MiniCollectionMimosa

# Privacy Policy for MiniCollectionMimosa

**Last Updated: 07.09.2025

Thank you for visiting TreasuresVintageNook, an online store on Etsy selling vintage and collectible items such as dolls, decorative plates, and miniatures. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to protecting your privacy and handling your data responsibly.

If you have any questions or concerns, please contact us at mimosa.etsy@gmail.com or via Etsy messaging.

## 1. Who We Are
We are TreasuresVintageNook, an Etsy shop operated by Miniatury Iwona Bednarek located in the European Union (EU). As a seller on Etsy, we are the data controller for the personal data we collect through our shop. Etsy acts as a data processor for certain aspects of our operations, such as order processing and payment handling. You can find Etsy's Privacy Policy at https://www.etsy.com/legal/privacy.

## 2. What Data We Collect
We only collect personal data that is necessary for the operation of our shop. We do not collect any data for marketing purposes, such as newsletters or promotional emails. The data we may collect includes:

- **Order Information:** When you make a purchase, we may receive your name, shipping address, email address, phone number (if provided), and payment details. However, payment processing is handled by Etsy and/or their payment partners, so we do not store or access your full payment information.
- **Communication Data:** If you contact us through Etsy messaging or email, we may collect your messages, email address, and any other information you provide to us.
- **Other Data:** We may collect basic information about your interactions with our shop, such as your Etsy username or order history, but only as provided by Etsy.

We do not use cookies or any tracking tools directly on our shop, as Etsy handles the platform. If you use any external integrations (e.g., social media links or analytics tools), we do not currently have any set up. If this changes, we will update this policy.

## 3. How We Use Your Data
We use your personal data only for legitimate purposes related to our business as an Etsy seller. Specifically:
- To process and fulfill your orders, including shipping and handling.
- To communicate with you about your order, such as updates on delivery or responses to inquiries.
- To handle returns and refunds, as we allow returns but not exchanges, and the cost of return shipping is borne by the buyer.
- To comply with legal obligations, such as tax requirements or disputes.

We do not use your data for marketing, advertising, or any other purposes beyond what is necessary for order fulfillment. Your data is not shared with third parties for commercial purposes.

## 4. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal bases:
- **Performance of a Contract:** When you place an order, we process your data to fulfill our contractual obligations (e.g., shipping your purchase).
- **Legal Obligation:** We may process data to comply with laws, such as record-keeping for tax purposes.
- **Legitimate Interests:** We use your data for purposes like communicating about your order or handling returns, where this is necessary for our business operations and does not override your rights.

We do not rely on consent as a basis for processing, as we only collect data essential for order processing. If you have any objections, you can exercise your rights as described below.

## 5. Sharing Your Data
We do not sell or rent your personal data to third parties. However, we may share your data in the following limited circumstances:
- **With Etsy:** As our platform provider, Etsy may access your data to facilitate order processing, payments, and shop operations. Etsy's use of your data is governed by their Privacy Policy.
- **With Service Providers:** If necessary, we may share data with trusted third parties, such as shipping companies (e.g., for delivery) or legal advisors. These providers are bound by contract to protect your data and only use it for the purposes we specify.
- **Legal Requirements:** We may disclose your data if required by law, court order, or to protect our rights, your safety, or the safety of others.

All data sharing is done with appropriate safeguards, such as data processing agreements that comply with GDPR.

## 6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. For example:
- Order data is typically kept for 6 years] to comply with tax and accounting laws in the EU.
- Communication data is deleted once the issue is resolved, unless it is needed for ongoing order support.

After the retention period, we securely delete or anonymize your data. If you request deletion earlier, we will comply where possible.

## 7. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights regarding your personal data. You can exercise these rights by contacting us at mimosa.etsy@gmail.com
- **Right to Access:** You can request a copy of the personal data we hold about you.
- **Right to Rectification:** You can ask us to correct any inaccurate or incomplete data.
- **Right to Erasure (Right to be Forgotten):** You can request deletion of your data, subject to legal obligations (e.g., we may need to keep data for tax purposes).
- **Right to Restrict Processing:** You can ask us to limit how we use your data in certain circumstances.
- **Right to Data Portability:** You can request your data in a structured, commonly used format to transfer it to another provider.
- **Right to Object:** You can object to processing based on legitimate interests.
- **Right to Withdraw Consent:** Although we do not rely on consent, if applicable, you can withdraw it at any time.

To make a request, please provide sufficient information to verify your identity. We will respond within one month, as required by GDPR. If you are not satisfied with our response, you can complain to your local data protection authority (e.g., in Poland, the UODO – Urząd Ochrony Danych Osobowych).

## 8. Data Security
We take appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or misuse. For example:
- We use secure connections when communicating with you.
- Data is stored on secure servers provided by Etsy or other EU-based providers.
- Access to data is limited to authorized personnel only.

However, no method of transmission over the internet is 100% secure, so we cannot guarantee absolute security. If a data breach occurs that is likely to result in a high risk to your rights, we will notify you and the relevant authorities as required by GDPR.

## 9. International Data Transfers
As we are based in the EU, your data is processed within the European Economic Area (EEA). If data needs to be transferred outside the EEA (e.g., if Etsy or a service provider is involved), we ensure that appropriate safeguards are in place, such as standard contractual clauses or other GDPR-compliant mechanisms.

## 10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our Etsy shop page. The "Last Updated" date at the top will indicate when changes were made.

## 11. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
- Email: mimosa.etsy@gmail.com]
- Or via Etsy messaging through our shop: MiniCollectionMimosa.

By using our shop, you acknowledge that you have read and understood this Privacy Policy.