Privacy Policy

The data controller responsible for processing personal data is:
ROCKWORLD Łukasz Pawlik
Kochanowskiego 21
48-130 Kietrz
Poland
info@rockworld-carpshop.com

Thank you for your interest in our online store. Protecting your privacy is very important to us. Below you will find detailed information on how we handle your data.

1. Access Data and Hosting

You can visit our websites without providing personal data. Each time a website is called up, the server automatically saves only the so-called server logs, such as the name of the requested file, your IP address, date and time of access, data transferred, and the requesting internet service provider (the so-called access logs) and documents the access.

This data is analyzed solely to ensure the proper functioning of our website and to improve our offer. This serves, in accordance with Art. 6(1)(f) GDPR, to protect our legitimate interest in an optimal, fault-free presentation of our website and offer. All access data is deleted seven days after your visit to the website.

Hosting

Hosting and display services for the website are partly provided on our behalf by our service providers as part of data processing on our behalf. Unless otherwise stated in this privacy policy, all access data and data collected in forms provided for this purpose on our website will be processed on their servers. If you have questions regarding our service providers and the basis for cooperation with them, please contact us. Our contact details can be found under "Our Contact Information and Your Rights".

2. Data Collection and Processing for Contract Performance, Contact, and Customer Account Setup

We collect personal data only when you voluntarily provide it to us when placing an order or contacting us (e.g., via a contact form or email). Mandatory fields are marked as such because the data contained therein is essential for contract performance or handling the matter in which you are contacting us. Without providing it, you cannot complete an order or contact us. The data collected is directly derived from the forms you use to enter the data. We use the data provided by you in accordance with Art. 6(1)(b) GDPR to perform the contract and respond to your inquiries. Furthermore, if you grant your consent according to Art. 6(1)(a) GDPR for setting up a customer account, we will process your personal data necessary for this purpose. Further information regarding the processing of your data, especially concerning data transfer to our service providers for order processing, payments, and shipping, can be found in the following sections of this privacy policy.

Upon complete fulfillment of the contract or deletion of your customer account, your data processing will be restricted, and after the storage periods specified in tax regulations and the Accounting Act have expired, this data will be deleted (Art. 6(1)(c) GDPR), unless you explicitly consent (Art. 6(1)(a) GDPR) to further use of the data, or in accordance with applicable laws, we reserve the right to further use the data for other purposes, about which we inform you in this privacy policy. Your customer account can be deleted at any time. To do this, send a message to our contact address provided under "Our Contact Information and Your Rights" or use the appropriate feature in your customer account settings.

3. Data Transfer for Delivery Purposes

For contract performance (Art. 6(1)(b) GDPR), we will transfer your data to the shipping company selected by you during the order process, which has been commissioned to deliver the ordered products.

4. Data Processing for Payment Purposes

For payment processing in our online store, we cooperate with external service providers handling online electronic payments, and we will transfer your data to the payment processing company selected by you during the order process. This serves the purpose of the contract (Art. 6(1)(b) GDPR).

Data Processing to Prevent Fraud and Optimize Payments

In some situations, we may provide our service providers with additional information that they can use along with the information necessary to process the payment. These service providers act on our behalf as data processors and provide us with services to prevent fraud and optimize payment processes (e.g., invoicing, analyzing disputed payments, accounting support). According to Art. 6(1)(f) GDPR, this serves our legitimate interests in protecting against fraud and mismanagement of payments.

Installment Purchase

If the "installment purchase" payment option is selected and the appropriate consent is given (Art. 6(1)(a) GDPR), your personal data (name, surname, address, email, phone number, date of birth, IP address, gender) together with the data necessary for transaction fulfillment (article, invoice amount, due date, total amount, invoice number, taxes, currency, order date and time) will be transferred for payment processing to our partner Santander Consumer Bank S.A., ul. Strzegomska 42 c, 53 – 611 Wrocław, Poland. To verify the creditworthiness of a customer making an installment purchase, our partner checks and collects information from publicly available databases and credit information agencies. The list of service providers from whom information is obtained, including creditworthiness information based on mathematical-statistical models, and information on data processing after it has been transmitted to our partner Santander Consumer Bank S.A., can be found in its privacy policy on the website: https://www.santanderconsumer.pl/zakupy-na-raty/raty-w-sklepie-internetowym,1.html.

The information received regarding the statistical probability of non-payment will be used by our partner Santander Consumer Bank S.A. to make decisions on the establishment, performance, or termination of the contractual relationship. You can present your point of view and dispute the decision by contacting our partner Santander Consumer Bank S.A. The consent given in the order process for data transmission can be revoked by you at any time without providing a reason, with effect for the future.

