Country

Language
Account

Cart

Your cart is empty

Continue shopping

Frequent searches

What is Rarist?Watch serviceAP WatchesRolexWomen's watches FAQs Patek PhilippeCan I sell my watch?

Privacy Policy

§1

GENERAL PROVISIONS

 

1. This Privacy Policy sets out the rules regarding the processing of personal data by the Store, including the basis, purposes and scope of personal data processing, the rights of individuals whose data is processed, as well as information regarding the use of cookies and analytical tools.

2. The Controller of personal data collected through the Online Store is:

LUXURY TRADE FILIP SARNA

Registered office: 31-024 Kraków, ul. Szpitalna 20-22

VAT ID (NIP): 6772413308

REGON: 366386668

Tel: +48 537 555 583

Email: shop@rarist.pl, hereinafter referred to as the “Controller.”

 

3. Personal data in the Online Store is processed by the Controller in accordance with applicable law, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – hereinafter referred to as “GDPR.”

4. The use of the Online Store, including making purchases, is voluntary. Similarly, the provision of personal data by a Customer using the Online Store is voluntary, except for:

  • Contractual obligations - failure to provide personal data required and indicated on the Store’s website, in the Online Store Terms and Conditions, or in this Privacy Policy, which are necessary to conclude and perform a Sales Agreement or an Electronic Service Agreement with the Controller, will result in the inability to conclude such an agreement. Providing personal data is, in this case, a contractual requirement, and if a person wishes to enter into a given agreement with the Controller, they must provide the required data. The scope of data required to conclude a contract is always specified in advance on the Online Store website.
  • Statutory obligations – providing personal data is a statutory requirement arising from generally applicable laws imposing on the Controller the obligation to process personal data (e.g., for accounting or tax record-keeping purposes), and failure to provide such data will prevent the Controller from fulfilling these obligations.

5. The Controller exercises special care to protect the interests of persons whose personal data is processed and, in particular, ensures that the data collected is:

  • processed lawfully;
  • collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes;
  • factually correct and adequate in relation to the purposes for which they are processed;
  • stored in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed;
  • processed in a way that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

6. Taking into account the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller implements appropriate technical and organizational measures to ensure and demonstrate that processing is carried out in accordance with the Regulation. The Controller applies technical measures preventing unauthorized access to and modification of personal data transmitted electronically.

§2

BASIS FOR DATA PROCESSING

1. The Controller is entitled to process personal data when - and to the extent that - at least one of the following conditions is met:

  • the data subject has given consent to the processing of their personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the Controller is subject;
  • processing is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular when the data subject is a child.

2. Processing of personal data by the Controller requires the existence of at least one of the above-mentioned bases. Specific legal bases for processing personal data of Customers are indicated below.

§3

PURPOSE, BASIS, PERIOD, AND SCOPE OF DATA PROCESSING

1. The purpose, legal basis, period, scope, and recipients of personal data processed by the Controller depend on the actions taken by the Customer in the Online Store. For example, if the Customer chooses to purchase goods and select in-person pickup instead of courier delivery, their personal data will be processed for the purpose of performing the Sales Agreement but will not be shared with the shipping carrier.

2. The Controller may process personal data in the Online Store for the following purposes, on the following legal bases, for the following periods, and within the following scopes:

Purpose of processing

Legal basis / storage period

Scope of processed data

Performance of Sales Agreement or Electronic Service Agreement

Article 6(1)(b) GDPR (performance of a contract)

Data is stored for the period necessary to perform, terminate, or otherwise expire the concluded agreement.

Scope: first and last name; email address; contact phone number; delivery address (street, house number, apartment number, postal code, city, country); residence/business address (if different from delivery address); IP address; customer ID.

Bookkeeping

Article 6(1)(c) GDPR in conjunction with Article 74(2) of the Accounting Act of 30 January 2018 (Journal of Laws 2018, item 395)

Data is stored for the period required by law obliging the Controller to retain accounting or tax records (up to the expiration of the tax liability limitation period, unless otherwise provided by tax laws, or for 5 years from the beginning of the year following the financial year concerned).

First and last name; residence/business address (if different from delivery address); company name and VAT ID (NIP) of the Customer.

Newsletter email dispatch

Article 6(1)(a) GDPR (consent)

Data is stored until the consent is withdrawn by the data subject.

Email address.

Publishing product reviews on the website

Article 6(1)(a) GDPR (consent)

Data is stored until the consent is withdrawn by the data subject.

First and last name; phone number; email address; delivery address; residence/business address (if different from delivery address).

Establishing, pursuing, or defending claims

Article 6(1)(f) GDPR (legitimate interest)

Data is stored for the duration of the Controller’s legitimate interest, but no longer than the limitation period for claims related to the Controller’s business activity. The limitation period is determined by law, in particular the Civil Code (three years for business-related claims, two years for sales agreements).

First and last name; phone number; email address; delivery and residence/business addresses (if different from delivery address).

