(1) For the Owner of this website, the protection of Users’ personal data is of utmost importance. It makes great efforts to ensure that Users feel safe entrusting their personal information when using the website.
(2) A user is a natural person, a legal person or an organizational unit without legal personality, to which the law grants legal capacity, using electronic services available on the website.
(4) The Administrator shall use state-of-the-art technical measures and organizational solutions to ensure a high level of protection of the processed personal data and safeguards against unauthorized access.
I. PERSONAL DATA CONTROLLER
The administrator of the personal data is Alaya Diamonds Group Sp. z o.o. with headquarters at: ul. Minska 25 lok. 420, 03-808 Warsaw, entered in the register of entrepreneurs kept by the District Court in Warsaw, XII Commercial Department, under KRS number: 0000825322, NIP: 5252813857 (hereinafter: “Owner“).
II. PURPOSE OF PERSONAL DATA PROCESSING
(1) The Administrator processes the User’s personal data in order to:
- proper performance of sales contracts concluded within the framework of the online store, through the website www.elori.pl
- undertake marketing activities with the prior consent of the User
2 This means that the data is needed in particular for
a. registering on the website;
b. conclusion of the agreement;
c. making settlements;
d. delivery of goods ordered by the User or performance of services;
e. User’s exercise of any consumer rights (e.g. withdrawal from the contract, warranty).
f. receive and process orders, handle orders and requests, handle complaints, present personalized marketing content
(3) The User may also agree to receive information on news and promotions, which will also cause the administrator to process personal data, in order to send the User commercial information regarding, among other things. new products or services, promotions or sales.
(4) Personal data shall also be processed in fulfillment of legal obligations incumbent on the data controller and the performance of tasks, in the public interest, among others. to perform tasks, related to security and defense or storage of tax records.
(5) Personal data may also be processed for the purposes of direct marketing of products, securing and asserting claims or protecting against claims by the User or a third party, as well as marketing of services and products of third parties or marketing of our own, which is not direct marketing.
III. DATA TYPE
(1) The administrator processes the following personal data, the provision of which is necessary to:
a. registering on the website:
- email address;
b. making purchases through the website:
- delivery address;
- phone number;
- email address;
c. Data provided by the User optionally:
- date of birth;
- PESEL number (if an invoice is requested);
- TIN number (in case of requesting an invoice for an entrepreneur).
(2) In the case of withdrawal from the contract or acknowledgment of the complaint, when the refund is made directly to the User’s bank account, we also process information, regarding the bank account number, for the purpose of reimbursement.
IV. LEGAL BASIS FOR PROCESSING PERSONAL DATA
1 Personal data shall be processed in accordance with the provisions of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), OJ L 119, 4.5.2016, p. 1-88, hereinafter referred to as the “RODO Regulation.”
(2) The Administrator shall process personal data only after obtaining the User’s prior consent, expressed at the time of registration on the website or at the time of confirming a transaction made on the website.
(3) Consent to the processing of personal data is completely voluntary, however, failure to give it prevents registration on the website and making purchases, through the website.
V. USER’S RIGHTS
(1) The user may at any time request information from the controller about the scope of processing of personal data.
(2) You may at any time request the correction or rectification of your personal data. Users can also do this on their own, after logging into their account.
(3) The user may withdraw his consent to the processing of his personal data at any time, without giving any reason. The request not to process data may concern a specific purpose of processing indicated by the User, e.g. withdrawal of consent to receive commercial information, or concern all purposes of data processing. Withdrawal of consent as to all processing purposes will result in the removal of the User’s account from the website, along with all of the User’s personal data previously processed by the administrator. Withdrawal of consent will not affect the activities already performed.
(4) The user may at any time request, without giving any reason, that the administrator delete his data. The request for deletion of data will not affect the activities performed so far. Deletion of data means simultaneous deletion of the User’s account, along with all personal data stored and processed by the administrator to date.
(5) The User may at any time object to the processing of personal data, both with respect to all of the User’s personal data processed by the controller, as well as only to a limited extent, e.g. as to the processing of data for a specifically indicated purpose. The objection will not affect the activities carried out so far. Filing an objection will result in the deletion of the User’s account, along with all personal data stored and processed to date, by the administrator.
(6) You may request a restriction of the processing of your personal data, whether for a certain period of time or without a time limitation, but within a certain scope, which the controller will be obliged to comply with. This request will not affect the activities carried out so far.
