Privacy policy

PRIVACY POLICY OF THE ONLINE STORE WWW.CUTZILLA.EU valid from February 1, 2026

GENERAL PROVISIONS

  1. This Privacy Policy sets out the rules for the processing of personal data of Users and the use of cookies and other tracking technologies on the website www.cutzilla.eu.
  2. The protection of Users' personal data is one of the priorities for the Controller. The company uses modern technical and organizational measures to ensure that data processing is lawful, secure, transparent, and limited to the necessary scope.
  3. Using the Store requires providing personal data necessary for order processing, providing services by electronic means, and fulfilling the Controller's legal obligations.
  4. A User is any person who uses the Store, in particular, makes purchases, browses the offer, or registers an account.
  5. This document has been prepared in accordance with:
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council;
  • The Act on Providing Services by Electronic Means;
  • The Consumer Rights Act;
  • The Telecommunications Law.

PERSONAL DATA CONTROLLER

The Controller of personal data is:

SQUADRIVE spółka z ograniczoną odpowiedzialnością

ul. Baletowa 30C

02-867 Warszawa

KRS: 0000588996

NIP: 8792681148

e-mail: info@cutzilla.eu

tel.: +48 796 550 000

(hereinafter referred to as: the "Controller", the "Seller")

PURPOSES AND SCOPE OF DATA PROCESSING

The Controller processes personal data for the following purposes:

  1. Execution of the sales agreement – including placing an order, confirming its receipt, preparing the Goods, delivery, and payment processing.
  2. Creating and maintaining a User account – enabling logging in, editing data, and tracking the order.
  3. Contact with the User – handling messages, inquiries, complaints, and withdrawal from the agreement.
  4. Fulfillment of legal obligations – such as storing accounting documentation, handling claims, and tax obligations.
  5. Direct marketing of the Controller's services – provided the User consents.
  6. Securing claims – based on the legitimate interest of the Controller.

Data may be transferred to entities handling payments:

  • Shopify Payments – as a provider of payments and e-commerce system;
  • PayPal (Europe) S.à r.l. et Cie, S.C.A. – regarding electronic payments.

The Controller stipulates that failure to provide data prevents the fulfillment of the order.

TYPES OF PROCESSED DATA

Depending on the purpose of processing, the Controller collects the following data:

Purpose

Scope of data

Account registration

First name, surname, e-mail address, password

Purchase of Goods

First name, surname, delivery address, e-mail, telephone

Invoice

NIP [Tax ID], PESEL, company name

Return or complaint

Bank account number, transaction data

Marketing

E-mail or telephone number (upon consent)

The Controller does not process sensitive data.

LEGAL BASES FOR PROCESSING

Data processing takes place based on:

  • Art. 6(1)(b) of the GDPR – performance of a contract;
  • Art. 6(1)(c) of the GDPR – legal obligation;
  • Art. 6(1)(f) of the GDPR – legitimate interest of the Controller;
  • Art. 6(1)(a) of the GDPR – voluntary consent of the User.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

USER RIGHTS

The User has the right to:

  • access their data,
  • rectify them,
  • restrict processing,
  • delete data ("right to be forgotten"),
  • object to processing,
  • data portability,
  • lodge a complaint with the President of the Personal Data Protection Office (UODO).

The Controller responds to the User's request within 1 month.

DATA RETENTION PERIOD

  1. Data are stored for as long as necessary to perform the agreement.
  2. Data resulting from tax regulations – min. 5 years.
  3. User account data – until its deletion.
  4. Marketing data – until consent is withdrawn.

ENTRUSTING AND SHARING DATA

The Controller may entrust data exclusively to entities:

  • carrying out delivery,
  • handling payments (Shopify Payments, PayPal, Cash on Delivery),
  • providing accounting, hosting, and IT services.

Data are not transferred outside the EU, except for tools that have a GDPR compliance certificate / TIA (e.g., Shopify servers).

The Controller does not sell personal data.

COOKIES AND MONITORING

The website uses cookies for the purposes of:

  • User login,
  • content personalization,
  • Google Analytics statistics,
  • remarketing activities (Meta Pixel),
  • traffic analysis,
  • ad matching.

The User can control cookies from the browser level.

Lack of consent to cookies may limit the use of the Store.

FINAL PROVISIONS

  1. The Privacy Policy is for information purposes and does not constitute an agreement.
  2. The Controller reserves the possibility of introducing changes in accordance with applicable law.
  3. The Controller informs about changes to the Policy by publishing the consolidated text on the website.