Privacy Policy

1. General Provisions

1.1 The administrator of personal data of the customer processed in connection with the use of the online store phoenix-europe.eu is the seller: Hiruko Spółka z ograniczoną odpowiedzialnością, conducting business under the name: Hiruko Sp. z o.o., ul. marsz. Józefa Piłsudskiego 74 320 50-020 Wrocław, NIP: 8971929748, Regon: 526943823, KRS: 0001069268, hereinafter referred to as the Administrator and at the same time the Service Provider of the Online Store and the Seller. Email address: info@phoenix-europe.eu.

1.2. The personal data of customers collected and processed by the Administrator via the online store phoenix-europe.eu is collected for the purpose of executing the sales contract, providing electronic services, and archiving sales contracts and orders.

1.3. Personal data of the Service Recipient and the Client are processed in accordance with the Personal Data Protection Act of August 29, 1997 (Journal of Laws 1997 No. 133, item 883, as amended) (hereinafter referred to as the Personal Data Protection Act) and the Act on the provision of electronic services of July 18, 2002 (Journal of Laws 2002 No. 144, item 1204, as amended), the Regulation of the European Parliament and the Council (EU) 2016/679 of April 27, 2016, on the protection of individuals regarding the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (OJ EU L No. 119, p. 1), hereinafter: “GDPR”), and other currently applicable data protection laws during the entire data processing period.

1.4. The Administrator makes every effort to protect the interests of data subjects and, in particular, ensures that the data collected is:

• • processed in accordance with the law;
  • collected for specified, legitimate purposes and not processed further in a way incompatible with those purposes;
  • accurate and relevant for the purposes for which they are processed and stored in a form that permits identification of the data subjects for no longer than necessary to achieve the processing purpose;
  • accurate and, when necessary, updated;
  • stored in a form that permits identification of the data subject for no longer than necessary for the purposes for which the data are processed;
  • processed in a manner that ensures appropriate security of Personal Data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

1.5. Any words occurring on the website that begin with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood in accordance with their definition provided in the terms and conditions of the online store available on the store’s website.

1.6. Personal data means any information about an identified or identifiable natural person (hereinafter referred to as “Personal Data”). An identifiable natural person is one who can be directly or indirectly identified, in particular based on an identifier such as name and surname, identification number, location data, internet identifier, or one or more specific factors identifying the physical, physiological, genetic, mental, economic, cultural, or social identity of the natural person.

2. Purpose and Scope of Data Collection

2.1. The basis for processing the Customer’s Personal Data is primarily the necessity for the performance of a contract to which the data subject is a party or the necessity to take steps at the request of the data subject before entering into a contract (Article 6(1)(b) of GDPR). This applies mainly to personal data provided in the registration form, placing orders, entering into a sales agreement, or making reservations via the online service.

2.2. Possible purposes for collecting the personal data of Service Users or Customers by the Administrator:

• • Conclusion and execution of the sales agreement or an agreement for the provision of electronic services,
  • Direct marketing of the Administrator’s own products or services,
  • Customer’s review of the concluded sales agreement.

2.3 Possible recipients of the personal data of the customers of the Online Store:

a) In the case of a customer who uses postal or courier delivery, the Administrator shares personal data with the selected carrier or intermediary performing the delivery on behalf of the Administrator.

b) In the case of a customer using electronic payment methods or a payment card, the Administrator shares personal data with the selected entity handling these payments in the Online Store.

c) In the case of a customer who agreed to provide feedback on the concluded Sales Agreement in the Online Store, the Administrator shares the collected personal data with the selected entity managing the survey system for opinions.

d) The concluded agreements in the Online Store.

2.4. The Administrator may process the following personal data of Service Users or Customers using the Online Store: first and last name; email address; contact phone number; delivery address (street, apartment number, postal code, city, country), address of residence/business registration/headquarters (if different from the delivery address). In the case of Service Users or Customers who are not consumers, the Administrator may also process the company name and the taxpayer identification number (NIP) of the Service User or Customer.

2.5. Providing the personal data mentioned above may be necessary for the conclusion and execution of the Sales Agreement or the agreement for the provision of Electronic Services in the Online Store. The scope of data required to conclude the agreement is indicated in advance on the Online Store’s website and in the Online Store’s Regulations.

2.6. For other processing operations for marketing purposes, the basis for such processing is fulfilling the purposes arising from the legitimate interests pursued by the Administrator (Article 6(1)(f) GDPR).

2.7. For other purposes, Personal Data may be processed on the basis of:

a) Voluntary consent (Article 6(1)(a) GDPR);

b) Applicable legal provisions – when processing is necessary to fulfill a legal obligation of the Administrator, for example, when the Administrator settles concluded Sales Agreements based on tax or accounting regulations (Article 6(1)(c) GDPR);

c) Necessity for other than the above-mentioned purposes resulting from legitimate interests pursued by the Administrator or a third party, especially for establishing, pursuing, or defending claims, correspondence (including responding to Customer messages), market, and statistical analyses (Article 6(1)(f) GDPR).

2.8. The consequence of not providing Personal Data may be the inability to effectively perform the above-mentioned actions.

2.9. The buyer agrees to the processing of their personal data provided during account registration on the website and during use of the online store phoenix-europe.eu, including making purchases. Providing personal data is voluntary. However, failure to consent to the processing of personal data may prevent the seller from providing electronic services and the buyer from making purchases in the online store.