5. Marketing Channels: Email (e.g., Newsletter), Phone Contact

Email Advertising after Subscribing to the Newsletter

If you subscribe to our newsletter, we will use the data provided by you necessary to regularly send you our newsletter electronically based on your consent (Art. 6(1)(a) GDPR). You can unsubscribe from the newsletter at any time by sending us a message to our contact address provided under "Our Contact Information and Your Rights" or using the link provided in the newsletter. After unsubscribing, we will delete your email address unless you explicitly consent to further use of your data for other purposes, or we reserve the right to further use this data in legally permissible cases, of which we inform you in this privacy policy.

Sending an Invitation to Leave a Purchase Review

If during or after placing an order, you have given your consent (Art. 6(1)(a) GDPR), we will use your email address to send you an electronic invitation to rate your purchase made in our store. The review/rating is conducted through the review system we use. You can revoke the consent given at any time by sending a corresponding message to our contact address provided under "Our Contact Information and Your Rights" or using the link provided in the invitation to leave a review.

Telephone Advertising

If during or after placing an order, you have given your consent (Art. 6(1)(a) GDPR), we will use your data for our own advertising purposes, e.g., to inform you about our new products and promotions. You can revoke your consent at any time by sending us a message to our contact address provided under "Our Contact Information and Your Rights" or by making a verbal statement during a telephone conversation. After revoking consent, we will delete your phone number unless you explicitly consent to its further use for other purposes, or we reserve the right to further use this data in legally permissible cases, of which we inform you in this privacy policy.

6. Cookies and Similar Technologies

General Information

To make your visit to our website attractive and enable you to use its key functions, we use technological tools, including cookies. Cookies are small text files that are automatically saved on your end device. Some of the cookies we use are deleted after your browser session ends, i.e., after the browser is closed (session cookies). Other cookies remain on your end device and allow us to recognize your browser the next time you visit (permanent cookies). We use technologies that are absolutely necessary to ensure the correct and optimal use of the essential functions of our website (e.g., shopping cart function). These technologies process data such as your IP address, time of visit to the site, information about your device and browser, and information about your use of our website (e.g., shopping cart content). This serves, in accordance with Art. 6(1)(f) GDPR, to realize our legitimate interest in the optimal presentation of our offer.

We also use technological tools to fulfill legal obligations to which we are subject (e.g., to prove receipt of consent for processing your personal data) as well as for web analytics and internet marketing. Further information on this, including relevant legal bases for data processing, can be found in subsequent sections of this privacy policy.

In your browser's help menu, you will find explanations on changing settings for cookies. They are available at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

When certain technological tools are used with your consent (Art. 6(1)(a) GDPR), this consent may be revoked by you at any time. To revoke consent, please contact us through the contact address provided under "Our Contact Information and Your Rights".

7. Use of Cookies and Similar Technological Tools for Web Analytics and Marketing

When you have granted consent (Art. 6(1)(a) GDPR), we use the cookies and other similar technological tools of external service providers listed below on our website. After the purpose of processing has been achieved and the use of a given technological tool has been completed, the data collected during the use of these tools will be deleted. The consent granted can be withdrawn by you at any time. Detailed information on the possibilities of withdrawing consent and your right to object can be found in the "Cookies and Similar Technologies" section. More information is available on the websites of individual service providers. If you have questions regarding our service providers and the basis of our cooperation with them, please contact us. Contact data is provided under "Our Contact Information and Your Rights".

Use of Google Services

We use the technological tools indicated below from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Information automatically collected by Google's technologies concerning the use of our website is generally transferred to a server owned by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and stored there. The European Commission has not issued a decision for the USA concerning an adequate level of data protection. Our cooperation is based on standard data protection clauses adopted by the European Commission. Where the use of Google technological tools involves processing your IP address, the IP address is shortened before being saved on Google's servers thanks to IP anonymization. Only in exceptional cases will the full IP address be sent to a Google server and shortened there. Unless otherwise stated for specific Google technologies described in this privacy policy, data processing is based on a joint data controller agreement with Google in accordance with Art. 26 GDPR. Further information regarding data processing by Google can be found in Google's privacy policy.

Google Analytics

For analyzing the use of our website, we use Google Analytics, a web analytics tool from Google, which automatically processes your data (IP address, time of site visit, device and browser information, as well as information regarding your use of our website) and creates pseudonymized user profiles based on it. Cookies may be used for this purpose. Your IP address is generally not combined with other data collected by Google. Data processing under Google Analytics services is based on a data processing agreement with Google.

