Privacy Policy

PRIVACY POLICY

This Privacy Policy explains how TRENDFORMER sp. z o.o., registration no.0000889081, VAT no. 7011024781, with registered address at 18 Jana Dantyszka str., Warsaw, 02-054 Poland (“we”, “us”, “our”) collects and processes information in connection with our B2B online store available at website (the “Store”).

This Policy is intended for business customers (legal entities and sole traders) and their authorized users/contact persons (e.g., employees, directors, representatives) who access or use the Store, deal with us regarding any order, fulfilment or any other matter.

1. Controller and contact

We are the data controller for Personal Data processed under this Privacy Policy.

Contact details:

Email: [email protected]
Postal address: 18 Jana Dantyszka str., Warsaw, 02-054 Poland

2. Personal Data

For the purposes of this Privacy Policy:

“Personal Data” means any information relating to an identified or identifiable natural person (e.g., a company’s employee, director, representative, or a sole trader).

“Company/Business Data” means information relating to a legal entity (company) that does not, by itself, identify a natural person, such as: company legal name, registered address, VAT number, registration number, and general B2B account settings.

In some cases, information provided as Company/Business Data may still qualify as Personal Data (for example, where the customer is a sole trader/individual entrepreneur, or where invoice/billing details include an individual’s name or other identifiers). Where this happens, we treat the relevant information as Personal Data under this Policy.

3. Acknowledgement and responsibilities when providing data

3.1 Acknowledgement of this Policy

When you create an account, submit information, place an order, or otherwise use the Store or communicate with us, you acknowledge that you have had the opportunity to read and understand this Privacy Policy.

3.2 Providing Personal Data of others (representations & warranties)

If you provide us with Personal Data of another person (for example, an employee, contractor, colleague, director, or other representative), you represent and warrant that:

you have the authority to provide such Personal Data on behalf of your organization (and, where applicable, on behalf of the individual);
you have informed the individual about the disclosure and/or transfer of their Personal Data to us and provided them with the information required by applicable data protection laws (including reference to this Privacy Policy, where applicable);
You have obtained any consents or permissions that may be required under applicable law for such disclosure, transferring, and processing (if and to the extent consent is required).

You agree to cooperate with us if we need additional information to address a data protection request or legal obligation related to such Personal Data.

Note: Your acknowledgement of this Policy is not the same as “consent” under GDPR. We rely on consent only where legally required (e.g., certain cookies), as described below.

4. What we collect

4.1 Company/Business Data (not Personal Data in most cases)

We may collect and process:

Company legal name, registered address, delivery address(es)
VAT number and company registration details
Business account details and eligibility/verification status
Company-level pricing rules/discount tiers (if applicable)
Information required to issue invoices to the company (entity identifiers, billing address)

4.2 Personal Data (data about individuals)

We may collect Personal Data of contact persons, representatives, employees, authorized persons, such as:

Name and surname
Business email address and business phone number
Job title/role and department (if provided)
Account identifiers and authentication data (e.g., username, login timestamps)
Communications with us (emails, support requests)
Technical and security data (e.g., IP address, device/browser information, access logs)
Order-related data linked to an individual (e.g., who placed the order, user-level order history)
Postal, delivery or other address (where applicable)

4.3 Order, invoice, and transaction records (may include either business and personal data)

Order and invoicing records typically contain Company/Business Data and may also include Personal Data (e.g., the name of a contact person, representative, employee, officer, address (email, billing and delivery address, etc.)). Such records may be created or updated when you place an order, an invoice is issued, the payment status changes, stock is reserved/released, or an order is cancelled. We process these records as described in this Policy.

4.4 Payment information (limited)

We typically receive payment confirmations and limited transaction details from payment service providers (e.g., transaction ID, status). We do not intentionally store full card details; payment service providers handle such data under their own terms.

We process Personal Data for the following purposes and legal bases:

Purpose	Legal basis
Providing the Store and B2B accounts (login, access to prices, account administration)	contract / steps prior to contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f))
Customer verification and eligibility checks (including first-order internal review)	Legitimate interests (Art. 6(1)(f)); and/or legal obligation (Art. 6(1)(c)) where applicable
Order processing and fulfillment (including logistics)	contract (Art. 6(1)(b))
Payments, invoicing, accounting, and tax compliance	legal obligation (Art. 6(1)(c)) and contract (Art. 6(1)(b))
Customer support and communications	contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f))
Security, fraud prevention, and abuse monitoring	legitimate interests (Art. 6(1)(f))
Cookies and similar technologi	consent (Art. 6(1)(a)) where required for non-essential cookies; and/or necessity / legitimate interests for strictly necessary cookies, as applicable

Company/Business Data is processed for business relationship management, eligibility checks, invoicing, accounting, and compliance. Where Company/Business Data contains or relates to an identifiable individual, the relevant portion is treated as Personal Data and processed under the legal bases above.

For clarity: this Privacy Policy describes how we process data. It does not set or modify the commercial terms of sale, which are addressed separately in our applicable terms and conditions or other contractual documents.

We share Personal Data only as needed for the purposes above:

6.1 Logistics and delivery providers

To ship orders and provide delivery updates, we may share relevant delivery and contact details with logistics partners.

6.2 Payment service providers

To process payments and reconcile transactions, we share necessary identifiers and receive payment status. Some providers may act as independent controllers for certain processing under their own privacy policies.

