Good morning!

If you’ve come here, it’s a sure sign that you value your privacy. I understand this perfectly, that’s why I hand over to you a document in which you will find in one place the rules for the processing of personal data and the use of cookies and other tracking technologies in connection with the functioning of the website http://www.handmadestateofmind.com

Formal information at the beginning – the administrator of the site is Weronika Masztakowska, conducting non-registered activities, ul. Mazowiecka 23, 09-506 Brwilno Dolne

Your privacy and the data you entrust to me when shopping in the store, subscribing to my newsletter, or writing a comment below the blog post are very important to me. I never make them available to unauthorized persons or send anything that you did not agree to.

This privacy policy has been structured in the form of questions and answers. The choice of this form was dictated by the care for transparency and readability of the information presented to you. Below you will find the table of contents of this policy corresponding to the questions I answer in turn:

  1. Who is the administrator of your personal data?
  2. Who can you contact regarding the processing of your personal data?
  3. What information do I have about you?
  4. Where do I get your personal data from?
  5. Is your data secure?
  6. For what purposes do I process your personal data?
  1. How long will I store your personal data?
  2. Who are the recipients of your personal data?
  3. Do I transfer your data to third countries or international organizations?
  4. Do I use profiling? Do I make decisions automatically based on your personal data?
  5. What rights do you have regarding the processing of your personal data?
  6. Do I use cookies and what are they actually?
  7. On what basis do I use cookies?
  8. Can you disable cookies?
  9. For what purposes do I use my own cookies?
  1. Do I follow your behavior on my site?
  2. Do I target you with targeted ads?
  3. How can you manage your privacy?
  4. What are server logs?
  5. Is there anything else you should know about?

If you have any doubts related to the privacy policy, you can contact us at any time by sending a message to the address hello@handmadestateofmind.com

  1. Who is the administrator of your personal data?

The administrator of your personal data is Weronika Masztakowska, conducting non-registered activities, ul. Mazowiecka 23, 09-506 Brwilno Dolne

  1. Who can you contact regarding the processing of your personal data?

In matters related to the protection of personal data and broadly understood privacy, you can contact me at the email address hello@handmadestateofmind.com

  1. What information do I have about you?

Depending on the purpose, I may process the following information about you:

The scope of processed data has been precisely described in relation to each processing purpose. Information in this regard is provided later in this policy.

  1. Where do I get your personal data from?

In most cases you hand them over to me. This happens when:

In addition, some information about you can be automatically collected by the tools I use:

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

  1. Is your data secure?

I care about the security of your personal data. I analyzed the risk associated with the various processes of processing your data and implemented appropriate security measures and protection of personal data. I monitor the state of our technical infrastructure on an ongoing basis, train myself, look at the procedures used and introduce necessary improvements. If you have any questions about your personal data, I am at your disposal at the address hello@handmadestateofmind.com

  1. For what purposes do I process your personal data?

There are more than one of these goals. Below is a list of them followed by a more detailed discussion. I have assigned specific legal grounds for processing to individual purposes.

User account – details

When creating a user account, you must provide the data necessary to set up an account: email address and password. Providing data is voluntary, but necessary to set up an account.

As part of editing the account data, you can provide your further data, in particular data that can be used when placing orders, such as name and surname, address of residence or place of business, tax identification number, telephone number.

In addition, I use the integration of Google Analytics with the user account mechanism. In this way, the data collected by the Google Analytics tracking code about your use of my site is assigned to your user account. This is about information such as:

I analyze such information about you in order to optimize my websites in terms of user experience, efficiency and conversion, which is my legitimate interest referred to in art. 6 clause 1 lit. f GDPR.

You can modify the information about you provided to me in connection with the registration of a user account at any time.

The data provided by you in connection with the creation of the account is processed in order to provide you with an electronic service consisting in providing you the opportunity to use a user account. This service is provided on the basis of a contract concluded on the terms described in the regulations, which means that in this respect the legal basis for the processing of your personal data is Art. 6 clause 1 lit. b GDPR.

The data will be stored for the duration of the user’s account. You can decide to delete your account at any time, but this will not delete information about your orders placed using the account from my database. Data on orders are stored in my archive throughout the entire functioning of the site due to the possibility of identifying the returning customer, recreating his purchase history, discounts granted, etc., which is my legitimate interest referred to in art. 6 clause 1 lit. f GDPR.

Orders – details

When placing an order, you must provide the data necessary to complete the order. Depending on the order details, the data catalog may be different. For example, if you order physical products, I need to know the address to which I will deliver your order. If you are asking for a VAT invoice for a company, I must know the tax identification number and business address. Providing data is voluntary, but necessary to place an order.

Each order is saved in my database, which means that your personal data assigned to the order is also accompanied by information about the order, such as ordered products, chosen method of payment, chosen method of delivery, date of payment.

The data collected in connection with the order is processed in order to perform the contract concluded by submitting the order (Article 6 (1) (b) of the GDPR), issuing an invoice (Article 6 (1) (c) of the GDPR in relation to provisions regulating issues issuing invoices), including an invoice in the accounting documentation and implementing other tax and accounting obligations (Article 6 (1) (c) of the GDPR in connection with the provisions regulating issues of tax and accounting obligations) and for archival purposes for the purposes of possible defense, establishing or pursuing claims, as well as identifying the returning customer, which is our legitimate interest (Article 6 (1) (f) of the GDPR).

Data on orders will be processed for the time necessary to complete the order, and then until the expiry of the limitation period for claims under the contract. In addition, after the expiry of this period, the data may still be processed by me for archival purposes for the eventual need to defend, determine or pursue claims, as well as identify the returning customer. Also remember that I am required to keep accounting records, which may contain your personal data, for the period required by law.

Complaints and withdrawal from the contract – details

If you make a complaint or withdraw from the contract, you provide personal data contained in the content of the complaint or statement of withdrawal from the contract, which includes your name, address, telephone number, email address, bank account number. Providing data is voluntary, but necessary to make a complaint or withdraw from the contract.

The data provided to me in connection with the submission of a complaint or withdrawal from the contract are used to carry out the complaint procedure or the procedure for withdrawal from the contract, and then for archival purposes, which is my legitimate interest (Article 6 paragraph 1 point f of the GDPR).

The data will be processed for the time necessary to carry out the complaint or withdrawal procedure. Complaint documents will be kept until the expiry of the warranty period. Statements of withdrawal from the contract will be kept together with the accounting documentation for the period required by law.

Newsletter – details

By subscribing to the newsletter, you provide me with your name and email address. Providing data is voluntary, but necessary to subscribe to the newsletter.

The newsletter includes tips on knitting, information on events such as challenges organized by me on Instagram or live, as well as marketing and commercial information, e.g. discount codes for a new knitting pattern.

In addition, my system used to support the newsletter, stores your IP number that you used when subscribing to the newsletter, determines your approximate location, the e-mail client you use to handle e-mail and tracks your actions taken in relation to You news. Therefore, I also have information about which messages you opened, under which messages you clicked links, etc.

The data you provided to me in connection with your subscription to the newsletter are used to send you the newsletter, and the legal basis for their processing is your consent (art.6 par.1 lit.a RODO) expressed when subscribing to the newsletter. As for the processing of information that does not come from you, but was collected automatically by our mailing system, I rely in this regard on my legitimate interest (art.6 par.1 lit.f RODO) consisting in analyzing the behavior of newsletter subscribers in to optimize mailing activities.

You can unsubscribe from the newsletter at any time by clicking on the dedicated link in each message sent as part of the newsletter or simply by contacting me. Despite unsubscribing to the newsletter, your data will still be stored in my database for the purpose of identifying the returning subscriber and possible defense of claims related to sending you the newsletter, in particular for the purpose of demonstrating the fact that you consented to receive the newsletter and the moment of its withdrawal, which is my legal legitimate interest referred to in art. 6 clause 1 lit. f GDPR.

You can modify your data provided for the purpose of receiving the newsletter at any time by clicking the appropriate link visible in every message sent as part of the newsletter or simply by contacting me.

Mailerlite is the entity that supports the sending of the newsletter, has access to your data only on the basis of entrusting data. This means that they can ONLY use them for the purposes indicated by Handmadestate of Mind. Mailerlite stores your email address on its secure servers, but is not allowed to send you an email with its own offer.

