Privacy Policy and Cookies

Last Updated – 22.11.2024

Introduction

This Privacy Policy defines the principles of processing personal data of users using the mindfulabstract.com website or other technologies. As a company headquartered in Poland, we attach great importance to protecting the privacy and security of our users’ personal data. We operate in accordance with the provisions on the protection of personal data, including the General Data Protection Regulation (GDPR) in Europe and the regulations in force in the United States, including the CCPA (California Consumer Privacy Act).

Please read our privacy policy carefully. Using our services means accepting the principles described. If you do not accept these terms, refrain from using our services.

Definitions

Website – The service operating at mindfulabstract.com, along with all its functionalities, such as the online store, blog, contact forms, the ability to register user accounts and other services provided online.
User – Any natural person using the mindfulabstract.com service, browsing content, making purchases, registering an account or contacting us via forms.
Administrator – The person responsible for processing the personal data of service users, i.e. the owner of the matbucstory company Mateusz Bućko.
Personal data – Any information relating to an identified or identifiable natural person, including, but not limited to: first name, last name, e-mail address, telephone number, residential address, IP address and information regarding transactions.
Data processing – Any operation performed on personal data, such as collecting, storing, modifying, sharing, using, viewing or deleting.
Cookies – Small text files saved on the user’s device when using our website. Cookies are used to improve the performance of the website, remember user preferences, analyze website traffic, and display personalized advertising content.
Consent – Voluntary, conscious, and unambiguous consent by the user to the processing of their personal data for a specific purpose, e.g. marketing.
Technical data – Information collected automatically about the user’s device, such as IP address, browser type, operating system, access time, and other data related to the use of the website.
Newsletter – E-mail messages sent to subscribers, containing information about new products, promotional offers, and news related to our activities.

1. Personal data administrator

The administrator responsible for the processing of personal data of users is the company matbucstory Mateusz Bućko. NIP number – 5451825768. REGON number – 523342862. with its registered office in Poland, at Szumowo 3, 16-140 Korycin, Poland. As a company operating on the American market, we handle orders and provide services to our customers from the USA, acting in accordance with the applicable data protection regulations in the United States (CCPA) and in the European Union (GDPR).

Any questions regarding privacy protection and data processing can be directed to us via e-mail: contact@mindfulabstract.com

Our website and systems are hosted on servers located in Ashburn, VA, provided by Hetzner. This setup enables us to efficiently and securely deliver services to our customers. We are committed to upholding the highest standards of personal data protection in compliance with the legal regulations applicable in both Poland and the USA.

2. What data do we collect?

As part of your use of our website and related services, we collect various types of personal and technical data that are necessary to process orders, provide user service and optimize the operation of the website.

Personal Data
The personal data of users, which is voluntarily provided to us during account registration, order placement, or when contacting us, includes:

• Full Name – necessary for processing the order and communicating with the user.
• Email Address – used for order confirmations, communication, and newsletter subscription.
• Shipping Address – required to deliver the ordered products.
• Login Information – such as email address and password, which enable access to the user account.
• Order History – a record of all purchases made by the user in our store.

Transaction Data
To process orders and complete payments, we collect the following transaction-related data:

• Information about ordered products, including amounts and quantities of products.
• Payment data, which is processed through Stripe. This includes information about payment methods, such as credit cards, though we do not store detailed card information.

Technical Data
We automatically collect technical data about the devices and software used by users while browsing our website. This data includes:

• IP address – a computer’s network identifier, which allows us to analyze traffic on the site.
• Device type – information about the type of device (e.g., computer, smartphone) used to browse our website.
• Browser and operating system – this data allows us to optimize the site based on the technology used by the users.
• Server logs – these logs collect detailed information about user interactions with our site, such as access times, pages viewed, and any potential errors.

Newsletter Data
If the user consents to subscribing to our newsletter, we process the following data:

• Email address – which enables the sending of regular marketing and informational messages.
• Consent to receive promotional materials – which is stored in accordance with data protection regulations.

Data Submitted via Contact Forms and Blog Comments
If users decide to contact us via forms or post comments on our blog, we collect:

• Message or comment content – to respond to inquiries or manage content on the site.
• Name and email address – which are required to respond to submitted questions or verify identity when posting comments.

