Home page > Privacy Policy

Privacy Policy

GENERAL PROVISIONS
1. This privacy policy of the Online Store is informational in nature, which means that it is not a source of obligations for Users or Customers of the Online Store. The privacy policy primarily contains the principles regarding the processing of personal data by the Administrator in the Online Store, including the basis, purposes, and scope of personal data processing, as well as the rights of the data subjects, and information regarding the use of cookies and analytical tools in the Online Store.
2. The administrator of personal data collected through the Online Store is Baltrade sp. z o.o. based in Gdańsk (80-298), ul. Geodetów 24, entered into the register of entrepreneurs of the National Court Register maintained by the District Court Gdańsk-North in Gdańsk VII Economic Department KRS under number 0000599859, NIP 584-020-21-16, email address: ehandel@hurt.com.pl, contact phone number: 58 552 20 20 - hereinafter referred to as the "Administrator" and also being the Service Provider of the Online Store and the Seller.
3. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular in accordance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679
4. Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the User or Customer using the Online Store is voluntary, subject to two exceptions: (1) concluding contracts with the Administrator - failure to provide personal data in cases and to the extent indicated on the Online Store's website and in the Online Store's Terms and Conditions and this privacy policy necessary to conclude and perform the Sales Agreement or the electronic service agreement with the Administrator results in the inability to conclude that agreement. Providing personal data is in such a case a contractual requirement, and if the person to whom the data relates wants to conclude a given agreement with the Administrator, they are obliged to provide the required data. Each time, the scope of data required to conclude the agreement is indicated in advance on the Online Store's website and in the Online Store's Terms and Conditions; (2) legal obligations of the Administrator - providing personal data is a statutory requirement resulting from generally applicable legal provisions imposing on the Administrator the obligation to process personal data (e.g., processing data for the purpose of maintaining tax or accounting books) and failure to provide them will prevent the Administrator from fulfilling these obligations.
5. The Administrator takes special care to protect the interests of the persons whose personal data are processed by him, and in particular is responsible and ensures that the data collected by him are: (1) processed lawfully; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) accurate and adequate in relation to the purposes for which they are processed; (4) stored in a form which permits identification of the data subjects for no longer than is necessary for the purposes of processing; and (5) processed in a manner ensuring appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
6. Considering the nature, scope, context, and purposes of processing, as well as the risk of infringement of the rights or freedoms of natural persons of varying likelihood and severity of the threat, the Administrator implements appropriate technical and organizational measures to ensure that processing is carried out in accordance with this regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The Administrator uses technical measures to prevent unauthorized persons from obtaining and modifying personal data transmitted electronically.
7. All words, phrases, and acronyms appearing in this privacy policy and starting with a capital letter (e.g., Seller, Online Store, Electronic Service) should be understood in accordance with their definitions contained in the Online Store's Terms and Conditions available on the Online Store's pages.

BASIS FOR DATA PROCESSING
1. The Administrator is entitled to process personal data in cases where – and to the extent that – at least one of the following conditions is met: (1) the data subject has given consent to the processing of their personal data for one or more specific purposes; (2) processing is necessary for the performance of a contract to which the data subject is a party or to take action at the request of the data subject before the conclusion of a contract; (3) processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) processing is necessary for the purposes of legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
2. Processing of personal data by the Administrator requires the existence of at least one of the bases indicated in point 2.1 of the privacy policy. The specific bases for processing the personal data of Users and Customers of the Online Store by the Administrator are indicated in the next point of the privacy policy – in relation to the specific purpose of processing personal data by the Administrator.

PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE

Each time the purpose, basis, period, and scope, as well as the recipients of personal data processed by the Administrator, result from the actions taken by a given User or Customer in the Online Store. For example, if a Customer decides to make purchases in the Online Store and chooses personal collection of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of executing the concluded Sales Agreement, but will not be shared with the carrier executing shipments on behalf of the Administrator.

The Administrator may process personal data in the Online Store for the following purposes, on the following bases, for the periods, and in the following scope:

Purpose of data processing	Legal basis for processing and data retention period	Scope of processed data
Execution of the Sales Agreement and sending personalized commercial information as part of direct marketing. Execution of the electronic service agreement. Taking actions at the request of the data subject before concluding the above agreements.	Article 6(1)(b) and (f) of the GDPR (performance of the contract and legitimate interest of the administrator). Data is stored for the period necessary to perform, terminate, or otherwise expire the concluded agreement. Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject arising from the business activity conducted by the Administrator. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to conducting business activity is three years, and for the sales agreement, two years).	Maximum scope: first name and last name; email address; contact phone number; delivery address (street, house number, apartment number, postal code, city), residence/business address/headquarters (if different from the delivery address) and tax identification number (NIP) of the User or Customer.
Marketing.	Article 6(1)(a) of the GDPR (consent). Data is stored until the consent is withdrawn by the data subject for further processing of their data for this purpose.	Email address.
Customer's expression of opinion on the concluded Sales Agreement.	Article 6(1)(a) of the GDPR. Data is stored until the consent is withdrawn by the data subject for further processing of their data for this purpose.	Email address.
Maintaining tax or accounting books.	Article 6(1)(c) of the GDPR in connection with Article 74(2) of the Accounting Act of January 30, 2018 (Journal of Laws of 2018, item 395). Data is stored for the period required by law requiring the Administrator to maintain tax books (until the expiration of the tax obligation limitation period, unless tax laws provide otherwise) or accounting books (5 years, counting from the beginning of the year following the financial year to which the data relates).	First name and last name; residence/business address/headquarters (if different from the delivery address), company name, and tax identification number (NIP) of the User or Customer.
Establishing, pursuing, or defending claims that the Administrator may raise or that may be raised against the Administrator.	Article 6(1)(f) of the GDPR. Data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than the limitation period for claims against the data subject arising from the business activity conducted by the Administrator. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to conducting business activity is three years, and for the sales agreement, two years).	First name and last name; contact phone number; email address; delivery address (street, house number, apartment number, postal code, city), residence/business address/headquarters (if different from the delivery address) and tax identification number (NIP) of the User or Customer.

DATA RECIPIENTS IN THE ONLINE STORE
1. For the proper functioning of the Online Store, including the execution of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software providers, couriers, or payment processors). The Administrator only uses the services of such processors who provide sufficient guarantees to implement appropriate technical and organizational measures so that processing meets the requirements of the GDPR and protects the rights of the data subjects.
2. The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy – the Administrator only transfers data when it is necessary to achieve a specific purpose of processing personal data and only to the extent necessary to achieve it. For example, if a Customer uses personal collection, their data will not be shared with the carrier cooperating with the Administrator.
3. Personal data of Users and Customers of the Online Store may be transferred to the following recipients or categories of recipients:
  1. carriers / forwarders / courier brokers - in the case of a Customer who uses the method of delivery of the Product by postal shipment or courier shipment in the Online Store, the Administrator provides the collected personal data of the Customer to the selected carrier, forwarder, or intermediary executing shipments on behalf of the Administrator to the extent necessary to carry out the delivery of the Product to the Customer.
  2. entities handling electronic payments or credit card payments - in the case of a Customer who uses electronic payment methods or credit card payments in the Online Store, the Administrator provides the collected personal data of the Customer to the selected entity handling the above payments in the Online Store on behalf of the Administrator to the extent necessary to handle the payment made by the Customer.
  3. providers of survey systems for opinions - in the case of a Customer who has agreed to express an opinion on the concluded Sales Agreement, the Administrator provides the collected personal data of the Customer to the selected entity providing the survey system for opinions on concluded Sales Agreements in the Online Store on behalf of the Administrator to the extent necessary for the Customer to express their opinion using the survey system.
  4. providers of services supplying the Administrator with technical, IT, and organizational solutions enabling the Administrator to conduct business activity, including the Online Store and the electronic services provided through it (in particular, providers of computer software for running the Online Store, email and hosting providers, and providers of software for managing the company and providing technical assistance to the Administrator) - the Administrator provides the collected personal data of the Customer to the selected provider acting on his behalf only in the case and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.
  5. providers of accounting, legal, and advisory services providing the Administrator with accounting, legal, or advisory support (in particular, accounting office, law firm, or debt collection company) - the Administrator provides the collected personal data of the Customer to the selected provider acting on his behalf only in the case and to the extent necessary to achieve a specific purpose of data processing in accordance with this privacy policy.

PROFILING IN THE ONLINE STORE
1. The GDPR imposes on the Administrator the obligation to inform about automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR, and – at least in those cases – significant information about the rules of making such decisions, as well as about the significance and expected consequences of such processing for the data subject. With this in mind, the Administrator provides in this point of the privacy policy information regarding possible profiling.
2. The Administrator may use profiling in the Online Store for direct marketing purposes, but decisions made on its basis by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement, or the possibility of using Electronic Services in the Online Store. The effect of using profiling in the Online Store may be, for example, a reminder of unfinished purchases, indicating a product proposal that may correspond to the interests or preferences of a given person. Despite profiling, it is the person who freely decides whether they want to take advantage of the received product proposal.
3. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

