Privacy Policy

This Privacy Policy sets out the rules for the processing and protection of personal data provided by Users in connection with the use of services of the online store available at hcm.net.pl.

The administrator of personal data contained in the service is:

HCM Civil Partnership
ul. Zacisze 19
NIP: 773248954
REGON: 382850633

(hereinafter referred to as the “Administrator”).

The Administrator takes special care to protect the interests of persons whose data is concerned, and in particular ensures that the collected data is:

• processed in accordance with the law,
• collected for specified and lawful purposes,
• not further processed in a manner incompatible with those purposes,
• substantively correct and adequate in relation to the purposes for which it is processed.

The Administrator applies technical and organizational measures ensuring protection of processed personal data appropriate to the threats and categories of data covered by protection.

The Administrator processes Users’ personal data for the following purposes:

1. Order fulfillment (conclusion and performance of a sales contract)

Scope of data:

• first and last name
• company name
• tax identification number (NIP)
• delivery / registered address
• e-mail address
• phone number

Legal basis:
Article 6(1)(b) GDPR – processing is necessary for the performance of a contract.

2. Fulfillment of accounting and tax obligations

Scope of data:

• identification data
• data required for issuing a VAT invoice

Legal basis:
Article 6(1)(c) GDPR – legal obligation imposed on the Administrator.

3. Contact with the Customer

This applies to inquiries sent via the contact form, e-mail, or telephone.

Scope of data:

• name
• e-mail address
• phone number
• message content

Legal basis:
Article 6(1)(f) GDPR – legitimate interest of the Administrator consisting in responding to inquiries.

Users’ personal data may be transferred to entities cooperating with the Administrator only to the extent necessary for the performance of services, in particular:

• courier and shipping companies (e.g., InPost, DPD, GLS) – for the purpose of delivering orders,
• payment operators (e.g., PayU, Przelewy24, banks) – for the purpose of processing payments,
• an accounting company – for the purpose of tax settlements,
• a hosting provider – for maintaining the server and e-mail services.

Users’ personal data will be stored:

• for the period necessary to perform the sales contract,
• for the period required by tax and accounting regulations (at least 5 years),
• for the period necessary to assert or defend against claims,
• until the end of correspondence in the case of inquiries sent via the contact form or e-mail.

In accordance with GDPR regulations, each User has the right to:

• access their personal data,
• receive a copy of their data,
• rectify (correct) their data,
• erase their data (“right to be forgotten”),
• restrict data processing,
• data portability to another administrator,
• object to data processing,
• lodge a complaint with a supervisory authority.

The supervisory authority is the President of the Personal Data Protection Office.

To exercise their rights, the User may contact the Administrator via e-mail at:

bok@hcm.net.pl

Providing personal data is voluntary; however, providing such data is necessary for:

• order fulfillment,
• conclusion of a sales contract,
• contact with the Administrator.

Failure to provide data may make it impossible to process the order or respond to the inquiry.

The hcm.net.pl website uses cookies.

Cookies are small text files stored on the User’s device.

The website uses the following types of cookies:

Necessary cookies

enabling the proper functioning of the website.

Functional cookies

allowing the website to remember user preferences and shopping cart contents.

Analytical cookies

allowing analysis of how the website is used (e.g., Google Analytics).

The User may change cookie settings in their web browser at any time.

Using the website involves sending requests to the server where the website is hosted.

Each request sent to the server is recorded in server logs.

The logs may include in particular:

• user IP address,
• date and time of the request,
• information about the web browser,
• information about the operating system,
• URL address of the previously visited page (referrer),
• information about errors occurring during request processing.

Users’ personal data is not used for automated decision-making or profiling.

As a rule, the Administrator does not transfer personal data outside the European Economic Area.

The Administrator applies technical and organizational measures ensuring protection of personal data, in particular:

• SSL connection encryption,
• server security measures,
• limiting access to data exclusively to authorized persons.

The Administrator reserves the right to introduce changes to this Privacy Policy, in particular in the event of changes in legal regulations, development of internet technologies, or changes in the functionality of the service.

This Privacy Policy is effective as of 10.03.2026.