Privacy policy

Last updated: 24.07.2025

This Privacy Policy describes how we, Novel Nutraceuticals Sp. z o.o. collect, use, and disclose your Personal Information when you visit or make a purchase from the Site https://cbdreakiro.com/  (the “Site” or “we”)

Policy Navigation:

Contact 1

Collecting Personal Information 1

Minors 2

Behavioural Advertising 2

Using Personal Information 3

Lawful basis 3

Retention 4

Automatic decision-making 4

Your rights 5

Sharing Your Personal Information 6

International Data Transfers 7

Cookies 8

Changes 11

 

Contact

After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at: info@reakiro.com

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and the information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

1. Device Information

• Purpose of Collection:
  To ensure the Site loads properly for you and to perform analytics to improve and optimize your browsing experience.

• Source of Collection:
  Automatically collected when you access our Site through technologies such as cookies, log files, web beacons, tags, or pixels.

• Disclosure for a Business Purpose:
  Shared with our e-commerce platform provider, Shopify.

• Personal Information Collected:

• Web browser version

• IP address

• Time zone

• Cookie data

• Pages or products you view

• Search terms

• Information about how you interact with the Site

2. Order Information

• Purpose of Collection:
  To provide products and services to you, fulfill our contractual obligations, process your payment, arrange shipping, send invoices and order confirmations, communicate with you, detect potential fraud, and—if aligned with your preferences—offer relevant marketing.

• Source of Collection:
  Collected directly from you during the checkout process or when placing an order.

• Disclosure for a Business Purpose:

• Shared with Shopify, our e-commerce platform provider.

• Shared with courier services to facilitate delivery.

• Personal Information Collected:

• Full Name

• Billing address

• Shipping address

• Payment information (only the following informagtion is visible to us: first 6 and last 4 digits of your card, proof of payment, card type, card expiration date, and name of the bank)

• Email address

• Phone number

3. Customer Support Information

• Purpose of Collection:
  To respond to your inquiries, assist with issues or complaints, and improve our overall support services.

• Source of Collection:
  Collected directly from you when you contact our customer support team via email, or phone available on the Site.

• Personal Information Collected:

• Full Name

• Email address

• Phone number (if provided)

• Order details (if relevant to your inquiry)

• Any other information you choose to provide in your message

Minors

The Site is not intended for individuals under the age of 18. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address above to request deletion.

Behavioural Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

• We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: 

•  We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt-out of targeted advertising by:

• FACEBOOK - https://www.facebook.com/settings/?tab=ads

• GOOGLE - https://www.google.com/settings/ads/anonymous

• BING  - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

Additionally, you can opt-out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.

Using Personal Information

According to the Data Processing Agreement between the Reakiro Poland Sp. z o.o. and Novel Nutraceuticals Sp. z o.o.:

• Reakiro Poland Sp. z o.o. is responsible for ensuring the functionality, security, and compliance of the website and acts as the Data Processor and processes Your Personal data exclusively on the instructions of the Nutraceuticals Sp. z o.o.

• Novel Nutraceuticals Sp. z o.o. acts as the Data Controller and is solely responsible for determining the purposes and means of processing Your Personal data collected through the website.

Data Processor reserves the right to implement updates or modifications to the website as necessary to maintain normal operation and ensure compliance with applicable technical and legal standards, including those related to data protection.

We use your Personal Information to provide our services to you, which include: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (GDPR), if You are a resident of the European Economic Area (EEA), we process Your personal information under
the following lawful bases:

• Your consent (e.g. to send you promotional emails);

• The performance of the contract between you and the Site (e.g. when you agree to be bound by our Terms and Conditions);

• Compliance with our legal obligations (e.g. storing data related to financial transaction as long as required by applicable tax regulation);

• For our legitimate interests, which do not override your fundamental rights and freedoms (e.g. to assist you with completing your order).

Retention

When you place an order on our Site, we retain your personal information for as long as necessary to fulfil the purposes for which it was collected, including for processing your order and complying with our legal and regulatory obligations. Additionally, information collected through cookies and similar tracking technologies may be retained for analytical, security, or functionality purposes as further described in the Section Cookie below.

You have the right to request the erasure of your personal data at any time, including data collected via cookies where applicable. For more details on your rights under the General Data Protection Regulation (GDPR), including your right to erasure, please refer to the ‘Your Rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

• Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.

• Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

Please note that these services are performed by Shopify, but not us.

Your rights

Data Protection Notice

If you are a resident of the European Economic Area (EEA), your personal data is processed in accordance with the General Data Protection Regulation (GDPR). We are committed to complying with the GDPR and apply similar high standards of data protection to all our users, while also considering any applicable limitations, exemptions, or specific provisions under your local laws.

Your Data Protection Rights

Under applicable data protection laws, including the General Data Protection Regulation (GDPR), you may have the following rights regarding your personal data:

Right of Access

You have the right to request access to the personal data we hold about you. This includes information such as the purposes of processing, categories of data, recipients, data retention periods, sources of data (if not collected directly from you), and whether your data is subject to automated decision-making or profiling. You may also request a copy of your personal data. In some cases, a reasonable fee may apply.

Right to Rectification

You may request correction of inaccurate or outdated personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You may request the deletion of your personal data in certain circumstances, including when:

• the data is no longer necessary for the purposes it was collected;

• you withdraw your consent and there is no other legal basis for processing;

• you object to processing based on legitimate interests and no overriding grounds exist;

• the data was processed unlawfully;

• the data must be erased to comply with legal obligations.

Right to Restrict Processing

You may ask us to restrict the processing of your personal data where:

• you contest its accuracy and we are verifying it;

• processing is unlawful and you oppose erasure;

• the data is no longer needed but you require it for legal claims;

• you have objected to processing and we are considering your request.

Right to Data Portability

When processing is based on your consent or a contract and is carried out by automated means, you may request a copy of your personal data in a commonly used, machine-readable format and transfer it to another provider.

Right to Object

You may object to the processing of your personal data at any time if:

• it is used for direct marketing;

• it is processed based on legitimate interests;

• processing is for research, statistics, or tasks carried out in the public interest.

Rights in Relation to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects. At present, we do not carry out such activities.

Right to Lodge a Complaint

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the data protection authority in your country of residence, place of work, or where the issue occurred. You can also contact us directly at info@reakiro.com and we will aim to respond within one month.

For EU residents, a list of national data protection authorities is available here:  https://edpb.europa.eu/about-edpb/board/members_en

Sharing Your Personal Information

We only share your personal information when it is necessary to provide our services, fulfil our contractual obligations, comply with legal requirements, or protect our legitimate interests. We ensure that any third party that processes your data does so in compliance with applicable data protection laws and under appropriate safeguards.

Examples of when and with whom we may share your personal data include:

• Service Providers: 

We may share your information with trusted third-party service providers who support us in delivering our services, such as hosting providers, payment processors, customer support platforms, and analytics providers. These providers are bound by strict confidentiality and data protection obligations and may only process your data in accordance with our instructions.

• Payment providers and gateways:

We use third-party payment providers to securely process your payments. These providers handle your payments directly and do not share your full payment information with us. 

In particular, we use ApcoPay, Corepay and Truevo to process your payments. These providers handle your information in accordance with their own privacy policies and security standards. You can find more about their privacy policies here:

1. ApcoPay: https://www.apcopay.com/privacy-policy/

2. Corepay: https://corepay.net/privacy-policy/

3. Truevo: https://truevo.com/privacy-policy/ 

• E-Commerce Platform:

We use Shopify to power our online store. Shopify processes your personal information on our behalf to manage your purchases and transactions. You can learn more about how Shopify handles your data by visiting: https://www.shopify.com/legal/privacy.

• Delivery Partners:

To fulfil your orders, we share necessary information—such as your name, delivery address, and phone number—with courier and postal services to enable successful delivery.

• Legal and Regulatory Requirements:

We may disclose your personal information if required to do so by law, such as to comply with a subpoena, court order, or similar legal process. We may also share your data to respond to lawful requests from public authorities or to protect our rights, property, or safety, or that of others.

We do not sell or rent your personal data to third parties for marketing purposes. Any sharing of data is strictly limited to what is necessary and carried out in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR).

International Data Transfers

Your personal data may be transferred to, and processed in, countries outside the European Economic Area (EEA), including jurisdictions that may not offer the same level of data protection as your home country. These transfers may be necessary for the purposes described in this Privacy Policy, including the provision of services, customer support, and system hosting.

To ensure your personal data remains protected wherever it is processed, we implement appropriate safeguards in accordance with applicable data protection laws. These safeguards may include:

• Standard Contractual Clauses (SCCs): We use the Standard Contractual Clauses approved by the European Commission to ensure adequate protection of personal data transferred to countries outside the EEA.

• Data Processing Agreements: We enter into robust contractual arrangements with our service providers and partners to ensure they handle personal data in compliance with applicable laws and provide adequate protection.

• Technical and Organisational Measures: We apply security measures, such as encryption and access controls, to ensure data confidentiality, integrity, and availability throughout the transfer and processing lifecycle.

For even more detailed information on how data transfers comply with the GDPR, you may also visit Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance, whether it’s their first time visiting or if they are frequent visitors.

We use the following cookies to optimize your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

Reporting and Analytics

 

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We keep this Policy under regular review and may update it at any time. If changes are made, we will update the “Last Updated” date at the top of this page. We encourage you to review this Policy periodically or check the Site for any updates.