Privacy Policy

 

PETROL VIBES

PRIVACY POLICY


  1. What is the purpose of this Privacy Policy?


Our Company (referred to as "we," "us," or "our") recognizes the importance of your data privacy. In this privacy policy ("Policy"), we describe how we collect, use, and disclose personal information ("Data") in relation to our services ("Services"), our website, https://petrolvibes.com/, and other websites where we post this Policy ("Website").

  1. Who is my Data Controller?


Email address: petrolvibes.team@gmail.com


  1. Purposes and legal basis of processing, categories of the Data concerned


    1. Providing products


When you purchase one of our metal wall art pieces or request a custom design, we process your Data to create, produce, and deliver the artwork you have ordered. This includes managing your customer account, processing payments, and ensuring the proper delivery and performance of our services.


Legal basis for the processing

Categories of the Data concerned

Is the provision of the Data a requirement?

Contract (Article 6(1)(b) of GDPR)


Legitimate interest (to provide services and products to entities you represent) (Article 6(1)(f) of GDPR)

Name and surname, e-mail address, telephone number, billing and shipping address (street, city, postal code, country), company name (if provided), order and delivery details (product, size, color, plug type, quantity), payment method and transaction identifiers, car model and year, uploaded reference photo (for custom design orders), communication records, and feedback

Yes, this is a contractual requirement. If you do not provide this data, you will not be able to order our services


    1. Handling your inquiries, requests and complaints


When you submit an inquiry, request, or complaint, we process the Data listed below in order to provide you with appropriate support and to ensure proper handling of your case.


Legal basis for the processing

Categories of the Data concerned

Is the provision of the Data a requirement?

Consent (Article 6(1)(a) of GDPR)


Legitimate interest (to handle your inquiries (Article 6(1)(f) of GDPR)

Name, surname, e-mail address, telephone number, residential or business address, the content of the inquiry, request, or complaint, information and documents related to the submitted inquiry, request, or complaint, responses, correspondence records, chat transcripts, and any other information voluntarily provided by you in the course of communication

No


    1. Marketing & social media


When you register on our website, provide us with your consent, or when we have a legitimate interest, we may process your Data for marketing purposes, including sending you relevant offers, updates about our or our partners’ services and goods, and requests for feedback about the services we provide. In addition, when you interact with our social media accounts, we process the Data generated from these interactions in order to administer and improve our social media presence and to communicate with you effectively.


Legal basis for the processing

Categories of the Data concerned

Is the provision of the Data a requirement?

Consent (Article 6(1)(a) of GDPR)


Legitimate interest (to inform you about our services and goods) (Article 6(1)(f) of GDPR)

Name and surname, e-mail address, telephone number, demographic information (age, gender, location, language preferences), communication preferences and consents, social media identifiers and usernames, profile information (profile photo, description, public interests), comments, reactions, messages sent to us, our replies to your messages, participation in surveys, promotions, contests, reviews, testimonials, and events, browsing behavior on our websites and apps, interactions with marketing communications, device and technical data (IP address, device type, operating system, browser type, advertising identifiers, cookies, pixel tags, and similar technologies), geolocation data (if enabled), social media engagement statistics, ratings

No


    1. Security, functionality, and improvement of our services and products


To ensure the security, stability, and proper functioning of our website and products, as well as to protect against fraud, abuse, and unauthorized access, we automatically collect and process certain technical and usage-related data. This information also helps us monitor performance, detect errors, implement product upgrades, develop new features, and improve the overall user experience.


Legal basis for the processing

Categories of the Data concerned

Is the provision of the Data a requirement?

Legitimate interest

(to ensure the security, proper functioning, and continuous improvement of the website, mobile application, and products) (Article 6(1)(f) of GDPR)

IP address, device identifiers, device type and model, operating system and version, browser type and version, screen resolution, language settings, time zone, login data, session identifiers, cookies and similar tracking technologies, browsing and interaction data on the website, in the mobile app, and with product features, referrer URL, geolocation data (if enabled), network and connection information, log files, error and crash data, authentication and access records, user account activity (including login attempts), order history (to detect suspicious or unusual activity), feedback and in-app behavior related to product usage

No


    1. Recruitment


When you apply for a vacant position in our company or when we contact you regarding job opportunities, we process your Data related to the recruitment process.


Legal basis for the processing

Categories of the Data concerned

Is the provision of the Data a requirement?

