Privacy Policy
Effective from May 8, 2026
In short: Your personal data is processed only to provide our services, communicate with you, and where required by law. You have full control over your data and can erase, correct, or port it at any time.
§ 1. Data Controller
The Controller is Green Eco World sp. z o.o., registered office at ul. Kolejowa 20, 64-300 Nowy Tomyśl, Poland, EU VAT ID: PL7882038912.
Data protection contact: gdpr@stronaw24h.com
§ 2. Legal bases (GDPR)
- Art. 6(1)(b) GDPR — performance of contract or pre-contractual steps.
- Art. 6(1)(c) GDPR — legal obligations (invoicing, accounting, taxes).
- Art. 6(1)(f) GDPR — legitimate interests (own marketing, claims, security).
- Art. 6(1)(a) GDPR — your consent (newsletter, marketing cookies).
§ 3. What data we process
| Purpose | Data | Retention |
|---|
| Quote and order handling | Name, email, phone, company VAT-ID | 5 years from last contact |
| Service delivery | Company data, Site content, login data | 3 years after termination |
| Invoices and accounting | Full billing data | 5+ years (legal) |
| Own marketing | Email | Until consent withdrawn |
| Analytics cookies | Anonymized IP, behavior | 26 months (GA4) |
| Marketing cookies | Browser identifiers | Up to 13 months (Meta) |
§ 4. Recipients
- Hosting provider — Hostinger International Ltd.
- Payment processors — Stripe, PayPal
- Accounting and tax advisors
- Email providers — Google Workspace
- Analytics and marketing — Google, Meta (only with consent)
- Authorities — when legally required
All processors are bound by GDPR-compliant data processing agreements.
§ 5. Transfers outside the EEA
Some providers (Google, Meta, Stripe) are based in the US. Transfers are made under the EU-US Data Privacy Framework adequacy decision (July 2023) or Standard Contractual Clauses approved by the European Commission.
§ 6. Your rights (GDPR)
- Access (Art. 15)
- Rectification (Art. 16)
- Erasure / right to be forgotten (Art. 17)
- Restriction (Art. 18)
- Portability (Art. 20)
- Objection (Art. 21)
- Withdraw consent at any time
- Lodge complaint with supervisory authority — UODO (Poland), uodo.gov.pl, or the supervisory authority in your country of residence
To exercise any right, email gdpr@stronaw24h.com. We respond within 30 days.
§ 7. Cookies
See our Cookie Policy.
§ 8. Security
- SSL/TLS (HTTPS) encryption
- Hashed and salted passwords
- Access limited to authorized staff under confidentiality agreements
- Regular backups and security monitoring
- Breach notification within 72 hours to authority and to you without delay
§ 9. Changes
We may update this Policy. Material changes are communicated by email.
§ 10. Contact