NIRE.pl Privacy Policy

Effective from: October 1, 2025

1. Personal Data Controller

The controller of your personal data is:

Crunchfest Dariusz Skrzypkowski
ul. Syta 99/8
02-987 Warsaw
Tax ID (NIP): 5423097096
Email: nire@crunchfest.com
Phone: 790 816 990

For matters related to personal data protection, you can contact us at: nire@crunchfest.com or by phone at 790 816 990.

2. Purposes and Legal Bases for Data Processing

We process your personal data for the following purposes:

Performance of Sales Contract (Art. 6(1)(b) GDPR)

We process data to:

• Accept and fulfill orders for infrared therapy chairs
• Deliver ordered products
• Process payments through the Przelewy24 system
• Communicate regarding order fulfillment
• Handle complaints and warranty claims

Data scope: name, surname, delivery address, email address, phone number, payment data

Fulfillment of Legal Obligations (Art. 6(1)(c) GDPR)

We process data to:

• Issue invoices and maintain accounting documentation
• Fulfill tax obligations
• Maintain sales records
• Handle consumer complaints in accordance with regulations

Data scope: data necessary for invoice issuance (name, surname, address, Tax ID), transaction data

Pursuit of Legitimate Interests (Art. 6(1)(f) GDPR)

We process data to:

• Pursue or defend against potential claims
• Prevent fraud and abuse
• Ensure transaction security
• Conduct sales analytics and internal statistics
• Direct marketing of own products to existing customers

Data scope: transaction data, purchase history, contact details, IP address

Based on Your Consent (Art. 6(1)(a) GDPR)

If you have given consent, we process data to:

• Send newsletters with information about promotions and new products
• Market products and services electronically
• Use analytical and marketing cookies

Data scope: email address, name, marketing preferences

3. Data Recipients

Your personal data may be transferred to the following categories of recipients:

Processing Entities

• PayPro S.A. (Przelewy24 system operator) - ul. Pastelowa 8, 60-198 Poznań, KRS: 0000347935, Tax ID: 7792369887
• Courier and postal companies providing delivery services
• Hosting and IT service providers
• Accounting office handling bookkeeping
• Marketing service providers (if you have given consent)

State Authorities

Your data may be disclosed to authorized authorities based on legal provisions, particularly:

• Tax Office
• Law enforcement and judicial authorities
• President of the Personal Data Protection Office

4. Transfer of Data to Third Countries

Your personal data is not transferred outside the European Economic Area (EEA). All processing entities, including PayPro S.A. (Przelewy24 operator), process data exclusively within the EEA.

When using analytical tools (Google Analytics) that may involve data transfer to the USA, we apply appropriate safeguards in the form of standard contractual clauses approved by the European Commission.

5. Data Retention Period

We store your personal data for:

• Transaction and order data: duration of contract performance plus 3 years from completion (claims limitation period)
• Invoices and accounting documents: 5 years from the end of the tax year in which the tax obligation arose
• Complaint data: 1 year after warranty period ends or complaint resolution
• Marketing data: until consent is withdrawn
• Fraud prevention data: 3 years from transaction
• System logs and security data: 2 years from event
• Customer correspondence: 3 years from last contact

6. Your Rights

In connection with personal data processing, you have the following rights:

Right of Access to Data (Art. 15 GDPR)

You have the right to obtain confirmation from us as to whether we process your personal data, and if so, you have the right to access that data and information about processing.

Right to Rectification (Art. 16 GDPR)

You have the right to request immediate rectification of inaccurate data or completion of incomplete data.

Right to Erasure (Art. 17 GDPR)

You have the right to request deletion of your data when:

• Data is no longer necessary for the purposes for which it was collected
• You have withdrawn consent and there is no other legal basis for processing
• You have objected to processing
• Data was processed unlawfully

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request restriction of processing in specific cases, e.g., when you contest the accuracy of data.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used format and transmit it to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object to data processing at any time:

• Direct marketing: objection is always effective
• Other purposes based on legitimate interest: you must indicate your particular situation

Right to Withdraw Consent

If processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw) if you believe that processing of your data violates GDPR.

