Privacy policy

This Privacy policy explains who processes your personal data in connection with your use of the opatulo.pl website, for what purpose and on what legal basis, how long we keep it and what rights you have. We have prepared this document carefully and in line with the GDPR – nevertheless, we recommend having it reviewed by a lawyer before publication. Last updated: 16/06/2026.

1. Data controller

The controller of your personal data is Lunaris Anna Mikus, a sole proprietorship operating the Opatulo brand and the opatulo.pl website.

• Address: ul. Marsa 30/4, 80-299 Gdańsk, Poland
• NIP: 743 180 62 95
• E-mail: kontakt@opatulo.pl
• Phone: +48 604 478 282

For all matters concerning the processing of personal data and the exercise of your rights, you can contact us using the details above. We have not appointed a data protection officer – contact is made directly with the controller.

2. What data we process and for what purpose

The scope of the data we process depends on how you use the site. The individual situations are described below.

2.1. Contact form

When you write to us through the contact form, we process: your first name (and surname, if you provide it), your e-mail address and the content of your message (as well as any other data you voluntarily include in it).

• Purpose: answering your enquiry, handling correspondence and taking action at your request.
• Legal basis: Article 6(1)(b) GDPR (steps taken at the request of the data subject prior to entering into a contract) and Article 6(1)(f) GDPR (our legitimate interest in handling enquiries and maintaining contact).

2.2. Newsletter, training and launch-notification sign-ups

When you sign up for the newsletter, for training (a webinar or workshop) or for a launch notification, we usually process your first name and e-mail address.

• Purpose: sending the content you requested (newsletter, educational materials on pet care and first aid), informing you about training and events, and notifying you about the launch of the shop and new products.
• Legal basis: Article 6(1)(a) GDPR (your voluntary consent). You can withdraw your consent at any time by clicking the unsubscribe link in the message or by writing to kontakt@opatulo.pl – this does not affect the lawfulness of processing carried out before the consent was withdrawn.

2.3. Training and farewell support (service delivery)

If you sign up for paid training or use our services, we may process the data necessary to deliver them and to issue an accounting document (e.g. your full name, e-mail address and invoice details).

• Purpose: concluding and performing a service contract and fulfilling tax and accounting obligations.
• Legal basis: Article 6(1)(b) GDPR (performance of a contract) and Article 6(1)(c) GDPR (legal obligation – tax and accounting regulations).

2.4. Technical data and server logs

When you visit the site, our hosting provider automatically records technical data: your IP address, browser type and version, operating system, the date and time of the request and the address of the page you came from.

• Purpose: ensuring the security and proper operation of the site, error diagnostics and protection against abuse.
• Legal basis: Article 6(1)(f) GDPR (legitimate interest in maintaining the security and stability of the site).

2.5. Cookies and analytics

We use cookies and analytics tools. Essential cookies are always active, while analytics cookies are enabled only after you give your consent in the cookie banner. You will find the details in section 6.

• Purpose: providing the basic functions of the site (essential cookies) and analysing traffic and how the site is used in order to improve it (analytics cookies).
• Legal basis: Article 6(1)(f) GDPR for essential cookies and Article 6(1)(a) GDPR (consent) for analytics cookies.

2.6. Online shop (in preparation)

The opatulo.pl shop (post-surgery recovery suits and accessories, farewell cards and products, and digital products) is not selling yet. Once it launches, we will expand this Policy with the rules for processing data related to orders, payments and delivery; the legal basis for processing will include, among others, Article 6(1)(b) GDPR (performance of a sales contract) and Article 6(1)(c) GDPR (tax obligations).

3. Legal bases for processing

We process your data only when we have a legal basis for doing so under the GDPR. Depending on the situation, this is:

• Article 6(1)(a) GDPR – consent (e.g. newsletter and notification sign-ups, analytics cookies);
• Article 6(1)(b) GDPR – performance of a contract or taking steps at the data subject's request prior to entering into it (e.g. handling an enquiry, delivering training);
• Article 6(1)(c) GDPR – legal obligation incumbent on the controller (e.g. tax and accounting regulations);
• Article 6(1)(f) GDPR – legitimate interest of the controller (e.g. site security, handling correspondence, pursuing or defending against claims).

