Privacy Policy
MARCOSHOES.COM
Privacy Policy version 2.0 effective from March 3, 2026
§ 1 GENERAL INFORMATION
1. The Online Store's Privacy Policy does not create obligations for the Visitor (including Guests) and Customer of the Online Store. It is for informational purposes only, and is not a contract or terms and conditions.
2. All phrases and words written with a capital letter (e.g., Online Store, Customer, etc.) should be understood in accordance with the Online Store's Terms and Conditions.
3. In the event of any discrepancies between this Privacy Policy and the consents for personal data processing granted by a natural person, the legal basis for determining the scope of the Administrator's actions shall be voluntarily expressed consents or legal provisions applicable in the given factual situation.
§ 2 PERSONAL DATA ADMINISTRATOR
1. The administrator of your personal data is: Marco Shoes Sp. z o.o. with its registered office in Radom at ul. Władysława Malawskiego 5, 26-617 Radom, registered in the District Court for the capital city of Warsaw in Warsaw, XIV Commercial Division of the National Court Register under KRS number: 0000802768, NIP: 7962992540, REGON: 38430079900000, BDO: 000601899, share capital: PLN 3,264,000.00 (hereinafter: Administrator).
2.
For all matters related to personal data protection, please contact us via e-mail: office@marcoshoes.com.
3. You can also send a request to this address to access information about what personal data we hold about you and for what purposes we process it.
4. The Administrator informs that it stores correspondence for statistical purposes and to improve the GDPR assistance system, as well as for resolving complaints and making any decisions based on reports. The addresses and data collected in this way will not be used for communication for purposes other than the execution of the report, in particular, they will not be used for marketing purposes and will not be transferred to third parties.
5. In the event of contact with the Administrator for specific actions (e.g., filing a complaint, making a return), the Administrator may ask the person again to provide data, including personal data, e.g., in the form of name, surname, residential address, e-mail address, to confirm their identity and enable return contact in the matter and perform the requested action. Providing this data is not mandatory, but it may be necessary to perform actions or obtain information that interests the person.
6. If you have given additional consent for us to use cookies, the administrators of the data obtained based on your internet activity may also be our trusted partners.
§ 3 DATA ACQUISITION AND PURPOSE OF PROCESSING
1. We process personal data in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: GDPR) and other currently applicable personal data protection laws at the time of processing specific data.
2. In accordance with the content of the indicated legal acts, personal data is understood as information about an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3. We ensure that the data obtained from you is confidential, secure and processed only when necessary. We process data lawfully, fairly and transparently for the data subject. We process only such data and only with such content as is necessary for a legally legitimate purpose, i.e., the reason for processing. Personal data is collected with due diligence and adequately protected against access by unauthorized persons. We apply appropriate and adequate security measures and technical knowledge to protect personal data from accidental loss and unauthorized access, use, alteration, or disclosure. We store personal data in a way that allows identification of the data subject for no longer than is necessary for the purposes for which the data is processed.
4. The Administrator obtains personal data information in the following ways:
a) through the Customer's purchase in the Online Store or the conclusion of another agreement with the Seller;
b) by registering a Customer Account;
c) through voluntary subscription to the Newsletter service;
d) through voluntarily entered information in an email, chat window, or contact form;
e) by sending a complaint, warranty claim, inquiry, question, or other type of correspondence;
f) by voluntarily entered information in an email sent in connection with the desire to establish cooperation;
g) by posting a review of a Product or the purchasing process;
h) by concluding another agreement, e.g., regarding the provision of services, within the Online Store;
i) through cookies, pixels, or similar internet technologies.
5. We inform that the purpose and scope of data processed by the Administrator result from the consent of the Website Visitor or Customer or legal provisions and, in selected cases, are specified as a result of actions taken by these individuals in the Online Store or through other communication channels.
6. Providing personal data by the Visitor or Customer of the Online Store is voluntary, but necessary to use certain functionalities of the Online Store (e.g., placing and settling an Order by the Customer, registering a Customer Account, or using contact forms).
