Privacy Policy 1.
INTRODUCTION
1.1. Thisdocument defines the privacy policy of the Jetstyle Sp.z.o.o. (hereinafterreferred to as Administration) applies to any information which theAdministration may obtain about the User while he or she uses the Service(hereinafter referred to as Service), services and products provided by theAdministration under any agreements or contracts with the User. By signing upat the Service the User gives his or her unconditional consent with this Policyand its terms. Unless the User agrees with these terms he or she must refrainfrom using the Services.
1.2. ThisPolicy complies with GDPR and applicable personal data laws of the Republic ofPoland. This Policy applies to any data processing procedures, i.e. datacollection, capture, organizing, accumulation, storage, updating, extraction,usage, transferring (distribution, delivering, accessing), anonymising,blocking, removing or destroying, performed either with or without anyautomation tools.
1.3. Westrive to provide you with the most accessible and at the same time fullyinform you about the information that we collect and what we will do with it.
1.4. Wewill use the information you provide for the purposes described in our PrivacyPolicy, including to provide you with the services you have requested, theproducts ordered, and to enhance your experience with us. Weprocess only the required minimum of information.
1.5. Ifyou tell us that you do not want to receive promotional messages, we will notsend them to you. It goes without saying that refusal to receivepromotional/advertising messages does not deprive you of the opportunity toreceive important messages about the ordered product or the services provided,you will continue to receive such messages.
1.6. Theinformation you provide needs to be protected and we will take measures toensure it. But if something happens, and because of an intruder, our protectionis violated, we will definitely let you know.
1.7. Ifyou no longer want us to process the information you provide and let us know,we will stop doing this. But if the law obliges us to continue processing, wewill act in accordance with the law. But we willdefinitely inform you about this.
1.8. Werespect your rights to exercise control over your own information.
1.9. Belowis the full text of the Privacy Policy. In it we explain in more detail thetypes of personal information (personal data) we collect, how we collect it,what we can use it for and with whom we can share it, how you can influence it,and other important issues.
1.10. Wetried to make the text of the Policy as clear as possible, but we could notavoid some legal phrases, without them a simple explanation would not beaccurate, and we want to tell you the most accurate information.
1.11. Ifyou still have questions, you can write to us at the e-mail address:orders@jet.style.
2. USER’S PERSONAL DATA
2.1. ThisPersonal Data Privacy Policy (hereinafter – the Privacy Policy) is made inaccordance with the General Data Protection Regulation (GDPR), as well as theLaws of the Republic of Poland.
2.2. Inthis Policy, "personal data" of a User means data that identifies youor can be used to identify you, for example, your name and contact information.There may also be other information about how you use our Service:
2.2.1. Dataprovided by the User when he or she submits the Service, including personaldata of the User.
2.2.2. Datawhich is automatically sent to the Administration by the software installed onthe User's device, specifications of the User's hardware and software, date andtime of accessing the Services, etc.
2.2.3. Otherinformation of the User which may be processed according to the terms andconditions of services provided by the Administration.
2.3. TheAdministration assumes that the User provides true and sufficient personal dataand keeps it updated.
2.4. TheAdministration shall be entitled to update this Personal Data ProcessingPolicy. The new version of the Policy shall come into effect immediately afterpublication. Before using our Service, you should read the Privacy Policy, andif its conditions are unacceptable to you, refrain from transferring personaldata to us.
2.5. Ifyou transfer your personal data, it means unconditional acceptance of the termsof this Privacy Policy and the conditions for processing personal data and thepurposes of processing specified in it. But you have the right to withdrawconsent, more on that below.
3. PURPOSE OF PERSONAL DATA PROCESSINGWe do not verify the accuracyof the data you provide, we trust you and assume that you are telling the truthabout yourself.
3.1. TheAdministration only collects and keeps that personal data which is required toprovide Service to the User. This Privacy Policy applies to personal data aboutyou that we collect, use and otherwise process, not only when you are ourclient, but also when you are exploring our Service (as a User).
3.2. TheAdministration processes personal data of Users for the following purposes:
3.2.1. Identify the User.
3.2.2. Providethe User with personalized offers and fulfill agreements and contracts.
3.2.3. Communicatewith the User, including notifications, requests and useful information, aswell as process requests from the User.
3.2.4. Improvethe Service provided by the Administration and develop new services.
3.2.5. Conductstatistical and other surveys based on anonymised data.
4. Types of personal data:
4.1. Personal data posted by Users. These mayinclude, in particular:
4.1.1. last name, first name,
4.1.2. contactinformation (e-mail, phone number)It is forbidden for the User to provide personal data of third partieswithout the consent received from them for such a transfer, or if such personaldata of third parties were not obtained by the User himself from publiclyavailable sources of information.
