Nebula Privacy Policy

Privacy Policy of Nebula Filaments

As Nebula Filaments, we respect your privacy and understand that by entrusting us with your personal information, you are placing your trust in us. Therefore, we would like to provide you with key information about what happens to your personal data that we process. In this Privacy Policy, we describe how and when we collect your personal data, how we use it, to whom we disclose it, how long we store it, and what rights you have in this regard.

This Privacy Policy describes the principles of processing your personal data in connection with your use of the Nebula Filaments websites, including: https://nebulafilaments.com/en, https://sklep.nebulafilaments.com/en/ or https://b2b.nebulafilaments.com/en/ (collectively referred to as the “Website” or respectively the “Online Store”).

WHO WE ARE AND WHOSE DATA WE PROCESS
1. The controller of personal data of:
  1. all persons visiting and using the Website;
  2. all persons making purchases in the Online Store;
  3. newsletter subscribers;
  4. all persons contacting the Controller via email, phone, or contact form;
    
    is Ryszard Bieda conducting business activity registered in CEIDG, with a permanent place of business at Stare Bystre 356, postal code 34-407 Stare Bystre, Poland, holding NIP: 7352773408, REGON: 123214332.
2. Contact with the Controller is possible via email: kontakt@nebulafilaments.com.
3. The Website collects information about users and their behavior in the following ways:
  1. through data voluntarily entered in forms available on the Website;
  2. through storing cookies on end-user devices.
PURPOSES AND LEGAL BASES FOR PROCESSING
1. Personal data are processed for the following purposes:
  1. for persons visiting and using the Website:
    1. to ensure the proper technical operation of our Website (Article 6(1)(b) GDPR);
    2. to respond to received product or service inquiries (Article 6(1)(f) GDPR);
    3. profiling for statistical analysis of Website usage (Article 6(1)(f) GDPR).
      Providing your personal data is necessary to use our Website and to respond to your inquiry.
  2. for persons making purchases in the Online Store:
    1. conclusion and performance of a sales contract for our products, including order processing and complaint handling (Article 6(1)(b) GDPR);
    2. compliance with legal obligations related to sales recordkeeping under the Accounting Act and Polish tax law (Article 6(1)(c) GDPR);
    3. defense and pursuit of claims related to concluded sales contracts (Article 6(1)(f) GDPR).
  3. for newsletter subscribers:
    1. informing about our services, promotions, and building a positive image of the Controller (Article 6(1)(f) GDPR);
    2. direct marketing of the Controller’s goods and services (Article 6(1)(f) GDPR).
  4. for persons contacting the Controller via email, phone, or contact form:
    1. responding to received inquiries (Article 6(1)(f) GDPR).
      Providing your personal data is necessary to respond to your inquiries.
PERSONAL DATA RETENTION PERIOD
1. We store collected personal data for the following periods:
  1. for persons visiting and using the Website:
    1. for a period of 3 years from the date of visiting our Website;
    2. if you decide to contact us, your personal data provided in the contact form will be deleted immediately after your matter is resolved.
  2. for persons making purchases in the Online Store:
    1. for 5 years from the end of the calendar year in which the last order was placed.
  3. for newsletter subscribers:
    1. data necessary to carry out newsletter subscriptions are stored until you withdraw your consent to receive them.
  4. for persons contacting the Controller via email, phone, or contact form:
    1. data necessary to respond to your inquiries are stored as long as needed to resolve your matter or as long as required by law regarding limitation periods for claims;
    2. additionally, personal data required for defense or pursuit of claims are stored as long as required by law regarding limitation periods for claims.
WHO WE MAY DISCLOSE YOUR PERSONAL DATA TO
1. We may disclose your personal data to:
  1. for persons visiting and using the Website:
    1. providers of IT systems and services we use to operate our Website and analyze statistics;
    2. legal advisors and consultants supporting the Controller, to the extent necessary to use their services;
  2. for persons making purchases in the Online Store:
    1. entities processing payments for ordered products to handle and process payments;
    2. providers of IT systems and services we use to operate our store;
    3. entities providing accounting and bookkeeping services to the Controller;
    4. legal advisors and consultants supporting the Controller, to the extent necessary to use their services.
  3. for newsletter subscribers:
    1. providers of IT systems and services we use to operate our store;
    2. entities providing accounting and bookkeeping services to the Controller;
    3. legal advisors and consultants supporting the Controller, to the extent necessary to use their services.
  4. for persons contacting the Controller via email, phone, or contact form:
    1. email service providers,
    2. postal operators and couriers,
    3. providers of IT systems and services we use for email and our Website,
    4. legal advisors and consultants supporting the Controller, to the extent necessary to use their services.
2. Personal data may be transferred outside the European Economic Area (e.g. to the USA), as the Website uses cookies and social media plugins. The transfer of personal data outside the EEA is based on standard contractual clauses (Article 46(2)(c) GDPR) or on an adequacy decision of the European Commission. Any questions regarding the transfer of data outside the EEA should be directed to kontakt@nebulafilaments.com.
CATEGORIES OF DATA
1. In the case of:
  1. persons visiting and using the Website, we process: IP address, data stored in cookies;
  2. persons making purchases in the Online Store, we process: first name, last name, address (delivery address), email address, phone number, VAT ID (and other company data if an invoice is requested), payment details;
  3. persons contacting the Controller via email, phone, or contact form, we process: first and last name, email address, phone number, or other information you voluntarily provide.
YOUR RIGHTS
1. Every person whose data are processed by the Controller has the right to:
  1. request access to their personal data;
  2. rectification, deletion, or restriction of processing of their personal data;
  3. where personal data are processed automatically for the performance of a contract (Article 6(1)(b) GDPR): the right to data portability;
  4. where personal data are processed to pursue legitimate interests of the Controller (Article 6(1)(f) GDPR): the right to object to the processing of personal data;
  5. the right to lodge a complaint with the supervisory authority, i.e. the President of the Personal Data Protection Office in Warsaw.
AUTOMATED DECISION MAKING
We do not use any information you provide for automated decision-making.
COOKIES
Our Website uses cookie technology (“cookies”).

