Privacy policy

 

Last updated: September 10, 2025

Tomizo Design operates this store and website, including all related information, content, features, tools, products, and services, to provide the User with a customized shopping environment (“Services”). The Tomizo Design store is powered by Shopify technology, which allows us to offer the Services to the User. This Privacy Policy describes how we collect, use, and disclose the User’s personal data when visiting and using the Services, making purchases through them, or otherwise communicating with us. In the event of a conflict between our Terms of Service and this Privacy Policy, this Privacy Policy applies to the collection, processing, and disclosure of the User’s personal information.

Please read this Privacy Policy carefully. By using and accessing the Services, the User acknowledges that they are aware of this Privacy Policy and understand the rules for collecting, using, and disclosing their data described in this Privacy Policy.

Personal information we collect and process

When we use the term “personal information,” we refer to information that identifies the User or can reasonably be linked to them. Personal information does not include information collected anonymously or information that has been anonymized in a way that prevents the User from being identified or linked to. We may collect or process the following categories of personal information, including inferences drawn from them, depending on how the User uses the Services and where they reside, as well as to the extent permitted or required by applicable law:

  • Contact information includes first and last name, address, billing address, shipping address, phone number, and email address.

  • Financial information includes credit card, debit card, and financial account numbers, payment card data, financial account data, transaction details, payment methods, payment confirmations, and other payment data.

  • Account information includes username, password, security questions, preferences, and settings.

  • Transaction information includes items the User views, adds to the cart, adds to the wishlist, purchases, returns, exchanges, or cancels, as well as past transactions.

  • Communication with us includes information provided when communicating with us, e.g., when submitting a request to customer service.

  • Device information includes information about the User’s device, browser, or network connection, IP address, and other unique identifiers.

  • Usage information includes information regarding the User’s interaction with the Services, including how and when they use or navigate the Services.

Sources of personal information

We may collect personal information from the following sources:

  • Directly from the customer, including when creating an account, visiting or using our Services, communicating with us, or otherwise providing us with personal information.

  • Automatically through the Services, including from the User’s device when using our products or services or visiting our websites, as well as through the use of cookies and similar technologies.

  • From service providers, including when we work with them to operate certain technologies and when they collect or process the User’s personal information on our behalf.

  • From our partners or other third-party companies.

How we use customer personal information

Depending on how the User interacts with us and the Services they use, we may use their personal information for the following purposes:

  • Providing, customizing, and improving the Services. We use the User’s personal information to provide the Services, including fulfilling contracts entered into with the User, processing payments, fulfilling orders, remembering preferences and products of interest, sending account-related notifications, processing purchases, returns, exchanges, or other transactions, creating and maintaining the User’s account, and managing it, organizing shipping, enabling returns and exchanges, allowing product reviews, and creating personalized shopping experiences (e.g., product recommendations based on previous purchases). This may include personalizing and improving the Services.

  • Marketing and advertising. We may use the User’s personal information for marketing and promotional purposes, such as sending marketing, advertising, and promotional communications via email, text messages, or postal mail, as well as displaying online ads promoting products or services in our Services or on other websites, including based on items purchased or added to the cart or other activities in the Services.

  • Security and fraud prevention. We use the User’s personal information to authenticate their account, ensure secure payments and purchases, detect and investigate potentially fraudulent, illegal, harmful, or malicious activities and take appropriate steps to combat them, as well as to protect public safety and ensure the security of our services. If the User chooses to use the Services and register an account, they will be responsible for safeguarding their account credentials. We strongly discourage sharing usernames, passwords, or other authentication details with anyone.

  • Communication with the User. We use the User’s personal information to provide customer support, respond to inquiries, provide effective services, and maintain business relationships.

  • Legal reasons. We use the User’s personal information to ensure compliance with applicable law or respond to legitimate legal processes, including requests from law enforcement or government agencies, as well as to conduct investigations or participate in evidentiary proceedings in civil matters, potential or actual legal disputes, or other contentious proceedings, and to enforce or investigate potential violations of our terms or policies.

How we disclose personal information

In certain circumstances, we may disclose the User’s personal information to third parties for legitimate purposes, in accordance with this Privacy Policy. These circumstances may include:

  • To Shopify, we may disclose data to providers and other third-party companies that provide services on our behalf (e.g., IT management, payment processing, data analysis, customer service, cloud storage, fulfillment, and shipping).

  • To business and marketing partners for marketing purposes and to display ads to the User. For example, we use Shopify to provide personalized ads through third-party services based on the User’s online activity across different merchants and websites. Our business and marketing partners will use the User’s data in accordance with their own privacy policies. Depending on their residence, the User may have the right to opt out of sharing their information for personalized ads and marketing across merchants and websites. The User may exercise this right here.

  • When the User instructs us to disclose certain information to third parties, requests it, or consents to it, for example, for product shipping or when using social media widgets or login integrations.

  • With our affiliates or within our corporate group.

  • In connection with a business transaction such as a merger or bankruptcy, to comply with legal obligations (including responding to subpoenas, search warrants, and similar requests), enforce applicable terms of service or policies, and protect and defend the Services, our rights, the User’s rights, or the rights of others.

Relationship with Shopify

The Services are hosted by Shopify, which collects and processes personal information regarding the User’s access to and use of the Services to provide and improve them. Information provided within the Services will be transferred and shared with Shopify, as well as third-party companies that may be located in countries other than the User’s country of residence, to provide services on their behalf. Furthermore, to secure, develop, and improve our business, we use certain advanced Shopify features that contain data and information obtained from the User’s interactions with our Store, other merchants, and the Shopify platform. To provide these advanced features, Shopify may use personal information collected from the User’s interactions with our Store, other merchants, and the Shopify platform. In such circumstances, Shopify is responsible for processing the User’s personal information, including responding to their requests regarding the exercise of their rights related to the use of their personal information for these purposes. To learn more about how Shopify uses personal information and about any rights the User may have, please visit Shopify’s Consumer Privacy Policy. Depending on their residence, the User may exercise applicable rights regarding their personal data here: Shopify Privacy Portal link.

Third-party websites and links

The Services may contain links to websites and other online platforms operated by third parties. When navigating to websites not affiliated with or controlled by us, Users should review their privacy and security policies and other terms and conditions. We do not guarantee the privacy or security of such websites, nor are we responsible for them. This includes the accuracy, completeness, and reliability of the information found on such websites. Information provided by the User in public or semi-public areas, including information shared on third-party social media platforms, may also be visible to other Service users and/or users of such third-party platforms without restrictions on its use by us or the third party. Posting such links by us does not in itself constitute endorsement of the content on those platforms or their owners/operators, except as explained in the Services.

Children’s data

The Services are not intended for use by children. We do not knowingly collect any personal information about children below the age of majority in the User’s jurisdiction. If the User is a parent or guardian of a child who has provided us with their personal information, they may contact us using the details below to request its deletion. As of the effective date of this Privacy Policy, we have no actual knowledge of “sharing” or “selling” (as defined under applicable law) personal information of individuals under the age of 16.

User data security and retention

Please note that no security measures are perfect or impenetrable, and we cannot guarantee “absolute security.” Furthermore, any information transmitted to us may not be secure during transmission. We advise against using insecure channels to provide us with sensitive or confidential information.

The length of time we retain the User’s personal information depends on various factors, such as whether we need the information to operate the User’s account, provide the Services, comply with legal requirements, resolve disputes, or enforce other applicable contracts and policies.

User rights and choices

Depending on their residence, the User may have some or all of the following rights regarding their personal information. However, these rights are not absolute, may apply only in certain circumstances, and, in some cases, we may deny the User’s request as permitted by law.

  • Right to access/information. The User may have the right to access the personal information we hold about them.

  • Right to deletion. The User may have the right to request the deletion of personal information we hold about them.

  • Right to correction. The User may have the right to request the correction of inaccurate personal information we hold about them.

  • Right to data portability. The User may have the right to obtain a copy of the personal information we hold about them and request that it be transferred to a third party in certain circumstances and with certain exceptions.

  • Right to opt out of sale or sharing for targeted advertising. Depending on their residence, the User may have the right to opt out of the “sale” or “sharing” of their personal information for purposes considered “targeted advertising” under applicable law. The User may exercise this right here. If the User visits our website with the Global Privacy Control opt-out signal enabled, depending on their location, we will automatically treat this as an opt-out request for the device and browser used to access the site. If we can link the device sending the signal to a Shopify account, we will also apply the opt-out request to that account. More information about Global Privacy Control is available at https://globalprivacycontrol.org/. We do not recognize “Do Not Track” signals other than Global Privacy Control that may be sent from the User’s browser or device.

  • Managing communication preferences. We may send promotional emails to the User, and they may unsubscribe at any time using the unsubscribe option in our emails. If the User opts out, we may still send them non-promotional emails, such as those regarding their account or orders.

If the User is a resident of the United Kingdom or the European Economic Area and subject to local legal exceptions and restrictions, in addition to the rights described above, they may exercise the following rights:

  • Objection to processing and restriction of processing. The User has the right to ask us to stop or restrict the processing of their personal information for certain purposes.

  • Withdrawal of consent. In cases where we require the User’s consent to process their personal information, the User has the right to withdraw this consent. Withdrawing consent will not affect the lawfulness of processing carried out based on consent before its withdrawal.

The User may exercise any of these rights where indicated in the Services or by using the contact details below. To learn more about how Shopify uses the User’s personal information and the rights they may have, including those related to Shopify’s data processing, please visit https://privacy.shopify.com/.

We will not discriminate against the User for exercising any of these rights. We may need to verify the User’s identity before fulfilling their request, as required by law. In accordance with applicable regulations, the User may authorize an agent to submit requests on their behalf. Before accepting such a request, we will require proof that the agent has been authorized by the User to act on their behalf and may also ask the User to confirm their identity directly. We will respond to the User’s request within the timeframe required by applicable law.

Complaints

If the User has complaints about how we process personal information, they should contact us using the contact details below. Depending on their residence, the User may have the right to appeal our decision by contacting us using the contact details below or by filing a complaint with the local data protection authority. A list of relevant supervisory authorities in the EEA can be found here.

International data transfers

We may transfer, store, and process the User’s personal information outside their country of residence.

If we transfer the User’s personal information outside the European Economic Area or the United Kingdom, we rely on recognized data transfer mechanisms, such as the European Commission’s standard contractual clauses or equivalent agreements issued by the appropriate supervisory authority in the UK, unless the data is transferred to a country recognized as providing adequate protection.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will post the updated Privacy Policy on this website, update the “Last Updated” date, and notify the User of changes as required by law.

Contact

If you have any questions about our privacy practices or this Privacy Policy, or to exercise any of your rights, please contact us by phone, by email at tomizodesign@gmail.com, or by mail at Tadeusza Kościuszki 171A/6, Katowice, 40-524, PL. In accordance with applicable data protection laws, we are the controller of your personal information.