Consent (Article 6(1)(a) of GDPR)


Legitimate interest to contact you regarding job opportunities in our company (Article 6(1)(f) of GDPR)

Name, surname, place of residence or residential address, e-mail address, telephone number, information about work experience (employer, period of employment, position, responsibilities, achievements), information about education (educational institution, period of study, degree and/or qualification obtained), information about training (courses attended, certificates obtained), information about language skills, IT skills and other competences, other information provided in the CV, cover letter or other application documents, name of the referee/recommending person, content of the recommendation, summary of the interview, notes and opinions of the recruiter, results of candidate testing

No


    1. Video surveillance (CCTV) & access control


To ensure the safety of individuals, property, and infrastructure, we operate video surveillance systems (CCTV) in our premises, surrounding territories, and adjacent areas managed by us. In addition, we use access control systems, including entry badges and electronic logs, to manage and record access to our premises and restricted areas.


Legal basis for the processing

Categories of the Data concerned

Is the provision of the Data a requirement?

Legitimate interest to ensure the safety of persons and property (Article 6(1)(f) of GDPR)

Video recordings (including time and location of recording), visual image of the individual, behavior and activities captured in monitored areas, incident-related information, access badge identifiers, badge usage logs (entry/exit times, doors or zones accessed), and system-generated access control records.

No


    1. Compliance with legal requirements and defence of our legal interests


We will retain the Data in accordance with statutory limitation periods to defend our rights and legal interests if necessary. Some data must be retained to comply with legal requirements in accounting, archiving, and other areas. In rare cases, if you become involved in a legal process to which we are a party, we will use this data for that legal process.


Legal basis for the processing

Categories of Data concerned

Is the provision of the Data a requirement?

Legal obligation (Article 6(1)(c) of GDPR)


Legitimate interest in protecting our rights and legal interests (Article 6(1)(f) of GDPR)

Name, surname, email address, contracts, legally binding documents and data, correspondence, legal documents, pleadings, annexes, court documents, investigative information, information about convictions and criminal offences, information about the IT and communication tools we have provided to you, username, password, correspondence, information about the use of the IT and communication tools, logs, possible breaches and incidents, and any other Data provided and collected

When the processing of your Data is required under applicable laws, providing this data becomes a legal necessity. If you are unable to provide this data, unfortunately, we will not be in a position to offer our services to you.


  1. How long do you keep my Data?


We retain the Data in a form that allows your identity to be determined no longer than necessary for the purposes for which the Data is processed, and in accordance with legal requirements. If Data is no longer required for our purposes and there are no legal obligations to retain it, we delete it. We store Data as necessary for compliance with legal obligations, including statutory retention periods, and for the establishment, exercise, or defence of legal claims. In any case, your Data shall be kept for no longer than 10 years from the termination of your relationship with us.



  1. Where do you collect my Data from?


We collect most of the Data from you. Where necessary for the purposes set out below, we collect Data from other sources.


Source of origin of data

Purpose of processing

Recruitment agencies, job search portals, professional social networks (e.g. LinkedIn)


Recruitment

Health care institutions

Investigation of workplace accidents

State labour, social security, tax, supervisory authorities, police, prosecutors, courts, law enforcement and other state and municipal authorities, participants in legal proceedings and their representatives

Compliance with legal requirements and defense of our legal interests


  1. Who do you share my Data with?


Where necessary for the above purposes and subject to applicable law, we share data with the following recipients.


Recipients or categories of recipients

If the Data are to be transferred

to a third country or an international organisation:

Third country

Safeguard measure or exemption allowing the transfer

Lawyers, notaries, bailiffs, data protection officers, auditors, tax, business, HR and other consultants

---

Providers of IT tools and services, electronic communications service providers, travel agencies, insurance companies, archiving and other service providers

---

State labour, social security, tax, supervisory authorities, police, prosecutors, courts, law enforcement and other state and local authorities


---

Horzo MB (marketing service provider)

---

Omnisend UAB (email marketing automation and communication service provider)

---

Shopify Inc. (e-commerce platform and cloud service provider)

Canada

EC Adequacy Decision

PayPal (payment processing service provider)

USA

EU Standard Contractual Clauses

Stripe Inc. (payment processing service provider)

USA

EU Standard Contractual Clauses

Google Inc. (IT infrastructure and services provider)

USA

EU Standard Contractual Clauses

Facebook (Meta) (social media service provider)

USA

EU Standard Contractual Clauses

TikTok Technology Ltd (social media and marketing service provider)

China

EU Standard Contractual Clauses

LinkedIn (social media service provider

USA

EU Standard Contractual Clauses

Potential or actual purchasers of the business or part of it and their authorised advisers or representatives

Various

EU Standard Contractual Clauses


  1. What rights do I have in relation to the processing of my Data?


My right

Summary

Right of access

The right to obtain confirmation from us as to whether Data relating to you is being processed and, if such Data is being processed, the right to have access to the Data and information about the processing.

