Luxury Products Cylwik General Partnership with its seat in Bialystok, Elewatorska 7b Street (15-620), Bialystok, the registration acts of which are kept by the Regional Court in Bialystok, 12th Commercial Division of the National Court Register, under the following NCR number: 0000516574 and which is the holder of the 5423238705 TIN number and 200869111REGON number informs about personal data processing in compliance with the applicable law regulations, including the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27th April 2016 on the protection of natural persons in connection with personal data processing, on the unrestricted circulation of such data, and on the repeal of the 95/46/WE Directive (General Data Protection Regulation, hereinafter referred to as the “GDPR”):
1. Personal data administrator.
When it comes to issues strictly connected with your personal data, you can contact the administration at the following e-mail: email@example.com, via phone at: +48 791 394 349 or in writing, by sending a letter to the headquarters of the company specified in section 1 above.
2. Definition of personal data, ways of processing them, goals, and basis of data processing.
Personal data shall be understood as pieces of information on an identified or identifiable natural person. Personal data processing shall be understood as any activity oriented towards personal data utilization (performed in an automated manner or otherwise), including data gathering, storage, saving, ordering, modification, browsing, usage, sharing, use limiting, deletion, and erasing. Personal data shall be processed for various purposes. There shall be various ways of gathering them as well as various legal bases governing their processing, use, disclosure, and storage timeframes.
The Administrator processes personal data by using IT systems (including electronic call registration system in the case of concluding agreements and contracts via phone; in said case, the speaker is always informed about the call being recorded and about the possibility of hanging up if he or she does not express consent for his or her data being processed).
As a result of the use of the Luxury Products website by the Partners, including taking advantage of certain services provided by Luxury Products Cylwik General Partnership within the scope of the Luxury Products Estate Website, the Administrator shall process personal data of the Partners being natural persons and Partners’ representatives.
Personal data of the Partners and their representatives, including individuals appointed as contact persons, shall be collected by the Administration in the course of account registration by the Partner, as well as by providing such Partners services as the Luxury Products Cylwik General Partnership
Personal data of the Partners and their representatives shall be processed for the purpose and in the scope necessary to provide services as the Luxury Products Cylwik General Partnership. It includes, among others, cooperation terms negotiation, making settlements with the Partners, managing requests and claims sent by the Partners, analyzing and examining ways in which the Partners take advantage of the services provided by the Administrator, processing personal data for marketing purposes, allowing for court and administrative proceedings to be continued, for archiving-specific purposes, as well as ensuring the fulfillment of Administrator’s legal responsibilities in compliance with the applicable law regulations.
The processed pieces of information, including personal data, may incorporate, inter alia: name and surname, company name, company’s seat location or the place of residence, the position of the contact person, phone number, e-mail address, and other contact data. What is more, in the case of individuals who have concluded fee or subscription-based agreements with the Administrator, additional payment-related data may be gathered, including credit card numbers and bank account numbers. Personal data shall be processed only if it is in line with applicable legal regulations. Typically, the Administration processes personal data when:
- it is required to conclude or execute responsibilities under an agreement (including the provision of digitally rendered services);
- it is required for the purpose of legally justified interests of the Luxury Products Cylwik General Partnership, oriented towards the improvement of service quality, and ensuring the users the access to a safe and properly functioning Website;
- it is necessary to fulfill legal obligations by the Luxury Products Cylwik General Partnership.
The Administrator shall process data as:
- personal data of a person contacting the Administrator to obtain information about the offer or to share feedback relating to the provided services;
- personal data of a person contacting the Administrator to conclude an agreement between said parties:
• to create and manage account and to provide personalized services as the Administrator (legal basis: article 6 section 1 point a of the GDPR);
• to realize the concluded agreements (legal basis: article 6 section 1 point b of the GDPR);
• to manage claims, requests, notifications and technical requests sent via e-mail, phone, or in writing to the seat of the company specified in section 1 above (legal basis: article 6 section 1 point c of the GDPR);
• to perform undertakings aiming at counteracting using services provided by the Website in a manner that is illegal or breaches Terms and Conditions (legal basis: article 6 section 1 point f of the GDPR);
• for archiving (proof collection-related) purposes aiming at legally justified information protection by the Administrator shall the legal need to provide supervisory bodies with specific facts arise (legal basis: article 6 section 1 point f of the GDPR);
• to pursue, specify, or defend against claims connected with the realization of the legally justified interests of the Administrator (legal basis: article 6 section 1 point f of the GDPR);
• for analytic purposes, to select proper services, to optimize servicing processes, as well as to issue claims being the realization of the legally justified interest of the Administrator (legal basis: article 6 section 1 point f of the GDPR);
• to specify the satisfaction level of Partners basing on the legally justified interest of the Administrator connected with the assessment of servicing quality and service provision satisfaction after agreement conclusion (legal basis: article 6 section 1 point f of the GDPR);
• to make it possible for the Administrator to offer services, including adjusting them to the needs of the Partner (i.e. profiling) which will be done after obtaining a proper consent (legal basis: article 6 section 1 point a of the GDPR);
• to directly offer the Partners products and services (direct marketing) (legal basis: article 6 section 1 point f of the GDPR).
3. Extension of personal data processing
Even though the Partners take advantage of the services provided by the Administrator, the latter shall not disclose nor provide the Partners with all the gathered data relating to the Clients of the Website, with the exception of the service based on the preparation and sending ordered Goods, in the case of which the Administrator shall provide the Partners with the following data to allow them to prepare and send said goods: name, surname, e-mail address, address, phone number, ordered items, item ID, quantity, payment method, delivery method, company’s name, and TIN. Disclosure of personal data of the Clients of the Website shall allow the Contractor to: download, browse, save, store, and delete such data.
Disclosed data shall be processed for the period of Agreement validity and for the purpose of allowing the Client to purchase Goods only.
- process personal data on a documented request of the Administrator – it shall also relate to disclosing personal data to a third country or an international organization – unless said requirement is enforced by the law of the European Union or the Republic of Poland, about which the Partner shall be informed before proceeding to process personal data, providing that the applicable law does not prohibit providing such information due to the protection of key pubic interests;
- ensure that individuals authorized to process personal data follow confidentiality principles and are legally bound to keep such data confidential;
- take all the necessary technical and organizational steps to ensure the safety level specified by article 32 of the GDPR;
- follow the principles governing the utilization of services provided by a different data processing entity specified in article 28, sections 2 and 4 of the GDPR;
- taking into account the specificity of data processing, support the Administrator, by opting for proper technical and organizational means, in fulfilling the requirement of replying to requests of individuals such data pertain to and regarding their rights specified in the GDPR;
- taking into account the specificity of data processing and available pieces of information, support the Administrator in fulfilling the requirements specified in articles 32 to 36 of the GDPR, i.e. requirements pertaining to the proper protection of personal data, notifying specific bodies about breaches, informing users such data pertain to about breaches, assessing the impact of processing on data safety, and participating in consultations with a supervisory body;
- after finishing the provision of services connected with data processing, depending on the decision of the Administrator, delete or return all the gathered personal data, as well as delete all of their existing copies, unless the law of the European Union or a particular member state requires said party to keep personal data;
- provide the Administrator with all the vital information making it possible to demonstrate the fulfillment of requirements specified in article 28 of the GDPR and allow the Administrator or an auditor appointed by the Administrator to carry out audits and inspections, as well as to take part in them.
4. Rights pertaining to personal data and enforcement methods
The Administrator shall ensure the Partners and their representatives the realization of rights specified in the GDPR, including the right to access the content of their own personal data, amend them, limit the scope of their use, delete them, transfer them, as well as to disallow for their further processing. Even if the Partners and their representatives have expressed consent for personal data processing, they can withdraw such consent at any time.
Personal data of the Partners and their representatives shall be protected by the Administrator against their disclosure to unauthorized parties, other cases of unwanted disclosure, deletion, and unauthorized modification by means of utilization of proper organizational means of protection, as well as technical and technological methods, especially – by means of data encoding.
The Partners/Partners’ representatives shall have the right to:
• access data stored by the Administrator and receive a copy thereof;
• change, update, and amend data pertaining to them;
• in the case of data being processed basing on a granted consent – to withhold such consent at any time;
• file a complaint to a supervisory body being the General Personal Data Protection Inspector (address: General Personal Data Protection Inspector, Stawki 2 Street, 00-193 Warsaw);
• to the extent, to which the legally justified interest of the Administrator is the basis for data processing, to limit personal data processing and to disallow for their further use. Said right can be taken advantage of at any time. In such a case, the Administrator shall stop processing data for the discussed purpose, unless the Administrator is capable of proving that there are vital legal basis that are superior to the interests of the Partners/Partner’s representatives, their rights, or that such data are required to pursue or defend against claims;
• request personal data to be deleted or transferred.
All the aforementioned rights can be pursued by sending an e-mail message to the following address: firstname.lastname@example.org, calling the following phone number: +48 791 394 349 or contacting the Administrator in writing by sending a request to the address specified in section 1. Personal data can be modified in applications by means of which the registration process has been executed.
5. Data storage timeframe
Personal data shall be kept by the Administrator:
• if the Administrator processes personal data basing on a consent granted, till the withdrawal of such consent;
• if the Administrator processes such data on the basis of a legally justified interest of the Administrator, till the end of such interest (for example, for the period specified in the Civil Code or in other applicable legal regulations) or till the party such data pertain to disallows for further processing – providing that the applicable law regulations allow for that;
• if the Administrator processes personal data as it is necessary due to applicable law regulations, till the moment specified in such regulations;
• in the case of the lack of specific legal or agreement-specific regulations, the basic timeframe of keeping agreement-related documentation shall be maximally 6 years.
The Administrator shall keep personal data during the agreement validity period and after its elapse if there is a risk of claims being pursued in connection with its execution, but no longer than for 6 years till the agreement validity period elapse.
6. Data recipients (third parties and third countries)
Personal data of the Partners and Partners’ representatives may be disclosed to entities authorized to receive them in compliance with applicable law regulations, including some specific law enforcement bodies. Personal data of the Partners and Partners’ representatives may be also disclosed to third parties specified by the Administrator and providing services for the Partners and Partners’ representatives.
The provided personal data shall be disclosed only to the extent to which and when it is needed and required by the applicable legal regulations. In such a case, while concluding an agreement with a third party, the Administrator shall specify security mechanisms that will ensure the proper protection of personal data, maintaining data protection standards, as well as granting their confidentiality and safety. The recipients of personal data disclosed by the Administrator may be:
• entities processing data on the basis of agreements on personal data processing right transfer;
• entities providing hosting services for the Administrator;
• entities managing marketing or sales campaigns for the Administrator;
• other Administrator’s subcontractors, including IT-specific companies providing hardware, software, and maintenance-related services;
• suppliers of goods the Administrator has been using;
• legal advisors, tax advisors;
• law enforcement bodies, regulatory bodies, and other administrative bodies.
Personal data may be provided outside the European Economic Area to Google LLC basing on proper legal provisions being contractual clauses on personal data protection approved by the European Commission.
6. Automated decision-making
Pieces of information gathered by the Administration in relation to the use of the Website may be processed in an automated manner (in the form of profiling). Such an approach shall not result in any legal outcomes for the Partner, nor shall if affect its situation. The Administrator informs that:
• for the purpose of profiling, no sensitive data are processed;
• for the purposes of profiling, only pseudonimized data are utilized or such pieces of information of e-mail address, IP address, and Cookie files.
The aim of profiling is to analyze or to forecast personal preferences and fields of interest of individuals utilizing the website, adjust goods and services offered by the Administrator, and to make the content and products available on the Website compatible with users’ preferences. Profiling may also be used for marketing purposes, in order to adjust marketing offers to users’ preferences. The Seller may utilize IP addresses of Clients gathered while visiting the website for technical and administrative purposes. Furthermore, IP addresses can be utilized to gather general statistical data allowing to specify traffic within the Website.