Privacy Policy

Effective date: November 2025

1. Definitions
Administrator / we / us – HOZZE Sp. z o.o., ul. Kwiatowa 1, 63-322 Gołuchów, Poland, VAT ID: 6080120501, REGON: 520955096, KRS: 0000945373, operating the online store at https://hozzestore.eu.
Online Store – the website available at https://hozzestore.eu, including its subpages and purchasing functionalities.
User / Customer – a natural person (including a consumer), legal entity, or organisational unit without legal personality using the Store.
Personal Data – any information relating to an identified or identifiable natural person as defined in Article 4(1) of the GDPR.
Cookies – files or similar technologies stored on the User’s device, used to ensure proper website operation, analytics, and service personalisation.
Newsletter – a service consisting of regularly sending commercial information electronically after consent.
Profiling – automated processing of data used to assess certain characteristics of a person (e.g. interests) without making legal decisions affecting them.

2. Data Controller and Contact Information
The Data Controller is HOZZE Sp. z o.o., ul. Kwiatowa 1, 63-322 Gołuchów, Poland.
Contact for data protection matters: biuro@hozzestore.eu (preferred) or by post to the above address.

3. Data Protection Standards
We comply with the GDPR and Polish data protection laws. Adequate technical and organisational measures ensure the security and legality of processing. Our staff are trained, and we cooperate with the Polish supervisory authority (PUODO) when required.

4. What Data We Collect
a) Data provided by the User:
Name, address, email, phone, VAT ID (if applicable), content of inquiries, and other data provided via forms (account registration, order, contact form) or during communication by email, phone, or post.
b) Data collected automatically:
IP address, timestamps, browser or device identifiers, operating system, language settings, referring URL, activity information (e.g. visited pages, clicks), basic geolocation based on IP (region/city), cookies and similar technologies used for technical, statistical, security, and – upon consent – analytical and marketing purposes.

5. Is Data Provision Mandatory?
Providing data is necessary to complete orders, create an account, respond to inquiries, or provide newsletter services. Without such data, service delivery may not be possible.

6. Purposes of Processing and Scope of Necessity
• Submitting and processing orders
• Shipping ordered products
• Responding to inquiries (form, email, phone)
• Account registration and maintenance
• Sending newsletters (upon consent, until withdrawal)

7. Cookies and Similar Technologies
The Store uses necessary cookies and – upon consent – analytical and marketing cookies.
Users can manage their preferences via the cookie banner or browser settings.
Cookies ensure security, statistical analysis, performance optimisation, and – with consent – personalised advertising.

8. Data Minimisation and User Choice
Each User decides whether and to what extent they wish to use our services and provide personal data. We process only data necessary for the stated purposes.

9. Data Retention Period
Personal data are processed for as long as necessary to achieve the purposes outlined above. Data may be stored longer if required by law or justified by our legitimate interests (e.g. claims limitation period) or when a service is continuous (e.g. newsletter subscription).

10. Source of Data
The source of personal data is always the User (data subject).

11. Legal Basis for Processing
• Article 6(1)(b) GDPR: contract performance or steps prior to entering into one
• Article 6(1)(c) GDPR: legal obligations
• Article 6(1)(f) GDPR: legitimate interests (claims, security, analytics)
• Article 6(1)(a) GDPR: consent (newsletter, analytical/marketing cookies)

12. Transfer of Data Outside the EEA
As a rule, we do not transfer data outside the European Economic Area (EEA).
However, if we use tools from providers based outside the EEA (e.g. Meta Platforms, Google LLC, mailing services), such transfers occur only under safeguards provided by Chapter V of the GDPR, including Standard Contractual Clauses or other legal mechanisms.
In such cases, the scope of data transferred is limited to the necessary minimum.

13. Disclosure and Data Processing by Third Parties
We do not share personal data with third parties without consent, except when required by law.
Data may be entrusted only for purposes necessary to provide services, in particular to:
• Hosting and IT service providers
• Payment operators and banks
• Courier and postal companies
• Analytical and marketing tools (only with consent)
• Auditors and consultants (where necessary)
All entities processing data on our behalf act under a data processing agreement and follow our instructions.

14. Profiling, Analytics and Marketing
We may perform basic profiling (e.g. analysing activity in the Store or engagement with marketing emails) to tailor content and offers to User interests.
We do not make automated decisions producing legal effects.
Use of third-party analytics and advertising tools (e.g. advertising pixels, remarketing) occurs only after obtaining consent for cookies, which can be withdrawn anytime without affecting prior processing.

15. No Automated Decision-Making
Personal data are not subject to automated decision-making that could produce legal or similarly significant effects on the User.

16. Rights of Data Subjects
Users have the right to:
• Access their data
• Rectify inaccurate data
• Request erasure (“right to be forgotten”)
• Restrict processing
• Transfer data to another controller
• Object to processing
• Withdraw consent at any time (without affecting earlier lawful processing)
• Lodge a complaint with the supervisory authority (PUODO)
These rights can be exercised through account settings or by contacting us at biuro@hozzestore.eu.

17. Contact for Data Protection Matters
Please send all requests by email to biuro@hozzestore.eu or by post to:
HOZZE Sp. z o.o., ul. Kwiatowa 1, 63-322 Gołuchów, Poland.
Please include your identification details, description of the issue, your request, and preferred response method.

18. Data Breach Notification
Every data breach is documented. Where required by law, affected individuals and – if applicable – the supervisory authority (PUODO) are notified.

19. Scope and Application
Capitalised terms have the meanings given in the Store’s Terms and Conditions unless otherwise stated.
This policy applies to all persons whose data we process as the Data Controller (e.g. customers, contractors, newsletter subscribers).

20. Changes to the Privacy Policy
This policy may be updated to reflect changes in law or Store operations.
The current version is always available at https://hozzestore.eu.
In the case of significant updates, we may notify Users via the website or email.

21. Data Protection Officer (DPO)
We have not appointed a Data Protection Officer as it is not currently required.
For all data protection matters, please contact the Administrator directly (see Section 2).
If a DPO is appointed in the future, their contact details will be added here.

22. Final Provisions
For matters not regulated herein, the applicable law shall apply.
In the event of any inconsistency between this Policy and the law, the provisions of law shall prevail.