Handling inquiries

Article 6(1)(a) GDPR (consent)

Data is stored until the consent is withdrawn by the data subject.

First name, last name, email address, IP address.

 

§4

DATA RECIPIENTS

1. For the proper operation of the Online Store, including the execution of Sales Agreements, it is necessary for the Controller to use external service providers. The Controller uses only those processors that provide sufficient guarantees of implementing appropriate technical and organizational measures so that processing complies with GDPR and protects the rights of data subjects.

2. The transfer of data by the Controller does not occur in every case or to all recipients indicated in this Privacy Policy – data is shared only when necessary for the achievement of a specific purpose and only to the extent required. For example, if the Customer selects in-person pickup, their data will not be shared with courier companies.

3. Personal data of Online Store Customers may be transferred to the following recipients or categories of recipients:

  • carriers / courier brokers - in the case of Customers who use postal or courier delivery, the Controller provides the necessary personal data to the selected carrier or intermediary handling shipments on behalf of the Controller;
  • entities handling electronic or card payments - in the case of Customers who use electronic or card payments, the Controller provides the necessary personal data to the payment service provider;
  • suppliers of technical, IT, and organizational solutions enabling the Controller to operate the business and the Online Store (e.g., software providers, hosting, email services, or business management systems);
  • accounting, legal, or debt collection service providers - only to the extent necessary for the realization of the respective processing purpose in accordance with this Privacy Policy.

§5

PROFILING

1. The Controller may use profiling for marketing purposes in the Online Store; however, decisions made on its basis do not concern the conclusion or refusal of a Sales Agreement or access to Online Store services. The result of profiling may include offering discounts, sending promotional codes, reminding of unfinished purchases, or suggesting products matching a Customer’s preferences. The Customer always decides whether to use such offers.

2. Profiling consists of automated analysis or forecasting of a person’s behavior on the Online Store’s website (e.g., viewing specific products, adding them to the cart, or analyzing past purchase history). Profiling requires that the Controller holds personal data of the Customer to send, for example, a discount code.

3. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them.

§6

RIGHTS OF DATA SUBJECTS

1. Right of access, rectification, restriction, deletion, or portability - the data subject has the right to request from the Controller access to their personal data, its rectification, erasure (“right to be forgotten”), or restriction of processing, and has the right to object to processing as well as the right to data portability. Detailed conditions for exercising these rights are set out in Articles 15-21 of the GDPR.

2. Right to withdraw consent at any time - if processing is based on consent, the data subject has the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3. Right to lodge a complaint with a supervisory authority - the data subject has the right to lodge a complaint with the supervisory authority, in particular the President of the Personal Data Protection Office (UODO) in Poland.

4. Right to object - the data subject has the right to object, on grounds relating to their particular situation, at any time to processing of their personal data based on Article 6(1)(e) or (f) GDPR, including profiling. The Controller must then cease processing unless they demonstrate compelling legitimate grounds overriding the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

5. To exercise these rights, please contact the Controller by sending a written or electronic message to the address specified in §1.

§7

COOKIES, OPERATIONAL DATA, AND ANALYTICS

1. Cookies are small text files sent by a server and stored on the visitor’s device (e.g., computer, laptop, or smartphone). More information on cookies and their history can be found here: https://en.wikipedia.org/wiki/HTTP_cookie.

2. The Controller may process data contained in cookies when visitors use the Online Store for the following purposes:

  • identifying logged-in Customers and showing that they are logged in;
  • remembering Products added to the cart to place an Order;
  • remembering data from completed Order Forms, surveys, or login details;
  • customizing the content of the Online Store to Customer preferences (e.g., colors, font size, layout) and optimizing the website experience;
  • conducting anonymous statistics showing how the Online Store is used;
  • remarketing - analyzing visitors’ behavior (e.g., repeated visits, keywords) to create profiles and show ads matching predicted interests, including on websites within the advertising network of Google Inc. and Meta Platforms Ireland Limited;

3. By default, most web browsers accept cookies. Users can define the conditions for cookies through browser settings, including partial or total disabling of cookies (which may affect some Online Store functionalities, e.g., saving items in the cart).

4. Browser settings are essential for expressing consent to cookies - such consent may also be given through browser configuration. If you do not wish to consent, adjust your browser settings accordingly.

5. Detailed information on changing cookie settings or deleting them can be found in the help section of your browser.

6. The Controller may use Google Analytics, Universal Analytics (by Google Inc.), Meta Pixel (by Meta Platforms Ireland Limited), and Heatmap (by HeatMap, Inc.) to analyze traffic in the Online Store. The collected data is processed anonymously to generate statistical summaries. This data is aggregated and does not contain identifying features (personal data) of visitors. The Controller collects data such as traffic sources, on-site behavior, device and browser information, IP address, location, demographics (age, gender), and interests.

7. Users can easily block Google Analytics from collecting their data by installing the browser add-on available here: https://tools.google.com/dlpage/gaoptout?hl=en