Privacy Policy

The website https://www.aurumswiss.com/ is administered by Aurum Swiss Prosta Spółka Akcyjna with its registered office in Świnoujście, ul. Stanisława Wyspiańskiego nr 34b, 72-600 Świnoujście, entered in the register of entrepreneurs kept by the District Court Szczecin - Centrum in Szczecin, XIII Economic Division of the National Court Register, under KRS number: 0001097898, NIP: 8551608931. 

Contact with the Administrator:

• by e-mail: office@aurumswiss.com
• by post: ul. Stanisława Wyspiańskiego nr 34b, 72-600 Świnoujście

The Privacy Policy is dedicated to users of the https://www.aurumswiss.com/ website and customers of the online shop, whether they act as consumers or businesses. 

The Privacy Policy is part of the Terms and Conditions . 

The purpose of the Controller is to duly inform about matters related to the processing of personal data, in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC ("RODO"). 

Website user rights

The user has the following rights in relation to the processing of his/her personal data (Articles 12-21 RODO): 

• to information regarding the data being processed (Articles 12 and 13 RODO), 
• access to the content of their personal data (pursuant to Article 15 of the RODO), 
• request the rectification of personal data (Article 16 RODO), i.e. the correction of inaccurate data and the completion of incomplete data, 
• to request the restriction of the processing of personal data (Article 18 RODO), 
• to request the transfer of your personal data to another Controller (Article 20 RODO), 
• object to the processing of data on grounds related to your particular situation (pursuant to Article 21(1) of the RODO), however, this right is not absolute - i.e. despite your objection, the Controller may still process your personal data if he/she can demonstrate that there are compelling legitimate grounds for the processing overriding your rights and freedoms or grounds for establishing, asserting or defending claims, 
• object to the processing of personal data carried out for the purposes of direct marketing, to the extent that the processing is related to such direct marketing. 
• request the erasure of your personal data (pursuant to Article 17 RODO) - the so-called "right to be forgotten", this right applies when the Administrator processes your data unlawfully, when you object to the processing of your data for marketing purposes and when your data must be erased in order for the Administrator to comply with a legal obligation. 

In addition, the website user has the right to lodge a complaint with the supervisory authority, i.e. the President of the Office for Personal Data Protection.

Personal data and their processing 

Personal data includes any information that allows an individual to be identified. The controller acquires personal data to the minimum extent necessary to fulfil the purposes set out below. 

Data processing does not always take place directly. The specific nature of the website means that the Administrator also obtains data indirectly using, among other things, so-called cookies. Providing personal data is voluntary, however, some of it may be necessary to ensure proper use of the services provided by the Administrator. 

How, on what legal basis and what type of personal data does the Administrator process? 

Sales Contract

The purpose of data processing may be the conclusion and performance of a sales contract. Data necessary for the performance of the contract, i.e. name and surname, data concerning the business conducted, contact data (address, e-mail address, telephone number) are collected from persons concluding a sales contract with the Administrator. The legal basis for the processing of the data is the necessity for the performance of the contract or taking steps to conclude the contract (Article 6(1)(b) RODO). 

Account registration

The purpose of data processing may be the provision of free electronic services, i.e. the creation and maintenance of an account on the website. Data necessary for registration, i.e. name and surname, data concerning the business conducted, contact data (address, e-mail address, telephone number) are collected from persons creating an account. The legal basis for the processing of the data is the necessity to perform the contract for the free provision of services by electronic means or to take steps to conclude it (Article 6(1)(b) RODO). 

Commercial information - marketing consent 

Only with the user's consent can the Administrator process data for marketing purposes. Personal data includes data that the user provides in order to receive commercial and marketing information from the Administrator, i.e. name, surname, e-mail address or telephone number, data concerning business activities processed. The legal basis for data processing is consent (Article 6(1)(a) RODO). Such consent may be withdrawn at any time. 

Newsletter

If there is an option on the website, the user can subscribe to the newsletter. The personal data that the user provides in order to receive the newsletter includes: name, surname, e-mail address or telephone number, business data processed. The legal basis for the processing of the data is consent (Article 6(1)(a) RODO). Such consent may be withdrawn at any time. 

Links to other sites 

The site may contain links to other sites. If you click on a link to another site, you will be redirected to that site. Please note that these external parties are not operated by us. Therefore, the Administrator recommends that you independently - read the privacy policies of these sites. The Administrator has no control over and is not responsible for the content, privacy policies or practices of third parties. 

Legitimate interest of the Administrator

The Controller may process data within the framework of its legitimate interest (Article 6(1)(f) RODO), e.g. to pursue possible claims. Whenever the Controller processes personal data on the basis of a legitimate interest, the Controller seeks to analyse and balance its interest and the potential impact on the data subject (positive as well as negative) and the data subject's rights under data protection legislation. 

Cookies

Virtually every website nowadays uses so-called cookies, i.e. files which are used to automatically collect personal data from website users. This is no different for the Administrator's Website. The information obtained in this manner is stored on the computer of the user who uses it. 

The primary purposes for the use of cookies are twofold: to maintain and save the user session and to provide security (e.g. for fraud detection). In this respect, the use of cookies is essential. 

To a further extent, cookies may not be essential, but they greatly facilitate the use of the website. They are used for, among other things: 

• remembering a user's specific choices as to whether to display a certain message or to display it a certain number of times (e.g. within the options: last viewed, shopping basket, store), 
• monitoring user activity on the website, 
• collect anonymous, aggregate statistics to improve the functionality of the website, 
• marketing. 

In this regard, the Administrator uses the services of external entities, the list of which evolves depending on the shape of the market and technical possibilities. These entities include: 

• Google Analytics (Google Privacy Policy) - through this, the Administrator observes traffic and user behaviour on the website.      

It should be emphasised that at no stage is the user obliged to accept Cookies (except for technical Cookies). It is possible, through your Internet browser, to set up a configuration that prevents cookies from being stored on your computer. It is also possible to delete existing Cookies. However, failure to accept Cookies may adversely affect the operation of the website and, in some cases, even prevent the use of certain functions. 

If you would like to find out how to manage cookies, including how to disable them in your browser, you can consult your browser's help file. This information can be consulted by pressing the F1 key in your browser. In addition, relevant tips can be found on the following pages, depending on the browser you are using 

Using the relevant options of your browser, you can delete cookies at any time or block the use of cookies in the future. 

Access logs 

Based on the analysis of access logs, the Administrator collects information on the use of the site by users and their IP addresses. The purpose of collecting this data is to possibly diagnose problems related to the operation of the server, assess the risk of possible security breaches and manage the site. 

How long does the Administrator keep the data? 

The duration of data retention depends on the legal basis for processing: 

• if you have given your consent (e.g. to provide commercial information), this period lasts until you withdraw it, 
• when processing the data for the performance of a contract, for the duration of the contract and the period of limitation of claims arising therefrom, 
• when processing data on the basis of obligations under applicable legislation, the Controller shall process the data for as long as necessary on the basis of such legislation, 
• when processing data in pursuit of a legitimate interest of the Controller, the processing shall continue for as long as that interest lasts. 

The processing period for the above data may be extended if the processing is necessary for the determination and assertion of claims or the defence against claims. After the expiry of the above periods, the data shall be deleted or anonymised immediately. 

Recipients of data 

Occasionally, the Administrator has the right to transfer users' data if this is necessary for the performance of services, the fulfilment of obligations and the due fulfilment of applicable laws. 

The Administrator may use the services of external entities to perform certain tasks, e.g. the delivery of Goods, accounting services, legal services, marketing or IT services. If necessary, data may also be received by authorised authorities. 

User data may be passed on to the following entities: 

• the aforementioned entities processing personal data under contracts of entrustment of personal data processing (so-called processors), 
• service providers e.g. courier, hosting,
• debt collection agencies (whereby personal data is only provided to the extent that it is actually necessary for the purpose in question), 
• auditors and chartered accountants, legal advisers, tax advisers, 
• law enforcement authorities, regulators and other public administrations. 

Outside of the above scope, data is not shared with third parties, except where the user expressly gives his or her voluntary consent (which can be revoked at any time). 

Sharing of data with entities outside the EEA (European Economic Area) 

The Administrator may transfer the data obtained to other entities only if the legal basis allows him to do so. 

Some of the service providers to the Administrator may be based outside the European Economic Area (EEA). When transferring data outside of the EEA, the Administrator takes increased care. It verifies that the providers guarantee a high level of protection of personal data, in line with the legal requirements applicable in the EEA. For transfers of personal data to entities based in the United States, the Administrator verifies that the entity has joined the EU-US data protection programme and is on the list of certified organisations maintained by the US Department of Commerce. 

Data protection 

The controller shall use all available physical, technical and organisational measures to ensure the proper protection of personal data. In particular, it shall protect it against destruction, accidental loss, disclosure to unauthorised persons, alteration and verify the scope of access. The controller shall exercise the rights of the persons affected by the data processing. 

Update of the Privacy Policy 

The Administrator declares that this Privacy Policy shall be updated on an ongoing basis, inter alia in the event of introduction of new legal requirements or guidelines. The Administrator shall also take into account changes in the technology used for data processing and data protection, changes in the purposes of data processing, the categories of data collected and the legal basis for data processing.