PRIVACY POLICY OF CORUNDUM SP. Z O.O.

I. INTRODUCTION

  1. The administrator of personal data collected in particular via the website available at https://spark-shop.com/ (hereinafter: the Website), i.e. the entity deciding how your personal data will be used, is Firma Corundum sp. z o.o. with its registered office at ul. Zachodnia 16, 53 -643 Wrocław (hereinafter: Administrator). Contact with the Administrator is possible via the e-mail address: office@corundum.com.pl.
  1. Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter: GDPR) and other currently applicable provisions of law on the protection of personal data.
  2. During a visit to the Website, the following is collected:
  1. personal data provided by the user of the Website,
  2. data obtained and registered automatically. The purpose and scope of personal data used by the Administrator is detailed in the further part of this privacy policy.

II. COLLECTED DATA - BASIC INFORMATION

  1. The following information applies to all the ways of using the personal data provided by the Administrator indicated in chapters III and IV.
  2. The Administrator processes personal data:
  1. not logged in users of the Website using services and functionalities that do not require logging in (e.g. contact form, selection of a product or service available as part of the offer presented in the online store, access to information that do not require creating an account),
  2. logged-in users who have a customer account on the Website.
  1. With all data security guarantees, personal data processed via the Website may be be transferred - in addition to persons authorized by the Administrator - to other entities, including:
  1. entities authorized to receive them in accordance with the law,
  2. entities processing them in on behalf of the Administrator, e.g. technical service providers, analytical service providers, hosting service providers, marketing agencies, entities providing consulting services and other entities providing services under concluded contracts,
  3. other data administrators to the extent necessary to perform the contract , performance of services and legal requirements, e.g. entities servicing electronic payments or payments by payment card (e.g. PayPal), companies providing postal and courier services, notary or legal offices, contractors providing services to the Administrator on the basis of concluded contracts.
  1. Administrator, to the extent necessary for the proper performance of the contract, may transfer your personal data to countries outside the European Economic Area (hereinafter: EEA), which guarantee a high level of personal data protection. These guarantees result in particular from the obligation to use standard contractual clauses adopted by the European Commission. The administrator may also transfer data to countries outside the European Economic Area that do not provide an adequate level of protection. However, the administrator ensures that the transfer is carried out in a safe, controlled and secured manner by appropriate agreements with their recipients that meet the conditions set out in Chapter V of the GDPR.
  2. The administrator informs that in connection with the processing of personal data obtained via website, each data subject has the right to submit an application regarding:
  1. access to data (information on the processing of personal data or a copy of data),
  2. rectification of data (when they are incorrect),
  3. deletion of personal data (the right to be forgotten),
  4. limitation of personal data processing,
  5. transferring data to another administrator ,
  6. objection to data processing in a situation where the basis for processing is the Administrator's legitimate interest,
  7. withdrawal of consent in the event that the Administrator will process personal data based on consent, in at any time and in any way, without affecting the lawfulness of the processing, which was made on the basis of consent before its withdrawal - on the terms set out in the GDPR.
  1. Each data subject, has the right to lodge a complaint with the supervisory body (President of the Personal Data Protection Office) if he/she believes that the processing of personal data is not in accordance with the provisions.
  2. The data was obtained by the Administrator directly io from the user. The Administrator may also process:
  1. data of other persons provided by the user of the Website run by the Administrator while using the services described in this privacy policy,
  2. personal data obtained from entities with which the Administrator cooperates, on the basis of concluded contracts (e.g. business data of employees indicated for contact in order to perform the contract, data of persons who are participants of events organized by the Administrator - to the extent necessary to conclude and perform a given contract) ,
  3. personal data obtained from third parties cooperating
    with the Administrator, where the data was made available to the Administrator on the basis of your consent,
  4. data obtained from publicly available sources, e.g. National Court Register, Central Register and Information on Economic Activity, websites, social networking sites.

