Privacy Policy

PRIVACY POLICY PVhurt.pl PHOTOVOLTAIC WHOLESALE

This Policy is directed at users visiting the PVhurt online store, available at the internet address https://pvhurt.pl or on one of our international domains, such as: https://pvsklep.pl/, https://pvhurt.de/, https://pvhurt.cz/, https://pvhurt.sk/, https://pvhurt.com/, https://pvhurt.hr/, https://pvhurt.hu/, https://pvhurt.ro/, https://solaryag.pl/, and using the services contained therein, including the online store and contact form. In the following sections, the website, along with its associated services, will be collectively referred to as the “Service.” This Policy describes the rules for collecting and using user data of the Service, which are collected directly from them or through cookies and similar technologies. PVhurt.pl explains how and why PVhurt.pl collects and uses specific personal data, when and why PVhurt.pl will share personal data with other entities, and outlines the rights and options of data subjects regarding the processing of their personal data.

This Policy applies to users who are:

  • customers of PVhurt.pl, i.e., natural persons conducting business activities who have registered in the Online Store and entered into an agreement with PVhurt.pl for the provision of electronic services through it (“Customer”) or representatives of one of PVhurt.pl’s customers (“Customer Representative”);
  • users who have been granted access to an account by a Customer and are authorized to use the services provided by PVhurt.pl for the Customer (“Account User”);
  • Customers who have joined the PVhurt.pl Partner Program under the terms specified in the Partner Program Regulations (“Partner”);
  • users of electronic forms available in the Online Store or online chat;
  • users reporting illegal content published in the Online Store or other interested persons within the meaning of the Digital Services Act (DSA);
  • persons supplying any products or services to PVhurt.pl (“Supplier”) or persons representing or acting on behalf of one of PVhurt.pl’s suppliers (“Supplier Representative”);
  • job applicants, i.e., persons participating in recruitment processes conducted by PVhurt.pl and providing the company with their personal data for this purpose (“Job Applicant”);
  • recipients of commercial information or marketing activities of PVhurt.pl, including recipients of e-mailings, newsletters, or other forms of marketing conducted by the company (“Marketing Recipient”).

Data Controller and Contact The data controller is Grzegorz Kulikowski, conducting business activities under the name PVhurt.pl Grzegorz Kulikowski, with its registered office at: Pasiecznik 82, 59-623 Pasiecznik (hereinafter referred to as the “Controller” or “PVhurt.pl”). For matters related to the processing of your data by the Controller, please contact us:

  • by phone: +48 536 226 667
  • electronically: info@pvhurt.pl
  • by traditional mail at the above-mentioned address of the Controller’s registered office.

All personal data is processed by the Controller in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). The Controller processes your personal data with respect for all legal and technical requirements arising from data protection regulations. We ensure that your personal data, within the limits specified by this Policy and applicable legal regulations, will be kept confidential.

1. Scope of Collected Data

  1. The Controller processes the data of persons visiting the PVhurt.pl Online Store to enable browsing the assortment and using the store’s functions without the need to create an account. In this regard, the Controller may process data concerning the activities of persons visiting the Store, such as email address, IP address, session data, location, device, operating system, and browser used by the visitor, information contained in cookies, and data included in inquiries directed to the Controller.
  2. The user may provide their data to register an account in the online store. The form requires the provision of identification and contact details necessary for using the account and making purchases. It is also possible to provide additional data, but these are optional. The user’s account will record their orders, favorite products, payment history, complaints, etc.
  3. The Controller processes data such as: first name, last name, name and address of the business activity, correspondence address, VAT ID, REGON, bank account number, email address, phone number, account authentication data, data on activity in the Store, and information about the agreement and its terms. Personal data may come from public sources, such as CEIDG or GUS.
  4. In the case of purchases without account registration, the user provides the data necessary for the purchase, payment, and receipt of the order.
  5. The Service enables contacting the Controller and providing identification, contact, and message-related data.
  6. With the user’s consent, their contact and/or analytical data may be collected for marketing purposes.
  7. The following tools are used to support the Service: a) Google Analytics – used to collect data for analysis and statistics of Service visits. b) Hotjar Tracking – used to collect data for analyzing user behavior. c) Pixel Facebook – used to collect data for advertising campaigns. d) Facebook Ads – used to carry out advertising campaigns on social media.
  8. The use of analytical and marketing cookies requires your consent. Consent can be given by clicking “Accept” or by managing settings via the “Manage Cookies” option. Consent can be withdrawn at any time.
  9. The use of cookies involves the processing of personal data. The data controller is PVhurt.pl Grzegorz Kulikowski, and in some cases, the partners listed in point 7 may also be controllers. More information is available at the following addresses:

2. Source of Data

  1. If you contacted the Controller via the contact form, the data was provided directly by you.
  2. If the data was provided by a third party in connection with a matter, the source of the data is that person.
  3. If you have given consent to the processing of your data, you may withdraw it at any time, with the reservation that this may hinder contact with the Seller.
  4. Providing data in the contact form is voluntary but necessary for effectively handling the matter.
  5. Providing data for statistical purposes is voluntary. It is possible to browse the site in incognito mode without providing information to the Controller.

3. Purpose and Legal Basis for Processing Personal Data

The data of Store users may be processed for the following purposes:

  • analysis of network traffic, ensuring security within the Service, and tailoring content to user needs based on the Controller’s legitimate interest (Art. 6(1)(f) GDPR);
  • enabling the use of the Store’s functions (Art. 6(1)(b) GDPR);
  • providing responses to inquiries, delivering requested offers, and conducting correspondence to handle matters, based on consent and the Controller’s legitimate interest in fulfilling user requests (Art. 6(1)(a) and (f) GDPR);
  • creating and using an account in the online store based on an agreement for the provision of electronic services concluded with the user as the service recipient (Art. 6(1)(b) GDPR);
  • purchases in the online store based on a distance contract (Art. 6(1)(b) GDPR);
  • handling complaints based on the seller’s legitimate interest (Art. 6(1)(f) GDPR);
  • promoting goods and services or delivering offers based on user consent (Art. 6(1)(a) GDPR);
  • establishing, pursuing, or defending against claims when processing is necessary to protect the Controller’s rights (Art. 6(1)(f) GDPR);
  • analytical, statistical, and marketing purposes when cookie data is used to analyze customer activities and preferences to improve the Store’s functions and offerings, based on the Customer’s consent (Art. 6(1)(a) GDPR).

4. Implementation of the PVhurt Partner Program

  1. The Controller provides Customers with the opportunity to participate in the PVhurt Partner Program (“Program”). Participation in the Program is voluntary and takes place under the terms specified in the Partner Program Regulations. Participation in the Program requires the Controller to process the Partner’s personal data, such as: the type of Program selected, the balance of funds due to the Partner from participation in the Program, statistics on participation in the Program (number of orders made using the Partner’s affiliate link or code), data included in the VAT invoice issued by the Partner for participation in the Program, including the Partner’s bank account number, date of birth, PESEL number, and relevant Tax Office.
  2. The personal data of Partners is processed by the Controller:
    • for the implementation of the Partner Program under the terms of its regulations, including settlements with the Partner and handling complaints submitted by the Partner (Art. 6(1)(b) GDPR);
    • to fulfill the Controller’s legal obligations arising from legal regulations, e.g., tax regulations (Art. 6(1)(c) GDPR);
    • for purposes arising from the Controller’s legitimate interests, such as ongoing contact, establishing or pursuing claims, or defending against them (Art. 6(1)(f) GDPR).

5. Use of Electronic Forms in the Online Store, Online Chat

  1. The Controller provides electronic forms and an online chat function in the PVhurt Online Store, through which the user can contact the Controller regarding a selected matter, ask a question, or perform another action provided for by the form. Using the form or online chat requires providing basic personal data necessary to establish contact and respond to the inquiry or handle the report. The user may also provide additional data that, in their opinion, may facilitate contact or handling of the inquiry.
  2. Providing personal data marked as mandatory is required to establish contact or handle the report; their absence will prevent handling the inquiry. Providing other data is voluntary, and entering it signifies the user’s consent to its processing.
  3. Personal data collected through forms and online chat is processed by the Controller:
    • based on the Controller’s legitimate interest, i.e., for contacting the user and handling the inquiry/report submitted via the form or online chat (Art. 6(1)(f) GDPR);
    • based on the user’s consent if the personal data is not necessary for contact or handling the inquiry/report (Art. 6(1)(a) GDPR).

