Privacy policy

1. This privacy policy governs the processing (collection and use) and protection of Users' personal data in connection with the use of the website https://horecaparts.pl/, hereinafter referred to as the "Store", controlled by Horeca Parts Group Sp. z o.o., with registered office in Robakowo, at ul. Firmowa 12, 62-023 Robakowo, entered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Poznań-Nowe Miasto and Wilda in Poznań, IX Economic Department of the National Court Register under KRS number: 0000940610, with NIP number: 7773235039, REGON: 30260475, hereinafter referred to as: the “Controller". The Controller is also the administrator of Users' personal data.
2. The designated contact person is Mr. Krzysztof Kmieciak tel. 61 658 70 91, email: krzysztof.kmieciak@horecaparts.pl, serving as the Personal Data Officer, whom the User may contact by email, telephone or in writing – at the Controller's address indicated above.
3. In connection with the Users availing of the Store, the Controller collects data to the extent necessary to perform and implement the Sale Agreement. The Controller processes the following personal data of Users and their representatives: first and last name/name, delivery address, address of residence/business/premises, e-mail address, PESEL number, contact telephone number, NIP number in case of business entities, bank account number, and in case of entities having an account in the Store, also order history.
4. Providing personal data on the Website is required for the conclusion and performance of a sale agreement to which the User is a party or to take action at the User's request prior to its conclusion (Article 6(1)(b) of GDPR). Providing personal data is also required to receive commercial information and set up an Account and while it is voluntary, failure to do so shall prevent the use of the above services.
5. Users' personal data shall be processed by the Controller in order to perform activities related to the service and implementation of the Sale Agreement, in particular:
   1. executing the Sale Agreement, the Agreement for the provision of services by electronic means described in the Rules, or to take actions necessary to conclude the Agreement, e.g. telephone or e-mail contact to send an offer, set the date of performing the service, cancel or change the date of performing the service, delivery (Article 6(1)(b) GDPR);
   2. marketing Products and services offered by the Controller – after giving separate consent, data may also be processed for the purpose of sending commercial information by electronic means or making phone calls for marketing purposes – respectively, in connection with Article 10(2) of the Act on the provision of electronic services of 18 July 2002 or Article 172(1) of the Telecommunications Law Act of 16 July 2004 – (Article 6(1)(a) of GDPR);
   3. performing the Controller's legal obligations, including:
      • issuing and storing invoices and accounting documents,
      • processing complaints and returns within the time and form stipulated by law (Article 6(1)(c) of GDPR);
      • pursuing the legitimate interest of the Controller in case of the need to assert claims as a result of the Buyer's non-performance of the agreement and demonstrating information obligations (Article 6(1)(f) of GDPR);
   4. responding to inquiries, including messages sent via the contact form, as well as contact via social media profiles – shall be processed until a response is provided, and then possibly on another legal basis (Article 6(1)(f) RODO).
6. To ensure the security of Users' personal data, the Controller shall apply due diligence to protect it. Users' personal data shall be protected at a level corresponding to the standards set forth in the applicable legislation, in particular:
   1. GDPR,
   2. the Electronic Services Act of 18 July 2002 (Journal of Laws of 2002, No. 144, item 1204, as amended),
   3. the Telecommunications Law Act of 16 July 2004 (Journal of Laws of 2004, No. 171, item 1800, as amended).
7. Users' personal data shall be processed by authorised employees and associates of the Controller. Data may also be transferred to processors who provide services to the controller, in particular IT, accounting, marketing services. In addition, data shall be transferred to entities providing courier or postal services. The Controller does not transfer Users' personal data to third countries.
8. Users are entitled to:
   1. access their data,
   2. rectify their data,
   3. delete their data,
   4. transfer,
   5. restrict data processing,
   6. object to the processing,
   7. when processing personal data on the basis of expressed consent – the right to withdraw consent,
   8. when deeming the processing of personal data to violate the rights of an individual – file a complaint with the President of the Office for Personal Data Protection.
9. Depending on the scope of personal data and the purposes for which they are processed, they may be kept for different periods. If the processing of personal data is subject to the User's consent, personal data may be processed until the consent is revoked. Withdrawal of consent shall not affect actions performed before the withdrawal of consent. Personal data shall also be kept if the law (e.g., accounting or tax regulations) obliges the Controller to process it, usually for five years. Personal data shall be kept longer in case the User has any claims against the Controller in order for the Controller to assert claims or to assert or defend against third-party claims for the period necessary to clarify the matter.

COOKIES

1. The Controller does not automatically collect any information, except for the information contained in cookies, which are computer data, in particular text files stored on the User's terminal equipment and intended for the use of the Store's websites.
2. Cookies may be used for:
   1. creating statistics,
   2. maintaining the session of the Service User (after logging in),
   3. specifying the User's profile in order to display advertising network material tailored to the User, in particular the Google network.
3. User's software (for web browsing - e.g. Internet browser) usually allows cookies to be stored on the User's terminal device by default. Users of the Service may change their settings in this regard.