3. How do we collect data?

The collection of personal and technical data on our website takes place in several different forms. Each method of data collection is intended to ensure efficient and safe order fulfillment, service to our users, and delivery of personalized content. This data may be collected directly from users, automatically when using our service, as well as through external service providers.

Data Provided Directly by Users
Many of the details we process come directly from users when they use various features available on our site. This includes, among others:

• Account Registration – Users provide personal data, such as name, surname, email address, and password, when creating a user account, which allows them to track orders and manage their account.
• Placing Orders – When making a purchase, users provide necessary data to finalize the order, such as shipping details and payment information.
• Newsletter Subscription – Users who want to receive information about our new products, special offers, or blog articles may voluntarily provide their email address to subscribe to the newsletter.
• Blog Comments – Users can post comments on our blog by providing their contact details, such as name and email address, to allow us to manage the content and communicate if needed.

Automatic Data Collection
In addition to data provided by users, our site collects certain information automatically. This serves to improve the functionality of the service and adjust the content to user preferences. This includes:

• Cookies – Small text files stored on the user’s device. They allow us to remember user preferences, analyze their activity on the site, and deliver personalized advertisements.
• Tracking Technologies – We use various monitoring technologies, such as tracking pixels and scripts, to help us analyze site traffic and optimize content. This data includes, among others, the user’s IP address, browser type, operating system, and the time spent on individual pages.

4. Data collected from third parties

In order to provide efficient customer service, fulfill orders, process payments, manage marketing communications and optimize advertising campaigns, we use the services of external suppliers. We only work with trusted suppliers who provide appropriate data security.

Payments
Data related to the processing of transactions, including information about payment methods, is processed by an external payment service provider. During this process, data necessary for payment processing, such as credit card information, is processed; however, we do not store detailed credit card data.

Newsletter
The email addresses of users who have subscribed to the newsletter are provided to an external marketing service provider, enabling us to send regular emails containing information about new products, promotional offers, and updates. Data processing is based on the user’s consent.

Order Fulfillment
To deliver products to our customers, we use an external logistics and production service provider who processes data related to orders, such as the customer’s name, shipping address, and details about the products ordered.

Marketing and Analytics Tools (e.g., Facebook Pixel, Google Analytics)
We use marketing and analytics tools provided by external companies that allow us to monitor user behavior on our site and display personalized advertisements.

• Facebook Pixel – This tool enables tracking user activity on the site to tailor advertising campaigns displayed on Facebook and its partner network. The collected information includes viewed products, content interactions, and clicks.
• Google Analytics – We collect analytical data about how users interact with our site, such as visited pages, time spent on the site, and the type of devices used. This data is processed anonymously and is used to improve the functionality of the site and the efficiency of advertising campaigns.
• Remarketing Ads – Data collected by tools such as Facebook Pixel and Google Ads may be used to display remarketing ads that promote products previously viewed by users.

5. For what purposes do we process personal data?

The personal data we collect and process, including third parties, are used for various purposes related to order fulfillment, marketing communications, user account management, technical support and optimization of our service. Data processing is always carried out in accordance with applicable privacy regulations.

Order fulfillment
Personal data is essential for the proper processing of orders and the delivery of purchased products.

• Processing of data necessary for completing transactions and payments.
• Using the shipping address and contact details to ensure products reach users on time.
• Managing the order process, including informing users about the status of their orders and any potential changes.

Marketing and promotional communication
If the user consents, we process their personal data for marketing purposes.

• Sending newsletters to inform users about new products, special offers, promotions, and updates.
• Personalizing promotional offers to better align our communications with users’ preferences.
• The option to opt out of marketing at any time by clicking the unsubscribe button in the email newsletter.

User account management
Processing personal data is also crucial for registering and managing user accounts on our site. In this regard, we process:

• Login information, such as email address and password, to allow the user access to their account.
• Order history, which enables users to review previous transactions and facilitates future order management.
• Profile data that users can update at any time to manage their account preferences.

Customer support
To effectively respond to inquiries, resolve issues, and provide support, we process data provided by users in the following contexts:

• Emails related to inquiries about orders, products, or general questions.
• Blog comments, especially if they contain questions or suggestions that require a response.

Improving site functionality
Our goal is to continuously enhance the operation of the site and tailor it to users’ needs. To achieve this, we process technical data, such as:

• Cookie data, which helps us analyze site traffic, understand which sections of the site are most popular, and how users navigate through the website.
• Technical information about devices and browsers, which enables us to improve the site’s functionality and speed, as well as adapt it to different devices.

Ensuring security
To ensure the security of our systems, prevent abuse, detect fraud, and protect against cyberattacks, we also use this data for monitoring activity, which helps us identify potential threats.

6. Third Party Privacy Policies

Our site is not responsible for the privacy policies of third-party providers we work with. We encourage users to review the privacy policies of those providers as they may differ.

Third Party Obligations
Each of the external suppliers with whom we work processes personal data only to the extent necessary to provide their services and in accordance with applicable legal provisions on the protection of personal data.

7. Legal basis for data processing

We process your personal data based on different legal bases, depending on the purpose of processing. Our actions comply with both the GDPR (General Data Protection Regulation) in the European Union and the CCPA (California Consumer Privacy Act) in the United States.

User Consent
Legal Basis: Article 6(1)(a) GDPR and CCPA
The processing of personal data for marketing purposes, such as sending newsletters, promotional offers, and updates, is carried out solely with the user’s consent. The user has the right to give consent for data processing and to withdraw it at any time without affecting the legality of the data processing that occurred before the withdrawal. Marketing data will be stored until the user withdraws their consent.

Contract Performance
Legal Basis: Article 6(1)(b) GDPR and contract performance in accordance with U.S. regulations
Personal data is processed to the extent necessary to perform the contract between the user and our company. This includes order fulfillment, product delivery, user account management, and transaction processing. Data related to orders, such as the shipping address and order details, is essential for us to properly fulfill orders and provide our services. This data is stored for the duration of the contract and for the required administrative period.

Legal Obligation Fulfillment
Legal Basis: Article 6(1)(c) GDPR and legal obligations in accordance with U.S. regulations
The processing of certain data is necessary for us to fulfill legal obligations related to accounting and taxation laws. This means that transactional data and documentation related to purchases must be stored for the period specified by law. This data is stored solely to meet legal requirements and is not used for other purposes.

8. Data management and processing of personal data

As part of our business activities, we process various categories of personal data necessary for order fulfillment, customer service, and website optimization. The processing of these data may involve transferring them between Poland and the USA, where customer data are processed.

Data Transfers and Compliance with Data Protection Regulations
All transfers of personal data between Poland and the USA are carried out in accordance with applicable data protection regulations, such as GDPR in Europe and CCPA in the USA. For transfers of data to countries outside the European Economic Area (EEA), we use appropriate safeguards, such as Standard Contractual Clauses (SCC), to ensure compliance with GDPR requirements. Where user consent is required for international data transfers, users are informed and given the option to provide consent.

Data Storage on Servers in the USA
Our website and its features are hosted on servers located in the United States, provided by Hetzner. This ensures that user data is stored and processed in the USA. We have implemented appropriate technical and organizational measures to protect this data in accordance with international security standards.

Data transfers occur in the following situations:

Order Management
Personal data of users, such as name, shipping address, and order details, may be transferred between the USA and Poland for order fulfillment, customer service, and logistics management. Data transfers are necessary for the proper functioning of the online store and the fulfillment of orders.

User Account Management
We process login data, such as email address and password, to enable users to access their accounts, as well as order history, which allows users to review previous transactions and facilitates the handling of future orders.

Transactional Data
For the purpose of fulfilling orders and processing payments, we process data related to transactions, such as information about ordered products, amounts, and payment data processed by an external provider. We do not store detailed payment card information.

Technical Data
We automatically collect technical data about devices and software used by users, such as IP address, device type, browser, operating system, and server logs. This data helps us analyze the website’s performance and ensure its security.

Marketing and Analytical Data
If the user gives consent, we process data for marketing and analytical purposes, such as email addresses for sending newsletters, as well as data from analytical tools (e.g., Google Analytics, Facebook Pixel) used to analyze traffic and display personalized ads. Data collected via cookies and pixels may be used to display remarketing ads.

Data from Contact Forms and Blog Comments
We process data submitted through contact forms and blog comments, such as the content of messages or comments, as well as the user’s name and email address.

