Skip to content

Privacy Policy

1. Controller

The controller within the meaning of the GDPR is:

Hurt-Max Sp. z o.o.
ul. Broniewskiego 6
43-200 Pszczyna, Poland
Phone: +48 501 306 120
Email: biuro@hurtmaxbiogas.com

2. General Information

The following provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you.

3. SSL/TLS Encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the browser address bar changing from "http://" to "https://" and by the lock icon in your browser bar.

4. Hosting

This website is operated on servers provided by OVHcloud. Provider: OVH Groupe SAS, 2 Rue Kellermann, 59100 Roubaix, France. Personal data collected on this website is stored on OVHcloud servers within the European Union. No transfer to third countries takes place in connection with hosting.

Hosting is used in the interest of secure, fast, and efficient provision of our website (Art. 6(1)(f) GDPR). A data processing agreement (DPA) has been concluded with OVHcloud pursuant to Art. 28 GDPR.

5. Data Collection on This Website

5.1 Server Log Files

Our server automatically collects and stores information in server log files that your browser transmits: browser type/version, operating system, referrer URL, hostname, time of request, and IP address.

This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in technically error-free presentation and optimization of its website. Log files are stored exclusively on our own server and are not accessible to the hosting provider (OVHcloud).

Retention: Server log files are regularly deleted through automatic log rotation.

5.2 Contact Form

When you send us inquiries via the contact form, your details (name, email, phone number, message) are stored for the purpose of processing the inquiry and for follow-up questions.

Processing is based on Art. 6(1)(b) GDPR if your inquiry relates to contract performance or pre-contractual measures. Otherwise, processing is based on our legitimate interest in effectively processing inquiries (Art. 6(1)(f) GDPR).

Retention: Data remains until the purpose for storage no longer applies. Mandatory statutory retention periods (6 years per § 257 HGB, 10 years per § 147 AO) remain unaffected.

Providing the data marked as mandatory is necessary to process your inquiry. Without this data, we cannot process your request.

5.3 Inquiries via Email, Phone, or Fax

If you contact us by email, phone, or fax, your inquiry including all resulting personal data (name, inquiry, contact details) will be stored and processed for the purpose of handling your request. The legal basis and retention period correspond to those stated in Section 5.2 (Contact Form).

5.4 Cookies

This website uses only technically necessary cookies required for operation. In particular, Cloudflare Turnstile (see Section 6.1) sets cookies to distinguish between human visitors and automated access.

Technically necessary cookies are used on the basis of § 25(2) TDDDG in conjunction with Art. 6(1)(f) GDPR. Consent is not required for technically necessary cookies.

6. Recipients of Personal Data

In the course of our business activities, we use various external service providers who may process personal data. These include in particular:

Data processing agreements (DPAs) pursuant to Art. 28 GDPR have been concluded with all processors.

7. External Services

6.1 Cloudflare Turnstile

This website uses Cloudflare Turnstile to protect forms from automated abuse. Provider: Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare Turnstile analyzes visitor behavior to determine whether a visitor is human or automated. Cookies may be set and technical information (IP address, browser type, device information) may be collected and transmitted to Cloudflare.

Use is based on Art. 6(1)(f) GDPR. A data processing agreement (DPA) has been concluded with Cloudflare.

Data transfer to the USA: Cloudflare is certified under the EU-US Data Privacy Framework (DPF), based on the EU Commission adequacy decision C(2023) 4745 of July 10, 2023. Additionally, Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR have been agreed.

More information: Cloudflare Privacy Policy.

8. Automated Decision-Making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.

9. Right to Object (Art. 21 GDPR)

Where the processing of your personal data is based on Art. 6(1)(f) GDPR (legitimate interest), you have the right to object to the processing pursuant to Art. 21 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

You may submit your objection informally using the contact details provided above.

10. Further Rights

Under applicable law, you have the right to:

Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.

11. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. Our competent authority is:

Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warszawa, Poland
https://uodo.gov.pl

You may also contact the supervisory authority of your habitual residence or place of work.

12. Changes to This Policy

This privacy policy is current as of May 2026. Updates may be necessary due to further development of our website or changes in legal requirements.