4.2. Dataautomatically transmitted to the Service in the process of this data using thesoftware installed on the User's device, incl. IP-address,individual network number of the device (MAC-address, device ID), electronicserial number (IMEI, MEID), data from cookies, information about the browser,operating system, access time, search requests of the User.
4.3. We collect and process only thatinformation about Users, incl. their personal data, which is related to theachievement of the following goals:
4.3.1. providingconsultations for the selection of the most suitable services, depending on theinformation that the User has provided about himself;
4.3.2. toadminister and protect the Service, including troubleshooting, data analysis,testing, system maintenance, support, reporting and data placement.
4.3.3. Ifit is necessary to use personal information about Users for purposes notprovided for by the Privacy Policy, we request the User's consent to suchactions.
5. PRINCIPLES OF PERSONAL DATA PROCESSING
5.1. Personaldata are processed based on the following principles:
5.2. Personaldata is processed on a legal and fair basis. We process your personal data onlyif we have a legal basis to do it. This basis will depend on the reasons forwhich we collect and process your personal data.
5.3. Personaldata are only processed for specific, predetermined and legal purposes.Personal data may only be processed for the purposes they were collected for.
5.4. Databasescontaining personal data which are processed for non-conforming purposes maynot be merged or combined.
5.5. Processingmay only include data required for the purpose of such processing.
5.6. Contentand scope of personal data being processed conform with declared purposes ofsuch processing. Personal data being processed is not superfluous with regardto declared purposes of such processing.
5.7. Accuracy,sufficiency and relevancy (if applicable) of processed data is ensured withregard to declared purposes of such processing.
5.8. Personaldata is stored in such a way that the personal data subject may only beidentified for as long as it is required for the purposes of personal dataprocessing, unless the term of storage of personal data is set out in GDPR or in a contract to which the personal datasubject is a party, a beneficiary or a guarantor. Personal data being processedis subject to destruction or anonymisation as soon as purposes of suchprocessing are achieved or such purposes become irrelevant, unless specifiedotherwise by a GDPR.
6. TERMS OF PERSONAL DATA PROCESSING
6.1. Personaldata shall be processed in compliance with principles and rules set out in theGDPR. We will keep your information for as long as we need it for the purposefor which it is processed. For example, we store your data to fulfill theobligations under the application, and after fulfilling it, we store the datain order to be able to respond to any of your request, complaint or claim.Information may also be stored so that we can continue to improve ourexperience and to reward you for your loyalty.We constantly check the relevanceof the need to process personal data, and in the event that there is no legal,business or customer need for keeping this information, we will safely deleteit.
6.2. Personaldata may be processed under the following conditions:
6.2.1. Personaldata is processed with the consent of the subject of the personal data to suchprocessing.
6.2.2. Processingof personal data is required for purposes of an international treaty or a lawof the Republic of Poland.
6.2.3. Processingof personal data is required to administer justice, perform a court order or anorder of another authority or an official, which is to be performed accordingto the legislation.
6.2.4. Processingof personal data is required to fulfill an agreement to which the personal datasubject is a party, a beneficiary or a guarantor, or to conclude an agreementon behalf of the subject of the personal data, or an agreement to which thepersonal data subject will be a beneficiary or a guarantor.
6.2.5. Processingof personal data is required to protect life, health or other vital interestsof the subject of the personal data, when it is impossible to secure his or herconsent.
6.2.6. Processingof personal data is required to exercise rights and lawful interests of theoperator or third parties, or for purposes of public importance provided thatin so doing the rights and liberties of the personal data subject are notviolated.
6.2.7. Personaldata is processed for statistical or other research purposes, provided thatsuch personal data is anonymised. An exception is the processing of personaldata for the purpose of promotion of products, works or services via directcontact with a potential consumer via communication channels, as well as forpurposes of political campaigns.
6.2.8. Processingcovers personal data which was made available to the general public by thesubject of the personal data or at his request (hereinafter referred to aspersonal data disclosed by the subject).
6.2.9. Processingcovers personal data which must be made available or disclosed according to aGDPR.
6.3. TheAdministration shall not process biometric personal data (physiological andbiological details of a person which make it possible to identify him or herand which are used by the operator to identify the subject of the personaldata).
6.4. Yourpersonal data may be sent and stored by us and / or third parties in countriesoutside the country in which you are located and outside the European EconomicArea. For example, we may transfer your data outside the country in which youare located in order to provide services to us. This may involve sending yourdata to countries where, according to their local laws, you may have fewerlegal rights.
