Privacy policy

  1. The Administrator of the Personal Data is: HOPI PL POLAND Spółka z ograniczoną odpowiedzialnością, with registered office at 33 Przyokopowa Street, 01-208 Warsaw, entered into the National Court Register by the District Court for the Capital City of Warsaw in Warsaw, XII Commercial Division of the National Court Register, under number KRS 0000427499, NIP: 5272681413, REGON: 14623350900000, share capital 450,000 PLN (fully paid up), email:, tel: +48 22 670 8716 (hereinafter referred to as Personal Data Administrator).
  2. Respecting your rights as a data subject and respecting the applicable laws, including in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as RODO, the Personal Data Protection Act (hereinafter referred to as the Act) and other relevant data protection legislation, we are committed to maintaining the security and confidentiality of the personal data obtained from you. All employees have been adequately trained in the processing of personal data and our company, as a Personal Data Controller, has implemented appropriate safeguards and technical and organisational measures to ensure the highest level of personal data protection. We have implemented procedures and policies for the protection of personal data in accordance with the RODO, through which we ensure the lawfulness and reliability of data processing, as well as the enforceability of any rights you have as a data subject. Additionally, if necessary, we cooperate with the supervisory authority in the Republic of Poland, i.e. with the President of the Office for Personal Data Protection (hereinafter referred to as PUODO).
  3. All enquiries, requests, complaints regarding the processing of personal data by our company (Personal Data Controller), hereinafter referred to as Submissions, should be addressed to the following email address:, or in writing to the address or in writing to HOPI PL
    POLAND Limited Liability Company with its registered office at: 33 Przyokopowa Street, 01-208 Warsaw. The content of the Application should clearly indicate:
    a) the particulars of the person or persons to whom the Notification relates,
    b) the event that is the reason for the Notification,
    c) state their claims and the legal basis for those claims,
    d) indicate the way in which the case is expected to be handled.
  4. The website has an informative function only. Our Website uses cookie technology in order to adapt its functioning to your individual needs. The owners of other websites will not have access to this data and information. If, however, you do not agree to the personalisation of the Website, we suggest that you disable the use of Cookies in the options of your Internet browser.
  5. You may use the email addresses and telephone numbers provided on the Website, or use the contact form to get in touch.
  6. Each of you as a user of our Website is able to choose whether and to what extent you want to use our services and share information and data about yourself within the scope of this Privacy Policy.
  7. Personal data are processed by our company as a Personal Data Controller in order to provide the services to you (i.e. the data subject) offered in the course of our business (legal basis Article 6(1)(b) RODO). In accordance with the principle of minimisation, we process only those categories of personal data which are necessary to achieve the purposes referred to in the preceding sentence. The provision of personal data is necessary for the performance of the Agreement, therefore, if you use the services of the Data Controller, you are obliged to provide such data, and the consequence of failing to provide personal data will be the inability to perform the service. The Data Administrator processes the following categories of personal data: identification data (name and surname and tax identification number NIP in the case of entrepreneurs), address data, i.e. the address of residence / business activity (concerning Entrepreneurs who are contractors of the Data Administrator), contact data (e-mail address, telephone number).
  8. We process personal data for the time necessary to fulfil the purposes mentioned in the preceding sentence. Personal data may be processed for a longer period than indicated in the preceding sentence in case such a right or obligation imposed on the Personal Data Controller arises from specific provisions of law or in case the service we provide is of continuous character. After the termination of the contract concluded with the Administrator, personal data shall be stored for the period provided for the limitation of claims.
  9. The source of the Personal Data processed by the Controller is the data subjects.
  10. Your personal data is not transferred to a third country within the meaning of the provisions of the RODO. Where personal data is transferred to a third country, data subjects shall be informed in advance and the Personal Data Controller shall apply the safeguards referred to in Chapter V of the RODO.
  11. We do not disclose any personal data to third parties without the express consent of the data subject. Personal data without the consent of the data subject may be disclosed only to entities under public law, i.e. authorities and administration (e.g. tax authorities, law enforcement agencies and other entities empowered by generally applicable laws).
  12. Personal Data may be entrusted by us to processors. In such a situation, as the Personal Data Controller, we enter into a personal data processing entrustment agreement with the processor. The processing entity shall process the entrusted personal data, but only for the purposes, to the extent and for the purposes indicated in the entrustment agreement referred to in the preceding sentence. Without the entrustment of your personal data for processing, we would not be able to carry out our activities. The data controller has entrusted the accounting service provider and the hosting provider with personal data for processing.
