Privacy Policy

1. General information

The privacy policy of our online store selling commercial kitchen equipment is based on the law, in particular on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

This document is for information purposes. In case of discrepancies with agreements or terms & conditions, the relevant legal provisions apply.

2. Controller & contact

Controller: Prime Gastro sp. z o.o., tax ID (NIP): 5170434964, registered in Poland.

Data protection contact: rodo@primegastro.pl or via the contact form.

You can contact us on any matters related to data processing and the exercise of your rights.

3. Scope & data categories

We process data necessary to operate the store and perform contracts, including:

• identification data (e.g., first and last name, company name, tax ID),
• contact details (e-mail address, phone number, shipping/billing address),
• order and payment data (e.g., order number, payment status),
• customer account data (login logs, purchase history),
• communication data (messages, complaints, inquiries),
• technical/operational data (IP address, cookie identifiers, device/browser data — to the extent necessary for the store to function and for analytics).

4. Purposes & legal bases

We process personal data for the following purposes and on the legal bases indicated below:

• Order handling and contract performance — Art. 6(1)(b) GDPR (necessity to perform a contract) and (c) (legal obligations, e.g., tax).
• Handling inquiries and contact — Art. 6(1)(b) or (f) GDPR (legitimate interest: communication with customers and users).
• Creating and maintaining a customer account — Art. 6(1)(b) GDPR.
• Own marketing (e-mail/SMS/push, where you have given consent) — Art. 6(1)(a) GDPR.
• Direct marketing based on legitimate interest (e.g., remarketing to existing customers) — Art. 6(1)(f) GDPR.
• Analytics, statistics, content personalisation, and security — Art. 6(1)(f) GDPR.
• Establishing, exercising, or defending legal claims — Art. 6(1)(f) GDPR.

Where we ask for your consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

5. Data recipients

Data may be entrusted to trusted entities supporting our operations, in particular:

• payment service providers (depending on the chosen payment method),
• courier and logistics companies (delivery fulfilment),
• IT service providers (hosting, system maintenance, analytics),
• accounting office and legal advisors (to the necessary extent),
• communication and helpdesk platforms (handling inquiries),
• marketing partners — only within the limits of the law and under appropriate data processing agreements.

We do not sell your data. We disclose it only when necessary to provide the service or required by law.

6. Transfers outside the EEA

Where we work with providers established outside the European Economic Area, data transfers take place only using GDPR-compliant mechanisms (e.g., the European Commission’s Standard Contractual Clauses) and with additional safeguards in place.

7. Retention periods

• Contract/order performance: for the duration of the contract and until the limitation periods for claims expire.
• Accounting documents: for the period required by tax and accounting regulations.
• Customer account: until the account is deleted.
• Consent-based marketing: until consent is withdrawn.
• Security logs and analytics: for the period necessary to ensure security and analyse store operation.

8. Data subject rights

You have rights under the GDPR, in particular:

• access to data and obtaining a copy,
• rectification (correction) of data,
• erasure (“right to be forgotten”),
• restriction of processing,
• data portability,
• objection to processing (including direct marketing),
• withdrawal of consent at any time — where processing is based on consent.

To exercise your rights, please contact us at rodo@primegastro.pl.

9. Cookies & similar technologies

To provide the best customer experience, we use cookies and similar technologies. Cookies are small text files stored on the user’s device that help us customise content, enable store functions, run analytics, and measure effectiveness.

• You can manage cookies via your browser settings or a consent panel (if implemented).
• For details, see our Cookie Policy.

10. Marketing & profiling

We may conduct marketing activities and limited profiling (e.g., product recommendations) — within the bounds of the law and with respect for your rights and freedoms. Profiling does not lead to decisions producing legal effects concerning you within the meaning of Article 22 GDPR.

For e-mail/SMS/push marketing, we only proceed with your consent, which you can withdraw at any time.

11. Data security

We apply appropriate technical and organisational measures, including encrypted transmission (TLS), access controls, permission policies, and regular security reviews. We only work with entities that ensure an adequate level of data protection.

12. Minors

Our store is intended for adults. We do not knowingly process data of children under 16 without the consent of a legal guardian.

13. Social media

On our social media profiles (if operated), we share responsibility for data processing with the providers of those services (so-called joint controllership) with respect to statistics and interactions. See the privacy policies of those services for details.

14. Changes to this document

We may update this Privacy Policy to reflect changes in the law or our processes. We will inform you on the store website about material changes. The update date is shown at the top of this document.

15. Legal basis & complaints

You have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (UODO) in Poland, if you believe that we process your data unlawfully.

We encourage you to contact us first — we will do our best to clarify and help.

FAQ — frequently asked questions