document created on 27.07.2023 at 08:54

Privacy Policy

The personal data controller responsible for its processing is:
PHU CMRS STEFAN ROZŁUCKI, Michałów, no. 35, 59-140, NIP [Tax ID]: 8951754872, REGON [National Business Registry Number]: 390945356. Correspondence address: Rybnik, ul. ks. Henryka Jośki, no. 20, 44-217.
For more information, you can contact us using the email address: kontakt@nhr.com.pl or the correspondence address: PHU CMRS STEFAN ROZŁUCKI Rybnik, ul. ks. Henryka Jośki, no. 20, 44-217.

Thank you for your interest in our online store. The protection of your privacy is very important to us. Below you will find detailed information regarding the handling of your data.

1. Access data and hosting

Our websites can be visited without providing personal data. With each visit to the website, the server automatically saves only the so-called server logs, e.g., the name of the requested file, your IP address, the date and time of the request, the amount of data transferred, and the requesting internet service provider (so-called access logs), and documents the page request. This data is analyzed solely to ensure the proper functioning of our website and to improve our offer. This serves, according to Art. 6(1)(f) of the GDPR, to safeguard our legitimate interest in the optimal and correct presentation of our websites and offers. All access data is deleted within seven days from the end of your visit to the site.

Hosting

Hosting and website display services are partly provided on our behalf by our service providers as part of data processing entrustment. Unless this privacy policy states otherwise, all access data and data collected in forms provided for this purpose on our website will be processed on their servers. If you have any questions regarding our service providers and the basis of our cooperation with them, please contact us. Our contact details can be found in the section “Our contact details and your rights”.

2. Data collection and processing for the performance of a contract and for contact purposes

2.1 Data processing for the performance of a contract

We collect personal data when you provide it to us by placing an order or contacting us (e.g., via a contact form or by e-mail). Mandatory fields are marked as such because they concern data necessary to perform the contract or process the matter for which you are contacting us. Without providing them, you cannot complete the order or contact us. Which data is collected directly follows from the forms into which the data is entered.

We use the data provided by you in accordance with Art. 6(1)(b) of the GDPR to perform the contract and respond to your inquiries (including inquiries regarding the handling of claims under warranty for defects or guarantees and within the scope of the obligation to inform about necessary updates). Further information regarding the processing of your data, in particular regarding the transfer of data to our service providers for the purpose of order processing, payment, and shipping, can be found in subsequent sections of this privacy policy. After the performance of the contract, the processing of your data will be restricted, and after the retention periods required under tax law and the Accounting Act, this data will be deleted (Art. 6(1)(c) of the GDPR), unless you give explicit consent (Art. 6(1)(a) of the GDPR) for the further use of this data for other purposes or we reserve the right to further use it in legally permitted cases, about which we inform you in such a situation in this privacy policy.

2.2 Data processing for contact purposes

As part of customer communication, we process personal data to handle your inquiries (Art. 6(1)(b) of the GDPR). You provide this data to us voluntarily when contacting us (e.g., via a contact form or e-mail). Mandatory fields are marked as such because they concern data necessary to process the inquiry. Which data is collected directly follows from the forms into which the data is entered. After your inquiry has been fully processed, your data will be deleted, unless you give explicit consent (Art. 6(1)(a) of the GDPR) for the further use of this data for other purposes or we reserve the right to further use it in legally permitted cases, about which we inform you in such a situation in this privacy policy.

3. Data processing for the purpose of delivery

In order to perform the contract (Art. 6(1)(b) of the GDPR), we may transfer your data to the shipping company selected by you during the ordering process, which has been commissioned to deliver the ordered products.

4. Data processing for payment execution

To process payments in our online store, we cooperate with external service providers handling electronic online payments and transfer your data to the payment handling company selected by you during the ordering process. The above serves the performance of the contract (Art. 6(1)(b) of the GDPR).

Data processing for the prevention of abuse and optimization of payments

In some situations, we may provide our service providers with additional information that they may use along with the information necessary to process the payment. These service providers then act on our behalf as data processors and provide us with services in the area of fraud prevention and payment process optimization (e.g., invoicing, analysis of rejected payments, accounting support). According to Art. 6(1)(f) of the GDPR, this serves to realize our legitimate interests in protection against abuse and fraud, as well as in effective payment management.

5. Cookies and similar technologies
General information

To make visiting our website more attractive and enable you to use its key functions, we use technological tools for this purpose, including so-called cookies. Cookies are small text files that are automatically saved on your end device. Some cookies used by us are deleted after the browser session ends, i.e., after it is closed (so-called session cookies). Other cookies remain on your end device and allow us to recognize your browser on your next visit (so-called persistent cookies). We use technologies that are absolutely necessary to ensure the proper and optimal use of the essential functions of our website (e.g., the shopping cart function). These technologies process data such as your IP address, time of visit, information about the device and browser, as well as information about the use of our website (e.g., the contents of the shopping cart). According to Art. 6(1)(f) of the GDPR, this serves our legitimate interest in the optimal presentation of our offer.

