Privacy Policy

PRIVACY AND COOKIE POLICY OF PININORDPOL.PL STORE

This Privacy Policy (hereinafter: “Policy“) contains information on the processing of your personal data in connection with the use of the online store www.pininordpol.pl”, operating at the internet address https://www.pininordpol.pl/ (hereinafter: “Store“).

All capitalized terms not otherwise defined in the Policy have the meaning assigned to them in the Terms and Conditions, available at: https://pininordpol.pl/en/rules/.

Personal Data Controller

The controller of your personal data is the company Nordpol Sp. z o.o. with its registered office in Złotoryja, registered office address: ul. Polna 2a, 59-500 Złotoryja, entered into the register of entrepreneurs of the National Court Register kept by the District Court for Wrocław-Fabryczna in Wrocław, IX Commercial Division of the National Court Register under KRS number: 0000120521, holding NIP: 941004097, REGON number: 390371719, with a fully paid-up share capital of PLN 50,000 (fifty zlotys) (hereinafter: “Controller“).

Contacting the Controller

For all matters related to personal data processing, you can contact the Controller via:

1. email – at: sklep@pininordpol.pl;
2. traditional mail – at: ul. Polna 2a, 59-500 Złotoryja;
3. phone – at: +48 504 017 883.

Data Protection Officer

Please be informed that the Controller has not appointed a Data Protection Officer. Contact regarding personal data protection is possible as indicated above.

Personal Data Protection Measures

The Controller applies modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR“), the Act of 10 May 2018 on personal data protection, and other personal data protection regulations.

Collection of Personal Data

The Controller collects personal data in the following ways: by the Customer making a purchase in the online Store; by using the Account Service; by voluntarily subscribing to the Newsletter delivery service; by the Customer voluntarily providing information in an email addressed to the Seller; by voluntarily provided information in a message sent by the Customer via the Contact Form in connection with the desire to establish permanent cooperation; by sending complaints or other statements to the Seller; through cookies or other similar internet technologies.

Information on Processed Personal Data

Using the Store requires the processing of your personal data. Below you will find detailed information on the purposes and legal bases of processing, as well as the processing period and the obligation or voluntariness of providing them.

