Privacy Policy

Refura sp. z o.o.
Last Updated: November 12, 2025

Key Points: Quick Summary

Before you read the full policy, here's what you need to know:

Who we are: Refura sp. z o.o., a Polish company selling refurbished technology and household products online, based in Kraków.

What data we collect: Your name, contact details, delivery address, payment information, and order history when you shop with us. We also collect browsing data through cookies (which you can control).

Why we collect it: To process your orders, deliver products, handle payments, provide customer support, manage warranties, prevent fraud, and (with your consent) send you marketing offers.

How we protect it: Using encryption (HTTPS/SSL), secure payment processors (PCI DSS compliant), access controls, and regular security audits. All refurbished devices we sell have undergone certified data erasure.

How long we keep it: Order and payment records for 6 years (Polish tax law), warranty data for warranty period + 1 year, marketing data until you unsubscribe or 3 years of inactivity.

Your rights: You can access, correct, delete, export, or restrict your data at any time. You can opt out of marketing instantly. Contact us at [email protected] to exercise any right.

Your control: You decide which cookies to accept, whether to receive marketing emails, and can delete your account anytime. No consent = no marketing, but you can still shop with us.

Questions or complaints? Contact us at [email protected] or lodge a complaint with Poland's data protection authority (UODO) at [email protected].

The full legal details are below.

1. Introduction

1.1 Who We Are

This Privacy Policy describes how Refura spółka z ograniczoną odpowiedzialnością ("Refura," "we," "us," or "our") collects, uses, stores, and protects your personal data when you visit our website or purchase refurbished products from our online store.

Company Details:

  • Business Name: Refura spółka z ograniczoną odpowiedzialnością (Refura sp. z o.o.)
  • Registered Address: Kalwaryjska 69 lok. 9, 30-504 Kraków, Poland
  • Business Activities: Retail sale of telecommunications equipment (PKD 47.42.Z) and wholesale of electrical household appliances (PKD 46.43.Z)
  • Contact Email: [email protected]
  • Contact Phone: +48 572 524 881

1.2 Our Commitment to Privacy

We are committed to protecting your privacy and ensuring the best level of protection for your personal data in accordance with:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR)
  • Polish Act of May 10, 2018 on the Protection of Personal Data
  • Polish Electronic Communications Law (Prawo komunikacji elektronicznej) regarding cookies and electronic marketing

1.3 Purpose of This Policy

This Privacy Policy is intended to inform you about:

  • What personal data we collect
  • How and why we collect it
  • How we use and protect your data
  • How long we retain your data
  • Your rights regarding your personal data
  • How to contact us with privacy-related questions

By using our website or services, you acknowledge that you have read and understood this Privacy Policy.

1.4 Key Definitions

To help you understand this Privacy Policy, here are definitions of key terms:

Personal Data

Any information that can identify you as an individual, directly or indirectly. Examples: your name, email address, phone number, IP address, delivery address, payment details, or online identifiers (cookies, device IDs).

Data Controller

The organization that decides why and how personal data is processed. In this case: Refura sp. z o.o. (we decide what data to collect and how to use it).

Data Processor

A third-party service provider that processes personal data on behalf of the controller, following the controller's instructions. Examples: our payment processors, shipping companies, hosting providers, email services.

Data Subject

You, the individual whose personal data is being processed.

Cookies

Small text files placed on your device by websites you visit. They help websites remember your preferences, analyze site usage, and deliver personalized content or ads. You can control cookies through our cookie banner or browser settings.

UODO (Urząd Ochrony Danych Osobowych)

Poland's supervisory authority for data protection, specifically the President of the Personal Data Protection Office. You can contact this authority if you have complaints about how we handle your data.

2. Data Controller

Refura sp. z o.o. acts as the Data Controller for the personal data we collect and process. This means we determine the purposes and means of processing your personal data. Our contact details are provided in Section 12 below.

3. What Personal Data We Collect

We collect personal data that you provide to us directly and information that is collected automatically when you use our website. The types of data we collect depend on how you interact with us.

