Privacy Policy
Effective from: August 11, 2024
Introduction
This Privacy Policy (“Policy”) is issued by Aurelyco (“we”, ‘us’, “our”) and explains how we collect, use, and protect your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable laws of the Europe. By using our website and services, you confirm that you have read and understood this Policy.
This Privacy Policy applies to the website and other related websites and services where this Policy is referenced. Aurelyco is committed to protecting and respecting your privacy. This Privacy Policy explains how we process your personal data in connection with our services and your legal rights and options regarding your personal data. We recommend that you read this Privacy Policy carefully.
Identity and contact details of the controller
Controller: DIGIDIAMOND GROUP LTD
E-mail: [email protected]
Definitions
For the purposes of this Policy:
- “Personal data” means any information relating to an identified or identifiable natural person.
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.
- “Controller” means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.
- “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- “GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).
Scope of the Policy
This Policy applies to the processing of personal data of customers, website visitors, subscribers, and other persons whose data we process in the context of our business activities, in particular:
Purposes and legal bases of processing
We process your personal data for the following purposes:
1. Performance of contract and pre-contractual measures
If you order our products and services, we process your personal data for the purpose of concluding and performing a contract, including related communication.
The legal basis is:
- Article 6(1)(b) GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
For this purpose, we process particularly the following data:
- Identification data (e.g. name, surname);
- Contact details (e.g. e-mail, address, phone number);
- Order details (e.g. ordered products, date, payment method);
- Payment and billing data.
2. Compliance with legal obligations
We process your personal data to comply with our legal obligations arising from applicable legislation, such as accounting and tax regulations.
The legal basis is:
- Article 6(1)(c) GDPR – processing is necessary for compliance with a legal obligation to which the controller is subject.
For this purpose, we process particularly the following data:
- Identification data;
- Billing and payment data;
- Other data that we are required to keep by law.
3. Legitimate interests
We process personal data on the basis of our legitimate interests:
- To protect and enforce our rights (e.g. in case of a dispute with a customer);
- To ensure security and functionality of our website;
- To improve our services and customer support;
- To send marketing communications to our customers (direct marketing).
The legal basis is:
- Article 6(1)(f) GDPR – processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.
If we process your personal data on the basis of legitimate interest, you have the right to object to such processing at any time (see section “Your rights” below).
4. Consent
In some cases, we may process your personal data on the basis of your explicit consent, for example for:
- Sending newsletters and commercial offers if you have subscribed via the website and are not our current customer;
- Storing and accessing information on your device (cookies), if it is required by law;
- Other marketing activities that require your consent.
The legal basis is Article 6(1)(a) GDPR – the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Categories of personal data processed
We process the following categories of personal data:
Basic identification and contact data
- First name and surname;
- Contact address;
- E-mail address;
- Telephone number.
Order and transaction data
- Information about ordered goods and services (product, quantity, price);
- Date and time of order;
- Payment method and transaction data;
- Delivery details (if applicable).
Website usage data and technical data
- IP address;
- Browser type and version;
- Device type and operating system;
- Information about access to the website (time, location – if enabled).
Communication and interaction data
- Information from e-mail communication, contact forms and other requests;
- Records of our communication with you;
- Information about your preferences and feedback.
Marketing data
- Information about newsletter subscription;
- Data about opening of e-mails and clicks in e-mails (if you have consented to such tracking);
- Data for profiling and targeting advertising (only in compliance with applicable law).
Sources of personal data
We obtain your personal data primarily directly from you, in the following ways:
- By filling in forms on our website;
- By ordering our products and services;
- By subscribing to newsletters;
- By communication via e-mail or other means.
We may also obtain personal data from other sources, for example:
- From payment service providers and banks (payment verification);
- From partners, if you have given your consent to data transfer;
- From analytics tools (see section “Cookies and tracking”).
Recipients and processors
We may share your personal data with the following categories of recipients:
- Service providers (processors) who assist us in the operation of our website and provision of services, such as:
- IT service providers and website operators (hosting, e-mail services);
- Accounting and tax advisors and auditors (for the fulfilment of legal obligations);
- Marketing and analytical service providers (e.g. newsletter tools, advertising platforms).
- Public authorities, if required by law (e.g. tax authorities, courts, police);
- Other entities, if it is necessary for the protection of our rights (e.g. legal representatives).