Purpose of Processing	Processed Personal Data
Conclusion and Performance of the Account Service Agreement	name and surname, email address, other data provided by the Customer during the conclusion and performance of the Account Service (e.g., Customer login, phone number, residential/business address, including street, house number, apartment number, city, postal code, country)
Providing the personal data referred to in points 1)-2) above is a condition for the conclusion and performance of the Account Service agreement (their provision is voluntary, but the consequence of not providing them will be the inability to conclude and perform the aforementioned agreement, including creating an Account). Providing the personal data referred to in point 3) above is necessary for the performance of the Account Service agreement. The Controller will process the aforementioned personal data until the claims arising from the Account Service Agreement become time-barred.
Purpose of Processing	Processed Personal Data
Conclusion and Performance of the Sales Agreement	name and surname, email address, phone number, residential/business address (street, house number, apartment number, city, postal code, country), delivery address (if different from residential/business address), optionally – company name and NIP (if the Buyer is an Entrepreneur or an Entrepreneur with Consumer Rights)
Providing the aforementioned personal data is a condition for the conclusion and performance of the Sales Agreement (their provision is voluntary, but the consequence of not providing them will be the inability to conclude and perform the Sales Agreement). The Controller will process the aforementioned personal data until the claims arising from the Sales Agreement become time-barred.
Purpose of Processing	Processed Personal Data
Conclusion and Performance of the Free Digital Product or Digital Service Agreement	email address
Providing the aforementioned personal data is a condition for the conclusion and performance of the free Digital Product or Digital Service Agreement (their provision is voluntary, but the consequence of not providing them will be the inability to conclude and perform the free Digital Product or Digital Service Agreement). The Controller will process the aforementioned personal data until the claims arising from the free Digital Product or Digital Service Agreement become time-barred.
Purpose of Processing	Processed Personal Data
Conclusion and Performance of the Newsletter Delivery Agreement	email address
Providing the aforementioned personal data is voluntary, but necessary to receive the Newsletter (the consequence of not providing them will be the inability to receive the Newsletter). The Controller will process the aforementioned personal data until an effective objection is raised or the processing purpose is achieved, or until the claims arising from the Newsletter Delivery Agreement become time-barred (whichever of the aforementioned events occurs first).
Purpose of Processing	Processed Personal Data
Complaint Procedure	name and surname, email address
Providing the aforementioned personal data is a condition for receiving a response to a complaint or exercising the Customer’s rights arising from the Controller’s liability regulations in case of non-conformity of a physical Product with the Sales Agreement or a Digital Service Object with its respective Agreement (their provision is voluntary, but the consequence of not providing them will be the inability to receive a response to the complaint and exercise the aforementioned rights). The Controller will process the aforementioned personal data for the duration of the complaint procedure, and in the case of exercising the Customer’s aforementioned rights – until they become time-barred.
Purpose of Processing	Processed Personal Data
Sending email notifications	email address
Providing the aforementioned personal data is voluntary, but necessary to receive information about activities related to the performance of Agreements concluded with Customers (the consequence of not providing them will be the inability to receive the aforementioned information). The Controller will process the aforementioned personal data until an effective objection is raised or the processing purpose is achieved (whichever of the aforementioned events occurs first).
Purpose of Processing	Processed Personal Data
Handling Customer inquiries (e.g., via the Contact Form)	name, email address, other data contained in the message to the Controller (e.g., surname, phone number, residential or business address, including street, house number, apartment number, city, postal code, country)
Providing the aforementioned personal data is voluntary, but necessary to receive a response to an inquiry (the consequence of not providing them will be the inability to receive a response). The Controller will process the aforementioned personal data until an effective objection is raised or the processing purpose is achieved (whichever of the aforementioned events occurs first).
Purpose of Processing	Processed Personal Data
Fulfilling tax obligations (e.g., issuing VAT invoices, keeping accounting documentation)	name and surname/company name, residential/registered office address, NIP
Providing the aforementioned personal data is voluntary, but necessary for the Controller to fulfill its tax obligations (the consequence of not providing them will be the inability for the Controller to fulfill the aforementioned obligations). The Controller will process the aforementioned personal data for a period of 5 years from the end of the year in which the tax payment deadline for the previous year expired.
Purpose of Processing	Processed Personal Data
Fulfilling obligations related to personal data protection	name and surname, contact details provided by you (e.g., email address, correspondence address, phone number)
Providing the aforementioned personal data is voluntary, but necessary for the Controller to properly perform its obligations arising from personal data protection regulations, including the exercise of rights granted to you by the GDPR (the consequence of not providing the aforementioned data will be the inability to properly exercise the aforementioned rights). The Controller will process the aforementioned personal data until the limitation periods for claims arising from violations of personal data protection regulations expire.
Purpose of Processing	Processed Personal Data
Establishing, asserting, or defending against claims	name and surname/company name, email address, residential/registered office address, PESEL number, NIP
Providing the aforementioned personal data is voluntary, but necessary for establishing, asserting, or defending against claims that may arise in connection with the performance of Agreements concluded with the Controller (the consequence of not providing the aforementioned data will be the inability for the Controller to take the aforementioned actions) The Controller will process the aforementioned personal data until the limitation periods for claims that may arise in connection with the performance of Agreements concluded with the Controller expire.
Purpose of Processing	Processed Personal Data
Analysis of Your Activity in the Store	date and time of visit, device IP address, device operating system type, approximate location, internet browser type, time spent in the Store, viewed Products, visited subpages, and other actions taken within the Store
Providing the aforementioned personal data is voluntary, but necessary for the Controller to obtain information about your activity in the Store (the consequence of not providing them will be the inability for the Controller to obtain the aforementioned information). The Controller will process the aforementioned personal data until an effective objection is raised or the processing purpose is achieved.
Purpose of Processing	Processed Personal Data
Store Administration	IP address, server date and time, internet browser information, operating system information The above data are automatically saved in so-called server logs each time the Store is used (administering it without the use of server logs and automatic saving would not be possible).
Providing the aforementioned personal data is voluntary, but necessary to ensure the proper functioning of the Store (the consequence of not providing them will be the inability to ensure the proper functioning of the Store). The Controller will process the aforementioned personal data until an effective objection is raised or the processing purpose is achieved.

The Controller will store your personal data only as long as necessary for the purposes specified in the Privacy Policy, and also to meet legal requirements. After this period, the Controller will securely delete your personal data.

Profiling

In order to create your profile for marketing purposes and to direct direct marketing tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling them – however, this will not produce any legal effects concerning you, nor similarly significantly affect your situation.

The scope of profiled personal data corresponds to the scope indicated above in relation to the analysis of your activity in the Store and the data you save in your Account.

The legal basis for processing personal data for the above purpose is Article 6(1)(f) of the GDPR, according to which the Controller may process personal data for the purpose of pursuing its legitimate interest, in this case, conducting marketing activities tailored to the recipients’ preferences. Providing the aforementioned personal data is voluntary, but necessary for the realization of the aforementioned purpose (the consequence of not providing them will be the inability for the Controller to conduct marketing activities tailored to the recipients’ preferences).

The Controller will process personal data for profiling purposes until an effective objection is raised or the processing purpose is achieved.

Recipients of Personal Data

The recipients of personal data will be the following external entities cooperating with the Controller:

1. hosting company;
2. logistics operator and courier companies;
3. online payment system providers;
4. Newsletter service provider;
5. companies providing tools for analyzing activity in the Store and directing direct marketing to its users (including Google Analytics);
6. accounting services company;
7. entities providing legal services to the Controller;
8. The Controller in terms of creating, maintaining, and updating the website/web page .

Furthermore, personal data may also be transferred to public or private entities if such an obligation arises from generally applicable legal provisions, a final court judgment, or a final administrative decision.

