Privacy Policy - OptiFlex

PRIVACY POLICY
1. Data controller
The controller of the personal data of Customers and users of the store is OPTIFLEX Beata Kudas, ul. Juliusza Słowackiego 64, 32-400 Myślenice, NIP: 6811040924.

2. Scope and purpose of data processing
The store processes Customers’ personal data necessary for:
a. order fulfillment (e.g., first name, last name/company name, delivery address, telephone number, e-mail address),
b. payment processing,
c. complaint handling,
d. contact regarding the order.

If the Customer is a Consumer, the data is processed in accordance with the provisions of law, including the GDPR and the Consumer Rights Act.

If the Customer gives their consent, the data may be used for marketing purposes (newsletter, special offers).

3. Legal basis for processing
Execution of the sales contract.

Fulfillment of legal obligations incumbent on the Administrator (e.g., tax, accounting).

User consent (e.g., to send a newsletter).

4. Data recipients
The data may be transferred to:

courier companies/delivery companies,

payment operators,

IT/hosting service providers,

legal/accounting service providers, if necessary.

5. Data retention period
Data related to order fulfillment is stored for the time necessary to perform the service and for the mandatory archiving period (e.g., for tax purposes).

Marketing data (e.g., newsletter) is stored until consent is withdrawn.

6. Rights of data subjects
Everyone has the right to:

access their data,

rectify incorrect data,

delete data (“right to be forgotten”),

restrict processing,

object to processing,

transfer data (if applicable),

withdraw consent at any time (in the part where processing was based on consent).

7. Cookies and similar technologies
The store may use cookies and similar technologies to: ensure the functioning of the website, analyze traffic, personalize offers.

You can block or delete cookies in your browser settings, but this may affect the functionality of the website.

8. Security
The administrator uses organizational and technical measures to ensure the protection of personal data in accordance with the requirements of the GDPR (encryption, access security, etc.).

9. Sharing data outside the EU
If necessary (e.g., hosting services or payments), data may be transferred to countries outside the EU only if adequate protection is ensured (e.g., standard contractual clauses).

10. Changes to the Privacy Policy
The administrator reserves the right to make changes to the Privacy Policy. The new version is valid after its publication on the store’s website.