Your email address provided when you subscribed to the newsletter can be used by me in marketing activities on Facebook, and specifically when targeting ads to relevant groups of recipients. It works in such a way that I can download the entire e-mail list and then use it to create in the Ad Manager on Facebook a so-called custom audience. This allows you to target ads only to people subscribed to the newsletter or to create a group of recipients similar to people subscribed to the newsletter. It works automatically and statistically, i.e. Facebook does not provide me with any information about you, but only directs the appropriate advertisement to you.

As part of the newsletter, it is also possible to subscribe to a list of people interested in a product whose sales have not yet begun. The data provided during registration on such a list is used only to inform you about the appearance of the product you are interested in and additional marketing information related to it, e.g. discount codes. You can unsubscribe from receiving product information at any time by clicking on the dedicated link provided in each message or simply by contacting me. Despite unsubscribing from the list, your data will still be stored in my database in order to defend any claims related to sending you mailings, in particular for the purpose of demonstrating the fact that you consented to receive the message and the moment of its withdrawal, which is my legitimate interest, referred to in art. 6 clause 1 lit. f GDPR.

Correspondence service – details

By contacting me, you naturally provide me with your personal data contained in the content of the correspondence, in particular the email address and name. Providing data is voluntary, but necessary to make contact.

In this case, your data is processed in order to contact you, and the basis for processing is art. 6 clause 1 lit. f GDPR, i.e. my legitimate interest. The legal basis for processing after the contact is also my justified purpose in the form of archiving correspondence for the purposes of ensuring the possibility of demonstrating certain facts in the future (Article 6 paragraph 1 letter f of the GDPR).

The content of the correspondence may be archived and I cannot clearly determine when it will be deleted. You have the right to request the history of your correspondence with you (if it has been archived), as well as to request its removal, unless its archiving is justified due to our overriding interests, e.g. defense against potential claims on your part .

Social Media details

By observing the social profile of Handmade State of Mind, interacting, adding comments etc. you make me see your personal data collected as part of your social profile. You decide what is available as part of your profile using the privacy settings on a given social network. I do not copy data from social profiles to our databases. I process them within social networking sites in accordance with the functions that are available as part of these social networking sites.

Tax and accounting obligations – details

If I issue an invoice for you, it is included in the accounting records that will be kept for the period of time required by law. In this situation, your personal data is processed in order to fulfill our tax and accounting obligations (Article 6 (1) (c) of the GDPR in connection with the provisions regulating issues of tax and accounting obligations).

Archive – details

As part of the description of the individual purposes for processing personal data above, I set deadlines for storing personal data. These terms are often associated with the archiving of certain data by me for the purpose of ensuring the possibility of demonstrating specific facts in the future, reproducing the course of cooperation with the client, exchanging correspondence, defending, establishing or pursuing claims. In this respect, I base my legitimate interest referred to in art. 6 clause 1 lit. f GDPR.

Own marketing – details

As part of my site I use the mechanism of recovering abandoned carts. In a situation where you start the ordering process, but you do not complete it, my system will record this fact in order to take actions to encourage you to finalize the order. These activities may include, in particular, sending you an e-mail encouraging you to finalize your order or displaying targeted advertising while browsing the Internet.

My site can also collect information about your activity and on this basis display you targeted advertising while browsing the Internet. However, if you are not a registered user, the information used for this purpose is not personal data. Only when they are combined with your personal data collected in the user’s account do they become personal data.

I carry out the activities described above based on my legitimate interest referred to in art. 6 clause 1 lit. f GDPR based on the marketing of own products.

Analysis, statistics, optimization – details

I collect statistical information on user behavior when browsing my websites, such as clicking on links, transition between subpages, time spent on individual pages, etc. I analyze this information to optimize my pages in terms of user experience, efficiency and conversion.

I carry out the activities described above based on my legitimate interest referred to in art. 6 clause 1 lit. f GDPR based on the optimization of my websites.

  1. How long will I store your personal data?

Data storage periods have been indicated separately for each processing purpose. You will find this information as part of the details dedicated to each separate processing purpose.

