1. Introduction & Data Controller
This Privacy Policy describes how Toravel ("we", "us", "our") collects, uses, stores, and protects personal data in connection with the operation of the website at toravel.info and the provision of our nutritional supplement products and related services.
The data controller for all personal data processed in connection with this website is:
ul. Zlota 38
00-660 Warsaw, Poland
Email: [email protected]
Telephone: +48 22 537 84 61
This policy is written in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation, GDPR) and applicable Polish data protection legislation. By using the Toravel website, you acknowledge that you have read and understood this policy.
2. Data We Collect
We collect the following categories of personal data, only where you have provided it voluntarily or where collection is technically necessary for the operation of the website:
- Full name (when submitted via contact form)
- Email address (when submitted via contact form)
- Message content submitted through enquiry forms
- Subject classification selected in the contact form
- IP address (anonymised where technically possible)
- Browser type and version
- Operating system
- Pages visited and time spent (via analytics, where consented)
- Referral source
We do not collect special category personal data (as defined in Article 9 GDPR), including data concerning health, ethnicity, religious belief, or political opinion.
3. Legal Basis for Processing
All personal data processing by Toravel is conducted under one of the following legal bases established by Article 6 GDPR:
- 6(1)(b)Performance of a contract: Where processing is necessary to respond to an enquiry or fulfil a request you have made, including lot record requests and product specification queries.
- 6(1)(a)Consent: Where you have actively consented to the use of non-essential cookies or to receiving optional communications.
- 6(1)(f)Legitimate interests: Where processing is necessary for the purposes of the legitimate interests pursued by Toravel, including website security, fraud prevention, and the improvement of website content, provided those interests are not overridden by your rights and freedoms.
- 6(1)(c)Legal obligation: Where processing is required so as to comply with a legal obligation applicable to Toravel.
4. How We Use Your Data
Personal data collected through the Toravel website is used for the following purposes:
- Responding to written enquiries submitted via the contact form, including product specification and lot record requests
- Maintaining records of correspondence for internal documentation and follow-up purposes
- Operating website analytics to understand aggregate patterns of visitor engagement with website content (where consent is given)
- Maintaining website security and preventing fraudulent or abusive submissions
- Complying with applicable legal and regulatory obligations
We do not use personal data for automated decision-making or profiling as defined under Article 22 GDPR. We do not use your contact data for unsolicited marketing communications.
5. Data Retention
Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law:
- Contact form submissions: Retained for a maximum of 24 months from the date of submission, after which records are deleted unless an ongoing correspondence has been established.
- Technical and analytics data: Retained for a maximum of 13 months in aggregated, anonymised form.
- Cookie consent records: Retained for 12 months from the date of consent registration.
6. Data Sharing & Third Parties
Toravel does not sell, rent, or otherwise transfer personal data to third parties for their own commercial purposes. Personal data may be shared with the following categories of recipient only where strictly necessary:
- Hosting and infrastructure providers: Servers and content distribution infrastructure used to operate the toravel.info website. Data processing agreements are in place with all infrastructure providers.
- Analytics service providers: Where you have consented to analytics cookies, aggregate and anonymised data may be processed by a third-party analytics platform.
- Legal and regulatory authorities: Where disclosure is required by applicable law, court order, or regulatory directive.
Where data is transferred outside the European Economic Area (EEA), such transfers are conducted only in accordance with Chapter V GDPR, using appropriate safeguards including Standard Contractual Clauses where applicable.
7. Your Rights Under GDPR
Where Toravel acts as the data controller for your personal data, you have the following rights under applicable data protection law:
You have the right to request confirmation of whether we hold personal data about you, and to obtain a copy of that data.
You have the right to request correction of inaccurate personal data we hold about you.
You have the right to request deletion of your personal data in certain circumstances, including where the data is no longer necessary for the purpose it was collected.
You have the right to object to processing of your personal data where that processing is based on legitimate interests.
Where processing is based on consent or contract, you have the right to receive your data in a structured, machine-readable format.
Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise any of these rights, please contact us at [email protected]. We will respond within one calendar month. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (UODO) in Poland, or with the supervisory authority in your country of residence.
8. Cookies
The toravel.info website uses cookies. Detailed information about the cookies we use, their purpose, duration, and your options for managing them is provided in our Cookie Policy. You can manage your cookie preferences at any time using the Cookie Settings option in the footer of this website.
9. Security
Toravel implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration, or disclosure. The toravel.info website operates exclusively over HTTPS (TLS encryption). Access to systems holding personal data is restricted to authorised personnel only.
No method of electronic transmission or storage is entirely secure. While we maintain appropriate safeguards, we cannot guarantee absolute security. In the event of a personal data breach that presents a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals directly.
10. Changes to This Policy
Toravel reserves the right to update this Privacy Policy when necessary to reflect changes in legal requirements, our data processing practices, or the services we provide. Material changes will be indicated by an updated "Last updated" date at the top of this document. We recommend reviewing this policy periodically. Continued use of the toravel.info website following a material update constitutes acceptance of the revised policy.
11. Contact for Data Protection Matters
All data protection enquiries, rights requests, and complaints should be addressed to:
ul. Zlota 38
00-660 Warsaw, Poland
[email protected]
+48 22 537 84 61
Mon–Fri 09:00–18:00