Privacy policy (GDPR)
We protect your personal data under the GDPR — Regulation (EU) 2016/679. Below we explain what data we collect, why, and your rights.
Data controller
The controller is 4REF.eu Sp. z o.o., Andersa 38, 15-113 Białystok. For any data matters contact us at [email protected].
Scope of data
We process data provided at registration and checkout: name, company name, VAT ID, shipping and billing address, e-mail, phone, order history and technical data (IP address, cookies).
Purposes & legal basis
Order performance and support — Art. 6(1)(b). Invoicing and tax duties — (c). Marketing and newsletter — (a) consent. Claims and security — (f) legitimate interest.
Data recipients
Data may be shared with providers supporting the store: payment operators (Przelewy24, Stripe), couriers (InPost, DPD), hosting providers and our accountant — only as necessary and under data-processing agreements.
Retention period
We retain data for the duration of the contract and the period required by law (e.g. 5 years for accounting records). Consent-based data — until consent is withdrawn.
Your rights
You have the right to access, rectify, erase (right to be forgotten), restrict and port your data, object to processing and withdraw consent. Export and deletion are available in your dashboard → Settings → Privacy.
You may also lodge a complaint with the supervisory authority (in Poland: the President of the Personal Data Protection Office, PUODO).
Transfers outside the EEA & profiling
Data is processed within the EEA. Any transfer outside the EEA relies on Standard Contractual Clauses. We do not make solely automated decisions producing legal effects.