Free shipping on wholesale orders over €2,000 · AI consultant available 24/7

Privacy Policy

1. Introduction

This Privacy Policy explains how CHEM WORLD TRADE Sp. z o.o. ("we", "us", "Controller") processes personal data when you use rivero.shop (the "Store") operated under the Rivero brand. We process data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Polish data protection law.

Last updated: July 4, 2026

2. Data Controller and Contact

CHEM WORLD TRADE Sp. z o.o. — Rivero (rivero.shop)
Kośmin 17C, 05-600 Kośmin, Gmina Grójec, Poland
NIP: 7972084258 | REGON: 526317860
Email: support@rivero.shop

For privacy-related enquiries and to exercise your rights, contact us at support@rivero.shop. We will respond without undue delay and within one month, as required by GDPR.

3. Categories of Personal Data Collected

3.1 Order and payment data

When you place an order we collect: name, delivery and billing address, email, phone (if provided), order details, payment status, and transaction identifiers. Payment card data is processed directly by Stripe; we do not store full card numbers.

3.2 Account data

If you register an account we store your email, hashed password, name, order history, and preferences linked to your profile.

3.3 Customer support and chat

When you contact us via chat or email we process the content of your messages, contact details, and metadata (timestamp, session ID). Chat messages may be processed by our AI assistant powered by Groq to provide automated responses; human staff may review conversations for quality and support purposes.

3.4 Technical and cookie data

We collect IP address, browser type, device information, pages visited, referral source, and cookie identifiers. See our Cookie Policy for details.

4. Purposes and Legal Bases (GDPR Art. 6)

  • Contract performance (Art. 6(1)(b)): processing orders, delivery, invoicing, account management, and customer support related to your purchase.
  • Legal obligation (Art. 6(1)(c)): tax, accounting, and consumer protection records required under Polish and EU law.
  • Legitimate interest (Art. 6(1)(f)): fraud prevention, security monitoring, analytics to improve the Store, and limited direct communication about your orders.
  • Consent (Art. 6(1)(a)): non-essential cookies, marketing communications (where applicable), and optional features. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. Data Processors and Recipients

We share personal data only when necessary with trusted processors bound by data processing agreements:

  • Stripe, Inc. — payment processing (PCI-DSS compliant).
  • Hosting and infrastructure providers — server hosting, CDN, and database services within the EU/EEA or under appropriate safeguards.
  • Groq, Inc. — AI inference for the customer chat assistant; message content is transmitted for response generation.
  • Delivery carriers — name, address, and phone for shipment.

We do not sell personal data to third parties.

6. Retention Periods

  • Order and invoice data: 5 years from the end of the tax year (Polish accounting requirements).
  • Account data: for the duration of the account plus 30 days after deletion request, unless longer retention is required by law.
  • Chat logs: 12 months from last interaction, unless a dispute requires longer retention.
  • Cookie/analytics data: as stated in the Cookie Policy, typically up to 13 months.
  • Marketing consent records: 3 years from withdrawal or last interaction.

7. Your Rights

Under GDPR you have the right to:

  • Access — obtain confirmation and a copy of your personal data.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion where legally applicable ("right to be forgotten").
  • Restriction — limit processing in certain circumstances.
  • Data portability — receive data you provided in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest, including profiling.
  • Withdraw consent — where processing is consent-based, without affecting prior lawful processing.

Submit requests to support@rivero.shop. We may verify your identity before responding.

8. Right to Lodge a Complaint

If you believe we have violated data protection law, you may lodge a complaint with the Polish supervisory authority: Prezes Urzędu Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl. You may also contact your local EU/EEA data protection authority.

9. International Data Transfers

Some processors (e.g. Stripe, Groq) may transfer data outside the EEA, primarily to the United States. Such transfers rely on Standard Contractual Clauses (SCCs), adequacy decisions, or other GDPR Chapter V mechanisms. You may request a copy of applicable safeguards by contacting us.

10. Security Measures

We implement appropriate technical and organisational measures including TLS encryption in transit, access controls, hashed passwords, regular security reviews, and processor due diligence. No method of transmission over the Internet is 100% secure; we cannot guarantee absolute security.

11. Children

The Store is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The "Last updated" date at the top will be revised, and material changes will be communicated via the Store or email where appropriate. Continued use after changes constitutes acceptance of the updated policy.

We use cookies

We use necessary cookies for site functionality and optional analytics cookies to improve your experience. See our Cookie Policy