9. Cookies and tracking technologies

The Administrator uses cookies, which are small text files stored on the user’s device. Cookies identify the user, allowing the website’s content to be tailored to their needs. They remember the user’s preferences and enable the appropriate customization of content directed to them, including advertisements.
Cookies are used to ensure a convenient standard of service. The data collected are used exclusively within the company to optimize activities, analyze site traffic, and check the frequency of website visits.
Cookies identify the user, allowing the website content to be adjusted to their needs. They also enable the personalization of displayed advertisements and monitor activity on the site.

10. Types of Cookies

Our website uses different types of cookies and other tracking technologies, including Google Analytics and Facebook Pixel, to improve the functionality of the site, analyze traffic, and personalize content and advertisements.

1. Functional Cookies
   These cookies are essential for the proper functioning of the website. They enable basic functions such as logging in, adding products to the cart, and handling orders.
2. Analytical Cookies (e.g., Google Analytics)
   These cookies help monitor website traffic and analyze how users interact with the site. Data collected by Google Analytics includes information such as IP address, browser type, time spent on the site, and visited subpages. This data is processed anonymously and used solely to improve the performance and usability of the website.
3. Marketing Cookies (e.g., Facebook Pixel)
   Marketing cookies track user activity on our website and partner sites to deliver personalized advertisements. They collect information about visited pages, clicks, and the user’s advertising preferences, allowing for the display of ads tailored to their needs.

11. Cookie consent

During the first visit to our website, users are informed about the use of cookies via a banner. They have the option to manage their preferences regarding different types of cookies, including analytical and marketing cookies. The user’s consent for storing cookies expires after 365 days.

12. Cookie management

Users can manage cookies at any time through their web browser settings. Browsers allow blocking, deleting cookies, and managing other tracking technologies. However, it is important to note that disabling certain cookies may affect the functionality of some features on the website.
Detailed information on managing cookies in the most popular browsers:

• Firefox: http://support.mozilla.org/pl/kb/usuwanie-ciasteczek
• Opera: http://help.opera.com/Linux/9.60/pl/cookies.html
• Internet Explorer: http://support.microsoft.com/kb/278835
• Chrome: http://support.google.com/chrome/bin/answer.py?hl=pl&answer=95647

Cookies can also be removed using programs or tools available within the user’s operating system.

13. Storage and Access to Cookies

The Administrator stores cookies on the user’s device and accesses the information contained within for statistical, marketing purposes, to ensure the proper functioning of the Service, and to maintain the user’s session.

The Administrator informs users that it is possible to configure the web browser to disable the storage of cookies on the user’s device. However, please note that changing the browser settings to limit the storage of cookies may affect the functionality of certain features on the Service. Deleting or blocking cookies may impact the user experience and cause some functions of the Service, including some services, to not work properly. Blocking cookies may also limit our ability to share information with advertising partners.

14. Server Logs

When using our website, technical data is automatically collected and recorded in server logs. This data is essential for the proper functioning of the Service, ensuring its security, and complying with legal requirements.

Data Collected
The server logs collect the following information:

• IP Address – a unique identifier for the device, enabling traffic analysis and securing the site against unauthorized actions.
• Visit Time – we record the date and time of the user’s visit to monitor activity and detect anomalies.
• Browser and Operating System – information about the user’s browser and operating system is used to optimize the site for different technologies.
• Visited Pages – the pages visited are logged to analyze user activity and improve the structure of the Service.

Purpose of Collecting Logs
Server logs are used for the following purposes:

• Site Security – logs help monitor activity on the site, detect unauthorized access attempts, and protect the site from DDoS attacks.
• Technical Analysis – we analyze the performance of the site based on logs, diagnose technical issues, and make optimizations.
• Legal Compliance – storing server logs may be required to meet legal requirements related to recording user activity on the internet.

Data Storage
Server logs are stored for a specified period depending on operational needs and legal regulations. Typically, data is retained for 30-90 days, depending on the hosting provider, after which it is automatically deleted unless there is a justified need for further processing (e.g., in the case of an investigation).

Data Disclosure
In the event of legitimate requests from law enforcement agencies or based on legal requirements, data recorded in server logs may be disclosed to relevant authorities. This applies to situations where it is necessary for pursuing legal claims, preventing crimes, or other actions required by law.