III. PERSONAL DATA PROVIDED BY THE USER

III. A. ORDER COMPLETION

  1. The administrator processes personal data for the following purposes:
  1. conclusion of a contract for the provision of electronic services (in accordance with the Act of 18 of July 2002 on the provision of electronic services, i.e. Journal of Laws of 2020, item 344, hereinafter: "uśude"), including enabling the use of the services and functionalities of the online store available at https://spark-shop.com (legal basis - Article 6(1)(b) of the GDPR) - "performance of the contract",
  2. conclusion and implementation of the sales contract (legal basis - Article 6(1)(b) of the GDPR) - "performance of the contract",
  3. communication on matters related to the correct implementation of the sales contract (legal basis - Article 6 section 1 letter f of the GDPR) - "legitimate interest",
  4. performance of legal obligations incumbent on the Administrator, e.g. financial settlements and accounting reporting, including issuing and storing invoices (legal basis - Article 6 sec. 1 letter c of the GDPR) - "legal obligation",
  5. to respond to complaints - (legal basis - Article 6 paragraph 1 letter f of the GDPR and Article 6 paragraph 1 letter c of the GDPR),
  6. pursuing claims arising from the contract (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest"; the deadlines for pursuing claims under the contract are specified in detail in the Civil Code,
  7. verification of the quality of services provided in connection with the concluded contract (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest".
  1. The administrator may process personal data of users of the Online Store necessary to conclude and perform the contract, in particular:
  1. name,
  2. name,
  3. name,
  4. email address,
  5. telephone number,
  6. order delivery address,
  7. IP address,
  8. and other data provided by the user.
  1. The administrator has the right to process personal data for the period necessary to implement the above-mentioned purposes. Depending on the legal basis, it will be:
  1. the time necessary to perform the contract,
  2. the time for performing legal obligations and the time in which the law requires data to be stored , e.g. tax regulations,
  3. period after which claims arising from the contract expire,
  4. time until objections are expressed
  1. Providing data to the extent that the processing of personal data takes place in order to conclude and perform a contract with the Administrator is voluntary, but necessary to conclude a sales contract and its performance. The consequence of not providing personal data will be the inability to conclude and perform the contract.

III. B. CUSTOMER ACCOUNT

  1. The administrator processes personal data for the following purposes:
  1. concluding a contract for the provision of electronic services (in accordance with the act), including registering and maintaining a free user account on the Website and enabling the use of services available to registered users (e.g. adding products to the wish list, adding opinions on products purchased in the online store) (legal basis - Article 6(1)(b) of the GDPR) - "performance of the contract",
  2. pursuing claims arising from the contract (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest"; the deadlines for pursuing claims under the contract are specified in detail in the Civil Code,
  3. verification of the quality of services provided in connection with the concluded contract (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest",
  4. handling complaints related to the provision of electronic services (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest",
  5. implementation of direct marketing, including sending information about new products and promotional offers of the Administrator and offers of third parties (e.g. business partners) cooperatingch with the Administrator, in particular via PUSH notifications displayed to logged-in users (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest".
  1. The administrator processes personal data in order to maintain the account, in particular:
  1. name,
  2. surname,
  3. e-mail address,
  4. telephone number,
  5. IP address.
  1. The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, it will be respectively:
  1. the time necessary to perform the contract;
  2. the time for performing legal obligations and the time in which the law requires the storage of data ;
  3. the time after which the claims arising from the contract expire;
  4. the time until the objection is expressed.
  1. Providing the data indicated above personal data is voluntary, but necessary to conclude a contract, including registration and maintenance of a customer account, and the use of
    functionalities available to registered users.

III. C. E-MAIL OR TELEPHONE CONTACT

  1. The administrator processes personal data, in particular name and surname and contact telephone number or e-mail address and other information provided by you, to the extent necessary to handle requests and complete inquiries including conducting communication and answering questions asked via the contact telephone number and e-mail address provided on the Website (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest". By providing us, as part of your communication, with information constituting special categories of data (e.g. information about your health condition), you consent to their use for the purpose of proper handling of the request and execution of the inquiry, including providing an answer (legal basis - Article 9(1)(f) of the GDPR). 2 letter a of the GDPR) - "consent".
  2. The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, it will be respectively:
  1. the time necessary to process the inquiry, including responding to the correspondence sent or the application/inquiry submitted during the telephone conversation,
  2. the time until the user withdraws the consent (including the withdrawal of consent to the use of specific categories of data).
  1. Withdrawal of consent may take place in particular by contacting the Administrator via the contact details indicated above. Withdrawal of consent does not affect the lawfulness of data processing in the period when the consent was in force.
  2. Providing data is voluntary, but necessary to answer the question sent or for the proper handling of the request and execution of the inquiry. The consequence of not providing personal data may be the inability to answer or fulfill the inquiry.

III. D. CONTACT FORM

  1. The administrator may collect personal data, in particular the name and e-mail address and other information provided by the user, via the contact form available on the Website.
  2. Administrator processes personal data to the extent necessary to complete the inquiry, including answering questions asked via the contact form provided on the Website (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest".
  3. The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes, i.e. for the time necessary to respond to the inquiry sent by the user via the contact form.
  4. Providing the data indicated in data in the contact form is voluntary, but necessary to answer the question sent or for the proper handling of the request and execution of the inquiry. The consequence of not providing personal data will be the inability to send the user a reply.

III. E. NEWSLETTER

  1. The administrator processes your personal data, in particular the e-mail address, in order to provide marketing information via the newsletter (legal basis - Article 6(1)(a) of the GDPR) - " consent".
  2. The provision of the data indicated above is voluntary, but necessary to receive the newsletter. The consequence of not providing the required personal data will be the inability to send the user marketing information, including information about new products, discounts and promotional offers.
  3. A user using the newsletter may at any time and without giving a reason, opt out of receiving it, in particular by clicking on the deactivation link contained in each e-mail sent to the user or by sending correspondence to the following address: office@corundum.com.pl

III. F. FACEBOOK

  1. Corundum sp. z o.o. is the administrator of personal data of users using products and services offered by Meta Platforms Ireland Limited, who visit the Administrator's company website, available at https://www.facebook.com/SparkSilverJewelryOfficial (hereinafter: Fanpage). As the Administrator, she is responsible for the security of the personal data provided and processing them in accordance with the law.
  2. Administrator processes personal data of users who visit the Fanpage using Meta products and services.These data are processed:
  1. in connection with running the Fanpage, including to promote its own brand (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest",
  2. in order to answer questions asked via Messenger or other services offered by Meta (legal basis - article 6 sec. 1 lit. f of the GDPR) - "legitimate interest".
  1. The administrator has the right to process:
  1. publicly available personal data (such such as username, profile picture, activity status on Facebook or Messenger), the content of comments
    and other information publicly shared by a user using
    Meta's products and services,
  2. personal data provided by the user visiting the Fanpage, including the collection of information provided in the user's profile and other content, comments, messages and messages (e.g. photos, contact details, place of residence, information on interests or philosophical beliefs),
  3. other personal data provided by users in the content of the message via Messenger or other Meta services (including contact details)
    in order to answer the sent inquiry or to fulfill the request
    contact.
  1. The scope of personal data processing, specific purposes as well as the rights and obligations of the user using Meta's products and services result directly from the Facebook regulations (the document is available at: https://www.facebook.com/legal/terms) and the "Data Policy" (the document is available at https://www.facebook.com/policy) or legal provisions and are clarified as a result of actions taken by the user on the Facebook social network.
  2. The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, it will be respectively:
  1. time until objection is expressed (or Facebook user account is deleted),
  2. time until consent is withdrawn (or deleting a Facebook user account). The withdrawal of consent does not affect the lawfulness of data processing
    during the period when the consent was in force,
  3. the period necessary to handle the query sent by the user via Messenger or other Meta services.
  1. The catalog of recipients of personal data processed by the Administrator results primarily from the scope of products and services used by the Facebook user, but also from the user's consent or from the law. With all data security guarantees, the Administrator may transfer personal data of the user visiting the Fanpage - in addition to persons authorized by the Data Administrator - to other entities, including entities processing data on behalf of the Administrator, e.g. technical service providers and entities providing consulting services (including law firms) and contractors providing services to the Administrator on the basis of concluded contracts.
  2. The Administrator will not transfer personal data of the user using
    Meta's products and services to countries outside the European Economic Area (to countries other than EU countries European Union and Iceland, Norway and Liechtenstein).
  3. The Administrator may process personal data of users of Meta products and services who visit the Fanpage, in order to analyze how users use the Administrator's website and related content related to it (keeping statistics) - if the use of the Fanpage and related content by users causes the creation of an event for website statistics, which involves the processing of personal data (legal basis - art. 6 sec. 1 lit. f of the GDPR) - "legitimate interest".
  4. In the case of personal data processed in order to keep statistics on the activities undertaken by the user on the Fanpage (including following or stoppinge following the page, recommending the page in a post or comment, liking the page or post, unliking), Corundum sp. z o.o. and Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) are joint controllers of your personal data. The types of data and the scope of their processing as well as the principles of privacy protection and user rights are indicated in detail:
  1. in this document,
  2. in the document "Data rules" published on the Facebook page at https://www.facebook.com/policy,
  3. in the document "Information about page statistics", published on the Facebook page at: https://www.facebook.com/legal/terms/ page_controller_addendum.
  1. It is the responsibility of notifying users of Meta products and services about data processing for website statistics and enabling them to exercise their rights in accordance with the GDPR Meta (information about the data used to create page statistics has been made available on the Facebook page at: https://www.facebook.com /legal/terms/information_about_page_insights _data).
  2. Meta's data protection officer can be contacted via the form provided on https://www.facebook.com/help/contact/540977946302970.