7. Each time, the scope of data required to conclude an appropriate agreement is indicated in advance in the Online Store (we mark the data that must be provided to conclude the agreement/use a specific functionality), through other communication channels with the Visitor or Customer, or in the Regulations. Failure to provide personal data may result in the inability to effectively use the Website's functionalities, e.g., the inability to place an order.
8. Your personal data is acquired by the Administrator for the following purpose:
Purpose
of processing
Legal
basis
Legitimate
purpose, if any
Keeping statistics.
Article 6(1)(f) GDPR.
Having information about the statistics of our activities, which allows us to improve our business operations.
Conducting
marketing activities for own products and services without using electronic
communication means.
Article 6(1)(f) GDPR.
Conducting marketing activities promoting the business.
Customer Account management.
Article
6(1)(b) GDPR.
Conclusion and execution of the Service Agreement (Account) or taking action at the request of a future Customer before its conclusion.
Conducting
marketing activities for own products and services using electronic communication
means, including profiling.
Article 6(1)(f) GDPR, provided that these activities, due to other applicable provisions,
in particular the Electronic Communications Law and the Act on the provision of electronic services, are carried out only on the basis of possessed consents (Article 6(1)(a) GDPR).
Conducting marketing activities promoting the business using email addresses. Presenting advertisements, adjusting discounts and promotions.
Posting a review by a natural person
in the Online Store.
Article 6(1)
(a) GDPR.
Product satisfaction survey.
Handling
inquiries sent via chat, contact form,
e-mail, complaints, other requests.
Article 6(1)(a) GDPR;
Article 6(1)(f) GDPR;
Article 6(1)(c) GDPR.
Responding to inquiries and questions sent via chat or in other forms, including storing sensitive requests and responses for accountability purposes. Handling requests, responding to consumer complaints. Pursuing claims, including against third parties, defending against them.
Conclusion and execution of the Sales Agreement
or another agreement
Article 6(1)(b) GDPR.
Conclusion and
execution of the agreement or taking action at the request of a future Customer
before its conclusion.
Archiving
sales documents.
Article 6
(1)(c) GDPR.
Fulfillment of legal obligations resulting from regulations, e.g., tax and accounting, especially in the case of paid contracts.
Contacting the Customer after purchase to invite them to leave a review or participate in a satisfaction survey
Article 6(1)(f) GDPR
Actions taken by the Administrator to improve the quality of services provided and analyze the usefulness of the offered assortment.
9. In the case of an adult Customer or an adult Website Visitor, with their additional consent, Personal Data may also be processed for the purpose of presenting, creating, granting, and implementing dedicated advertisements, offers or promotions (discounts) for products or services of the Administrator and its partners, adjusted as much as possible to their preferences (profiling), as a result of automated decision-making, which may produce legal effects concerning them or similarly significantly affect them, e.g., by means of a short-term discount on a specific product that they recently viewed in our Online Store, dedicated exclusively to such a person (option unavailable for persons who are not adults or are adults but have not consented to such action).
10. Newsletter. If you wish to subscribe to our newsletter, you must provide us with your email address via the newsletter subscription form. Providing data is voluntary, but necessary to use the newsletter service. Newsletter subscription is also possible when creating a Customer Account.
The data provided to us during newsletter registration is used to send the newsletter, which informs about company activities, current collections, promotions, and discounts. The legal basis for processing in this situation is your voluntary consent expressed when subscribing to the newsletter.
Your data in this case is processed for the purpose of periodically sending the newsletter, and the basis for processing is Article 6(1)(a) GDPR, i.e., your consent resulting from the desire to receive the service.
The data will be processed for the duration of the newsletter's operation, unless you unsubscribe earlier, which will result in the permanent deletion of your data from the database. Furthermore, you can rectify your data stored in the newsletter database at any time, as well as request its deletion by unsubscribing from the newsletter. You also have the right to data portability, as provided in Article 20 GDPR.
The newsletter database is properly secured by the Administrator. The newsletter database is handled by an external entity. The emails sent contain links to hidden images (so-called tracking pixels). In addition to its basic function of counting email opens, it optionally also serves to identify the Customer and conduct marketing activities.
11. Email contact, contact form, chat. By contacting us via email or the contact form, you provide us with your email address as the sender's address. Additionally, you may include other personal data in the message. Providing data is voluntary, but necessary to contact us.
Your data in this case is processed for the purpose of contacting you, and the basis for processing is Article 6(1)(a) GDPR, i.e., your consent resulting from the desire to contact us. The legal basis for processing after the contact ends is a legitimate interest in the form of archiving correspondence for internal purposes (Article 6(1)(f) GDPR).
The content of the correspondence may be archived and we cannot definitively state when it will be deleted, however, this will not be longer than 3 years. You have the right to request access to the history of correspondence you have had with us (if it was archived), as well as to request its deletion, unless its archiving is justified due to our overriding interests.
12. Reviews. To add your review of a Product, you must fill out the appropriate form.
Your data in this case is processed to enable the posting of Reviews, and the basis for processing is Article 6(1)(a) GDPR, i.e., your consent resulting from the desire to post your entry on our website, and with regard to the request for a Review, we act on the basis of our legitimate interest, which is the desire to know your opinion about our Online Store or the Products offered.
The data will be processed for the duration of the review's presence on the Website, unless you request the deletion of the review earlier, which will result in the deletion of your data associated with the review from the database.
You can correct your data in the review at any time, as well as request its deletion. You also have the right to data portability, as provided in Article 20 GDPR.
13.
Customer
Account.
When creating a Customer Account
on our Website, you provide us with your email address, first and last name, correspondence address, and phone number.
This is voluntary, but necessary to successfully register a Customer Account. Then, in the Customer Panel, you can also provide address data, first and last name, and phone number. Your data in this case is processed for the purpose of maintaining the Customer Account, and the basis for processing is Article 6(1)(b) GDPR. The data will be processed for the duration of having the Customer Account, unless you request its deletion earlier, which will result in the deletion of your data from the database. You can correct your data assigned to the Customer Account at any time, as well as request its deletion. You also have the right to data portability, as provided in Article 20 GDPR. When creating a Customer Account, you may - but are not required to - consent to subscribe to the Newsletter service.
14. Satisfaction surveys.
The Administrator may send customers (to their e-mail address), after order fulfillment, a survey to assess satisfaction with products and the purchasing process on the Administrator's website. The Seller guarantees that the answers provided in the survey do not affect the content of future contracts concluded with customers.
As part of the process of sending satisfaction surveys
to Customers after a fulfilled order, the Administrator uses the TrustMate tool – provided by TrustMate S.A. ul. Bartoszowicka 3, 51-641 Wrocław (KRS: 0000737597). Information on personal data protection in TrustMate can be found here: https://trustmate.io/user-regulations.
§ 4 CATEGORIES OF PERSONAL DATA
1. The personal data administrator may process the following categories of personal data:
a) personal data provided in the form when setting up a Customer Account, placing Orders in the Online Store, in particular: e-mail address, first name and last name, telephone number;
b) personal data necessary to place an Order or provided for the purpose of using other Administrator services, in particular: first name and last name; e-mail address; contact telephone number; residential address [street, house number, apartment number, postal code, city, country], and in the case of Customers who are not consumers, additionally the company name and tax identification number [NIP];
c) personal data provided for the purpose of using the Newsletter, provided when using chat and the contact form, posting reviews and sent via e-mail; or transmitted when submitting complaints, grievances or requests, in particular: first name and last name; e-mail address; contact telephone number; address [street, house number, apartment number, postal code, city, country], bank account number;
d) personal data provided for the purpose of using Administrator's services other than the sales agreement, in particular advisory services, such as: first name and last name, e-mail address, telephone number and other data provided during contact, e.g., image;
e) personal data provided for the purpose of participating in contests/promotional campaigns: first name and last name; e-mail address; contact telephone number; residential address [street, house number, apartment number, postal code, city, country];
f) other data, in particular obtained based on the Customer's Internet activity, including those obtained through the Online Store or other communication channels with the Customer, using cookies and similar technologies.
§ 5 RECIPIENTS OF PERSONAL DATA
1. Your personal data may be processed by our partners and subcontractors, i.e., entities whose services we use for data processing and providing services to you. To our knowledge, all entities to whom we entrust personal data processing guarantee the application of appropriate personal data protection and security measures required by law.
