Privacy Policy

The controller of users’ personal data is:

NEOTICA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ

Michałowska 35

05-860 Wolskie

Poland

Tax ID (NIP): 1182269575

REGON: 526391097

EU VAT: PL1182269575

KRS: 0001058075

Contact regarding personal data matters:

support@x4race.com

The controller operates the following websites:

• https://www.x4race.com
• https://support.x4race.com

This Privacy Policy defines the rules for processing personal data of users using the X4RACE websites, in particular in connection with:

• using the website
• creating a user account
• placing orders
• making purchases without creating an account
• subscribing to the newsletter
• publishing product reviews
• using contact forms
• sending files as part of service or technical requests

The controller may process the following personal data of users.

User Account Data

• first name
• last name
• email address
• shipping address
• billing address
• country
• phone number
• password (stored in encrypted form)

A user account may also store:

• order history
• saved addresses
• invoice data

Order-Related Data

• first and last name
• shipping address
• contact details
• billing information
• order history
• payment-related data
• IP address

Newsletter

• email address
• first name

Subscription to the newsletter takes place via a form on the website or via a dedicated checkbox during the ordering process.

The controller applies a double opt-in procedure, which requires confirming the subscription by clicking a link sent to the user’s email address.

Contact Form

• first name
• email address
• message content
• attachments sent by the user

Data from the form is stored in the WordPress system and may also be sent to the Controller’s email address.

Product Reviews

• name or nickname
• review content

Files Sent by Users

As part of handling user requests, users may send files, including in particular:

• photos
• screenshots
• diagnostic files

When using the website, technical data may be collected automatically, including in particular:

• IP address
• browser type
• operating system
• device type
• visit time
• data regarding the way the website is used
• analytical data regarding website traffic
• cookies

Personal data may be processed for the following purposes:

• maintaining a user account
• processing orders and handling sales
• processing payments
• delivering orders
• responding to user inquiries
• handling technical and service requests
• publishing product reviews
• sending newsletters
• conducting statistical analyses and website traffic analytics
• carrying out marketing activities
• remarketing and online advertising
• ensuring website security
• preventing fraud and abuse

Personal data is processed in accordance with Article 6(1) of the GDPR, in particular on the basis of:

Article 6(1)(b) GDPR

– performance of a contract or taking steps prior to entering into a contract

(applies, among others, to order processing and maintaining user accounts)

Article 6(1)(a) GDPR

– user consent

(applies, among others, to the newsletter and certain cookies)

Article 6(1)(c) GDPR

– compliance with a legal obligation of the Controller

(applies to tax and accounting obligations)

Article 6(1)(f) GDPR

– legitimate interests of the Controller

(applies, among others, to analytics, marketing, system security, and fraud prevention)

The Controller may use user data for statistical analysis and for adjusting marketing content.

Profiling may consist in particular of analyzing:

• the way the website is used
• purchase history
• user activity

Profiling does not produce legal effects concerning the user nor similarly significantly affect the user.

Personal data may be shared with entities cooperating with the Controller to the extent necessary to provide services.

Payment Providers

• Stripe
• PayPal
• Klarna
• AutoPay
• payment card operators (Visa, Mastercard)
• BLIK payment system

Courier and Logistics Companies

• DPD
• DHL
• InPost
• UPS
• GLS
• FedEx
• Poczta Polska

Logistics Systems

• BaseLinker

Technical Service Providers

• CyberFolks hosting
• Google (Google Analytics, Google Tag Manager, Google Ads)
• FluentCRM

These entities process data only to the extent necessary to provide services and based on appropriate data processing agreements in accordance with Article 28 of the GDPR.

• Google Analytics
• Google Tag Manager
• Google Ads (remarketing)

These tools allow analysis of how the website is used and enable marketing activities.

Google Analytics uses IP address anonymization mechanisms.

The website uses cookies in order to:

• ensure proper functioning of the website
• analyze website traffic
• remember user preferences
• conduct marketing activities

The website may use the following types of cookies:

necessary cookies

enable proper operation of the website

analytical cookies

allow analysis of website traffic

marketing cookies

allow advertising activities

Consent management for cookies is handled using the Complianz tool.

Users may also change cookie settings in their web browser.

Due to the use of services such as Google Analytics or Google Ads, user data may be transferred outside the European Economic Area.

Such transfers take place in accordance with the GDPR, in particular based on Standard Contractual Clauses (SCCs).

• until the user account is deleted
• for the period required by tax and accounting regulations
• until consent is withdrawn (e.g., newsletter)
• for the period necessary to fulfill the purposes of processing

Users have the right to:

• access their data
• rectify data
• erase data
• restrict processing
• data portability
• object to data processing
• withdraw consent to data processing

Users have the right to lodge a complaint with the supervisory authority:

President of the Personal Data Protection Office (UODO)

if they believe that data processing violates the provisions of the GDPR.

Providing personal data is voluntary; however, in some cases it may be necessary for:

• order processing
• concluding a sales contract
• creating a user account
• responding to an inquiry

Failure to provide required data may make it impossible to provide the above services.

The website is not intended for persons under the age of 16.

The Controller does not knowingly process personal data of children.

The Controller implements appropriate technical and organizational measures to protect personal data against:

• unauthorized access
• data loss
• unauthorized modification
• unauthorized disclosure

The Controller may update this Privacy Policy in the event of:

• changes in legal regulations
• technological changes
• changes in website functionality

The current version of the document is published on the website.