-
Privacy policy
THE PRIVACY POLICY
I. INTRODUCTION
- The Data Controller of your personal data collected through the "pARTs" service maintained at www.parts-jewelry.pl (hereinafter: the Service) is Firma Karlik sp. z o.o. with its registered office in Poznań, 26 Kaliska Street, 61-131 Poznań (hereinafter: the Controller). Contact with the Controller: kontakt@parts-jewelry.pl.
The Controller is responsible for the security of the personal data provided and for processing it in accordance with the law.
- For matters related to the processing of personal data and the exercise of users' rights under personal data protection regulations, you can contact the Data Protection Supervisor: e-mail address: iodovolvo@karlik.poznan.pl.
- Personal data shall be processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive95/46/EC (GDPR) and other currently applicable personal data protection regulations.
- When visiting the Service, the collection of personal data provided by the user takes place (as defined in the in the Terms and Conditions of the Service).
- The purpose and scope of the personal data handled by the Controller is indicated in detail later in this document and in the Terms and Conditions of the Service.
II. GATHERED DATA - GENERAL INFORMATION
- The following information applies to all the ways indicated in Chapter III and IV of the Controller's handling of personal data provided by users.
- The Controller processes personal data of non-logged-in users of the Service using services and functionalities, the use of which does not require logging in (e.g. contact form, access to information and content that does not require creating an account).
- The data will not be obtained for decision-making based solely on automated processing of personal data, including profiling within the meaning of Article 22 GDPR.
- Subject to all data security guarantees, personal data processed through the Service may be transferred - in addition to persons authorized by the Controller - to other entities, including:
- entities authorized to receive them in accordance with the law,
- entities that process them on behalf of the Controller (e.g., providers of technical, ICT, IT services, providers of hosting services, maintainers of these services and ICT devices, providers of analytical services, entities providing consulting services),
- other entities to the extent necessary for the performance of the contract, implementation of services and legal requirements, e.g. electronic payment operators, companies providing postal and courier services, notary or legal offices, contractors providing services to the Controller on the basis of concluded agreements.
- The Controller, will not transfer your personal data to countries outside the European Economic Area.
- The Controller informs you that in connection with the processing of personal data obtained through the Service, any data subject has the right to file a request:
- access to the data (information about the processing of personal data or a copy of the data),
- rectification of data (when it is incorrect),
- erasure of personal data (right to be forgotten),
- restriction of personal data processing,
- transfer of data to another controller,
- object to the processing of data, when the basis for processing is the legitimate interest of the Controller,
- withdraw consent when the Controller will process personal data based on the consent, at any time and in any way, without affecting the period prior to its withdrawal
- under the terms of the GDPR.
- Any data subject has the right to lodge a complaint with the President of the Personal Data Protection Office, with its office in Warsaw, if he/she believes that the processing of personal data is not in compliance with the law.
- The data was obtained by the Controller directly from the user. The Controller may also process personal data of other persons, provided by the user while using the services described in the Privacy Policy and Terms and Conditions of Service.
III. PERSONAL DATA PROVIDED BY THE USER
III. A. E-MAIL OR TELEPHONE CONTACT
- The Controller processes personal data, in particular, name, contact telephone number, e-mail address and other information provided by the user to the extent necessary for the proper handling of the application and fulfillment of the inquiry, including conducting communication and answering questions asked through the contact telephone number and e-mail address provided on the Service (legal basis - Article 6(1)(f) GDPR) - "legitimate interest". If the user submits special categories of data (e.g., health information), he/she declares that he/she consents to their use in order to properly handle the request and fulfill the inquiry, including conducting communication and providing answers (legal basis - Article 9(2)(a) GDPR) - " explicit consent to the processing of health data”.
- The Controller has the right to process personal data for the period necessary for the purposes indicated above. Depending on the legal basis, this will be respectively
- the time necessary to carry out an inquiry, including answering a question sent or settling matters in connection with which correspondence or conversation is conducted; the time until an objection is raised,
- the time until the user withdraws consent (including the withdrawal of consent for the use of special categories of data).
- Withdrawal of consent can be done, in particular, by contacting the Controller via the contact details indicated above. The withdrawal of consent does not affect the legality of the use of data during the period when the consent was in effect.
- Provision of data is voluntary, but necessary for answering the submitted question or for proper handling of the application and execution of the inquiry. The consequence of failing to provide personal data may be the inability to respond or fulfill the inquiry.
III. B. CUSTOMER ACCOUNT
- The Controller processes personal data for the following purposes:
- conclusion of a Contract for the Rendering of Electronic Services (in accordance with the Act of July 18, 2002 on the Rendering of Electronic Services, Journal of Laws 2020.344 i.e., hereinafter: the ARES), Customer Account Service Contract (legal basis - Article 6(1)(b) GDPR in conjunction with Article 6(1)(c) GDPR, i.e. in connection with the provisions on the protection of consumer rights and in connection with the provisions on digital content and services) - "performance of the contract" and "performance of legal obligations”,
- assertion of contractual claims, handling of complaints (legal basis - Article 6(1)(f) GDPR) - "legitimate interest"; the deadlines for assertion of claims arising from the aforementioned Contract are defined in detail by the Civil Code in conjunction with the provisions on digital content and services, in conjunction with the provisions on consumer rights.
- The Controller processes personal data in order to register and maintain a free Customer Account, in particular:
- name,
- surname,
- e-mail address,
- telephone number,
- The Controller has the right to process personal data for the period necessary for the purposes indicated above. Depending on the legal basis, this will be respectively:
- the time necessary to perform the contract,
- the time for the performance of legal obligations and the time for which the law prescribes the storage of data, such as tax regulations,
- the time after which contractual claims become time-barred,
- the time until the Customer expresses an objection,
- the time until the withdrawal of the granted consent, which does not affect the period before its withdrawal.
- Provision of the personal data indicated above is voluntary, but necessary to enter into an agreement, including registration and account maintenance on the Service. Failure to provide the data may make it impossible to use the Service.
III. C. SERVICES: CONTRACTS, CONTRACTS, COMPLAINTS AND NON-COMPLIANCE.
- The Controller processes personal data for the following purposes:
- conclusion of an agreement for the provision of services by electronic means, including enabling the use of particular services and functionalities of the Service (legal basis - Article 6(1)(b) GDPR) - "performance of the agreement",
- conclusion and execution of an agreement for the use of services available to registered users and its proper performance (legal basis - Article 6(1)(b) and Article 9(2)(a) GDPR) - "performance of the agreement", and " explicit consent to the processing of health data" - applies to cases in which the user voluntarily and independently discloses such information on the Service. This data is not required by the Controller, therefore, if the user discloses it, he/she thereby declares that he/she consents to its processing within the service/functionality of the Service in which he/she has disclosed it,
- performing the Controller's legal obligations, e.g. financial settlements and accounting reporting, including issuing and storing invoices, archiving documentation (legal basis - Article 6(1)(c) of the GDPR) - "legal obligation",
- asserting contractual claims, handling complaints (legal basis - Article 6(1)(f) GDPR) - "legitimate interest"; the deadlines for asserting contractual claims are detailed in the Civil Code,
- improving the quality of services provided, including customer satisfaction surveys (legal basis - Article 6(1)(f) GDPR) - "legitimate interest".
- The Controller may process personal data of users of the Service necessary for the conclusion and execution of the contract, in particular:
- name,
- surname,
- delivery address,
- e-mail address,
- telephone number,
- data for VAT invoice,
- other information provided by the user.
- The Controller shall have the right to process personal data for the period necessary for the purposes indicated above. Depending on the legal basis, this will be respectively:
- the time necessary for the execution of the contract,
- the time of performance of legal obligations and the time when the law prescribes the storage of data, e.g. tax regulations, document archiving regulations,
- the time after which contractual claims become time-barred,
- the time until the user objects.
- The provision of data to the extent that the processing of personal data occurs for the purpose of entering into and performing an agreement with the Controller is voluntary, but necessary for the performance of the agreement and the services of the Service. The consequence of failure to provide personal data will be the inability to conclude and perform the contract or use the services of the Service. In the case of legal regulations, the transfer of data is mandatory.
III. D. CONTACT FORM
- The Controller may collect personal data, in particular contact telephone number or e-mail address and other information provided by the user, through the contact form available on the Service.
- The Controller processes personal data to the extent necessary for the execution of the inquiry, including answering the questions asked via the contact form available on the Service (legal basis - Article 6(1)(f) GDPR) - "legitimate interest". If the user provides special categories of data (e.g., health information), he/she declares that he/she consents to their use in order to properly handle the request and fulfill the inquiry, including conducting communication and providing answers (legal basis - Article 9(2)(a) GDPR) - " explicit consent to the processing of health data”.
- The Controller has the right to process personal data for the period necessary for the purposes indicated above. Depending on the legal basis, this will be respectively
- the time necessary to respond to an inquiry sent by the user via the contact form; the time until an objection is raised,
- the time until the user withdraws consent (including the withdrawal of consent for the use of special categories of data).
- Withdrawal of consent can be done, in particular, by contacting the Controller via the contact details indicated above. The withdrawal of consent does not affect the legality of the use of data during the period when the consent was in effect.
- Provision of the data indicated in the contact form is voluntary, but necessary to answer the question sent or for proper handling of the request and execution of the inquiry. The consequence of not providing personal data is the inability to send the user a response.
III. E. MARKETING COMMUNICATION and NEWSLETTER DELIVERY CONTRACT.
E.1 Marketing communication:
- The Controller processes your personal data for the purpose of:
- marketing communication by means of electronic communication (in particular, email, phone calls, SMS or MMS messages) on the basis of a separate consent to process your data for this purpose - e.g. in the case of sending additional marketing materials, invitations to events (legal basis - Article 6(1)(a) GDPR) - "consent",
- implementation of direct marketing, including sending information about products and services of the Controller and third parties (e.g. business partners) cooperating with the Controller (legal basis - Article 6(1)(f) GDPR) - "legitimate interest”,
taking into account the provisions of the Telecommunications Law and the provisions of the Act on the Rendering of Electronic Services - in terms of the communication channel of the aforementioned marketing content, and this at the user's choice.
- The Controller shall have the right to process personal data for the period necessary for the purposes indicated above. Depending on the legal basis, this will be respectively:
- the time until the user objects,
- the time until the withdrawal of consent, whereby the withdrawal of consent does not affect the period before its withdrawal.
- The recipient of marketing communications may, at any time and without giving any reason, opt out of receiving them, in particular by clicking on the deactivation link included in any e-mail sent to you or by contacting the with the Controller through the contact information indicated above.
- Providing data in order to receive marketing communications via the chosen communication channel (i.e. e-mail address, telephone number) is voluntary, but necessary to receive such communications. The consequence of not providing personal data will be the inability to receive marketing content.
E.2 Newsletter - Newsletter Delivery Contract:
- In the case of expressing a desire to receive the Newsletter, a Newsletter Delivery Contract is concluded between the Controller and the User, based on the principles referred to in the Terms and Conditions of Service. In connection with this fact, the Controller processes data in order to:
- concluding the Newsletter Delivery Contract (legal basis - Article 6(1)(b) GDPR in conjunction with Article 6(1)(c) GDPR, i.e. in connection with the provisions on the protection of consumer rights and in connection with the provisions on digital content and services) - "performance of the contract" and "performance of legal obligations",
- vindication of claims arising from the Newsletter Delivery Contract, processing of complaints regarding the Newsletter Delivery Contract as the subject of digital services (legal basis - Article 6.1.f GDPR) - "legitimate interest"; the time limits for vindication of claims arising from the aforementioned Contract are detailed in the Civil Code in conjunction with the provisions on digital content and services, in conjunction with the provisions on consumer rights.