2. Your personal data may be transferred by the Administrator to:
a) state authorities or other entities authorized by law, for the purpose of fulfilling our obligations;
b) partners of the Administrator may participate in the processing of personal data to a limited extent, in particular those who technically help to efficiently operate the Online Store (e.g., they support us in sending e-mails, and in the case of advertising activities - also in marketing campaigns), providers of hosting services or ICT services, carriers or intermediaries carrying out Order shipments, entities handling electronic payments or credit card payments in the Online Store, companies that service software, support the Administrator in marketing campaigns, as well as providers of legal and advisory services and external accounting;
c) in addition, we may share fully anonymized data (data that cannot identify you) with entities with whom we cooperate.
3.
As part of
its marketing (advertising) activities, the Administrator uses the services of
third parties who use cookies, pixels, or marketing functions similar to
cookies in the Online Store. The catalog of these entities is detailed in § 8
of this Policy.
4.
Additionally,
to ensure certain services, the Administrator uses the services of external
entities that may process Customer and User data, e.g.:
a) TrustMate S.A. with its registered office in Wrocław, at ul. Bartoszewicka 3, entered into the register of entrepreneurs by the District Court for Wrocław-Fabryczna, VI Commercial Division of the National Court Register, under number: 0000737597, NIP: 8971854393, REGON: 36998075100000, share capital: PLN 2,923,170.00;
b) Klaviyo Inc. with its registered office at 225 Franklin St., Boston, Massachusetts 02110, United States of America, which has obtained positive verification and entry on the Data Privacy Framework list;
c) Samba.ai Sp. z o.o. with its registered office in Wrocław at ul. Odrzańska 24-29/34, (50-114) entered into the register of entrepreneurs by the District Court for Wrocław-Fabryczna in Wrocław, VI Commercial Division of the National Court Register, under KRS number: 0001008528, NIP: 8971915781, REGON: 52394901500000 with a share capital of PLN 10,000.00.
§ 6 PERSONAL DATA ARCHIVING
1. The Administrator will store your personal data only as long as necessary for the purposes specified in this Privacy Policy and/or to comply with legal and regulatory requirements. After this period, the Administrator will securely delete your personal data.
2. We store data for the periods indicated below:
Data related to the sales procedure.
10 years
Data for marketing purposes.
In the case of
data processing based on consent – until its withdrawal.
In the case of
data processing based on a legitimate interest – until an objection is raised.
Data transmitted using chat, contact form,
e-mail.
For a period of 3 years to ensure
accountability.
Data contained in reviews.
In the case of
data processing based on consent – until its withdrawal. In the case of
data processing based on a legitimate interest – until an objection is raised.
Personal data associated with cookies and similar functions.
Until these files are deleted
using the website/browser/device settings (however, deleting files is not
always equivalent to deleting Personal Data obtained through these files – in
such cases, personal data will be processed until an objection is raised).
Data transmitted during the complaint procedure and other
procedures related to the Customer's claims.
6 years.
Other category of data (except for data from cookies, about
which more in our Cookies Policy).
5 years.
3. In each case, personal data will also be stored when legal provisions (e.g., accounting or tax) oblige the Administrator to process them; we will store personal data longer in case the Customer has any claims against the Administrator, for the Administrator to pursue claims, or for the purpose of pursuing or defending against claims of third parties, for the period of their limitation specified by law, in particular the civil code.
4. Depending on the scope of personal data and the purposes of its processing, it may therefore be stored for different periods. In each case, the longer data storage period applies.
§ 7 RIGHTS, ACCESS AND UPDATING OF PERSONAL DATA, COMPLAINTS
In accordance with Article 15 of the GDPR, you have the right to obtain information from the Personal Data Administrator as to whether your personal data is being processed.
If the Administrator
processes your personal data, then you have the right to:
a) access personal data;
b) obtain information about the purposes of processing, categories of personal data processed, recipients or categories of recipients of such data, the planned period of storage of your data or the criteria for determining this period, your rights under the GDPR and the right to lodge a complaint with a supervisory authority, the source of this data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of this data outside the European Union;
c) obtain a copy of your personal data.