To optimize and make our website offer more attractive, we have also activated data sharing settings for "Google products and services". This allows Google to access the data collected and processed under Google Analytics and use it to improve Google products and services. Data sharing with Google for this purpose is based on an additional agreement between data controllers. We have no influence on subsequent data processing by Google.

For creating and conducting A/B tests on our site, we also use the Google Optimize tool, which is an extension of Google Analytics services.

For web analytics, we also use the Google Signals tool, which is an extension of Google Analytics services and enables the so-called "cross-device tracking" (identifying users using multiple devices). This means that if your internet-enabled devices are connected to your Google account and you have activated "personalized advertising" on your Google account, Google can generate reports on how you use our site (particularly about the number of users using different devices), even if you change devices. We do not process your personal data in this respect; we only receive statistics based on Google Signals functions and technologies.

For analyzing the use of our website and for advertising purposes, we also use the so-called DoubleClick-Cookie under Google Analystics services, which allows recognizing your browser when using other websites. Google will use this information to create a report on your online activity on our website and to provide other services related to the use of the website.

Google AdSense

Our website promotes, through Google AdSense, ad space for other providers and advertising networks. These ads are displayed to you in various places on our website. As part of integrating the Google AdSense service, a so-called DoubleClick cookie by Google will be stored on your end device during your visit to our site, which allows displaying interest-based ads and processes your data (IP address, time of site visit, device and browser information, as well as information regarding your use of our site) for this purpose and automatically assigns you a pseudonymized user identifier (UserID).

Google Ads

With Google Ads, we promote our website in search results and on third-party websites. For this purpose, during your visit to our website, a remarketing cookie by Google will be automatically stored on your device, which allows displaying interest-based ads based on pages you visit by processing your data (IP address, time of site visit, device and browser information, as well as information regarding your use of our website) using a pseudonymized identifier (ID). Further data processing takes place only if you have activated the ad personalization option in your Google account settings. In such a case, if you are logged into Google while visiting our website, Google will use your data together with data collected under Google Analytics services to create and define so-called target group lists for cross-device remarketing purposes.

For internet analytics purposes, we use the Google Ads Conversion Tracking tool to measure and analyze your behavior when you visit our website via an ad in the Google Ads tool. Cookies may be used for this purpose, and data such as: IP address, visit time, device and browser information, as well as information regarding your use of our website, e.g., website visit or newsletter registration, may be processed. Pseudonymized user profiles are then created based on this data.

Google Maps

For visually presenting geographic information, Google Maps will save and process information about how you use the maps and individual features, including, for example, your IP address and location data. We have no influence on the above data processing by Google.

Google reCAPTCHA

To protect against spam and prevent abuse and misuse of our online forms (e.g., using harmful bots), Google reCAPTCHA is integrated with our website, which processes your data (IP address, time of site visit, device and browser information, as well as information regarding your use of our website) and conducts an analysis of your use of our website using JavaScript scripts and cookies. Personal data entered by you in individual form fields on our sites will not be read or stored.

Google Fonts

To ensure consistent presentation of content on our websites, the "Google Fonts" script is integrated with our website, which processes your data (IP address, time of site visit, device and browser information, as well as information regarding your use of our website). We have no influence on the above data processing by Google.

YouTube Video Plugin

To integrate third-party content through the YouTube video plugin, the following data is processed by Google upon video playback: IP address, visit time, user device and browser information.

Use of Facebook Services

Facebook Pixel

We use the Facebook Pixel tool provided by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). The functionalities of the Facebook Pixel tool used by us are listed below. The Facebook Pixel automatically collects and stores data (your IP address, time of site visit, device and browser information, as well as information regarding your use of our website, e.g., site visit or newsletter registration). Pseudonymized user profiles are then created based on this data. In the so-called extended data matching within Facebook Analytics, hashed information that can identify individuals (e.g., names, email addresses, and phone numbers) is also collected and stored for comparison purposes. During your visit to our site, the Facebook Pixel stores a cookie on your device, which enables automatic recognition of your browser with a pseudonymous Cookie-ID when visiting other websites. Facebook will combine this information with other data from your Facebook account and use it to create reports on online activity and to provide other services related to your use of websites, particularly for ad personalization purposes. Information automatically collected by Facebook's technologies regarding the use of our website is generally transferred to a Facebook server located at Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there. The European Commission has not issued a decision regarding an adequate level of data protection for the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing is conducted in accordance with Art. 26 GDPR based on a joint agreement between joint controllers. To the extent that data transfer to the USA is our responsibility, our cooperation is based on the standard data protection clauses of the European Commission. Further information regarding data processing by Facebook can be found in Facebook's privacy policy.