Transfer of Personal Data to a Third Country

Due to the Controller’s use of services provided by Google LLC, your personal data may be transferred to the following third countries: United Kingdom, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia. The basis for transferring data to the aforementioned third countries is:

• for the United Kingdom, Canada, Israel, and Japan – European Commission decisions stating an adequate level of personal data protection in each of the aforementioned third countries;
• for the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia, and Australia – contractual clauses ensuring an adequate level of protection, consistent with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.

You can obtain a copy of the data transferred to a third country from the Controller.

Rights

In connection with the processing of personal data, you have the following rights:

1. the right to information about what personal data concerning you is processed by the Controller and to receive a copy of this data (the so-called right of access). The first copy of the data is free of charge; for subsequent copies, the Controller may charge a fee;
2. if the processed data becomes outdated or incomplete (or otherwise incorrect), you have the right to request their rectification;
3. in certain situations, you may ask the Controller to delete your personal data, e.g., when:
   1. the data are no longer needed by the Controller for the purposes it informed about;
   2. you have effectively withdrawn your consent to data processing – unless the Controller has the right to process the data on another legal basis;
   3. the processing is unlawful;
   4. the necessity to delete the data results from a legal obligation incumbent on the Controller;
4. if personal data are processed by the Controller based on your granted consent for processing or for the purpose of performing an Agreement concluded with it, you have the right to transfer your data to another controller;
5. if personal data are processed by the Controller based on your granted consent for processing, you have the right to withdraw this consent at any time (withdrawal of consent does not affect the lawfulness of processing carried out based on consent before its withdrawal);
6. if you believe that the processed personal data are incorrect, their processing is unlawful, or the Controller no longer needs certain data, you may request that for a specified, necessary period (e.g., to verify data accuracy or pursue claims) the Controller does not perform any operations on the data, but only stores them;
7. you have the right to object to the processing of personal data where the basis for processing is the Controller’s legitimate interest. In the event of a successful objection, the Controller will cease processing personal data for the aforementioned purpose;
8. you have the right to lodge a complaint with the President of the Personal Data Protection Office if you believe that the processing of personal data violates GDPR provisions.

Cookies

1. The Controller informs that the Store uses “cookies”, installed on your end device. These are small text files that can be read by the Controller’s system, as well as by systems belonging to other entities whose services the Controller uses (e.g., Google).
2. The Controller uses cookies for the following purposes:
   1. ensuring the proper functioning of the Store – thanks to cookies, the Store can operate efficiently, its functions can be used, and navigation between individual subpages is convenient;
   2. enhancing the browsing experience in the Store – thanks to cookies, it is possible to detect errors on some subpages and constantly improve them;
   3. creating statistics – cookies are used to analyze how users interact with the Store. This allows for continuous improvement of the Store and adaptation of its functionality to user preferences;
   4. conducting marketing activities – thanks to cookies, the Administrator can direct advertisements tailored to users’ preferences.
3. The Administrator may place both persistent and temporary (session) files on your device. Session files are usually deleted when the browser is closed, while closing the browser does not delete persistent files.
4. Information about cookies used by the Administrator is displayed in the panel at the bottom of the Store’s website. Depending on your decision, you can enable or disable cookies of specific categories (with the exception of essential cookies) and change these settings at any time.
5. Data collected through cookies does not allow the Administrator to identify you.
6. The Administrator uses the following cookies or tools that utilize them:

TOOL	PROVIDER	FUNCTIONS AND SCOPE OF DATA COLLECTED	DURATION
Essential cookies	Administrator	The operation of these files is essential for the proper functioning of the Store’s website, so you cannot disable them. Thanks to these files (which collect, among other things, your device’s IP address), it is possible, for example, to inform you about cookies operating on the Store’s website.	Most essential cookies are session-based, but some remain on your end device for a period of 6 months or until they are deleted;
Google Analytics	Google	This tool allows for the collection of statistical data on how customers use the Store, including the number of visits, visit duration, browser used, and location. The collected data helps improve the Store and make it more user-friendly for customers.	up to 2 years or until they are deleted (whichever of the aforementioned events occurs first)
Facebook Pixel	Facebook	This tool allows us to determine that you have visited the Store, as well as to direct advertisements displayed on Facebook and Instagram social media platforms to you and measure their effectiveness.	up to 3 months or until they are deleted (whichever of the aforementioned events occurs first)
Hotjar	Hotjar	This tool allows for the collection of statistical data on how customers use the Store, including the number of visits, visit duration, browser used, and location. The collected data helps improve the Store and make it more user-friendly for customers.	up to 2 years or until they are deleted (whichever of the aforementioned events occurs first)

1. Through most commonly used browsers, you can check whether cookies have been installed on your end device, as well as delete installed cookies and block their future installation by the Store. However, disabling or limiting cookie support may cause significant difficulties in using the Store, e.g., requiring you to log in on every subpage, longer loading times for the Store’s page, or limitations in using certain functionalities.

Final Provisions

In matters not regulated by this Policy, generally applicable personal data protection regulations shall apply.

This Policy is effective from September 1, 2025.