2.10. Each customer who completes the registration form has permanent access to their data for verification and modification. The customer can edit their personal data by logging in on the online store’s website and updating the information.

2.11. Personal data is stored for the period necessary for the execution of orders or maintaining the customer’s account in the Online Store phoenix-europe.eu, and until the termination of the agreement for the provision of electronic services. After this period, data may still be processed based on the seller’s legal obligations (e.g., for accounting document retention) or legitimate interest (e.g., defense against claims, statute of limitations for sales agreements, time for submitting and resolving complaints or exchanging goods).

2.12. Every customer whose data is processed has the right to withdraw consent to the processing of their personal data. Customers whose personal data is processed also have the right to file a complaint with the administrator of the website phoenix-europe.eu and the President of the Personal Data Protection Office if they believe the processing of data violates GDPR provisions.

2.13. Each customer has the right at any time to:

a) File a complaint with the President of the Personal Data Protection Office.

b) Transfer the Personal Data they provided to the Administrator, which is processed automatically and based on consent or contract.

c) Access their Personal Data (including, for example, receiving information about which Personal Data is being processed).

d) Request correction, restriction of processing (e.g., if Personal Data is inaccurate), or deletion of Personal Data (e.g., if processed unlawfully).

2.14. Every customer has the right to object at any time to the processing of their Personal Data based on the necessity for the purposes of legitimate interests pursued by the Administrator, including for marketing purposes, including profiling (unless there are overriding legal grounds for processing that take precedence over the interests of the customer).

2.15. If processing is based on the customer’s consent, they have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

2.16. To exercise the rights mentioned above, customers can contact the Administrator by sending an appropriate written message or email to the Administrator’s address provided at the beginning of this privacy policy.

2.17. Personal Data may be stored during the use of the Online Service, but they may be deleted three years after the last activity of the individual within the Online Service, unless legal provisions (e.g., accounting or tax laws) require the Administrator to process Personal Data for a longer period.

3. Cookies and Operational Data

3.1. Cookies are small text files sent by a server and saved on the device of the visitor to the Online Store (e.g., on the hard drive of a computer, laptop, or the memory card of a smartphone – depending on the device used by the visitor). Detailed information about cookies and their history can be found here: http://pl.wikipedia.org/wiki/Ciasteczko.

3.2. The Administrator may process data contained in cookies during the use of the Online Store’s website by visitors for the following purposes:

a) Identification of logged-in Service Users in the Online Store.

b) Remembering products added to the shopping cart for placing an order.

c) Remembering data from filled order forms, surveys, or login data.

d) Adjusting the content of the Online Store’s pages to the individual preferences of the Service User (e.g., regarding colors, font size, page layout) and optimizing the use of the Online Store’s website.

e) Conducting anonymous statistics on how the Online Store’s website is used.

3.3. By default, most internet browsers available on the market accept cookies. Everyone has the option to define conditions for using cookies by adjusting their browser settings. This means that they can partially limit (e.g., temporarily) or completely disable the ability to save cookies. However, doing so may affect some functionalities of the Online Store (e.g., it may be impossible to proceed through the order process as products in the shopping cart may not be remembered during successive steps).

3.4. Browser settings regarding cookies are essential in terms of giving consent to the use of cookies by our Online Store – according to regulations, this consent may also be given through the settings of the internet browser. If consent is not given, the browser settings for cookies must be appropriately adjusted.

3.5. Detailed information on changing settings regarding cookies and removing them in the most popular web browsers can be found in the browser’s help section.

4. Basis for Data Processing

4.1. Providing personal data by the Service User or Customer is voluntary; however, not providing the personal data indicated on the Online Store’s website and in the Online Store’s Regulations that are necessary to conclude and execute the Sales Agreement or the agreement for the provision of Electronic Services will result in the inability to conclude the agreement.

4.1. The basis for processing the Service User’s or Customer’s personal data is the necessity for the performance of a contract to which the data subject is a party or the necessity to take steps at the request of the data subject before entering into the contract. In the case of data 4.1processing for direct marketing of the Administrator’s own products or services, the basis for such processing is the prior consent of the Service User or Customer or (2) fulfilling legitimate purposes pursued by the Administrator (according to Article 23, paragraph 4 of the Personal Data Protection Act, direct marketing of the Administrator’s own products or services is considered a legitimate purpose). In the case of processing data to express the Customer’s opinion about the concluded Sales Agreement, the basis for such processing is the consent of the Service User or Customer.

5. Final Provisions

5.1. The Online Store may contain links to other websites. The Administrator suggests that after accessing other websites, you familiarize yourself with the privacy policy established there. This privacy policy applies solely to this Online Store.

5.2. The Administrator employs technical and organizational measures to ensure the protection of personal data being processed, appropriate to the risks and categories of data under protection. Specifically, the Administrator protects the data against unauthorized access, theft by an unauthorized person, processing in violation of applicable regulations, and changes, loss, damage, or destruction.

5.3. The Administrator provides the following technical measures to prevent unauthorized access to and modification of personal data transmitted electronically:

• • Protection of the data set against unauthorized access.
  • Access to the Account only after providing an individual login and password.
  • SSL certificate.