This policy applies to the Website operating at the following URL: we fine-tune.com

The website operator and personal data administrator is:

Dostrajamy Sp. z o.o. with its registered office in Rzeszów, ul. Starzyńskiego 2/17, 35-508 Rzeszów

Operator's contact e-mail address: e-mail: domisol@dostrajamy.com / telephone: 736 678 445

Thank you for your interest in our online shop. Protecting your privacy is very important to us. Below you will find detailed information on how we handle your data.

1. Explanation of terms used in the Privacy Policy:

1.1. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.2. Personal data – means information about an identified or identifiable natural person („data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.3. Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing or destroying.

1.4. Restriction of processing – means marking stored personal data to restrict its future processing.

1.5. Profiling – means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

1.6. Personal Data Controller – means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.7. Processor – means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

1.8. Recipient – means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not.

1.9. Third party – means a natural or legal person, public authority, agency or body other than the data subject, the Controller, the processor or persons who, under the authority of the Controller or the processor, may process personal data.

1.10. Consent of the data subject – means a voluntary, specific, informed and unambiguous expression of will by the data subject in the form of a written statement authorising the processing of personal data.

1.11. Personal data breach – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

1.12. Authorised person – a person holding an authorisation issued by the Personal Data Controller or a person authorised by the Personal Data Controller and admitted as a User to process personal data, including in the ICT system, within the scope specified in the authorisation.

1.13. Unauthorised person – this means a person who is not authorised to process personal data (excluding persons authorised to view and process such data under separate regulations), as well as a person whose personal data is not subject to processing in the relevant data files.

1.14. User – a natural person who visits the website and uses the contact form available on the website.

2. Dostrajamy Sp. z o.o. acts as the Personal Data Controller within the meaning of the GDPR with regard to the Personal Data of Users who are natural persons.

3. Collection and processing of data for the purposes of contract performance and contact

3.1 Data processing 

We process personal data voluntarily provided by the User when placing an order. Personal data is processed for the purpose of performing the contract (including enquiries regarding the handling of claims under warranty for defects or guarantees and in relation to the obligation to provide information about necessary updates). The legal basis for this is Article 6(1)(b) of the GDPR. Mandatory fields are marked as such because they relate to data that is necessary for the execution of the order and without which we are unable to execute it. The data that is collected is directly derived from the forms into which the data is entered.

Further information on the processing of your data, in particular with regard to the transfer of data to our service providers for the purpose of order fulfilment, payment and shipping, can be found in the following sections of this privacy policy. After the contract has been fulfilled, the processing of your data will be restricted, and after the retention periods required by tax regulations and the Accounting Act have expired, this data will be deleted (Article 6(1)(c) of the GDPR), unless the User expressly consents (Article 6(1)(a) of the GDPR) to the further use of this data for other purposes or we reserve the right to further use it in cases permitted by law, in which case we will inform the User in this privacy policy.

3.2 Customer account

If, in accordance with Article 6(1)(a) of the GDPR, you consent to the creation of a customer account, we will process your personal data necessary for this purpose. This data will also be used for future orders on our website. Your customer account can be deleted at any time. To do so, please send a message to our contact address indicated in the „Contact” section or use the appropriate function in your customer account settings. After deleting your customer account, the processing of your data will be restricted and, after expiry of the retention periods specified in tax regulations and the Accounting Act, the data will be deleted (Article 6(1)(c) of the GDPR), unless you expressly consent (Article 6(1)(a) of the GDPR) to the further use of this data or, in accordance with applicable law, we reserve the right to continue using the data for other purposes, in which case we will inform you in this privacy policy.

3.3 E-receipts

The Seller may provide the entity providing IT services in the scope of issuing, maintaining and ensuring access to e-receipts with the User's telephone number or e-mail address, which may be processed for the purposes of:

a. verifying whether a given telephone number or e-mail address has been registered in the service provider's own products, and in the event of positive verification, providing the User with access to e-receipts and additional information from the process of issuing them within the framework of these products;

b. sending text messages and other notifications to Users confirming the issuance of an e-receipt to the IT system of the entity providing IT services for e-receipts.