6.3 Invoicing/billing operator (FakturaXL)

We use FakturaXL (or any other similar service) to generate invoices and manage billing documentation. This may involve sharing company billing details and some personal data (contact details).

6.4 IT, hosting, analytics, and support tools

We may use vendors that process data on our instructions as processors (hosting, security, analytics, support), subject to appropriate contracts and safeguards.

6.5 Legal, compliance, and advisers

We may disclose data to regulators, courts, law enforcement, or professional advisers where required by law or necessary to protect rights and safety.

6.6 Cookies and similar technologies

We use cookies and similar technologies for:

Strictly necessary cookies (authentication/session, security, access to non-public pricing)
Preference cookies (company-specific settings, authorized features, personalization such as company discounts where applicable)
Analytics cookies (optional; subject to consent where required)

Cookie controls and consent management: cookie settings link / banner tool.

7. Data retention (including invoices and B2B records)

We retain Personal Data only for as long as necessary for the purposes described in this Privacy Policy. Retention periods depend on the nature of the data, the purpose of processing, and applicable legal requirements, including statutory retention obligations and limitation periods. In particular:

7.1 Account and access data: while the business relationship is active and thereafter as needed for account administration, audit trails, internal controls, and to prevent misuse (e.g., re-registration abuse). Where feasible, we may deactivate accounts and minimise retained data (for example, by removing optional profile fields).
7.2 Orders, invoices, and accounting/tax/ operational records: for the period required by applicable tax, accounting, and financial reporting laws and standards (which may vary by jurisdiction and document type).
7.3 Commercial, contractual, and payment records: for as long as reasonably necessary to manage and evidence the business relationship and to establish, exercise, or defend legal claims. This may include order history, communications, confirmations, delivery records, payment records (to reconcile payments, investigate failed or delayed payments, manage refunds (if applicable), address chargebacks/claims raised through payment providers, and maintain reliable financial audit trails), reminders, cancellation history, returns (if applicable), after-sales support, operational reconciliation (including warehouse and shipment tracking), and any related documentation and communication (including chargebacks, debt recovery, and dispute handling).
7.4 Contract administration and commercial communications: for as long as necessary to document and manage the business relationship (including quotes, approvals, customer service correspondence, and key operational decisions), and to demonstrate compliance with our policies and obligations.
7.5 Legal claims, disputes, and enforcement: for as long as reasonably necessary to establish, exercise, or defend legal claims, including claims relating to orders, payment/non-payment, contractual performance, delivery issues, customer requests, complaints, warranty-related communications, service quality matters, and to document outcomes and follow-up actions, as well as any related correspondence. Retention in this category typically aligns with applicable statutory limitation periods and may be extended if a dispute, claim, or regulatory matter is ongoing.
7.6 Customer service and complaint handling: for as long as necessary to address.
7.7 Product quality, safety, and regulatory matters: where necessary to investigate, respond to, and document product quality and safety issues (including, but not limited to, incident reports, warranty issues, recalls, regulatory inquiries, compliance checks, and product liability claims). This may require retaining relevant order, batch/lot (if applicable), shipping and delivery records and associated contact details for the applicable limitation period(s) or as otherwise required by law.
7.8 Compliance, regulatory and audit records: where necessary to comply with legal obligations, respond to lawful requests from authorities, and meet audit, governance, and risk-management requirements.
7.9 Fraud prevention and security: for a limited period appropriate for security monitoring, fraud detection, abuse prevention, incident investigation, and to maintain the integrity of the Store (including relevant logs and risk signals), subject to appropriate access controls and minimisation.
7.10 Marketing preference and suppression data: where required to record opt-outs and ensure we respect marketing preferences (e.g., maintaining a suppression list), we may retain minimal data necessary to prevent sending unwanted communications.
7.11 Backups and archiving: Personal Data may remain in backups for a limited period in accordance with our backup and disaster-recovery procedures. Where feasible, we restrict access to backups and use them only for restoration, security, and integrity purposes.

When retention is no longer necessary, we delete Personal Data or anonymize it in a way that it can no longer be linked to an identifiable individual, unless further retention is required by law.

8. International transfers

If we transfer Personal Data outside the EEA/UK, we use appropriate safeguards such as adequacy decisions and/or Standard Contractual Clauses (SCCs) with supplementary measures.

Subject to conditions and exemptions, any individual may have the right to:

access his/her Personal Data;
rectify inaccurate data;
request erasure (“right to be forgotten”);
restrict processing;
object to processing based on legitimate interests;
data portability (where applicable);
withdraw consent (where processing is based on consent).

9.1 Important note on erasure requests (including sole traders)

The right to erasure is not absolute. If you request deletion, we will delete or anonymize Personal Data where we can, but we may need to retain certain Personal Data where necessary:

to comply with a legal obligation (for example, accounting and tax recordkeeping for invoices and transaction documentation, and product safety/traceability recordkeeping where required);
for reasons of public interest in the area of public health and/or product safety, where applicable (for example, to support product safety investigations, corrective actions, or recalls/field actions, and to meet traceability requirements);
for the establishment, exercise, or defence of legal claims (for example, handling disputes, chargebacks, complaints, product liability matters, or compliance matters).

Where we retain data after an erasure request, we will restrict access to the retained records, limit their use to the purposes above, and apply appropriate technical and organizational safeguards.

To exercise rights: [email protected]. We may need to verify identity and/or authority.

You may lodge a complaint with your local supervisory authority.

registration no. 0000889081

VAT no. 7011024781

18 Jana Dantyszka str., Warsaw, 02-054