Privacy and Cookie Policy

I. GENERAL PROVISIONS

1. The administrator of personal data collected via the spark.pm website is SPARK CONTROL SP. Z O.O., registered in the Central Registration and Information on Business under NIP number 739 391 35 56, hereinafter referred to as the “Administrator”, who is also the Service Provider. Business address: 10-408 Olsztyn, ul. Lubelska 37E. Correspondence address: 10-408 Olsztyn, ul. Lubelska 37E. Registered office: 10-408 Olsztyn, ul. Lubelska 37E. Email address: biuro@spark.pm.​
   
2. Personal data collected by the Administrator via the website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR) and the Personal Data Protection Act of 10 May 2018.​
   

II. TYPES OF PERSONAL DATA PROCESSED, PURPOSES, AND SCOPE OF DATA COLLECTION

PURPOSES OF PROCESSING AND LEGAL BASIS

The Administrator processes personal data via spark.pm in the following cases:

a) Contract conclusion and execution – In the case of civil law contracts, personal data of our Clients/Contractors and their representatives are processed to conclude, perform, and settle the contract. Providing personal data is necessary for the proper execution of the contract. The collected data will be processed for the period necessary to perform the contract and until the expiration of claims arising from it, considering applicable legal provisions regarding document archiving.​

b) Accounting and tax obligations – In activities related to contract settlement (issuing invoices or other accounting documents), the legal basis for processing personal data is the fulfillment of our legal obligation. Providing data in these cases is mandatory. Data will be processed for the period resulting from legal provisions, particularly tax law.​

c) Complaint handling – In this case, data processing is mandatory. Data related to the submitted complaint will be stored for a period allowing the parties to pursue claims under the contract.​

d) Traditional and electronic correspondence via email – In this case, personal data are processed to ensure contact in ongoing matters related to the cooperation of the parties and contract execution, responding to inquiries, presenting offers, depending on the subject of correspondence and the data voluntarily provided by you. Data processing within correspondence is our legitimate interest. Data are stored for the period necessary to ensure continuity of correspondence, but no longer than 5 years.​

e) Telephone contact – In the case of contact via telephone, we process your personal data for the purpose you contact us and to the extent necessary to resolve the matter, based on legally expressed consent. Providing data is not mandatory in this case but facilitates communication. Data will be processed until consent is withdrawn.​

TYPES OF PERSONAL DATA PROCESSED

The Administrator processes the following categories of user personal data:

• First and last name​
  
• Email address ​mysparkdenver.org+3scandit.com+3Spark+3
  
• Phone number​ drivheavydutyparts.com
  

DATA RETENTION PERIOD

User personal data are stored by the Administrator when the basis for data processing is contract performance, as long as it is necessary to perform the contract, and thereafter for a period corresponding to the limitation period of claims. Unless a specific provision states otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to business activity – three years.​

4. When using the website, additional information may be collected, in particular: IP address assigned to the user’s computer or external IP address of the Internet provider, domain name, browser type, access time, operating system type. These data may be stored for a maximum period of three years.​
   
5. Navigational data may also be collected from users, including information about links and references they choose to click on or other activities undertaken on the website. The legal basis for such activities is the legitimate interest of the Administrator (Article 6(1)(f) GDPR), consisting in facilitating the use of services provided electronically and improving their functionality. These data may be stored for a maximum period of three years.​
   
6. Providing personal data by the user is voluntary. Refusal to provide data will result in the loss of some functionalities of the service.​
   
7. The Administrator takes special care to protect the interests of data subjects, and in particular ensures that the data collected are:​
   

• processed lawfully,​
  
• collected for specified, lawful purposes and not further processed in a manner incompatible with those purposes,​
  
• substantially correct and adequate in relation to the purposes for which they are processed, and stored in a form that allows the identification of data subjects for no longer than is necessary to achieve the purpose of processing.​
  

III. SHARING OF PERSONAL DATA

User personal data are transferred to service providers used by the Administrator in operating the website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, either follow the Administrator’s instructions regarding the purposes and methods of processing these data (processors) or independently determine the purposes and methods of their processing (controllers).​

User personal data are stored exclusively within the European Economic Area (EEA).​

IV. RIGHT TO CONTROL, ACCESS, AND CORRECT PERSONAL DATA

The data subject has the right to access their personal data and the right to rectify, delete, restrict processing, the right to data portability, the right to object, and the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal, sent to the address biuro@spark.pm​

Legal grounds for the user’s request:

a. access to their personal data,​

b. correction of incorrect personal data,​

c. restriction of personal data processing,​

d. data portability processed in IT systems based on given consent,​

e. withdrawal of consent and deletion of their personal data in the case of data processed based on given consent.​

To exercise the rights mentioned in point 2, please contact us personally or by correspondence (including email). We reserve the right to verify the identity of the person making the request. If you