Privacy policy

This document regulates the Privacy Policy and "cookies" for the website,

available at https://n-parts.pl/en/, which is owned by Izabela Abrantowicz, 35F Millennium St, 43-241 Łąka

§1 Personal Data Administrator

1.1 The administrator of your personal data is Izabela Abrantowicz, ul. Tysiąclecia 35F, 43-241 Łąka, NIP 6381840118, REGON 385114248 (hereinafter referred to as the "Administrator").

1.2 Contact details of the Administrator:

Correspondence address: ul. Tysiąclecia 35F, 43-241 Łąka

E-mail address: shop@n-parts.pl

Phone: 733 670 500

1.3 Based on art. 37 of the GDPR, the Personal Data Administrator did not appoint a Data Protection Officer.

Personal Data Protection Officer (PDPO) and independently performs duties related to personal data protection.

§2 Definitions

Administrator - Data Controller, the entity that decides on the purposes and means

processing of personal data

Personal data - these are information about natural persons, they relate to an identified or

possible to identify directly or indirectly; personal data are in particular

identification number, factors determining physical, physiological, mental, economic characteristics,

cultural or social

GDPR - Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals

physical in connection with the processing of personal data and on the free flow

such data and repealing Directive 95/46/EC

Privacy and cookies policy - this document referred to hereafter as the "Policy"

Service - an online service run by the Administrator at the address: https://n-parts.pl/en/

Service user - any natural person visiting the Service or using it at least

one service performed by the Administrator or function of the Service

Cookies files - in English "cookies", are small pieces of information in the form of a text string.

placed or read by the website in the user's used

in the web browser

§3 General provisions

3.1 The administrator collects data of the Service Users located at the address: https://n-

parts.pl.

3.2. The type of data collected by the Administrator depends on the service offered by

The administrator that the User is using.

3.3 Personal data will be processed by the Administrator in accordance with the provisions of the Regulation

European Parliament and Council (EU) 2016/679 on the protection of individuals with regard to

on the processing of personal data and on the free movement of such data and the repeal

Directive 95/46/EC, known as the General Data Protection Regulation, hereinafter

"GDPR".

3.4 The provision of any personal data is voluntary and depends on the User's decision.

However, in some cases, providing certain personal data is necessary in order to

To meet the User's expectations regarding the use of services offered by the Administrator.

3.5 The services offered by the Administrator within the Service are offered to individuals who have completed

18 years old. Therefore, the Administrator does not knowingly process personal data of children.

§4 Purpose, basis and time of data processing

4.1 Customer Account Registration

4.1.1 Whose data is subject to processing?

The data of people who have registered their account on the website https://n- is subject to processing.

parts.pl.

4.1.2 What data is subject to processing?

 first and last name

 email address

 delivery address

 billing address

 password

4.1.3 What is the purpose of data processing?

The data will be processed for the purpose of providing services related to management and support.

accounts in the Service.

4.1.4 What is the legal basis for data processing?

Preparation and execution of the contract - art. 6 par. 1 lit b GDPR.

Justifiable interest of the Administrator, for the purpose of optimizing the services provided - art. 6

Art. 1, point f of the GDPR.

4.1.5 What is the data retention period?

The data is processed until the contract is performed (e.g. deletion of the account from the Service),

and then for the period necessary to establish, investigate or defend against claims.

4.1.6 Is providing data necessary?

Providing data is voluntary, however, without providing data, it will not be possible to create an account.

4.2 Handling an order in the store:

4.2.1 Whose data is subject to processing?

Data of people who placed an order on the website https://n-parts.pl/en/

4.2.2 What data is subject to processing?

 first and last name

 email address

 phone number

 delivery address

4.2.3 What is the purpose of data processing?

The data will be processed for the purpose of order fulfillment, claim handling,

pursuit of claims or defense against them, as well as in connection with the performance of duties

related to tax regulations and accounting.

4.2.4 What is the legal basis for data processing?

Preparation and execution of the contract - art. 6 par. 1 lit b GDPR.

Legitimate interest consisting of determining, pursuing and defending against potential

claims - art. 6 sec. 1 lit f GDPR.

Fulfillment of the legal obligation incumbent on the Administrator - Art. 6 sec. 1 letter c GDPR.

4.2.5 What is the data retention period?

The data is processed until the contract is performed, whereas the data obtained for the purpose of

The fulfillment of legal obligations is processed until they are fulfilled.

Data processed on the basis of a legitimate interest are processed to

from the moment of its execution or submission by the User of an effective objection. The above

processing periods can be extended by the maximum time necessary to establish,

investigation or defense against claims. After this period, personal data will be

anonymized or deleted.

4.2.6 Is providing data necessary?

Providing data is voluntary, however without providing the data, it will not be possible to provide service.

orders.

4.3 Newsletter:

4.3.1 Whose data is subject to processing?

Data of people who have signed up for the Newsletter.

4.3.2 What data is subject to processing?

 name

 email address

4.3.3 What is the purpose of data processing?

Performing the Newsletter service, informing about discounts, promotions, new offer.

Adjusting the content of the ordered Newsletter service to the User's activity on the Service.

