Privacy Policy

In order to protect the privacy of our users and comply with legal requirements, we hereby publish this Privacy Policy. It explains how we process and secure personal data obtained through our website and other services.

We place great importance on the privacy of our users visiting our website (hereinafter: the "Service"). We make every effort to ensure the security of processed personal data and compliance with applicable laws, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter: "GDPR").

Our Service also uses cookies and similar technologies. For detailed information on how they work, please refer to our Cookies Policy.

1. Data Controller

The Controller of your personal data is Spark DigitUp Sp. z o.o., with its registered office in Krakow at Plac Wolnica 13 lok. 10, 31-060 Kraków, Poland, NIP: 6762496391 (hereinafter: the "Controller").

For matters regarding the processing of personal data, including the exercise of your rights, you may contact our Data Protection Officer (DPO) at: kontakt@trafishop.pl.

2. Categories of Processed Data

We process data that you provide or leave while using the Service, such as information submitted via forms, as well as data collected through cookies (including ID numbers and web browser "user agent" data).

3. Purposes and Legal Grounds for Processing

Your personal data is processed for the following purposes:

  • Service Management and Analytics: To manage, maintain, and improve the Service, as well as for analytical and statistical purposes.
  • Legal basis: Our legitimate interest (Art. 6(1)(f) GDPR).
  • Retention: Until the legitimate interest expires or a successful objection is filed.
  • Provision of Electronic Services: To offer content or functionalities within the Service.
  • Legal basis: Necessity for the performance of a contract (Art. 6(1)(b) GDPR) and compliance with legal obligations.
  • Retention: For the period necessary to conclude and perform the contract.
  • Establishment and Defense of Legal Claims: To protect our rights and defend against potential claims.
  • Legal basis: Our legitimate interest (Art. 6(1)(f) GDPR).
  • Retention: Until the statute of limitations for claims expires.
  • Newsletter: If you sign up to receive our newsletter.
  • Legal basis: Our legitimate interest (Art. 6(1)(f) GDPR) in connection with your consent to receive commercial information.
  • Retention: Until you object (unsubscribe).
  • Communication and Inquiries: To respond to your questions submitted via forms or email.
  • Legal basis: Our legitimate interest (Art. 6(1)(f) GDPR).
  • Retention: Until the matter is resolved or an objection is filed.
  • IT Security: To ensure the security and proper management of our IT systems.
  • Legal basis: Our legitimate interest (Art. 6(1)(f) GDPR).

Advertising and Marketing

We may process your data for marketing activities. Providing data for these purposes is voluntary, though failure to do so may prevent you from receiving tailored marketing content.

  1. Contextual Advertising: Displaying marketing content not tailored to your specific preferences. (Legal basis: Legitimate interest).
  2. Behavioral Advertising: Displaying content matching your interests based on your behavior (profiling). This involves using cookies and similar technologies. (Legal basis: Your consent – Art. 6(1)(a) GDPR).
  3. Direct Marketing: Sending commercial information via SMS/MMS or phone calls. This occurs only if you have provided specific consent. (Legal basis: Legitimate interest based on prior consent).

Social Media

The Controller processes data of users visiting our profiles on social media platforms (e.g., Facebook, YouTube, Instagram, LinkedIn, TikTok). This data is processed solely to manage the profile, inform you about our activities, and promote our events and services. (Legal basis: Legitimate interest).

4. Data Sharing and International Transfers

The Controller does not transfer data to international organizations.

Personal data may be transferred outside the European Economic Area (EEA). In such cases, we ensure an adequate level of protection, primarily through the use of Standard Contractual Clauses approved by the European Commission.

We may share your data with:

  • Service providers (e.g., IT support, hosting, legal advisors).
  • Trusted Partners and entities within our capital group for the purpose of presenting offers.

5. Your Rights

Under the GDPR, you have the following rights:

  • Right of Access: To obtain information about the processing of your data and a copy of the data.
  • Right to Rectification: To correct inaccurate or outdated data.
  • Right to Erasure ("Right to be Forgotten"): To request the deletion of your data in specific circumstances.
  • Right to Restriction of Processing: To request that we limit how we use your data.
  • Right to Data Portability: To receive your data in a structured, commonly used format.
  • Right to Object: To object to processing based on our legitimate interest.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before the withdrawal.
  • Right to Lodge a Complaint: You have the right to complain to a supervisory authority – in Poland, this is the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw.