Privacy policy
This Privacy Policy sets out the rules for the processing of personal data and the use of cookies on the website www.hells-eggs.com (hereinafter referred to as the “Website”), operated by the Controller:
Fakturownia.pl – invoicing software
HELLS EGGS Sp. z o.o.
Bratysławska 1/A
31-201 Kraków, Poland
Tax ID (NIP): 9452325886, REGON: 544046475, KRS: 0001225244
E-mail: office@hells-eggs.com
The Controller takes all reasonable steps to ensure that personal data is processed lawfully, fairly and transparently, and that the rights of data subjects are respected in accordance with applicable law, including Regulation (EU) 2016/679 (GDPR).
Definitions
- Controller – the entity responsible for processing users’ personal data.
- Personal data – any information that makes it possible to identify a natural person.
- User – any natural person visiting the Website or using its functionalities.
- GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
- Cookies – IT data stored on the user’s end device and used by the Website.
Privacy Notice
Personal data controller:
The controller of personal data is HELLS EGGS Sp. z o.o., with its registered office at: Bratysławska 1/A, 31-201 Kraków, Poland.
How to contact the Controller:
E-mail: office@hells-eggs.com
The Controller has not appointed a Data Protection Officer. For matters related to data processing, you may contact us via e-mail at: office@hells-eggs.com
Purposes of data processing and legal bases:
| Purpose of processing | Legal basis |
|---|---|
| Responding to enquiries and contact requests | Art. 6(1)(b) GDPR |
| Performance of a contract or order | Art. 6(1)(b) GDPR |
| Issuing accounting documents | Art. 6(1)(c) GDPR |
| Sending commercial information | Art. 6(1)(a) GDPR |
| Direct marketing (e.g. remarketing, newsletter) | Art. 6(1)(f) GDPR |
| Statistics and traffic analysis | Art. 6(1)(f) GDPR |
| Marketing profiling (e.g. in advertising systems) | Art. 6(1)(a) GDPR |
| Handling registration forms, contact forms, newsletter subscriptions, reCAPTCHA | Art. 6(1)(a), (b) and (f) GDPR |
Scope of processed data:
Depending on the context:
- In the contact form: first name, e-mail address, telephone number (optional), message content.
- In the case of newsletter subscriptions: e-mail address, IP address, date and time of consent.
- In forms protected by reCAPTCHA: IP address, browser and operating system data, and the way the form is used (clicks, reaction time).
- When entering into a contract: first and last name, company name, address, Tax ID (NIP), e-mail address, telephone number.
- When visiting the website: IP address, server date and time, browser type, operating system data, and Website traffic data.
Server logs:
The Website collects HTTP requests directed to the server. The stored information includes, among others: IP addresses, date and time of the request, browser data, and operating system data. This data is used solely for administrative and statistical purposes.
Security measures:
The Controller implements appropriate technical and organisational measures to ensure the protection of processed personal data. These include, among others, encrypted connections (SSL), regular software updates, and restricting access to data exclusively to authorised persons.
Data recipients:
Data may be disclosed to the following categories of entities:
- hosting providers,
- e-mail service providers,
- IT service providers,
- providers of statistical or marketing tools (e.g. Google, Meta, MailerLite, Hotjar, Twitter),
- providers of CAPTCHA tools (e.g. Cloudflare Turnstile, Google reCAPTCHA),
- providers of multimedia services (e.g. YouTube, Vimeo),
- accounting offices,
- entities processing data on behalf of the Controller,
- authorised state authorities.
Transfer of data to third countries:
When using services such as Google (Analytics, Tag Manager, reCAPTCHA), Meta (Facebook Ads), Twitter, Vimeo, YouTube, and MailerLite – data may be transferred to third countries (e.g. the USA). Data transfers are based on standard contractual clauses approved by the European Commission or within frameworks ensuring an adequate level of data protection.
Data retention period:
Data is stored:
- for the period necessary to achieve the purpose of processing,
- until consent is withdrawn,
- for the period required by law (e.g. 6 years for accounting records),
- until the expiry of limitation periods for claims,
- data may be stored in backup copies of IT systems for no longer than 30 days.
Rights of data subjects:
You have the right to:
- access your data,
- rectify it,
- erase it (the right to be forgotten),
- restrict processing,
- data portability,
- object to processing,
- withdraw consent,
- lodge a complaint with the President of the Personal Data Protection Office (UODO).
Voluntary provision of data:
Providing data is voluntary, but necessary to use certain Website functionalities (e.g. submitting a form, subscribing to the newsletter).
Automated decision-making:
We do not make decisions in an automated manner that produce legal effects. However, profiling may take place for marketing purposes, solely on the basis of previously given consent (Art. 6(1)(a) GDPR). Profiling does not produce legal effects and does not significantly affect the user.
Children’s data:
The Website is not intended for children under the age of 16. The Controller does not knowingly collect children’s data.
Form Privacy Notices
Form protected by reCAPTCHA:
Data protection notice:
This form is protected by Google reCAPTCHA. As part of its operation, Google may process data such as IP address, browser data, cursor activity, and other user behaviour. Data may be transferred outside the European Economic Area (to the USA) based on standard contractual clauses (SCC). Use of the form means acceptance of the Google Privacy Policy and the Terms of Service.
