Privacy Policy

SYBARIS Art & Antiquities

PRIVACY POLICY

In accordance with the obligation arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”), we provide the following information:

Who is the administrator of your personal data?

The administrator of your personal data is Marcin Rudnicki, conducting business activity under the name Galeria Sztuki Dawnej SYBARIS,
address: Al. Komisji Edukacji Narodowej 11, unit 12B, 02-797 Warsaw, Poland
NIP: 5251098967, REGON: 011024880
Tel.: +48 787 030 847
E-mail: sybaris.antiqart@gmail.com
Website: www.sybaris.pl
(hereinafter referred to as the “Administrator” or “Service Provider”).

Core of our privacy policy

We apply technical and organizational measures ensuring the protection of processed personal data, adequate to the risks and the categories of protected data. In particular, we secure your data against disclosure to unauthorized persons, unauthorized access, unlawful processing, as well as alteration, loss, damage, or destruction.

How do we obtain your personal data?

You provide them to us when submitting inquiries, placing orders with our company, or participating in our online auctions.
We do not purchase or obtain collective customer databases.

What personal data do we collect?

We only process the data necessary for our business activity, in particular:

1. Identification data of potential customers, clients, and contractors: name, surname, company name, correspondence address, phone number, email address, bank account number, PESEL, NIP, REGON, login (in case of online auctions).

2. We do not process sensitive data within the meaning of Articles 9–10 GDPR.

Purpose and legal basis for processing your personal data

We process your personal data on the basis of Article 6(1)(b) GDPR to perform the contract concluded with you, to fulfill your order, or to take steps prior to concluding a contract, in particular to:

a) inform you about our offer;
b) process your orders;
c) handle complaints, withdrawals, and other consumer rights;
d) respond to your inquiries and requests;
e) contact you in matters related to the contract.

We also process your data based on your consent, in order to:

a) analyze data from our website stored in cookies;
b) carry out marketing activities by phone or electronic means.

You may withdraw your consent at any time, without giving a reason, in the same way it was given. Withdrawal does not affect the lawfulness of processing based on consent prior to its withdrawal.

Additionally, under Article 6(1)(c) GDPR, we process your data to meet our legal obligations (tax and accounting purposes).

Furthermore, under Article 6(1)(f) GDPR, we process your data in pursuit of our legitimate interests, including:
a) conducting marketing activities, including direct marketing of our services (you may object—see below);
b) contacting you for permissible marketing purposes (with your consent—by phone or email);
c) pursuing or defending legal claims;
d) conducting statistical analyses;
e) archiving data and ensuring accountability (demonstrating compliance with legal obligations).

Is providing your personal data obligatory?

To conclude a contract with us, you must provide the following personal data: name, surname, email address, full correspondence address, phone number, and for entrepreneurs –TAX number.

Providing this data is voluntary, but without it, we cannot conclude a contract with you.

If required by law, we may ask you to provide additional data for accounting or tax purposes.

Your rights regarding personal data

You have the right to request from the Administrator:

a) access to your data (Art. 15 GDPR),
b) rectification of your data (Art. 16 GDPR),
c) erasure of your data (“right to be forgotten,” Art. 17 GDPR),
d) restriction of processing (Art. 18 GDPR),
e) data portability (Art. 20 GDPR).

You also have the right to object at any time to the processing of your personal data, including direct marketing and profiling (Art. 21 GDPR).

You may also withdraw your consent at any time if processing is based on your consent.

You have the right to lodge a complaint with the supervisory authority: President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw, Poland.

You may exercise these rights where:

You may exercise the following rights under the GDPR:
a) Right of access (Article 15 GDPR) – You have the right to obtain confirmation as to whether we process your personal data, and if so, to receive information regarding, in particular, the legal basis, the scope, and the purposes of such processing.
b) Right to rectification (Article 16 GDPR) – You have the right to request the rectification of your personal data if you consider that such data are inaccurate or incomplete.
c) Right to erasure (Article 17 GDPR) – You have the right to request the erasure of your personal data in the circumstances set out in Article 17 of the GDPR (“right to be forgotten”).
d) Right to restriction of processing (Article 18 GDPR) – You have the right to request the restriction of the processing of your personal data in the circumstances set out in Article 18 of the GDPR. In such cases, your data will only be stored by us, and any further processing will require your consent, unless other grounds provided for in Article 18(2) GDPR apply.
e) Right to data portability (Article 20 GDPR) – You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller, where technically feasible.

Who may we share your data with?

We may disclose your personal data to:

1. IT service providers (email server, domain, cloud computing, online auction platforms, etc.)
2. Authorized public authorities under applicable law.
3. Accounting office (for accounting purposes).
4. Postal operators or carriers (for order delivery).
5. Legal advisors (for defending our rights).
6. Companies analyzing statistical data.
7. Other entities cooperating with us or processing data on our behalf, on the basis of a separate agreement and with your consent.

Data retention period

We store your personal data for no longer than necessary, depending on the processing purpose and legal requirements:

For the duration of the contract and up to 6 years after its termination, or for the duration of court/administrative proceedings.

For pre-contractual data: up to 1 year from collection.

For marketing purposes: until the contract ends or until you object to such processing.

Transfer of data outside the European Economic Area (EEA)

Your personal data may be transferred outside the European Economic Area (EEA) to entities providing us with IT solutions and systems, which may store personal data on servers located outside the EEA (including in the United States).

The legal basis for such transfer may be:

A decision of the European Commission confirming an adequate level of protection, or
the use of appropriate legal safeguards, in particular Standard Contractual Clauses for the protection of personal data approved by the European Commission.
Where no adequacy decision has been issued by the European Commission and no appropriate safeguards are in place, personal data may be transferred to a third country on the basis of one of the derogations provided for in Article 49(1) GDPR, in particular on the basis of your explicit consent.

You have the right to obtain a copy of the personal data transferred to a third country.

We do not process your personal data in an automated way (including profiling) that affects your rights.

Cookies Policy

1. Our website uses “cookies.” Not changing your browser settings means you consent to their use.

2. Cookies are necessary for the proper functioning of the website, especially in areas requiring authorization.

3. Types of cookies used:

a) Session cookies – temporary files stored until logout/closing the website.

b) Analytical cookies – collect information about website usage (visits, duration, etc.) for statistical purposes, without recording personal data.

4. You may manage cookies through your browser settings. Detailed instructions are available in your browser’s settings section.

Contact regarding your personal data

You may contact us regarding your personal data at:
sybaris.antiqart@gmail.com
or by traditional mail:
Al. Komisji Edukacji Narodowej 11, unit 12B, 02-797 Warsaw, Poland.

This Privacy Policy enters into force on 14 August 2025.
We reserve the right to amend this Privacy Policy due to the development of our services or regulatory changes. Updates will be published on our website, and Users will be informed of any significant changes affecting the use of our services.

The protection of your personal data is our highest priority. We assure you that your data is treated with due care and in full compliance with data protection laws.