Privacy policy

PRIVACY POLICY OF THE ONLINE STORE JMCARPARTS.PL

TABLE OF CONTENTS:

1. GENERAL PROVISIONS

2. BASIS FOR PROCESSING DATA

3. PURPOSE, BASIS, PERIOD AND SCOPE OF DATA PROCESSING IN THE ONLINE STORE

4. RECIPIENTS OF DATA IN THE ONLINE STORE

5. PROFILING IN THE ONLINE STORE

6. RIGHTS OF THE PERSON WHOSE DATA IS BEING PROCESSED

7. COOKIES IN THE ONLINE STORE, OPERATING DATA AND ANALYTICS

8. FINAL PROVISIONS

 

1. GENERAL PROVISIONS

1.1. This privacy policy of the Online Store is for informational purposes only, which means that it is not a source of obligations for Service Recipients or Customers of the Online Store. The privacy policy primarily contains rules regarding the processing of personal data by the Administrator in the Online Store, including the basis, purpose and scope of data processing, as well as the rights of individuals whose data is being processed, and information on the use of cookies and analytical tools in the Online Store.1.2. The administrator of personal data collected through the Online Store is MATEUSZ FORGIEL conducting business under the name FORGIEL MATEUSZ - J&M CARPARTS TRADING AND SERVICE ENTERPRISE registered in the Central Register and Information on Economic Activity of the Republic of Poland kept by the minister responsible for economy, with the following address of business operations: ul. Rosochata 84, 59-216 Kunice and address for correspondence: ul. Neptuna 15, 59-220 Legnica, NIP 6912233240, REGON 021026470, email address: sklep@jmcarparts.pl - hereinafter referred to as the "Administrator" and also acting as the Service Provider of the Online Store and Seller.

1.3. Personal data in the Online Store is processed by the Administrator in accordance with applicable law, in particular with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". Official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R06791.4. Using the Online Store, including making purchases, is voluntary. Similarly, providing personal data by the user of the Online Store, the Service Recipient or the Customer is voluntary, with two exceptions: (1) entering into contracts with the Administrator - failure to provide the necessary personal data in the cases and to the extent indicated on the Online Store's website and in the Online Store Regulations and this privacy policy will result in the inability to conclude and perform the Sales Agreement or the Electronic Service Agreement with the Administrator. Providing personal data is a contractual requirement and if the person whose data it concerns wants to enter into a specific contract with the Administrator, they are obliged to provide the required data. The scope of data required to conclude a contract is always indicated beforehand on the Online Store's website and in the Online Store Regulations; (2) statutory obligations of the Administrator - providing personal data is a statutory requirement resulting from generally applicable laws imposing on the Administrator the obligation to process personal data (e.g. processing data for tax or accounting purposes) and failure to provide them will prevent the Administrator from fulfilling these obligations.1.5. The Administrator takes special care to protect the interests of individuals whose personal data is processed by them, and in particular is responsible for ensuring that the data collected by them is: (1) processed lawfully; (2) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes; (3) factually correct and relevant to the purposes for which they are processed; (4) stored in a form that allows for the identification of the individuals concerned, for no longer than is necessary to achieve the purpose of processing; and (5) processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage, using appropriate technical or organizational measures.

1.6. Taking into account the nature, scope, context and purposes of the processing, as well as the risk of infringement of the rights or freedoms of individuals with varying likelihood and severity, the Administrator implements appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to be able to demonstrate this. These measures are subject to review and updating as necessary. The Administrator uses technical measures to prevent unauthorized access and modification of personal data transmitted electronically.1.7. All words, phrases and acronyms appearing in this privacy policy and starting with a capital letter (e.g. Seller, Online Store, Electronic Service) should be understood according to their definition contained in the Terms and Conditions of the Online Store available on the Online Store's website.

2. BASIS FOR PROCESSING DATA

2.1. The Administrator is authorized to process personal data in cases where - and to the extent that - at least one of the following conditions is met: (1) the person whose data is concerned has given consent to the processing of their personal data for one or more specified purposes; (2) the processing is necessary for the performance of a contract to which the person whose data is concerned is a party, or for taking steps at the request of the person whose data is concerned prior to entering into a contract; (3) the processing is necessary for compliance with a legal obligation to which the Administrator is subject; or (4) the processing is necessary for the purposes of the legitimate interests pursued by the Administrator or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the person whose data is concerned, requiring protection of personal data, in particular where the person whose data is concerned is a child.2.2. Processing of personal data by the Administrator requires the occurrence of at least one of the grounds indicated in point 2.1 of the privacy policy. The specific grounds for processing personal data of Service Recipients and Customers of the Online Store by the Administrator are indicated in the next point of the privacy policy - in relation to the specific purpose of processing personal data by the Administrator.

3. PURPOSE, GROUNDS, PERIOD AND SCOPE OF PROCESSING DATA IN THE ONLINE STORE

3.1. Each time the purpose, grounds, period and scope, as well as the recipients of personal data processed by the Administrator, result from the actions taken by a given Service Recipient or Customer in the Online Store. For example, if a Customer decides to make purchases in the Online Store and chooses personal pickup of the purchased Product instead of courier delivery, their personal data will be processed for the purpose of performing the concluded Sales Agreement, but will not be shared with the carrier carrying out deliveries on behalf of the Administrator.

3.2. The Administrator may process personal data in the Online Store for the following purposes, on the following grounds, for the following periods and to the following extent:

 

Purpose of data processing

 

Legal basis for processing and storage period

 

Scope of processed data

 

Performance of the Sales Agreement or agreement for the provision of Electronic Services or taking actions at the request of the data subject, before the conclusion of the above-mentioned agreementsArticle 6(1)(b) of the GDPR (performance of a contract)

Data is stored for the period necessary for the performance, termination or other expiration of the concluded contract.

 

Maximum scope: first and last name; email address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country), residence/business address (if different from the delivery address).

In the case of Service Recipients or Customers who are not consumers, the Administrator may additionally process the company name and tax identification number (NIP) of the Service Recipient or Customer.

The given scope is maximum - in the case of personal pickup, providing a delivery address is not necessary.

 

Direct marketing

 

Article 6(1)(f) of the GDPR (legitimate interest of the administrator)

Data is stored for the period of existence of the legally justified interest pursued by the Administrator, but no longer than the limitation period for claims against the person whose data is processed, from the Administrator's business activities. The limitation period is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for sales contracts two years).The administrator cannot process data for direct marketing purposes if an effective objection has been expressed in this regard by the person whose data it concerns.

 

 

Email address

 

 

Marketing

 

 

Article 6(1)(a) of the GDPR (consent)

The data is stored until the person whose data it concerns withdraws their consent for further processing for this purpose.

 

 

First name, email address

 

 

Expressing the Client's opinion on the concluded Sales Agreement

 

 

Article 6(1)(a) of the GDPR

The data is stored until the person whose data it concerns withdraws their consent for further processing for this purpose.

 

 

Email address

 

 

Keeping tax records

 

 

Article 6(1)(c) of the GDPR in conjunction with Article 86(1) of the Tax Ordinance of January 17, 2017 (Journal of Laws of 2017, item 201).

The data is stored for the period required by the laws obliging the Administrator to keep tax records (until the expiration of the limitation period for tax liability, unless tax laws provide otherwise).

 

 

First name and last name; address of residence/business/registered office (if different from the delivery address), company name and tax identification number (NIP) of the Service Recipient or Client

 

 

Establishing, pursuing or defending claims that the Administrator may raise or that may be raised against the Administrator

 

 

Article 6(1)(f) of the GDPRThe data is stored for the period of the legally justified interest pursued by the Administrator, but no longer than the limitation period for claims against the person whose data is concerned, from the Administrator's business activities. The limitation period is determined by the provisions of law, in particular the Civil Code (the basic limitation period for claims related to business activities is three years, and for sales contracts - two years).

 

Name and surname; contact phone number; email address; delivery address (street, house number, apartment number, postal code, city, country), residence/business address (if different from the delivery address).

In the case of Service Recipients or Customers who are not consumers, the Administrator may also process the company name and tax identification number (NIP) of the Service Recipient or Customer.

 

RECIPIENTS OF DATA IN THE ONLINE STORE4.1. For the proper functioning of the Online Store, including the execution of concluded Sales Agreements, it is necessary for the Administrator to use the services of external entities (such as software provider, courier, or payment processing entity). The Administrator only uses the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures, in order to ensure that the processing complies with the requirements of the GDPR and protects the rights of the individuals whose data is processed.

4.2. The transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Administrator only transfers data when it is necessary for the fulfillment of a specific purpose of personal data processing and only to the extent necessary for its fulfillment. For example, if a Customer chooses personal pickup, their data will not be transferred to the carrier cooperating with the Administrator.

4.3. Personal data of Service Recipients and Customers of the Online Store may be transferred to the following recipients or categories of recipients:4.3.1. carriers / freight forwarders / courier brokers - in the case of a Client who uses the method of delivery of the Product by mail or courier in the Online Store, the Administrator provides the collected personal data of the Client to the selected carrier, freight forwarder or intermediary carrying out shipments on behalf of the Administrator to the extent necessary to fulfill the delivery of the Product to the Client.

4.3.2. entities handling electronic payments or credit card payments - in the case of a Client who uses electronic payment methods or credit card in the Online Store, the Administrator provides the collected personal data of the Client to the selected entity handling the above payments in the Online Store on behalf of the Administrator to the extent necessary to process the payment made by the Client.4.3.3. Service providers supplying the Administrator with technical, IT and organizational solutions, enabling the Administrator to conduct business activities, including the Online Store and Electronic Services provided through it (in particular providers of computer software for running the Online Store, email and hosting providers, as well as providers of business management software and technical support for the Administrator) - The Administrator only shares the collected personal data of the Client with selected service providers acting on their behalf, in the necessary scope and only for the purpose of fulfilling the processing of data in accordance with this privacy policy.

4.3.4. Accounting, legal and advisory service providers providing the Administrator with accounting, legal or advisory support (in particular accounting firms, law firms or debt collection companies) - The Administrator only shares the collected personal data of the Client with selected service providers acting on their behalf, in the necessary scope and only for the purpose of fulfilling the processing of data in accordance with this privacy policy.4.3.5. Facebook Ireland Ltd. - The Administrator uses social media plugins from Facebook on the Online Store website (e.g. Like button, Share button or login using Facebook login data) and therefore collects and shares personal data of the Service Recipient using the Online Store website with Facebook Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland) to the extent and in accordance with the privacy principles available here: https://www.facebook.com/about/privacy/ (this data includes information about actions on the Online Store website - including information about the device, visited websites, purchases, displayed advertisements and the way of using services - regardless of whether the Service Recipient has a Facebook account and whether they are logged in to Facebook).

5. PROFILING IN THE ONLINE STORE

5.1. The GDPR Regulation imposes on the Administrator the obligation to inform about automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR Regulation, and - at least in these cases - essential information about the rules for making such decisions, as well as the significance and expected consequences of such processing for the person whose data is concerned. With this in mind, the Administrator provides information in this section of the privacy policy regarding possible profiling.5.2. The Administrator may use profiling for direct marketing purposes in the Online Store, but the decisions made based on it by the Administrator do not concern the conclusion or refusal to conclude a Sales Agreement, or the possibility of using Electronic Services in the Online Store. The result of using profiling in the Online Store may be, for example, granting a discount to a specific person, sending them a discount code, reminding them of unfinished purchases, sending a proposal for a Product that may correspond to the interests or preferences of a specific person, or offering better conditions compared to the standard offer of the Online Store. Despite profiling, the person is free to decide whether they want to use the received discount or better conditions and make a purchase in the Online Store.

5.3. Profiling in the Online Store consists of automatic analysis or prediction of the behavior of a specific person on the Online Store website, for example by adding a specific Product to the cart, browsing the page of a specific Product in the Online Store, or by analyzing the history of previous purchases made in the Online Store. The condition for such profiling is for the Administrator to have the personal data of a specific person in order to be able to subsequently send them, for example, a discount code.5.4. The person whose data is being processed has the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on them or significantly affects them in a similar way.

6. RIGHTS OF THE PERSON WHOSE DATA IS BEING PROCESSED

6.1. Right of access, rectification, restriction, erasure or portability - the person whose data is being processed has the right to request from the Administrator access to their personal data, their rectification, erasure ("right to be forgotten") or restriction of processing, and also has the right to object to processing, as well as the right to data portability. Detailed conditions for exercising the above-mentioned rights are specified in Articles 15-21 of the GDPR.

6.2. Right to withdraw consent at any time - the person whose data is being processed by the Administrator based on their consent (under Article 6(1)(a) or Article 9(2)(a) of the GDPR) has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6.3. Right to lodge a complaint with a supervisory authority - the person whose data is being processed by the Administrator has the right to lodge a complaint with a supervisory authority in the manner and procedure specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory authority in Poland is the President of the Office for Personal Data Protection.6.4. Right to object - the person whose data is processed has the right to object at any time - for reasons related to their particular situation - to the processing of their personal data based on Art. 6 para. 1 lit. e) (public interest or official authority) or f) (legitimate interests of the controller), including profiling based on these provisions. In such a case, the controller may no longer process this personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the person whose data is being processed, or for the establishment, exercise or defense of legal claims.

6.5. Right to object to direct marketing - if personal data is processed for the purposes of direct marketing, the person whose data is being processed has the right to object at any time to the processing of their personal data for such marketing, including profiling, to the extent that it is related to such direct marketing.

6.6. In order to exercise the rights mentioned in this privacy policy, you can contact the controller by sending a relevant message in writing or by email to the address provided by the controller at the beginning of the privacy policy, or by using the contact form available on the Online Store's website.

7. COOKIES IN THE ONLINE STORE, OPERATIONAL DATA AND ANALYTICS7.1. Cookies are small text information in the form of text files, sent by the server and saved on the side of the person visiting the Online Store (e.g. on the hard drive of a computer, laptop, or on the memory card of a smartphone - depending on the device used by the visitor of our Online Store). Detailed information about Cookies, as well as their history, can be found, among others, here: http://en.wikipedia.org/wiki/HTTP_cookie.

7.2. The Administrator may process data contained in Cookies when visitors use the Online Store for the following purposes:

7.2.1. identification of Customers as logged in to the Online Store and showing that they are logged in;

7.2.2. remembering Products added to the cart in order to place an Order;

7.2.3. remembering data from completed Order Forms, surveys or login data to the Online Store;

7.2.4. customizing the content of the Online Store to the individual preferences of the Customer (e.g. regarding colors, font size, page layout) and optimizing the use of the Online Store;

7.2.5. conducting anonymous statistics showing the way of using the Online Store.7.2.6. Remarketing is the analysis of the behavior characteristics of visitors to the Online Store through anonymous analysis of their actions (e.g. repeated visits to specific pages, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their predicted interests, even when they visit other websites in the advertising network of Google Ireland Ltd. and Facebook Ireland Ltd.

7.3. By default, most internet browsers available on the market accept the storage of Cookies. Everyone has the option to determine the conditions for using Cookies through the settings of their own internet browser. This means that it is possible to partially limit (e.g. temporarily) or completely disable the ability to store Cookies - in the latter case, however, this may affect some functionalities of the Online Store (for example, it may be impossible to go through the Order path via the Order Form due to not remembering the Products in the cart during subsequent steps of placing the Order).

7.4. The settings of the internet browser regarding Cookies are important from the point of view of consent to the use of Cookies by our Online Store - according to the regulations, such consent can also be expressed through the settings of the internet browser. In the absence of such consent, it is necessary to appropriately change the settings of the internet browser regarding Cookies.7.5. Detailed information on changing settings related to Cookies files and their independent removal in the most popular internet browsers is available in the help section of the internet browser and on the following pages (simply click on the given link): in Chrome browser in Firefox browser in Internet Explorer browser in Opera browser in Safari browser in Microsoft Edge browser.7.6. The Administrator may use Google Analytics and Universal Analytics services provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) and the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) in the Online Store. These services help the Administrator analyze traffic in the Online Store. The collected data is processed in an anonymized manner (these are so-called operational data that do not allow for identification of a person) to generate statistics helpful in managing the Online Store. This data is aggregate and anonymous, i.e. it does not contain identifying characteristics (personal data) of the person visiting the Online Store. By using the above-mentioned services in the Online Store, the Administrator collects data such as sources and mediums of acquiring visitors to the Online Store, their behavior on the Online Store's website, information about devices and browsers used to visit the website, IP and domain, geographic data, as well as demographic data (age, gender) and interests.7.7. It is possible for a person to easily block the sharing of their activity on the Online Store through Google Analytics - for this purpose, they can install an add-on for their browser provided by Google Ireland Ltd., available here: https://tools.google.com/dlpage/gaoptout?hl=en.

7.8. Managing the operation of the Facebook Pixel is possible through the advertising settings in one's account on the Facebook.com portal: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

8. FINAL PROVISIONS

8.1. The Online Store may contain links to other websites. The Administrator encourages to familiarize oneself with the privacy policy established there after visiting other websites. This privacy policy applies only to the Online Store of the Administrator.