3.1 Information You Provide to Us

A. Account Registration and Customer Information:

  • First name and surname
  • Email address
  • Telephone number
  • Billing address
  • Delivery/shipping address
  • Company name and VAT number (for business customers)
  • Username and password

B. Order and Payment Information:

  • Order details (products purchased, quantities, prices)
  • Payment information and transaction details
  • Payment card details (processed securely by our PCI DSS-compliant payment processor)
  • Billing address
  • Delivery preferences
  • Order history and purchase records

C. Communication and Customer Support:

  • Communications with our customer service team
  • Feedback, reviews, and survey responses
  • Warranty claims and product returns information
  • Complaint details and dispute resolution records

D. Marketing and Newsletter Preferences:

  • Email subscription preferences
  • Marketing consent records
  • Communication preferences

3.2 Information Collected Automatically

A. Device and Usage Data:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Pages visited and time spent on our website
  • Referring/exit pages
  • Search terms used
  • Click-stream data
  • Date and time stamps

B. Cookies and Similar Technologies:

We use cookies and similar tracking technologies to improve your browsing experience. Types of cookies we use:

  • Strictly Necessary Cookies: Required for website functionality
  • Performance/Analytics Cookies: Help us understand how visitors use our website
  • Functionality Cookies: Remember your preferences and choices
  • Marketing/Advertising Cookies: Track your online activity to deliver relevant advertisements

You can manage your cookie preferences through our cookie banner or browser settings.

3.3 Data from Other Sources

In some cases we also receive your personal data from third parties when necessary to fulfill your order, prevent fraud, or comply with law:

  • Online marketplaces where we sell: They transmit order and contact details to us so we can fulfill the sale
  • Payment service providers and banks: Information about payment status and fraud-prevention outcomes
  • Courier and logistics partners: Updated delivery information and status
  • Address-verification and anti-fraud providers: Signals necessary to prevent fraud and abuse

We only receive the minimum data necessary for order processing, fraud prevention, and legal compliance.

3.4 Recipients of Your Data

We share your personal data only with trusted service providers and partners, such as:

  • Payment service providers and banks (to process transactions securely)
  • Courier and logistics companies (to deliver your orders)
  • IT and hosting providers (to maintain our website and infrastructure)
  • Analytics and marketing tools (only with your consent, for website improvement and promotional purposes)
  • Accountants and legal advisors (where required by law or for professional services)

Important: These entities process data only on our instructions and under written data processing agreements. We do not sell your personal data to third parties.

4. Legal Basis for Processing Your Data

Under the GDPR, we must have a lawful basis for processing your personal data. We process your data based on the following legal grounds:

4.1 Contract Performance (Article 6(1)(b) GDPR)

Processing is necessary for:

  • Managing your account registration
  • Processing and fulfilling your orders
  • Arranging product delivery and shipping
  • Processing payments and managing invoices
  • Providing customer support
  • Managing warranty claims and product returns

4.2 Legal Obligation (Article 6(1)(c) GDPR)

Processing is necessary to comply with:

  • Tax and accounting regulations
  • Consumer protection laws
  • Anti-fraud and anti-money laundering regulations
  • Data retention requirements under Polish law

4.3 Legitimate Interest (Article 6(1)(f) GDPR)

Processing is necessary for our legitimate business interests:

  • Fraud prevention and security monitoring
  • Website analytics and performance improvement
  • Business administration and internal operations
  • Network and information security

4.4 Consent (Article 6(1)(a) GDPR)

Where we have obtained your explicit consent:

  • Marketing communications
  • Non-essential cookies and tracking technologies
  • Newsletter subscriptions

You have the right to withdraw your consent at any time by contacting us or using the unsubscribe link in marketing emails.

5. Is It Necessary to Provide Your Data?

Required Data: Providing the personal data marked as required during registration or checkout is necessary to conclude and perform the sales contract (process your order, deliver products, handle payments and complaints). If you do not provide this data, we will not be able to process your order.

Optional Data: Providing data for marketing (newsletter, special offers, SMS, etc.) is voluntary. Refusing or withdrawing marketing consent does not affect your ability to purchase products from us.

