Privacy Policy

1. This Privacy Policy sets out the principles for the processing of personal data obtained via the website nuvio.group (hereinafter: the “Website”).
2. The controller of personal data is TRIKPAY SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Wrocław (52-326), ul. Eugeniusza Kwiatkowskiego 4/3, entered into the Register of Entrepreneurs of the National Court Register under number 0000878223, NIP: 8943162789, REGON: 387922478 (hereinafter: the “Administrator”).
3. Personal data are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).
4. The Website is of an informational and contact nature (contact form). The Website is not an online store and does not enable placing orders or making payments.
5. The Website may contain links to separate services (e.g. NUVIO Loyalty). With regard to such services, their own terms and conditions and privacy policies shall apply.

§ 1 Types of Data, Purposes and Legal Bases for Processing

1. The Administrator may process the data of Website Users (including persons representing business entities) in the following situations:
   1. Contact via the contact form – for the purpose of handling the inquiry and conducting correspondence. Legal basis: Article 6(1)(f) GDPR (the legitimate interest of the Administrator consisting in communication and handling inquiries) or Article 6(1)(b) GDPR, if the contact concerns actions aimed at concluding an agreement.
   2. Contact by e-mail/telephone – for the purpose of responding to an inquiry, providing information, or continuing correspondence. Legal basis: Article 6(1)(f) GDPR or Article 6(1)(b) GDPR (where it concerns pre-contractual actions).
   3. Analytics and statistics – for the purpose of measuring traffic on the Website, improving its operation, security, and content optimization. Legal basis: Article 6(1)(f) GDPR (legitimate interest).
   4. Security and pursuit of claims – for the purpose of ensuring the security of the Website, detecting abuse, and establishing, pursuing, or defending claims. Legal basis: Article 6(1)(f) GDPR.
2. When using the contact form, the User may provide in particular:
   1. e-mail address;
   2. first and last name (if the field is available/completed);
   3. telephone number (if the field is available/completed);
   4. company name and/or NIP/EU VAT ID (if the field is available/completed);
   5. message content.
3. When using the Website, technical and operational data may be collected, such as: IP address, device identifiers, browser type, operating system, approximate location (at city/region level), date and time of access, source of visit, visited subpages, time spent on the Website, on-site events – to the extent depending on the tools used and cookie settings.
4. Providing data is voluntary; however, failure to provide data marked as necessary may prevent handling of the inquiry (e.g. lack of an e-mail address prevents a response).

§ 2 Data Recipients and Retention Period

1. Data may be transferred to service providers used by the Administrator in operating the Website – in particular:
   1. hosting and IT infrastructure providers;
   2. providers of analytical and marketing tools (if used);
   3. e-mail and communication system providers;
   4. entities providing legal/accounting services – where necessary.
2. Data may be disclosed to authorized public authorities if required by law.
3. Retention period:
   1. correspondence data – for the time necessary to handle the matter, and thereafter until the expiry of the limitation period for claims (as a rule 3 or 6 years – depending on the nature of the relationship);
   2. technical/analytical data – for the period resulting from the settings of the tools and cookies (or until an objection is raised, where justified and possible to consider);
   3. data processed for security purposes – for the period necessary to ensure security and detect abuse.

§ 3 Cookies Mechanism, External Tools, IP Address

1. The Website uses small text files known as cookies. They are stored on the end device of a person visiting the Website if the web browser allows it. A cookie file usually contains the name of the domain from which it originates, its expiry time, and an individual, randomly selected number identifying the file.
2. The Administrator uses two types of cookies:
   1. Session cookies – stored information is deleted after the browser session ends or the device is turned off.
   2. Persistent cookies – stored in the end device memory until deleted or expired.
3. The Administrator uses its own cookies for the purpose of:
   1. ensuring proper functioning and security of the Website;
   2. analyses, research, and audience audits, in particular to create anonymous statistics that help understand how Users use the Website, enabling improvement of its structure and content.
4. The Administrator may use external cookies for the purpose of:
   1. promoting the Website via social networking services (e.g. facebook.com – cookie administrator: Meta Platforms Ireland Limited);
   2. collecting general and anonymous statistical data via analytical tools (e.g. Google Analytics – cookie administrator: Google LLC);
   3. presenting external content or certificates/services (if present on the Website).
5. The cookies mechanism is safe for Users’ devices. Users may limit or disable access of cookies in their browsers. If this option is used, the use of the Website will be possible, except for functions that by their nature require cookies.

6. Below is information on how to change cookie settings in popular web browsers:

   • Chrome and Chrome Mobile browser
   • Facebook in-app Browser
   • Internet Explorer browser
   • Microsoft EDGE browser
   • Mozilla Firefox browser
   • Opera browser
   • Safari and Safari Mobile browser
   • Samsung Browser
7. The Administrator may collect Users’ IP addresses. An IP address is a number assigned to the device of a person visiting the Website by the Internet service provider. The IP address may be used for diagnosing technical problems, creating statistical analyses, administering the Website, and for security purposes.
8. The Website may contain links and references to other websites. The Administrator shall not be responsible for the privacy protection principles applicable on those websites.

§ 4 Rights of Data Subjects

1. A data subject has the rights arising from the GDPR, in particular: the right of access to data, rectification, erasure, restriction of processing, data portability (where applicable), as well as the right to object to processing based on Article 6(1)(f) GDPR.
2. Where processing is based on consent (if applicable), such consent may be withdrawn at any time, without affecting the lawfulness of processing carried out prior to its withdrawal.
3. To exercise these rights, contact the Administrator at:
   1. e-mail: iod@nuvio.group
   2. general e-mail: sales@nuvio.group
4. A complaint may also be lodged with the President of the Personal Data Protection Office (PUODO).

§ 5 Amendments to the Privacy Policy

1. This Privacy Policy may be amended. In the event of changes, the date of the last update indicated below will be updated.
2. Questions related to this Privacy Policy should be directed to: iod@nuvio.group.

Last updated: 11/03/2026