NailsReady
← Home

NailsReady Privacy Policy

Last updated: 10 May 2026

1. Data controller

The controller of your personal data is 100M Sp. z o.o., registered office at ul. Franciszka Kotuli 48/2C, 35-122 Rzeszów, Poland. Polish VAT ID (NIP): 8133855259. KRS: 0000885682.

For matters concerning personal data, contact us at: kontakt@nailsready.pl.

2. Scope of data collected

We collect only the data necessary to fulfil orders and operate the Service:

  • e-mail address (one-time-code login, file delivery, contact),
  • invoicing data (NIP, company name, address) — when you provide a NIP at checkout,
  • IP address and browser information (server logs, security, analytics — Vercel),
  • the content of messages sent via the contact form,
  • order information (number, amount, date, payment status).

3. Purposes and legal basis (GDPR)

  • Art. 6(1)(b) GDPR — performance of a contract: order handling, Package delivery, My Account panel.
  • Art. 6(1)(c) GDPR — legal obligations: bookkeeping, VAT invoices, tax law (5-year archiving).
  • Art. 6(1)(f) GDPR — legitimate interest: handling enquiries, analytics, Service security, marketing of our own products to existing customers.
  • Art. 6(1)(a) GDPR — consent: newsletter (if you sign up), analytics and marketing cookies (Consent Mode v2).

4. Recipients of data (processors)

We rely on trusted IT providers who process data on our behalf:

  • Stripe Payments Europe Ltd. (Ireland) — payment processing (BLIK, cards),
  • Resend Inc. — transactional e-mail delivery (order confirmations, file links),
  • Vercel Inc. — application hosting and storage of .docx files (Vercel Blob, EU/Frankfurt region),
  • Supabase Inc. — database for orders and user accounts (EU region),
  • Baselinker Sp. z o.o. (Poland) — issuing and sending VAT invoices,
  • Google Ireland Ltd. — Google Analytics 4 and Google Tag Manager (analytics, with consent).

All processors have signed GDPR-compliant data processing agreements (DPAs). We do not transfer data outside the European Economic Area without applying Standard Contractual Clauses (SCC).

5. Data retention period

  • Order and invoice data — 5 years from the end of the tax year (mandatory under the Polish Accounting Act).
  • Account data — until the account is deleted or a deletion request is submitted.
  • Login codes (one-time-code) — automatically expire after 15 minutes.
  • Contact messages — up to 12 months from the last reply.
  • Server logs — 30 days (Vercel default).
  • Marketing consents (newsletter) — until consent is withdrawn.

6. Your rights

Under the GDPR you have the right to:

  • access your data (art. 15),
  • rectification of inaccurate data (art. 16),
  • erasure — “the right to be forgotten” (art. 17),
  • restriction of processing (art. 18),
  • data portability (art. 20),
  • object to processing (art. 21),
  • withdraw consent at any time (newsletter, cookies),
  • lodge a complaint with the President of the Polish Personal Data Protection Office (uodo.gov.pl).

To exercise these rights, write to kontakt@nailsready.pl. We will respond within 30 days.

7. Cookies

Detailed information about cookies is set out in our separate Cookie Policy at nailsready.pl/polityka-cookies.

8. Contact and policy changes

For matters concerning the protection of personal data, write to kontakt@nailsready.pl. We reserve the right to update this Policy — we will inform you of material changes on the home page of the Service.

Monthly email with updates

What changed in Sanepid, RODO and OSH — one email per month. No spam, no course pitches.