RIGHTS OF THE DATA SUBJECT
1. Right of access, rectification, restriction, deletion, or transfer - the data subject has the right to request from the Administrator access to their personal data, rectification, deletion ("right to be forgotten") or restriction of processing and has the right to object to processing, as well as the right to transfer their data. The detailed conditions for exercising the above rights are specified in Articles 15-21 of the GDPR.
2. Right to withdraw consent at any time – the data subject whose data is processed by the Administrator based on expressed consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
3. Right to lodge a complaint with a supervisory authority – the data subject whose data is processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Personal Data Protection Office.
4. Right to object - the data subject has the right to object at any time – for reasons related to their particular situation – to the processing of their personal data based on Article 6(1)(e) (public interest or tasks) or (f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the Administrator may no longer process such personal data unless he demonstrates the existence of compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or grounds for establishing, pursuing, or defending claims.
5. Right to object regarding direct marketing - if personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing purposes, including profiling, to the extent that the processing is related to such direct marketing.
6. In order to exercise the rights referred to in this point of the privacy policy, one can contact the Administrator by sending a relevant message in writing or by email to the address of the Administrator indicated at the beginning of the privacy policy or by using the contact form available on the Online Store's website.
COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS
1. Cookies are small text information in the form of text files, sent by the server and stored on the side of the person visiting the Online Store's website (e.g., on the hard drive of a computer, laptop, or on the memory card of a smartphone – depending on which device the visitor uses to access our Online Store). Detailed information about cookies, as well as the history of their creation, can be found, among others, here: http://pl.wikipedia.org/wiki/Ciasteczko.
2. The Administrator may process data contained in cookies while visitors use the Online Store's website for the following purposes:
  1. identifying Users as logged in to the Online Store and showing that they are logged in;
  2. remembering Products added to the cart for placing an Order;
  3. remembering data from filled Order Forms, surveys, or login data to the Online Store;
  4. customizing the content of the Online Store's website to the individual preferences of the User (e.g., regarding colors, font size, page layout) and optimizing the use of the Online Store's pages;
  5. conducting anonymous statistics showing how the Online Store's website is used;
  6. remarketing, i.e., analyzing the behavior characteristics of visitors to the Online Store through anonymous analysis of their actions (e.g., repeated visits to specific pages, keywords, etc.) to create their profile and deliver ads tailored to their predicted interests, even when they visit other websites in the advertising network of Google Inc. and Facebook Ireland Ltd.
  7. tracking anonymized user traffic on the website using the Hotjar tool; Hotjar records user behavior anonymously (not allowing the reading of filled forms), in particular, this includes information about the operating system and web browser, viewed subpages, time spent on the service, transitions between individual subpages within our service, the source from which you transition to our service, and mouse click locations.
3. By default, most web browsers available on the market accept cookies by default. Everyone has the option to specify the conditions for using cookies through their own web browser settings. This means that one can, for example, partially restrict (e.g., temporarily) or completely disable the ability to save cookies – in the latter case, however, this may affect some functionalities of the Online Store (for example, it may become impossible to proceed through the Order path via the Order Form due to not remembering Products in the cart during subsequent steps of placing an Order).
4. Browser settings regarding cookies are important from the perspective of consent to the use of cookies by our Online Store – according to the regulations, such consent may also be expressed through the settings of the web browser. In the absence of such consent, the browser settings regarding cookies should be appropriately changed.
5. Detailed information on how to change cookie settings and how to delete them in the most popular web browsers is available in the help section of the web browser and on the following pages (just click on the given link):
  
  in Chrome browser
  in Firefox browser
  in Internet Explorer browser
  in Opera browser
  in Safari browser
  in Microsoft Edge browser
6. The Administrator may use Google Analytics, Universal Analytics services provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) and the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) in the Online Store. These services help the Administrator analyze traffic in the Online Store. The collected data is processed within the above services in an anonymized manner (these are so-called operational data that prevent the identification of the person) to generate statistics helpful in administering the Online Store. These data are aggregated and anonymous, i.e., do not contain identifying features (personal data) of the persons visiting the Online Store's website. By using the above services in the Online Store, the Administrator collects data such as sources and medium of acquiring visitors to the Online Store and their behavior on the Online Store's website, information about the devices and browsers from which they visit the site, IP and domain, geographical data, and demographic data (age, gender) and interests.
7. It is possible for a person to easily block Google Analytics from sharing information about their activity on the Online Store's website - for this purpose, one can install a browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=pl
8. The Administrator may use the Hotjar tool in the Online Store, provided by an external entity, i.e., Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. You can object to Hotjar creating your user profile, storing information about your use of our site, and using Hotjar cookies here: https://www.hotjar.com/policies/do-not-track/. If you are interested in details related to data processing within Hotjar, we encourage you to read Hotjar's privacy policy: https://www.hotjar.com/legal/policies/privacy.
FINAL PROVISIONS
The Online Store may contain links to other websites. The Administrator encourages you to familiarize yourself with the privacy policy established there after transitioning to other sites. This privacy policy applies only to the Administrator's Online Store.

Privacy preference settings

Websites may store or retrieve certain information from your browser in the form of cookies. This may include information about you, your preferences, the device you are using. This data does not directly identify the user, but allows Baltrade Sp. z o.o. to conduct statistical analyses and enable the presentation of more personalized content on the web.
We respect your right to privacy. You can therefore decide on the scope of Baltrade Sp. z o.o.'s use of certain cookies. To change the settings, click on the specific cookie category.

More information ...

Strictly necessary cookies

Always active

Analytical cookies

Marketing cookies

Functional cookies

Privacy Policy

TABLE OF CONTENTS: