Privacy Policy

Who we are
What we collect
How we use your data
Legal basis (GDPR)
Third-party platforms
How long we keep data
Your rights
Security
Data deletion
Changes to this policy
Contact

01 — Who we are

Jasse ("we," "us," "our") is a lifestyle brand based in Poland. We curate vintage watches and jewelry, host a community for those interested in style, kindness, and self-improvement, and operate the website at jasse.pl.

The data controller, in the meaning of Regulation (EU) 2016/679 (GDPR), is Jasse, reachable at jassebusiness@gmail.com.

02 — What we collect

We collect only what is necessary to run our small operation. Specifically:

Information you give us directly

Your name and email address when you write to us
Postal address and order details if you purchase a watch through Vinted, Instagram DMs, or directly from us
Any message content you send us

Information collected through social-media platforms

To publish posts to our own social-media accounts, we use a self-hosted scheduling tool (Postiz) that connects to the official APIs of Meta (Instagram, Facebook), Pinterest, and TikTok. Through these APIs, the tool stores on our private server:

Our own social profile identifiers and access tokens (these are credentials for our accounts only — we do not collect tokens from anyone else)
The content of posts we schedule and publish (text, images, video — all created by us)
Public engagement metrics on our own posts (likes, comments, reach)

We do not collect, store, or process data belonging to other users of these platforms beyond what is publicly displayed on our own posts.

Information collected automatically

Basic server logs (IP address, browser type, pages visited) for security and to understand how the site is used. Logs are retained for 30 days, then deleted.
We do not currently use analytics services like Google Analytics. If we add any, this policy will be updated.

03 — How we use your data

We use the data we collect only for these purposes:

To reply to messages you send us
To fulfil orders for watches or jewelry you purchase from us
To publish and schedule posts on our own social-media accounts
To keep the website secure (server logs)

We do not sell your data. We do not share it with advertisers. We do not use it for automated decision-making or profiling.

04 — Legal basis (GDPR)

Under Article 6 of the GDPR, we rely on the following legal bases:

Consent — for any optional communications. You can withdraw consent at any time.
Contract — when you buy something from us, we need your details to deliver it.
Legitimate interest — to run and secure our website, reply to inquiries, and manage our own social media presence.
Legal obligation — to keep records of sales as required by Polish tax law.

05 — Third-party platforms

To operate Jasse, we use the following services. Each has its own privacy policy that governs how it handles data:

Meta Platforms (Instagram, Facebook) — for publishing posts to our own accounts via the Meta Graph API. Meta Privacy Policy
Pinterest — for publishing pins to our own boards via the Pinterest API. Pinterest Privacy Policy
TikTok — for publishing videos to our own account via the TikTok API. TikTok Privacy Policy
Vinted — for selling watches and jewelry. Vinted Privacy Policy
Resend — to send transactional emails. Resend Privacy Policy
Hetzner — our website is hosted on servers in Helsinki, Finland (EU). Hetzner Privacy Policy

Our use of these platforms is limited to publishing our own content and running our own business. We do not request access to data belonging to other users of these platforms.

06 — How long we keep data

Order records — 5 years (required by Polish tax law)
Email correspondence — 12 months after the last reply, unless you ask us to delete it sooner
Social-media access tokens — until you disconnect the integration or we close the relevant account
Server logs — 30 days

07 — Your rights

Under the GDPR, you have the right to:

Access — request a copy of the personal data we hold about you
Rectification — ask us to correct anything that's wrong
Erasure — ask us to delete your data ("right to be forgotten")
Restriction — ask us to limit how we use it
Portability — receive your data in a machine-readable format
Objection — object to processing based on legitimate interest
Withdraw consent — at any time, where consent was the legal basis
Lodge a complaint — with the Polish supervisory authority, the President of the Personal Data Protection Office (UODO), at uodo.gov.pl

To exercise any of these rights, email us at jassebusiness@gmail.com. We aim to respond within 30 days.

08 — Security

We take security seriously. Our website runs over HTTPS with a valid SSL certificate. Our server is hosted in an EU data centre with industry-standard physical and network security. Access tokens and credentials are encrypted at rest. We use strong, unique passwords and two-factor authentication on all accounts.

No system is perfectly secure, but we work to reduce risk continuously. If we ever experience a data breach affecting your personal information, we will notify you and the supervisory authority as required by law.

09 — Data deletion

You can request deletion of your personal data at any time by emailing jassebusiness@gmail.com. We will confirm receipt within 7 days and complete deletion within 30 days, except where we are legally required to keep records (e.g. tax records of completed sales).

If you connected to us through Meta, Pinterest, or TikTok and want us to disconnect: simply revoke our app's access in your platform settings. We will delete the corresponding tokens within 7 days.

10 — Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "last updated" date at the top and, where appropriate, notify you via email or a notice on the website. Continued use of jasse.pl after changes means you accept the revised policy.

11 — Contact

Questions about this policy, your data, or anything related?

Email jassebusiness@gmail.com. We read every message and reply ourselves.

Contents