Version effective from: 19 May 2025
§ 1. General Provisions
This Privacy Policy defines the rules for processing and protecting the personal data of Users who use the website chabin.pl and the associated online store (hereinafter: the "Service").
Personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (GDPR) and the Polish Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000).
Data Controller:
CHABIN limited partnership (spółka komandytowa)
ul. Praska 31, 93-181 Łódź, Poland
KRS: 0001049308 | NIP: 727-243-66-37 | REGON: 47222732
E-mail: esklep@chabin.pl
Phone: +48 42 684 98 72
The Controller has not appointed a Data Protection Officer (DPO). For all matters related to personal data processing, please contact the Controller directly using the contact details above.
§ 2. Purposes and Legal Bases for Processing
The Controller processes personal data for the following purposes and on the following legal bases:
| Purpose of processing | Legal basis (Art. 6 GDPR) |
|---|---|
| Order fulfilment and sales handling | Art. 6(1)(b) - performance of a contract |
| Handling enquiries, contact forms and B2B cooperation requests | Art. 6(1)(b) - pre-contractual measures Art. 6(1)(f) - legitimate interest |
| Issuing invoices and accounting documentation | Art. 6(1)(c) - legal obligation |
| Sending commercial information by electronic means (newsletter) | Art. 6(1)(a) - User's consent |
| Telephone contact for the purpose of presenting a commercial offer | Art. 6(1)(a) - User's consent |
| Remarketing and traffic analysis (Google Analytics, Meta Pixel) | Art. 6(1)(a) - User's consent (cookie banner) |
| Pursuing and defending against claims | Art. 6(1)(f) - legitimate interest of the Controller |
§ 3. Scope of Data Collected
The Controller processes only the data necessary for the stated purposes. Depending on the User's actions, this may include:
- first and last name,
- e-mail address,
- phone number,
- delivery and/or business address,
- VAT number (in the case of business entities),
- account login credentials (e-mail + password in encrypted form),
- usage data: IP address, cookies, activity within the Service.
Providing data necessary for order fulfilment is required. Providing data for marketing purposes is voluntary.
§ 4. Recipients of Data
Personal data may be transferred to the following categories of recipients:
- Courier companies and logistics operators (InPost, DPD, etc.) - to the extent necessary for delivery,
- Electronic payment operators (PayU, Przelewy24, etc.) - for transaction processing,
- IT system providers - hosting, PrestaShop, Comarch ERP - under data processing agreements,
- GetResponse - e-mail marketing service provider (data processing agreement / DPA),
- Google LLC - Google Analytics and Google Ads (independent data controller),
- Meta Platforms Ireland Ltd. - Meta Pixel and advertising (independent data controller),
- Public authorities - only when required by applicable law.
Data is not sold or shared with third parties for purposes other than those stated in this Policy.
§ 5. Transfer of Data Outside the EEA
Due to the use of Google Analytics and Meta Pixel, User data may be transferred to the United States of America - outside the European Economic Area (EEA). Such transfers are carried out on the basis of Standard Contractual Clauses approved by the European Commission (Decision 2021/914/EU).
Google's privacy policy: policies.google.com/privacy
Meta's privacy policy: facebook.com/privacy/policy
§ 6. Data Retention Periods
| Category of data | Retention period |
|---|---|
| Order data and accounting documents (invoices) | 5 years from the end of the tax year |
| User account data | Until account deletion + 1 year |
| Contact form / B2B cooperation enquiry data | Up to 3 years from last contact |
| Marketing data (mailing list) | Until consent is withdrawn |
| Analytical cookies | Up to 13 months |
| Server logs (IP addresses) | Up to 12 months |
| Correspondence with the User | Up to 3 years from the date of correspondence |
§ 7. User Rights
Under the GDPR, every User has the following rights:
- Right of access (Art. 15) - obtaining information about processed data and a copy thereof,
- Right to rectification (Art. 16) - correcting inaccurate or completing incomplete data,
- Right to erasure (Art. 17) - requesting deletion of data, subject to legal obligations,
- Right to restriction of processing (Art. 18) - requesting that processing be suspended,
- Right to data portability (Art. 20) - receiving data in a structured, machine-readable format,
- Right to object (Art. 21) - objecting to processing based on legitimate interest,
- Right to withdraw consent - at any time, without affecting the lawfulness of prior processing.
Requests should be sent to: esklep@chabin.pl or in writing to the Controller's registered address. A response will be provided within 30 days.
You also have the right to lodge a complaint with the supervisory authority - in Poland: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw - uodo.gov.pl.
§ 8. Cookies
The Service uses cookies in three categories:
- Necessary - essential for the Service to function (session, cart, login). Do not require consent.
- Analytical - data on how the Service is used (Google Analytics 4). Require consent.
- Marketing - remarketing and ad tracking (Meta Pixel, Google Ads). Require consent.
Analytical and marketing cookies are activated only after the User has given consent via the cookie banner. Preferences can be changed at any time by clicking "Cookie settings" in the footer of the website.
§ 9. Data Security
The Controller applies technical and organisational measures to protect data against unauthorised access, loss or disclosure: SSL/TLS encryption, regular backups, access restricted to authorised personnel only, and a strong password policy.
§ 10. Links to External Websites
The Service may contain links to external websites. The Controller is not responsible for the privacy policies of those websites. We recommend reading the privacy policy of every website you visit.
§ 11. Changes to the Privacy Policy
The Controller reserves the right to update this Policy. The current version is always available at: chabin.pl/en/content/8-polityka-prywatnosci. Users with accounts will be notified of significant changes by e-mail.
Last updated: 19 May 2025