6. Handling Illegal Content

  1. The Controller has implemented a DSA Form in the PVhurt Online Store, enabling any person or entity visiting the Store to report the presence of specific information they consider illegal content within the meaning of the Regulations. Reporting illegal content requires providing information necessary for its handling, such as the justification for the report, the exact location of the information (e.g., URL address), the name and surname or name and email address of the Reporter (except for reports concerning information related to offenses specified in Articles 3-7 of Directive 2011/93/EU), and a statement by the Reporter confirming, in good faith, that the reported information and allegations are true and complete.
  2. The Reporter may provide additional data if they believe it will facilitate the identification of illegal content or the handling of the report. Providing personal data marked as mandatory in the DSA Form is necessary for accepting and handling the report; their absence may prevent its handling. Providing other data is voluntary, and providing it signifies consent to its processing.
  3. Personal data collected through the DSA Form is processed by the Controller:
    • to fulfill legal obligations arising from Articles 16-17 of the Digital Services Act (DSA), i.e., accepting a report regarding illegal content, handling it, informing about the decision, and justifying imposed restrictions (Art. 6(1)(c) GDPR);
    • based on the Reporter’s consent if the personal data is not necessary for handling the report (Art. 6(1)(a) GDPR).
  4. Regardless of the above, the Controller may process the personal data of recipients of its services to fulfill other legal obligations arising from the Digital Services Act (DSA), including implementing orders regarding actions against illegal content, providing information, or reporting suspicion of a criminal offense under Article 18 DSA (Art. 6(1)(c) GDPR).

7. Supplying Products and Services and Customer Care

  1. The Controller processes the personal data of its Suppliers and their representatives or agents, as well as Recipients of products. The processed personal data may include: first name, last name, name and address of the business activity, correspondence address, VAT ID, REGON, bank account number, position/function, email address, phone number, and information related to the agreement connecting the Supplier or Recipient with the Controller. It may happen that the personal data of a Supplier or their representative comes from publicly available sources, such as KRS.
  2. The personal data of Suppliers and Recipients is processed by the Controller:
    • for concluding and performing a contract (Art. 6(1)(b) GDPR);
    • to fulfill the Controller’s legal obligations arising from legal regulations, e.g., tax regulations (Art. 6(1)(c) GDPR);
    • for purposes arising from the Controller’s legitimate interests, such as maintaining business relationships, ongoing contact, establishing or pursuing claims, or defending against them (Art. 6(1)(f) GDPR).

8. Recruitment

  1. If you apply for a job at PVhurt.pl, the Controller collects information obtained from you during the recruitment process. This includes, in particular, personal data contained in submitted application documents and provided during phone calls, email correspondence, and recruitment interviews.
  2. The processing of Job Applicants’ personal data by the Controller is carried out:
    • to fulfill the Controller’s legal obligations arising from labor law regulations (Art. 6(1)(c) GDPR), and based on the Applicant’s consent if personal data exceeding the scope specified in labor law regulations is provided;
    • based on the Applicant’s consent if the offered form of employment is a civil law contract;
    • for future recruitment processes if the Applicant has given consent for this (Art. 6(1)(a), Art. 9(2)(a) GDPR);
    • for purposes arising from the Controller’s legitimate interests, such as establishing or pursuing claims or defending against them (Art. 6(1)(f) GDPR).

9. Rights of the Data Subject

  1. You have the right to:
    • access your data (Art. 15 GDPR);
    • rectify your data (Art. 16 GDPR);
    • erase your data (Art. 17 GDPR);
    • restrict processing (Art. 18 GDPR);
    • object to processing (Art. 21 GDPR);
    • data portability (Art. 20 GDPR);
    • lodge a complaint with the President of the Personal Data Protection Office.
  2. Right to Withdraw Consent If consent is the basis for data processing, you can withdraw it at any time using the contact details provided in the Service. Withdrawal of consent does not affect the lawfulness of processing carried out previously.