15. User Rights

Users of our website have specific rights regarding their personal data, in accordance with applicable data protection laws, such as the GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act). These rights include:

Right of Access
Users have the right to obtain confirmation of whether their personal data is being processed. If so, they have the right to access their data and receive information about the purpose of processing, the categories of data, and the recipients to whom the data has been disclosed. They may also request a copy of their personal data.

Right to Rectification
Users have the right to request correction of their personal data if it is inaccurate, incomplete, or outdated. They also have the right to update their data at any time, such as in the case of a change in their email address or other contact information.

Right to Erasure (Right to be Forgotten)
In certain cases, users have the right to request the deletion of their personal data. This applies when the data is no longer necessary for the purposes for which it was collected, the user withdraws their consent for processing, objects to the processing, or if the data is being processed unlawfully. However, this right does not apply when data processing is necessary due to legal obligations.

Right to Restrict Processing
Users may request the restriction of their personal data processing in specific situations, such as when they challenge the accuracy of the data or object to the processing, pending clarification of the matter. Restriction of processing means that the personal data can be stored but will not be processed without the user’s consent unless necessary for establishing, exercising, or defending legal claims.

Right to Withdraw Consent for Marketing
Users who have consented to the processing of their personal data for marketing purposes (e.g., newsletter subscription) have the right to withdraw their consent at any time. Withdrawal of consent does not affect the legality of processing that occurred prior to the withdrawal. Users can also unsubscribe from receiving marketing communications at any time by clicking the “unsubscribe” link in any marketing email.

Data Breach Notification
In the event of a personal data breach that could impact the privacy of users, we are committed to informing affected individuals within 72 hours of detection, in accordance with applicable laws, including GDPR and state regulations in the USA.

How to Exercise Your Rights
Users can contact us to exercise their rights regarding personal data protection. All requests will be handled in accordance with applicable legal regulations. To exercise these rights, please contact us at the following email address: contact@mindfulabstract.com

16. Minimum Age of Users

Our services are not intended for children under 13 years of age, in accordance with the COPPA (Children’s Online Privacy Protection Act) regulations. We do not knowingly collect personal data from children under the age of 13. If we become aware that we have collected data from a child under this age without verified parental consent, we will take the necessary steps to delete such data. If you are a parent or guardian who believes that your child has provided us with their data, please contact us so that we can delete it.

For users aged 13 to 16, in accordance with the CCPA (California Consumer Privacy Act), we require parental or guardian consent to process personal data. Individuals under the age of 16 can use our services only with parental or guardian consent.

In cases where the user’s age is unclear, we reserve the right to verify the user’s age and request appropriate proof of age or parental consent.

17. Technical and Organizational Measures

Despite our efforts, please note that no method of transmitting data over the Internet or method of electronic data storage is 100% secure. Therefore, we cannot guarantee the absolute security of your personal data, but we take all necessary steps to minimize the risks. To ensure the security of users’ personal data, we implement the following technical and organizational measures:

• SSL/TLS (Data Encryption)
  All data transmitted between the user and our website is encrypted using SSL/TLS certificates, which provide protection during the transmission of personal and transactional data. This encryption helps protect data from being intercepted by third parties.
• Firewall Protection
  Our website is protected by firewalls that block unauthorized access attempts to the server and secure the site from external attacks.
• Regular Backups
  We regularly create backups to protect against accidental data loss.
• Software Updates
  We regularly update the WordPress system, plugins, and themes to minimize the risks associated with security vulnerabilities. Plugins and software are automatically updated as new patches are released.
• Restricted Data Access
  Access to data on our website is limited to authorized personnel only. We use strong passwords and two-factor authentication (2FA) to further secure access.
• Manual Security Audits
  We regularly conduct reviews and security audits of the website to ensure that all measures in place are effective and adapted to current threats.

18. How long do we store data?

We store users’ personal data for as long as necessary to achieve the purposes for which they were collected, in accordance with applicable legal regulations and internal policies. The data retention period varies depending on the type of data:

Transaction data
Data related to orders and transactions, such as information about purchased products and payment details, are stored for 5 years after the end of the tax year, in accordance with legal requirements for accounting and taxes.