3.4 Data processing for contact purposes

As part of our communication with customers, we process personal data for the purpose of processing user enquiries (Article 6(1)(b) of the GDPR). This data is provided to us voluntarily by the user when contacting us (e.g. via the contact form or by e-mail). Mandatory fields are marked as such because they relate to data that is necessary to process the enquiry. The data collected is directly apparent from the forms into which the data is entered. Once the User's enquiry has been fully processed, the User's data will be deleted, unless you expressly consent (Article 6(1)(a) of the GDPR) to the further use of this data for other purposes or we reserve the right to further use it in cases permitted by law, in which case we will inform you in this privacy policy.

4. Data processing for the purpose of delivery

In order to perform the contract (Article 6(1)(b) of the GDPR), we transfer the User's data selected by the User in the ordering process to the shipping company commissioned to deliver the ordered products.

5. Data processing for the purpose of making payments

In order to process payments in our online shop, we cooperate with external service providers handling electronic online payments and transfer the User's data selected by the User during the ordering process to the company handling the payment. The above serves to perform the contract (Article 6(1)(b) of the GDPR).

6. Marketing channels:

6.1 Sending the newsletter

If you subscribe to our newsletter, we will use the data you provide on the basis of your consent (Article 6(1)(a) of the GDPR) to send you our newsletter regularly by electronic means.

You can unsubscribe from the newsletter at any time. To do so, please send a message to our contact address indicated in the „Contact” section or use the unsubscribe link provided in the newsletter. After unsubscribing from the newsletter, we will delete your e-mail address, unless you give your explicit consent (Article 6(1)(a) of the GDPR) to the further use of this data for other purposes or, in accordance with applicable law, we reserve the right to continue using the data, in which case we will inform the User in this privacy policy.

6.2 Sending invitations to submit purchase reviews

If the User has given their consent during or after placing an order (Article 6(1)(a) of the GDPR), we will use the User's e-mail address to send them an electronic invitation to review their purchase made in our shop. The review/rating is submitted via the review system we use. The User may withdraw their consent at any time by sending a message with information about the withdrawal of consent to our contact address indicated in the „Contact” section. Alternatively, the User may also use the link to unsubscribe from the newsletter recipient list included in the message inviting them to submit a review.

7. Cookies

In order to make your visit to our website more attractive and to enable you to use its key features, we use technological tools, including so-called cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the web browser session, i.e. after it is closed (so-called session cookies). Other cookies are stored on the User's end device and enable us to recognise the User's browser the next time they visit the website (so-called persistent cookies).

7.1 Cookies classified as „essential” are stored in the User's browser because they are necessary to enable the basic functions of the website. Essential cookies are crucial for the basic functions of the website, and the website will not function as intended without them. These cookies do not store any personally identifiable information.

7.2 Functional cookies help perform certain functions, such as sharing website content on social media platforms, collecting feedback, and other third-party functions.

7.3 Analytical cookies are used to understand how the User interacts with the website. These cookies help provide information on visitor metrics, bounce rate, and traffic source.

7.4 Performance cookies are used to understand and analyse key website performance indicators, which helps to provide a better user experience for visitors. Advertising cookies are used to deliver personalised advertisements to the User based on the pages the User has previously visited and to analyse the effectiveness of an advertising campaign.

8. Protection of end device privacy

When you use our online services, we employ technologies that are absolutely necessary to ensure the proper and optimal use of the essential functions of our website. In this regard, storing information on your end device or accessing information that is already stored on your end device does not require your consent.

In the case of functions that are not absolutely necessary, storing information on the User's end device or accessing information already stored on their end device requires the User's consent. It should be noted that in the absence of consent, some functions or elements of the website may not be fully available. Any consent given by the User remains valid until the consent is withdrawn, the settings are configured or the relevant settings are reset on the end device.

9. Any further processing of data using cookies and other technologies

We use technologies that are absolutely necessary to ensure the proper and optimal use of the essential functions of our website (e.g. the shopping basket function). These technologies process data such as the user's IP address, the time of the visit to the website, information about the device and browser, as well as information about the use of our website (e.g. the contents of the shopping basket). This serves, in accordance with Article 6(1)(f) of the GDPR, to pursue our legitimate interest in the optimal presentation of our offer. In addition, we also use technological tools to fulfil our legal obligations (e.g. to prove that we have obtained consent for the processing of your personal data) as well as for web analytics and online marketing. Further information on this subject, including the relevant legal bases for data processing, can be found in the following sections of this privacy policy.