10. Obligation or Voluntariness of Providing Data

  1. Providing data is voluntary but necessary. Failure to provide it will prevent: a) fulfilling an order; b) creating an account in the online store; c) handling a complaint; d) receiving an offer or ordered marketing materials; e) receiving a response to an inquiry.
  2. Providing data necessary for the statistical analysis of Service users is voluntary. You can browse the site in incognito mode without providing information to the Controller. Using incognito mode, i.e., not providing data, does not affect the ability to use the Service.

11. Rights Arising from GDPR Regarding Processed Data

Every Service user has the right to:

  • request access to their data from the Controller and obtain a copy thereof (Art. 15 GDPR);
  • request rectification or correction of data from the Controller (Art. 16 GDPR) – if they notice that the data is incorrect or incomplete;
  • request the deletion of data from the Controller (Art. 17 GDPR);
  • request restriction of processing from the Controller (Art. 18 GDPR) – e.g., if they notice that the data is incorrect, they may request restriction of processing for a period allowing us to verify the accuracy of the data;
  • lodge a complaint regarding the processing of personal data by the Controller with the President of the Personal Data Protection Office (uodo.gov.pl).

12. Recipients of Personal Data

  1. Data may be transferred to: a) employees and collaborators of the Controller; b) supporting entities (IT services, accounting services, courier services, legal services) – based on data processing agreements; c) entities authorized by law.
  2. Personal data is generally not transferred outside the EEA. An exception may be data processed by service providers (e.g., Google), of which you will be informed.

13. Use of Cookies and Similar Technologies

  1. The Service enables the collection of user information through cookies and similar technologies, the use of which is usually associated with installing this tool on the user’s device (computer, smartphone, etc.).
  2. This information is used to: a) remember user decisions (font selection, contrast, policy acceptance); b) maintain the user’s session (e.g., after logging in); c) remember passwords (with consent); d) collect information about the user’s device and visit to ensure security; e) analyze visits and tailor content.
  3. Information obtained through cookies and similar technologies is not linked to other user data of the Service and is not used by the Controller to identify users.
  4. The user has the option to configure their browser to block certain types of cookies and other technologies, e.g., by specifying that only those necessary for the correct display of the site will be allowed. By default, most browsers allow the use of all cookies, but the user can change these settings at any time and delete already installed cookies. Each browser enables such actions through one of the available settings or preferences options.
  5. The user also has the option to use the site in incognito mode, which blocks the collection of data about their visit.
  6. The user can: a) block cookies in browser settings; b) delete existing cookies; c) use incognito mode.
  7. Using the Service without changing browser settings signifies consent to the use of cookies.
  8. The Controller does not use cookies for marketing purposes without the user’s prior consent.

14. Data Retention Period

  1. Data will be retained for the duration of fulfilling the purpose and then for the period required by legal regulations or until the expiration of the statute of limitations for claims.
  2. Data from cookies may be retained until the cookie expires or for the period necessary for traffic analysis, security assurance, and statistics generation.

15. Transfer of Data to a Third Country or International Organization

Your data will not be transferred to third countries or international organizations. (If the Controller uses tools for network traffic analysis, such as Google Analytics, this must be stated in this section, along with information on whether the European Commission has determined an adequate level of protection or not, and in the case of a transfer under Art. 46, Art. 47, or Art. 49(1) second subparagraph, a mention of appropriate or suitable safeguards and information on how to obtain a copy of these safeguards or where they have been made available.)

16. Final Provisions

  1. The Controller applies technical and organizational measures to ensure an appropriate level of protection for personal data.
  2. Security measures are applied to prevent unauthorized access to personal data transmitted electronically.
  3. For matters not regulated by this Policy, the provisions of GDPR and relevant Polish law shall apply.
  4. This Policy is effective from 19 September 2025.
  5. The user will be informed of any changes to the Policy through its republication on the Service and an appropriate notification.
Shopping Cart