Made to order
Finest fabrics from Italy • Wool fabrics from Germany
Crafted in our ateliers
  • EN
Select your language

Privacy

Privacy and Cookies Policy

Last updated: 3 November 2025

1. General Provisions

  1. This Privacy and Cookies Policy (hereinafter: the “Policy”) is for information purposes only, which means that it does not impose any obligations on you. Its purpose is to explain how we process your personal data and how we use cookies and similar technologies in the online store operated under the Atelier VON SCHÜTZ brand (hereinafter: the “Store” or the “Service”).
  2. The Policy implements the information obligations arising in particular from:
    1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”),
    2. the Polish Personal Data Protection Act of 10 May 2018,
    3. the Polish Act of 18 July 2002 on Rendering Electronic Services,
    4. the Polish Telecommunications Law Act of 16 July 2004,
    5. the Polish Consumer Rights Act of 30 May 2014.
  3. The use of the Service, including making purchases in the Store, is voluntary. Providing personal data is also voluntary; however, in some cases it is necessary for concluding and performing a contract or fulfilling legal requirements – more in section 8.

2. Data Controller and Contact Details

  1. The controller of your personal data is:
    Piotr Krawczyk Atelier VON SCHÜTZ
    ul. Słoneczna 5a
    42-713 Kochanowice, Poland
    NIP (Tax ID): 5751915145
    REGON: 543081245

    (hereinafter: the “Controller” or “we”).
  2. For matters related to the processing of personal data, you can contact us:
    - by e-mail: mail@vonschuetz.com
    - by post: to the registered office address with the note “personal data”.
  3. The Controller has not appointed a Data Protection Officer. All personal data matters are handled directly by the Controller.

3. Scope of Application of the Policy

  1. The Policy applies to the processing of personal data of:
    1. users visiting the Service,
    2. individual customers (B2C) making purchases in the Store,
    3. business customers (B2B) – natural persons conducting business activity and representatives / contact persons of companies and other entities,
    4. subscribers to the newsletter and other marketing communications,
    5. persons contacting us via the contact form, e-mail or other available online communication channels,
    6. persons posting reviews of products or the Store,
    7. candidates for cooperation / employment – if recruitment is carried out using the Service.
  2. The Policy applies to data of persons located in Poland and in other European Union / European Economic Area countries.

4. Categories of Data and Sources of Their Acquisition

  1. Depending on how you use the Service, we may process in particular the following data:
    - identification data: first name, last name, company name, tax ID (NIP) (for B2B),
    - address data: home address, delivery address, registered office address,
    - contact data: e-mail address, possibly other data provided in the message content; we currently do not provide telephone support,
    - order and payment data: information on ordered products, selected delivery and payment methods, payment status,
    - transactional data: purchase history, complaints, returns, correspondence regarding orders,
    - technical data: IP address, cookie identifiers, information about the device and browser, operating system, language settings, time zone, server logs,
    - marketing data: consents, objections, information on opening messages, clicks in the newsletter, interest in particular products,
    - data related to activity in the Service: visited subpages, visit time, clicks on links, way of using the Service’s functionalities,
    - recruitment data (if you apply): information from your CV, cover letter, education history, professional experience.
  2. We obtain data:
    - directly from you – via forms in the Service, when placing orders, in e-mail correspondence, as part of the newsletter, when using the Service,
    - indirectly – via analytical and marketing tools (e.g. after you consent to cookies),
    - in the case of B2B – additionally from public registers (e.g. CEIDG, KRS) or from the entity you represent.

5. Purposes, Legal Bases and Periods of Data Processing

5.1. Performance of the Sales Contract and Provision of Electronic Services

We process your data in order to:

  • conclude and perform the sales contract in the Store (B2C and B2B),
  • execute the order (including payment processing, delivery, returns),
  • provide electronic services (e.g. maintaining a customer account, operating the shopping cart, enabling the functionalities of the Service).

Legal basis: Article 6(1)(b) GDPR (necessity for the performance of a contract or taking steps at your request prior to entering into a contract).

Processing period: for the duration of the contract (e.g. order execution), and thereafter for the limitation period for claims arising from that contract – as a rule, up to 6 years.

5.2. Handling Correspondence and Enquiries

If you contact us (e.g. via the contact form, e-mail), we process your data in order to:

  • respond to your enquiry,
  • prepare an offer,
  • resolve the reported issue,
  • conduct ongoing correspondence.

Legal basis:

  • Article 6(1)(f) GDPR (legitimate interest of the Controller – responding and conducting correspondence),
  • to the extent that the correspondence aims at concluding a contract – Article 6(1)(b) GDPR.

Processing period: for the time necessary to handle the matter, and thereafter – if needed – until the expiry of the limitation period for possible claims (as a rule, up to 6 years).

5.3. Maintaining a Customer Account

If you create an account in the Store, we process your data in order to:

  • enable you to log in,
  • display your order history,
  • facilitate placing further orders,
  • allow you to manage your data and preferences.

Legal basis: Article 6(1)(b) GDPR (contract for maintaining an account).

Processing period: for the entire period of the account’s activity, and after its deletion – for the limitation period of claims (as a rule, up to 6 years).

5.4. Settlements, Accounting and Tax Obligations

Your personal data are included in accounting documents (e.g. invoices) and other documents that we must store in accordance with legal regulations.

Legal basis: Article 6(1)(c) GDPR in conjunction with accounting and tax regulations (including the Polish Accounting Act, the Tax Ordinance).

Processing period: for the period required by these regulations – as a rule, 5 years from the end of the tax year to which the data relate, unless longer storage is required by law.

5.5. Direct Marketing of Our Products

We may process your data in order to:

  • send you information about our products, discounts, promotional campaigns,
  • tailor our communication to your previous purchases,
  • conduct marketing activities in the channels you use (e.g. e-mail, the Service).

Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Controller – direct marketing of own products).

For sending marketing e-mails – additionally Article 10 of the Act on Rendering Electronic Services and Article 172 of the Telecommunications Law.

Processing period: until you object to the processing of data for direct marketing purposes or until our legitimate interest ceases.

5.6. Newsletter and Other Marketing Communications Based on Consent

If you subscribe to the newsletter or consent to receiving commercial information, we will process your e-mail address (and possibly other data you provide) in order to:

  • send the newsletter,
  • inform you about new products, promotions, events,
  • send other marketing content.

Legal basis: Article 6(1)(a) GDPR (consent) in conjunction with Article 10 of the Act on Rendering Electronic Services and Article 172 of the Telecommunications Law.

Processing period: until you withdraw your consent to the newsletter / commercial information.

5.7. Analysis, Statistics and Improvement of the Service’s Functionality

We analyse how you use our Service (e.g. which subpages you visit, how long you stay on them) in order to:

  • improve the quality and functionality of the Service,
  • adapt the product offer,
  • ensure security and stability of operation.

For this purpose, we use, among other things, cookies and analytical tools.

Legal basis:

  • for cookies/analytics requiring consent – Article 6(1)(a) GDPR (consent),
  • to the minimal extent that is technically necessary – Article 6(1)(f) GDPR (legitimate interest – compiling statistics, ensuring the security of the Service).

Processing period: for the duration of the respective cookies or until consent is withdrawn / an objection is lodged.

5.8. Remarketing and Personalised Advertising (Marketing Profiling)

With your consent, we may process data relating to your activity in the Service and on the web (e.g. cookie identifiers, browsing history, viewed products) in order to:

  • display advertisements tailored to your interests,
  • target advertisements on other services (e.g. Google, Meta/Facebook, Instagram, TikTok, Pinterest),
  • measure the effectiveness of our advertising activities.

Legal basis: Article 6(1)(a) GDPR (consent to marketing cookies / profiling) in conjunction with Articles 173–174 of the Telecommunications Law.

Processing period: until you withdraw your consent to marketing cookies or delete cookies via your browser.

5.9. Establishment, Exercise or Defence of Claims

In the event of disputes (e.g. complaints, claims under a contract, damage), we may process data necessary to:

  • establish claims,
  • pursue claims,
  • defend against claims.

Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Controller – legal protection).

Processing period: until the limitation period for possible claims expires – as a rule, up to 6 years.

5.10. Recruitment

If you send us your application in response to a cooperation / job offer, we process your data in order to:

  • conduct the recruitment process,
  • select an appropriate person for cooperation,
  • with your separate consent – also for future recruitments.

Legal basis:

  • Article 6(1)(b) GDPR (steps taken to conclude a contract),
  • Article 6(1)(a) GDPR – for consent to future recruitments.

Processing period: for the duration of the given recruitment; in the case of consent to future recruitments – for a maximum of 12 months or until consent is withdrawn.

6. Data Recipients and Processors

1. In connection with the use of the Service and execution of orders, we may transfer your personal data to the following categories of recipients:

  1. IT service providers – entities providing hosting, maintenance of the store system, e-mail, cloud solutions, security tools,
  2. payment operators – handling electronic and card payments,
  3. courier companies and postal operators – performing delivery of orders,
  4. providers of marketing and analytical tools – including newsletter systems, analytical tools, advertising and remarketing systems,
  5. providers of purchase review systems – if we ask you to leave a review and you give your consent,
  6. accounting office, legal advisors, debt collection companies – to the extent necessary to provide us with accounting, legal and debt collection services.

