Privacy Policy

1. This Privacy Policy defines the principles of processing personal data obtained via the online store www.cupicha.pl (hereinafter referred to as the "Online Store").
2. The owner of the Store and the data controller is Jan Cupicha, conducting business activity under the name of Firma Jubilerska Jan Cupicha with its registered office in Nowy Sącz (33-300), ul. Wałowa 6, entered into the Central Register and Information on Business Activity run by the Minister of Entrepreneurship and Technology, NIP: 7340004070, REGON: 490314150, hereinafter referred to as Jubiler Cupicha.
3. Personal data collected by Jubiler Cupicha via the Online Store are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), also known as GDPR.
4. Cupicha Jeweler takes special care to respect the privacy of Customers visiting the Online Store.

§ 1 Type of data processed, purposes and legal basis

1. Jubiler Cupicha collects information about natural persons performing legal acts not directly related to their business activity, natural persons conducting business or professional activity on their own behalf, and natural persons representing legal persons or organizational units that are not legal persons, to which the act grants legal capacity, conducting business or professional activity on their own behalf, hereinafter referred to jointly as Customers.
2. Customers’ personal data are collected in the event of:
a) registering an account in the Online Store, in order to create an individual account and manage this account. Legal basis: necessity to perform the contract for the provision of the Account service (Article 6, paragraph 1, letter b of the GDPR);
b) placing an order in the Online Store in order to execute the sales contract. Legal basis: necessity to execute the sales contract (Article 6, paragraph 1, letter b of the GDPR);
c) using the contact form service in the Online Store in order to perform the contract provided electronically. Legal basis: necessity to perform the contract for the provision of the contact form service (Article 6, paragraph 1, letter b of the GDPR);
d) use of the service "post an opinion" for the purpose of performing a contract, the subject of which is a service provided electronically. Legal basis - necessity to perform the contract for the provision of the service "post an opinion" (Article 6, paragraph 1, letter b of the GDPR).
3. When registering an account in the Online Store, the Customer provides:
a) email address;
b) address details:
a. postal code and city;
b. country (state);
c. street name and house/apartment number.
c) name and surname;
d) telephone number.
4. During the registration of the account in the Online Store, the Customer independently sets an individual password to access his/her account. The Customer may change the password at a later time, on the terms described in §5.
5. When placing an order in the Online Store, the Customer provides the following data:
a) email address;
b) address details:
a. postal code and city;
b. country (state);
c. street name and house/apartment number.
c) name and surname;
d) telephone number.
6. In the case of Entrepreneurs, the above scope of data is additionally extended to include:
a) the Entrepreneur's company name;
b) Tax Identification Number.
7. In case of using the contact form service, the Client provides the following data:
a) email address;
b) name.
8. In case of using the post a review service, the Client provides the following data:
a) email address;
b) nickname/nickname.
9. When using the Store Website, additional information may be downloaded, in particular: the IP address assigned to the Customer's computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
10. Navigation data may also be collected from Customers, including information about links and references they decide to click on or other actions taken in our Online Store. Legal basis – legally justified interest (Article 6, paragraph 1, letter f of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
11. In order to establish, pursue and enforce claims, some personal data provided by the Customer as part of using the functionality in the Online Store may be processed, such as: first name, last name, data regarding the use of services, if the claims result from the way in which the Customer uses the services, other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis - legally justified interest (Article 6, paragraph 1, letter f of the GDPR), consisting in the establishment, pursuit and enforcement of claims and defense against claims in proceedings before courts and other state authorities.
12. The provision of personal data to Jubiler Cupicha is voluntary, in connection with concluded sales agreements or provision of services via the Online Store Website, provided, however, that failure to provide the data specified in the data forms in the Registration process prevents Registration and establishment of a Customer Account, and in the case of placing an order without Registration of the Customer Account, it will prevent the placement and execution of the Customer's order.

§ 2 Who is the data shared or entrusted to and how long is it stored?

1. The Customer's personal data are transferred to service providers used by Jubiler Cupicha when running the Online Store. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are either subject to Jubiler Cupicha's instructions regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of their processing (administrators).
a) Processing entities. Jubiler Cupicha uses suppliers who process personal data only on the instructions of Jubiler Cupicha. These include, among others, suppliers of hosting services, accounting services, marketing systems, systems for analyzing traffic in the Online Store, systems for analyzing the effectiveness of marketing campaigns;
b) Administrators. Jubiler Cupicha uses suppliers who do not act solely on instructions and who themselves determine the purposes and methods of using the personal data of Customers. They provide electronic payment and banking services.
2. Location. Service providers are based mainly in Poland and other countries of the European Economic Area (EEA).
3. Customers' personal data are stored:
a) If the basis for the processing of personal data is consent, then the Customer's personal data are processed by Jubiler Cupicha until the consent is withdrawn, and after the consent is withdrawn for a period of time corresponding to the limitation period for claims that Jubiler Cupicha may raise and which may be raised against it. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years.
b) If the basis for data processing is the performance of a contract, then the Customer's personal data are processed by Jubiler Cupicha for as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business - three years.
4. In the event of a purchase in the Store, personal data may be transferred to Poczta Polska SA with its registered office in Warsaw, in order to deliver the ordered goods.
5. If the Customer chooses to pay via the przelewy24.pl system, their personal data are transferred to the extent necessary to process the payment to PayPro SA Agent Rozliczeniowy with its registered office in Poznań (60-327 Poznań, ul. Kanclerska 15), entered into the register of entrepreneurs maintained by the District Court of Poznań – Nowe Miasto and Wilda in Poznań, 8th Commercial Division of the National Court Register under the KRS number 0000347935, NIP 7792369887, Regon 301345068.
6. Navigation data may be used to provide Customers with better service, analyse statistical data and adapt the Online Store to Customer preferences, as well as administer the Online Store.
7. In the event of a request, Jubiler Cupicha provides personal data to authorized state authorities, in particular organizational units of the Prosecutor's Office, the Police, the President of the Office for Personal Data Protection, the President of the Office for Competition and Consumer Protection or the President of the Office of Electronic Communications.

§ 3 Cookie mechanism, IP address

1. The Online Store uses small files called cookies. They are saved by Jubiler Cupicha on the end device of the person visiting the Online Store, if the web browser allows it. A cookie file usually contains the name of the domain from which it comes, its "expiration time" and an individual, randomly selected number identifying this file. Information collected using files of this type helps to adapt the products offered by Jubiler Cupicha to the individual preferences and actual needs of people visiting the Online Store. They also provide the possibility of developing general statistics of visits to the presented products in the Online Store.
2. Cupicha Jeweler uses two types of cookies:
a) Session cookies: after the end of a given browser session or when the computer is turned off, the saved information is deleted from the device's memory. The session cookie mechanism does not allow for the collection of any personal data or any confidential information from the Clients' computers.
b) Persistent cookies: they are stored in the memory of the Client's end device and remain there until they are deleted or expire. The persistent cookie mechanism does not allow for the collection of any personal data or any confidential information from the Clients' computer.
3. Cupicha Jubiler uses its own cookies for the following purposes:
a) authenticating the Customer in the Online Store and ensuring the Customer’s session in the Online Store (after logging in), thanks to which the Customer does not have to re-enter the login and password on each subpage of the Online Store;
b) analyses, research and audience audits, in particular to create anonymous statistics that help understand how Customers use the Online Store Website, which enables the improvement of its structure and content.
4. Jubiler Cupicha uses external cookies for the following purposes:
a) presenting a map indicating the location of the Jubiler Cupicha office on the Store’s information pages, using the maps.google.com website (external cookie administrator: Google Inc. based in the USA); b) presenting the Reliable Regulations Certificate using the rzetelnyregulamin.pl website (external cookie administrator: Rzetelna Grupa sp. z o. o. based in Warsaw).
5. The cookie mechanism is safe for the computers of the Online Store Customers. In particular, it is not possible for viruses or other unwanted software or malware to get into the computers of the Customers this way. Nevertheless, in their browsers, the Customers have the option of limiting or disabling the access of cookie files to computers. In the case of using this option, the use of the Online Store will be possible, except for the functions that by their nature require cookies.
6. Below we present how you can change the settings of popular web browsers regarding the use of cookies:
a) Internet Explorer browser;
b) Microsoft EDGE browser;
c) Mozilla Firefox browser;
d) Chrome browser;
e) Safari browser;
f) Opera browser.
7. Jubiler Cupicha may collect IP addresses of Customers. An IP address is a number assigned to the computer of a person visiting the Online Store by the Internet service provider. The IP number enables access to the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes with each connection to the Internet. The IP address is used by Jubiler Cupicha to diagnose technical problems with the server, create statistical analyses (e.g. to determine from which regions we record the most visits), as information useful in the administration and improvement of the Online Store, as well as for security purposes and possible identification of server-burdening, unwanted automatic programs for browsing the content of the Online Store.
8. The Online Store contains links and references to other websites. Jubiler Cupicha is not responsible for the privacy policies in force there.

§ 4 Rights of data subjects

1. Right to withdraw consent – legal basis: Article 7(3) of the GDPR.
a) The Customer has the right to withdraw any consent granted by Jubiler Cupicha.
b) Withdrawal of consent takes effect from the moment of withdrawal of consent.
c) Withdrawal of consent does not affect the processing carried out by Jubiler Cupicha in accordance with the law before its withdrawal.
d) Withdrawal of consent does not entail any negative consequences for the Customer, but may prevent further use of the services or functionalities which, according to the law, Jubiler Cupicha may only provide with consent.
2. The right to object to data processing – legal basis: Article 21 of the GDPR.
a) The Customer has the right to object at any time – for reasons related to his/her particular situation – to the processing of his/her personal data, including profiling, if Jubiler Cupicha processes his/her data based on a legitimate interest, e.g. marketing of Jubiler Cupicha products and services, keeping statistics on the use of individual functionalities of the Online Store and facilitating the use of the Online Store, as well as satisfaction surveys.
b) Resignation from receiving marketing communications regarding products or services via e-mail will mean the Client's objection to the processing of his or her personal data, including profiling for these purposes.
c) If the Customer's objection proves to be justified and Jubiler Cupicha has no other legal basis for the processing of personal data, the Customer's personal data will be deleted to the processing of which the Customer has filed an objection.
3. The right to erasure (“the right to be forgotten”) – legal basis: Article 17 of the GDPR.
a) The customer has the right to request the deletion of all or some of their personal data.
b) The Customer has the right to request the deletion of personal data if:
a. the personal data are no longer necessary in relation to the purposes for which they were collected or processed;
b. has withdrawn specific consent to the extent that personal data were processed based on his or her consent;
c. has objected to the use of his or her data for marketing purposes;
d. personal data are processed unlawfully;
e. personal data must be deleted in order to comply with a legal obligation under Union law or the law of the Member State to which Jubiler Cupicha is subject;
f. the personal data have been collected in connection with the provision of information society services.
c) Despite the request to delete personal data, in connection with the filing of an objection or withdrawal of consent, Jubiler Cupicha may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to comply with a legal obligation requiring processing under EU law or the law of the Member State to which Jubiler Cupicha is subject. This applies in particular to personal data including: first name, last name, e-mail address, which data are retained for the purpose of handling complaints and claims related to the use of Jubiler Cupicha services, or additionally the address of residence/mailing address, order number, which data are retained for the purpose of handling complaints and claims related to concluded sales agreements or the provision of services.
4. Right to restrict data processing – legal basis: Article 18 of the GDPR.
a) The customer has the right to request the restriction of the processing of his/her personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will be associated with the processing of the data covered by the request. Jubiler Cupicha will also not send any messages, including marketing ones.
b) The Customer has the right to request the restriction of the use of personal data in the following cases:
a. when he/she questions the accuracy of his/her personal data – then Jubiler Cupicha limits their use for the time needed to verify the accuracy of the data, but no longer than for 7 days;
b. when the processing of data is unlawful and instead of deleting the data, the Customer requests the restriction of their use;
c. when personal data are no longer necessary for the purposes for which they were collected or used but they are needed by the Client to establish, pursue or defend claims;
d. when he has objected to the use of his data – then the restriction is in place for the time needed to consider whether – due to the special situation – the protection of the Client’s interests, rights and freedoms outweighs the interests pursued by the Administrator in processing the Client’s personal data.
5. Right of access to data – legal basis: Article 15 of the GDPR.
a) The Customer has the right to obtain from the Administrator confirmation as to whether he processes personal data, and if so, the Customer has the right to:
a. access your personal data;
b. obtain information on the purposes of processing, the categories of personal data processed, the recipients or categories of recipients of such data, the planned period for which the Customer's data will be stored or the criteria for determining this period (when it is not possible to determine the planned period for which the data will be processed), the rights of the Customer under the GDPR and the right to lodge a complaint with the supervisory authority, the source of such data, automated decision-making, including profiling, and the safeguards applied in connection with the transfer of such data outside the European Union;
c. obtain a copy of your personal data.
6. Right to rectification – legal basis: Article 16 of the GDPR.
a) The Client has the right to demand from the Administrator immediate rectification of his/her personal data that is incorrect. Taking into account the purposes of processing, the Client whose data is being processed has the right to demand supplementation of incomplete personal data, including by submitting an additional statement, by sending a request to the e-mail address in accordance with §6 of the Privacy Policy.
7. Right to data portability – legal basis: Article 20 of the GDPR.
a) The Client has the right to receive his/her personal data, which he/she has provided to the Administrator, and then send it to another personal data administrator of his/her choice. The Client also has the right to request that the personal data be sent by the Administrator directly to such administrator, if technically possible. In such a case, the Administrator will send the Client's personal data in the form of a file in the csv format, which is a commonly used, machine-readable format that allows the received data to be sent to another personal data administrator.
8. In the event that the Customer exercises the right resulting from the above rights, Cupicha Jubiler shall comply with the request or refuse to comply with it immediately, but no later than within one month of receiving it. However, if - due to the complex nature of the request or the number of requests - Cupicha Jubiler is unable to comply with the request within one month, it shall comply with it within the next two months, informing the Customer in advance within one month of receiving the request - of the intended extension of the deadline and the reasons for it.
9. The Customer may submit complaints, inquiries and requests to the Administrator regarding the processing of his personal data and the implementation of his rights.
10. The Customer has the right to request that Jubiler Cupicha provide a copy of standard contractual clauses by sending an inquiry in the manner indicated in §6 of the Privacy Policy.
11. The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding a violation of his or her rights to personal data protection or other rights granted under the GDPR.

§ 5 Security management - password

1. Jubiler Cupicha provides Customers with a secure and encrypted connection when sending personal data and when logging into the Customer Account on the Website. Jubiler Cupicha uses an SSL certificate issued by one of the world's leading companies in the field of security and encryption of data sent over the Internet.
2. If a Customer who has an account in the Online Store has lost their password in any way, the Online Store allows you to generate a new password. Cupicha Jeweler does not send a password reminder. The password is stored in an encrypted form, in a way that makes it impossible to read. In order to generate a new password, you must provide your e-mail address in the form available under the link "Forgot your password" provided at the login form to the account in the Online Store. The Customer will receive an e-mail to the e-mail address provided during registration or saved in the last change of the account profile, containing a redirection to a dedicated form provided on the Store's Website, where the Customer will be able to set a new password.
3. Jubiler Cupicha never sends any correspondence, including electronic correspondence, requesting login details, in particular the access password to the Customer's account.

§ 6 Changes to the Privacy Policy

1. The Privacy Policy may be subject to change, of which Cupicha Jubiler will inform Customers 7 days in advance.
2. Please send any questions regarding the Privacy Policy to the following address: sklep@cupicha.pl
3. Last modification date: 09/07/2018