Privacy Policy

Privacy and data protection information for Onyx customers in the European Union.

CONTENTS

  1. General Information
  2. Data Controller
  3. Types of Data We Collect
  4. Purposes of Processing
  5. Legal Bases Under GDPR
  6. Analytics & Marketing Tools
  7. Newsletter Subscription
  8. Cookies & Tracking Technologies
  9. Payment Processing
  10. Your Rights Under GDPR
  11. Data Storage & Security
  12. International Data Transfers
  13. Changes to This Policy
  14. Contact Information

1. GENERAL INFORMATION

This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our website or make a purchase. It applies to users located in the European Union and is based on the General Data Protection Regulation (GDPR).

We are committed to safeguarding your privacy and ensuring that your personal data is protected.

Providing your personal data is generally voluntary. However, in some cases it is necessary for us to provide services, for example to process your order, create an account or send you a newsletter. If you do not provide the data required for a particular service, we may not be able to complete your order or provide that service.

2. DATA CONTROLLER

The controller responsible for your personal data is:

ONYX INTERNATIONAL sp. z o.o.
ul. Polna 125
87-100 Toruń
Poland

EU VAT ID: PL8792547898
DE VAT ID: DE325459343
Email: contact@onyxtan.eu
Phone: +48 603 082 100

3. TYPES OF DATA WE COLLECT

We may collect the following categories of data:

A) Information you provide

  • Name and surname
  • Billing and delivery address
  • Email address
  • Phone number (optional)
  • Order details
  • Messages sent via our contact form

B) Automatically collected data

  • IP address and device information
  • Browser type and operating system
  • Pages viewed and time spent on the site
  • Shopping cart actions

C) Data collected via cookies and pixels

  • Analytics data (Google Analytics 4)
  • Marketing campaign data (Meta Pixel, Google Ads)
  • Conversion tracking (Shopify, GTM)
  • Review automation (Judge.me)
  • Upsell/checkout optimisation (Selleasy)

4. PURPOSES OF PROCESSING

We use your data for the following purposes:

  • processing orders and payments,
  • creating and managing customer accounts,
  • handling returns, complaints and service requests,
  • sending order confirmations and important service communication,
  • analytics and website optimisation,
  • displaying personalised content and offers,
  • newsletter delivery (if subscribed).

We may share your data with the following categories of recipients, only where necessary and based on appropriate data protection safeguards:

  • IT and hosting providers (including Shopify, which hosts our online store),
  • payment service providers and payment processors,
  • courier and logistics companies responsible for delivering your orders,
  • marketing, analytics and advertising partners (such as Google and Meta),
  • professional advisers (such as accountants and legal advisers) where required,
  • customer support and review providers (e.g. Judge.me, email tools).

We process your data based on:

  • Art. 6(1)(b) GDPR – contract performance (orders, payments),
  • Art. 6(1)(c) GDPR – legal obligations (tax, accounting),
  • Art. 6(1)(a) GDPR – consent (newsletter, cookies),
  • Art. 6(1)(f) GDPR – legitimate interest (analytics, security, fraud prevention).

6. ANALYTICS & MARKETING TOOLS

We use analytics and marketing tools to improve our services and measure website performance. These tools may place cookies or track anonymised events.

A) Google Analytics 4 (GA4)

GA4 analyses website usage, helping us improve performance and user experience. Data may be transferred to Google servers outside the EU.

B) Google Tag Manager

Used to manage analytics and marketing scripts in a centralised way.

C) Google Ads / YouTube

Used to measure advertising effectiveness and conversions.

D) Meta Pixel (Facebook & Instagram)

Used to analyse ad effectiveness and display personalised ads.

E) Judge.me Reviews

Sends automated review requests to users who made a purchase. Uses name, email and order details provided at checkout.

F) Selleasy

Provides upsell and bundle features. Processes cart-related data to improve the shopping experience.

G) Profiling & automated decision-making

Some of the tools listed above may be used to create customer groups or audiences for analytics and advertising (profiling). This helps us show more relevant offers and measure campaign performance. We do not use automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.

7. NEWSLETTER SUBSCRIPTION

If you subscribe to our newsletter, we collect your name (optional) and email address. Newsletters are sent using Shopify Email.

You can unsubscribe at any time by clicking the link at the bottom of the newsletter or by contacting us.

8. COOKIES & TRACKING TECHNOLOGIES

We use cookies to operate our store and improve user experience.

A) Necessary cookies

Required for checkout, security and website performance.

B) Analytics cookies

Used by Google Analytics and Shopify to measure site traffic.

C) Marketing cookies

Used by Meta Pixel and Google Ads for personalised advertising.

Cookie Banner & Consent

We use Shopify’s built-in cookie consent tool (Customer Privacy API), which blocks non-essential cookies until you provide consent.

9. PAYMENT PROCESSING

Payments are processed by external providers such as:

  • Shopify Payments,
  • PayPal,
  • Klarna (where available),
  • Przelewy24 / local banking providers.

These providers act as independent data controllers for payment processing. We do not store your full payment card details. We may receive limited information from these providers, such as payment status or confirmation, in order to process your order and handle returns or complaints.

10. YOUR RIGHTS UNDER GDPR

You have the right to:

  • access your data,
  • correct inaccurate data,
  • request deletion (“right to be forgotten”),
  • restrict processing,
  • object to processing (including direct marketing),
  • data portability.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on our legitimate interest (Art. 6(1)(f) GDPR), including profiling. Where you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

You also have the right to lodge a complaint with your local data protection authority in the EU. A list of data protection authorities and their contact details is available on the website of the European Data Protection Board (EDPB): https://edpb.europa.eu/about-edpb/about-edpb/members_en.

11. DATA STORAGE & SECURITY

We store your data only as long as necessary for the purposes described above or as required by law. In particular:

  • order and transaction data are stored for the period required by tax and accounting regulations (typically up to 5–6 years),
  • data related to your customer account are stored while your account remains active,
  • marketing data (e.g. newsletter subscriptions) are stored until you withdraw your consent or object to processing for marketing purposes,
  • data from contact forms and customer service communications are stored for the time needed to handle your enquiry and for a limited period afterwards where necessary for evidence or follow-up.

Shopify provides secure cloud hosting with industry-standard encryption, access control and backup mechanisms. Access to personal data is limited to authorised staff and service providers who need it to perform their duties.

12. INTERNATIONAL DATA TRANSFERS

Some of our service providers (e.g., Google, Meta, Shopify and certain email or analytics tools) may process data outside the EU/EEA. In such cases, transfers take place on the basis of the EU Standard Contractual Clauses (SCC) or other appropriate safeguards accepted under the GDPR. Where required by law, you may request further information or a copy of the safeguards used for data transfers by contacting us.

13. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. The latest version will always be available on this page.

14. CONTACT INFORMATION

If you have questions about this Privacy Policy or your data, please contact us:

Email: contact@onyxtan.eu
Phone: +48 603 082 100

We have not appointed a Data Protection Officer. For all privacy-related enquiries, please contact us using the details above.

Last updated: 27 November 2025