III. G. INSTAGRAM

  1. Company Corundum sp. z o.o. is the administrator of personal data of users using products and services offered by Meta on Instagram, who visit the Administrator's website available at: https://www.instagram.com/spark_silver_jewelry/ (hereinafter: Company Profile). As the Administrator, she is responsible for the security of the personal data provided and for processing them in accordance with the law.
  2. The Administrator processes the personal data of users who visit the Company Profile using Meta products and services. These data are processed:
  1. in connection with running a Company Profile, including to promote your own brand (legal basis - Article 6(1)(f) of the GDPR) - " legitimate interest";
  2. in order to answer questions asked via Instagram or other services offered by Meta (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest" .
  1. The administrator has the right to process:
  1. publicly available personal data (such as username, profile picture, activity status on Instagram), the content of comments and other information publicly shared by the user using Instagram products and services,
  2. personal data provided by the user visiting the Company Profile, including the collection of information shared in the user's profile and other content , comments, messages and messages (e.g. photos, contact details, place of residence, information on interests or philosophical beliefs, etc.),
  3. other personal data provided by users in the content of messages via Instagram or other services Meta company (including contact details, health data, etc.) in order to answer the sent inquiry or to fulfill the contact request.
  1. Scope of personal data processing, detailed the goals, rights and obligations of the user using Instagram products and services result directly from:
  1. Instagram's regulations (the document is available at: https://help.instagram.com/581066165581870) and
  2. "Privacy Policy" (the document is available at: https://privacycenter.instagram.com) or
  3. law and are clarified as a result of actions taken by the user on the Instagram social network.
  1. The administrator has the right to process personal data for the period necessary to achieve the above-mentioned purposes. Depending on the legal basis, it will be respectively:
  1. time until objection is expressed (or Instagram user account is deleted),
  2. time until consent is withdrawn (or deleting an Instagram user account). Withdrawal of consent does not affect the lawfulness of data processing during the period when the consent was in force;
  3. the period necessary to handle the query sent by the user via Instagram or other servicesMeta service.
  1. The catalog of recipients of personal data processed by the Administrator results primarily from the scope of products and services used by the Instagram user, but also from the user's consent or from the law. While maintaining all data security guarantees, the Administrator may transfer personal data of the user visiting the Company Account - in addition to persons authorized by the Administrator - to other entities, including entities processing data on behalf of the Administrator, e.g. technical service providers and entities providing consulting services (including law firms) and contractors providing services to the Administrator on the basis of concluded contracts.
  2.   The Administrator will not transfer personal data of the user using Meta products and services to countries outside the European Economic Area (to countries other than European Union countries and Iceland, Norway and Liechtenstein).
  3. The Administrator may process the personal data of users of Meta products and services who visit the Company Account, in order to analyze how users use the Administrator's website and related content (keeping statistics) - if users' use of the Company Account and content related to it triggers the creation of an event for website statistics, which involves the processing of personal data (legal basis - art. 6 sec. 1 lit. f of the GDPR) - "legitimate interest".
  4. In the case of personal data processed in order to keep statistics on the activities undertaken by the user on the Business Account (including following or unfollowing the Business Account, commanding the Business Account in a post or comment, liking the Company Account or post, unliking), Corundum sp. z o.o. and Meta are joint controllers of your personal data. The types of data and the scope of their processing as well as the principles of privacy protection and users' rights are indicated in detail:
  1. in this document,
  2. in the document "Privacy protection rules" , published at: https://privacycenter.instagram.com/policy,
  3. in the document "Information about page statistics”, published on the website: https://www.facebook.com/legal/terms/page_controller_addendum .
  1. It is Meta's responsibility to notify users of Meta's products and services about the processing of data for site statistics and to enable them to exercise their rights under the GDPR (data information used to create website statistics have been made available on the Facebook page at: https://www.facebook.com/legal/terms/information_about_page_insights_data ).
  2. The Meta Data Protection Officer can be contacted via the form available on the Facebook page at: https://www.facebook.com/help/contact/540977946302970.

IV. DATA COLLECTED AUTOMATICALLY

  1. Using the Website available at https://spark-shop.com/ involves sending queries to the server, which are automatically saved in the event logs.
  2. Event logs store user session data. In particular, these are: IP address, type and name of the device, date and time of visiting our website, information about the web browser and operating system.
  3. The data saved in the event logs are not associated with specific persons.
  4. Access to the content of the event logs is available to persons authorized by the Administrator to administer the Website.
  5. Chronological record of information about events is only auxiliary material, used for administrative purposes. The analysis of event logs allows
    in particular to detect threats, ensure adequate security of the Website and perform statistics in order to better understand how users use the Website.
  6. Data on user sessions are used to diagnose problems related to functioning of the Website and analyzing possible security breaches, managing the Website and in order to perform statistics (legal basis - Article 6(1)(f) of the GDPR) - "legitimate interest".
  7. The website uses files for its operation cookies. More information on this subject can be found in the "Cookies Policy" available at https://spark-shop.com/en/cookies-policy

V. FINAL PROVISIONS

  1. This privacy policy is informative and applies in particular to the Administrator's online store operating in the spark-shop.com domain.
  2. The Website may contain links to other websites websites, including the websites of partners of Corundum sp. z o.o. , service providers, advertisers and other entities cooperating with the Administrator (e.g. Facebook, Instagram). The administrator recommends that each user, after going to other websites, read the privacy policies applicable there.
  3. The administrator reserves the right to make changes to the applicable privacy policy, in particular in the case of:
  1. development of technology,
  2. changes to generally applicable laws, including in the field of personal data protection or information security,
  3. development of the Website (e.g. implementation of additional functionalities and services ).
  1. The Administrator will notify users of relevant changes to the content of the privacy policy, in particular by posting a message on the Website and sending e-mails to people with an active user account.
  2. This privacy policy applies from July 21, 2023

Information regarding online dispute resolution pursuant to Art. 14 Para. 1 of the ODR (Online Dispute Resolution Regulation):

The European Commission gives consumers the opportunity to resolve online disputes pursuant to Art. 14 Para. 1 of the ODR on one of their platforms. The platform (http://ec.europa.eu/consumers/odr) serves as a site where consumers can try to reach out-of-court settlements of disputes arising from online purchases and contracts for services.

Product added to wishlist
Product added to compare.