9.1 Use of Google services

We use the following technological tools provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland („Google”). Information collected automatically by Google technologies regarding the use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. The European Commission has not issued a decision on the adequacy of data protection in the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. If the User's IP address is processed when using Google's technological tools, the IP address is shortened before being stored on Google's servers thanks to IP anonymisation. Only in exceptional cases will the full IP address be sent to a Google server and shortened there. Unless otherwise specified for individual Google technologies described in this privacy policy, data processing is based on a contract with Google for joint control of personal data in accordance with Article 26 of the GDPR. Further information on data processing by Google can be found in the privacy policy on the Google website.

9.2 Google Analytics

For the purpose of analysing the use of our website, we use Google Analytics, a web analytics tool from Google that automatically processes User data (IP address, time spent on the website, device and browser information, and information about the use of our website) for this purpose and creates pseudonymised user profiles based on this data. Cookies may be used for this purpose. As a rule, your IP address is not combined with other data collected by Google. Data processing within the Google Analytics service is based on a data processing agreement concluded with Google.

9.3 Google Ads

With the help of Google Ads, we promote our website in search results and on third-party websites. For this purpose, when you visit our website, a Google remarketing cookie will be automatically stored on your device, which, based on the pages you visit, enables the display of advertisements based on your interests by processing your data using a pseudonymous identifier (ID) (IP address, time spent on the website, device and browser information, as well as information about the use of our website). Further processing of data only takes place if you have activated the personalisation of advertisements in your Google account settings. In this case, if you are logged into Google while visiting our website, Google will use your data together with the data collected through Google Analytics to create and define so-called target group lists for remarketing purposes on various devices.

9.4 Use of Facebook services

We use the Facebook Pixel tool provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland („Facebook”). The scope of the Facebook Pixel tool functionalities we use is indicated below. Facebook Pixel automatically collects and stores data (your IP address, time of visit to the website, device and browser information, as well as information about your use of our website, e.g. visit to the website or registration for the newsletter). Based on this data, pseudonymised user profiles are then created.

As part of the so-called extended data comparison in the Facebook Analytics tool, hashed information that can be used to identify individuals (e.g. names, e-mail addresses and telephone numbers) is also collected and stored for comparison purposes.

To this end, when you visit our website, Facebook Pixel stores a cookie on your device which, using a pseudonymised cookie ID, enables automatic recognition of your browser when you visit other websites. Facebook will combine this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website usage, in particular for the purpose of personalising advertising. The information collected automatically by Facebook technologies about how you use our website is usually transferred to a server of Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. The European Commission has not issued a decision confirming an adequate level of data protection in relation to the USA. To the extent that the transfer of data to the USA is our responsibility, our cooperation is based on the European Commission's standard data protection clauses. Further information on data processing by Facebook can be found in Facebook's privacy policy.

9.5 Facebook analytics tools

As part of Facebook Business tools, statistics on user activity on our website are created based on data collected using Facebook pixel code regarding the user's use of our website. Data processing by Facebook is based on a data processing agreement. Data analysis (website usage statistics) is used to optimise and improve our website.

9.6 Facebook Ads (advertisement management)

Facebook Ads enables us to advertise our website on Facebook and other platforms. We set the parameters for a given advertising campaign. Facebook is responsible for its accurate implementation, in particular for the decision to display a given advertisement to individual Users. Unless otherwise specified for individual functions and tools, data processing is based on a joint controller agreement in accordance with Article 26 of the GDPR. Joint responsibility is limited to the collection of data and its transfer to Facebook Ireland. This does not include subsequent data processing by Facebook Ireland.

10. Social media

10.1 Our activity on social media: Facebook, Instagram, YouTube

If the User has given their consent to a given social media platform in this regard (Article 6(1)(a) of the GDPR), when visiting our account/profile on the above-mentioned social media platforms, the User's data will be automatically collected and stored for web analytics and marketing purposes. This data is used to create pseudonymised user profiles. These can be used, for example, to place so-called personalised advertisements within and outside social media platforms that are likely to correspond to the User's interests. Cookies are usually used for this purpose.

Detailed information on the processing and use of User data by individual social networking sites, as well as information on User rights and privacy settings, and contact details for enquiries, are described in the privacy policies of the individual social networking sites linked below. If the User needs assistance in this regard, they may also contact us.

Facebook (by Meta) is a social networking service offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland („Meta Platforms Ireland“). Information about your activity and use of our Facebook (by Meta) fan page is automatically processed and usually sent to the Meta Platforms Ireland, Inc. server at 1 Hacker Way, Menlo Park, California 94025, USA, where it is stored. The European Commission has not issued a decision confirming an adequate level of data protection in relation to the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing when visiting the Facebook fan page (by Meta) is carried out in accordance with Article 26 of the GDPR on the basis of joint agreements between the joint controllers, which are available [here](https://www.facebook.com/legal/terms/page_controller_addendum). Further information on the processing of your personal data when visiting the Facebook fan page (information on page statistics) is available [here](https://www.facebook.com/legal/terms/information_about_page_insights_data).

Instagram (by Meta) is a social media service offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland („Meta Platforms Ireland“). Information about your activity and use of our fan page on Instagram is automatically processed and usually sent to the server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA, where it is stored. The European Commission has not issued a decision confirming an adequate level of data protection in the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing when visiting the fan page on Instagram (by Meta) is carried out in accordance with Article 26 of the GDPR on the basis of joint agreements between the joint controllers. Further information on the processing of your personal data when visiting the Facebook fan page (information on page statistics) is available [here](https://www.facebook.com/legal/terms/information_about_page_insights_data).

11. User Rights

11.1 Persons whose data is processed have the following rights:

a. in accordance with Article 15 of the GDPR: the right to obtain information about the Processing of data within the scope specified in that Article;

b. pursuant to Article 16 of the GDPR: the right to rectify incorrect or incomplete Personal Data;

c. in accordance with Article 17 of the GDPR: the so-called „right to be forgotten”, i.e. the right to have the User's Personal Data stored by us deleted, provided that further Processing is not necessary:

– to exercise the right to freedom of expression and information;

– to fulfil a legal obligation;

– for reasons of public interest;

– to establish, pursue or defend legal claims;

d. in accordance with Article 18 of the GDPR: the right to restrict the processing of the User's Personal Data, provided that:

– the accuracy of this Personal Data is disputed by the User;

– The processing is unlawful and the User objects to their deletion;

– we no longer require Personal Data, but it is necessary for the User to establish, pursue or defend legal claims;

– The user has objected to the processing of data pursuant to Article 21;

e. pursuant to Article 20 of the GDPR: the right to receive the data provided to us in a structured, commonly used, machine-readable format and to transfer it to another Personal Data Controller;

f. pursuant to Article 77 of the GDPR: the right to lodge a complaint with a supervisory authority (the President of the Personal Data Protection Office, „UODO”).

11.2 Right to object

If we process Personal Data in the manner described in this privacy policy in order to protect our legitimate interests, then the User may object to the Processing of the User's data for this purpose – with effect for the future. If the Processing takes place for direct marketing purposes, the User may exercise their right to object at any time. If the Processing takes place for other purposes, you have the right to object only on grounds relating to your particular situation.

After the User exercises their right to object, we will not continue to Process the User's Personal Data unless we demonstrate compelling legitimate grounds for the Processing which override the User's interests and rights, or the Processing is for the establishment, exercise, or defence of legal claims.

The previous sentence does not apply when Data Processing is carried out for direct marketing purposes. In such a case, once the User has objected, we will always cease further Processing of the User's Personal Data.

11.3 Contacting us

If you have any questions regarding the collection, processing and use of your Personal Data, as well as if you wish to request information, rectification, restriction of processing or deletion of data, and in order to revoke your consent or object to the use of specific data, please contact the Personal Data Controller indicated at the beginning of this privacy policy directly.

The privacy policy for Dostrajamy Sp. z o.o. has been drawn up in accordance with applicable laws on the protection of personal data, in particular in accordance with the GDPR. We make every effort to ensure that your data is processed in accordance with best practices in the field of privacy protection.

—

If you have any further questions or concerns, please contact us!