Privacy Policy
Last updated: 8 July 2026
1. General Information
This Privacy Policy explains how RepowerYard processes personal data when you visit this website or contact us by email about wind turbine parts, components, available assets, sourcing, brokerage or related business matters.
The data controller is RepowerYard. You can contact us about privacy matters at hello@repoweryard.eu.
We do not appoint a Data Protection Officer because, based on the current scope of this website and our activities, we are not required to do so.
2. Personal Data We May Process
We may process personal data that you voluntarily provide when you contact us, including:
- your name and surname, if provided;
- your business email address and phone number, if provided;
- company name, position or role;
- the content of your message and related correspondence;
- technical and commercial details relevant to your inquiry, such as turbine platform, part number, component type, quantity, condition, location, documentation, photos or asset information;
- technical website data such as IP address, browser information, device information, request time, pages requested and basic server logs.
Please do not send us special categories of personal data, such as health data, biometric data, political opinions, religious beliefs, trade union membership, criminal offense data or other sensitive information. We do not need such data to handle business inquiries.
3. Purposes and Legal Bases
We process personal data for the following purposes:
Handling inquiries and correspondence
We use contact details and message content to respond to inquiries, clarify requirements, provide information, continue business communication and prepare or discuss offers. The legal basis is Article 6(1)(b) GDPR where processing is necessary for pre-contractual steps or contract performance, and Article 6(1)(f) GDPR where processing is necessary for our legitimate interest in business communication.
Sourcing, verification and brokerage
Where relevant to an inquiry, we may process information needed to assess demand, verify available parts or assets, coordinate with counterparties, check provenance, prepare commercial options and support transaction logistics. The legal basis is Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.
Legal, accounting and tax obligations
If a transaction takes place, we may process data required for invoices, accounting, tax records and other legal obligations. The legal basis is Article 6(1)(c) GDPR.
Establishing, exercising or defending legal claims
We may retain data where necessary to document business communications, protect our rights, recover payments or defend against claims. The legal basis is Article 6(1)(f) GDPR.
Website security and maintenance
Technical data and server logs may be processed to keep the website available, diagnose errors, prevent abuse and maintain security. The legal basis is Article 6(1)(f) GDPR.
4. Voluntary Provision of Data
Providing personal data is voluntary. However, if you do not provide contact details or information necessary to understand your inquiry, we may be unable to respond or provide a meaningful offer.
5. Recipients of Data
We may share personal data with trusted recipients where necessary for the purposes described in this Policy, including:
- website hosting and infrastructure providers, including Vercel if the website is hosted there;
- email service providers used for business correspondence;
- domain, DNS, security and IT service providers;
- accounting, tax, legal or technical advisers;
- buyers, sellers, asset owners, refurbishers, logistics providers or other business counterparties where this is necessary to handle a specific inquiry or transaction.
We do not sell personal data.
6. International Data Transfers
Some technical providers may process data outside the European Economic Area, for example in the United States or other countries. Where such transfers occur, we rely on appropriate safeguards required by applicable data protection law, such as adequacy decisions, standard contractual clauses or other lawful transfer mechanisms.
7. Retention Periods
We keep personal data only for as long as necessary for the purposes for which it was collected.
- Inquiry correspondence is generally kept for the time needed to handle the matter and then for up to 3 years, unless a longer period is justified by an ongoing business relationship, legal claims or legal obligations.
- Data connected with contracts, invoices, accounting or tax records is kept for the period required by applicable law.
- Data needed to establish, exercise or defend legal claims may be kept until the relevant limitation periods expire.
- Technical logs are retained for the period necessary for security, diagnostics and service operation, according to the practices of the relevant hosting or infrastructure provider.
8. Your Rights
Subject to the conditions set out in the GDPR, you may have the right to:
- access your personal data;
- receive a copy of your personal data;
- rectify inaccurate or incomplete data;
- request erasure of data;
- request restriction of processing;
- object to processing based on legitimate interests;
- request data portability, where applicable;
- withdraw consent, if processing is based on consent.
To exercise your rights, contact us at hello@repoweryard.eu. We may ask for additional information if reasonably necessary to verify your identity or understand your request.
9. Supervisory Authority
If you believe that your personal data is processed unlawfully, you have the right to lodge a complaint with a competent supervisory authority.
In Poland, the supervisory authority is the President of the Personal Data Protection Office:
Urząd Ochrony Danych Osobowych
ul. Stawki 2
00-193 Warsaw, Poland
https://uodo.gov.pl
10. Cookies and Similar Technologies
As of the date of this Privacy Policy, this website does not use marketing, advertising or analytics cookies.
The website may use strictly necessary technical mechanisms required to deliver the page, maintain security or operate the service. Hosting and infrastructure providers may process standard technical data such as IP address, browser information, request time and server logs.
If we introduce analytics, advertising, remarketing, embedded forms or other technologies that require consent, we will update this Privacy Policy and, where legally required, implement an appropriate consent mechanism.
11. Automated Decision-Making
We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you. We do not conduct profiling for advertising or behavioral targeting purposes.
12. External Links
This website may contain links to external websites or services. We are not responsible for the privacy practices of third parties. We recommend reviewing their privacy notices before using those services.
13. Security
We use appropriate technical and organizational measures intended to protect personal data against unauthorized access, loss, alteration or disclosure. Access to data is limited to persons and service providers who need it for the purposes described in this Policy.
14. Changes to This Policy
We may update this Privacy Policy if our website, tools, service providers, business processes or legal requirements change. The current version will be available on this website.
This Privacy Policy is intended to provide transparent information about personal data processing. It does not replace legal advice for specific business, regulatory or contractual circumstances.