We always enter into a personal data processing agreement with processors, which includes sufficient guarantees of protection of your personal data in accordance with Article 28 GDPR.
Transfer of personal data to third countries
We do not generally transfer your personal data to countries outside the European Economic Area (EEA). If such transfer occurs, it will only be based on:
- An adequacy decision by the European Commission under Article 45 GDPR;
- Appropriate safeguards under Article 46 GDPR (such as standard contractual clauses and additional measures);
- Your explicit consent under Article 49(1)(a) GDPR, if no other legal basis applies.
You may request information on the specific mechanism of transfer of personal data to third countries or international organisations.
Retention period
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or for the period required by law.
Typically, we retain personal data for the following periods:
- Accounting and tax documents (invoices): for the period required by applicable tax and accounting regulations;
- Contract data: for the duration of the contract and for 5 years after its termination (for the protection of legal claims);
- Marketing data: until consent is withdrawn or an objection to processing is made, or for a maximum period of 3 years from the last contact;
- Data obtained on the basis of legitimate interest: for the duration of the legitimate interest, usually not longer than 5 years from their acquisition.
After the expiry of the retention period or the fulfilment of the purpose, we will delete or anonymise personal data.
Klarna cookies and tracking
If you use Klarna payment methods, cookies may be set by Klarna AB as part of your shopping process. These cookies are used to enable Klarna to offer you appropriate payment options (e.g., Pay Now, Later, or in Installments) and to ensure a secure and smooth payment process.
Klarna may use these cookies to analyze user behavior and link it to technical data (e.g., browser type, device, IP address) for the purpose of fraud prevention and assessing your payment eligibility.
For more information on how Klarna uses your data and cookies, please visit Klarna’s privacy policy at https://www.klarna.com/privacy-policy/.
Your rights
As a data subject, you have the following rights under the GDPR, which you can exercise at any time:
Right of access (Article 15 GDPR)
You have the right to obtain confirmation as to whether or not we process your personal data and, if so, access to such personal data and information on how it is processed.
Right to rectification (Article 16 GDPR)
You have the right to have inaccurate personal data concerning you rectified and incomplete personal data completed without undue delay.
Right to erasure (Article 17 GDPR)
You have the right to request the erasure of your personal data without undue delay if one of the following reasons applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw your consent and there is no other legal basis;
- You object to processing and there are no overriding reasons;
- The personal data have been unlawfully processed;
- The personal data must be erased for compliance with a legal obligation.
This right does not apply if there are legal grounds for further processing (e.g. legal obligations, defence of legal claims).
Right to restriction of processing (Article 18 GDPR)
You have the right to request that we restrict processing in certain cases, for example:
- You contest the accuracy of your personal data;
- The processing is unlawful, but you oppose the erasure of the data and request restriction instead;
- We no longer need the personal data, but you require it for the establishment, exercise or defence of legal claims;
- You have objected to processing and it has not yet been verified whether the legitimate grounds of the controller override yours.
Right to data portability (Article 20 GDPR)
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, if the processing is based on consent or a contract and carried out by automated means.
Right to object (Article 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data which is based on our legitimate interests, including direct marketing. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to withdraw consent
If the processing is based on consent (Article 6(1)(a) GDPR), you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint
If you believe that the processing of your personal data infringes the GDPR or other applicable data protection regulations, you have the right to lodge a complaint with a supervisory authority, particularly in the EU Member State of your habitual residence, place of work or place of the alleged infringement.
If you are based in the European Economic Area (EEA), you may contact your local supervisory authority. If you are unsure which authority is competent, you may contact, for example, the Office for Personal Data Protection.
Data security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, as appropriate:
- Pseudonymisation and encryption of personal data;
- Measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- Measures to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- Regular testing, assessing and evaluating the effectiveness of technical and organisational measures.
However, the transmission of data over the Internet is not completely secure and we cannot guarantee absolute security of data transmitted to our website. Any transmission is at your own risk.
Minors
Our services and website are not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under the age of 16 without parental consent, we will take steps to delete such data.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or regulatory reasons. The updated version will be published on our website with an indication of the effective date.
We recommend that you regularly review this Policy. If we make significant changes, we may inform you by e-mail or through a prominent notice on our website, where appropriate.
Contact
Please send any questions, requests, or complaints regarding personal data protection to [email protected].