1. Who we are (data administrator)

Personal data administrator: AVP GROUP SP. Z OO,
Ul. Młynarska 42/115, 01-171 Warszawa, Polska,
NIP: 5273146030, REGON: 540624930.
Data contact: support@seuic-polska.pl , tel. +48459569517.
(If necessary, information about the Data Protection Officer — DPO — will be published in an update of this policy.)

2. Who does this policy apply to?

For B2C and B2B buyers, account users, newsletter subscribers, contact persons of counterparties, applicants for warranty/complaints (RMA), site visitors (cookies), as well as persons contacting our support/service.

3. What data do we process and from what sources?

• Identification and contact data: name/surname, company name, NIP/VAT-UE, delivery/billing address, e-mail, telephone.
• Transactional data: order/payment history, returns/complaints.
• Account data: login, password hash, settings.
• RMA/service: device model/serial number, defect description, service logs.
• Technical data: IP address, browser/device identifiers, cookies, server log records.
Sources: you as the data subject; your employer (for B2B); payment operators and couriers (within transactions); open registers for VAT-UE verification (VIES).

4. Purposes and legal basis (Art. 6 GDPR/RODO)

  1. Execution of a contract or action prior to its conclusion — order placement, payment, delivery, service/RMA.
    1. Legal obligation – accounting and tax accounting, invoicing (including electronic ones via KSeF – the National System of E-Invoices – within the mandatory deadlines), compliance with consumer legislation, etc.
    2. Legitimate interest — fraud/abuse prevention, rights protection, IT security, internal analytics, service quality maintenance, product safety information (GPSR requirements).
    3. Consent – mailings/marketing, strictly necessary cookies/analytics/remarketing. Consent can be withdrawn at any time (this does not affect the lawfulness of the processing before withdrawal).

5. Mandatory provision of data

The data required for purchase/delivery/invoice is mandatory for the conclusion and performance of a contract and/or the fulfillment of a legal obligation; without it, we will not be able to accept and fulfill the order. Marketing data is provided voluntarily.

6. Recipients (categories of recipients)

Payment operators/banks; logistics/couriers; authorized service centers; IT providers (hosting, CRM, email, backups); accounting/lawyers; email and survey providers. The transfer takes place on the basis of processing (return) agreements or as a separate administration – if necessary.

7. Data transfer outside the EEA

Only possible if appropriate GDPR safeguards are in place (e.g. standard contractual clauses – SCC or adequacy decision), and only to the extent necessary for the provision of services.

8. Storage periods

• Commercial/accounting records – according to law (usually up to 5 years after the end of the tax year).
• Account data – until account deletion.
• RMA/complaints – 3-6 years (statute of limitations and claims for non-conformity of the product).
• Marketing – until consent is withdrawn.
• Logs/technical data – according to security policy and the principle of minimization.

9. Your rights (Articles 15–22 GDPR)

Right of access; rectification; erasure (“right to be forgotten”); restriction of processing; portability; objection; withdrawal of consent; complaint to the supervisory authority – the Polish Office for Personal Data Protection (UODO, Prezes UODO).
Send your rights request to support@seuic-polska.pl . We will respond within 1 month (possible extension up to 2 months due to complexity/volume).

10. Marketing, mailings and profiling

We only send marketing materials with your consent. Unobtrusive segmentation (by interest/purchase categories) may be used to make offers more relevant. We do not make decisions based solely on automated processing that have legal consequences for you.

11. Cookies and similar technologies (CMP)

We use:
• necessary cookies (site operation/cart/account);
• functional (settings);
• analytics/performance;
• marketing/retargeting.
Non-essential cookies are only set after your consent via the banner manager (CMP). Opting out should be as easy as consenting; we keep a log of consents. You can change your settings at any time in the banner and/or in your browser. For more information, see the Cookie Policy.

12. Processing security

We use TLS encryption, password hashing, access control and segregation (principle of least privilege), monitoring and event logs, backups, staff training, vendor evaluation, testing/audits, and data minimization.

13. Data breach

In the event of an incident, we assess the risk; if necessary, we notify the UODO within 72 hours and inform the individuals whose data is affected if the risk to their rights and freedoms is high. We record incidents and actions taken.

14. Children

The site and products are not addressed to persons under the age of 16. We do not knowingly collect data from children without the consent of a legal representative.

15. User Reviews/Content and DSA (Information Block)

We moderate reviews/questions, remove illegal content after verification and provide a contact for reports. DSA is in effect at the EU level; in Poland, the implementation details do not affect your rights under GDPR. Communication channels — via the website and/or e-mail.

16. Product Safety Notice (GPSR)

If we become aware of a risk to the safety of our products, we notify customers and, where necessary, arrange repairs/replacements/recalls in accordance with the General Product Safety Regulation (GPSR).

17. Data Act (from 12.09.2025) — caveat

For “connected devices” (terminals, scanners, etc.), users (and in some cases B2B clients) receive access rights to data generated by the devices. We will establish the procedure for granting such access in the contractual documentation/service regulations; in case of updates, we will notify you on the website.

18. Changes to this document

We may update the policy (for example, due to changes in legislation/services). The current version is always available on our website; the update date is indicated at the top of the document.