4.3.4 What is the legal basis for data processing?

Execution of the contract for the provision of Newsletter service - art. 6 sec. 1 letter b GDPR.

Legally justified interest which is direct marketing (information about the offer,

(news, personalizing content) - art. 6 sec. 1 lit f GDPR.

4.3.5 What is the data retention period?

Personal data will be processed until the User withdraws their consent.

Processing, and then for the period necessary to establish, pursue or defend against

claims. After this period, personal data will be anonymized or deleted.

4.3.6 Is providing data necessary?

Providing data is voluntary, however without providing data it will not be possible to save.

Subscribe to the Newsletter.

4.4 Contact form:

4.4.1 Whose data is subject to processing?

Data of people who contact through the contact form.

4.4.2 What data is subject to processing?

 name

 email address

4.4.3 What is the purpose of data processing?

Identification of the user contacting and providing an answer to the asked question.

4.4.4 What is the legal basis for data processing?

Justified interest - Art. 6 sec. 1 lit f GDPR.

4.4.5 What is the data retention period?

Until the expiration of claims.

4.4.6 Is providing data necessary?

Providing data is voluntary, but necessary for user verification.

4.5 Information about product availability:

4.5.1 Whose data is subject to processing?

Data of people who want to receive information about product availability.

4.5.2 What data is subject to processing?

 name

 email address

4.5.3 What is the purpose of data processing?

Providing information about product availability.

4.5.4 What is the legal basis for data processing?

Provision of information about product availability based on given consent - art. 6

Art. 1 point a of GDPR.

4.5.5 What is the data retention period?

The data is processed for the period necessary to provide information or until the moment

withdrawal of consent, depending on which event occurs first.

4.5.6 Is providing data necessary?

Providing data is voluntary, but necessary to provide information.

4.6 Loyalty Program

4.6.1 Whose data is subject to processing?

Data of people participating in the loyalty program.

4.6.2 What data is subject to processing?

Data required to join the program.

4.6.3 What is the purpose of data processing?

Informing about promotional actions, discounts, novelties.

Conducting analytical and statistical activities.

Establishment, investigation or defense of claims.

4.6.4 What is the legal basis for data processing?

Conclusion or execution of a contract for participation in a loyalty program - art. 6

Art. 1 sec. b of the GDPR.

For analytical and statistical purposes - art. 6 sec. 1 letter f GDPR.

Establishment, investigation or defense of claims - art. 6 sec. 1 letter f GDPR.

4.6.5 What is the data retention period?

During the term of the contract, i.e. until the User terminates it

participation in the loyalty program, its resolution and/or until the time of notification

objection or withdrawal of consent.

4.6.6 Is providing data necessary?

Providing data is voluntary, but necessary to participate in the loyalty program.

§5 Entrusting and sharing personal data

5.1 In connection with the conducted activity, the Administrator may disclose personal data to the following

to entities, if it is necessary to achieve the purposes of processing:

5.1.1 Companies providing services or delivering IT solutions,

5.1.2 Companies providing courier and postal services,

5.1.3 Banks and other financial and payment institutions,

5.1.4 Public authorities receiving data in connection with the performance of legal obligations

Administrator,

5.1.5 Companies providing marketing activities,

5.1.6 Employees and collaborators,

5.1.7 Companies providing accounting and bookkeeping services.

§6 User's rights of the service

6.1 In connection with the processing of personal data, the User is entitled to the rights associated with it.

permissions:

6.1.1 right to access the content of their data - The user has the right to obtain information

regarding personal data held by the Administrator about themselves, including

a copy of these data.

6.1.2 the right to rectify (correct) their data - The user has the right to request

correction of your personal data, which are incorrect or incomplete.

6.1.3 right to data erasure - The user has the right to request the deletion of their own data

personal data stored by the Administrator in the following cases:

(a) User's personal data is no longer necessary for the purposes for which they were collected.

basis for the processing; (b) The user has withdrawn the consent on which the processing is based and there is no other

legal basis for processing, (c) User has objected to processing and not

there are overriding legitimate grounds for processing or the objection relates to

processing of data for direct marketing purposes, (d) user's personal data

were processed unlawfully, (e) personal data must be deleted in order to

fulfillment of a legal obligation provided for in Union law or national law.

6.1.4 the right to withdraw consent for the processing of personal data at any time.

marketing - The user has the right to withdraw the consent given for processing

of personal data at any time. Revoking consent to processing will not have

of the legality of the processing carried out before its withdrawal.

6.1.5 the right to restrict data processing - The user has the right to request that

his personal data processing has been limited in the following cases: (a)

The user questions the accuracy of personal data for a period that allows

To the administrator to check the accuracy of these data, (b) the processing is inconsistent with

by law, and the User opposes the deletion of personal data, demanding in return

restrictions on their use, (c) The administrator no longer needs personal data to

processing purposes, but they are necessary for the User to determine, pursue or

claims defense,(d)The user has objected under Art. 21 para 1 of the GDPR against

processing - until the time of determining whether there are legally justified grounds on the side

Administrators are superior to the basis of objection.

