Privacy policy
Privacy Policy of CardHorizon.com Online Store
Effective as of November 6, 2025
Important Notice: This document is a translation of the original Privacy Policy in Polish. In the event of any discrepancies or legal disputes, the Polish version shall prevail.
This Privacy Policy explains what information we collect when you use the services offered by the CardHorizon.com online store. It details how we collect your data, the purposes and methods of its use, where it is stored, and how we protect it. We also inform you about your rights under applicable law.
If you have any questions that are not answered here or if you have any doubts, we encourage you to contact us at [email protected] or at our mailing address: CARD HORIZON SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ Pruszkowska 17, 02-119 Warsaw, Poland
The purpose of this Privacy Policy is to fulfill the information obligation specified in Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as "GDPR").
1. Data Controllers
Card Horizon Sp. z o.o., a limited liability company based in Warsaw, Poland (hereinafter referred to as the "Store"), manages the online store and provides all Electronic Services offered through the Store.
The controller of your personal data processed for the purposes related to the provision of electronic services offered by CardHorizon.com (e.g., Contact Form, Newsletter) and data processed in the legitimate interests of the controller (e.g., for marketing the services or products offered by the company) is:
CARD HORIZON SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ Registered Office: Pruszkowska 17, 02-119 Warsaw, Poland National Court Register (KRS): 0001175729 Tax Identification Number (NIP): 7011262782 Statistical Number (REGON): 541888854
2. DATA PROCESSING
A) Creating a User Account To create a user account on CardHorizon.com, you must provide: (a) an email address and (b) a password (which is encrypted, so we do not have access to it). Without this information, we will not be able to provide you with the User Account Electronic Service. This information is protected by your password on cardhorizon.com. You are responsible for its security—do not share it with others.
B) Data Collected While Using Our Services When you use CardHorizon.com, we may collect the following data related to your use of our services, including the online store:
(a) Technical data about your devices, including:
-
Internet/network connection details (including your IP address),
-
Mobile device identifier,
-
Operating system, browser type, or other software used,
-
Hardware information,
-
Other technical details provided by your browser, depending on your settings. Note: These technical details do not contain personal data.
(b) Usage details, such as:
-
When and how you use CardHorizon.com (e.g., which products you view),
-
Traffic data,
-
Location data,
-
Purchase history and selected links,
-
Your preferences, choices, preferred language,
-
Communications via chat.
(c) Support-related information needed to assist you with inquiries or reports submitted through the Store or customer service, including the content of our communications.
(d) Additional information you provide while using our services.
C) Payment Data Processing Payment data processing depends on the payment method/platform/operator. The Store only processes limited, encrypted/anonymized payment data. After completing a transaction, we receive a notification from the payment operator confirming that you have received the purchased goods. We do not access actual payment details.
D) Profiling Based on your activity in our online store, we may use profiling—an automated analysis of certain user characteristics. Profiling uses data such as:
-
Browsing history,
-
Interaction history,
-
Purchase history,
-
User location data.
We use profiling to better tailor our promotional and communication content to users' current needs and expectations. Profiling does not significantly affect decisions, has no legal consequences, and does not otherwise substantially impact users.
E) Purpose of Profiling Profiling helps us create, present, and execute offers tailored to specific users, potentially influencing their purchasing decisions (e.g., personalized, time-limited offers based on extensive browsing history). You always retain the right to human intervention from the Administrator, the right to express your viewpoint, and the right to challenge decisions made through profiling.
F) Contact for Marketing and Support We may use your personal data to contact you by phone, email, or other electronic means for marketing and support purposes.
G) Order Processing When placing an order, we may process personal data provided by you, such as:
-
First name and last name,
-
Login and password,
-
Email address,
-
Phone number,
-
Tax ID (NIP), REGON (for businesses),
-
Company name,
-
Address (street, city, country).
H) Voluntary Data Provision You are not obligated to provide us with data. However, refusal to do so may result in:
-
Inability to process your order,
-
Inability to use the User Account service,
-
Inability to receive the Newsletter,
-
Inability to issue an invoice,
-
Random or generic presentation of offers on CardHorizon.com.
4. Purposes of Processing and Legal Basis]
A) Facilitating and Fulfilling Contracts
Purpose: Enabling the conclusion and fulfillment of contracts with customers, such as processing orders (e.g., for foreign exchange gold, platinum, diamonds, or other products), including payment settlement, order completion, shipment, and communication regarding orders. Legal Basis: Necessity for the performance of a contract (Article 6(1)(b) GDPR). Retention Period: For the time necessary to fulfill the placed order.
B) Fulfilling Legal Obligations Arising from Tax and Accounting Regulations
Purpose: Issuing and archiving invoices for the sale of goods, in accordance with applicable regulations. Legal Basis: Legal obligation (Article 6(1)(c) GDPR in conjunction with Article 74 of the Polish Accounting Act and other tax-related provisions). Retention Period: 5 years from the end of the calendar year in which the event giving rise to the obligation occurred.
C) Fulfilling Legal Obligations Related to Anti-Money Laundering and Counter-Terrorist Financing
Purpose: Compliance with the Polish Anti-Money Laundering and Terrorist Financing Act and other relevant legal acts. Legal Basis: Legal obligation (Article 6(1)(c) GDPR in conjunction with Article 33(1) of the Polish Anti-Money Laundering and Terrorist Financing Act). Retention Period: 5 years from the end of the business relationship with the client or from the date of the occasional transaction.
D) Handling Returns or Withdrawals from Contracts
Purpose: Processing procedures related to returns or consumer withdrawals from contracts. Legal Basis: Legal obligation (Article 6(1)(c) GDPR in conjunction with Articles 27 et seq. of the Polish Consumer Rights Act). Retention Period: For the time necessary to complete the return or withdrawal process.
E) Providing Access to the CardHorizon.com Online Store
Purpose: Enabling users to access the functionalities of the online store. Legal Basis: Necessity for the performance of a contract (Article 6(1)(b) GDPR). Retention Period: For the duration of using the store's services.
F) Providing, Maintaining, and Servicing User Accounts
Purpose: Enabling users to use their accounts in the online store. Legal Basis: Necessity for the performance of a contract (Article 6(1)(b) GDPR), and for non-essential data, user consent (Article 6(1)(a) GDPR). Retention Period: For the duration of service usage or until consent is withdrawn.
G) Conducting Analyses and Statistics on User Activity
Purpose: Ensuring the highest quality of service by analyzing user activity and purchasing preferences. Legal Basis: Legitimate interest of the administrator (Article 6(1)(f) GDPR). Retention Period: Until an objection is raised.
H) Analyzing User Activity and Store Functioning
Purpose: Detecting undesirable activities and potential security threats. Legal Basis: Legitimate interest of the administrator (Article 6(1)(f) GDPR). Retention Period: Until an objection is raised.
I) Marketing (Without Profiling)
Purpose: Sending newsletters, satisfaction surveys, and conducting telemarketing campaigns via phone calls. Legal Basis: Legitimate interest of the administrator (Article 6(1)(f) GDPR). Retention Period: Until an objection is raised.
J) Marketing (With Profiling)
Purpose: Sending newsletters and conducting telemarketing campaigns based on data analysis and profiling for marketing purposes. Legal Basis: User consent (Article 6(1)(a) GDPR). Retention Period: Until consent is withdrawn.
K) Handling Inquiries and Submissions Directed to the Store
Purpose: Engaging in communication and providing responses to questions or submissions. Legal Basis: Steps taken prior to entering into a contract (Article 6(1)(b) GDPR) or legitimate interest of the administrator (Article 6(1)(f) GDPR). Retention Period: Until communication related to the inquiry or submission is completed.
L) Handling Submissions (e.g., Complaints) and Establishing, Pursuing, and Defending Claims
Purpose: Receiving, reviewing, and responding to user submissions, including establishing, pursuing, and defending claims. Legal Basis: User consent (Article 6(1)(a) GDPR) and legitimate interest of the administrator (Article 6(1)(f) GDPR). Retention Period: Until the statute of limitations for potential claims expires, but no longer than 6 years from the end of the calendar year in which the event giving rise to the claims occurred.
M) Handling Requests from Authorized Bodies
Purpose: Fulfilling requests from courts, prosecutors' offices, law enforcement agencies, or other authorized institutions. Legal Basis: Legal obligation (Article 6(1)(c) GDPR in conjunction with provisions authorizing the relevant body to submit a request). Retention Period: For the time necessary to fulfill the request.
N) Handling Requests Related to the Exercise of Data Subject Rights
Purpose: Fulfilling rights arising from GDPR (e.g., right of access, rectification, erasure). Legal Basis: Legal obligation (Article 6(1)(c) GDPR in conjunction with Articles 15-22 GDPR). Retention Period: 5 years from the fulfillment of the request or providing a response.
5. COOKIES
A) Our Store may collect data using cookies or similar technologies.
B) Cookies are small text files stored on your device (e.g., computer or phone). They are commonly used to improve the functionality and performance of websites and online services. Cookies enable websites and services to read and write files, allowing them to recognize your device and remember important information, making your use of our services more convenient (e.g., remembering your settings or the contents of your cart).
C) Within our web and mobile services, we use technologies that enable us to collect information and enhance the user experience in our online store. These technologies, including cookies, are collectively referred to as "cookies."
D) If you have any additional questions or concerns, feel free to contact us at [email protected].
Types of Cookies Used by CardHorizon.com
E) During the provision of our services, CardHorizon.com may use the following types of cookies:
a) Essential Cookies
These cookies are necessary for the proper functioning of our services. They allow you to navigate and use the features of our services. Without these cookies, certain functionalities—such as accessing secure areas of the website—cannot be provided. We also use cookies to prevent unauthorized use of login credentials. These cookies are essential for using our services, but you can disable them. However, please note that disabling them may significantly and negatively affect how we can provide our services to you.
b) Preference Cookies
In some situations, we use functional cookies that allow us to remember the choices you make while using our services and provide you with improved, more personalized features, such as customizing the website. These cookies also help us remember whether we have already asked you about participating in our promotions. All these features help us improve your experience with our store. You can choose whether to disable or reject these cookies.
c) Statistics Cookies
These cookies aim to improve performance and often include analytics cookies. They collect information about how you use CardHorizon.com services and help us enhance their functionality. For example, these cookies show which parts of our online store are most frequently visited, general trends in user navigation, help detect potential issues users may encounter while using our services, and show us the effectiveness of our advertisements. We also use these cookies to help you navigate our website and return to previously visited pages. You can choose whether to disable or reject these cookies.
d) Marketing Cookies
These are targeting and advertising cookies used to deliver ads that are more relevant to your interests. Our service providers may also use these cookies. For example, we may use them to limit the number of times you see the same ad within our services and to measure the effectiveness of our advertising campaigns. You can choose whether to disable or reject these cookies.
e) Unclassified Cookies
These are cookies that we have not yet categorized.
F) In certain circumstances, we may collaborate with third parties to provide our services. External advertisers and other organizations may use their own cookies to collect information about your use of our services and/or the ads you click on. This information may be used by them to deliver ads that may interest you based on the content you have previously viewed or to measure the effectiveness of such ads. You can choose whether to disable or reject these cookies.
G)
At any time, you can completely disable cookies by selecting the appropriate settings in your browser on your computer or mobile device, which allow you to block the acceptance of cookies or similar technologies. The choice is yours. For more information on how to configure your browser to use cookies in the way you prefer, visit your browser provider's help page. Please note that if you disable cookies, some features of our services may not function as intended.
6. DATA STORAGE
A) All information you provide is stored on secure servers or those of our trusted partners.
B) We implement technical and organizational security measures appropriate to the risks to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
C) We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. In some special cases, a longer retention period may be required by legal obligations, such as tax, accounting, or other legal requirements.
D) If your data is no longer necessary for providing CardHorizon.com services or for other reasons specified in this Policy, we will promptly delete or anonymize it.
E) The Terms and Conditions of the CardHorizon.com online store may separately describe the rules for processing your data. In such cases, these detailed terms may take precedence over or supplement this Policy.
7. SHARING INFORMATION
A) Any communication made through CardHorizon.com services may involve you disclosing your username or other personal information. Please carefully consider to whom you share your information and avoid sharing your contact or private details.
B) As a general rule, we do not share your data externally. The exception is our Trusted Partners, who help us deliver CardHorizon.com services and functionalities. We assure you that we only share the minimum necessary information with these partners to assist us. These entities may have potential or actual access to limited information about you, and they process it on our behalf (formally known as "Data Processors"):
-
External service providers who offer us internal communication tools and data-sharing platforms;
-
External service providers who provide us with data analysis tools;
-
External service providers who offer email marketing tools and help us manage our email communication;
-
External service providers who provide tools for tracking and reporting system errors;
-
External customer support system providers who help us manage the inquiries you send us;
-
Our professional advisors who assist us in legal, tax, accounting, or audit matters;
-
Social media platforms to offer you personalized and targeted communication;
-
External service providers who help us deliver the products you have purchased.
C) To provide the services of the CardHorizon.com online store, we use the Shopify platform, which is an external service provider. Shopify processes users' personal data on behalf of Card Horizon Sp. z o.o. Shopify is responsible for processing data in accordance with our guidelines and GDPR regulations. All data processed by Shopify is secured and protected in compliance with applicable data protection laws. Shopify does not have the right to use users' personal data for its own marketing purposes or any other purposes inconsistent with this privacy policy. More information about data processing by Shopify can be found in Shopify's terms of service, available at: Shopify Terms of Service.
D) During the payment process, we may also share information about you with other trusted partners who process it independently as so-called data controllers:
-
Payment processors for payment execution purposes;
-
Banks and financial institutions to obtain payments;
-
External service providers for payment fraud verification.
E) When required by law, we may also share your data with the police or other authorities (this may include your IP address and details of suspicious activity, such as unauthorized use of a payment method or indicators of payment fraud risk).
F) As a general rule, we do not process, store, or transfer your personal data outside the European Economic Area (EEA). However, in exceptional cases, your data may be processed, stored, or transferred outside the EEA and Switzerland to countries such as the United States or Canada. Privacy protection regulations in these countries may not offer the same level of protection as in your country or the EEA.
G) If we do share your data outside this area, we will ensure an adequate level of protection for your data and rely on legally recognized bases for data sharing, such as the EU Standard Contractual Clauses.
8. OTHER INFORMATION
We remind you that we are subject to various legal regulations and may be obligated to comply with the requirements of authorized government bodies or other legal provisions.
9. USER RIGHTS
A) You have the right to object at any time to the processing of your personal data in certain situations, such as for marketing purposes. You can do this by contacting us here, changing your account settings, or clicking the subscribe/unsubscribe option in messages received from the Store.
B) Depending on your place of residence, you may have additional privacy rights. For example, under European Union law, you have the following rights:
-
Access to your data;
-
Request the deletion of your data;
-
Correct your data;
-
Restrict the processing of your data;
-
Transfer your data to another entity;
-
File a complaint with a data protection authority.
You can exercise these rights by contacting us at [email protected]. For verification purposes, we may ask you to provide additional information to confirm your identity.
10. DETAILED INFORMATION ON THE RIGHT TO DATA DELETION
A) For the sake of transparency, we explain the procedure for requesting data deletion in detail:
You have the right to request the immediate deletion of your personal data, and we are obligated to delete it if one of the following circumstances applies:
-
The personal data is no longer necessary for the purposes for which it was collected;
-
You have withdrawn your consent on which the processing is based;
-
You object to the processing;
-
The personal data was processed unlawfully.
To request data deletion, please contact us at [email protected].
B) Data processed in connection with external platforms (e.g., social media): For data collected through analytical and advertising tools integrated with our website (e.g., Meta Pixel, Google tracking codes, YouTube plugins), you can also manage your data and preferences directly in the privacy settings of these external platforms (e.g., Facebook, Google, YouTube). However, to request the deletion of data that has been transferred to us by these services and is processed by us as an independent controller, please use the procedure described above (contact us at [email protected]).
C) Please note that these rights may be limited by other legal provisions. For example, the right to data deletion ("right to be forgotten") may be restricted to the extent that processing your data is necessary to fulfill a legal obligation requiring processing under European Union law or the law of a member state to which we are subject. An example of such a law is Article 74(2)(1) of the Polish Accounting Act of September 29, 1994 (Journal of Laws of 2018, item 395), which obligates us to retain accounting records for 5 years, starting from the beginning of the year following the fiscal year to which the accounting records pertain.
D) If you have concerns about your privacy, please contact us. If you believe we have not assisted you in accordance with your request, you may report a violation to your local data protection authority or to the President of the Personal Data Protection Office (PUODO) in Poland.
11. CHANGES TO THIS PRIVACY POLICY
A) This Privacy Policy may be subject to changes if necessary due to changes in legal regulations or changes in the services of the CardHorizon.com online store. Any changes to this Policy will be made in a way that does not restrict your rights. In the event of such a change, we will make the updated Policy available online and notify you about it.
B) Changes to the Privacy Policy take effect 14 days after the new version is published online. During this period, if you have any questions regarding the changes, we invite you to contact us.
C) If you do not agree to these changes (regardless of whether you notify us via email), we will unfortunately have to ask you to discontinue using the CardHorizon.com services. We regret this, but we hope you understand the need for us to apply uniform rules for all users, which is necessary for the proper functioning of the Store's services. Therefore, if you have any questions, we encourage you to contact us.
12. FINAL INFORMATION
A) The data controller of personal data, in accordance with GDPR and other national data protection regulations of EU member states, as well as other data protection regulations, is:
B) For any questions regarding the processing of personal data, you can contact us at the following addresses:
Contact Details Email Address: [email protected]
Postal Address: CARD HORIZON SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ Pruszkowska 17, 02-119 Warsaw, Poland
C) Contact details for the Data Protection Officer: Michał Matusiewicz Pruszkowska 17, 02-119 Warsaw, Poland [email protected]
13. RIGHTS OF THE DATA SUBJECTS
A) According to Article 15(1) GDPR, upon request, users have the right to obtain information about their personal data processed by CARD HORIZON SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ free of charge.
B) Additionally, if legal requirements are met, users have the right to:
-
Rectification of their data (Article 16 GDPR),
-
Erasure of their data (Article 17 GDPR),
-
Restriction of processing of their data (Article 18 GDPR).
C) If data processing is based on Article 6(1)(e) or (f) GDPR, users have the right to object according to Article 21 GDPR. If a user objects to data processing, such processing will not take place in the future unless the data controller demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject.
D) If users have provided the processed data themselves, they also have the right to data portability according to Article 20 GDPR.
E) If data processing is based on consent (i.e., Article 6(1)(a) GDPR or Article 9(2)(a) GDPR), users may withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
F) In the above-mentioned cases and for any questions or complaints regarding the processing of personal data, please contact our Data Protection Officer in writing or by email.
Users also have the right to lodge a complaint with the supervisory authority responsible for data protection. In Poland, the competent supervisory authority is the President of the Personal Data Protection Office (address: Stawki 2, 00-193 Warsaw, phone: +48 22 531-03-00, email: [email protected]).