Cookies are small packets of information stored on end-user devices, usually containing the Website address, placement date, expiry date, unique number, and additional data according to their purpose.

The cookies we use can be categorized as follows:

- “necessary” cookies, essential for using services available through the Website. Necessary cookies are automatically stored on the user’s device;
- “statistical” cookies, enabling customization of the Website to user preferences and creating statistical analyses of Website usage. Statistical cookies are stored on the device only after consent is given;
- “marketing” cookies, enabling the delivery of content tailored to user needs and allowing marketing of the Controller’s services. Marketing cookies are stored on the device after consent is given;
- “preference” cookies, helping improve marketing efficiency and adapt it to your needs and preferences, e.g., by remembering your choices on the Website. Preference cookies are stored on the device after consent is given.

You can disable cookie storage directly on your device according to your browser manufacturer’s instructions:
- Edge
- Internet Explorer
- Chrome
- Safari
- Firefox
- Opera

Mobile devices:
- Android
- Safari (iOS)
- Windows Phone
ESSENTIAL MARKETING TECHNIQUES
1. The Controller uses statistical traffic analysis on the Website via Google Analytics. The Controller does not share personal data with the service operator but only anonymized information. The service is based on cookies stored on the user’s device. Users can review and edit preferences gathered by Google’s advertising network using the tool: https://www.google.com/ads/preferences/
2. The Controller uses remarketing techniques to tailor advertising messages to user behavior on the Website, which may give the impression that personal data are used for tracking, although in practice no personal data are transferred by the Controller to advertising operators. The technological condition for such actions is enabled cookie handling.
3. The Controller uses the Facebook Pixel. This technology allows Facebook to know that a registered user is using the Website. In this case, Facebook acts as the data controller for its own data. The Controller does not provide Facebook with any additional personal data. The service is based on cookies stored on the user’s device.
4. The Controller uses automated Website features toward users, e.g., sending an email to a user after visiting a specific subpage, provided the user has consented to receive commercial correspondence from the Controller.
CHANGES TO THE PRIVACY POLICY
1. The provisions of this Privacy Policy may be subject to improvements and updates. The latest version will always be published on the Website and marked with the date of the last update.
2. This Privacy Policy is effective as of October 6, 2025.