Furthermore, we also use technological tools to fulfill legal obligations to which we are subject (e.g., to prove receipt of consent to process your personal data), as well as for web analytics and online marketing. Further information on this topic, including the relevant legal basis for data processing, can be found in subsequent sections of this privacy policy.

In the help menu of your web browser, you will find explanations regarding changing cookie settings. They are available under the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

When you have given us your consent to use specific technological tools (Art. 6(1)(a) of the GDPR), it may be withdrawn by you at any time. To withdraw your consent, please contact us via the contact address indicated in the “Our contact details and your rights” section.

6. Use of cookies and similar technological tools for web analytics and marketing purposes

Provided you have given your consent (Art. 6(1)(a) of the GDPR), we use the cookies and other similar technological tools of external service providers listed below on our website. After achieving the purpose of processing and ending the use of a given technological tool, the data collected as part of using these tools will be deleted. The consent granted may be withdrawn by you at any time. Detailed information on the possibility of revoking consent and your right to object can be found in the “Cookies and similar technologies” section. Further information can be found on the websites of the respective service providers. If you have questions about our service providers and the basis of our cooperation with them, please contact us. Contact details can be found in the “Our contact details and your rights” section.

6.1 Use of Google services

We use the technological tools of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) listed below. Information collected automatically by Google technologies regarding the use of our website is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there. The European Commission has not issued an adequacy decision for the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. If your IP address is processed when using Google’s technological tools, your address is shortened before being stored on Google servers thanks to activated IP anonymization. Only in exceptional cases will the full IP address be sent to a Google server and shortened there. Unless otherwise specified for the individual Google technologies described in this privacy policy, data processing is carried out on the basis of a joint personal data controllership agreement concluded with Google in accordance with Art. 26 of the GDPR. Further information on data processing by Google can be found in Google’s privacy policy.

Google Analytics

For the purpose of analyzing the use of our website, we use Google Analytics – a web analytics tool by Google, which automatically processes your data for this purpose (IP address, time of visit, device and browser information, as well as information regarding the use of our website) and creates pseudonymized user profiles based on them. Cookies may be used for this purpose. In principle, your IP address is not merged with other data collected by Google. Data processing under the Google Analytics service takes place on the basis of a data processing agreement concluded with Google.

Google Maps

For the visual presentation of geographical information, Google Maps will record and process information regarding your use of maps and individual functions, including, e.g., your IP address and location data. We have no influence on the aforementioned data processing by Google.

Google reCAPTCHA

To protect against spam and prevent abuse and improper use of our web forms (e.g., using malicious bots), the Google reCAPTCHA tool has been integrated with our website, which processes your data for this purpose (IP address, time of visit, device and browser information, as well as information regarding the use of our website) and, based on this, performs an analysis of your use of our website using JavaScript and cookies. Personal data entered by you in individual form fields on our websites will not be read or saved.

Google Fonts

To ensure a consistent presentation of content on our websites, the “Google Fonts” script is integrated into our website, which processes your data (IP address, time of visit, device and browser information, as well as information regarding the use of our website). We have no influence on the aforementioned data processing by Google.

YouTube Video Plugin

To integrate third-party content via the YouTube video plugin – when playing a video, the following data is processed by Google: IP address, time of visit, user’s device and browser information.

6.2 Use of Facebook services
Facebook Pixel

We use the Facebook Pixel tool provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”). The scope of Facebook Pixel functionalities used by us is indicated below. The Facebook Pixel automatically collects and saves data (your IP address, time of visit, device and browser information, as well as information regarding the use of our website, e.g., visiting the website or subscribing to the newsletter). Pseudonymized user profiles are then created based on this data.
For this purpose, during a visit to our website, the Facebook Pixel saves a cookie on your device, which allows for the automatic recognition of your browser when visiting other websites using a pseudonymized Cookie-ID. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to your use of websites, in particular for the purpose of personalizing advertising. Information collected automatically by Facebook technologies regarding how you use our website is generally sent to a server of Facebook, Inc. 1601 Willow Road, Menlo Park, California 94025, USA and stored there. The European Commission has not issued a decision establishing an adequate level of data protection in relation to the USA. To the extent that the transfer of data to the USA is our responsibility, our cooperation is based on the European Commission’s standard data protection clauses. Further information on data processing by Facebook can be found in Facebook’s privacy policy.

