Privacy policy

Last updated: March 26, 2026

This Privacy Policy describes how digarri.com (hereinafter: the "Store", "we", "us", or "our") collects, uses, and protects your personal data when you visit or make a purchase from our online store. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is the owner of the online store digarri.com (hereinafter: the "Controller").

For any privacy-related inquiries, you can reach us at:

2. What Personal Data We Collect

Depending on how you interact with our Store, we may collect the following categories of personal data:

2.1. Data You Provide Directly

  • First and last name
  • Email address
  • Phone number
  • Shipping and billing address (street, postal code, city, country)
  • Company details (VAT number, company name) — for business purchases
  • Content of messages sent via the contact form

2.2. Data Collected Automatically

  • IP address
  • Browser type and version
  • Operating system
  • Referral source
  • Session data, time spent on pages, pages visited
  • Cookie identifiers and similar tracking technologies (see our Cookie Policy for details)
  • Approximate geolocation based on IP address

2.3. Transaction Data

  • Order history and transaction details
  • Payment method (we do not store full payment card details — these are processed directly by the payment provider)
  • Order fulfillment status

3. Purposes and Legal Bases for Processing

Purpose Legal Basis (GDPR)
Order fulfillment and performance of the sales contract Art. 6(1)(b) — performance of a contract
Payment processing Art. 6(1)(b) — performance of a contract
Issuing invoices and maintaining accounting records Art. 6(1)(c) — legal obligation
Handling complaints and returns Art. 6(1)(b) — performance of a contract; Art. 6(1)(c) — legal obligation
Responding to inquiries submitted via the contact form Art. 6(1)(f) — legitimate interest of the Controller
Newsletter and email marketing communications Art. 6(1)(a) — consent
Statistical analysis and improvement of the Store (Google Analytics) Art. 6(1)(a) — consent; Art. 6(1)(f) — legitimate interest
Marketing and remarketing (Facebook Pixel, advertising) Art. 6(1)(a) — consent
Security and fraud prevention Art. 6(1)(f) — legitimate interest of the Controller
Establishment, exercise, or defense of legal claims Art. 6(1)(f) — legitimate interest of the Controller

4. Recipients of Personal Data

Your personal data may be shared with the following categories of recipients, only to the extent necessary for the purposes described above:

  • Shopify Inc. — the e-commerce platform hosting our Store (order processing, data hosting). Shopify processes data in accordance with its own privacy policy.
  • Payment processors: Shopify Payments, Przelewy24, Klarna or other payment service providers — for transaction processing.
  • Shipping and postal companies — for order delivery (e.g., InPost, DHL, FedEx, UPS, local carriers).
  • Google LLC — via Google Analytics for website traffic analysis.
  • Meta Platforms Inc. (Facebook) — via Facebook Pixel for marketing and remarketing campaigns.
  • Email marketing providers — Edrone.
  • Accounting firms / tax advisors — to the extent necessary for maintaining financial records.
  • Public authorities — where required by law (e.g., tax authorities, law enforcement).

International Data Transfers

Some of our partners (Shopify, Google, Meta, Stripe) are based outside the European Economic Area (EEA), including in the United States. In such cases, data transfers are conducted on the basis of:

  • European Commission adequacy decisions (e.g., EU-US Data Privacy Framework);
  • Standard Contractual Clauses approved by the European Commission;
  • Other appropriate safeguards as provided under Articles 46–49 of the GDPR.

5. Data Retention Periods

Data Category Retention Period
Order-related data For the duration of the contract and until the expiration of the limitation period for claims (up to 6 years after the end of the calendar year in which the contract was performed)
Accounting and tax records (invoices) 5 years from the end of the calendar year in which the tax payment was due
Customer account data Until the account is deleted by the user or upon request
Consent-based data (newsletter, marketing) Until consent is withdrawn
Contact form data For the time necessary to respond and for potential claim purposes
Data collected via analytical and marketing cookies In accordance with the lifespan of individual cookies (see our Cookie Policy)

6. Your Rights

Under the GDPR, you have the following rights regarding the processing of your personal data:

  • Right of access (Art. 15 GDPR) — you have the right to obtain confirmation as to whether we process your data and to access that data.
  • Right to rectification (Art. 16 GDPR) — you have the right to request correction of inaccurate data or completion of incomplete data.
  • Right to erasure (Art. 17 GDPR, "right to be forgotten") — you have the right to request deletion of your data in certain circumstances.
  • Right to restriction of processing (Art. 18 GDPR) — you have the right to request restriction of processing in certain cases.
  • Right to data portability (Art. 20 GDPR) — you have the right to receive your data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21 GDPR) — you have the right to object to processing based on legitimate interest, including profiling.
  • Right to withdraw consent — at any time, without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to lodge a complaint with a supervisory authority — you can file a complaint with your local data protection authority. In Poland: Prezes Urzędu Ochrony Danych Osobowych (PUODO), ul. Stawki 2, 00-193 Warsaw, uodo.gov.pl.

To exercise any of your rights, please contact us at: privacy@digarri.com. We will respond to your request without undue delay and no later than within 30 days.

7. Cookies and Tracking Technologies

The Store digarri.com uses cookies and similar technologies to ensure proper website functionality, analyze traffic, and conduct marketing activities. For detailed information about the types of cookies we use, their purposes, retention periods, and how to manage your preferences, please refer to our Cookie Policy.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction, or disclosure, including:

  • Data transmission encryption (SSL/TLS)
  • Secure data storage on Shopify's servers
  • Access to data restricted to authorized personnel only
  • Regular reviews of security procedures

9. Profiling and Automated Decision-Making

As part of our Store's operations, we may use profiling for marketing purposes (e.g., tailoring advertising content based on browsing history). Such profiling does not produce legal effects concerning you and does not significantly affect your situation. You have the right to object to profiling at any time.

10. Customer reviews on the online store

  • Customers of the Online Shop may voluntarily and free of charge submit feedback regarding purchases made in the Online Shop. Such feedback may also include a rating, a photograph or a review of a product purchased in the Online Shop.
  • Following purchases made in the Online Shop, the Seller provides the data necessary to create an email invitation to the company handling the survey process. The sending of surveys and the process of collecting feedback via forms is handled entirely by TrustMate SA, with its registered office at Bartoszowicka 3, 51-641 Wrocław. TrustMate SA sends the Customer an email requesting a review and including a link to the online form for submitting it – the online form allows the Customer to answer the Seller’s questions regarding the purchase, rate it, add their own description of the review, and upload a photo of the purchased product. If no review is submitted after receiving the first invitation to submit a review, TrustMate may resend the invitation.
  • A review may only be submitted by a Customer who has made purchases in the Seller’s Online Shop.
  • Reviews submitted by the Customer are published by the Seller in the Online Shop and on the TrustMate.io profile.
  • The submission of a review must not be used by the Customer for unlawful activities, in particular for activities constituting unfair competition against the Seller, or activities infringing upon personal rights, intellectual property rights or other rights of the Seller or third parties.
  • A review may only be posted for products actually purchased from the Seller’s Online Shop. It is prohibited to enter into fictitious or sham sales contracts for the purpose of posting a review. Furthermore, the review may not be authored by the Seller themselves or their employees, regardless of the basis of their employment.
  • A posted review may be removed by its author at any time.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time. We will notify you of any significant changes via the Store's website or by email (if we have your email address). We recommend reviewing this Privacy Policy regularly.

Effective date of the current version: March 26, 2026

12. Contact

If you have any questions about this Privacy Policy or the processing of your personal data, please contact us: