Privacy Policy

This Privacy Policy explains how your personal data is collected, used, and protected when you interact with the website https://monikagrabkowska.com, the shop Frame & Leaf and blog Lens Between Food and Nature operated by Monika Grabkowska. By using this site, you agree to the terms of this Privacy Policy.

As a User, please read its provisions carefully. The table of contents below will help you do so. In this policy, I inform you about how I care for User data, how I process it, to whom I entrust it, and many other important matters related to personal data.

Policy key definitions:

“I”, “our”, “us”, or “we” refer to the business, Monika Grabkowska Photography, monikagrabkowska.com, Monika Grabkowska, administrator.
“you”, “the user” refer to the person(s) using this website.
Website and/or Online Store – the website, blog, and online store available at www.monikagrabkowska.com and relevant subpages, providing access to the offered services and products.
User Account or Account – a user account created on the Online Store platform, providing access to purchased digital content and other services, in accordance with the Store Regulations accepted by the User during Account registration.
Form or Forms – places on the Website where the User can enter personal data to achieve specific purposes, such as subscribing to the newsletter, placing an order, or contacting the Administrator.
Newsletter – a free service provided electronically by the Administrator, allowing the sending of emails with information about events, services, products, and other elements relevant from the Administrator’s perspective. It may also include direct marketing, including sending marketing and commercial content with the User’s consent. Detailed information on sending the Newsletter can be found later in this Privacy Policy.
GDPR means General Data Protection Act.
PECR means Privacy & Electronic Communications Regulation.
ICO means Information Commissioner’s Office.
Cookies mean small files stored on a users computer or device.

If you have any concerns regarding the provisions of this Privacy Policy and Cookie Policy, please contact the Administrator via email: hello@monikagrabkowska.com.

The Administrator reserves the right to make changes to the privacy policy, and every User of the website is obliged to be familiar with the current version. Reasons for changes may include: the development of internet technology, changes in the applicable law, or the development of the Website through the use of new tools by the Administrator. The date of publication of the current Privacy Policy is at the bottom of the page.

PERSONAL DATA AND RULES FOR ITS PROCESSING

Who is the administrator of the User’s personal data?

The administrator of the User’s personal data is Monika Grabkowska, the owner of the website and the online store Frame & Leaf.

Is providing data voluntary?

Providing data is voluntary. However, failure to provide certain information marked on the Administrator’s pages as required will result in the inability to perform a given service, complete a purchase, or fulfill an order.

Providing non-mandatory data or excess data that the Administrator does not need to process is done at the User’s own discretion. In that case, processing is based on the premise set out in the GDPR. The User grants consent for the processing of such data.

For what purposes we process user data provided through use of the website?

The User’s personal data may be processed for the following purposes:

Contract performance, e.g., sending an offer,
Issuing invoices, receipts, and fulfilling other obligations under tax law,
Processing complaints or claims related to a contract,
Establishing, pursuing, or defending against claims,
Contacting the User in matters related to service execution,
Creating records related to GDPR and other regulations,
Direct marketing, including sending newsletters,
Customizing content displayed on the website to the User’s individual needs,
Storing data for archival and evidential purposes,
Analyzing data automatically collected when using the website,
Managing social media platforms such as Instagram, Facebook, Pinterest, LinkedIn,
Running ads on social media,
Storing comments on the site.

How is the data collected?

Only data voluntarily provided by the User is collected (excluding data automatically collected through cookies and login data). Automatically collected data includes the User’s IP address, browser type, operating system type, etc., as well as demographic data.

Data may be collected via forms on the site used for placing orders, subscribing to newsletters, or contacting the Administrator.

Your individual rights

Under the GDPR your rights are as follows. You can read more about your rights in details here;

the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO [www.ico.org.uk] if you believe there is an issue with the manner in which we are processing your personal data.

We handle subject access requests in accordance with the GDPR.

If you have any concerns contact the Administrator via email at: hello@monikagrabkowska.com.