6.5. Ifyour personal information is transferred outside the European Economic Areabecause we are using a service provider in a third country, we will takeprecautions to ensure that your data is still protected in accordance with thestandards set out in this Privacy Policy.
6.6. Decisionswhich may produce legal consequences for the subject of the personal data orotherwise affect his or her rights or lawful interests shall never be madebased solely on automated processing of personal data.
6.7. Whenthere is no written consent from the subject of the personal data required toprocess his or her personal data, such consent shall be deemed given whenpersonal data are voluntarily provided by the subject of the personal data oron their behalf.
6.8. TheAdministration shall be entitled to delegate processing of personal data toanother party based on an agreement with such party (hereinafter referred to asthe operator's delegation) unless prohibited by a GDPR. In the event of suchdelegation the Administration shall bind such a processing party with the legalresponsibilities to adhere to data processing principles and rules set out inGDPR.
6.9. Shouldthe Administration delegate processing of personal data to another party, theAdministration shall bear full responsibility to the subject of the personaldata for any actions of such party. The party processing data on behalf of theAdministration shall bear responsibility to the Administration.
6.10. TheAdministration shall not (and ensure that other parties given access topersonal data do not) disclose or distribute personal data to third partieswithout the consent of the subject of the personal data, unless specifiedotherwise by a GDPR.
7. RESPONSIBILITIES OF THE ADMINISTRATION
7.1. TheAdministration has the following responsibilities:
7.1.1. Providethe subject of the personal data, on his or her request, with informationrelated to processing of his or her personal data, or refuse to provide suchinformation on legal grounds.
7.1.2. Updatepersonal data, block or remove personal data which is incomplete, outdated orinaccurate, was obtained illegally or is not required for the declared purposeof processing, on the request of the subject of the personal data.
7.1.3. Notifythe subject of the personal data of processing of his or her personal if suchdata was obtained from any source other than the subject of the personal data,except for the following circumstances:
7.1.3.1. Thesubject was notified of processing of his or her personal data by thecorresponding operator.
7.1.3.2. Personaldata was obtained by the Administration according to a GDPR or in order tofulfill an agreement to which the subject of the personal data is a party, abeneficiary or a guarantor.
7.1.3.3. Personaldata was made publicly available by the subject of the personal data or wasobtained from a publicly available source.
7.1.3.4. TheAdministration processes personal data for statistical or other researchpurposes, for professional journalistic purposes, or for other scientific,literary or creative purposes, provided that in doing so the rights and lawfulinterests of the personal data subject are not violated.
7.1.3.5. Providingthe subject of the personal data with details contained in the Notification ofpersonal data processing violates the rights and lawful interests of thirdparties.
7.1.4. Immediatelystop processing of personal data and destroy such personal data within thirtydays of the purposes of personal data processing being completely achieved,unless specified otherwise by an agreement to which the subject of the personaldata is a party, a beneficiary or a guarantor, or by another agreement betweenthe Administration and the subject of the personal data, or if theAdministration may not process personal data without the consent of the subjectof the personal data based on GDPR.
7.1.5. Stopprocessing personal data and destroy such personal data within thirty days ofthe subject of the personal data revoking his or her consent for suchprocessing, unless specified otherwise by an agreement between theAdministration and the subject of the personal data. The Administration shallnotify the subject of the personal data of the destruction of his or herpersonal data.
7.1.6. Immediatelystop processing of personal data if the subject of the personal data requests astop to such processing for the purposes of promotion of products, works orservices.
8. MEASURES TO ENSURE SECURITY OF PERSONALDATA BEING PROCESSED
8.1. TheAdministration shall take any required legal, organizational or technicalmeasures to protect personal data being processed from unauthorized orinadvertent access, destruction, modification, blocking, copying, disclosure,distribution or other illegal actions.
8.2. Inmost cases, personal data is processed automatically without employees havingaccess to it. If such access is available, then it can be provided to thosepersons who need it to perform their tasks. For the security of internal data,all persons must comply with the rules and procedures regarding dataprocessing. They must also follow all technical and organizational securitymeasures in place to protect personal data.
8.3. TheAdministration shall take the following measures to ensure the security ofpersonal data:
8.3.1. Identifysecurity risks for personal data processed in personal data processing systems.
8.3.2. Takeorganizational and technical measures to ensure the security of personal databeing processed in personal data processing systems, which are required toensure personal data security levels.
8.3.3. Enforcedata protection tools which were assessed for compliance according toestablished procedures.
8.3.4. Assessefficiency of personal data protection measures before the personal dataprocessing system is put into operation.