- The Controller processes personal data in order to execute the Newsletter Delivery Contract, in particular, such as
- name,
- surname,
- e-mail address.
- The Controller shall have the right to process personal data for the period necessary for the purposes indicated above. Depending on the legal basis, this will be respectively:
- the time necessary to perform the contract,
- the time for the performance of legal obligations and the time for which the law prescribes the storage of data, e.g. tax regulations, consumer regulations, regulations on digital content and services,
- the time after which contractual claims become time-barred,
- the time until the user objects.
Provision of the personal data indicated above is voluntary, but necessary to conclude an agreement, including registration and maintenance of an account on the Service. Failure to provide data may make it impossible to use the Service
III. F. FACEBOOK/INSTAGRAM
- The Controller is the controller of personal data of users using the products and services offered by Meta Platforms Ireland Limited with its registered office: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter: Meta), who visit the Controller's website, available at: https://www.facebook.com/partsjewelry and https://www.instagram.com/parts_jewelry/ (hereinafter: Fanpage). As the Controller it shall be responsible for the security of the personal data provided and its processing in accordance with the law.
- The Controller processes personal data of users who visit the Fanpage when using Meta's products and services. This data is processed:
- in connection with the operation of the Fanpage, including the promotion of the company's own brand (legal basis - Article 6(1)(f) GDPR) - "legitimate interest",
- for the purpose of answering questions asked via Messenger or other services offered by Meta (legal basis - Article 6(1)(f) GDPR) - "legitimate interest"; if you provide special categories of data (e.g., health information), you declare that you consent to their use in order to properly handle your request and fulfill your inquiry, including conducting communications and responding (legal basis - Article 9(2)(a) GDPR) - „consent".
- The Controller has the right to process:
- publicly available personal data (such as username, profile picture, activity status on Facebook/Instagram or Messenger), content of comments and other information publicly provided by a user using Meta products and services,
- personal data sent by the user visiting the Fanpage, including the collection of information shared in the user's profile and other content, comments, messages and communications (e.g., photos, contact information, place of residence, information on interests or worldview beliefs, etc.),
- other personal information provided by users in the content of messages via Messenger or other Facebook/Instagram services (including contact information, health information, etc.) for the purpose of responding to an inquiry sent or to fulfill a contact request.
- The scope of personal data processing, the specific purposes, and the rights and obligations of the user using Meta's products and services are derived directly from:
- Facebook's terms and conditions (the document is available on the Facebook page at: https://www.facebook.com/legal/terms and on the Instagram page at: https://help.instagram.com/581066165581870) and
- "Data Policy" (the document is available on Facebook's website at: https://www.facebook.com/policy and on the Instagram page at: https://privacycenter.instagram.com) or
- legal provisions
- and are refined as a result of the user's actions on Facebook/Instagram.
- The Controller shall have the right to process personal data for the period necessary for the purposes indicated above. Depending on the legal basis, this will be respectively:
- the time until the user objects (or deletes the Facebook/Instagram user account),
- the time until the user withdraws consent (or deletes the Facebook/Instagram user account). The withdrawal of consent does not affect the lawfulness of data processing during the period when consent was in effect,
- the period necessary to handle the request sent by the user via Messenger or other Facebook/Instagram services.
- The catalog of recipients of personal data processed by the Controller results primarily from the range of products and services used by the Facebook/Instagram user, but also from the user's consent or by law. With all guarantees of data security, the Controller may transfer personal data of the user visiting the Fanpage - in addition to persons authorized by the Controller - to other entities, including entities processing data on behalf of the Controller, e.g. technical service providers and entities providing consulting services (including law firms) and contractors providing services to the Controller on the basis of concluded agreements.
- The Controller will not transfer personal data of a user using Facebook products and services to countries outside the European Economic Area (countries other than the European Union and Iceland, Norway and Liechtenstein).
- The Controller may process personal data of users who use the products and Meta services who visit the Fanpage, in order to analyze how users use the Controller's website and related content (to keep statistics) - in the event that users' use of the Fanpage and related content triggers the creation of an event for site statistics, with which the processing of personal data is associated (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest".
- In the case of personal data processed for statistics on actions taken by the user on the Fanpage (including watching or stopping watching the page, recommending the page in a post or comment, liking the page or post, cancelling a liking), the Controller and Meta are joint controllers of users' personal data. The types of data and the scope of their processing, as well as the principles of privacy protection and users' rights, are indicated in detail:
- in this document,
- in the "Data Policy" document published on the Facebook page at: https://www.facebook.com/policy, on the Instagram page at: https://privacycenter.instagram.com/policy,
- in the document "Information about page statistics", published on the Facebook page at: https://www.facebook.com/legal/terms/page_controller_addendum.
- It is Meta's responsibility to notify users who use Meta's products and services of the processing of data for site statistics and to enable them to exercise their rights under the GDPR (information about the data used to create site statistics has been made available on the Facebook/Instagram page at: https://www.facebook.com/legal/terms/information_about_page_insights_data
- The Facebook Data Protection Supervisor can be contacted via the form provided on the Facebook page at: https://www.facebook.com/help/contact/540977946302970.
III. F. OTHER SOCIAL MEDIA SITES
- The Service contains plug-ins or other types of links to social networks (including their versions in the form of mobile applications) other than Facebook/Instagram, which are located in a prominent place on the Service. In this case, the owners of the aforementioned portals and mobile applications remain the entities responsible for processing personal data. You can read more about the protection of personal data in the information (usually called privacy policy) on this subject located on the pages of the above-mentioned portals or in their versions of mobile applications.
- Bearing in mind para. 1 above, the Controller is not responsible for the processing of personal data of users using the said platforms or mobile applications, with the exception of data that is processed:
- in connection with the operation of the Fanpage, including for the purpose of promoting one's own brand (legal basis - Article 6(1)(f) GDPR) - "legitimate interest",
- for the purpose of responding to inquiries made via the social network (legal basis - Article 6(1)(f) GDPR) - "legitimate interest"; if you provide special categories of data (e.g., health information), you declare that you consent to its use for the proper handling of the request and fulfillment of the inquiry, including conducting communications and responding (legal basis - Article 9(2)(a) GDPR) - „consent".
- For this reason, the Controller has the right to process:
- publicly available personal data (such as username, profile photo, activity status), content of comments and other information publicly provided by the user using the social network,
- personal data sent by the user visiting the Fanpage, including the collection of information made available in the user's profile and other content, comments, messages and communications (such as photos, contact information, place of residence, information on interests or worldview beliefs, etc.),
- other personal information provided by users in the content of messages through the social media site (including contact information, health information, etc.) in order to respond to a submitted inquiry or to fulfill a contact request.
IV. AUTOMATICALLY COLLECTED DATA
- Using the Service involves sending requests to the server, which are automatically recorded in event logs.
- Event logs record user session data. In particular, these are: IP address, device type and name, date and time of visiting the Service, information about the Internet browser and operating system.
- Data recorded in event logs are not associated with specific individuals.
- Access to the contents of event logs is provided to persons authorized by the Controller to administer the Service.
- Chronological recording of information about events is only auxiliary material, used for administrative purposes. Analysis of event logs makes it possible in particular, to detect threats, to ensure adequate security of the Service and to perform statistics in order to better understand how users use the Service.
- User session data is used to diagnose problems with the functioning of the Service and analyze possible security violations, to manage the Service and to perform statistics (legal basis - Article 6 (1) (f) GDPR) - "legitimate interest".
- The Service uses cookies for its operation. For more information, see "INFORMATION ON COOKIES”:
V. FINAL PROVISIONS
- This document is for informational purposes and applies specifically to the service available at www.parts-jewelry.pl.
- The Controller reserves the right to make changes to the current privacy policy in particular in case of:
- technology development;
- changes in generally applicable laws, including those regarding personal data protection or information security;
- development of the Service, including implementation of new functionalities.
- The Controller will notify users of changes in the content of the privacy policy by posting an announcement on the Service.