Privacy policy

Privacy policy

1. Data Controller

The controller of your personal data is:

• HOTBOX SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ
• Marii i Bolesława Wysłouchów 13/LU1, 30-611 Kraków, Polonia
• Tax ID (NIP): 6751782437

2. What data do we process?

In connection with placing an order or contacting us, we may process the following personal data:

• first and last name
• email address
• shipping address
• phone number (optional)

 

Providing this data is voluntary but necessary for order fulfillment. Failure to provide the data will prevent order fulfillment but will not affect your ability to use the website’s other features.

3. Purposes and legal basis for data processing

We process your personal data for the following purposes:

• Order fulfillment and processing – Article 6(1)(b) of the GDPR
• Invoicing and tax obligations – Article 6(1)(c) of the GDPR
• Contact regarding the order – Article 6(1)(f) of the GDPR
• Website traffic analysis (e.g., Google Analytics) – Article 6(1)(f) of the GDPR

4. Recipients of the data

Your personal data may be disclosed to the following entities:

1. Courier companies and delivery providers (for the purpose of delivering your order).
2. Accounting firm (for accounting services).
3. Hosting companies and IT service providers.
4. Operators of analytical tools (e.g., Google).

5. Data retention period

Your data will be processed for the period necessary to fulfill the order and for the time required by tax and accounting regulations (usually up to 5 years from the end of the year in which the transaction took place).

6. Rights of the data subject

You have the right to:

Access your personal data, have it corrected, have it erased (“right to be forgotten”), restrict processing, transfer data, object to processing, file a complaint with the President of the Personal Data Protection Office (UODO).

7. Cookies and analytical tools

The website uses cookies to ensure proper functioning, as well as analytics tools such as Google Analytics, which enable the analysis of statistics and user behavior on the site.

During your first visit to the site, a banner informing you about the use of cookies is displayed—you can consent to or manage this.

8. Profiling

Your personal data may be processed automatically, including through profiling, which involves analyzing your order history, visited pages, and activities on the website for the purpose of:

• Tailoring marketing content to your preferences, improving our product offerings, displaying personalized ads (if you have consented to this).
• Profiling will not have any legal consequences for you or otherwise significantly affect your situation—it is used solely for marketing and analytical purposes.

9. Transfer of data outside the european economic area (EEA)

We do not transfer your personal data outside the European Economic Area unless it is necessary in connection with the operation of third-party tools (e.g., Google), which may store data on servers outside the EEA. In such cases, appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

10. Changes to the privacy policy

The Privacy Policy may be updated. The new version will be published on the website along with the effective date.

Last updated: August 14, 2025