobile network provider. This helps us optimize our website for different devices (e.g., ensuring it works smoothly on smartphones for on-the-go shopping).​

2. How We Use Your Information​

We use your personal information only for legitimate purposes, as outlined below, and in accordance with applicable laws:​

2.1 To Fulfill Orders and Provide Services​

  • Process and ship your purchases (e.g., using your shipping address to deliver children’s toys to your doorstep);​
  • Send order updates (e.g., confirmation emails, shipping notifications with tracking links);​
  • Handle returns, exchanges, or refunds (refer to our Refund Policy for details);​
  • Communicate with you about order-related issues (e.g., delays, missing items) via email or phone.​

2.2 To Enhance User Experience and Personalize Services​

  • Customize your website experience (e.g., showing product recommendations based on your browsing or purchase history, such as suggesting monster truck playsets if you previously bought action figures);​
  • Maintain and improve our website (e.g., using log data to fix broken links or optimize page load times);​
  • Save your preferences (e.g., shipping addresses, language settings) to streamline future purchases.​

2.3 To Communicate With You​

  • Respond to your customer service inquiries (e.g., answering questions about a bubble machine’s safety features);​
  • Send transactional emails (e.g., order confirmations, password reset links)—these are essential for using our services and cannot be unsubscribed from;​
  • Send marketing communications (e.g., newsletter updates, exclusive discounts) only if you have given explicit consent. You can unsubscribe at any time (see Section 5.3).​

2.4 To Ensure Security and Prevent Fraud​

  • Verify your identity when you log in to your account or make changes to sensitive information (e.g., updating your payment method);​
  • Detect and prevent fraudulent activities (e.g., identifying unusual order patterns that may indicate stolen payment details);​
  • Protect our website and users from cyber threats (e.g., using IP addresses to block malicious access attempts).​

2.5 To Comply With Legal Obligations​

  • Maintain records of orders and transactions for tax and accounting purposes (required by Polish and EU law);​
  • Disclose information if compelled by a court order, subpoena, or regulatory authority (e.g., responding to a request from Poland’s data protection agency, UODO).​

3. Information Sharing and Disclosure​

We do not sell, rent, or trade your personal information to third parties for marketing purposes. We only share your information with trusted third parties who assist us in providing our services, and these parties are contractually obligated to protect your data.​

3.1 Third-Party Service Providers​

  • Payment Processors: Companies like Stripe or PayPal process your payment information to complete transactions. They only receive the data necessary to process payments (e.g., order amount, last four digits of your card) and are prohibited from using it for other purposes.​
  • Shipping Carriers: We share your shipping address and order details with carriers (e.g., DHL, Poczta Polska) to deliver your children’s toys. These carriers use your information solely to fulfill delivery and provide tracking updates.​
  • Website and Marketing Tools: We use tools like Google Analytics (to analyze website traffic) and Mailchimp (to send newsletters). These tools may collect anonymized data (e.g., aggregated browsing patterns) but do not have access to your full personal information (e.g., email address) unless you have consented.​
  • Customer Service Platforms: Third-party tools (e.g., Zendesk) help us manage customer inquiries. They only access the information needed to assist with your request (e.g., your name and inquiry content).​

3.2 Legal Disclosures​

We may disclose your personal information if:​

  • We believe it is necessary to protect our rights, property, or safety, or the rights, property, or safety of other users (e.g., reporting fraud to authorities);​
  • We are required by law (e.g., complying with a court order or tax regulations);​
  • We are involved in a business transfer (e.g., merger, acquisition, or sale of assets). In such cases, we will ensure the new entity is bound by this Privacy Policy and continues to protect your data.​

4. Data Security​

We take the security of your personal information seriously and implement industry-standard measures to protect it from unauthorized access, disclosure, alteration, or destruction:​

  • Encryption: We use Secure Sockets Layer (SSL) encryption to protect data transmitted between your device and our website (you can verify this by checking for the “https://” prefix and padlock icon in your browser).​
  • Secure Storage: Personal information (e.g., account details) is stored on secure servers with firewalls and access controls (only authorized staff can access this data).​
  • Payment Security: As mentioned, we do not store full payment card information—this is handled by PCI DSS-compliant payment processors.​
  • Regular Audits: We conduct regular security audits and updates to address emerging threats (e.g., patching software vulnerabilities).​

While we strive to provide maximum security, no method of data transmission over the internet is 100% secure. We cannot guarantee absolute security, but we will take all reasonable steps to protect your information.​

5. Your Rights​

Under the GDPR and other applicable laws, you have the following rights regarding your personal information. To exercise these rights, please contact us at service@cswbk.com (see Section 8 for full contact details).​

5.1 Right to Access​

You have the right to request a copy of the personal information we hold about you (e.g., your order history, account details). We will provide this information free of charge within 30 days of your request, unless the request is excessive (in which case we may charge a reasonable fee).​

5.2 Right to Correction​

If your personal information is inaccurate or incomplete (e.g., an outdated shipping address), you have the right to request that we correct it. We will update the information promptly and confirm the correction to you.​

5.3 Right to Opt-Out of Marketing​

You can unsubscribe from marketing communications at any time by:​

  • Clicking the “unsubscribe” link at the bottom of any newsletter or promotional email;​
  • Emailing us at service@cswbk.com with the subject line “Unsubscribe from Marketing.”​

Unsubscribing will not affect transactional emails (e.g., order confirmations), which are essential for our services.​

5.4 Right to Erasure (“Right to Be Forgotten”)​

In certain circumstances (e.g., you no longer use our services, or we no longer need your data for the purposes for which it was collected), you have the right to request that we delete your personal information. We will comply with this request unless we are required by law to retain the data (e.g., for tax records).​

5.5 Right to Restriction of Processing​

You can request that we restrict processing your personal information (e.g., if you dispute the accuracy of the data) while we resolve the issue. During this period, we will only process the data for limited purposes (e.g., storing it securely).​

5.6 Right to Data Portability​

You have the right to receive your personal information in a structured, machine-readable format (e.g., a CSV file) so you can transfer it to another service provider (e.g., another online toy store). We will provide this data within 30 days of your request.​

6. Children’s Privacy​

Our website and products are intended for parents, caregivers, and other adults purchasing toys for children. We do not knowingly collect personal information from children under the age of 16. If we become aware that we have collected personal information from a child under 16 without verifiable parental consent, we will immediately delete that information. If you believe your child has provided us with personal information, please contact us at service@cswbk.com to request its deletion.​

7. Data Retention​

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:​

  • Account Information: We retain your account details (name, email address) until you request to delete your account, or for 2 years after your last activity (e.g., last purchase) (to comply with tax and warranty obligations).​
  • Order Information: We retain order records (shipping address, payment details, product purchased) for 7 years (required by Polish tax law).​
  • Marketing Consent: We retain your consent to marketing communications until you unsubscribe, or for 2 years after your last interaction with our marketing (e.g., last newsletter open).​
  • Automatically Collected Data: Log data and cookie information are retained for 6 months, unless we need to keep it longer to resolve technical issues or prevent fraud.​

After the retention period, we will either delete your data or anonymize it (so it can no longer be linked to you) for use in analyzing website performance or product trends.​

8. Changes to This Privacy Policy​

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technological developments. When we make significant changes, we will:​

  • Post the updated policy on our website (https://cswbk.com/) with a new “Last Updated” date;​
  • Notify you via email (if you have an account with us) or via a pop-up notice on our website (for users who visit after the update).​

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our website after the updated policy takes effect constitutes your acceptance of the changes.​

9. Contact Us​

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us:​

  • Postal Address: Daniel Szczygielski, Jana Olbrachta 112/110, 01-373 Warszawa PL​
  • Response Time: We will respond to your inquiry within 30 days (in compliance with GDPR requirements).​

If you are not satisfied with our response, you have the right to lodge a complaint with Poland’s data protection authority, the Office for Personal Data Protection (UODO), or your local data protection authority (if you are based outside Poland).