1. Data Controller
Digelion
Gumpendorfer Str. 30
1060 Vienna, Austria
Email: hello@youngpolish.world
2. Overview
We process your personal data in accordance with the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and other applicable data protection laws. This policy describes what data we collect, for what purposes, how long we retain it, and your rights.
3. Data We Collect
3.1 Data you provide
- Name, email address and message when you submit the order form
- Cookie preferences when you use the cookie banner
3.2 Automatically collected data
- IP address, browser type, device type and approximate location
- Pages visited and time spent on the site (if analytics cookies are accepted)
4. Purposes of Processing
- To process and respond to your order requests
- To communicate with you about your orders
- To improve our website and services
- To comply with legal obligations
- To manage cookie preferences
5. Legal Basis
We process your data based on:
- Contract performance: Processing orders you submit
- Consent: Cookie preferences, marketing communications
- Legitimate interests: Website security, analytics (where consented)
- Legal obligation: Tax, accounting and regulatory requirements
6. Retention Periods
- Order data: 7 years (legal requirement for business records)
- Contact form submissions: 2 years or until you request deletion
- Cookie preferences: 12 months
- Analytics data: 26 months (if consented)
7. Your Rights
Under GDPR you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured format
- Object: Object to processing based on legitimate interests
- Withdraw consent: Withdraw consent at any time
- Complain: Lodge a complaint with the Austrian Data Protection Authority (DSB)
To exercise these rights, contact us at hello@youngpolish.world.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including encryption (HTTPS), access controls and secure storage. We do not sell your personal data to third parties.
9. International Transfers
Your data is processed within the European Economic Area. If we transfer data outside the EEA, we ensure adequate safeguards (e.g. Standard Contractual Clauses) are in place.