Facebook Analytics Tools

As part of Facebook Business tools – based on data collected via the Facebook Pixel code regarding your use of our site, statistics on user activity on our site are created. Data processing by Facebook takes place on the basis of a concluded data processing agreement. The data analysis (statistics regarding website usage) serves to optimize and make our website more attractive.

Facebook Ads (ads management)

Facebook Ads allows us to advertise our website on Facebook and other platforms. We determine the parameters of a given advertising campaign. Facebook is responsible for the exact execution, and in particular for the decision to display a given advertisement to individual users. Unless otherwise specified for individual functions and tools, data processing takes place on the basis of a joint personal data controllership agreement in accordance with Art. 26 of the GDPR. Joint responsibility is limited to data collection and its transfer to Facebook Ireland. This does not cover subsequent data processing by Facebook Ireland.

Based on the pseudonymized Cookie-ID saved by the Facebook Pixel and the collected information on user activity on our website, we create personalized advertising via the Facebook Pixel Remarketing function.

7. Social Media

7.1 Social media plugins: Facebook (Meta)

Our website uses so-called social media plugins (buttons). These plugins are available via an HTML link, which ensures that when visiting our page containing such plugins (buttons), a direct, automatic connection with the servers of the operator of a given social network is not established. After clicking one of the buttons (plugin), a new browser window will open displaying the page of the given social network, where you can approve the use of a given button, e.g., “Like” or “Share”.

7.2 Our activity on social networks: Facebook

If you have granted consent to the respective social network in this regard (Art. 6(1)(a) GDPR), your data will be automatically collected and stored for web analytics and marketing purposes when visiting our account/profile on the aforementioned social networks. Pseudonymized user profiles are created based on this data. They can be used, for example, to place so-called personalized ads within and outside the social networks that likely match your interests. Cookies are usually used for this purpose.
Detailed information regarding the processing and use of your data by individual social networks, as well as information on your rights and possibilities to configure privacy settings, along with contact details for submitting inquiries, are described in the privacy policies of individual social networks linked below. Should you need help in this regard, you can also contact us.

Facebook (by Meta) is a social network offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland (“Meta Platforms Ireland”). Information regarding your activity and use of our Facebook (by Meta) fan page processed automatically is generally sent to a server of Meta Platforms Ireland, Inc., 1 Hacker Way, Menlo Park, California 94025 in the USA and stored there. The European Commission has not issued a decision establishing an adequate level of data protection for the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing as part of visits to the Facebook (by Meta) fan page is carried out in accordance with Art. 26 of the GDPR on the basis of joint arrangements of joint controllers, which are available here. Further information regarding the processing of your personal data as part of visits to the Facebook fan page (information on page insights data) is available here.

8. Our contact details and your rights

8.1 Your rights

Data subjects whose data is processed have the following rights:

pursuant to Art. 15 GDPR: the right to obtain information about data processing to the extent defined in this article;

pursuant to Art. 16 GDPR: the right to rectify your inaccurate or incomplete personal data;

pursuant to Art. 17 GDPR: the so-called “right to be forgotten”, i.e., the right to erasure of your personal data stored by us, provided that its further processing is not necessary:

for exercising the right of freedom of expression and information;

for compliance with a legal obligation;

for reasons of public interest;

for the establishment, exercise or defense of legal claims;

pursuant to Art. 18 GDPR: the right to restriction of processing of personal data, provided that:

the accuracy of the personal data is contested by you;

the processing is unlawful and you oppose their erasure;

we no longer need the personal data, but they are required by you for the establishment, exercise or defense of legal claims;

you have objected to processing pursuant to Art. 21;

pursuant to Art. 20 GDPR: the right to receive the data provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller;

pursuant to Art. 77 GDPR: the right to lodge a complaint with a supervisory authority (President of the Personal Data Protection Office “UODO”).

Right to object

If we process personal data as described in this privacy policy in order to safeguard our legitimate interests, you may object to the processing of your data for this purpose – with effect for the future. If the processing is for direct marketing purposes, you can exercise the right to object at any time. If the processing is for other purposes, you have the right to object only on grounds relating to your particular situation.

After you have exercised your right to object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests and rights, or if the data processing serves the establishment, exercise, or defense of legal claims.

The preceding sentence does not apply if the data processing is for direct marketing purposes. In such a case, upon your objection, we will always cease further processing of your personal data.

8.2 Contact us

If you have any questions regarding the collection, processing, and use of your personal data, as well as in the event of requesting information, rectification, restriction of processing or erasure of data, and in order to revoke consents granted or to object to the use of specific data, please contact the data controller indicated at the beginning of this privacy policy directly.

This translation is for informational purposes only and is not legally binding. The original Polish version shall prevail.