6. Your Rights Under GDPR

Under GDPR you have the right to:

  • Access your personal data and information about how we process it
  • Correct inaccurate or incomplete personal data
  • Request deletion of your personal data under certain circumstances
  • Restrict processing of your data under certain conditions
  • Receive your data in a structured, machine-readable format (data portability)
  • Object to processing based on legitimate interests or for direct marketing
  • Lodge a complaint with the Polish supervisory authority (UODO) or with the supervisory authority in your EU/EEA country of residence or work

To exercise your rights, contact us:

Email: [email protected]

Response Time: Within one month

Fee: Generally free of charge

7. International Data Transfers

We may transfer your personal data outside the European Economic Area (EEA) in connection with:

  • Email and cloud services: Google LLC, Microsoft Corporation
  • Analytics and marketing platforms: Google Analytics, Meta Platforms

Where transfers occur to countries such as the United States, we use the European Commission's Standard Contractual Clauses and apply appropriate supplementary measures to protect your data.

We will update this section and our Cookie Policy with specific providers as they are implemented.

8. Data Security

We take the security of your personal data seriously and have implemented appropriate technical and organizational measures to protect it from unauthorized access, alteration, disclosure, or destruction.

Technical Measures:

  • Encryption: All data transmission is encrypted using SSL/TLS certificates (HTTPS)
  • Secure Payment Processing: Payment card data is processed by PCI DSS-compliant payment processors
  • Access Controls: Role-based access controls limit who can access personal data
  • System Protection: Firewalls, intrusion detection, security testing and reviews, and regular security updates protect our infrastructure

Your Responsibility:

  • Keep your password secure and do not share it
  • Use strong passwords and change them regularly
  • Log out of your account when using shared devices
  • Be cautious of phishing emails

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.

Account Data:

Retained while your account is active; inactive accounts deactivated after 3 years.

Order and Transaction Data:

Retained for 6 years (Polish tax and accounting law requirement).

Warranty Records:

Retained for the warranty period plus 1 year after expiry.

Marketing Data:

Retained until you unsubscribe or after 3 years of inactivity.

10. Children's Privacy

Our website and services are intended for individuals who are at least 18 years of age.

  • We do not knowingly collect personal data from individuals under 18
  • Purchases require you to be 18 years or older, or have parental authorization
  • If we become aware that we have collected data from someone under 18 without proper authorization, we will take steps to delete that information

If you believe we have inadvertently collected data from someone under 18, please contact us immediately at [email protected].

11. Cookies and Marketing Communications

Under the Polish Electronic Communications Law (Prawo komunikacji elektronicznej), we must obtain your prior, active, and express consent before:

  • Placing non-essential cookies on your device
  • Sending marketing communications via email, SMS, or other electronic means

Cookie Consent:

When you first visit our website, a cookie banner will appear with clear options to:

  • Accept all cookies
  • Reject non-essential cookies
  • Customize preferences by cookie category

Non-essential cookies are turned off by default. We record your consent choices (timestamp, selections, session ID, approximate location derived from IP, device type) and provide a "Cookie Settings" link in our footer where you can change your preferences at any time. We process these consent records based on our legal obligation and legitimate interest in demonstrating compliance with GDPR Article 7(1) and applicable ePrivacy/PKE rules.

Marketing Consent:

We require separate opt-in consent for each marketing channel:

  • Email marketing: Separate checkbox (not pre-ticked)
  • SMS marketing: Separate checkbox (not pre-ticked)
  • Phone marketing: Separate checkbox (not pre-ticked)

You can withdraw marketing consent at any time by:

  • Clicking "unsubscribe" in any marketing email
  • Replying "STOP" to SMS messages
  • Updating preferences in your account settings
  • Contacting us at [email protected]

Opt-out requests are processed within 48 hours. Essential service communications (order confirmations, delivery updates, warranty information) will continue even if you opt out of marketing.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

Data Protection Contact:

Email: [email protected]

Phone: +48 572 524 881

Postal Address:

Refura sp. z o.o.
Kalwaryjska 69 lok. 9
30-504 Kraków
Poland

Polish Supervisory Authority:

Urząd Ochrony Danych Osobowych (UODO)

Address: ul. Stawki 2, 00-193 Warsaw, Poland

Phone: +48 22 531 03 00

Email: [email protected]

Website: https://uodo.gov.pl

Note: You may also lodge a complaint with the supervisory authority in your EU/EEA country of residence or work.

This Privacy Policy is effective as of November 12, 2025.
Refura sp. z o.o. · Kraków, Poland

ZASUBSKRYBUJ TERAZ

Otrzymuj najnowsze wiadomości, aktualizacje i oferty bezpośrednio na swoją skrzynkę.

Privacy Policy - Refura.pl