Privacy Policy of the online store kubekurody.pl

Last updated: 28.04.2026

1. Data Controller

The controller of personal data is:

Kubek Urody Dominik Hoffmann
Obornicka 8A
62-002 Jelonek, Poland
Tax ID (NIP): 9720967924
REGON: 300718188
email: admin@kubekurody.pl
phone: +48 732 448 881

The Controller processes personal data in accordance with the GDPR and applicable Polish law.

The Controller has not appointed a Data Protection Officer.

For matters related to personal data, you can contact the Controller at: admin@kubekurody.pl.

2. Purposes and legal basis of processing

Personal data is processed for the following purposes:

  • order fulfillment and contract performance – Article 6(1)(b) GDPR
  • legal obligations (tax, accounting) – Article 6(1)(c) GDPR
  • handling complaints, returns and claims – Article 6(1)(b) and (f) GDPR
  • defending or pursuing claims – Article 6(1)(f) GDPR
  • marketing of own products (newsletter) – Article 6(1)(a) GDPR
  • analytics and marketing activities using tools such as Google Analytics 4 and Meta Pixel – Article 6(1)(a) GDPR

Providing data is voluntary but necessary to conclude and perform the contract.

3. Scope of processed data

The Controller may process the following data:

  • full name
  • company name
  • address (residential or delivery)
  • tax ID (NIP)
  • email address
  • phone number
  • IP address
  • invoice data
  • order history
  • data confirming professional qualifications (for professional products)

4. Source of data

Personal data is obtained directly from the Customer (e.g. during order placement or account registration) and automatically (e.g. IP address, cookies).

5. External tools

The store uses external tools for analytics and marketing purposes:

Google Analytics 4
Provider: Google Ireland Ltd.

Meta Pixel
Provider: Meta Platforms Ireland Ltd.

Data may be transferred outside the European Economic Area (e.g. USA) based on appropriate safeguards such as Standard Contractual Clauses.

Analytical and marketing tools are activated only after user consent.

6. Data retention period

  • accounting data – according to legal requirements
  • marketing data – until consent is withdrawn
  • claims-related data – until limitation period expires
  • account data – until account deletion

7. Data recipients

Data may be shared with entities cooperating with the Controller, including:

  • hosting, IT and e-commerce system providers (including PrestaShop)
  • payment operator PayPro S.A. (Przelewy24)
  • courier and postal companies
  • accounting services
  • analytics and marketing providers (Google, Meta)
  • technical service providers (servers, email, security)

Data is shared only to the extent necessary.

8. Rights of the data subject

The user has the right to:

  • access data
  • rectify data
  • erase data
  • restrict processing
  • data portability
  • object to processing
  • withdraw consent at any time
  • lodge a complaint with a supervisory authority

9. Profiling

Data may be used for marketing profiling to tailor ads to user preferences.

Profiling does not produce legal effects or significantly affect the user.

No automated decision-making is used.

10. Data security

The Controller applies appropriate technical and organizational measures, including:

  • SSL encryption
  • server protection
  • restricted access
  • IT system security

11. Cookies and external technologies

The store uses cookies and similar technologies to ensure proper operation, order processing, preferences, analytics and marketing.

  • necessary cookies
  • analytical cookies (Google Analytics 4)
  • marketing cookies (Meta Pixel)
  • functional cookies

Necessary cookies are based on legitimate interest.

Other cookies require user consent.

The user can change cookie settings at any time.

Google Fonts
Provider: Google Ireland Ltd.

Google may process technical data such as IP address.

The Controller has no influence on further processing by Google.

12. Data transfer outside the EEA

Data may be transferred outside the EEA, especially to the USA, in connection with Google and Meta services.

Transfers are based on appropriate safeguards such as Standard Contractual Clauses.

13. Changes to the Privacy Policy

The current version is published on the website.

Changes take effect upon publication.