This Privacy Policy sets out the rules for the processing and protection of personal data collected in connection with the provision of services or the sale of products within the Venetia Jewels Online Store operated by Venetia spółka z ograniczoną odpowiedzialnością.

§ 1 General provisions

1. The administrator, i.e. the entity deciding on the purposes and means of processing personal data, is Venetia Spółka z ograniczoną odpowiedzialnością with its registered office at ul. Wichrowa 7, 05-090 Raszyn, registered in the National Court Register under KRS number 0000793101, NIP 5342603230, REGON 383773053.
2. The Administrator has appointed a Personal Data Protection Inspector, who can be contacted in matters of protection and processing of your personal data at the e-mail address: data@venetiajewels.pl or in writing to the registered office address indicated in point 1.

§ 2 Basis for personal data processing

1. Personal data are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the freedom flow of such data and repealing Directive 95/46/EC.
2. Providing personal data is voluntary, but necessary to complete the order and deliver the ordered product. Failure to provide data results in the inability to place an order.
3. The processing of personal data is based on:
a) the legitimate interest of the administrator,
b) consent of the data subject,
c) performance of the concluded contract,
d) fulfillment of obligations arising from the law.

§ 3 Purpose of personal data processing

1. Personal data is processed by the administrator for purposes related to concluding and implementing sales contracts and recording completed transactions.
2. Personal data will be processed for the following purposes:
a) conclusion and performance of contracts with the Administrator's contractors (legal basis: Article 6(1b) of the GDPR) - for the duration of the contract and settlements after its completion;
b) taking action before concluding the contract, i.e. conducting negotiations, preparing an offer, verifying data - legal basis: Art. 6 section 1b) GDPR;
c) fulfillment of the Administrator's legal obligations, e.g. issuing or storing invoices and other accounting documents, responding to complaints (legal basis: Article 6(1c) of the GDPR) - for the period required by law to store data,
d) on the basis of the need to process data to pursue the legitimate interest of the administrator: determining, defending and pursuing claims (legal basis: Article 6(1f) of the GDPR) - for the period after which the claims expire,
e) direct marketing (legal basis: Article 6(1f) of the GDPR) - for the duration of the contract or until an objection is raised,
f) in other cases, personal data are processed only on the basis of previously granted consent to the extent and purpose specified in the content of the consent (Article 6(1a) of the GDPR) - for the period from consent granted until its withdrawal.

§ 4 Recipients of personal data

1. Personal data may be made available to other entities if such an obligation results from legal provisions or from achieving the purpose for which the data was transferred.
2. Entities processing data on behalf of the controller (processors) may also have access to personal data in cases where it is necessary to achieve the purpose of personal data processing.
3. The Administrator declares that he uses the services of verified entities, known on the local market and guaranteeing data security.
4. Personal data may be transferred to the following recipients or categories of recipients: entities providing IT, technical, accounting, legal, advisory services, document destruction and archiving services, entities conducting postal or courier activities.
5. Personal data may be transferred to third countries (outside the European Union countries) in connection with the ordered delivery of products.

§ 5 Rights related to the processing of personal data

1. The data subject has the right:
a) access to your personal data and receiving a copy thereof;
b) to rectify (correct) your personal data;
c) restrictions on the processing of personal data;
d) to transfer personal data;
e) deletion of personal data,
f) the right to withdraw consent to data processing at any time if personal data are processed on the basis of consent.
2. In the event of exercising the right referred to in section 1, please contact the Personal Data Protection Inspector in the manner specified in § 1 section 2.
3. If personal data are processed contrary to applicable law, the data subject has the right to lodge a complaint with the President of the Personal Data Protection Office.

§ 6 Cookies in the online store

1. The Administrator uses Cookies, which are text information sent by the server and saved on the side of the person visiting the Store's website.
2. Cookies are used for the following purposes:
a) adapting the content of the website to the Customer's preferences and optimizing the use of the website;
b) creating statistics to improve the functionality of the website and its structure;
c) ensuring the security of services provided electronically;
d) maintaining the Client's session after logging in;
f) facilitate browsing the website resources.

§ 7 Final provisions

1. To the extent not regulated by the Privacy Policy, the provisions of the GDPR and Polish generally applicable provisions regarding the protection of personal data apply.
2. The law applicable to these Regulations is Polish law.
3. The privacy policy is valid from 01/01/2022.