Privacy Policy

Privacy Policy

§1 Personal Data Administration

  1. The controller of personal data is POKRYCKI SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw, at 37/58 Adama Mickiewicza Street, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw, 14th Commercial Division of the National Court Register, under KRS number 0000547724, NIP (Tax ID): 5252612550, REGON: 361008453, with a share capital of PLN 5.000.

  2. Contact with the person supervising the processing of personal data in the organization is possible via e-mail at [email protected], in writing to the address of the Controller, or by phone at 601 598 866.

  3. This Policy sets out the rules regarding the processing of personal data by the Controller on the Website, including the legal basis, purposes, and scope of personal data processing, as well as the rights of the data subjects.

  4. Personal data are processed by the Controller in compliance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Official text of the GDPR:
    http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679.

  5. The User’s rights are not absolute and do not apply to all activities related to the processing of personal data.

§2 Definitions

  1. Controller – POKRYCKI SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ with its registered office in Warsaw, at 37/58 Adama Mickiewicza Street, entered in the Register of Entrepreneurs of the National Court Register maintained by the District Court for the Capital City of Warsaw, 14th Commercial Division of the National Court Register, under KRS number 0000547724, NIP (Tax ID): 5252612550, REGON: 361008453, with a share capital of PLN 5.000.

  2. Personal data – information about an identified or identifiable natural person, who can be identified directly or indirectly by reference to one or more specific factors determining their physical, physiological, genetic, mental, economic, cultural, or social identity, including the IP address of a device, online identifiers, and information collected via cookies or other similar technologies.

  3. Policy – this Privacy Policy.

  4. GDPR / General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

  5. Website – the online service operated by the Controller at omegavintagewatch.com/.

  6. User – any natural person visiting the Website or using one or more of the services or functionalities described in this Policy.

§3 Security

  1. The Controller has implemented appropriate technical and organizational measures to ensure the security of personal data processing and, in particular, is responsible for and guarantees that the data collected by it are:

    • processed lawfully;

    • collected for specified and legitimate purposes and not further processed in a manner incompatible with those purposes;

    • factually correct and adequate in relation to the purposes for which they are processed;

    • stored in a form that permits identification of the data subjects for no longer than is necessary to achieve the purpose of processing; and

    • processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using suitable technical and organizational measures.

§4 Purposes and Legal Bases for Data Processing

  1. Under Article 6(1)(a) of the GDPR (consent), personal data will be processed for the following purposes:

    • marketing of the Controller’s and its partners’ products and services,

    • sending newsletters,

    • moderating content on the Website,

    • storing data in cookies and using cookies to ensure the proper functioning of the Website,

    • providing product or service reviews,

    • participation in webinars or online training sessions,

    • communication via remote contact tools, in particular by phone, e-mail, or messaging applications.

  2. Under Article 6(1)(b) of the GDPR (performance of a contract), personal data will be processed for the following purposes:

    • performance of a sales contract or a service agreement, or taking steps at the request of the data subject prior to or

      after entering into such an agreement, in particular for exercising warranty rights, handling complaints, or

    • withdrawal from a distance contract.

  3. Under Article 6(1)(c) of the GDPR (legal obligation of the Controller), personal data will be processed for the following purposes:

    • issuing and storing invoices, receipts, or fulfilling other obligations arising from tax and accounting regulations (including the archiving obligation for accounting documents).

    • maintaining registers and other documentation required under GDPR provisions.

  4. Under Article 6(1)(f) of the GDPR (legitimate interests of the Controller), personal data will be processed for the following purposes:

    • proper performance of the contract, processed for the duration of the contract and any rights arising from it (e.g. the right to file a complaint); data provision is voluntary but necessary,

    • ensuring the security of the Website, managing it, and maintaining its proper operation,

    • conducting statistics and analyzing traffic on the Website,

    • direct marketing,

    • stablishing, exercising, or defending legal claims by or against the Controller,

    • communication with the User,

    • operation of the omegavintagewatch.com Website,

    • management of accounts on Instagram and Facebook and interaction with users of those platforms.