(7) The user may request that the controller transfer to another entity, the processed personal data of the user. For this purpose, he should write a request to the administrator, indicating to which entity (name, address) the User’s personal data should be transferred and what specific data the User wishes the administrator to transfer. After the User confirms his/her wish, the administrator will provide, in electronic form, to the designated entity, the User’s personal data. Confirmation of the request by the user is necessary for the security of the user’s personal data and to be sure that the request comes from an authorized person.
(8) The Administrator shall inform the User of the action taken, before the expiration of one month after receiving one of the requests listed in the preceding paragraphs.
VI. RETENTION PERIOD OF PERSONAL DATA
(1) As a general rule, personal data shall be retained only as long as necessary to fulfill the contractual or statutory obligations for which it was collected. The data will be deleted immediately when storage is no longer necessary, for evidentiary purposes, in accordance with civil law, or in connection with a statutory obligation to store data.
(2) Information, relating to the contract, shall be kept for evidence purposes, for a period of three years, starting from the end of the year in which the business relationship with the User was terminated. Deletion of data will take place after the expiration of the statutory limitation period for the assertion of contractual claims.
(3) In addition, the administrator may retain archival information relating to concluded transactions, as their storage is related to the User’s claims, e.g. under warranty.
(4) If no contract has been concluded, between the User and the Owner, the User’s personal data is stored until the User’s account on the website is deleted. Deletion of the account may occur as a result of a request by the User, withdrawal of consent to the processing of personal data, or objection to the processing of such data.
VII. ENTRUSTING DATA PROCESSING TO OTHER ENTITIES
(1) The administrator may entrust the processing of personal data to entities cooperating with the administrator to the extent necessary for the implementation of the transaction, e.g. for the preparation of the ordered goods and delivery of shipments or transmission of commercial information, originating from the administrator (the latter applies to Users who have agreed to receive commercial information).
(3) Personal data of website users are not transferred outside the European Union.
(5) The Administrator informs Users that it entrusts the processing of personal data to the following entities:
- Edrone Sp. z o.o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197 – in order to use the edrone.me mailing system for sending newsletters,
- Edrone Sp. z o.o., ul. Lekarska 1, 31-203 Kraków, NIP: 676-248-20-64, KRS: 0000537197: – for marketing purposes only for the purposes of email, sms, social media campaigns launched or designated by the Administrator using the edrone system,
6 The Administrator informs that it uses the following technologies that track the actions taken by the user/customer within the Store website:
- edrone tracking codes – for the purpose of analyzing the statistics of the Store’s website, as well as for marketing purposes only for the purposes of e-mail, sms, social media campaigns launched or indicated by the Administrator using the edrone system.
(2) Cookies are fragments of information that contain a unique reference code that a website sends to a user’s device for the purpose of storing, and sometimes tracking information, about the device being used. They usually do not allow to identify the User’s person. Their main task is to better tailor the website to the user.
(3) Some of the cookies present on the website are available only for the duration of a given web session and expire when the browser is closed. Other cookies are used to remember the User, who, when returning to the website, is recognized on it. They are then preserved before a longer period of time.
4 The cookies used on this website are:
- necessary cookies, i.e. enabling the use of services available on the Website, such as authentication cookies used for services that require authentication on the Website;
- Security cookies, such as those used for detecting fraudulent registrations on the Website;
- so-called. performance cookies, which allow you to collect information about the use of the Website;
- functional cookies, which allow “remembering” the user’s selected settings and personalizing the user interface;
- advertising cookies, which allow to provide Users with advertising content tailored to their interests.
5. all cookies, occurring on the website, are determined by the administrator.
6 All cookies, used by this website, comply with the applicable laws of the European Union.
7 Most Users and some mobile browsers automatically accept cookies. If the user does not change the settings, cookies will be stored in the memory of the device.
(8) You may change your preferences, regarding the acceptance of cookies, or change your browser so that you can receive an appropriate notification each time the cookie function is set. To change your cookie acceptance settings, adjust the settings in your browser.
9 It is worth remembering that blocking or deleting cookies may prevent full use of the website.
10. cookies will be used for necessary session management, including:
a. Creating a special login session for the Website User so that the Website remembers that the User is logged in and requests are delivered in an efficient, secure and consistent manner;
b. Recognizing the User who has visited the website before, which allows us to identify the number of unique users who have used the website and allows us to make sure that the website has enough capacity for the number of new users;
c. Recognizing whether a website visitor is registered on the website;
d. Recording information from the User’s device, including: cookies, IP address and information about the browser used, in order to be able to diagnose problems, administer and track Site usage;
e. Customize elements of the layout or content of the website;
f. To collect statistical information about how Users use the Site, in order to be able to improve the Site and to determine which areas of the Site are most popular with Users.
TWISTO PURCHASING FORMULA
INFORMATION OF THE CONTROLLER OF PERSONAL DATA MADE PURSUANT TO ART. 13 UST. 1 and 2 of the GENERAL DATA PROTECTION REGULATION (RODO).
In connection with the entry into force and necessity of application of the Regulation of the European Parliament and of the Council (EU) 2016/679 of April 27, 2016. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “Regulation“), the owner of the Internet domain provides the following information on the principles of processing your personal data.
- The website processes your personal data for the following purposes:
(a) to carry out the services offered on the website,
b) transfer of your personal data to ING Bank Śląski S.A. (“Bank”) in connection with
- provision by the Bank to the Online Store of the service of providing the infrastructure for handling payments over the Internet (legal basis: Article 6(1)(f) of the Regulation).
- handling and settlement by the Bank of payments made by customers of the Online Store over the Internet using payment instruments (legal basis: Article 6(1)(f) of the Regulation).
- in order for the Bank to verify the proper execution of the agreements concluded with the Online Shop, in particular to ensure the protection of the interests of the payers in connection with the complaints submitted by them (legal basis: Article 6(1)(f) of the Regulation).
c) transfer of your personal data to Twisto Polska sp. z o.o. in connection with the possibility of offering to make payment for the purchased goods or services by Twisto Polska sp. z o.o. under a contract of mandate covering the “Buy with Twisto” shopping formula and making this shopping formula available through the Online Store, as well as for the purpose of verification by Twisto Polska Sp. z o.o. of the due performance of such assignment contracts (legal basis: Article 6(1)(f) of the Regulation).
(4) In connection with the processing of personal data for the purposes specified in paragraph 2, your personal data may be made available by the Online Store to other recipients or categories of recipients of personal data, which may be:
(a) ING Bank Śląski S.A.
(b) Twisto Polska sp. z o.o.
(9) In the event that you provide your personal data for the purpose of transferring your personal data to Twisto Polska sp. z o.o. prior to the conclusion of a contract of sale of goods (or services) purchased from the Online Store, the provision of such data is a condition for the conclusion of a contract of sale in connection with the business model of operation adopted by the Online Store.
(10) In the case of transfer of your personal data to the Bank in connection with the processing and settlement of payments made by you to the Online Store via the Internet using payment instruments, the provision of data is required in order to process the payment and provide confirmation of its execution by the Bank to the Online Store.
(11) In the case of transfer of your personal data to the Bank in order for the Bank to verify the proper performance of the agreements concluded with the Online Shop, in particular to ensure the protection of the interests of the payers in connection with their complaints, the provision of such data is required to enable the execution of the agreement concluded between the Online Shop and the Bank.
12 In case of transfer of your personal data to Twisto Polska sp. z o.o. in connection with the possibility of Twisto Polska sp. z o.o. offering to pay you the price for the goods or services purchased by you. z o.o. within the framework of a contract of mandate covering the shopping formula “Buy with Twisto” and making this formula available by the Internet Shop, providing these data and processing them for this purpose is required in connection with the business model of conducting business adopted by the Internet Shop and for the purpose of executing the contract concluded between the Internet Shop and Twisto Polska Sp. z o.o.
Reminders to give feedback.
We have partnered with RatingCaptain and CusRev, tools for surveying our customers’ satisfaction with the services we provide/products we sell. As part of our cooperation, we will ask you to complete a survey or give us or our products/services a review.
In addition, the RatingCaptain and/or CusRev tools process data about your activity on our site (sub-pages visited, time of visit, clicks, how you use the services/viewed products), information about your terminal device or browser, including its location.
We have entered into relevant entrustment agreements with RatingCaptain and CusRev for the processing of personal data. We point out that your data will not be profiled using the RatingCaptain tool, nor CusRev.
You may revoke your consent at any time by sending the appropriate message to our contact address indicated under Our contact information and your rights.