Privacy Policy
PRIVACY POLICY
(RODO / GDPR Compliant)
Last updated: April 2026
§1. Data Controller
The controller of your personal data is AUTOMAGICAL HUBERT MIKUŁA, with its registered office at ul. 19-Kwietnia 116, 05-090 Rybie, Poland, NIP: 5252752647, REGON: 380442887 (hereinafter referred to as “we”, “us”, or “the Controller”).
For any questions regarding the processing of your personal data, please contact us at: hubert.mikula@automagical.pl
§2. Legal Basis for Processing
We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter “GDPR” / “RODO”), and applicable Polish data protection laws.
The legal bases for processing your personal data are:
1.Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract (e.g., processing your order, managing your account).
2.Article 6(1)(c) GDPR – processing is necessary for compliance with a legal obligation to which the Controller is subject (e.g., tax and accounting obligations).
3.Article 6(1)(f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by the Controller (e.g., ensuring website security, handling correspondence).
4.Article 6(1)(a) GDPR – where you have given consent for a specific purpose (e.g., newsletter subscription). You may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
§3. Categories of Personal Data Collected
We may collect and process the following categories of personal data:
5.Full name and surname
6.Company name, NIP, and other business identification data
7.Postal and delivery address
8.Email address
9.Telephone number
10.Order history and transaction data
11.Account login credentials (username and hashed password)
12.Server logs (IP address, browser type, timestamps) collected automatically when you visit our website
§4. Purpose of Data Processing
Your personal data is processed for the following purposes:
13.Execution of sales contracts and order fulfillment
14.Creation and management of your customer account on our Odoo-based platform, allowing you to view and track your orders
15.Issuing invoices and fulfilling tax/accounting obligations
16.Communication related to orders, deliveries, and customer service inquiries
17.Ensuring the security and proper functioning of our website and IT infrastructure
18.Compliance with legal obligations under Polish and EU law
§5. Data Storage and Infrastructure
All personal data is stored exclusively on our own on-premise servers located at our business premises in Poland. We do not use any third-party cloud hosting, external data centers, or Software-as-a-Service (SaaS) platforms for the storage of personal data.
Our website and order management system is powered by Odoo, which is installed and operated entirely on our own infrastructure.
We implement appropriate technical and organizational measures to protect your data, including access controls, encrypted connections (SSL/TLS), regular backups, and firewall protection.
§6. Data Sharing and Third Parties
We do not sell, rent, trade, or otherwise share your personal data with any third parties for marketing or commercial purposes.
Your data may only be disclosed to:
19.Authorized employees and contractors of the Controller who require access to perform their duties, bound by confidentiality agreements
20.Public authorities or institutions entitled by law to request such data (e.g., tax authorities, customs authorities)
21.Freight and logistics companies – only to the extent necessary for the delivery of goods ordered by you (limited to name, address, and contact details)
In all cases, data is shared strictly on a need-to-know basis and in compliance with GDPR requirements.
§7. Data Transfers Outside the EEA
We do not transfer your personal data outside the European Economic Area (EEA). All data processing takes place within Poland on our on-premise infrastructure.
Should any transfer outside the EEA become necessary in the future, it will only occur on the basis of appropriate safeguards as required by Chapter V of the GDPR (e.g., Standard Contractual Clauses, adequacy decisions).
§8. Data Retention Period
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
22.Contract and order data – for the duration of the contract and for 5 years thereafter (in accordance with Polish tax and accounting regulations)
23.Account data – for as long as your account remains active. You may request account deletion at any time.
24.Server logs – for up to 12 months for security and diagnostic purposes
25.Consent-based data (e.g., newsletter) – until withdrawal of consent
After the applicable retention period, data is securely deleted or anonymized.
§9. Your Rights Under GDPR
In accordance with GDPR, you have the following rights regarding your personal data:
26.Right of access (Art. 15) – you may request confirmation as to whether your data is being processed and obtain a copy of it
27.Right to rectification (Art. 16) – you may request correction of inaccurate or incomplete data
28.Right to erasure / right to be forgotten (Art. 17) – you may request deletion of your data where there is no legal basis for continued processing
29.Right to restriction of processing (Art. 18) – you may request that processing be limited under certain circumstances
30.Right to data portability (Art. 20) – you may request your data in a structured, commonly used, machine-readable format
31.Right to object (Art. 21) – you may object to processing based on legitimate interests at any time
32.Right to withdraw consent (Art. 7(3)) – where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, please contact us at [your email address]. We will respond to your request within 30 days.
§10. Right to Lodge a Complaint
If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with the Polish supervisory authority:
Prezes Urzędu Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warszawa
Website: www.uodo.gov.pl
§11. Cookies
Our website may use cookies – small text files stored on your device – to ensure proper functioning of the site and to maintain your session when logged into your account.
We use only:
33.Essential/technical cookies – necessary for the website and your account to function correctly (e.g., session cookies, CSRF tokens)
We do not use any tracking, advertising, or analytics cookies. No data collected via cookies is shared with third parties.
You may configure your browser to block or delete cookies at any time. Please note that disabling essential cookies may affect the functionality of the website and your account.
§12. Customer Account
We may provide you with a customer account on our Odoo-based platform, allowing you to:
34.View the status of your current and past orders
35.Access invoices and shipping documentation
36.Update your contact and delivery information
Your account is protected by a password. You are responsible for maintaining the confidentiality of your login credentials. We recommend using a strong, unique password.
You may request deletion of your account at any time by contacting us. Upon deletion, your account data will be removed, subject to any legal retention obligations.
§13. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in our data processing practices or legal requirements. Any changes will be published on our website with an updated revision date.
We encourage you to review this Privacy Policy periodically.
§14. Contact
For any inquiries related to data protection or this Privacy Policy, please contact:
AUTOMAGICAL HUBERT MIKUŁA
ul. 19-Kwietnia 116, 05-090 Rybie, Poland
NIP: 5252752647
Email: [your email address]
This Privacy Policy is effective as of April 2026.