Facebook Analytics

Within Facebook Analytics, based on data collected through the Facebook Pixel tool, activity statistics of users on our website are created. Data processing by Facebook is based on a data processing agreement. Data analysis (usage statistics) serves to optimize and enhance our website.

Facebook Ads

Facebook Ads allows us to advertise our website on Facebook and other platforms. We set the parameters of the advertising campaign. Facebook is responsible for the precise execution, particularly the decision to display an ad to specific users. Unless otherwise stated for individual functions and tools, data processing is based on a joint data controller agreement in accordance with Art. 26 GDPR. Joint responsibility is limited to data collection and transfer to Facebook Ireland. It does not include subsequent data processing by Facebook Ireland.

Based on statistics created through the Facebook Pixel tool about user activity visiting our websites, we conduct targeted advertising using the Facebook Custom Audience feature among the appropriate audience by defining the profile/characteristics of the target group. In the extended data comparison feature (see above), Facebook acts as a data processor on our behalf.

Using the pseudonymized Cookie-ID saved by the Facebook Pixel and collected user activity information on our website, we create personalized advertising through the Facebook Pixel Remarketing feature.

For web analytics and optimization of our offer, using the Facebook Pixel Conversions feature, we analyze user activity visiting our website through ads displayed in Facebook Ads services. Data processing by Facebook is based on a data processing agreement.

Other Service Providers for Analytical and Marketing Tools

Use of Hotjar for Web Analytics

For analyzing the use of our website, using the web analytics tool Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta ("Hotjar"), data (your IP address, time of visit, device and browser information, as well as information regarding your use of our website) is automatically collected and stored during your visit to our website, based on which pseudonymized user profiles are created. Cookies may be used for this purpose. Without separate, explicit consent, pseudonymized user profiles are not combined with personal data of the person to whom the pseudonym was assigned. Data processing in connection with Hotjar services is conducted under a data processing agreement.

Use of Microsoft Clarity for Web Analytics

For analyzing the use of our website, using the web analytics tool Microsoft Clarity, One Microsoft Way, Redmond, WA 98052, United States, data (your IP address, time of visit, device and browser information, as well as information regarding your use of our website) is automatically collected and stored during your visit to our website, based on which pseudonymized user profiles are created. Cookies may be used for this purpose. Without separate, explicit consent, pseudonymized user profiles are not combined with personal data of the person to whom the pseudonym was assigned. Data processing in connection with Microsoft Clarity services is conducted under a data processing agreement.

Use of Adobe Fonts for Content Presentation on the Website

To ensure optimal and consistent presentation of content on our websites, we use the "Adobe Fonts" script from Adobe, Inc., 345 Park Avenue San Jose, CA 95110-2704, USA (hereinafter "Adobe"), which processes data (your IP address, time of site visit, device and browser information). We have no influence on the processing of this data. The European Commission has not issued a decision ascertaining an adequate level of data protection for the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing is conducted in accordance with Art. 26 GDPR based on joint agreements concluded between joint controllers.

8. Integration with Trusted Shops Trustbadge

To display our Trusted Shops Quality Mark as well as the Trusted Shops offer available to buyers after placing an order, the Trustbadge by Trusted Shops is integrated with our website.

Integration with Trusted Shops Trustbadge serves to realize our legitimate interests (Art. 6(1)(f) GDPR), which consist of optimal marketing of our offer by enabling secure purchases. The Trustbadge (the so-called trust badge) and the services advertised through it are offered by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. The Trustbadge is made available to us as part of CDN services (Content-Delivery-Network). Trusted Shops GmbH also uses services from providers in the USA for this purpose. An adequate level of data protection is ensured. More information on data protection rules at Trusted Shops GmbH can be found here.

When the Trustbadge is called up, the server automatically remembers the so-called server logs (log files), containing, for example, your IP address, date and time of access, data transferred, and the requesting internet service provider (access data/the so-called server logs) and documents the access. Server logs are stored to analyze security gaps and are automatically deleted at the latest 90 days after their creation. Other personal data is transmitted to Trusted Shops GmbH only if, after placing an order in our store, you voluntarily decide to use Trusted Shops products or have previously registered with them. In such cases, a contractual agreement between you and Trusted Shops applies. For this purpose, personal data from the order data is automatically downloaded. Whether you as a buyer are already registered to use Trusted Shops products is automatically checked based on a neutral parameter - an email address encrypted with one-way cryptographic encryption. The email address is encrypted before being transmitted using a hash value so that it cannot be decrypted by Trusted Shops. After checking the match, the parameter is automatically deleted. This is necessary to fulfill the purposes arising from our and Trusted Shops' legitimate interests (Art. 6(1)(f) GDPR) in providing services related to each specific order, i.e., buyer protection services (Trusted Shops guarantee) and purchase review services. Other information, including your rights, is included in the Trusted Shops privacy policy available above and through the Trustbadge tool.

