Privacy policy

Last update: 2 June 2025

ONLINE SHOP PRIVACY POLICY

WWW.WCEHEALTH.DE

§ 1 GENERAL PROVISIONS

1. The controller for the personal data collected via the online shop www.wcehealth.de is WORLD CLASS ENGINEERING TEAM Spółka z ograniczoną odpowiedzialnością, registered in the Commercial Register at the District Court in Gliwice, 10th Economic Division of the National Court Register under KRS number: 0000765847, with its registered office and service address at ul. Kłodnicka 97/312, 41-706 Ruda Śląska, VAT ID: 6412545806, REGON: 382268979, E-mail: krzysztof@wcehealth.de, Telephone: +48 881 500 607, hereinafter referred to as the “Controller,” who also acts as the “Service Provider.”
   
   

2. The personal data collected by the Controller via the website www.wcehealth.de are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).
   
   

3. All capitalized terms used in this Privacy Policy shall have the meanings defined in the General Terms and Conditions of the online shop www.wcehealth.de.
   
   

§ 2 TYPES OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION

1. PURPOSE OF PROCESSING AND LEGAL BASIS. The Controller processes the personal data of users of the online shop www.wcehealth.de in the following cases:
   
   1.1. Registration of an account in the shop to create and manage an individual account pursuant to Art. 6(1)(b) GDPR (performance of a contract for electronic services under the Shop’s General Terms and Conditions),
   1.2. Placing an order in the shop to fulfill a sales contract pursuant to Art. 6(1)(b) GDPR,
   1.3. Use of the review system to submit an opinion about a purchased product and the concluded sales contract pursuant to Art. 6(1)(f) GDPR (legitimate interest of the company).
   
   

2. TYPE OF PERSONAL DATA PROCESSED. The user provides:
   
   2.1. When creating an account: E-mail address,
   2.2. When placing an order: First name and last name, shipping address, tax identification number (NIP), e-mail address, telephone number,
   2.3. In the review system: First name and last name, e-mail address.
   
   

3. DURATION OF PERSONAL DATA STORAGE. The Controller stores users’ personal data as follows:
   
   3.1. Where processing is based on a contract: for as long as necessary to fulfill the contract, and thereafter for the duration of the statutory limitation period. Unless a specific law provides otherwise, the limitation period is six years; for recurring services and business-related claims, it is three years,
   3.2. Where processing is based on consent: until withdrawal of consent and thereafter for a period corresponding to the limitation period for claims that may be brought by or against the Controller. Here, the period is generally six years; for recurring services and business-related claims, it is three years.
   
   

4. During use of the shop, additional information may be collected, in particular: the IP address of the user’s device or the external IP address of the internet service provider, domain name, browser type, access time, and operating system type.
   
   

5. Upon separate consent pursuant to Art. 6(1)(a) GDPR, personal data may also be processed for the sending of commercial information via e-mail or for carrying out telephone direct marketing – pursuant to Art. 398(1) and (2) of the Act of 12 July 2024 on Electronic Communications, including profiling, if the user has consented.
   
   

6. Navigation data may also be collected, such as clicked links or other activities in the shop. The legal basis is the legitimate interest of the Controller pursuant to Art. 6(1)(f) GDPR to improve the functionality and user-friendliness of the provided services.
   
   

7. Providing personal data by the user is voluntary.
   
   

8. The Controller takes special care to protect the interests of data subjects and ensures that the collected data:
   
   8.1. are processed lawfully,
   8.2. are collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
   8.3. are accurate and appropriate to the purposes of processing and not stored longer than necessary to allow identification of the data subjects.
   
   

§ 3 DISCLOSURE OF PERSONAL DATA

1. The personal data of users are transmitted to service providers that the Controller engages in operating the shop, in particular to:
   
   1.1. Delivery companies,
   1.2. Payment system providers,
   1.3. Customer review system providers,
   1.4. Accounting firms,
   1.5. Hosting providers,
   1.6. Software vendors (operational software),
   1.7. E-mail system providers,
   1.8. Online shop software providers.
   
   

2. These service providers (mentioned in point 1 of this paragraph), to whom personal data are transmitted, act – depending on the contractual arrangement and the situation – either on behalf of the Controller as processors or determine the purposes and means of processing on their own (controllers).
   
   

Users’ personal data are stored exclusively within the territory of the European Economic Area (EEA), subject to § 5(5) and § 6 of this Privacy Policy.

