Privacy Policy



Data Controller: Warszawska Fabryka Platerów HEFRA S.A. with its registered office at ul. Żeglarska 8, 59-220 Legnica, Poland, entered into the Register of Businesses kept by the District Court for Wrocław-Fabryczna in Wrocław, 9th Commercial Division of the National Court Register (KRS) under the KRS number 0000040919, Share capital: 5 348 900,20 PLN, NIP Tax Identification Number 5270206010.


Personal Data/Data: all information about an identified or identifiable natural person through one or more specific factors determining the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, including the IP number of the device, location data, Internet identifier and information collected through cookies and other similar technology


Policy: this Privacy Policy


GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 7 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).


Online Shop: the website managed by the Data Controller, which informs about the Data Controller’s commercial activity and offer, and enables the conclusion of sales contracts located under the URL address: https://hefra.pl/.


You/User: any natural person visiting the Online Shop or using the functionalities of the Online Shop.


Sales contract: the contract concluded by the User with the Data Controller, the subject of which is the purchase by the User of products offered through the Online Shop.




The Data Controller collects data for clearly specified legitimate purposes, processes them in accordance with the law and does not subject them to any further processing contrary to those purposes. Data shall be collected only to the extent that is adequate, necessary and required for the purposes for which they are processed.

The Data Controller does not process any special categories of data. The Data Controller makes every effort to protect the data against any unauthorized access by third parties and, to this end, has in place all appropriate organizational and technical protection measures of a high level. The Data Controller does not provide the data to any third parties who are not authorised to be provided with them pursuant to the relevant applicable provisions of law.

Personal data of persons using the Online Shop (including their IP address or other identifiers and information collected through cookies or other similar technologies) are processed by the Data Controller for the following purposes:


·        Performance of a Sales Contract or taking any steps at the request of the Data Subject prior to entering into a Sales Contract - in which case the legal basis for processing is its necessity for the performance of the contract (GDPR Article 6(1)(b)),


·        For marketing purposes, including direct marketing purposes - then the legal basis for the processing is the Data Controller’s legitimate interest (GDPR Article 6(1)(f)) pursued to reach potentially interested parties with their offer,


·        Expression of the Customer’s opinion about the concluded Sales Contract - the legal basis of the processing is the User’s consent to the processing of his/her personal data for one or more specific purposes (GDPR Article 6(1)(a)),


·        Keeping records for tax or accounting purposes - the legal basis for processing is the compliance with a legal obligation to which the Data Controller is subject (GDPR Article 6(1)(c) in connection with Article 86(1) of the Tax Ordinance of 17 January 2017 (Journal of Laws of 2017, item 201) or Article 74 section 2 of the Accounting Act of 30 January 2018 (Journal of Laws of 2018, item 395),


·        Establishing, asserting or defending claims which may be raised by the Data Controller or which may be raised against the Data Controller - the legal basis is the necessity to satisfy legitimate purposes vested in the Data Controller (GDPR Article 6(1)(e)).




The data retention period by the Data Controller shall depend on the purpose for processing data indicated in Point 2 hereof. As a rule, the data shall be processed for the duration of service provision until the withdrawal of the consent given or the effective objection raised.


The retention period may be extended where data retention is necessary to establish, assert or defend against possible claims, and thereafter only if and to the extent required by law.




The User shall have the right to: request access to the data, request correction or erasure of the data, request restriction or transfer of the data, object to the processing of the data, as well as make a complaint with the supervisory authority responsible for personal data protection.


To the extent that your data is processed on the basis of your consent, you may withdraw your consent at any time by contacting us using the contact details provided in section 9 of the Policy.




You have the right at any time to object to the processing of your data for reasons related to your specific situation in cases where the legal basis for the processing of your data is our legitimate interest.




In connection with the provision of services, personal data may be disclosed to external third parties, in particular to service providers responsible for the maintenance of IT systems used for the provision of services, to certain other third parties such as banks and payment operators, research companies, providers of accounting services, couriers (for the purposes of order execution), and marketing agencies (for the purposes of providing marketing services) and to any third parties related to the Data Controller, including any companies from the Data Controller’s group.


With the User’s consent, the User’s data may also be made available to any other third parties for their own purposes, including marketing purposes.


The Data Controller reserves the right to disclose any information concerning the User to the competent authorities or third parties who request such information, on an appropriate legal basis and in accordance with the provisions of applicable law.




The level of personal data protection outside the European Economic Area (EEA) differs from that provided by European law. For this reason, the Data Controller shall transfer personal data outside the EEA only where necessary and with a similar degree of protection, as ensured by:


·        the cooperation with service providers processing data which are domiciled in countries for which a relevant European Commission decision has been issued;


·        the use of standard contractual clauses (model contracts for the transfer of personal data to third countries) approved by the European Commission;


·        the application of binding corporate rules approved by a competent supervisory authority;


·        for personal data transferred to the USA – the cooperation with service provides that are part of the Privacy Shield approved by the decision of the European Commission.


The Data Controller shall always indicate its intention to transfer personal data outside the EEA at the stage of their collection.




The Data Controller shall analyse any risks on an ongoing basis in order to ensure that personal data are processed by the Controller in a secure manner, ensuring first of all that only authorised persons have access to the data and only to the extent necessary for the performance of their tasks. The Data Controller shall ensure that all operations on personal data are recorded and carried out only by authorised employees and associates.


The Data Controller shall take all necessary steps to ensure that its contractors and other third parties the Controller cooperates with also guarantee the application of appropriate security measures whenever they process personal data on behalf of the Data Controller.




You can contact us using the following details:

·        via e-mail address: sekretariat@hefra.pl or

·        in writing to the postal address:

Warszawska Fabryka Platerów Hefra S. A.

ul. Żeglarska 8

59-220 Legnica.




The policy is reviewed on an ongoing basis and updated as necessary. The current version of the Policy was adopted on, and is effective from, 25 May 2018.




Cookie files (or cookies) are data, specifically small text files, stored on the end device of the User browsing the Online Shop. Cookies usually contain the name of the Online Shop’s website they come from, the time they have been stored on the end device, and a unique number. In this Policy, any information concerning cookies shall also apply to other similar technologies used in the Online Shop.


Online Shop Cookies


The Data Controller uses Online Shop Cookies primarily to display the content and improve the quality of services provided to Users. Therefore, the Data Controller and other third parties providing analytical and statistical services to the Data Controller use cookies, storing information or gaining access to information already stored in the User’s telecommunications end device (computer, telephone, tablet, etc.).


The cookies used for the aforementioned purposes include:


·        cookies with data entered by the User (session identifier) for the duration of the session (user input cookies);


·        cookies used for services requiring authentication for the duration of a session (authentication cookies);


·        security-related cookies, e.g. used to detect authentication fraud (user centric security cookies);


·        session cookies of multimedia players (e.g. flash player cookies), for the duration of the session (multimedia player session cookies);


·        permanent cookies used to personalise the user interface, for the duration of a session or slightly longer (user interface customisation cookies);


·        cookies used to monitor the traffic on the website (web analytics cookies).


Marketing Cookies


The Data Controller also uses cookies for marketing purposes. For this purpose, the Data Controller stores information or gains access to information already stored in the User’s telecommunications end device (computer, telephone, tablet, etc.). The use of cookies and personal data collected through them for marketing purposes requires your consent. You can withdraw your consent at any time, but this does not affect the lawfulness of any profiling for marketing purposes carried out before you withdraw your consent.

This websites use cookies. By using this website you consent to our use of these cookies.Cookies Policy

Sklep internetowy Shoper.pl