6.1.6 the right to object to data processing (objection due to

(special situation) - if the User's personal data is processed on the basis of

in the legally justified interest of the Administrator, the User has the right to object to

at any time to processing, in accordance with Art. 21 GDPR.

6.1.7 the right to data portability - The user has the right to receive it

in a structured, commonly used format suitable for reading

machine personal data concerning him which he provided to the Administrator, and has

the right to transfer these personal data to another administrator without hindrance from the side

The administrator to whom these personal data have been provided, if the processing takes place on

based on consent and in an automated way.

6.1.8 the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection

Personal.

6.2 If you wish to exercise the rights mentioned in point 6.1 of the Policy, please contact us.

contact for the Administrator's contact details.

§7 Transfer of personal data to third countries

The user's personal data will be transferred outside the European Economic Area.

§8 Cookie Policy

8.1 Purpose of using cookies

8.1.1 The administrator does not collect any information automatically, except

information contained in cookies.

8.1.2 Cookies are used in many ways.

8.1.3 Cookies are used for functional purposes, personalization of content,

statistical, analytical and marketing.

8.2 Types of cookies

8.2.1 The service uses the following types of cookies:

 session cookies, which are deleted at the end of a given browser session or when turned off

computers or mobile devices are removed from its hard drive

 persistent cookies, which are stored in the computer's memory, or device

mobile until the moment of their manual deletion by the User.

via appropriate tools in the web browser or their

expiration

 third-party cookies, these are information placed by scripts of other entities.

internet services.

8.2.2 The following types of cookies are used within the Service:

"necessary", enabling the use of services available within the Service,

"performance", allowing the collection of information about the way of using

Service,

"functional", enabling "remembering" the choices made by the User

settings and customization of the User Interface, e.g. in terms of the selected language

or region,

"advertising", enabling the delivery of advertising content to Users

more tailored to their interests.

8.3 Google Analytics

The service uses Google Analytics, a service for analyzing internet services. Its provider is a company

Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics

uses so-called "Cookies", text files, which are saved on your computer and

They allow the analysis of your use of the website.

Storing Google Analytics cookies is based on Article 6, paragraph 1, letter f)

Regulations on personal data protection (GDPR). The administrator has a legitimate interest

in analyzing user behavior both for the purpose of optimizing their online offer,

as well as your advertising.

The user of the service can familiarize themselves with Google's privacy policy at the following address:

https://policies.google.com/privacy?hl=pl 

If the Service User does not want information about him to be collected in this way, he can, for example.

change your browser settings.

The administrator informs that in this case the Service User's data is subject to transfer outside

European Economic Area.

8.4 Facebook (Meta) Pixel

The service uses Facebook Pixel, a service that allows for conducting effective campaigns.

for marketing and product promotion. Its provider is Facebook Inc., 1601 S. California Ave.,

Palo Alto, CA 94304, USA or, for users who are EU residents - Facebook Ireland

Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook Pixel is a short code placed on the website that allows to measure the effectiveness of ads.

based on the analysis of actions taken by users on the website, which we understand as

our legitimate interest. (Art. 6 para. 1 lit. f GDPR).

The information collected as part of Facebook Pixel is anonymous, i.e. it does not allow for identification.

User. We only know what actions have been taken within our service.

With the privacy policy of the Facebook portal at the address https://www.facebook.com/privacy/explanation

If the Service User does not want information about him to be collected in this way, he can, for example.

change settings by clicking on the link: https://www.facebook.com/ads/preferences

The administrator informs that in this case, the User's Service data may be subject to transfer.

outside the European Economic Area.

8.5 Managing cookies files:

8.5.1 Most often, browser settings by default allow for placing files.

cookies and other information on the terminal device. If the User does not agree to

To save these files, it is necessary to change the browser settings appropriately.

website. It is possible to disable their saving for all connections from a given

browsers or for a specific website, as well as their removal. The way to manage files

depends on the software being used. Current file management rules can be found

in the settings of the used internet browser.

8.5.2 Information on managing cookies on a mobile phone can be found

in the User Manual of the given phone.

8.5.3 The consent to process cookies is voluntary. However, it should be remembered that

restrictions in their use may hinder or prevent the use of some parts

functionality of the website conducted at the address: https://n-parts.pl/en/.

§9 Data Security

9.1 The User's personal data is stored and protected with due diligence, in accordance with

with implemented internal procedures of the Administrator. The Administrator processes information

about the User using appropriate technical and organizational means that meet

requirements of universally applicable law, in particular regulations on protection

of personal data. These measures are primarily aimed at securing personal data.

Protect users from unauthorized access.

9.2 In particular, only authorized persons have access to the Users' personal data.

which are obligated to keep this data confidential or entities to which they have been entrusted

processing of personal data based on a separate data entrustment agreement.

§10 Final provisions

10.1 The Administrator reserves the right to change this Privacy and Cookies Policy.

In such a case, its updated version will be published in this location.

10.2 In matters not regulated by this Privacy Policy, the protection regulations apply.

personal data.

10.3 This Privacy Policy is effective from the day 04.01.2023 year.