The controller of the data provided in the form is HELLS EGGS Sp. z o.o., while Google LLC acts as an independent controller with regard to the reCAPTCHA service.
Form protected by Cloudflare Turnstile:
Data protection notice:
The form may be protected by Cloudflare Turnstile, which is used to prevent spam and abuse. For this purpose, Cloudflare may process data such as IP address, HTTP headers, device data, and user activity. Data may be transferred outside the European Economic Area (to the USA) based on standard contractual clauses (SCC). Use of the form means acceptance of the Cloudflare Privacy Policy.
The controller of the data provided in the form is HELLS EGGS Sp. z o.o., while Cloudflare Inc. acts as an independent controller with regard to its service.
Newsletter subscription form
Data protection notice:
The controller of your personal data is HELLS EGGS Sp. z o.o. Your data will be processed for the purpose of sending the newsletter – based on your consent (Art. 6(1)(a) GDPR). We use the MailerLite system, which may process data outside the European Economic Area on the basis of standard contractual clauses (SCC). You may withdraw your consent at any time by clicking the unsubscribe link in the message or by contacting the controller.
Cookies and Similar Technologies
General information:
The Website uses cookies and similar technologies which enable, among other things, the proper functioning of the website, traffic analysis, and ad personalisation. They may originate both from the Controller and from third parties (e.g. YouTube, Google, Facebook, Hotjar, Vimeo, MailerLite, Cloudflare, Twitter).
Categories of cookies:
- Necessary – required for the website to function.
- Functional – remember user preferences.
- Analytical – collect statistical data.
- Marketing – enable the display of personalised advertisements.
- External multimedia and integration cookies – enable playback of content from YouTube, Vimeo, maps from Google Maps, and other integrations (e.g. MailerLite forms).
Legal basis for the use of cookies:
- Necessary cookies are installed automatically.
- All other cookies are installed only with the user’s consent (Art. 6(1)(a) GDPR).
Managing cookies:
The user may at any time:
- change cookie settings using the consent management mechanism (e.g. G44CookieConsent),
- block or delete cookies by changing their web browser settings.
Instructions for disabling cookies in popular browsers:
- Chrome: https://support.google.com/accounts/answer/61416
- Firefox: https://support.mozilla.org/pl/kb/ciasteczka
- Safari: https://support.apple.com/pl-pl/guide/safari/sfri11471/mac
- Edge: https://support.microsoft.com/pl-pl/help/4027947/microsoft-edge-delete-cookies
- Opera: https://help.opera.com/pl/latest/web-preferences/
Cookie Table
| Name | Category | Type | Source | Retention period | Purpose |
|---|---|---|---|---|---|
| G44CookieConsent | necessary | persistent | local | up to 365 days | Stores information about cookie consents granted. |
| wordpress_test_cookie | necessary | session | WordPress | until the end of the session | Checks whether the browser accepts cookies. |
| wp-settings-{user} | functional | persistent | WordPress | 1 year | Preserves user interface personalisation. |
| wp_woocommerce_session_ | functional | persistent | WooCommerce | 2 days | Stores the cart session identifier. |
| woocommerce_items_in_cart | functional | session | WooCommerce | until the end of the session | Information about the number of products in the cart. |
| woocommerce_cart_hash | functional | session | WooCommerce | until the end of the session | Allows the cart contents to be restored. |
| _ga | analytical | persistent | 2 years | Distinguishes users for statistical purposes. | |
| _gid | analytical | persistent | 24 hours | Records a unique user identifier. | |
| _gat | analytical | persistent | 1 minute | Limits the number of requests to Analytics. | |
| _fbp | marketing | persistent | 90 days | User identifier for advertising purposes. | |
| fr | marketing | persistent | 90 days | Used for ad personalisation and performance measurement. | |
| hjSessionUser* | analytical | persistent | Hotjar | 365 days | User identifier in the Hotjar tool. |
| _hjIncludedInPageviewSample | analytical | session | Hotjar | until the end of the session | Determines whether the user is included in the sample. |
| __cf_bm | necessary | session | Cloudflare | 30 minutes | Bot verification by Turnstile. |
| _grecaptcha | necessary | persistent | variable | Enables Google reCAPTCHA to function. | |
| player | functional | persistent | Vimeo | 1 year | Remembers player preferences. |
| vuid | analytical | persistent | Vimeo | 2 years | Collects statistical data on playback. |
| yt-remote-* | functional | session | YouTube | until the end of the session | Stores player preferences. |
| _twitter_sess | functional | session | until the end of the session | Maintains the user session. | |
| _mailerlite_session | functional | session | MailerLite | until the end of the session | Manages the user session in the subscription form. |
Changes and Updates
This document may be updated in the event of changes in the law, supervisory authority practices, or the way the Website operates. It is recommended to review the content of this Policy regularly.
Date of last update: 12.03.2026
Contact
For matters related to the protection of personal data, please contact the Controller:
HELLS EGGS Sp. z o.o.
Bratysławska 1/A
31-201 Kraków, Poland
E-mail: office@hells-eggs.com