    • Personal data may be disclosed to the following recipients or categories of recipients: courier companies, postal operators, law firms, accounting firms, IT service providers, and maintenance contractors.

§5 Profiling

  1. The GDPR imposes on the Controller an obligation to inform data subjects about automated decision-making, including profiling as referred to in Article 22(1) and (4) of the GDPR, and – at least in such cases – to provide meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Considering this, the Controller provides in this section of the Privacy Policy information regarding possible profiling.

  2. The Controller may use profiling on the Website for marketing purposes, utilizing the personal data provided by the User.

  3. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

§6 Period of Personal Data Processing

  1. The period of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, data are processed for the duration of the service provision, until the consent given is withdrawn, or until a valid objection to data processing is lodged in cases where the legal basis for processing is the Controller’s legitimate interest.

  2. The processing period may be extended if the processing is necessary for the establishment, exercise, or defense of potential claims, and thereafter only for as long as required by applicable law. After the processing period expires, the data are irreversibly deleted or anonymized.

§7 User Rights

  1. With regard to their personal data, the User has the following rights:

    • the right to access their personal data,

    • the right to rectify personal data at any time,

    • the right to erase their personal data at any time,

    • the right to obtain a copy of their data,

    • the right to restrict the processing of personal data,

    • the right to object to the processing of personal data,

    • the right to data portability,

    • the right to withdraw consent; withdrawal of consent does not affect the lawfulness of processing carried out before its withdrawal,

    • legitimate interest for marketing, direct marketing, or other non-marketing purposes,

    • the right to lodge a complaint with a supervisory authority.

§8 Odbiorcy danych osobowych

  1. Administrator w celu prawidłowego prowadzenia Serwisu przekazuje dane osobowe Użytkownika innym podmiotom zewnętrznym, w szczególności: Firma hostingowa, firmy kurierskie, operator pocztowy, operatorzy płatności, banki.

  2. Administrator zastrzega sobie prawo do ujawnienia danych osobowych w sytuacji, gdy będzie to wynikać z obowiązujących przepisów prawa, w tym obowiązek przekazania informacji do właściwych organów administracyjnych lub organów ścigania.

§9 Przekazywanie danych osobowych poza EOG

  1. Poziom ochrony Danych osobowych poza Europejskim Obszarem Gospodarczym (EOG) różni się od tego zapewnianego przez prawo europejskie. Z tego powodu Administrator przekazuje Dane osobowe poza EOG tylko wtedy, gdy jest to konieczne, w szczególności, gdy korzysta z usług podmiotu międzynarodowego. Zawsze jednak zapewnia odpowiedni stopień ochrony, przede wszystkim poprzez:

    • współpracę z podmiotami przetwarzającymi Dane osobowe w państwach, w odniesieniu do których została wydana stosowna decyzja Komisji Europejskiej dotycząca stwierdzenia zapewnienia odpowiedniego stopnia ochrony Danych osobowych;

    • stosowanie wiążących reguł korporacyjnych zatwierdzonych przez międzynarodowe normy certyfikacyjne i właściwy organ nadzorczy;

    • stosowanie standardowych klauzul umownych wydanych przez Komisję Europejską na podstawie art. 46 RODO.

    • Dane osobowe mogą być również przekazywane poza obszar EOG na podstawie zgody Użytkownika. Użytkownik jest wcześniej o tym zdarzeniu informowany.

§10 Security of Personal Data

  1. The Controller continuously conducts risk analyses to ensure that personal data are processed securely. In particular, the Controller ensures that access to data is granted only to authorized persons and only to the extent necessary for the performance of their duties.

  2. The Controller is obliged to take all legally permitted actions to ensure that all operations involving personal data are recorded and carried out only by authorized entities.

  3. The Controller is also required to ensure that any entities cooperating with the Controller provide guarantees of applying appropriate security measures whenever they process personal data on behalf of the Controller.

§11 Changes to the Privacy Policy

  1. The Policy is continuously reviewed and updated.

  2. The current version of the Policy was adopted and has been in force since 2024-08-01.