Welcome to the New Nash Tackle Website

Adatvédelmi szabályzat

PRIVACY POLICY

Welcome to the Nash Privacy Policy – a group of entities working together to create a brand known for the highest quality angling equipment.

This document informs you about how we process your data when you use our websites, i.e. contact us by email or through forms, visit our websites, make purchases or sign up for our newsletter.

You can download this document in pdf format by clicking here: Privacy Policy

I. Who we are and for what purposes we process your personal data

The Controllers of your personal data are:

  • Nash Tackle Sp. z o.o. with registered office in Żory, Poland, entered in the register of entrepreneurs of the National Court Register (KRS) by the District Court in Gliwice, 10th Commercial Division of the KRS under no. 0000687939, NIP: 6423203392.
  • Kevin Nash Group Ltd. – a company registered in England and Wales under company number 02689107, registered office at Unit 18-21 Burnham Business Park, Burnham on Crouch, CM0 8TE, VAT number 368 855103.

The entities identified above act as joint controllers, which means that they jointly determine the purposes and means of processing your personal data and share responsibilities towards data subjects.

The basic legal acts under which the Controllers process your personal data are:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR) – text of the Regulation
  • The Data Protection Act 2018 (DPA) – text of the Act

Wherever we use phrases such as “we”, “our” and similar in this document, this is to be understood to mean the Controllers indicated above.

II. Contact details

For your convenience, you can contact each of the Controllers at the same email address: info@nashtackle.co.uk.

III. How do we collect personal data?

We use various methods to collect personal data. As a general rule, we collect it directly from you, e.g. when you fill in the relevant forms, correspond with us by email, provide us with data in contracts, place an order, sign up for a newsletter or publish feedback about our products on Nash's website or in our social media.

If the data does not originate from you, it has been provided to us by our partners, your employer or from another legitimate source.

IV. Purpose of processing

Depending on the type of your activity on our websites, we will mostly use your personal data for the following purposes:

  • for the performance of a contract which you intend to enter into with us or which we have already concluded,
  • for the purpose of pursuing our legitimate interests, including seeking or defending against contractual claims, or responding to your inquiries, e.g. via email,
  • for marketing purposes, such as providing you with a newsletter (if you subscribed),
  • to enable you to participate in our events,
  • to carry out activities based on your consent,
  • to comply with a legal obligation.

In any case, we will process your personal data when required or permitted by law and only for the purposes for which we collected it. If we believe that we have a legitimate basis to process your data for another purpose – we will keep you informed.

V. Data retention

We will only process your personal data for as long as necessary for the purposes for which it was collected or as long as required by law.

Depending on the purpose, your personal data may be processed for different periods. In line with the requirements of the GDPR, we provide more detailed information below on which legal basis and for how long we process personal data depending on the purpose.

Purpose of data processing Legal basis Duration of processing
Conclusion and/or execution of a contract (also when you fill in an order form; also applies to data of persons representing entities concluding contracts with the Controller) Article 6.1(b) of the GDPR For the duration of the contract and after its termination, until the expiry of the limitation periods for claims arising therefrom (according to Polish law it is 3 or 6 years as a general rule, unless specific provisions stipulate otherwise).
Exercising or defending legal claims Article 6.1(f) of the GDPR Until the expiry of the statute of limitations for claims or the final conclusion of proceedings in respect of the claims asserted (including enforcement proceedings) – whichever is later.
Administering user accounts on the Nash websites Article 6.1(b) of the GDPR An account created on any of our portals will remain active as long as you use it. If 6 years have passed since your last login, the Controller may delete your account after notifying you of his intention to delete it due to non-use. The account will also be deleted if you request us to do so, provided that no claims are made against us as a result of the account. In this case, we will retain your account data until the expiry of the limitation period.
Processing of complaints Article 6.1(c) of the GDPR Personal data will be processed for the duration of the warranty or guarantee and thereafter until the expiry of the limitation period for claims arising therefrom.
Archiving of documentation, i.e. contracts and billing documents Article 6.1(c) of the GDPR, Article 6.1(f) of the GDPR For the periods indicated by the law or, if no such periods are indicated for individual documents, for the time in which their retention falls within the Controller's legitimate interest regulated by the time of possible redress.
To carry out research and statistics, where the legitimate interest of the Controller is to improve our business Article 6.1(f) of the GDPR For the duration of the legitimate interest of the Controller. We do not store personal data exclusively for statistical purposes.
Conducting marketing activities and providing services using electronic communications, where the Controller's legitimate interest is to promote the business Article 6.1(f) of the GDPR, while these activities, due to other applicable regulations (in particular the Telecommunications Act and the Act on the Provision of Electronic Services in force in Poland), are carried out only on the basis of the consents held Until you object or withdraw your consent, i.e. show us in any way that you do not wish to stay in contact with us and receive information about the actions we take.
Handling of reports, requests and enquiries addressed to the Controller by electronic means (e.g. by email, contact form or social networks) Article 6.1(f) of the GDPR Submissions, enquiries and requests related to our business will be processed for 1 year counted from the time the matter with which you are addressing us has been dealt with. In the case of submissions, enquiries and requests made via social networks, data will continue to be processed by the social network operators.
Handling whistleblower reports, in particular receiving, verifying and processing the report of violation of the law, documenting the proceedings initiated on its basis Article 6.1(c) of the GDPR, Article 9.2(b) of the GDPR (if special categories of data are processed in connection with the notification) Personal data processed in connection with the acceptance of a notification or follow-up and documents relating to that notification shall be retained by the legal entity and the public authority for a period of 3 years after the end of the calendar year in which the external notification has been transmitted to the public authority competent to take follow-up action or the follow-up has been completed, or after the proceedings initiated by those actions have been terminated. Personal data that is not relevant to the processing of the application shall not be collected and, if accidentally collected, shall be deleted immediately (within 14 days of determination that it is not relevant to the case).
Processing of the personal image Article 6.1(f) of the GDPR, where the Controller's legitimate interest is to exercise the rights deriving from the consent given Until withdrawal or expiry of consent.

For detailed rules regarding the processing of personal data in connection with the handling of internal whistleblower notifications, please refer to the information clause attached to the Internal Notification Procedure at Nash Tackle Ltd.

VI. Categories of data we process

By personal data, we mean any information about you by which you can be identified. Depending on the purpose, we may process different categories of data. The most common categories of personal data we collect are:

  • first and last name,
  • address,
  • email address,
  • telephone number,
  • business name,
  • login data for our systems,
  • identifiable data resulting from the operation of IT systems and devices (e.g. IP number, login session number, metadata, logins).

It may be that, due to the needs and purposes of the processing, this catalogue will be broader.

VII. Voluntary data provision

The provision of your personal data to us is entirely voluntary, but it may be necessary in order to conclude or perform contracts or to provide you with the services you have requested. If you do not provide us with your data, we may not be able to fulfil the above.

VIII. Recipients of the data

Recipients of your personal data may be:

  • entities providing Nash with IT or analytical services,
  • cloud service providers (including through the use of software hosted on the providers' servers),
  • operators who send mailings promoting our products (newsletter),
  • entities cooperating with Nash in the field of legal, accounting, personnel, consulting services,
  • public administration bodies as defined by law,
  • post offices and courier services,
  • payment operators.

Specifically, we may share your personal data with any of our affiliates (within the Nash group), which means our subsidiaries, our parent company and its subsidiaries, as defined in section 1159 of the Companies Act 2006 (UK) or in Article 4(14) of the Polish Competition and Consumer Protection Act of 16 February 2007, Journal of Laws (Dz.U.) 2024 item 594 as amended on April 18, 2024.

IX. Data security

We have put in place appropriate organisational and technical safeguards to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed in an uncontrolled manner. The Controllers ensure that personal data is processed in accordance with the provisions of the GDPR, the DPA and other data protection legislation.

The Controllers have also put in place procedures to deal with breaches or suspected breaches of personal data and will notify both you and any relevant regulators if we are legally obliged to do so. In doing so, it is important to remember that communication over the internet, including via email, can never guarantee complete security, so we apply the requirement for encryption whenever required.

X. Rights of data subjects

As a data subject, you have:

  • the right of access to data (Article 15 of the GDPR),
  • the right to rectification of data (Article 16 of the GDPR),
  • the right to be forgotten, i.e. to have your data deleted (Article 17 of the GDPR),
  • the right to restrict processing (Article 18 of the GDPR),
  • the right to data portability (Article 20 of the GDPR),
  • the right to object (Article 21 of the GDPR),
  • the right not to be subject to a decision which is based solely on automated processing, including profiling, and which produces legal effects concerning you or in a similar manner significantly affects you (Article 22 of the GDPR).

You also always have the right to withdraw your consent to the processing of your personal data, where consent is the basis for us to process your personal data (however, withdrawal will not affect the lawfulness of processing carried out prior to withdrawal of consent).

The Controller is also obliged to provide the data subject with information about the processing of personal data (Articles 13 and 14 of the GDPR) and, if the request for rectification, erasure or restriction of processing is met, also to inform the recipients to whom the data have been disclosed (Article 19 of the GDPR).

We would also like to inform you that we are obliged to process up-to-date and truthful data. It is therefore very important that you inform us if your personal data changes during the course of our relationship.

If you deem it necessary, you have the right to lodge a complaint at any time with the authority supervising the correct processing of your personal data.

In Poland – this is the President of the Office for Personal Data Protection (PUODO), ul. Stawki 2, Warsaw, email address: kancelaria@uodo.gov.pl.

However, we would appreciate the opportunity to deal with your case internally before you approach the office, so please contact us in the first instance.

XI. Profiling, automated data transfer

We will not make decisions about you based solely on automated processing, including profiling, which would produce legal effects on you or similarly significantly affect you. At the same time, we would like to inform you that we use tools that may take certain actions depending on the information collected through tracking mechanisms, but they do not have the impact on you mentioned above (they do not affect your rights and freedoms). Through the use of such tools, we may, for example, target you with personalised advertising based on previous actions you have taken on our website or suggest products that may be of interest to you.

You need to know that as you interact with our websites, we may automatically collect the following information:

  • technical information, including the IP address used to connect your computer to the Internet,
  • information about login data, type and version of browser used, time zone settings, type and versions of browser plug-ins, operating system,
  • information about your visit, including the full stream of URL clicks to, through and from our website (including date and time),
  • information about the products viewed or queries entered into the search engine, the duration of visits to the pages,
  • information on page response times, download errors,
  • information about the interaction with the page (such as scrolling, clicks and mouseovers) and the methods used to view the page,
  • credit card, debit card and/or other payment information to process payments in connection with orders,
  • information about your approximate location.

We collect this information via cookies, server logs and other similar technologies. However, they are not collated with your personal data. They are stored on the servers of the providers of the individual tools, and these servers can most often be located around the world.

Our websites also use Google Analytics, a web audience analysis service provided by Google, Inc. Google Analytics uses cookies to enable the website to analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where it is required to do so by law or where such third parties process the information on Google's behalf.

More details can be found in our cookie policy: Cookie Policy .

XII. Data processing within and outside the EEA

Due to the location of some of the entities in the Nash Group (UK), and due to the location of the entities providing services to the Controllers, including in particular IT services and the IT structure (location of servers), the Controllers may outsource certain activities or tasks to entities located both inside and outside the EEA. This may result in your data also being or being processed outside the EEA.

The Controller of Nash Tackle Ltd. informs you that if it transfers your data outside the EEA, the individual non-EEA countries on whose territory the data is processed must ensure an adequate level of protection of personal data in accordance with EEA standards, as decided by the European Commission. However, for their processing in the territory of countries for which the European Commission has not established an adequate level of protection of personal data (compatible with EEA standards), the Controller shall enter into contracts with the recipients of such data ensuring an adequate level of protection. The above contracts are based on the standard contractual clauses issued by the European Commission on the basis of Article 46.2(c) of the GDPR. A copy of the aforementioned standard contractual clauses can be obtained from the Controller. The data security measures applied by the Controller comply with the principles provided for in the GDPR.

XIII. Policy changes

If necessary, we may make changes to this Privacy Policy. If we do so, these will be published on all websites operated by us and you will be informed.

This Privacy Policy applies from 10th November 2024.

© 2026 Nash Tackle. Szolgáltató: Shopify