Thank'QENTwój pies Ci podziękuje

Personal data and privacy

Thank'Q Privacy Policy

This website is aimed primarily at trade partners and B2B customers of the Thank'Q brand. Below we explain what data we process, why we process it, the legal basis, and how this works in the current implementation of the website.

The content below is aligned with the current website architecture: contact forms, WordPress API integration, and hosting on Vercel.

Version datedMay 12, 2026
Go to contact pageWrite to us
  • Controller: Hurtowniakarm.pl sp. z o. o.
  • Contact channels: form, e-mail, phone
  • No marketing analytics implemented in the frontend code at the publication date

Controller and contact details

The controller of personal data processed in connection with the use of this website is Hurtowniakarm.pl sp. z o. o., registered at ul. Dębowa 37, 43-340 Kozy, Poland, VAT ID (NIP) 9372759476, REGON 527945451.

For all matters related to personal data you may contact the controller using the e-mail address or phone number published on the website. In this version of the website the controller does not publish separate contact details for a data protection officer.

Controller
Hurtowniakarm.pl sp. z o. o.
VAT ID / REGON
9372759476 / 527945451
Address
Dębowa 37, 43-340 Kozy

What data we collect

The scope of data depends on which website function you use. In the current implementation, the service may process data you provide yourself and basic technical data required to deliver the site and handle requests.

  • data from the cooperation form and contact form: name, company name, role, phone number, e-mail address, message content, and information that the consent box was checked;
  • supporting data sent with cooperation requests: form source and page address from which the request was submitted;
  • data from e-mail correspondence or phone contact if you choose to provide it;
  • technical and security data typically present in hosting or backend logs, such as IP address, request date and time, URL, server response identifiers, and basic browser or device information.

How contact works on this website

This website currently uses two different contact mechanisms, and that matters for how data is processed:

Contact form on the contact page

In the current implementation, the form on the contact page prepares an e-mail in your own mail client through a mailto link. Until you actually send the message in your client, the entered data remains on your side.

Once the message is sent, the data is also processed by your mail provider and by the controller receiving the message in the business mailbox.

Cooperation form and server-side forms

The cooperation form sends data to a Next.js application endpoint and then to the WordPress API backend configured for the website. This means the request is handled server-side and may be stored or further processed in the controller's backend systems.

The form also contains a honeypot field used to limit spam. If that field is filled automatically by a bot, the request may be rejected without further handling.

Purposes and legal bases

We process personal data only where a valid legal basis under Article 6 GDPR exists and only to the extent necessary for a specific purpose connected with the operation of the website or handling an inquiry.

Handling partnership, distribution and trade inquiries

legal basis: Article 6(1)(b) GDPR where you take steps prior to entering into a contract or request an offer, and Article 6(1)(f) GDPR for ongoing business and organisational communication.

Handling e-mail and phone communication

legal basis: Article 6(1)(f) GDPR, i.e. the controller's legitimate interest in responding, conducting correspondence and documenting arrangements; depending on the context, Article 6(1)(b) GDPR may also apply.

Operating and securing the website, troubleshooting and abuse prevention

legal basis: Article 6(1)(f) GDPR, i.e. the controller's legitimate interest in ensuring the security, integrity and stability of the service.

Establishing, pursuing or defending legal claims

legal basis: Article 6(1)(f) GDPR, i.e. the controller's legitimate interest in legal protection and evidence preservation.

Consent where a specific processing operation relies on consent

legal basis: Article 6(1)(a) GDPR. Consent can be withdrawn at any time, without affecting the lawfulness of processing carried out before withdrawal.

Recipients of the data

Data is not disclosed randomly. It may be shared only with recipients that help operate the website, communication or infrastructure, or where disclosure is required by law.

  • hosting, application infrastructure and CDN providers, including Vercel, which is used in the current deployment;
  • backend and CMS providers supporting the WordPress API integration and technical administrators maintaining that infrastructure;
  • e-mail and telecommunications providers where contact takes place by e-mail or phone;
  • entities supporting the controller in IT, security, legal support and claims handling;
  • competent public authorities where disclosure is required by law.

Transfers outside the EEA

Some technical providers used to operate the website may process data outside the European Economic Area. This is particularly relevant for cloud infrastructure and hosting tools.

The current deployment uses Vercel hosting. According to information published by Vercel, international transfers are intended to be protected using mechanisms provided for in Chapter V GDPR, in particular standard contractual clauses and, where applicable, adequacy-based mechanisms.

If any other backend, e-mail or support provider uses infrastructure outside the EEA, the controller should apply the equivalent safeguards required by GDPR.

Retention periods

We do not keep data forever. The retention period depends on the purpose, the nature of the communication and whether the data is still needed to respond, settle matters or protect against legal claims.

Trade inquiries and partnership discussions

for as long as necessary to handle the discussions, prepare an offer, agree cooperation terms, and then for the period needed to establish, pursue or defend claims.

E-mail correspondence and records of arrangements

for as long as necessary to handle the matter and for the period justified by the controller's internal evidentiary, organisational and legal needs.

Technical data and logs

for the period resulting from hosting, backend and security settings, no longer than necessary to ensure website availability, troubleshoot errors and protect against abuse.

Data processed on the basis of consent

until consent is withdrawn or the purpose ceases to exist, subject to the period necessary to prove that consent was collected correctly.

Your rights

You have the right to know what happens to your data. Depending on the legal basis and context, you may exercise the rights granted under GDPR.

  • the right of access and the right to obtain a copy of your data;
  • the right to rectification if the data is inaccurate or outdated;
  • the right to erasure where there is no longer a valid legal basis for processing;
  • the right to restriction of processing in cases provided for by GDPR;
  • the right to data portability where processing is automated and based on consent or a contract;
  • the right to object to processing based on the controller's legitimate interests;
  • the right to withdraw consent at any time where consent is the legal basis;
  • the right to lodge a complaint with the President of the Polish Personal Data Protection Office.

Providing data is generally voluntary, but in practice some fields are necessary to submit a form or receive a response. Without the required data, the controller may not be able to answer your inquiry or continue the business conversation.

Based on the current implementation, this website does not make decisions producing legal effects solely by automated means and does not perform marketing profiling.

Cookies, logs and technical data

As of the publication date of this policy, the frontend code does not include analytics or marketing tools such as Google Analytics, Meta Pixel, Hotjar or Microsoft Clarity.

This means the current version of the site does not rely on optional marketing cookies or advertising profiling in user communication.

  • the website may still use technical connection-level mechanisms related to routing, asset delivery, infrastructure protection and HTTP request handling;
  • technical logs may be created at the hosting, CDN, backend or server level where necessary to maintain availability and security;
  • if analytics, advertising or other optional cookie-based tools are added in the future, this privacy policy and the on-site notices should be updated accordingly.

If you use the mailto-based form, part of the entered data is passed to your local mail client and is also subject to your mail provider's own rules.

Policy updates

This privacy policy may be updated if the website architecture changes, new forms are introduced, providers change, or legal requirements evolve. The current version will always be published on this page together with its update date.

If you need a more detailed explanation about a specific process or contact channel, please contact the controller directly.