Furthermore, you may request the rectification of your personal data (Article 16 GDPR), the erasure of personal data (Article 17 GDPR), object to the processing of personal data (Article 21 GDPR), and, if technically feasible, request the transfer of your provided personal data to another organization (Article 20 GDPR).
In connection with the right to be forgotten, the Administrator will update or delete your data, unless there is a legal obligation to retain it for business purposes or to comply with the law. In some cases, you have the right to request restriction of personal data processing (Article 18 GDPR). You can also contact the Administrator if you have any objections to how personal data is collected, stored or used.
The Administrator endeavors to
process all requests regarding the above operations on your personal data
immediately, but no later than 30 days from the date of receiving the request.
Due to the complex nature of the request, the Administrator has the right to
process your requests within a period exceeding 30 days, about which the User
will be informed in advance.
The Administrator aims to resolve complaints definitively, but if you remain dissatisfied with the response, you may file a complaint with the supervisory authority responsible for personal data protection. In Poland, the supervisory authority within the meaning of the GDPR is the President of the Personal Data Protection Office.
§
8 AUTOMATED PROCESSING OF PERSONAL DATA,
COOKIES POLICY
1. Our Website, like almost all other websites, uses cookies. The cookie policy applies to both Online Store Customers and Online Store Visitors, i.e., users who browse the Store's content but do not make purchases.
2. The cookie policy is a document that forms an integral part of this Privacy Policy. The content of the cookie policy can be found here - link.
3. The Website also uses functionalities similar to cookies. Therefore, individual provisions of the Cookie Policy should also apply accordingly to these technologies.
4. Selected cookies process your personal data. The processing of personal data from cookies or similar technologies on our Website is carried out for the purpose of ensuring the Website's operation, adapting the Website to the preferences of the Visitor and Customer, and for analytical purposes. Processing is based on our legitimate interest. The legal basis for processing personal data for advertising purposes will be your additional consent, expressed by making a choice and checking the checkbox during the cookie consent process.
5. When a Visitor uses the Online Store, cookies that allow the identification of their browser or device are used – cookies collect various types of information, which, as a rule, do not constitute personal data. However, some information, depending on its content and how it is used, may be linked to a specific person – assigning certain behaviors to a specific Visitor or Customer, e.g., by linking them to data provided during Customer Account registration in the Online Store, or a specific e-mail address – and thus be considered personal data.
6. With regard to information collected by cookies that can be linked to a specific person, the provisions of the Online Store's Privacy Policy relating to personal data apply, in particular regarding the rights of the data subject.
7. The website uses profiling. Thanks to cookies used in the Online Store, the Administrator can learn about the preferences of the Visitor/Customer – e.g., by analyzing how often they visit the Online Store and whether and what products they buy. Analyzing online behavior helps to better understand the habits and expectations of Customers and Visitors and adapt to their needs and interests. Thanks to this technology, it is possible to present Visitors with advertisements tailored to their needs and interests and to prepare better promotions and surprises for adult Visitors who have consented to it.
§
9 CHANGES TO THE PRIVACY POLICY
1. These Privacy Policy 2.0 rules are effective from March 3, 2026.
2. The Administrator declares that it has the right to make changes to this document for important reasons, including:
a)
changes
in applicable regulations, particularly regarding the GDPR, electronic communications law, services provided electronically, and consumer rights, affecting the rights and obligations of the Administrator or the rights and obligations of the data subject;
b)
development
of functionalities or electronic services caused by advances in internet technology, including the implementation of new IT, technological, or technical solutions on the Website, affecting the scope of this Privacy Policy.
3. The Administrator undertakes to inform Users of any changes with appropriate advance notice, allowing them to familiarize themselves with the content of the amended document, e.g., by placing the consolidated text of the Privacy Policy on the Website's homepage.
4. In the case of users using the Newsletter function, if the Administrator makes significant changes to the content of the Privacy Policy, it will inform users about them by e-mail. In the event of any objections to the change in the Policy, the User has the right to stop using the Newsletter by sending a request to unsubscribe from the Newsletter or by requesting the deletion of their personal data.
Previous
versions of the Privacy Policy:
Privacy
Policy 1.0 effective from January 1, 2021 to March 3, 2026