2. These entities process data on the basis of data processing agreements (Article 28 GDPR) and only to the extent necessary to perform specific tasks.
3. Your data may also be disclosed to public authorities and other authorised entities where required by law (e.g. tax authorities, courts, law enforcement authorities).

7. Transfer of Data Outside the EEA

  1. Some of our IT, analytical and marketing service providers may process data outside the European Economic Area (in particular in the USA).
  2. In such a case, the transfer of data takes place solely in accordance with Chapter V GDPR, in particular through:
    - the application of European Commission implementing decisions on the adequacy of the level of protection (e.g. the entity’s participation in the EU-US Data Privacy Framework),
    - conclusion with the respective entity of so-called standard contractual clauses adopted by the European Commission, possibly with additional technical and organisational safeguards.
  3. You can obtain information on specific safeguards applied when transferring data outside the EEA by contacting us.

8. Obligation to Provide Data and Consequences of Failure to Provide Data

  1. Providing data is:
    1. a contractual requirement – where it is necessary to conclude and perform a contract (e.g. delivery data, settlement data); failure to provide them will prevent the conclusion or performance of the contract,
    2. a statutory requirement – where it arises from legal provisions (e.g. data required for issuing an invoice); failure to provide them will prevent us from fulfilling legal obligations,
    3. voluntary – in all other cases, e.g. marketing consents, consent to the newsletter, consent to analytical and marketing cookies, participation in recruitment.

2. In forms, mandatory data are appropriately marked. Failure to provide them results in the inability to perform a given action (e.g. placing an order, sending a message, subscribing to the newsletter).

9. Cookies and Similar Technologies (Cookies Policy)

9.1. What Are Cookies?

Cookies are small text files stored on your device (computer, smartphone, tablet) when you use the Service. Cookies contain, among other things, the domain name from which they originate, the storage time and a unique identifier.

9.2. Cookies Controller

The controller of cookies placed on your device and accessing them is:
Piotr Krawczyk Atelier VON SCHÜTZ, ul. Słoneczna 5a, 42-713 Kochanowice, Poland.

In the case of cookies from third parties (e.g. Google, Meta/Facebook, TikTok, Pinterest), a separate controller may also be that third party – under the rules laid down in its privacy policy.

9.3. Types of Cookies and Purposes of Their Use

We use the following categories of cookies in our Service:

  1. Necessary (technical) cookies
    - enable the proper functioning of the Service and the use of basic functions (login, cart, forms),
    - without them, the use of the Service may be difficult or impossible.

    Legal basis: Article 6(1)(b) GDPR (provision of electronic services) and Article 6(1)(f) GDPR (legitimate interest – ensuring proper functioning of the Service).
  2. Functional cookies
    - remember your choices and settings (e.g. language, region, cart content),
    - allow personalisation of the Service.

    Legal basis: Article 6(1)(a) GDPR (consent) or – to the minimal technical extent – Article 6(1)(f) GDPR.
  3. Analytical / statistical cookies
    - help us understand how you use the Service (e.g. which pages are most frequently visited, how long you stay on them),
    - are used to create statistics and analyses, thanks to which we can improve the Service.

    Legal basis: Article 6(1)(a) GDPR (consent).
  4. Marketing / advertising cookies (including remarketing cookies)
    - are used to display advertisements tailored to your interests – in our Service and outside it,
    - are used for remarketing and measuring the effectiveness of advertising campaigns.

    Legal basis: Article 6(1)(a) GDPR (consent) in conjunction with Articles 173–174 of the Telecommunications Law.

9.4. Consent to Cookies and Withdrawal of Consent

  1. During your first visit to the Service, we show a banner with information about cookies and options to:
    - accept all cookies,
    - reject non-essential cookies,
    - make a detailed choice (e.g. only technical + analytical).
  2. We store your preferences in a consent management tool. At any time you can:
    - change your selection,
    - withdraw your consent to analytical/marketing cookies,

    using the “Cookie settings” / “Manage cookies” option available in the Service.
  3. Regardless of the above, you can manage cookies via your browser settings (blocking cookies, deleting stored files). Please note, however, that disabling necessary cookies may result in improper operation of the Service.

9.5. Third-Party Cookies

  1. The Service may use cookies of third parties, in particular providers of analytical and advertising tools, such as Google, Meta/Facebook, Instagram, TikTok, Pinterest.
  2. Data collected through these cookies are processed by the indicated entities under their own privacy policies. These entities may combine the information collected in our Service with other data they hold about you (e.g. when you are logged in to your account with a given provider).

