1. For the Owner of this website, the protection of Users' personal data is of the utmost importance. He makes every effort to ensure that Users feel safe when entrusting their personal data while using the website.

2. User is a natural person, a legal person or an organizational unit without legal personality, to which the law grants legal capacity, using electronic services available on the website.

3. This privacy policy explains the principles and scope of processing of the User's personal data, the User's rights, as well as the obligations of the administrator of such data, and also informs about the use of cookies.

4. The Administrator uses state-of-the-art technical measures and organizational solutions that ensure a high level of protection of processed personal data and protection against access by unauthorized persons.

I. PERSONAL DATA CONTROLLER

The personal data controller is : Sylwia Gruszka, ul. Filtrowa 67/44, 02-055 Warsaw, Poland VAT ID: 5261207949. The business activity is registered in the Central Registration and Information on Business (CEIDG), kept by the Minister responsible for economic affairs.

II. PURPOSE OF PERSONAL DATA PROCESSING

1. The Administrator processes the User's personal data for the purpose of proper execution of sales contracts concluded within the online store, via the website https://leitmotifeditions.pl

2. This means that these data are needed in particular for:

a. registering on the website;

b. conclusion of the contract;

c. making settlements;

d. delivery of goods or performance of services ordered by the User;

e. the User's exercise of all consumer rights (e.g. withdrawal from the contract, warranty).

3. The User may also consent to receiving information about new products and promotions, which will result in the administrator also processing personal data in order to send the User commercial information regarding, among others, new products or services, promotions or sales.

4. Personal data are also processed as part of the fulfilment of legal obligations incumbent on the data controller and the performance of tasks in the public interest, including for the performance of tasks related to security and defence or the storage of tax documentation.

5. Personal data may also be processed for the purposes of direct marketing of products, securing and pursuing claims or protecting against claims of the User or a third party, as well as marketing of services and products of third parties or own marketing that is not direct marketing.

III. TYPE OF DATA

1. The Administrator processes the following personal data, the provision of which is necessary for:

a. register on the website:

- name and surname               
- e-mail address
- Tax Identification Number (VAT ID)

b. making purchases via the website:

- name and surname                
- delivery address       
- telephone number   
- email address

c. Data optionally provided by the User, such as date of birth or gender.

2. In the event of withdrawal from the contract or acceptance of the complaint, when the refund is made directly to the User's bank account, information regarding the bank account number is also processed for the purpose of refunding the amount due.

IV. LEGAL BASIS FOR PERSONAL DATA PROCESSING

1. Personal data are processed in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1–88, hereinafter referred to as the " GDPR Regulation ".

2. The Administrator processes personal data only after obtaining the User's consent, expressed at the time of registration on the website or at the time of confirmation of a transaction made on the website.

3. Giving consent to the processing of personal data is completely voluntary, however, failure to do so will prevent you from registering on the website and making purchases via the website.

V. USER RIGHTS

1. The User may at any time request information from the administrator about the scope of personal data processing.

2. The User may request the correction or rectification of their personal data at any time. The User may also do this themselves after logging into their account.

3. The User may withdraw their consent to the processing of their personal data at any time, without giving a reason. The request not to process the data may concern a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receive commercial information, or may concern all purposes of data processing. Withdrawal of consent to all purposes of processing will result in the User's account being deleted from the website, along with all of the User's personal data previously processed by the administrator. Withdrawal of consent will not affect actions already performed.

4. The User may at any time request, without giving a reason, that the administrator deletes his/her data. The request to delete the data will not affect the actions performed so far. Deleting the data means the simultaneous deletion of the User's account, together with all personal data saved and processed by the administrator so far.

5. The User may at any time object to the processing of personal data, both in the scope of all personal data of the User processed by the administrator, as well as only to a limited extent, e.g. with regard to the processing of data for a specifically indicated purpose. The objection will not affect the actions performed so far. Filing an objection will result in the deletion of the User's account, together with all personal data saved and processed so far by the administrator.

6. The User may request the restriction of the processing of personal data, whether for a specified period or without a time limit, but within a specified scope, which the administrator will be obliged to fulfill. This request will not affect actions performed so far.

7. The User may request that the administrator transfer the User's processed personal data to another entity. For this purpose, the User should write a request to the administrator, indicating to which entity (name, address) the User's personal data should be transferred and what specific data the User wishes the administrator to transfer. After the User confirms his or her request, the administrator will transfer the User's personal data to the indicated entity in electronic form. The User's confirmation of the request is necessary for the security of the User's personal data and to ensure that the request comes from an authorized person.

8. The Administrator informs the User about the actions taken within one month of receiving one of the requests mentioned in the previous points.

VI. PERSONAL DATA STORAGE PERIOD

1. In principle, personal data is only stored for as long as is necessary to fulfill the contractual or statutory obligations for which it was collected. This data will be deleted immediately as soon as its storage is no longer necessary, for evidential purposes, under civil law or in connection with statutory retention obligations.

2. Information regarding the contract is stored for evidentiary purposes for a period of three years, starting from the end of the year in which the business relationship with the User was terminated. The data will be deleted after the statutory limitation period for pursuing contractual claims.

3. In addition, the administrator may retain archival information regarding concluded transactions, as their storage is related to the User's claims, e.g. under warranty.

4. If no agreement has been concluded between the User and the Owner, the User's personal data are stored until the User's account on the website is deleted. The account may be deleted as a result of the User's request, withdrawal of consent to the processing of personal data, or objection to the processing of such data.

VII. ENTRUSTING DATA PROCESSING TO OTHER ENTITIES

1. The Administrator may entrust the processing of personal data to entities cooperating with the Administrator, to the extent necessary to complete the transaction, e.g. to prepare the ordered goods and deliver parcels or transmit commercial information from the Administrator (the latter applies to Users who have agreed to receive commercial information).

2. Apart from the purposes indicated in this Privacy Policy, Users' personal data will not be made available in any way to third parties or transferred to other entities for the purpose of sending marketing materials of such third parties.

3. Personal data of Website Users are not transferred outside the European Union.

4. This Privacy Policy complies with the provisions of Article 13 paragraphs 1 and 2 of the GDPR Regulation.