1. General provisions

This privacy policy sets out the rules for processing personal data collected through the carsystems.eu online shop. The data controller is Car-Systems Krzysztof Maciejewski, based in Gorzów Wielkopolski, Poland (contact details above). Data processing is carried out in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR).

2. Scope of data processed

Depending on the nature of contact and use of the shop, we may process: identification and contact data (first and last name, delivery and billing address, phone number, e-mail address), business data in the case of B2B purchases (company name, VAT ID, registered address), order-related data (purchase history, customer service correspondence) and technical data automatically collected during use of the website (IP address, browser type, cookie data).

We do not store payment card details or other sensitive financial data — payments are handled by specialised third-party processors.

3. Purposes and legal bases of processing

We process personal data for the purpose of performance of the sales contract and order handling (Art. 6(1)(b) GDPR), fulfilment of legal obligations imposed on the controller, in particular tax and accounting obligations (Art. 6(1)(c) GDPR), the controller's legitimate interest — including maintaining statistics, improving the shop, handling complaints and pursuing potential claims (Art. 6(1)(f) GDPR), and — in the case of subscription to a newsletter or other voluntary marketing communications — on the basis of consent (Art. 6(1)(a) GDPR).

4. Data retention period

Data related to order fulfilment and accounting documentation is retained for the period required by tax and accounting law — as a rule, for 5 years from the end of the year in which the tax obligation arose. Customer account data is retained until deleted by the user. Data processed on the basis of consent is retained until consent is withdrawn. Data needed for defence against claims is retained until the limitation period expires.

5. Data recipients

Personal data may be entrusted to the following categories of entities: courier companies for parcel delivery, payment processors for transaction handling, IT service providers (hosting, e-commerce platform, e-mail), the accounting office for bookkeeping, and public authorities in cases provided for by law. All entities processing data on our behalf are bound by data processing agreements ensuring an appropriate level of protection.

6. Data transfers outside the EEA

In the case of shipments outside the European Economic Area, data necessary for delivery (name, address) may be transferred to the carrier and to customs authorities of the destination country, only to the extent necessary for the shipment and customs clearance. Where we use tools provided by entities in third countries, data transfer is based on appropriate safeguards under the GDPR (including Standard Contractual Clauses adopted by the European Commission).

7. Rights of the data subject

You have the right to access your data, to rectify, erase, restrict its processing, to data portability, and to object to processing based on the controller's legitimate interest. Where processing is based on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out prior to such withdrawal. You also have the right to lodge a complaint with the supervisory authority — the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa, Poland).

To exercise your rights, please contact us at info@carsystems.eu.

8. Data security

We apply appropriate technical and organisational measures to protect the data we process. Connections to our website are encrypted using SSL/TLS (HTTPS), only authorised persons have access to the data, and user passwords are stored in encrypted form. Card payments are handled by certified processors operating to PCI DSS standards — card data never reaches our servers.

9. Cookies

Our website uses cookies (small text files stored on the user's device) to ensure the proper functioning of the shop, to remember preferences and to maintain statistics. Detailed information on the cookies used is provided in the table below:

Cookie settings can be changed at any time in your web browser settings. Disabling essential cookies may prevent certain shop features from working correctly.

10. Links to other websites

Our website may contain links to external services (including UPS, GLS, Facebook, YouTube). We are not responsible for the privacy practices or content of external services. Reviewing their privacy policies is the user's responsibility.

11. Changes to the privacy policy

We reserve the right to make changes to this policy. We will inform users of any significant changes by publishing a new version on this page along with the current effective date.