Marketing data
Data processed for marketing purposes, such as the email address and consent to receive newsletters, are stored until the user withdraws their consent.

User account data
Data related to the user account is stored as long as the user has an active account on our website. When the account is closed, the data will be deleted, except for data that must be retained in compliance with legal requirements (e.g., transaction data).

Comments data
Blog comments Comments posted on our blog are stored indefinitely to allow the continuation of discussions and to enrich the content available on the website. Users can request the deletion of their comment at any time by contacting us. Comments may also be removed in accordance with our content management policy, e.g., in case of violation of regulations or legal provisions.

Technical data from cookies and analytics
Data related to cookies and tracking technologies, such as user preferences and activity on the site (e.g., via Google Analytics), is stored for up to 365 days or according to the user’s browser settings. Analytical data may be stored for up to 14 months, depending on the preferences set in the analytical tools.

Data processed by external services
Data processed by external service providers is stored in accordance with the privacy policies of these providers.

Server logs
Technical data collected in server logs, such as IP addresses and information about activity on the site, is stored for 30–90 days to ensure security and for technical analysis.

Closure of Business and Deletion of Data

In the event of the closure of our business, all collected personal data will be permanently deleted in accordance with applicable data protection regulations, including GDPR and other relevant regulations. Active users will be informed about the closure of the business.

19. Changes to the Privacy Policy

We reserve the right to make changes to this privacy policy at any time. Any changes will be published on this page, and users will be appropriately informed. The amended version of the privacy policy will take effect upon its publication unless otherwise specified.

Notification of Changes
Users whose personal data is processed will be notified of significant changes to the privacy policy through a notification on our website or via email if the changes may affect their rights or the scope of personal data processing.

Commitment to Regular Review
We encourage users to regularly review this privacy policy to stay informed of any changes that may affect how their data is processed. Continued use of the service after changes to the privacy policy signifies acceptance of those changes.

Date of Last Update
The date of the last update to this policy will be indicated at the bottom of the page (in the footer). Users can easily check when the policy was last updated.

20. User Consent

Using our website constitutes consent to the processing of personal data in accordance with the provisions of this privacy policy. Users who visit and use our website accept the way we collect, store, and process their data according to the principles described.

Consent to Cookies and Tracking Technologies
Users consent to the use of cookies and tracking technologies during their first visit to the website, in compliance with data protection regulations such as GDPR and CCPA. Information about the use of cookies is provided via a banner displayed on the website. Users can manage their cookie preferences by changing browser settings or through the consent management tool available on the site.

Consent to Marketing Data Processing
Users who sign up for the newsletter or agree to receive marketing communications consent to the processing of their personal data for marketing purposes. They can withdraw this consent at any time by clicking the “unsubscribe” link in the emails or by contacting us directly.

Consent to Personal Data Processing for Services and Orders
Users who create an account, place orders, or contact us via forms agree to the processing of their personal data for service purposes such as account management, order processing, and product shipping. In particular, users consent to the processing of transactional data (e.g., payment details, delivery address) necessary for completing the purchase.

Consent to Embedded Content and Social Media Interactions
Our website may include embedded content such as videos, images, or articles from external sites like Instagram, Facebook, or other platforms. Using this embedded content may result in external services collecting information about users, including the use of cookies and tracking technologies. Users interacting with our content shared on social media platforms consent to the processing of personal data in accordance with the privacy policies of those platforms. Our website is not responsible for how these external services handle user data.

Consent to Automated Processing and Profiling
Some tools we use (e.g., Google Analytics, Facebook Pixel) may collect information about user behavior on our website for the purposes of analysis and personalization of content or advertisements. Users consent to the automatic processing of their data and, in some cases, profiling based on their activity on the site. This information is used for analytical purposes and to tailor displayed content and ads to individual user preferences. Users may object to automated processing by contacting us directly.

Withdrawal of Consent
Users have the right to withdraw their consent to the processing of personal data at any time. The withdrawal of consent does not affect the legality of the data processing that took place before the withdrawal. Withdrawing consent for data processing may limit access to certain site features, such as the ability to make purchases or use a user account. Users can withdraw their consent to data processing by contacting us directly.