Right to rectification

The right to require us to rectify inaccurate Data relating to you.

Right to erasure (‘right to be forgotten’)

- when Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

- when you withdraw consent on which the processing of Data is based and there is no other legal ground for the processing;

- when you object to the processing of Data and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;

- where the Data have been unlawfully processed;

- where the Data have to be erased for compliance with a legal obligation;

- where the Data have been collected in relation to the offer of information society services directly to a child and subject to a consent.

Right to restriction of processing

- where the accuracy of the Data is contested by you;

- where the processing of Data is unlawful and you oppose the erasure of the Data and request the restriction of their use instead;

- where we no longer need the Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

where you have objected to the processing of the Data and until it has been verified whether our legitimate interests override yours.

Right to data portability

where you seek to receive the Data you have provided in a structured, commonly used and machine-readable form or to transmit those data to another controller, the processing is based on consent or on a contract and is carried out by automated means.

Right to object

where the collection and use of the Data is based on a task carried out in the public interest or in the exercise of official authority vested or legitimate interest, including profiling, as explained in Section 3 of this Privacy Policy, or where you object to the collection of your data for direct marketing purposes.

Right to withdraw consent

where the processing of Data is based on consent, as explained in Section 3 of this Privacy Policy, and you seek to withdraw it at any time.

Right to lodge a complaint

Right to lodge a complaint with a supervisory authority.

Right to opt out of selling, sharing, and/or targeting

Subject to certain exceptions, you have the right to opt out of certain processing activities. For example, you may request that we stop selling or sharing your Data for (i) cross-context behavioral advertising / targeted advertising, (ii) the sale of personal data, and (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

Right to limit the use and disclosure of sensitive Data

Subject to certain exceptions, residents of certain states may request that we limit the use and disclosure of sensitive Data, as that term is defined in the applicable laws.

Right to non-discrimination

You are entitled to exercise the rights described above free from discriminatory treatment prohibited by the applicable laws.


  1. How to submit a request?


We will respond to permitted requests in accordance with applicable laws, if it can verify/authenticate the identity of the individual submitting the request. You may submit a request through our Web Request Form or by submitting a request by email at petrolvibes.team@gmail.com .


  1. Does your website place cookies on my device?


A cookie is a small piece of data saved by the Website on your computer or mobile device. Cookies facilitate the Website's ability to remember details about your visit, thereby simplifying future visits and enhancing the site's utility for you. Additionally, other technologies, such as unique identifiers for identifying your browser, app, or device, pixels, and local storage, may be employed for similar purposes.

The specific cookies and similar technologies we use are listed in our Cookie List, which describes each cookie’s purpose, category, whether it is set by us or a third party, and its duration.

  1. How can I manage cookies?


You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. You can control the use of functionality cookies, targeting cookies or advertising cookies by adjusting your browser settings. To find out how to manage cookies in your browser, please visit one of the links below:


  1. Automated decision-making, including profiling


No, we do not make decisions based solely on automated processing of Data, including profiling, which would produce legal effects concerning you or similarly significantly affects you.


  1. Can I use an authorized agent?


Sure. You may use an authorized agent to submit a request to opt out on your behalf if you provide us with written permission for the authorized agent to do so. Please provide us with a copy of this permission. We may deny a request from an authorized agent that does not submit proof that they have been authorized by you to act on your behalf. You may also make a request on behalf of your minor child.


  1. Do we process information about minors?


We do not knowingly process the information of minors under 18 years of age. By using the website and/or our services, the user asserts they are not under 18 years of age. If you are under 18 years of age, please do not use our website and/or services and do not submit any information through our websites or services without the parents’ permission. If we become aware that we have inadvertently received information of minors under 18 years of age, we will delete such information from our records.


  1. Can this Policy be amended?


We may amend this Policy unilaterally from time to time. Any such amendments will take effect immediately upon publication. Therefore, please visit our website at https://petrolvibes.com/pages/privacy-policy regularly to review the latest version of this Policy.



Last update date: 14 October 2025