Unless otherwise specified below, the provision of your personal data is neither legally nor contractually required. You are not obliged to provide the data. Failure to provide it will have no consequences, unless otherwise stated in the following processing operations.

Personal data refers to all information related to an identified or identifiable natural person.

Server Log Files

You can visit our websites without providing any personal information.

Each time you access our website, your internet browser transmits usage data to us or our web host, which is stored in server log files. This data includes, for example, the name of the accessed page, date and time of access, IP address, amount of data transferred, and the requesting provider.

Processing is carried out in accordance with Article 6(1)(f) GDPR due to our legitimate interest in ensuring the smooth operation of our website and improving our services.

Contact

Responsible Party

Contact us if you have any questions. The responsible party for data processing is:

Łukasz Lodwich
Złotej Lilii 6a
51-376 Wrocław, Poland
Phone: +48 666 312 064
Email: shop@hwesta.eu

Customer-Initiated Contact via Email

If you contact us by email on your own initiative, we will collect your personal data (name, email address, message text) only to the extent you provide. The data processing serves the purpose of handling and responding to your inquiry.

If the contact is made to carry out pre-contractual measures (e.g., inquiries about purchases, offer creation) or relates to an already concluded contract between you and us, this data processing is based on Article 6(1)(b) GDPR.

If the contact is made for other reasons, the data processing is based on Article 6(1)(f) GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.

We use your email address only to process your inquiry. Your data will be deleted in compliance with legal retention periods, unless you have consented to further processing and use.

Orders

Collection, Processing, and Disclosure of Personal Data in Orders

When placing an order, we collect and process your personal data only to the extent necessary to fulfill and process your order as well as handle your inquiries. The provision of data is required for concluding the contract. Failure to provide it will result in the inability to conclude a contract. Processing is carried out in accordance with Article 6(1)(b) GDPR and is necessary for fulfilling a contract with you.

Your data will be disclosed, for example, to the shipping company you selected, dropshipping providers, payment service providers, service providers for order processing, and IT service providers. In all cases, we strictly adhere to legal requirements. The scope of data transmission is limited to a minimum.

Payment Service Providers

Use of PayPal

We use the PayPal payment service on our website, provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; "PayPal"). The data processing serves the purpose of enabling you to make payments through this service. By selecting and using payment via PayPal, the data necessary for payment processing is transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.

All PayPal transactions are subject to the PayPal Privacy Policy.

Use of PayPal Express

We use the PayPal Express payment service on our website, provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; "PayPal"). The data processing serves the purpose of enabling you to make payments through the PayPal Express payment service. To integrate this payment service, it is necessary for PayPal to collect, store, and analyze data (e.g., IP address, device type, operating system, browser type, location of your device) when accessing the website. Cookies may also be used. These cookies enable the recognition of your browser.

The processing of your personal data is based on Article 6(1)(f) GDPR due to our overriding legitimate interest in providing a customer-oriented offering of various payment methods. You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(f) GDPR.

By selecting and using PayPal Express, the data necessary for payment processing is transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.

For more information on data processing when using the PayPal Express payment service, please refer to the corresponding privacy policy at www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=en_GB#Updated_PS.

Use of PayPal Check-Out

We use the PayPal Check-Out payment service on our website, provided by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; "PayPal"). The data processing serves the purpose of enabling you to make payments through this payment service. By selecting and using payment via PayPal, credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, the data required for payment processing is transmitted to PayPal to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.

Cookies may be stored in this process, allowing the recognition of your browser. The resulting data processing is based on Article 6(1)(f) GDPR due to our overriding legitimate interest in offering various customer-friendly payment options. You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(f) GDPR.

Credit Card via PayPal, Direct Debit via PayPal & "Pay Later" via PayPal

For certain payment methods, such as credit card via PayPal, direct debit via PayPal, or "Pay Later" via PayPal, PayPal reserves the right to conduct a credit check based on mathematical-statistical methods using credit agencies. For this purpose, PayPal transmits the personal data required for the credit assessment to a credit agency and uses the obtained information regarding the statistical probability of a payment default to make a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (score values), which are calculated based on scientifically recognized mathematical-statistical methods and may incorporate address data in the calculation. Your interests worthy of protection are taken into account in accordance with legal requirements. The data processing serves the purpose of credit assessment for contract initiation. The processing is based on Article 6(1)(f) GDPR due to our overriding legitimate interest in preventing payment defaults when PayPal provides advance payment.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(f) GDPR by notifying PayPal. The provision of data is required for the conclusion of the contract with your selected payment method. Failure to provide it means that the contract cannot be concluded with the selected payment method.

