Privacy policy

NOX2 SP. Z O.O. PRIVACY POLICY

1. GENERAL PROVISIONS
The administrator of personal data collected via the website www.carfix.ac is NOX2 SP. Z O.O. with its registered office in Warsaw, ul. Sarmacka 5G, 00-972, entered in the Register of Entrepreneurs kept by the District Court in Warsaw, 13th Commercial Division of the National Court Register, under KRS number: 0001126653, REGON: 529632928, NIP: 9512604898, share capital of PLN 5,000.00, email address: info@carfix.ac, (hereinafter referred to as the “Administrator” or “NOX2 SP. Z O.O.”).
2. Personal data collected by the Administrator via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/ 46/EC (General Data Protection Regulation), (hereinafter referred to as: “GDPR”) and the Personal Data Protection Act of 10 May 2018 (Journal of Laws of 2018, item 1000, as amended).
2 . TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
The administrator processes personal data via the website www.carfix.ac, in particular in the following cases:
a) accepting and fulfilling orders for the purchase of products (Article 6(1)(b) of the GDPR) – regardless of the method of accepting such orders, including via the online store at www.carfix.ac (hereinafter referred to as the “Online Store”);
b) providing warranty services (Article 6(1)(b) of the GDPR);
c) tax settlement of purchases made (Article 6(1)(c) of the GDPR in conjunction with the Corporate Income Tax Act and the Goods and Services Tax Act);
d) securing and pursuing any claims (Article 6(1)(f) of the GDPR),
e) direct marketing: of NOX2 SP. Z O.O. products or services and attaching promotional materials of NOX2 SP. Z O.O. business partners to shipments (Article 6(1)(f) of the GDPR),
f) marketing communication via telecommunications terminal equipment (Article 172 of the Telecommunications Law);
g) maintaining a list of objections to data processing for marketing purposes, if you submit such an objection to us (Article 6(1)(c) of the GDPR, in conjunction with Article 21(3) of the GDPR).
h) corresponding with Customers or potential Customers and responding to their questions in connection with the contact, including via the contact form on the Online Store website (Article 6(1)(a) or (f) of the GDPR);
i) performing concluded contracts and maintaining a user account in the Online Store (Article 6(1)(b) of the GDPR in conjunction with the Act on the provision of electronic services);
j) analytical and statistical activities related to the use of the Online Store by users of the Online Store (Article 6(1)(f) of the GDPR).
2. The Administrator processes the following categories of personal data of the user: name and surname, gender, email address, contact telephone number, delivery address (street, house number, apartment number, postcode, city, country), address of residence/business/registered office, IP address, other data related to the performance of the contract, e.g. bank account number. Additionally, the following data is also stored: purchase history (necessary, among other things, to provide warranty services for purchased products and to correspond with Customers), information about how users of the Online Store navigate the Online Store.
3. Users’ personal data is stored by the Administrator:
a) if the basis for data processing is the performance of a contract, for as long as it is necessary to perform the contract, and after that time for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic performance and claims related to the conduct of business activity – three years.
b) if the basis for data processing is consent, until the consent is revoked, and after revocation of consent for a period corresponding to the limitation period for claims that may be raised by the Administrator and that may be raised against him. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activities – three years.
4. When using the Website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the Internet provider, the domain name, the type of browser, the access time, the type of operating system.
5. Navigation data may also be collected from users, including information about links and references that they decide to click on or other activities undertaken on the website. The legal basis for this type of activity is the legitimate interest of the Administrator (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided by electronic means and improving the functionality of these services.
6. The provision of personal data by the user is voluntary, however, failure to provide the above-mentioned personal data necessary to place and execute an order will result in the inability to place an order. The provision of personal data also enables us to take direct marketing measures on your behalf.
7. Personal data will also be processed in an automated manner in the form of profiling, provided that the user consents to this on the basis of Article 6(1)(a) of the GDPR. The consequence of profiling will be the assignment of a profile to a given person for the purpose of making decisions concerning them or analysing or predicting their preferences, behaviours and attitudes.
8. The administrator shall take special care to protect the interests of data subjects and, in particular, shall ensure that the data collected by him are:
a) processed lawfully,
b) collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,
c) accurate and adequate in relation to the purposes for which they are processed and stored in a form which allows identification of the data subjects for no longer than is necessary to achieve the purpose of processing.
3. DISCLOSURE OF PERSONAL DATA
Users’ personal data may be transferred to the following recipients or categories of recipients: suppliers, service providers of the Company, warehouse where goods are stored and parcels are packed for delivery to Customers, customer service office, logistics centre, postal operators and courier companies which, on behalf of NOX2 SP. Z O.O. deliver shipments to Customers, external suppliers specialising in the provision of marketing services (e.g. marketing agencies) in connection with the design, planning and placement of advertisements, banks and debt collection, legal or advisory companies that provide NOX2 SP. Z O.O. with professional financial services.
2. In the case of a Customer who makes a purchase in the Online Store, the recipient of the data is also the hosting service provider. Users’ personal data is stored exclusively within the European Economic Area (EEA).
4. RIGHT TO CONTROL, ACCESS AND CORRECT YOUR OWN DATA
The data subject has the right to access their personal data and the right to rectify, delete, restrict processing, transfer data, object, and withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent prior to its withdrawal.
2. Legal basis for the user’s request:
a) Access to personal data – Article 15 of the GDPR
b) Rectification of data – Article 16 of the GDPR.
c) Erasure of data (the so-called right to be forgotten) – Article 17 of the GDPR.
d) Restriction of processing – Article 18 of the GDPR.
e) Data portability – Article 20 of the GDPR.
f) Objection – Article 21 of the GDPR
g) Withdrawal of consent – Article 7(3) of the GDPR.
3. In order to exercise the rights referred to in point 2, you can send an appropriate e-mail to the following address: info@carfix.ac
4. If you exercise your rights under the above provisions, the Controller shall comply with your request or refuse to comply with it immediately, but no later than within one month of receiving it. However, if, due to the complex nature of the request or the number of requests, the Controller is unable to comply with the request within one month, it shall comply with it within the next two months, informing the user in advance, within one month of receiving the request, of the intended extension and the reasons for it.
5. If it is found that the processing of personal data violates the provisions of the GDPR, any data subject has the right to lodge a complaint directly with the supervisory authority: the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.
6. We will process your data for the following periods:
a) performance of concluded contracts for the delivery of products – for the duration of the contract and for the period of limitation of claims specified in the relevant provisions;
b) performance of obligations arising from the warranty – in accordance with the warranty period specified in the Online Store Regulations – available on the website www.carfix.ac (hereinafter referred to as: “Store Regulations”) and the relevant provisions of law.
c) tax settlement of sales – for a period of 5 years from the end of the tax year in which the sale was made;
d) marketing our products and services – for up to 5 years after your last purchase; you have the right to object to the processing of your data for marketing purposes at any time and withdraw your consent in this regard;
e) carrying out marketing communications – until you withdraw your consent to such contact or object to the processing of your data for marketing purposes;
f) pursuing claims or defending against claims – for this purpose, we process data if you fail to pay for the products you have purchased or if you bring a claim against us – until the matter is resolved or the limitation period for claims expires;
g) maintaining a list of objections to data processing for marketing purposes – until you withdraw your objection (Article 6(1)(c) of the GDPR in conjunction with Article 21(3) of the GDPR).
h) responses to questions asked via the contact form – for the duration of the correspondence and then for a period of 24 months,
i) use of the account in the Online Store – for the period of the Customer’s account in the Online Store, in accordance with its terms and conditions; after the Customer deletes their account, we may still process the Customer’s data for the purposes of defending against claims, if justified by the circumstances;
j) analytical and statistical activities related to the use of the Online Store – for a period of 24 months,
5. COOKIES
The Website uses cookies.
2. The installation of cookies is necessary for the proper provision of services on the Website. Cookies contain information necessary for the proper functioning of the Website and also enable the compilation of general statistics on website visits. Cookies and similar technologies do not adversely affect the operation of the device on which they are placed. Their use does not cause any changes to the configuration of the device or the software installed on it. Information obtained through cookies and similar technologies may be disclosed depending on the specific file/technology: to providers of services related to the administration of our website, providers of data analysis solutions, providers of online marketing services, social media platforms, providers of payment-related services.
3. The Website uses the following types of cookies: session cookies and persistent cookies
a) Session cookies are temporary files that are stored on the user’s end device until they log out (leave the website).
b) “Persistent” cookies are stored on the user’s end device for the period specified in the cookie parameters or until they are deleted by the user.
4. The administrator uses its own cookies to better understand how users interact with the content of the website. The files collect information about how the user uses the website, the type of page from which the user was redirected, and the number of visits and the time spent by the user on the website. This information does not record specific personal data of the user, but is used to compile statistics on the use of the website.
5. You have the right to decide whether cookies can be stored on your computer by selecting the appropriate settings in your browser. Detailed information about the options and methods for managing cookies is available in your browser settings.
6. FINAL PROVISIONS
This document is effective from 2 April 2024.
2. This document is adopted by the Management Board of NOX2 SP. Z O.O. and is subject to periodic review for updates, in particular in the event of changes in legal regulations.
3. The controller shall implement technical and organisational measures to ensure the protection of personal data being processed in a manner appropriate to the risks and categories of data being protected, and in particular shall protect the data against unauthorised access, removal by an unauthorised person, processing in violation of applicable regulations, and alteration, loss, damage or destruction.
4. The Administrator shall provide appropriate technical measures to prevent unauthorised persons from obtaining and modifying personal data transmitted electronically.
5. In matters not covered by this Privacy Policy, the provisions of the GDPR and other relevant provisions of Polish law shall apply accordingly.