Privacy policy

Last updated: 2025/12/01

This Privacy Policy explains how we collect, use and protect your personal data when you visit our website, place an order or otherwise interact with iChessOne.

When we say “we”, “us” or “our”, we mean:

“iChess” JANUSZ LISOWSKI
NIP: 8392849868
REGON: 520613384
al. Zwycięstwa 96/98/B.1 lok. 126
81-451 Gdynia, Poland
Email: info@ichess.one

We operate the online store available via https://www.ichess.one (the “Site”) and sell products such as the iChessOne folding electronic chessboard and related accessories (the “Products”).

By using the Site or purchasing Products, you acknowledge that you have read this Privacy Policy.

1. Controller

For the purposes of EU data protection law (GDPR), the data controller of your personal data is:

“iChess” JANUSZ LISOWSKI
al. Zwycięstwa 96/98/B.1 lok. 126
81-451 Gdynia, Poland
Email: info@ichess.one

In plain terms: if you have questions about your data, or want to exercise your rights, you contact us, not Shopify, Meta, Google, etc. (although they have their own privacy documents and rights flows as well).

The exact scope of data depends on how you use the Site, but typically includes:

1. Basic identification and contact details
   Name, billing address, shipping address, email address, phone number, company details if you purchase as a business.
2. Order and transaction data
   Information about the Products you buy, quantities, prices, order history, payment status, returns, refunds, and any communication related to an order.
3. Payment data
   We use external payment providers (such as Stripe, PayPal, Przelewy24, Klarna and payment services built into Shopify). They process your card or account data directly. We receive information that a payment was made, its status, the method and transaction identifier, but we do not see full card numbers.
4. Account data (if you create an account)
   Login email, password (stored in hashed form), and your saved addresses and preferences. At the moment, accounts are standard store accounts (email + password). We do not offer login via third-party services like Facebook or Google.
5. Communication data
   Content of emails and messages you send us (for example, product questions, complaints, warranty requests, support enquiries), as well as information related to newsletter subscriptions (Shopify Email).
6. Device and usage data
   IP address, browser type, language, device information, approximate location (based on IP), pages visited, time spent on the Site, click paths. This information is collected mainly via cookies and similar technologies and is used with tools such as Google Analytics, Meta Pixel and Shopify’s own analytics.
7. Marketing and advertising data
   Information about your interactions with our emails (opens, clicks), with our Site and with our ads on other platforms. This includes remarketing/retargeting and creating or using audiences on platforms like Meta (Facebook/Instagram), Google Ads and Shopify’s audience tools.

We do not intentionally collect data of children and we do not target our products or services at children.

3. How we use your personal data and legal bases (GDPR)

3.1. To process and deliver your orders

We use your data to:

• register and process your order,
• take payment,
• arrange shipping and delivery,
• handle returns, refunds and complaints,
• communicate with you about your order (confirmation, updates, problems, etc.).

Legal basis:

• performance of a contract with you (Article 6(1)(b) GDPR),
• compliance with legal obligations, e.g. tax and accounting (Article 6(1)(c) GDPR).

3.2. To manage your customer account

If you create an account, we process your data to:

• set up and maintain the account,
• allow you to log in and view your order history,
• let you manage addresses and settings.

Legal basis: performance of a contract (Article 6(1)(b) GDPR).

3.3. To provide customer support

When you contact us (email, contact form, etc.), we use your data to:

• answer your questions,
• resolve technical or product issues,
• handle complaints, warranty claims or other requests.

Legal basis: our legitimate interest in communicating with customers and maintaining the business relationship (Article 6(1)(f) GDPR).

3.4. To send you marketing communications (newsletter etc.)

If you subscribe to our newsletter (via Shopify Email) or otherwise agree to receive marketing from us, we use your data to:

• send you information about new Products, updates, offers and promotions,
• occasionally ask for feedback or reviews.

Legal basis: your consent (Article 6(1)(a) GDPR).
You can withdraw your consent at any time by using the unsubscribe link in our emails or by contacting us.

3.5. To run analytics and improve the Site

We use tools like Google Analytics, Shopify analytics and similar technologies to:

• understand how visitors use the Site,
• monitor performance and detect errors,
• improve UX, content and features,
• understand which Products are viewed and how users move through the Site.

Legal basis: our legitimate interest in analysing and improving our services (Article 6(1)(f) GDPR). Where required in your jurisdiction, analytics cookies will only run after you consent via the cookie banner.

3.6. To run advertising and remarketing

We use Meta Pixel (Facebook/Instagram), Google Ads/remarketing and Shopify’s advertising tools to:

• display relevant ads for our Products on other websites and platforms,
• remind you about Products you viewed or added to your cart,
• build custom and lookalike audiences,
• measure the performance of our advertising campaigns.

Legal basis:

• our legitimate interest in promoting our Products (Article 6(1)(f) GDPR), and/or
• your consent to marketing cookies where required by local law.

You can control these technologies through the cookie banner, your browser settings, and ad preferences on platforms such as Meta and Google. You may object to direct marketing at any time.

3.7. To comply with legal obligations and defend our rights

We may process your data to:

• comply with tax, accounting and consumer law requirements,
• respond to lawful requests from authorities,
• establish, exercise or defend legal claims (e.g. in case of disputes).

Legal basis:

• legal obligations (Article 6(1)(c) GDPR),
• our legitimate interest in protecting our rights (Article 6(1)(f) GDPR).

4. Cookies and similar technologies

The Site uses cookies and similar technologies provided by Shopify and third parties (such as Google and Meta). They are used for:

• basic functionality of the store (cart, checkout, login),
• security, fraud prevention,
• analytics and statistics,
• personalization and targeted advertising.

You can usually manage cookies via your browser settings (block, delete) and via our cookie consent banner (where implemented), which lets you choose categories of cookies. Keep in mind that blocking strictly necessary cookies may break the store (for example, the cart or checkout may not work properly).

We do not sell your personal data in the usual sense of the word. We do, however, share data with trusted service providers where it is necessary to provide our services. Typical categories of recipients include:

1. Shopify
   Our store is hosted on Shopify. Shopify provides the e-commerce platform, infrastructure, analytics and some advertising features. Shopify processes your data as our service provider and also as an independent controller for some purposes (for example, improving its own services or running its own audiences tools). Shopify’s privacy information is available on their official website.
2. Payment providers
   Providers such as Stripe, PayPal, Przelewy24, Klarna or card processors receive your payment details directly and process payments. They act as independent controllers or processors, depending on their own terms and laws.
3. Shipping and logistics partners
   Courier and postal services that deliver your orders receive your name, address, phone number and, where necessary, email address.
4. Analytics and advertising partners
   Google (Google Analytics, Google Ads), Meta (Meta Pixel / Facebook/Instagram Ads) and similar partners process usage and marketing data, including via cookies and pixels. They use this data to provide us with statistics and to show you relevant ads.
5. IT and hosting providers
   Providers of hosting, security, backup, email delivery and other technical services may have access to your data to the extent necessary to provide their services.
6. Professional advisors and authorities
   Lawyers, accountants, auditors, tax offices, regulators and courts may receive data if required by law or needed to protect our rights.

We only share data to the extent necessary, under appropriate data protection agreements where required by law.

Some of our service providers (including Shopify, Google, Meta, Stripe, PayPal, etc.) are located or store data outside the European Economic Area (EEA), for example in Canada or the United States.

Where personal data is transferred outside the EEA or the UK, we ensure appropriate safeguards, such as:

• adequacy decisions of the European Commission, or
• standard contractual clauses approved by the European Commission or competent authorities.

You can contact us if you want more details about specific safeguards used for particular transfers.

7. Data retention

We do not keep your data forever. In general, we store personal data only for as long as it is needed for the purposes described above, and then for a limited period where required by law or necessary to protect our rights.

In particular:

1. Order and billing data
   Stored for the duration of the contract and then for the period required by tax and accounting laws and limitation periods for claims (typically several years).
2. Customer account data
   Stored as long as you have an active account. If you request account deletion, we delete or anonymize it, except where we must keep certain data by law (e.g. invoices).
3. Newsletter and direct marketing data
   Stored until you withdraw your consent, unsubscribe or object to marketing.
4. Support communication
   Stored for the time needed to handle your request and for a reasonable period afterwards in case of follow-up or disputes.
5. Analytics and cookies data
   Stored according to the retention settings of tools such as Google Analytics (for example, around 26 months) or shorter where possible.

When data is no longer needed, we delete or irreversibly anonymize it.

8. Global Operations

We ship our Products worldwide and work with service providers located in various countries. Because of this, your personal data may be processed in or transferred to countries other than the one you reside in, including countries outside the European Economic Area. These transfers are necessary for us to operate the Site, process and deliver your orders, and provide customer support. Regardless of where your data is processed, we apply appropriate safeguards to ensure that your personal data remains protected in accordance with this Privacy Policy.

9. Security

We use appropriate technical and organisational measures to protect your personal data, including:

• encrypted connections (HTTPS / SSL) on the Site,
• access control and passwords for systems where data is stored,
• using reputable hosting and infrastructure providers,
• limiting access to personal data to persons who need it to perform their job.

No online service is 100% secure, but we treat security seriously and react to any incidents that may arise.

10. Your rights under GDPR

If you are in the European Economic Area or the UK, you have the following rights with respect to your personal data:

1. Right of access – to know whether we process your data and, if so, to obtain a copy and additional information.
2. Right to rectification – to have inaccurate data corrected and incomplete data completed.
3. Right to erasure (“right to be forgotten”) – to have your data deleted in certain situations, for example when it is no longer needed or you withdraw consent and there is no other legal basis.
4. Right to restriction of processing – to limit processing in certain cases, for example while we are verifying accuracy or handling an objection.
5. Right to data portability – to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller, where the processing is based on consent or contract and carried out by automated means.
6. Right to object – to object at any time to processing based on our legitimate interests, including profiling, and in particular to object to processing for direct marketing. If you object to direct marketing, we stop that processing.
7. Right to withdraw consent – where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise your rights, contact us at info@ichess.one. We may need to verify your identity before acting on your request. We aim to respond without undue delay and in any case within the time limits set by law.

11. Complaints to a supervisory authority

If you believe that we are processing your personal data in violation of data protection law, you have the right to lodge a complaint with your local data protection authority.

In Poland, the supervisory authority is:
Prezes Urzędu Ochrony Danych Osobowych (PUODO).

You can, of course, always contact us first and we will try to resolve the issue directly.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example if we start using new tools, change our processes or if the law changes. The updated version will always be published on the Site with an updated “Last updated” date.

If the changes are significant, we may notify you more directly (for example via email or a notice on the Site).

13. Contact

If you have any questions about this Privacy Policy or how we process your personal data, or if you want to exercise your rights, contact us at:

“iChess” JANUSZ LISOWSKI
NIP: 8392849868
REGON: 520613384
al. Zwycięstwa 96/98/B.1 lok. 126
81-451 Gdynia, Poland
Email: info@ichess.one