Privacy policy

Last updated: October 28, 2025

This Privacy Policy defines the rules for the processing of personal data by the online store available at artsfromcarparts.com, operating on the Shopify platform.

This Privacy Policy fulfills the information obligation imposed on the Controller in accordance with Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as “GDPR”).

The Controller of personal data is:
ARTS FROM CAR PARTS Piotr Wierzejski
ul. Złota 75A lok. 7, 00-819 Warsaw, Poland
(hereinafter referred to as the “Controller”)

You may contact the Controller via email at:
contact@artsfromcarparts.com

or in writing at the address:
ARTS FROM CAR PARTS Piotr Wierzejski, ul. Złota 75A lok. 7, 00-819 Warsaw, Poland

§ 1. Principles of Personal Data Processing

The Controller processes Customers’ personal data in compliance with the provisions of the GDPR.

The Controller applies technical and organizational measures required by EU law to ensure the protection of processed personal data and safeguard such data against unauthorized access, acquisition by unauthorized persons, unlawful processing, alteration, loss, or destruction.

The Controller declares that providing data marked as required in the Online Store is voluntary but necessary to use the Store’s functionalities, including creating and maintaining a Customer Account and placing and fulfilling an order.

The Customer may consent to receiving commercial information from the Controller, including via electronic means of communication, and to the use of telecommunications terminal equipment for marketing purposes. Giving such consent is voluntary and is not a condition for processing an order or maintaining a Customer Account in the Online Store.

§ 2. Purposes and Legal Bases for Processing Personal Data

Customers' personal data will be processed for the following purposes:

  • maintaining a Customer Account in the Online Store (Article 6(1)(b) GDPR),
  • processing orders in the Online Store (Article 6(1)(b) GDPR),
  • providing the newsletter service (Article 6(1)(b) GDPR),
  • direct marketing of the Controller’s own services and products, excluding the newsletter service, which constitutes a legitimate interest of the Controller (Article 6(1)(f) GDPR),
  • responding to messages sent via the contact form (Article 6(1)(a) GDPR — consent expressed by initiating contact),
  • handling complaints or withdrawal from a contract (Article 6(1)(b) GDPR),
  • analytical research, in particular analyzing website traffic for statistical purposes, which constitutes a legitimate interest of the Controller (Article 6(1)(f) GDPR),
  • archival (evidential) purposes in case it is necessary to prove certain facts, which constitutes a legitimate interest of the Controller (Article 6(1)(f) GDPR),
  • establishing, pursuing, or defending against claims — for the time necessary to achieve this purpose.

§ 3. Period of Personal Data Retention

Customers’ data will be stored for the following periods:

  • data related to maintaining a Customer Account — for the duration of account maintenance in the Online Store and no longer than until the Customer requests its deletion,
  • data related to order fulfillment — for 5 years after the end of the calendar year in which the sale was made, unless further storage is justified by the limitation period for claims,
  • newsletter service — until unsubscribing from the newsletter,
  • marketing activities — until an objection is raised,
  • data related to responding to inquiries — until correspondence is completed or consent is withdrawn, unless further storage is justified by the Controller’s overriding interest, such as defense against potential claims,
  • data related to the complaint or withdrawal process — for 5 years after the end of the calendar year in which the complaint was handled or the contract was withdrawn from,
  • statistical purposes — until an objection is raised, but no longer than 50 months from the Customer’s last activity on the website,
  • archival purposes — for the time necessary to achieve this purpose,
  • establishing, pursuing, or defending against claims — for the time necessary to achieve this purpose.

§ 4. Categories of personal data

The Administrator collects, processes and stores the following Customer data:

  • in connection with the creation of a Customer account: e-mail address, name and surname, address, telephone number, and in the case of entrepreneurs also the Tax Identification Number and company name;
  • in connection with placing an order: e-mail address, name and surname, address, telephone number, and in the case of entrepreneurs also the Tax Identification Number and company name;
  • in connection with sending a message via the contact form: e-mail address, name and surname and telephone number;
  • in connection with the provision of the newsletter service: name and e-mail address.

When using the Online Store, the Administrator automatically collects and stores information such as: IP address, request URL, device identifier, amount of time spent on individual pages, browser type, browser language, date and time of using the website, screen resolution, type and version of the operating system, and other such information.

§ 5. Cookies

The Online Store uses small text files known as cookies, which are saved on the end device of a person visiting the Store’s website, provided that the web browser allows such storage.

Cookies are IT data, in particular text files, that are stored on the Client’s end device and are intended for use with the Online Store. Cookies typically contain the name of the website they originate from, the duration of their storage on the end device, and a unique identifier.

Cookies are used for the following purposes:

  • to recognize the device used by the Client in order to display the website content appropriately,
  • to create statistics that help understand how Clients use the website, which allows for improving its structure and content,
  • to maintain the Client’s session in the Online Store so that the Client does not have to re-enter login and password on each subpage,
  • to customize the content and functionality of the Online Store by matching an anonymous, randomly generated tracking identifier that makes it possible, among other things, to verify where the Client came from, which search engine they used, which link they clicked, which keywords they entered, and at what point they stopped using the Online Store,
  • to collect general and anonymous data for advertising purposes through remarketing lists, enabling the display of advertising content tailored to the Client’s preferences.

By default, web browsers allow cookies to be stored on the Client’s end device. Clients may change these settings at any time. The web browser allows the deletion of stored cookies as well as the automatic blocking of cookies. Detailed information on this matter can be found in the help section or documentation of the respective web browser.

The Online Store uses marketing and analytical tools provided by third-party service providers that use cookies within the Store. These providers include, in particular, Google LLC (Google Analytics, Google Ads, Google Tag Manager, Google Merchant Center) and Meta Platforms Inc. (Facebook Pixel). More information regarding cookies used by the above entities is available in their respective privacy policies.

Some of the above-mentioned providers may store Clients’ data outside the European Economic Area (EEA). In such cases, data transfers are made only to countries that ensure an adequate level of protection (based on the European Commission Implementing Decision of 12 July 2016 establishing the EU-U.S. Privacy Shield), or, in the case of transfers to countries not ensuring an adequate level of protection, only where appropriate safeguards are provided, including, among others, standard contractual clauses adopted by the European Commission.

§ 6. Data Sharing

Clients’ personal data may be transferred to entities to which the Controller entrusts the processing of personal data under agreements, as well as to entities authorized to obtain such data under applicable law.

For the purpose of performing the contract concluded via the Online Store and ensuring the proper functioning of the Store, the Controller shares Clients’ personal data, in particular, with entities providing:

  • postal and courier services,
  • electronic payment services,
  • accounting services,
  • hosting services,
  • IT and software delivery services,
  • newsletter services,
  • marketing services related to the operation of the Online Store.

§ 7. Clients’ Rights

The Client has the right to access their personal data and to request its rectification, erasure, or restriction of processing. Where the processing of personal data is based on the legitimate interest of the Controller, the Client has the right to object to the processing of their personal data.

Where the processing of personal data is based on consent, the Client has the right to withdraw consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out based on consent before its withdrawal.

Where the Client’s data is processed for the purpose of concluding or performing a Contract, or based on consent, the Client also has the right to data portability - that is, the right to receive personal data from the Controller in a structured, commonly used, machine-readable format. The Client may transmit such data to another data controller.

The Client also has the right to lodge a complaint with the supervisory authority responsible for personal data protection.