§ 4 RIGHT TO CONTROL, ACCESS TO ONE’S PERSONAL DATA AND THEIR CORRECTION

1. Data subjects have the right to access their personal data as well as the right to rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
   
   

2. Legal bases for the user’s requests:
   
   2.1. Right to access data – Art. 15 GDPR,
   2.2. Right to rectification – Art. 16 GDPR,
   2.3. Right to erasure (“right to be forgotten”) – Art. 17 GDPR,
   2.4. Right to restriction of processing – Art. 18 GDPR,
   2.5. Right to data portability – Art. 20 GDPR,
   2.6. Right to object – Art. 21 GDPR,
   2.7. Right to withdraw consent – Art. 7(3) GDPR.
   
   

3. To exercise the rights listed in point 2, a corresponding e-mail may be sent to: natalia@wcehealth.de
   
   

4. In the event of exercising any of these rights by the user, the Controller shall comply with or refuse the request without undue delay, but no later than within one month of receipt. If the complexity or number of requests requires it, this period may be extended by a further two months. The user will be informed of the extension and its reasons within one month.
   
   

5. If it is found that the processing of personal data violates the GDPR, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

§ 5 COOKIES

1. The Controller’s website uses “cookies.”
   
   

2. The installation of cookies is necessary to provide the services on the shop’s website correctly. Cookies contain information required for the proper functioning of the site and allow for the creation of general visit statistics.
   
   

3. Two types of cookies are used on the website: “session cookies” and “persistent cookies.”
   
   3.1. Session cookies are temporary files stored on the user’s device until logout (leaving the site),
   3.2. Persistent cookies are stored on the user’s device for the period defined in the cookie parameters or until deletion by the user.
   
   

4. The Controller uses first-party cookies to better understand user behavior on the website. These files collect information about site usage, the origin of users, and the number and duration of visits. This information does not include specific personal data and is used solely for statistical purposes.
   
   

5. The Controller also uses third-party cookies to collect general and anonymous statistical data with analytics tools such as Google Analytics (external cookie controller: Google LLC, USA).
   
   

6. Cookies may also be used by advertising networks (in particular, Google) to display ads tailored to the user’s behavior in the shop. For this purpose, information such as navigation paths or time spent on specific pages may be stored.
   
   

7. The user has the right to decide about the access of cookies to their computer, in particular by:
   
   7.1. Choosing the types of cookies they consent to when visiting the shop’s website,
   7.2. Changing the settings in the browser. Detailed information on cookie management is also available in the browser software settings.
   
   

§ 6 ADDITIONAL SERVICES IN CONNECTION WITH THE USER’S ACTIVITY IN THE SHOP

1. The shop uses so-called social media plugins (“Plugins”) from social networks. When accessing a page on www.wcehealth.de that contains such a Plugin, the user’s browser establishes a direct connection to the servers of Facebook and Instagram.
   
   

2. The content of the Plugin is sent directly from the respective service provider to the user’s browser and integrated into the page. Through this integration, the service providers obtain the information that the user’s browser has accessed the page www.wcehealth.de – even if the user does not have an account with the provider or is not logged in. This information (including the user’s IP address) is transmitted directly from the browser to the servers of the respective provider (some of which are located in the USA) and stored there.
   
   

3. If the user is logged into one of the aforementioned social networks, the provider may directly associate the visit to www.wcehealth.de with the user’s profile on that platform.
   
   

4. If the user interacts with the Plugin, for example by clicking the “Like” or “Share” button, the corresponding information is also transmitted directly to the provider’s server and stored there.
   
   

5. The purpose and scope of data collection, as well as further processing and use by the providers and the users’ rights and settings to protect privacy, are described in the providers’ privacy policies:
   
   

   • https://www.facebook.com/policy.php
     
     

   • https://help.instagram.com/519522125107875?helpref=page_content
     
     

   • https://policies.google.com/privacy?hl=pl&gl=ZZ
     
     

6. If the user does not want social networks to link the data collected during the visit to www.wcehealth.de directly to their profile, they must log out of the respective network before visiting this page. The user can also prevent Plugins from loading entirely, e.g., by using appropriate browser extensions such as “NoScript.”
   
   

7. The Controller uses remarketing tools on its website, such as Google Ads. The use of these tools is associated with the deployment of cookies by Google LLC that pertain to the Google Ads service. Within the cookie settings mechanism, the user can decide whether the Controller may use Google Ads in relation to them (external cookie controller: Google LLC, USA).

§ 7 FINAL PROVISIONS

1. The Controller implements technical and organizational measures that ensure the protection of processed personal data in accordance with the risks and nature of the data. In particular, the Controller protects data against unauthorized access, theft, unlawful processing, as well as alteration, loss, damage, or destruction.
   
   

2. The Controller provides appropriate technical means to prevent unauthorized capture and alteration of personal data transmitted electronically.
   
   

3. In matters not regulated by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.