8.3.5. Identifyany unauthorized access to personal data and take corrective measures.
8.3.6. Restorepersonal data modified or destroyed due to unauthorized access.
8.3.7. Monitormeasures taken to ensure security of personal data and security levels ofpersonal data processing systems.
8.3.8. anti-virusprotection with updated databases;
8.3.9. information backup;
8.3.10. limitingthe circle of persons with access to personal data.
8.4. Wemay be forced to transfer your personal data because we must comply with legalor regulatory obligations in any jurisdiction, including when this obligationarises from our voluntary action or decision (for example, our decision tooperate in a country or related to solutions).
8.5. Wedo not sell personal information, including personal data, to third parties.
9. LEGAL RIGHTS
9.1. Thepersonal data protection laws of the EU and Poland give you a number of rights.To implement them, most often you just need to contact us in writing (by mailor email), it's free. We will reply to you within 30 days, but we will do ourbest to make it much faster.
9.2. Sometimeswe will have to deny your request (in whole or in part), because we are obligedto comply with the applicable law. But we will definitely explain in our answerto you why we cannot fulfill your request.
9.3. Youcan ask us to stop sending you promotional materials. will not deprive you ofthe opportunity to receive messages about the progress of the provision ofservices and our performance of the contract.
9.4. Youcan ask us to stop processing your personal information for marketing purposes,including analytics for targeted marketing purposes, including onlineadvertising.
9.5. Youcan ask for information regarding the processing of your personal data,including confirmation of the fact of processing, place and purpose ofprocessing, types of data, to which third parties this data is disclosed,storage period and source of receiving.
9.6. Youcan ask us to correct the personal data that you have provided to us if thisinformation is inaccurate or out of date.
9.7. Youcan ask to delete your personal data.
9.8. Butwe must warn you that some of the data will be archived to meet our obligationsto law enforcement, national authorities and legal proceedings. We will giveyou a full answer which information will remain saved. When the storage periodexpires in accordance with the applicable law that obliges us to store thisdata, we will delete the data.
9.9. Askus to provide a free electronic copy of personal data to another company.
REQUEST FORMS
10.1. Youcan send your request in writing or electronically.
10.2. Writtenrequests include any of your written requests sent to us, including requestssent through post offices.
10.3. Electronicrequests include inquiries sent by email. In this case, the request should besigned with your electronic signature in accordance with applicable law. We donot process requests related to the transfer or disclosure of personal datareceived by phone or fax due to the inability to identify the person of therequestor.
10.4. Theprocedure for considering requests is as follows:
10.4.1. Awritten request is sent by us to you regardless of the form of the request(written or electronic) and the results of consideration of the request orappeal. The preparation of answers is carried out by our responsiblespecialist.
10.4.2. Requestsand appeals are checked for the presence of:
10.4.2.1. surname,name of the applicant;
10.4.2.2. lastname, first name of the person whose personal data are processed (Personal datasubject);
10.4.2.3. numberof the main identity document of the Personal data subject or his legalrepresentative, information about the date of issue of the specified documentand the issuing authority.
10.5. Ifnecessary, we will ask you for additional information.
10.6. Personaldata subject has the right at any time to revoke the given consents andpermissions to the processing of personal data, as well as to refuse to informand send out, by sending a message to email orders@jet.style.
10.7. Personaldata subject has the right to demand to delete, correct, update personal data,demand to restrict the processing of personal data or object to the processingof personal data, when it is provided for by applicable law. The Controllerresponds to these requests in accordance with applicable law.
10.8. Incase of confirmation of the fact of inaccuracy of personal data or theunlawfulness of personal data processing, the personal data must be updated bythe Controller, and the processing of the illegally obtained data must bestopped.
10.9. Uponachievement of the goals of personal data processing, as well as in case ofwithdrawal of consent to personal data processing, personal data should bedeleted if:
10.9.1. otherwiseis not provided for by the contract, the party to which, the beneficiary or theguarantor of which is the Personal data subject;
10.9.2. TheController is not entitled to carry out processing without the consent of thePersonal data subject in accordance with applicable law;
10.9.3. otherwiseis not provided by another agreement between the Controller and the Personaldata subject.
CONTACTS
You have the right to send usrequests, suggestions or questions regarding this Privacy Policy by email orders@jet.style or Jetstyle Sp.z.o.o., ul. Kalwaryjska 69/9, 30-504 Kraków,Poland. KRS 0000613458REGON 364242942 NIP 6793126560We make every effort to handle yourinformation responsibly. But if something is not clear to you or somethingworries you, please contact us at the indicated address.