  1. Who are the recipients of your personal data?

I would venture to say that Handmade State of Mind cannot function without services provided by third parties. I also use such services. Some of these services involve the processing of your personal data. Examples of external service providers who participate in the processing of your personal data are:

In addition, if necessary, your personal data may be disclosed to entities, bodies or institutions authorized to gain access to data on the basis of legal provisions, such as police, security services, courts, prosecutors.

What’s more, I use tools that collect a lot of information about you related to the use of our site. This is in particular the following information:

In my opinion, this information is not personal. Because this information is collected by external tools that I use, this information is also processed by tool providers under the terms of their regulations and privacy policies. Basically, this information is used to provide and improve services, manage them, develop new services, measure the effectiveness of ads, protect against fraud and abuse, as well as personalize the content and ads displayed on individual services, sites and applications. I have tried to describe the details in this part of this policy as part of the explanations on individual tools

  1. Do I transfer your data to third countries or international organizations?

Yes, part of the processing of your personal data may involve their transfer to third countries.

I transfer your personal data to third countries in connection with the use of tools that store personal data on servers located in third countries, in particular in the USA. The suppliers of these tools guarantee an adequate level of personal data protection through appropriate compliance mechanisms provided for by the GDPR, in particular by joining the Privacy Shield program or using standard contractual clauses.

Personal data is stored on servers located in third countries as part of the following tools may include:


The above companies ensure an adequate level of protection of personal data through the use of compliance mechanisms provided by the GDPR.


I would also like to remind you that I use external tools that may collect anonymous information about you. I have mentioned this several times as part of this policy, including in answering the previous question. Suppliers of these tools often use servers located around the world to store the collected information, in particular in the United States of America (USA).

  1. Do I use profiling? Do I make automated decisions based on your personal data?

We do not make decisions based on automated processing, including profiling, that would have legal effects on you or similarly significantly affect you.

Yes, I use tools that can take specific actions depending on the information collected as part of the tracking mechanisms, but I believe that these actions do not have a significant impact on you, because they do not differentiate your situation as a customer, they do not affect the terms of the contract that you can conclude with us etc.

Using certain tools, I can, for example, direct to you personalized ads based on previous actions taken by you on our website or suggest products that may interest you. We are talking here about behavioral advertising. I encourage you to deepen your knowledge of behavioral advertising, in particular regarding privacy issues. Detailed information, along with the ability to manage settings for behavioral advertising, can be found here: http://www.youronlinechoices.com.

I emphasize that as part of the tools I use, I do not have access to information that would allow your identification. The information referred to here is, in particular:


I do not combine the information indicated above with your personal data, which are in our databases. This information is anonymous and does not allow me to identify you. This information is stored on the servers of the suppliers of individual tools, and these servers can usually be located all over the world.

An exception to the anonymous nature of the information referred to above is when you have a user account. Then this information can be combined with your data collected in the user’s account. However, I still do not make decisions based on this processing solely on automated processing, including profiling, that would have legal effects on you or similarly significantly affect you. I believe that actions related to targeting ads to you depending on your activity on this website and taking optimization actions do not significantly affect you. That is why in this respect I rely on my legitimate interest referred to in art. 6 clause 1 lit. f GDPR.

  1. What rights do you have regarding the processing of your personal data?

The GDPR grants you the following potential rights related to the processing of your personal data:


The rules related to the implementation of the abovementioned rights are described in detail in art. 16 – 21 GDPR. I encourage you to read these regulations. For my part, I think it is necessary to explain to you that the above-mentioned rights are not absolute and you will not be entitled to all the processing of your personal data.

I would like to emphasize that you always have one of the rights indicated above – if you believe that I have violated the provisions on the protection of personal data when processing your personal data, you have the opportunity to lodge a complaint with the supervisory body (the President of the Office for Personal Data Protection).

You can also always ask us to provide you with information about what data about you I have and for what purposes I process it. All you have to do is send a message to hello@handmdestateofmind.com. However, I have made every effort to ensure that the information you are interested in is comprehensively presented in this privacy policy. The e-mail address provided above can also be used for any questions related to the processing of your personal data.