How to Exercise Your Rights

To exercise your rights, contact us:

• Email: nire@crunchfest.com
• Phone: 790 816 990
• In writing: Crunchfest Dariusz Skrzypkowski, ul. Syta 99/8, 02-987 Warsaw

We will respond to your request within one month of receiving it. In justified cases, the deadline may be extended by an additional 2 months.

7. Automated Decision-Making and Profiling

Profiling

In our store, we use limited profiling for:

• Analyzing purchase history for product recommendations
• Fraud prevention (analysis of unusual transactions)
• Personalization of marketing communication (if you have given consent)

Automated Decision-Making

We do not use fully automated decision-making that would produce legal effects concerning you or similarly significantly affect you. All significant decisions regarding order fulfillment and customer service are made with human involvement.

8. Information About Data Provision Requirements

Data Necessary for Contract Conclusion

Providing data marked as mandatory in the order form is:

• A contractual requirement - necessary for order fulfillment
• Failure to provide this data will prevent contract conclusion and order fulfillment

Invoice Data

Providing invoice data is:

• A statutory requirement - resulting from tax regulations
• Mandatory if you request a VAT invoice

Marketing Data

Providing data for marketing purposes is:

• Completely voluntary
• Lack of consent does not affect ability to use the store

9. Cookie Policy

What Are Cookies?

Cookies are small text files stored on your device when using a website.

Types of Cookies Used

Essential Cookies (basis: Art. 6(1)(f) GDPR)

• Ensure proper store operation
• Support shopping cart and payment process
• Ensure session security
• Do not require consent

Analytical Cookies (basis: Your consent)

• Google Analytics - analyze website traffic
• Help improve store functionality
• Require your consent

Marketing Cookies (basis: Your consent)

• Facebook Pixel - remarketing and advertising
• Google Ads - advertising campaigns
• Require your consent

Managing Cookie Consent

• On first visit, we display a banner requesting consent
• You can accept all, reject all, or select categories
• You can change consent at any time in the page footer
• Withdrawal of consent is as easy as giving it

How to Delete Cookies?

You can delete cookies in your browser settings:

• Chrome: Settings → Privacy and security → Cookies
• Firefox: Options → Privacy and security → Cookies
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Privacy → Choose what to clear

10. Data Security

We apply appropriate technical and organizational measures to ensure security of your data:

• SSL encryption during data transmission
• Secure data storage on protected servers
• Regular backups
• Limited data access only for authorized persons
• Regular staff training on data protection
• Procedures for responding to data breaches

11. Data Processing by Przelewy24

For payment processing, the data controller is:

PayPro S.A. (Przelewy24 system operator)
ul. Pastelowa 8, 60-198 Poznań
KRS: 0000347935
Tax ID: 7792369887
Data Protection Officer: iod@przelewy24.pl

PayPro S.A. processes data to:

• Execute electronic payments
• Prevent fraud
• Fulfill obligations under anti-money laundering regulations
• Handle payment-related complaints

Detailed Przelewy24 privacy policy available at: www.przelewy24.pl

12. Children's Data

Our online store is not directed at persons under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and notice that your child has provided us with their data, please contact us.

13. Changes to Privacy Policy

This Privacy Policy may be updated periodically. We will inform about significant changes through:

• Clear notification on the store website
• Email message (if you have consented to communication)

The date of last update is at the beginning of the document.

14. Contact Information

For matters related to personal data protection, you can contact us:

Email: nire@crunchfest.com
Phone: 790 816 990
Correspondence address:
Crunchfest Dariusz Skrzypkowski
ul. Syta 99/8
02-987 Warsaw

We respond to all inquiries within 30 days of receipt.

---

This Privacy Policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), the Personal Data Protection Act of 10 May 2018, the Act on the Provision of Electronic Services, and other applicable Polish and European law.