9.6. Cookie Storage Period

  1. Within the Service, we use both:
    - “session” cookies – deleted after closing the browser,
    - “persistent” cookies – stored for the time specified in their parameters or until they are deleted manually.
  2. Detailed information on the storage time of particular cookies can be found in your browser settings or in our consent management tool.

10. Newsletter, Marketing and Profiling

  1. We send the newsletter and other marketing messages only when we have an appropriate legal basis (consent or – for certain forms of marketing – legitimate interest, while complying with the Act on Rendering Electronic Services and the Telecommunications Law).
  2. As part of our marketing activities, we may use profiling – the analysis of your data (e.g. purchase history, on-site behaviour, reactions to the newsletter) in order to better tailor marketing communications to your preferences.
  3. The marketing profiling we use does not result in decisions producing legal effects concerning you or similarly significantly affecting you (Article 22 GDPR does not apply here).
  4. You can always:
    - withdraw your consent to the use of the newsletter,
    - object to the processing of data for direct marketing purposes, including marketing profiling.

11. Social Media

  1. We operate profiles on social media (e.g. Facebook, Instagram, Pinterest, TikTok – depending on the platforms we currently use). In connection with this, we process data of persons who:
    - visit our profiles,
    - interact with our content (likes, comments, shares),
    - send us private messages via these platforms.
  2. To the extent that we have access to data through a given platform, we process them on the basis of Article 6(1)(f) GDPR (legitimate interest – running profiles, communicating with users, marketing, brand building).
  3. The operator of each platform is a separate data controller (e.g. Meta Platforms Ireland Limited, Google Ireland Limited, TikTok Technology Limited). Data are also processed by these entities under their respective privacy policies.

12. Rights of Data Subjects

In accordance with the GDPR, you have the following rights:

  1. Right of access (Article 15 GDPR)
    You may obtain confirmation as to whether we process your data and, if so, receive a copy of the data and information, including about the purposes and legal bases of processing.
  2. Right to rectification (Article 16 GDPR)
    You may request the correction of inaccurate data or the completion of incomplete data.
  3. Right to erasure (Article 17 GDPR)
    You may request the deletion of data (“right to be forgotten”) in cases provided for by the GDPR, e.g. when the data are no longer necessary for the purposes for which they were collected or when you have withdrawn your consent.
  4. Right to restriction of processing (Article 18 GDPR)
    You may request restriction of processing, in particular when:
    - you contest the accuracy of the data,
    - the processing is unlawful,
    - the data are needed by you for the establishment, exercise or defence of claims.
  5. Right to data portability (Article 20 GDPR)
    If processing is based on consent or contract and carried out by automated means, you may receive the data in a structured, commonly used format and transmit them to another controller.
  6. Right to object (Article 21 GDPR)
    1. to processing based on Article 6(1)(f) GDPR (legitimate interest of the Controller) – on grounds relating to your particular situation;
    2. at any time to processing of data for direct marketing purposes, including profiling – in such a case we will cease processing your data for these purposes.
  7. Right to withdraw consent (Article 7(3) GDPR)
    If we process data on the basis of consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal.
  8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
    If you consider that the processing of your data infringes the GDPR, you may lodge a complaint with a competent supervisory authority, in particular:
    - in Poland – with the President of the Personal Data Protection Office (PUODO),
    - in another EU country – with the supervisory authority competent for your habitual residence, place of work or the place of the alleged infringement.
  9. To exercise the above rights, please contact us:
    - by e-mail: mail@vonschuetz.com,
    - by post: to the Controller’s registered office address.

13. Data Security

  1. The Controller applies appropriate technical and organisational measures to ensure a level of security of personal data appropriate to the risk, taking into account the nature, scope, context and purposes of processing and the risk of violation of the rights and freedoms of natural persons.
  2. In particular, we apply:
    - encryption of the connection with the Service (SSL/TLS protocols – “https://”),
    - access control and authorisation management systems,
    - backup procedures,
    - security-related criteria when choosing IT service providers and data processors.

14. Children’s Data

  1. Our Service and offer are not addressed to children under 16 years of age. We do not knowingly collect data of such persons.
  2. If we become aware that a child’s data have been provided to us without the consent of the guardian required by law, we will take appropriate steps to delete them.

15. Amendments to the Policy

  1. The Policy may be updated from time to time, in particular in the event of:
    - changes in legal regulations,
    - changes in the way data are processed,
    - introduction of new functionalities in the Service.
  2. Each new version of the Policy will be published in the Service with the current date. In the case of significant changes, we may additionally inform you, for example, by a notice on the website or by e-mail (if we have your address).