Third-Party Providers

When paying via a third-party provider’s payment method, the necessary payment processing data is transmitted to PayPal. This processing is based on Article 6(1)(b) GDPR. To execute this payment method, the data may then be transferred by PayPal to the respective provider. This processing is based on Article 6(1)(b) GDPR. Local third-party providers may include:

Sofort (SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany)

giropay (Paydirekt GmbH, Stephanstr. 14-16, 60313 Frankfurt am Main, Germany)

Invoice Purchase via PayPal

When paying via the "Invoice Purchase" payment method, the necessary payment processing data is initially transmitted to PayPal. To execute this payment method, PayPal then transmits the data to Ratepay GmbH (Franklinstraße 28-29, 10587 Berlin, Germany; "Ratepay") to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR. Ratepay may conduct a credit check based on mathematical-statistical methods (probability or score values) using credit agencies, following the same process described above. The data processing serves the purpose of credit assessment for contract initiation. The processing is based on Article 6(1)(f) GDPR due to our overriding legitimate interest in preventing payment defaults when Ratepay provides advance payment.

For further information on data protection and which credit agencies Ratepay uses, please visit https://www.ratepay.com/legal-payment-dataprivacy/ and https://www.ratepay.com/legal-payment-creditagencies/.

For more information on data processing when using PayPal, please refer to the corresponding privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

Use of the Stripe Payment Service Provider

We use the Stripe payment service on our website, provided by Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. The data processing serves the purpose of enabling you to make payments through the Stripe payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe to fulfill the contract with you using the selected payment method. This processing is based on Article 6(1)(b) GDPR.

Stripe reserves the right to conduct a credit check based on mathematical-statistical methods using credit agencies. For this purpose, Stripe transmits the personal data required for the credit assessment to a credit agency and uses the obtained information regarding the statistical probability of a payment default to make a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (score values), which are calculated based on scientifically recognized mathematical-statistical methods and may incorporate address data in the calculation. Your interests worthy of protection are taken into account in accordance with legal requirements. The data processing serves the purpose of credit assessment for contract initiation. The processing is based on Article 6(1)(f) GDPR due to our overriding legitimate interest in preventing payment defaults when Stripe provides advance payment.

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data based on Article 6(1)(f) GDPR by notifying Stripe. The provision of data is required for the conclusion of the contract with your selected payment method. Failure to provide it means that the contract cannot be concluded with the selected payment method.

All Stripe transactions are subject to the Stripe privacy policy, which can be found at Stripe Privacy Policy.

Data Subject Rights and Retention Period

Retention Period

After full contract execution, the data will first be retained for the duration of the warranty period, then stored in compliance with statutory retention periods, particularly tax and commercial law requirements, and deleted after the expiration of those periods unless you have consented to further processing and use.

Rights of the Data Subject

If the legal requirements are met, you have the following rights under Articles 15 to 20 GDPR: the right to access, rectification, deletion, restriction of processing, and data portability.

Additionally, under Article 21(1) GDPR, you have the right to object to processing based on Article 6(1)(f) GDPR, as well as to processing for direct marketing purposes.

Right to Object

If the processing of personal data listed here is based on our legitimate interest under Article 6(1)(f) GDPR, you have the right to object to this processing at any time for reasons arising from your particular situation, with effect for the future.

Once an objection is made, the processing of the affected data will be discontinued unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or if the processing serves the assertion, exercise, or defense of legal claims.

Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is not lawful.

We value your privacy
We use cookies and similar technologies on our website and process personal data of visitors to our website (e.g. IP address), e.g. to personalise content and advertisements, to integrate media from third-party providers or to analyse access to our website. Data processing only takes place when cookies are set. We share this data with third parties that we name in the settings. Data processing may be carried out with consent or on the basis of a legitimate interest. Consent can be given or refused. There is a right not to consent and to change or withdraw consent at a later date. We provide more information about the use of personal data and the services in our Privacy Settings