Privacy Policy

Privacy Policy for the Online Store

§1. General information

  1. This Privacy Policy explains how personal data is processed and protected in connection with the use of this online store.
  2. The data controller is Sercon Company , with its registered office at Pomianowska 9, 32-800 Brzesko, Poland, VAT ID (NIP): 8691795382, REGON: 121432496, e-mail: biuro@sercon.online, phone: 692 878 710 (hereinafter: “Controller”).
  3. The Controller makes every effort to protect the rights of data subjects and ensures that personal data is processed lawfully, fairly, and transparently.

§2. Scope of processed data

The Controller may process the following categories of personal data:

  • first and last name,
  • billing and/or delivery address,
  • e-mail address,
  • phone number,
  • invoice details (company name, VAT ID, address),
  • IP address,
  • any other data voluntarily provided by the user (e.g., in the message content).

§3. Purposes of processing

Personal data is processed for the following purposes:

  1. to process and fulfil orders placed in the online store,
  2. to create and maintain a customer account (if the user registers),
  3. to contact the customer regarding an order,
  4. to issue accounting documents (invoices/receipts),
  5. to handle complaints, returns, and withdrawal from the contract,
  6. to establish, exercise, or defend legal claims,
  7. to carry out marketing activities — only if the user has given consent.

§4. Legal basis for processing

  • Art. 6(1)(b) GDPR — performance of a contract or steps taken at the request of the user prior to entering into a contract,
  • Art. 6(1)(c) GDPR — compliance with a legal obligation (e.g., accounting/tax regulations),
  • Art. 6(1)(f) GDPR — legitimate interests of the Controller (e.g., claims, security, fraud prevention),
  • Art. 6(1)(a) GDPR — consent (e.g., newsletter/marketing).

§5. Data recipients

  1. Personal data may be shared with service providers acting on behalf of the Controller, only to the extent necessary, such as:
  • courier companies and postal operators,
  • payment service providers (e.g., [PayU/Przelewy24/Stripe/PayPal]),
  • IT and hosting providers,
  • accounting/bookkeeping services.
  1. Personal data is not sold and is not shared with third parties for their own marketing purposes without the user’s consent.

§6. Data retention period

  • for as long as necessary to perform the contract and provide after-sales service,
  • for the period required by law (e.g., accounting records),
  • where processing is based on consent — until the consent is withdrawn,
  • where processing is based on legitimate interests — until an effective objection is raised or until the limitation period for claims expires.

§7. User rights

The user has the right to:

  • access their personal data,
  • rectify their personal data,
  • erase their personal data,
  • restrict processing,
  • data portability,
  • object to processing,
  • withdraw consent at any time (where processing is based on consent),
  • lodge a complaint with the competent supervisory authority (in Poland: the President of the Personal Data Protection Office – UODO).

§8. Cookies

  1. The store uses cookies to ensure the website works properly, to compile statistics, and (optionally) for marketing purposes.
  2. The user can change cookie settings at any time in their web browser.

§9. Security

The Controller applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction.

§10. Changes to this Privacy Policy

The Controller reserves the right to amend this Privacy Policy. The current version is always available on the store website.

Last updated: [11.02.2026]