Privacy Policy

Privacy Policy for arstor.pl (Aroks Digital Kits)

Last updated: 2026-02-01

1. General information

This Privacy Policy describes the rules for processing personal data and using cookies and similar technologies on arstor.pl, including the digital products store “Aroks Digital Kits”.

We protect data security and apply appropriate technical and organizational measures, including SSL/TLS encryption.

2. Data Controller and contact

The Data Controller is Aroks Group Sp. z o.o., NIP 8133842216, REGON 386668701, ul. Hugo Kołłątaja 3/15, 20-006 Lublin, Polska.

Contact for data protection matters: kontakt@arstor.pl

We have not appointed a Data Protection Officer (DPO). For privacy matters, please contact us via the email address above.

3. Scope and categories of data

We may process, in particular:

  • account data (e.g., name/company name, email, password in hashed form, account settings),
  • order data (e.g., product, date, status, purchase history, invoice details),
  • billing/accounting data (e.g., NIP, address, accounting documents and invoices),
  • communication data (e.g., content of inquiries sent by email, form, messenger, or social media),
  • technical data (e.g., IP address, device/browser identifiers, server and security logs, cookie information),
  • analytics/marketing data (e.g., on-site events, approximate location, traffic source) – only if you give consent in the cookie banner,
  • payment data – payments are handled by external providers; we do not store full card details.

4. Purposes and legal bases

We process data for the following purposes:

  • performance of the contract and delivery of digital products (account, orders, file access, returns/complaints) – Art. 6(1)(b) GDPR (RODO),
  • payments and settlements (transaction processing, confirmations, refunds) – Art. 6(1)(b) GDPR (RODO),
  • legal obligations (accounting, taxes, documentation) – Art. 6(1)(c) GDPR (RODO),
  • contact and support (responding to messages, correspondence) – Art. 6(1)(b) or (f) GDPR (RODO),
  • security and fraud prevention (logs, bot protection, anomaly monitoring) – Art. 6(1)(f) GDPR (RODO),
  • analytics and service improvement (statistics, usability testing, session recordings) – Art. 6(1)(a) GDPR (RODO) (consent in the cookie banner),
  • marketing (remarketing, measuring ads effectiveness) – Art. 6(1)(a) GDPR (RODO) (consent in the cookie banner),
  • newsletter (if you subscribe) – Art. 6(1)(a) GDPR (RODO) (consent); you can withdraw it at any time.

5. Data recipients (processors)

Your data may be shared with entities supporting us in running the website and providing services, in particular:

  • hosting and IT infrastructure providers (website maintenance, backups, email),
  • Cloudflare (CDN, security and abuse protection),
  • Google (GTM, GA4, reCAPTCHA – depending on consents and settings),
  • Meta (Pixel/remarketing – only after consent),
  • Smartlook (qualitative analytics / session recordings – only after consent),
  • newsletter provider (SendPulse – if used),
  • payment providers: Stripe, PayPal, paynow (payment processing),
  • invoicing/accounting system (wFirma – invoicing and settlements),
  • plugin and feature providers (e.g., WPML – multilingual support).

We do not sell your data. We may disclose it to public authorities only when required by law.

6. Transfers outside the EEA

Some vendors (e.g., Google, Meta, Cloudflare) may process data also outside the European Economic Area. In such cases, GDPR-compliant transfer mechanisms are used (e.g., adequacy decisions, Standard Contractual Clauses) and appropriate safeguards are applied by vendors.

7. Data retention

  • account data – until account deletion or as long as necessary to perform the contract and defend claims,
  • order and settlement data – for the period required by accounting/tax law,
  • correspondence – as long as necessary to handle the matter, then until claims limitation periods expire,
  • analytics/marketing data – according to tool settings and your consent (until withdrawal or cookie expiry).

8. Your rights

Under the GDPR (RODO), you have the right to:

  • access your data and obtain a copy,
  • rectify your data,
  • erase data (where applicable),
  • restrict processing,
  • data portability,
  • object to processing based on legitimate interests,
  • withdraw consent at any time (without affecting lawfulness before withdrawal).

You also have the right to lodge a complaint with the supervisory authority: Prezes Urzędu Ochrony Danych Osobowych (UODO) (Poland).

9. Cookies and similar technologies

We use cookies and similar technologies (e.g., pixels, identifiers) to ensure proper operation of the website, security, traffic analysis and marketing – depending on your choices in the cookie banner.

We use the following categories of cookies:

  • necessary – required for operation, login, cart and payments,
  • functional – e.g., language settings (WPML), preferences,
  • analytics – e.g., GA4, Smartlook (only after consent),
  • marketing – e.g., Meta Pixel (only after consent).

You can change or withdraw your consent at any time in the cookie settings (link/settings on the website). You can also manage cookies in your browser settings.

10. Smartlook (session recordings) – additional information

If you consent to analytics cookies, we may use Smartlook for usability analysis (e.g., session recordings, heatmaps) to improve the website. We aim to minimize data scope (masking sensitive fields). You can withdraw consent in cookie settings.

11. Embedded content and communication channels

The website may contain embedded content or links to external services (e.g., YouTube, Facebook/Instagram, Telegram). These entities may apply their own cookies and privacy rules. We encourage you to review their policies.

12. Changes to this Policy

We may update this Privacy Policy, especially when laws or technologies change. The current version is always published on this page together with the update date.