PRIVACY POLICY
Online Store GRIOTH watches

§1. General Provisions
1. This Privacy Policy sets out the rules for the processing of personal data and the use of cookies by the online store GRIOTH watches, operating at: www.griothwatches.com
2. The controller of personal data is:
GRTH lab Daniel Wierzbicki
Address: os. Hutnicze 1/49, 31-917 Kraków, POLAND
VAT id: PL9482020128
E-mail: contact@griothwatches.com
Phone number: +48 502 073 784
(hereinafter: the “Controller”)
§2. Legal Basis
Personal data is processed in accordance with:
1. Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR),
2. The Polish Personal Data Protection Act of 10 May 2018 (Journal of Laws 2018, item 1000).
§3. Scope of Data Processing
The Controller may process the following user data:
• full name,
• email address,
• phone number,
• shipping address,
• billing information (if applicable),
• IP address,
• cookie data.
§4. Purposes and Legal Grounds for Data Processing
Personal data is processed for the following purposes:
1. Order fulfillment – Article 6(1)(b) GDPR (contract),
2. Managing the customer account – Article 6(1)(b) GDPR,
3. Handling correspondence and complaints – Article 6(1)(c) and (f) GDPR,
4. Marketing of own products (e.g., newsletter) – Article 6(1)(a) GDPR (consent),
5. Compliance with legal obligations (e.g., tax laws) – Article 6(1)(c) GDPR,
6. Statistics and analytics – Article 6(1)(f) GDPR (legitimate interest of the Controller).
§5. Data Recipients
Data may be disclosed to:
1. courier companies and logistics operators,
2. payment operators (PayU, Przelewy24, Stripe),
3. IT service providers (hosting, email, store system),
4. accounting offices and other entities supporting the Controller in compliance with agreements and legal regulations.
Data is not transferred outside the European Economic Area (EEA) unless explicitly stated in the cookie policy or marketing consent.
§6. Data Retention Period
Personal data is stored:
1. for the duration of the contract and until any claims expire (usually 6 years),
2. until the consent is withdrawn – in the case of consent-based processing (e.g., newsletter),
3. in accordance with applicable tax law regulations.
§7. User Rights
The user has the right to:
1. access their personal data,
2. rectify their data,
3. erase their data (“right to be forgotten”),
4. restrict data processing,
5. data portability,
6. object to data processing,
7. withdraw consent at any time (if processing was based on consent),
8. lodge a complaint with the President of the Personal Data Protection Office (https://uodo.gov.pl).
§8. Cookies
1. The Store uses cookies to:
◦ ensure proper functioning of the website,
◦ analyze website traffic (Google Analytics or other analytics tools),
◦ conduct marketing activities (e.g., remarketing).
2. The user can manage cookie settings through their web browser.
3. Using the website without changing browser settings implies consent to the use of cookies.
§9. Data Security
The Controller uses appropriate technical and organizational measures to ensure the protection of personal data, in accordance with the risk of violating the rights and freedoms of individuals.
§10. Changes to the Privacy Policy
The Controller reserves the right to make changes to this Privacy Policy. The current version of the document will always be available on the Store’s website.