  13. Personal data is not subject to profiling within the meaning of the RODO by the Personal Data Controller.
  14. Under the provisions of the RODO, every person whose personal data we process as a Personal Data Controller has the right to:
    a) the right to be informed about the processing of personal data, referred to in Article 12 of RODO – the controllers are obliged to provide the data subjects with the information specified in RODO (inter alia about their data, contact details of the DPO, purposes and legal basis of the processing, recipients or categories of recipients of the personal data, if any, or the period for which the data will be processed or the criteria for determining this period). This obligation shall be fulfilled already at the moment of collecting the data (e.g. when the customer places the order in the online shop), and if the data are not obtained from the data subject, but from another source – within a reasonable time, depending on the circumstances. The controller may refrain from providing this information if the data subject already has it,
    b) access to your personal data as provided for in Article 15 of the RODO – if you provide us with personal data, you have the right to inspect and access it; however, this does not mean that you have the right to access all the documents on which your data appears, as these may contain confidential information; however, you have the right to be informed which of your data and for what purpose we process it, and the right to obtain a copy of your personal data, with the first copy being issued to you free of charge, and for each subsequent copy an appropriate administrative fee corresponding to the cost of making the copy in accordance with the provisions of the RODO,
    c) correcting, supplementing, updating, rectifying personal data referred to in Article 16 of the RODO – if your personal data has changed, please inform us as the Personal Data Controller of this fact so that the data in our possession is accurate and up-to-date; also, if there has been no change to your personal data, but for whatever reason the data is incorrect or has been recorded incorrectly (e.g. as a result of a typing error), please inform us in order to correct or rectify such data,
    d) erasure (the right to be forgotten) as referred to in Article 17 of the RODO – in other words, you have the right to request the “erasure” of data held by us as the Personal Data Controller and the right to request that we, as the Personal Data Controller, inform other controllers to whom we have provided your data of the need to erase it. You may request the erasure of
    your personal data primarily when:
    – the purposes for which the personal data was collected have been fulfilled, e.g. we have fully performed the sales contract concluded with you,
    – the processing of your personal data was based solely on consent, which was subsequently withdrawn and there are no other legal grounds for further processing of your personal data
    – you have lodged an objection based on Article 21 of the RODO and you consider that we have no overriding legal grounds to continue processing your personal data,
    – Your personal data have been processed unlawfully, i.e. for unlawful purposes or without any basis for processing your personal data – please note that in this case you must have a basis for your request,
    – the need to delete your personal data results from legal provisions,
    – the personal data concern a minor and were collected in connection with the provision of information society services,
    e) Restriction of processing as referred to in Article 18 of the RODO – you can apply to our company to restrict the processing of your personal data (which would consist of our company primarily just storing it until the dispute is resolved) if:
    – you contest the accuracy of your personal data, or
    – you consider that we are processing your data without a legal basis, but at the same time you do not want us to delete the personal data (i.e. you do not exercise the right referred to in the preceding paragraph), or
    – you have submitted an objection as referred to in point (f) of this paragraph, or
    – Your personal data is needed to establish, assert or defend claims, e.g. before a court,
    f) data portability as referred to in Article 20 of the RODO – you have the right to obtain your data in a computer readable format and the right to have it transmitted in such a format to another controller; you have this right only if the processing of your data was based on consent or if the data was processed by automated means,
    g) object to the processing of your personal data as set out in Article 21 of the RODO – you have the right to object if you do not agree with us processing your personal data that we have previously processed for legitimate lawful purposes,
    h) not to be subject to profiling as referred to in Article 22 in conjunction with Article 4(4) of the RODO – on our Website, you will not be subject to automated decision-making or profiling within the meaning of the RODO, unless you have given your consent; in addition, we will always inform you of profiling should it take place,
    i) lodge a complaint to the supervisory authority (i.e. the President of the Office for Personal Data Protection) referred to in Article 77 of the RODO – if you believe that we are processing your personal data unlawfully or in any way violating your rights under generally applicable data protection legislation.
  15. With regard to the right to erasure (right to be forgotten), we point out that under the provisions of the RODO you do not have the right to exercise this right if:
    a) the processing of your personal data is necessary for the exercise of your right to freedom of expression and information, e.g. if you have posted your data on a blog, in comments, etc,
    b) the processing of your personal data is necessary for us to comply with legal obligations under the law – we cannot delete your data for the period necessary to comply with obligations (e.g. tax obligations) which are imposed on us by the law,
    c) the processing of your data is carried out for the purpose of asserting, establishing or defending claims.
  16. If you wish to exercise your rights referred to in the preceding paragraph, please send a message by e-mail to: email: or contact the Personal Data Controller.
  17. Each identified security breach shall be documented and, if one of the situations specified in the provisions of the RODO or the Act occurs, the data subjects and, if applicable, the PUODO shall be informed of such breach of data protection legislation. Address details: Office for Personal Data Protection 2 Stawki Street , 00-193 Warsaw.
  18. In matters not regulated by this Privacy Policy, the relevant provisions of generally applicable law shall apply. In the event of inconsistency between the provisions of this Privacy Policy and the aforementioned regulations, these regulations shall prevail.
  19. The Personal Data Controller further informs that he has appointed a Data Protection Officer. Contact to the Data Protection Inspector: Karol Zaczek, +793083441, email: