Privacy policy

PRIVACY POLICY AND COOKIES POLICY


JALKE GEMS ONLINE STORE — www.jalkegems.com

Last updated: 31.05.2026

This Privacy Policy describes how personal data of individuals using the JALKE GEMS online store available at www.jalkegems.com (hereinafter the “Store”) is processed, as well as the rules governing the use of cookies. This document has been prepared in order to fulfil the information obligations arising from Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

§1. DATA CONTROLLER

The controller of personal data is Katarzyna Tychoniewicz‑Jaśniak, conducting business under her own name, place of business: Adamów 24/2, 05‑825 Adamów, Poland, Tax Identification Number (NIP): 7262647002, REGON: 101287650, operating the Store under the JALKE GEMS brand (hereinafter the “Controller”).

The Controller may be contacted regarding personal data protection matters:
• by e-mail: contact@jalkegems.com
• by post: Adamów 24/2, 05‑825 Adamów, Poland

The Controller has not appointed a Data Protection Officer (DPO). All matters related to the processing of personal data should be directed to the Controller using the contact details above.

§2. WHAT DATA WE PROCESS AND HOW WE COLLECT IT

The Controller processes personal data provided directly by the data subject, in particular when placing an order, contacting the Store by e-mail, subscribing to a newsletter, or using the Store.

Depending on the activity, the following categories of data may be processed:
• identification and contact data: first name, last name, delivery address, e-mail address, telephone number;
• order and payment data: ordered Products, order value, selected payment and delivery method, order history;
• invoice data (if requested by the Customer), including company name and VAT number where applicable;
• data collected automatically while using the Store: IP address, cookie identifiers, device and browser information, and information regarding activity within the Store (see §8 – Cookies).

Providing data is voluntary; however, providing identification, contact and address data is necessary for entering into and performing a sales contract. Without such data, order fulfilment is not possible.

The Store allows purchases without creating a user account.

§3. PURPOSES, LEGAL BASES AND RETENTION PERIODS

Personal data is processed for the following purposes:

• Conclusion and performance of a sales contract (order fulfilment, payment, delivery, communication regarding the order)
Legal basis: Article 6(1)(b) GDPR – necessity for the performance of a contract.
Retention period: For the duration of the contract and thereafter until the expiry of the limitation period for claims.

• Issuing and storing invoices and accounting documentation, fulfilment of tax obligations
Legal basis: Article 6(1)(c) GDPR – legal obligation (tax and accounting regulations).
Retention period: 5 years counted from the end of the calendar year in which the tax payment deadline expired.

• Handling complaints and exercising the right of withdrawal from a contract (returns)
Legal basis: Article 6(1)(c) GDPR – legal obligation, and Article 6(1)(b) GDPR.
Retention period: Until completion of the procedure and thereafter until the expiry of limitation periods.

• Establishing, pursuing or defending legal claims
Legal basis: Article 6(1)(f) GDPR – legitimate interest of the Controller.
Retention period: Until the expiry of limitation periods for claims.

• Handling correspondence and enquiries addressed to the Controller (e-mail, social media)
Legal basis: Article 6(1)(f) GDPR – legitimate interest consisting of responding to enquiries.
Retention period: For the period necessary to handle the matter and thereafter until the expiry of limitation periods.

• Sending newsletters (commercial information) by electronic means – where such a service is launched
Legal basis: Article 6(1)(a) GDPR – consent, in conjunction with applicable electronic communications regulations.
Retention period: Until consent is withdrawn or the newsletter subscription is cancelled.

• Statistics, analytics, marketing and remarketing using cookies and third-party tools
Legal basis: Article 6(1)(a) GDPR – consent expressed through the cookie settings panel.
Retention period: Until consent is withdrawn or cookies expire.

§4. DATA RECIPIENTS

For the proper operation of the Store and fulfilment of orders, the Controller uses external service providers. Personal data may be shared with:

• Shopify International Ltd. / Shopify Inc. – provider of the e-commerce platform and hosting infrastructure;
• LH.pl sp. z o.o. – provider of e-mail and domain services used for customer communication;
• Przelewy24 sp. z o.o. – provider of online payment services, including BLIK and instant bank transfers; the payment provider acts as an independent controller with regard to payment processing;
• InPost S.A. and Furgonetka sp. z o.o. – delivery service providers;
• External accounting service providers – to the extent necessary for tax and accounting settlements;
• Google Ireland Ltd. (Google Analytics 4, Google Ads), Meta Platforms Ireland Ltd. (Meta Pixel – Facebook/Instagram), TikTok Technology Ltd., and Pinterest – with respect to data collected through cookies, solely on the basis of the user’s consent;
• BaseLinker sp. z o.o. – provider of order management and sales integration systems;
• Entities authorised to obtain data under applicable law, including public authorities.

§5. TRANSFERS OF DATA OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)

Some entities cooperating with the Controller (including Shopify and providers of analytical and marketing tools such as Google, Meta, TikTok and Pinterest) may process personal data outside the European Economic Area, in particular in the United States.

Transfers outside the EEA take place only where appropriate safeguards required by GDPR are in place, including:
• a European Commission adequacy decision (e.g. entities certified under the EU–US Data Privacy Framework); or
• Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented where necessary with additional safeguards.

Data subjects may obtain information regarding the safeguards applied by contacting the Controller.

§6. RIGHTS OF DATA SUBJECTS

Individuals whose data is processed have the right to:
• access their personal data and obtain a copy thereof;
• rectify inaccurate data;
• request erasure of data (“right to be forgotten”);
• restrict processing;
• data portability;
• object to processing based on the Controller’s legitimate interests, including profiling for direct marketing purposes;
• withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal;
• lodge a complaint with the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00‑193 Warsaw, Poland.

To exercise these rights, please contact the Controller at contact@jalkegems.com. The Controller will respond without undue delay and generally within one month.

§7. AUTOMATED DECISION-MAKING AND PROFILING

Personal data may be subject to profiling in connection with the use of marketing and advertising tools (e.g. Google, Meta, TikTok and Pinterest remarketing), solely on the basis of the user’s consent to marketing cookies.

Such profiling does not produce legal effects concerning the individual nor similarly significantly affect their situation. The Controller does not make decisions based solely on automated processing within the meaning of Article 22 GDPR.

§8. COOKIES

The Store uses cookies, i.e. small text files stored on the user’s device.

The Store uses the following categories of cookies:
• Essential cookies – necessary for the proper functioning of the Store, including shopping cart functionality, checkout processing and security. These cookies do not require consent.
• Analytical/statistical cookies – used to analyse the way users interact with the Store (Google Analytics 4). Used only with consent.
• Marketing/advertising cookies – used to display personalised advertisements and conduct remarketing activities (Google Ads, Meta Pixel, TikTok Pixel, Pinterest). Used only with consent.

During the first visit to the Store, a cookie consent banner is displayed, allowing users to accept or reject particular categories of cookies (except essential cookies). Users may modify or withdraw their consent at any time through the cookie settings available in the Store.

Users may also manage cookies through their browser settings, including deleting or blocking them. Restricting cookies may affect certain functionalities of the Store.

The legal basis for storing and accessing information contained in cookies other than essential cookies is the user’s consent, granted in accordance with applicable electronic communications regulations and Article 6(1)(a) GDPR.

§9. SOCIAL MEDIA PROFILES

The Controller operates JALKE GEMS profiles on Facebook, Instagram, TikTok and Pinterest. Personal data of individuals interacting with these profiles may be processed for communication, handling enquiries and promoting the brand on the basis of the Controller’s legitimate interest pursuant to Article 6(1)(f) GDPR.

With regard to Facebook/Instagram Page Insights statistics, the Controller and Meta Platforms Ireland Ltd. may act as joint controllers. Social media operators also process personal data as independent controllers in accordance with their own privacy policies.

§10. DATA SECURITY

The Controller implements appropriate technical and organisational measures to ensure the protection of personal data, appropriate to the risks involved and the categories of data processed. In particular, personal data is protected against unauthorised disclosure, loss or destruction. Data transmission within the Store is encrypted using SSL/TLS protocols.

§11. CHANGES TO THIS PRIVACY POLICY

The Controller reserves the right to amend this Privacy Policy, in particular in the event of changes in legislation, implementation of new tools or changes in the manner in which personal data is processed.

The current version of the Privacy Policy is always published on the Store’s website together with its effective date.