Privacy Policy



§1. Definitions

  1. Shop – online shop operated at noxvoid.com.

  2. Administrator / weVRK BARTOSZ SOŁOWICZ, ul. Budowlanych 8 lok. 13, 78-400 Szczecinek, NIP: 6731921172, REGON: 386506297.

  3. User / You – any person using the Store, including placing an order or subscribing to the newsletter.

  4. GDPR – Regulation (EU) 2016/679.

  5. Data – personal data within the meaning of the GDPR.

§2. Administrator and contact

  1. The controller of your data is VRK BARTOSZ SOŁOWICZ with its registered office at ul. Budowlanych 8 lok. 13, 78-400 Szczecinek.

  2. Contact: e-mail bartosz@noxcore.pl , tel. +48 665 526 701 , correspondence address ul. Budowlanych 8 lok. 13, 78-400 Szczecinek.

  3. Data Protection Officer (DPO) : The Controller has not appointed a DPO; in data matters, contact as above .

§3. Purposes, basis and periods of processing

  1. Orders and execution of the sales contract

    • Legal basis: Article 6(1)(b) of the GDPR (contract); in the scope of accounting – Article 6(1)(c) of the GDPR (legal obligation).

    • Scope: identification, address, contact data, payment data.

    • Period: for the duration of the contract; accounting – 5 years from the end of the tax year; claims – up to 6 years (Article 118 of the Civil Code).

    • Consequences of failure to provide data: inability to conclude and execute the contract.

  2. Customer account

    • Basis: Article 6(1)(b) of the GDPR (service provision contract).

    • Period: until the account is deleted; then for the period of pursuing claims (up to 6 years).

  3. Contact (form/email/phone/chat)

    • Basis: Article 6(1)(b) of the GDPR (where it concerns a contract) or Article 6(1)(f) of the GDPR (providing answers, handling enquiries).

    • Our interests (letter f): communication with users and defense against claims.

    • Period: until the case is concluded and then up to 6 years (claims).

  4. Newsletter and own marketing via e-mail/SMS

    • Basis: Article 6 paragraph 1 letter a of the GDPR (consent) and the provisions of the Personal Data Protection Act/Personal Data Protection Act regarding marketing consents.

    • Period: until withdrawal of consent or objection (depending on the basis).

    • Consequence of not providing: no offers/news received.

  5. On-site marketing (content/ad personalization) and analytics

    • Basis: Article 6(1)(f) of the GDPR (legitimate interest: own marketing and development of the Store) or Article 6(1)(a) of the GDPR (consent – if required for cookies).

    • Period: in accordance with the validity of cookies or until withdrawal of consent/objection.

  6. Security and abuse (logs, fraud protection)

    • Basis: Article 6(1)(f) GDPR (ensuring the security of services).

    • Period: usually up to 12 months from the event or longer if required by law/claims.

  7. Pursuing and defending claims

    • Basis: Article 6(1)(f) of the GDPR.

    • Period: until the expiry of the limitation periods (generally up to 6 years).

§4. Data categories

  • Identification (name, surname, Tax Identification Number on the invoice),

  • Address (delivery/billing address),

  • Contact details (e-mail, telephone),

  • Transactional (order details, payment – to the extent necessary),

  • Technical (IP address, cookie/device identifiers – when you use the Store).

§5. Data recipients

  1. Data may be transferred to the following categories of entities, only to the extent necessary:

    • Hosting and IT providers / e-commerce engine – maintenance and development of the Store.

    • Payment operators – payment processing [e.g. PayU/Przelewy24/PayPal – fill in] .

    • Carriers/couriers – delivery of goods [e.g. DPD, InPost – fill in] .

    • Accounting office/bookkeeping .

    • Email/office providers .

    • Marketing automation/analytics tools [e.g. Edrone, Google Analytics – fill in according to what you actually use] .

  2. Each of the above-mentioned entities processes data as a processor (based on a data processing agreement) or a separate controller – in accordance with the role (e.g. courier, payment operator).

§6. Transfer of data outside the EEA

  1. If any of our suppliers are based outside the EEA or use infrastructure outside the EEA, data transfers may only take place using the mechanisms required by the GDPR (e.g. an adequacy decision , standard contractual clauses and, where necessary, additional measures ).

  2. A current list of key suppliers and their transfer bases is available upon request at [email] .

  3. [If you know you do not transfer – you can add: "As of [date], we do not transfer data outside the EEA."]

§7. Voluntary provision of data

Providing data is voluntary, but necessary for: concluding and fulfilling a contract (order, account), processing an inquiry (contact), and sending a newsletter (consent). Failure to provide data may prevent these activities.

§8. Your rights

You have the right to: access, rectification, erasure, restriction, transfer, objection (including objection to direct marketing at any time), as well as to withdraw consent (without affecting the lawfulness of previous processing).
You also have the right to lodge a complaint with the President of the Personal Data Protection Office .
Applications can be submitted at bartosz@noxcore.pl.

§9. Cookies and similar technologies

  1. The store uses cookies and similar technologies to ensure operation, analytics, and marketing.

  2. Legal basis: necessary cookies – Article 6(1)(f) of the GDPR (ensuring the functionality of the Store); analytical/marketing cookies – Article 6(1)(a) of the GDPR (consent).

  3. You can change your cookie preferences in [link/button "Cookie settings"] and in your browser settings.

  4. Cookie categories: necessary , analytical , marketing .

  5. Cookie table (example – complete the actual list):

    • __ecsid – session – maintaining the session/basket (necessary)

    • _ga – up to 24 months – visit statistics (analytical)

    • _gid – up to 24 hours – visit statistics (analytical)

    • edrone_* – by vendor – marketing automation

  6. Detailed information can be found in the Cookies Policy [link] (recommended as a separate document/CMP).

§10. Profiling and automated decision-making

  1. We may conduct marketing profiling (e.g. customer segmentation, selection of content/offers based on purchase history, website behavior and cookie consent).

  2. The effect of profiling is better matching of content , and not decisions that produce legal effects within the meaning of Article 22 of the GDPR.

  3. You have the right to object to profiling used for marketing purposes and to withdraw consent to cookies/marketing communications.

§11. Data security

We use organisational and technical measures appropriate to the risks, including connection encryption (SSL/TLS), access control, backups, pseudonymisation where justified, and data protection agreements with suppliers.

§12. Data of minors

The store is not directed at children, and we do not knowingly process children's data . If you believe a child has provided us with data, please contact us – we will delete it immediately.

§13. Data source (if not from you) – (optional)

If we obtain your data from other sources (e.g., payment/delivery integration), this data is only necessary for the performance of the contract. We disclose the categories and sources upon request.

§14. Document changes

We reserve the right to change the Policy. We will inform you about any significant changes in the Store.
Effective date: [ dd.mm.yyyy ] | Version: [vX]