...
00
US | PL | RU | UA000
+48 721 839965
Working hours: 09:00-18:00 Mon-Sat.
+48 721 839965
Working hours: 09:00-18:00 Mon-Sat.
  • 0
  • 0
  • 0
Cart
Total: 0
CheckoutContinue

Privacy Policy of the FARO Online Store

The protection of your privacy while using our FARO online store (hereinafter "Service") is of the utmost importance to us. In this privacy policy, we explain the principles and scope of our processing of your personal data, your rights, and our obligations as a data controller.

§ 1. Definitions

  • Controller (or Seller) – the company DYNASTIA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, located at: ul. Kalwaryjska 69/9, 30-504 Kraków, Poland, KRS: 0001027326, NIP (Tax ID): 7011135983, REGON: 524835940.
  • Service – the online store operated by the Controller at the address https://faro.style/.
  • User – any natural person visiting the Service or using one or more of the services or features described in this Policy.
  • Account – a User account registered in the Service, through which the User can place orders.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

§ 2. Personal Data Controller

The controller of your personal data is: DYNASTIA SPÓŁKA Z OGRANICZONĄ ODPOWIEDZIALNOŚCIĄ, ul. Kalwaryjska 69/9, 30-504 Kraków, Poland, KRS: 0001027326, NIP (Tax ID): 7011135983, REGON: 524835940.

For questions regarding the processing of personal data, you can contact us:

  • By email: [email protected]
  • By mail: DYNASTIA SP. Z O.O., ul. Kalwaryjska 69/9, 30-504 Kraków, Poland

§ 3. Purposes and Legal Bases for Data Processing

We process your personal data for the following purposes:

  1. Conclusion and performance of a sales contract (order fulfillment), including payment processing, delivery of goods, as well as processing returns and complaints.
    • Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract).
  2. Creation and maintenance of an Account in the Service.
    • Legal basis: Art. 6(1)(b) GDPR (necessity for the performance of a contract for the provision of the Account service).
  3. Direct marketing of our products (Newsletter).
    • Legal basis: Art. 6(1)(a) GDPR (your voluntary consent).
  4. For analytical and statistical purposes to improve the operation of the Service.
    • Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in optimizing our services).
  5. To comply with legal obligations imposed on the Controller, for example, those arising from tax and accounting legislation.
    • Legal basis: Art. 6(1)(c) GDPR (legal obligation).
  6. For the possible establishment, investigation, or defense against claims.
    • Legal basis: Art. 6(1)(f) GDPR (our legitimate interest).

§ 4. What Data Do We Process?

We process the following categories of your data:

  • When placing an order: first and last name, email address, phone number, delivery address (street, house number, postal code, city, country), order details. In the case of a company – Tax ID (NIP) and company name.
  • When creating an Account: first and last name, email address.
  • When subscribing to the newsletter: email address.
  • Data collected automatically: IP address, browser information, data about activity on the Service (cookies).

§ 5. Rights of Data Subjects

In connection with the processing of your data, you have the following rights:

  • The right to access your data.
  • The right to rectify (correct) your data.
  • The right to erasure of data (the so-called "right to be forgotten").
  • The right to restrict data processing.
  • The right to data portability to another controller.
  • The right to object to data processing.
  • The right to withdraw consent at any time (without affecting the lawfulness of processing based on consent before its withdrawal), if processing is based on consent.
  • The right to lodge a complaint with a supervisory authority – the President of the Personal Data Protection Office (ul. Stawki 2, 00-193 Warszawa, Poland).

§ 6. To Whom Do We Disclose Your Data?

Your personal data may be transferred to entities that process data on our behalf, including:

  • IT service and hosting providers: ITMSFT Group, Microsoft Azure, Google Cloud, Cloudflare.
  • Payment operators: Stripe, Blik, Visa, Mastercard, Apple Pay, Google Pay.
  • Courier and postal companies: InPost, DPD, Poczta Polska, GLS, UPS.
  • Providers of analytical and marketing tools.
  • An accounting company.

These entities process data based on a contract with us and solely in accordance with our instructions.

In some cases, such as when using advertising tools from Meta Platforms, Inc. or authentication services from Google LLC, we and our partner may act as joint controllers under Article 26 of the GDPR. Under our agreement, we are responsible for informing you about this processing, and our partner is responsible for processing the data in their systems and ensuring your rights with respect to that data.

§ 7. Data Transfer Outside the European Economic Area (EEA)

In the course of our activities, we may transfer your personal data to recipients located outside the European Economic Area (EEA). We do this with special care, ensuring an adequate level of data protection.

  1. Transfer to the USA based on an Adequacy Decision: Many of our key partners, including Google LLC, Meta Platforms, Inc., Microsoft Corporation, and Cloudflare, Inc., are located in the United States of America. These companies are certified under the EU-U.S. Data Privacy Framework (DPF). Based on the European Commission's adequacy decision of July 10, 2023, data transfers to such certified organizations provide a level of protection equivalent to that guaranteed within the EEA. Therefore, data transfers to these partners are carried out on the basis of this adequacy decision (Article 45 GDPR).
  2. Transfer based on other mechanisms: In the case of data transfers to countries for which the European Commission has not adopted an adequacy decision, or to recipients not participating in the DPF, we use other legal mechanisms to ensure the protection of your data. These mechanisms include, in particular, Standard Contractual Clauses (SCCs), approved by the European Commission (Article 46 GDPR). When using SCCs, we also conduct a Transfer Impact Assessment to identify and apply any additional measures necessary to protect your rights.

You can request additional information about the data transfer mechanisms and a copy of the applied safeguards by contacting us at the address specified in §2.

§ 8. Data Retention Period

  • Data related to order fulfillment – for the period necessary to perform the contract, and thereafter for the period stipulated by law (e.g., tax law, up to 5 years from the end of the calendar year in which the tax payment deadline expired) and for the purpose of pursuing claims.
  • Account data – for the entire period you have an Account in the Service, until its deletion.
  • Marketing data (Newsletter) – until consent is withdrawn.

§ 9. Cookies

Our Service uses cookies. These are small text files saved on your device. We use them for functional (session maintenance, saving the shopping cart), analytical, and marketing purposes. You can manage cookies in your web browser settings. Detailed information on this topic can be found in a separate Cookie Policy.

§ 10. Changes to the Privacy Policy

We reserve the right to make changes to this Privacy Policy. We will inform about any changes on the Service. Last updated date: June 24, 2025.