4. Data retention period

We keep your data no longer than necessary for the purpose for which it was collected:

• Data from the contact form – for as long as needed to handle the enquiry, and then for the limitation period of any potential claims.
• Data from newsletter and notification sign-ups – until consent is withdrawn (you unsubscribe).
• Data related to service delivery and accounting documents – for the period required by tax and accounting law (as a rule, 5 years counting from the end of the year in which the tax payment deadline fell).
• Server logs and technical data – for the period necessary to ensure security and diagnostics, in line with the hosting provider's settings.
• Data from analytics cookies – in line with the validity periods of the individual cookies and the settings of the analytics tools, and no longer than until consent is withdrawn.

5. Data recipients and processors

We do not sell your data. We entrust it only to trusted service providers who process it on our behalf under data-processing agreements (Article 28 GDPR) and solely in accordance with our instructions:

• Netlify, Inc. – website hosting and form handling (Netlify Forms);
• Google Ireland Limited / Google LLC – traffic analytics (Google Analytics), only after consent is given;
• Microsoft Ireland Operations Limited / Microsoft Corporation – on-site behaviour analysis (Microsoft Clarity), only after consent is given.

Data may also be shared with entities authorised under the law (e.g. state authorities) and – where necessary – with parties that support us with accounting or legal services.

5.1. Transfers of data outside the European Economic Area (EEA)

Some of our providers (including Netlify, Google and Microsoft) may process data on servers located outside the EEA, including in the United States. In such cases, the transfer of data takes place on the basis of the appropriate safeguards required by the GDPR – primarily the standard contractual clauses approved by the European Commission and, where applicable, on the basis of an adequacy decision (e.g. the EU–US Data Privacy Framework). On request, we will provide information about the safeguards in place.

6. Cookies and analytics

Cookies are small text files saved on your device while you use the site. We use two types of cookies:

• Essential cookies – necessary for the site to function properly (including remembering your choice in the cookie banner). They are always active and do not require consent.
• Analytics cookies – from the Google Analytics and Microsoft Clarity tools; they help us understand how you use the site and improve it. We enable them only after you give your consent in the cookie banner.

You can withdraw your consent for analytics cookies or change your choice at any time using the settings in the cookie banner, and you can also manage cookies in your browser settings (including deleting and blocking them). Restricting cookies may affect some functions of the site.

7. Your rights

In connection with the processing of your personal data, you have the following rights:

• the right of access to your data and to obtain a copy of it,
• the right to rectification of inaccurate data or completion of incomplete data,
• the right to erasure of your data (the "right to be forgotten"),
• the right to restrict processing,
• the right to object to processing based on a legitimate interest,
• the right to data portability,
• the right to withdraw consent at any time – without affecting the lawfulness of processing carried out before it was withdrawn,
• the right to lodge a complaint with a supervisory authority.

To exercise the rights above, write to us at kontakt@opatulo.pl. If you believe we are processing your data unlawfully, you can lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw, Poland.

8. Voluntary provision of data

Providing your data is voluntary, although in some cases it is necessary to achieve a specific purpose. Not providing data in the contact form will make it impossible for us to answer your enquiry, and not providing an e-mail address when signing up will prevent us from sending the newsletter, training materials or launch notifications. For paid services, providing invoice details follows from the applicable regulations.

9. No profiling or automated decision-making

We do not make decisions about you based solely on automated processing, including profiling, that would produce legal effects or similarly significantly affect you (within the meaning of Article 22 GDPR). We use analytics tools only for aggregate site-traffic statistics, not for automated decision-making concerning individual people.

10. Changes to the Privacy policy

We may update this Policy, in particular as the site develops (e.g. when the shop launches), when the tools we use change or when the law changes. The current version is always available on this page, and we may additionally inform you of any significant changes. We encourage you to review the document from time to time.

Last updated: 16/06/2026.