The Administrator will respond to the request within 30 days unless the deadline is extended under GDPR regulations.

May the user withdraw their consent at any time?

A User who has given consent for a specific action has the right to withdraw it at any time. Withdrawing consent will result in the email address being removed from the Administrator’s mailing list and (e.g., newsletter subscription). Withdrawal of consent does not affect data processed before the withdrawal.

In some cases, data may not be completely deleted and will be stored to protect against potential claims or to fulfill legal obligations applicable to the Administrator.

The Administrator will take appropriate actions in accordance with legal obligations to justify the continued processing of the data.

Do we transfer users’ personal data to third countries?

User data may be transferred outside the European Union – to third countries. The Administrator uses services from providers such as Google, Facebook (Meta Platforms Ireland Limited), Printful, and MailerLite. Data may be stored on U.S. servers, using appropriate compliance mechanisms under the GDPR.

Privacy policies for these providers can be found at:

How long do we store user data?

User data will be retained for as long as necessary to provide the services, to comply with legal obligations (such as tax regulations), or until any potential claims expire. The retention period may also vary depending on the purpose of data collection and the user’s preferences, for example, when unsubscribing from the newsletter.

Links to other sites

The Website may contain links to other websites. The Administrator is not responsible for the content of those websites or for their privacy policies. Users should familiarize themselves with the privacy policies or terms of those sites.

Social media activity – Facebook

The Administrator manages the Facebook page “Monika Grabkowska Photography.” Personal data of users who follow the page or interact with its content will be processed for the purposes of managing the page and for marketing purposes.

The User may stop following the page at any time. The Administrator will no longer display any content to the User once they unfollow the page.

More information on how Facebook processes data can be found in Facebook’s privacy policy.

Social media activity – Instagram

The data controller of the User’s personal data on the profile “monika_grabkowska” available at https://www.instagram.com/monika_grabkowska/ on Instagram (hereinafter referred to as the Profile) is Monika Grabkowska.

User personal data provided on the Profile will be processed to administer and manage the Profile, communicate with Users, engage them, deliver marketing content to them, and build the Profile’s community.

The legal basis for this data processing is the User’s consent, as well as the Administrator’s legitimate interest in engaging with followers of the Profile. The User voluntarily decides whether to like, follow, or interact with the Profile’s content.

The rules governing the Profile are set by the Administrator; however, users must also comply with the general terms of Instagram, including its community guidelines and terms of service.

At any time, the User can stop following the Profile, which will result in the Administrator no longer displaying any Profile-related content to them.

The Administrator has access to personal data such as the User’s name, surname, or other public information shared on their Instagram profile. Other personal data is processed by Instagram according to its own privacy policy and terms.

The User’s personal data will be processed as long as the Profile remains active, based on the User’s consent (by liking or following the Profile) and for the Administrator’s legitimate interests, such as product and service marketing or defending against claims.

Personal data may be shared with other recipients such as advertising agencies cooperating with the Administrator, IT service providers, virtual assistants, or legal support in cases of contact outside Instagram.

Social media activity – Pinterest

The data controller of the User’s personal data on the profile “Monika_Grabkowska” at https://id.pinterest.com/monika_grabkowska/ on Pinterest (hereinafter referred to as the Profile) is Monika Grabkowska.

User personal data provided on the Profile will be processed to administer and manage the Profile, communicate with the User, engage them, deliver marketing content, and build the community around the Profile.

The legal basis for this data processing is the User’s consent, as well as the Administrator’s legitimate interest in engaging with followers. The User voluntarily decides whether to like, follow, or interact with the Profile’s content.

The rules governing the Profile are set by the Administrator; however, users must also comply with the general terms of the Pinterest social network, including its terms of service.

The User can stop following the Profile at any time, in which case the Administrator will stop displaying Profile-related content.

The Administrator has access to the User’s personal data such as name, surname, or other public information shared on their Pinterest profile. Other personal data is processed by Pinterest in accordance with its own privacy policy and terms of service.

The User’s personal data will be processed for as long as the Profile is active, based on the User’s consent (by liking or following the Profile) and for the Administrator’s legitimate interests, such as marketing of products and services or defending against claims.

Personal data may be shared with other recipients, such as advertising agencies cooperating with the Administrator, IT service providers, virtual assistants, or legal support, in case of contact outside Pinterest.

More information on data processing by Pinterest can be found in Pinterest’s privacy policy.

Social media activity – LinkedIn

The data controller of the User’s personal data on the profile “monika-grabkowska” at https://www.linkedin.com/in/monika-grabkowska/ on LinkedIn (hereinafter referred to as the Profile) is Monika Grabkowska.

The rules governing the Profile are set by the Administrator; however, users must also comply with the general terms of the LinkedIn social network, including its terms of service.

The User can stop following the Profile at any time, in which case the Administrator will stop displaying Profile-related content.

The Administrator has access to the User’s personal data such as name, surname, or other public information shared on their LinkedIn profile. Other personal data is processed by LinkedIn in accordance with its own privacy policy and terms of service.

More information on data processing by LinkedIn can be found in LinkedIn’s privacy policy.

Data security

User personal data is stored and protected in accordance with applicable laws, using appropriate technical and organizational measures to secure such data against unauthorized access.

Access to the data is granted only to authorized persons who are obligated to protect it or to entities processing the data under a data processing agreement.

Users are also encouraged to protect their own data, e.g., by not disclosing login information, using antivirus software, and regularly updating applications.

Who may have access to personal data?

The Administrator informs that external entities processing personal data may be used, including companies providing technical, marketing, accounting, or other administrative services. These entities ensure proper data protection in accordance with the law, including GDPR.

The Administrator may transfer data to the following entities, including but not limited to:

MailerLite – for sending newsletters,
Zenbox hosting provider – for data storage on the server,
Stripe – for handling online transactions,
PayPal – for handling online transactions,
Google – for using Google services (e.g., Google Analytics),
Meta Facebook – for using advertising services (Meta Pixel),
Printful – for print-on-demand services (order fulfillment and shipping),
Other subcontractors – e.g., for technical, IT, or legal support.

Data may also be disclosed to public authorities, e.g., the tax office, for the fulfillment of legal and tax obligations.

Do we profile user data?

User personal data is not used for automated decision-making that would affect the User’s rights or obligations.

In marketing activities, User data may be profiled to better tailor advertising content. This profiling does not negatively impact the User’s rights or obligations and is carried out in compliance with privacy protection principles.

If the User does not wish their data to be used for profiling, they may object. All marketing decisions will be made with respect for the User’s rights.

2. FORMS

Within the Website, the Administrator provides various types of forms that allow Users to use specific features and services. Below are the rules for processing data in each of these forms.

1. Newsletter Subscription Form

To subscribe to the newsletter, the User must provide their first name and email address. After completing the form, confirmation is required to add the email address to the subscriber list. This data is used to send the newsletter, which includes information about new content, offers, promotions, and both the Administrator’s own and recommended products.

Subscribing to the newsletter constitutes acceptance of this Privacy Policy and consent to receive marketing information electronically, in accordance with the Act on Providing Services by Electronic Means. The User also consents to the use of their telecommunications devices for direct marketing purposes, in accordance with telecommunications law.

These consents are voluntary but necessary to receive the newsletter. They may be withdrawn at any time, which will result in the removal of the email address from the subscriber list. Data may be stored for up to 5 years after unsubscribing, to document consent and its withdrawal.

If the User remains inactive for at least one year (e.g., does not open messages), their data may be removed from the newsletter database. The mailing system records subscriber activity, including email opens and link clicks.

The Administrator may also conduct remarketing activities (e.g., via Facebook Ads, Instagram Ads) using email addresses of subscribers who have accounts on Facebook. Details on this type of data processing can be found in Facebook’s privacy policy.

2. Comment Form

Users can leave comments on the Website Blog by voluntarily providing their name, email address, and optionally, website URL. The email address is used for administrative purposes only and is not shared with third parties.

The Administrator reserves the right to moderate comments and remove content that violates the law, is offensive, vulgar, spam, or contains advertising links without prior permission.

3. Order Form in the Online Store

When placing an order in the online store, it is necessary to provide data required for the transaction, such as name, surname, email address, phone number, delivery address, and, for businesses, company name. This data is used to process the order, handle payments, issue invoices, and for archival and marketing purposes.

The data is stored for the time needed to fulfill the order and for accounting and tax purposes, in accordance with applicable laws.

4. Complaint and Withdrawal Form

The User has the right to file a complaint or withdraw from the contract by filling out the appropriate form available in the sales terms. Required data includes details necessary to identify the order, such as name, surname, email address, order number, and optionally, a bank account number for refunds.

This data is processed solely for handling the complaint or return, and then stored for a period required by law and for protection against potential claims.

5. User Account Registration Form in the Store

The User may create an account in the Store by providing data such as name, surname, email address, password, and optionally, home address and company name if applicable. This data is stored to manage the account and facilitate future purchases.

The account can be deleted upon the User’s request or in the event of a breach of the Store’s regulations.

6. Sharing Data with External Entities

The Administrator may share User data with external entities, such as payment providers, courier companies, or mailing systems, only based on proper agreements and in accordance with data protection regulations. Data is not sold or shared with unauthorized parties.

When using services of third-party providers such as Google, Facebook, Instagram, Pinterest, LinkedIn, the User should refer to their privacy policies available on their websites.

The Administrator takes all necessary measures to protect User data in accordance with applicable laws. Detailed information on data processing can be found in other parts of this Privacy Policy.

3. DISCLAIMER AND COPYRIGHT

The content published on the Website is general in nature and does not constitute professional advice (e.g., educational) nor does it refer to a specific situation. If the User needs individual consultation, they should contact an appropriate specialist or the Administrator using the contact details provided. The Administrator is not responsible for how the content posted on the Website is used or for actions (or inaction) taken based on it.

All materials available on the Website, including texts, photographs, and other content, are protected by copyright and belong to the Administrator or third parties. Copying, distributing, or using them in whole or in part without the prior, express consent of the Administrator is prohibited. Unauthorized sharing of content may constitute a legal infringement and result in civil or criminal liability. In the event of a violation, the Administrator has the right to seek compensation for any material or non-material losses, in accordance with applicable laws.

The Administrator is not responsible for any improper or illegal use of materials made available on the Website. The posted content is current as of the date of its publication, unless otherwise indicated.

Downloads & Media Files

Any downloadable documents, files or media made available on this website are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti virus software or similar applications.

We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti virus software or similar applications.

4. TECHNOLOGY

To use the Website, the User should have:

A device with Internet access,
An active email address for receiving messages,
A web browser that correctly displays web pages,
Software capable of opening commonly used file formats (e.g., PDF, MP3, MP4, video).

5. COOKIES POLICY

Like most websites, the Administrator’s Website uses tracking technologies, namely cookies, to improve the site based on the needs of visiting users. The Website does not automatically collect any information, except for the information contained in cookies.

Cookies are IT data, small text files stored on the end device (e.g., computer, tablet, smartphone) when you visit the Website. They may be first-party cookies (from the Administrator’s website) or third-party cookies (from other websites).

Cookies allow the content of the Administrator’s website to be tailored to the individual needs of the User and other visitors. They also allow the creation of statistics showing how users use and navigate the website, enabling the Administrator to improve the website, its content, structure, and layout.

The Administrator uses the following third-party cookies on the Website:

Facebook conversion pixel and Meta ads (Facebook Custom Audiences) – to manage ads on Facebook, Instagram, and conduct remarketing activities. This is a legitimate interest of the Administrator. The Administrator may also direct advertising content to the User through contact ads on Facebook or Instagram.

The Facebook Pixel tool is provided by Meta Platforms Ireland Limited and its affiliates. It is an analytics tool that helps measure ad effectiveness, shows what actions Users take on the Website, and helps target specific groups (Facebook Ads, Facebook Insights, Instagram Ads). The Administrator may also run remarketing using contact ads through Meta’s ad manager, under GDPR regulations.

Each time, contact data is deleted after the advertising campaign ends. For new campaigns, an updated contact list is uploaded. More info:
https://www.facebook.com/legal/terms/customaudience#
https://www.facebook.com/legal/terms/dataprocessing

Information collected using the Facebook Pixel is anonymous and does not identify the User. Meta may combine this data with information Users share on their Facebook/Instagram accounts and use it in accordance with its own policies.

Users are encouraged to manage their privacy settings directly on Facebook. More info: https://www.facebook.com/privacy/explanation
You can disable remarketing cookies here: https://www.facebook.com/help/1075880512458213/

By using the Website, the User consents to these cookies being installed on their device.

Google Analytics embedded code – for analyzing Website statistics. Google Analytics uses its own cookies to analyze Users’ behavior. These store information like referral sources. This helps improve the Website.

This tool is used under a contract with Google Ireland Limited and provided by Google LLC. Processing is based on the Administrator’s legitimate interest in creating and using statistics to improve services and optimize the Website.

The Administrator does not process any data in Google Analytics that would allow User identification.

More info and how to disable tracking: https://support.google.com/analytics#topic=3544906

Social media plugins – Facebook, Instagram, Pinterest, LinkedIn.

Clicking a social media icon redirects the User to an external provider (e.g., Facebook), where they can “Like” or share content.

From the moment the User clicks such a plugin, the social media platform becomes the controller of the User’s data. Cookies from these platforms may be stored on the User’s device and linked with information on those platforms. By using the Website, the User accepts this.

Recovering abandoned carts – cookies may be used to display advertising related to an uncompleted purchase. This is a legitimate interest of the Administrator.

External content (e.g., YouTube, Vimeo, SoundCloud, Unsplash)

If embedded content is played, the respective platform (e.g., Vimeo) may store information about the User’s playback behavior. Users are advised to log out of these platforms or adjust browser settings if they do not want this.

More info:
Vimeo privacy: https://vimeo.com/privacy
Vimeo cookies: https://vimeo.com/cookie_policy
Vimeo terms: https://vimeo.com/terms

Affiliate links and partner programs

Affiliate links may appear on the Website. Clicking them does not cost the User anything. If a User makes a purchase through such a link, the Administrator may receive a commission.

Google AdSense ads may also appear, selected by Google’s algorithms. Users can modify ad personalization here: https://adssettings.google.com/authenticated

Two types of cookies are used on the Website:

Session cookies – deleted after the browser is closed or the User logs out.
Persistent cookies – stored on the User’s device for a set time or until deleted.

Web browsers usually allow cookies by default. Users can change settings at any time to block or manage cookies.

Limiting cookies may impact website functionality.

More info: https://ico.org.uk/for-the-public/online/cookies/or in your browser’s “Help” section.

6. COOKIES CONSENT

During the User’s first visit to the Website, they must consent to cookies or take another action indicated in the cookie notice to continue using the site. Continued use of the site implies acceptance of cookies. If you do not want to consent, leave the Website or change your browser settings to block or remove cookies. Details are available in your browser’s Help section.

7. SERVER LOGS

Using the Website involves sending requests to the server on which it is hosted. Each request is recorded in server logs. Logs include, among others: User’s IP address, date and time of connection, browser information, and operating system.

These logs are stored on the server and used solely for administrative purposes. Only persons authorized to manage the server have access to the logs. The Administrator does not use this data to identify Users.

Date of Privacy Policy Publication: 13.05.2025
Date of Last Update: 13.05.2025

Got a question or just want to say hi?
I’m always happy to chat — whether it’s about the website, blog, shop, or working together. You’ll also find me hanging out on Facebook, Instagram, Pinterest, and LinkedIn. Come say hi and let’s stay connected through our love for food photography and nature!