9. Social Media

Social Media Plugins: Facebook, Twitter, Instagram, Pinterest

So-called social media plugins (buttons) are used on our website. These plugins are available via an HTML link, ensuring that there is no automatic, direct connection to the server of the respective social media provider when visiting our website containing such plugins (buttons). After clicking one of the buttons (plugin), a new window in your browser will open displaying the webpage of the respective social media service where you can confirm the use of the button, e.g., "Like" or "Share".

Our Activity on Social Media Platforms: Facebook, Twitter, Instagram, YouTube, Pinterest

If you have given your consent to the respective social media portal (Art. 6(1)(a) GDPR), during your visit to our account/profile on the above-mentioned social media platforms, your data will be automatically collected and stored for web analytics and marketing purposes. Based on this data, pseudonymized user profiles are created. They can be used, for example, for placing so-called personalized advertisements that likely correspond to your interests within and outside of social media platforms. Cookies are usually used for this purpose.
Detailed information on the processing and use of your data by individual social media platforms, as well as information on your rights and the possibility of configuring privacy settings, along with contact data for inquiries, is described in the linked privacy policies of individual social media services below. If you need assistance in this regard, you can also contact us.

Facebook is a social media service offered by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). Automatically processed information regarding your activity and use of our Facebook fan page is generally transferred to Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA, and stored there. The European Commission has not issued a decision regarding an adequate level of data protection for the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing under visits to the Facebook fan page is conducted in accordance with Art. 26 GDPR based on joint agreements between joint controllers, which are accessible here. Further information regarding the processing of your personal data during visits to the Facebook fan page (information on page insights functions) is available here.

Twitter is a social media service offered by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). Automatically processed information regarding your activity and use of our profile on Twitter is generally transferred to Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 in the USA, and stored there. The European Commission has not issued a decision regarding an adequate level of data protection for the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission.

Instagram is a social media service offered by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland"). Automatically processed information regarding your activity and use of our Instagram fan page account is generally transferred to Facebook, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA, and stored there. The European Commission has not issued a decision regarding an adequate level of data protection for the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission. Data processing under visits to the Instagram fan page account is conducted in accordance with Art. 26 GDPR based on joint agreements between joint controllers. Further information regarding the processing of your personal data during visits to the Facebook fan page (information on page insights functions) is available here.

YouTube is a social media service offered by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Automatically processed information regarding your activity and use of our YouTube profile is generally transferred to Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043 in the USA, and stored there. The European Commission has not issued a decision regarding an adequate level of data protection for the USA. Our cooperation is based on standard data protection clauses adopted by the European Commission.

Pinterest is a social media service offered by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland ("Pinterest"). Automatically processed information regarding your activity and use of our Pinterest profile is generally transferred to Pinterest, Inc., 505 Brannan St., San Francisco, CA 94107 in the USA, and stored there.

The European Commission has not issued a decision regarding an adequate level of data protection for the USA.

10. Our Contact Information and Your Rights

Individuals whose data is processed have the following rights:

• pursuant to Art. 15 GDPR: the right to obtain information about the processing of data to the extent specified in that article;
• pursuant to Art. 16 GDPR: the right to rectify your incorrect or incomplete personal data;
• pursuant to Art. 17 GDPR: the so-called "right to be forgotten," i.e., the right to delete your personal data stored with us, provided that their further processing is not necessary:
  • for exercising the right to freedom of expression and information;
  • to comply with a legal obligation;
  • for reasons of public interest;
  • for the establishment, exercise, or defense of legal claims;
• pursuant to Art. 18 GDPR: the right to restrict processing of personal data, provided that:
  • the accuracy of this personal data is contested by you;
  • the processing is unlawful, and you oppose its erasure;
  • we no longer need the personal data, but it is required by you for the establishment, exercise, or defense of legal claims;
  • you have lodged an objection to processing based on Art. 21;
• pursuant to Art. 20 GDPR: the right to receive the data you provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller;
• pursuant to Art. 77 GDPR: the right to file a complaint with a supervisory authority (President of the Personal Data Protection Office "UODO").

If you have questions regarding the collection, processing, and use of your personal data, or if you wish to request the provision of information, rectification, restriction of processing, or deletion of data, as well as to withdraw any consents granted or object to the use of certain data, please contact the data controller indicated at the beginning of this privacy policy directly.