Privacy Policy

This document constitutes an annex to the regulations of STOCK-HURT PAWEŁ ŁEPKOWSKI, JAKUB GORYCA spółka komandytowa with its registered office in Skawina, ul. ppor. Mieczysława Majdzika 13, 32-050 Skawina, KRS: 0001007928, NIP: 6772384995, REGON: 36044318700000 (hereinafter referred to as the “Administrator” or “Stock-Hurt s.k.”), sets out the principles for the processing and protection of personal data of Clients (hereinafter referred to as “Users” or “Clients”).The User’s privacy is extremely important to Stock-Hurt s.k. We want every Client to know how we process their personal data, which is why we have prepared this Privacy Policy, describing the manner of protection and processing of personal data in accordance with applicable regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR”.

Contact with the Administrator:

  • Registered office address: ul. ppor. Mieczysława Majdzika 13, 32-050 Skawina
  • E-mail address: [email protected]
  • Phone number: +48 517 708 261

§ 1. COLLECTION, PROCESSING, AND USE OF PERSONAL DATA

Voluntary provision of data: We collect personal data only when it is voluntarily provided by the User, e.g., for the purpose of fulfilling an agreement, at the time of creating a customer account, or in the process of contacting the Client. Providing personal data is voluntary, but necessary for the indicated purposes (e.g., placing an order, registration, receiving a response to an inquiry).

Purposes and legal bases for data processing:

  • Fulfillment of agreement and orders: Data such as first name, last name, company name (if applicable), address, phone number, and e-mail address are processed for the purpose of concluding, fulfilling, and executing the agreement for the sale of Goods (including in the WooCommerce online store and within auctions), order processing, delivery, payment settlement, and customer service. The legal basis is Article 6(1)(b) GDPR (necessity for the performance of a contract). Upon completion of the agreement, this data is stored for the period specified by tax and commercial law regulations, and after this period, it is deleted from our database, unless the User has consented to its further processing for another purpose.
  • Handling inquiries and communication: We use contact details (e-mail, phone number) to respond to Users’ inquiries submitted through contact forms or other communication channels. The legal basis is Article 6(1)(b) GDPR (necessity for taking steps at the request of the data subject) or our legitimate interest (Article 6(1)(f) GDPR) for efficient communication handling.
  • Marketing (e-mail marketing, newsletter): Based on your voluntary consent, we process data for the purpose of sending newsletters containing commercial and marketing information (e.g., about offers, promotions, news). The legal basis is Article 6(1)(a) GDPR (consent). This consent is granted by subscribing to the newsletter (e.g., by ticking the box “I want to subscribe to the Newsletter”). It is possible to unsubscribe at any time by clicking the appropriate link in the received message or by sending a corresponding notification to the Administrator’s e-mail address. Upon unsubscribing, the User’s e-mail address will be promptly removed from our marketing database.
  • Statistical analysis and improvement of the Website: By using cookies and analytical tools (e.g., Google Analytics), we process navigation data and information on how the Website is used for traffic analysis, studying User preferences, optimizing Website performance, and adapting its functionalities to needs. The legal basis is our legitimate interest (Article 6(1)(f) GDPR) or the User’s consent (based on Article 6(1)(a) GDPR) regarding the use of certain cookies.
  • Compliance with legal obligations: We also process personal data to fulfill legal obligations incumbent upon the Administrator, e.g., related to accounting or tax regulations. The legal basis is Article 6(1)(c) GDPR.
  • Establishment or defense of claims: For the purpose of establishing, pursuing, or defending claims related to our business activities, data may be processed based on our legitimate interest (Article 6(1)(f) GDPR).

§ 2. COOKIES

  1. The website www.stockhurt.com uses cookies to ensure optimal operation, personalize content, provide social media features, and analyze website traffic.
  2. The User can manage cookie settings through their web browser. Most browsers accept cookies by default, but the User can disable or restrict them. For detailed information on the cookies used and how to manage them, please refer to [insert link to the detailed Cookie Policy or a separate section on the website about cookies].

§ 3. TRANSFER OF PERSONAL DATA

  1. We transfer the personal data we collect only to the extent necessary to achieve the indicated purposes:
    • To transport companies/couriers: for the purpose of delivering the Goods (data: first name, last name, address, phone number).
    • To designated banking institutions or payment operators: for the purpose of processing payments for orders (data necessary for transactions).
    • To entities providing marketing services (e-mail marketing) for us: for the purpose of sending newsletters.
    • To entities providing us with IT support for the Website and systems: for the purpose of maintaining and developing functionalities.
    • To entities authorized to obtain data based on legal provisions: e.g., law enforcement agencies, courts, in justified cases.
  2. The recipients of personal data are entities with whom we have concluded appropriate data processing entrustment agreements or service agreements that guarantee the application of appropriate security measures and compliance with GDPR.
  3. Collected and entrusted personal data are stored within the European Economic Area (“EEA”) and are not transferred to third countries (outside the EEA), unless it is necessary for the provision of services and appropriate safeguards provided by GDPR are ensured.

§ 4. USER’S RIGHTS REGARDING PERSONAL DATA

The User has a number of rights concerning their personal data, which they can exercise at any time:

  • Right of access to data: Obtaining information about the processed data and a copy thereof.
  • Right to rectification of data: Requesting correction of inaccurate or completion of missing data.
  • Right to erasure of data (“right to be forgotten”): Requesting the deletion of data when it is no longer necessary for the purposes for which it was collected, or when consent for its processing has been withdrawn.
  • Right to restrict processing: Requesting the restriction of data processing in specific situations.
  • Right to data portability: Receiving one’s data in a structured, commonly used, machine-readable format and transmitting it to another controller.
  • Right to object: Objecting to the processing of data when the processing is based on our legitimate interest.
  • Right to withdraw consent: Withdrawing granted consent for data processing (e.g., for newsletters) at any time, without affecting the lawfulness of processing carried out before its withdrawal.
  • Right to lodge a complaint with a supervisory authority: The possibility of lodging a complaint with the President of the Personal Data Protection Office if the User believes that the processing of their data violates GDPR provisions.

To exercise the above rights, please contact the Administrator via e-mail at: [email protected] or in writing at the registered office address.

§ 5. PERSONAL DATA SECURITY

The Administrator makes every effort to ensure the security of Users’ personal data. We apply appropriate technical and organizational measures to protect data against unauthorized access, loss, destruction, or disclosure. Implemented measures include, but are not limited to:

  • Securing data transmission using an SSL/TLS certificate.
  • Restricting access to personal data to authorized persons only.
  • Regular updates of the Website software and implemented plugins.
  • Using strong passwords and authentication mechanisms.
  • Ensuring that third parties to whom we entrust data processing also apply appropriate security measures.

§ 6. LINKS TO OTHER WEBSITES

The Website may contain links to external websites, including our social media channels. The Administrator is not responsible for the privacy policy or content of these sites. We encourage you to review the privacy policies of the sites you visit.

§ 7. FINAL PROVISIONS

  1. This Privacy Policy is effective from the date of publication: January 1, 2025.
  2. In the future, it may be necessary to update the Privacy Policy. Its latest version will always be available on our website.
  3. We will inform Users of any changes to the Privacy Policy, particularly concerning the purposes of personal data processing, User rights, or the contact details of the Data Protection Officer (if appointed), through a notice on the Website or by e-mail.
  4. In matters not regulated by this Privacy Policy, Polish law and GDPR provisions shall apply.