21. International Law Compliance Mechanisms

Our company, which is based in Poland, serves customers from the United States. We comply with all applicable data protection laws relevant to our U.S. customers, while also ensuring compliance with Polish data protection regulations regarding the processing and transfer of personal data.

Data Protection in the U.S. (including CCPA and other state regulations)
Our company adheres to the data protection regulations in various U.S. states. For customers from California, we apply the provisions of the CCPA (California Consumer Privacy Act), which guarantee the right to information about the categories and sources of personal data, the right to access their data, and the right to have it deleted. Customers may also withdraw consent for the sale of their personal data, which means we will not share their data with third parties for commercial purposes.

For customers from other U.S. states, such as Virginia (Virginia Consumer Data Protection Act, VCDPA) and Colorado (Colorado Privacy Act, CPA), we apply similar data protection principles, guaranteeing the rights to access, correct, delete, and transfer personal data.

Transfer of Data between Poland and the USA
Since our company is based in Poland and our customers are located in the United States, personal data is transferred between these two countries to ensure the smooth provision of services and the purposes mentioned above. We guarantee that data transfers comply with applicable regulations by implementing appropriate safeguards, such as Standard Contractual Clauses (SCC), which ensure that our customers’ personal data is properly protected during its transfer and processing in Poland.

Compliance with GDPR (General Data Protection Regulation, European Union)
Although our customers are exclusively in the USA, our company, being based in Poland, complies with GDPR regulations concerning personal data protection. We guarantee that data processed in Poland is safeguarded in accordance with GDPR requirements, meaning we have implemented appropriate security measures and compliance protocols regarding data protection.

Access to Data from Poland and GDPR Compliance
Although all customer data is stored on servers in the USA, we access this data from Poland for administrative purposes, such as order management, customer service, and accounting. This results in the transfer of data from the USA to Poland, which requires compliance with GDPR.

To protect our customers’ data, we apply appropriate legal mechanisms, such as Standard Contractual Clauses (SCC), to ensure that the transfer of personal data from the USA to Poland is conducted in accordance with data protection requirements outlined in GDPR. We guarantee that personal data processed in Poland is protected to the highest security standards.

GDPR Compliance
As a company based in Poland, we comply with GDPR regulations regarding personal data protection. We ensure full compliance with GDPR requirements in processing personal data, including implementing appropriate security measures and safeguarding our customers’ privacy.

22. Dispute Resolution Concerning Personal Data Protection

Any disputes arising from this privacy policy or related to the processing of personal data will initially be resolved amicably. The parties commit to attempting mediation before taking any legal action.
If no agreement is reached, the parties agree to settle the disputes through international arbitration, in accordance with the rules of the International Chamber of Commerce (ICC) (ICC International Court of Arbitration).
The costs of arbitration, including the arbitrator’s fees and administrative charges, will be shared equally between the parties unless otherwise decided by the arbitrator in the final ruling. Each party will bear its own legal costs.
If arbitration is not agreed upon, disputes will be resolved by the competent court for the company’s registered office in Poland, in accordance with Polish law.

If you have any concerns regarding the processing of your personal data, you have the right to file a complaint with the relevant supervisory authorities in Poland or in the country where you reside. In Poland, the supervisory authority is the President of the Personal Data Protection Office (PUODO).

By using our services and purchasing our products, you agree that you cannot bring, participate in, or be a member of any class action lawsuit against us. Any disputes arising from your use of our website or services must be resolved individually and not as part of a class action.

23. Links to Other Websites

Our website may contain links to websites operated by third-party entities. Please note that once you click on such a link, you will leave our website. Our privacy policy does not apply to external websites, which may have their own privacy and data protection policies.
We recommend reviewing the privacy policies of each external website you visit, as we are not responsible for how these sites collect, store, or process personal data.

24. Contact Regarding Data Protection

If you have any questions about this privacy policy, the processing of personal data, or if you would like to exercise your rights regarding personal data, you can contact us via email:
Email: contact@mindfulabstract.com
We respond to inquiries related to personal data as quickly as possible, typically no later than within 30 days of receiving them.

25. Terms of Service

Before using our service, please read the terms of service, which can be found at: https://mindfulabstract.com/store-and-website-terms-of-service By using our website, you agree to the terms contained therein, which form an integral part of these Terms of Use.