Privacy Policy

1. Data Controller

The controller of your personal data is it partners security sp. z o.o., with its registered office at Ignacego Krasińskiego 24, 40-282 Katowice, Poland (hereinafter: “Controller” or “LVL5”).

Contact regarding data protection matters:
Email: [email protected]
Phone: +48 576 464 672
Postal address: Ignacego Krasińskiego 24, 40-282 Katowice, Poland

2. What data we collect and why

a) Placing orders in the store

When placing an order, we collect: name and surname, email address, phone number, delivery and billing address, tax ID (for companies), order details. Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and legal obligation regarding accounting and tax requirements (Art. 6(1)(c) GDPR).

b) Account registration and B2B partner programme

During account registration and in the B2B partner programme, we collect: company name, tax ID/VAT ID, company address, contact person’s name, position, phone number, email address. Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and legitimate interest of the Controller (Art. 6(1)(f) GDPR).

c) Contact form

Through the contact form, we collect: name, email address, message content. Legal basis: legitimate interest of the Controller — responding to your enquiry (Art. 6(1)(f) GDPR).

d) Live chat (Tawk.to)

We use Tawk.to for live chat support. During the chat, the following data may be collected: conversation content, IP address, browser data. Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR). Tawk.to privacy policy: https://www.tawk.to/privacy-policy/

e) Automatically collected data

While using the website, we automatically collect: IP address, browser and operating system type, visit time, pages visited. This data is used to ensure proper functioning of the website and for statistical purposes. Legal basis: legitimate interest of the Controller (Art. 6(1)(f) GDPR).

3. Data recipients

Your personal data may be shared with the following categories of recipients:

• Payment operators: Tpay (Krajowy Integrator Płatności S.A.), PayU S.A., Przelewy24 — for order payment processing.
• Courier companies — for order delivery.
• Hosting provider: LiteSpeed / hosting server — for website data storage.
• Cloudflare, Inc. — for website security and performance (CDN, DDoS protection).
• Tawk.to, Inc. — for live chat support.
• Public authorities — when required by law (e.g. tax authorities).

4. Data transfers outside the EEA

Some of the services we use (Cloudflare, Tawk.to) may process data on servers located outside the European Economic Area (EEA), including the United States. In such cases, data transfers are carried out on the basis of Standard Contractual Clauses approved by the European Commission or other appropriate safeguards in accordance with the GDPR.

5. Cookies

Our website uses cookies. For detailed information about the types of cookies used, their purposes and how to manage them, please refer to our Cookie Policy.

6. Data retention period

• Order-related data: for the period required by tax and accounting regulations (5 years from the end of the tax year).
• User account data: until the account is deleted.
• Contact form data: for the period necessary to handle the enquiry, up to 2 years.
• Tawk.to chat data: in accordance with Tawk.to’s retention policy.
• Server logs: up to 12 months.

7. Your rights

Under the GDPR, you have the following rights:

• Right of access — you can obtain information about whether we process your data and receive a copy of it.
• Right to rectification — you can request correction of inaccurate or completion of incomplete data.
• Right to erasure — you can request deletion of data where there is no legal basis for further processing.
• Right to restriction of processing — you can request restriction of data processing in certain circumstances.
• Right to data portability — you can receive your data in a structured, machine-readable format.
• Right to object — you can object to processing based on the Controller’s legitimate interest.
• Right to withdraw consent — if processing is based on consent, you can withdraw it at any time.

To exercise any of the above rights, please contact us at: [email protected].

You also have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warsaw, Poland, https://uodo.gov.pl).

8. Data security

We implement appropriate technical and organisational measures to protect your personal data, including: encrypted connections (SSL/TLS), sensitive data encryption (AES-256), protection against unauthorised access, regular backups, and security monitoring via Cloudflare.

9. Changes to this Privacy Policy

The Controller reserves the right to update this Privacy Policy. We will inform you of significant changes via the website. The current version of the policy is always available at: https://lvl5.eu/privacy-policy/.

Last updated: 2 April 2026