Information clause for online store customers

Pursuant to art. 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (General Data Protection Regulation) hereinafter: GDPR, we provide the following information:

Who is the administrator of your personal data?

  • The administrator of your personal data is NANOXO Sp. z o.o., ul. Marcina Kasprzaka 44/52, 01-224 Warsaw, KRS (National Court Register): 0000621500.
  1. Have we appointed a Personal Data Protection Inspector? 

No, in matters of the protection of your personal data and the exercise of your rights, contact the administrator via e-mail:, tel. +48 22 378 48 30 or in writing to the address of our office, indicated in point 1.

The purposes of processing your personal data and the legal basis for processing

Processing and performance of your orderArt. 6 law. 1 lit. b) GDPR
Contact you on provided by you contact details to process further  of your order (e.g. order confirmation or cancellation)Art. 6 law. 1 lit. b) GDPR
Execution of our right to pursue and secure claims, and thus process your personal data for this purpose – this is our legitimate interestArt. 6 law. 1 lit. f) GDPR
  • Who can your data be shared with?

    As a professional entity, we care about the confidentiality of your data. However, due to the need to provide us as an entrepreneur with an appropriate organization in the field of IT infrastructure or in relation to current matters related to our business and in connection with the performance of your rights as our client – we may disclose your personal data to the following categories of entities:

    1. service providers supplying us with IT solutions consisting in the development and maintenance of IT systems and websites, and
    2. entities enabling us to perform organizational and technical fulfillment of the order and / or concluded contracts – they are:
      • postal operators through whom we will deliver correspondence,
      • courier companies through which we will deliver parcels to you,
      • law offices, when our legitimate interest in securing or pursuing claims requires it,
      • debt collection companies,
      • Banks through which we make payments
      1. entities authorized to obtain personal data on the basis of legal provisions.
  • Is my data transferred outside of the European Union?
    Your personal data are not transferred outside the European Union
  • How long is my personal data processed?
    Your personal data will be stored for the purpose of concluding and performing the order and for fulfilling the obligation to keep financial and tax documentation for the period resulting from art. 70 § 1 in connection from art. 86 § 1 Tax Code of 29 August 1997 (Journal of Laws of 2019, item 900, i.e. as amended), i.e. for a period of 5 years from the end of the calendar year in which the tax payment deadline expired.


  • What are your rights?

    You have the right to:

    1. to access your data and receive a copy of it;
    2. to rectify (correct) your data;
    3. to delete your data if you think that there are no grounds for us to process it;
    4. to limit data processing:
      • by processing your data solely for their storage or performing activities agreed with you, if you believe that we have incorrect data about you or we process them unreasonably or
      • if you do not want us to delete them, because your data is needed to determine, pursue or defend your claims, or
      •  while you object to the processing of your data;
    5. to object to the processing of your data on the basis of our legitimate interest, then we will cease processing it, unless we prove that there are valid legally justified grounds for us in relation to your data that override your interests, rights and freedoms or Your data will be necessary for us to determine, pursue or defend claims;
    6. to transfer data by receiving from us in a structured, commonly used machine-readable format (e.g. “csv” format) of your data that you provided to us under a contract, you can also order us to send this data directly to another entity.
  • To exercise the rights set out above, please contact the Administrator.
    You have the right to lodge a complaint with the supervisory body when you feel that your data is being processed unlawfully and in this respect you can submit a complaint to the President of the Office for Personal Data Protection, ul. Stawki 2 Warsaw.
  • Is it obligatory to provide my personal data?
    Provision of your personal data is fully voluntary, but without providing it performance of the order will not be possible
  • Is there automated decision making, including profiling?
    No, there is no automated decision making, including profiling