  1. Do I use cookies and what are they actually?

My website, like almost all other websites, uses cookies.

Cookies are small text information stored on your end device (e.g. computer, tablet, smartphone) that can be read by our ICT system (own cookies) or ICT systems of third parties (third party cookies). Specific information may be saved and stored in cookies, which then can be accessed by ICT systems for specific purposes.

Some of the cookies I use are deleted after the end of the browser session, i.e. after closing it (so-called session cookies). Other cookies are stored on your end device and allow me to recognize your browser the next time you visit the site (persistent cookies).

If you want to learn more about cookies as such, you can read, for example, this material: https://pl.wikipedia.org/wiki/HTTP_cookie.

  1. On what basis do I use cookies?

I use cookies on the basis of your consent, except when cookies are necessary for the proper provision of services by electronic means.

In terms of your consent to cookies, I accept the variant according to which you consent by setting your web browser or additional software supporting the management of cookies. I assume that you agree to all cookies used by me, which are not blocked by your browser or additional software that you use.

Remember that disabling or limiting the use of cookies may prevent you from using some of the functions available on my site and cause difficulties in using my site, as well as from many other websites that use cookies. For example, if you block cookies from social networking plugins, buttons, widgets and social features implemented on my site may not be available to you.

  1. Can you disable cookies?

Yes, you can manage cookie settings in your web browser. You can block all or selected cookies. You can also block cookies of specific websites. You can also delete previously saved cookies and other website and plug-in data.

Web browsers also offer the option of using incognito mode. You can use it if you do not want information about pages visited and downloaded files to be saved in your browsing and download history. Cookies created in incognito mode are deleted when all windows of this mode are closed.

Browser plugins are also available to control cookies, such as Ghostery (https://www.ghostery.com). The option of control over cookie files can also be provided by additional software, in particular anti-virus packages, etc.

In addition, tools are available on the Internet to control some types of cookies, in particular to collectively manage behavioral advertising settings (e.g. http://www.youronlinechoices.com/, http://www.networkadvertising.org/choices)

Remember that disabling or limiting the use of cookies may prevent you from using some of the functions available on my site and cause difficulties in using my site, as well as from many other websites that use cookies. For example, if you block cookies from social networking plugins, buttons, widgets and social features implemented on my site may not be available to you.

  1. For what purposes do I use cookies?

Own cookies are used to ensure the proper functioning of individual website mechanisms, such as maintaining sessions after logging into the account, remembering recently viewed products and products added to the basket.

Own cookies also store information about the cookie settings you define, made from the cookie management mechanism.

Own cookies are also used to support the mechanism of recovering abandoned baskets.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit my login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

  1. Do I follow your behavior on my site?

Yes, I use Google Analytics and Facebook Custom Audiences tools, which are associated with collecting information about your activities on my website. These tools have been described in detail as part of the question about third party cookies, so I will not repeat this information here.

  1. Do I target you with targeted ads?

Yes, I use Facebook Ads, in which I can target ads to specific target groups defined on the basis of various criteria such as age, gender, interests, profession, work, activities previously undertaken on my site. These tools have been described in detail as part of the question about third party cookies, so I will not repeat this information here.

  1. How can you manage your privacy?

The answer to this question is found in many places of this privacy policy when describing individual tools, behavioral advertising, consent to cookies, etc. However, for your convenience, I gathered this information again in one place. Below you will find a list of options for managing your privacy.

  1. What are server logs?

Using the website involves sending queries to the server on which the website is stored. Each query directed to the server is saved in server logs.

Logs include, among others Your IP address, server date and time, information about the web browser and operating system you use. Logs are saved and stored on the server.

The data saved in the server logs are not associated with specific people using the site and are not used by us to identify you.

Server logs are only auxiliary material used to administer the site, and their content is not disclosed to anyone except persons authorized to administer the server.

  1. Is there anything else you should know about?

As you can see, the subject of personal data processing, the use of cookies and management of privacy in general is quite complicated. I have made every effort to ensure that this document provides you with the widest possible knowledge in matters important to you. If anything is unclear to you, you want to learn more or just talk about your privacy, write to me at hello@handmadestateofmind.com