Terms of purchase

Please, if you wish to become a customer or active user of our Webstore, read our General Terms and Conditions and only use our services if you agree with all of their points and consider them binding on you. This document will not be filed, it will be concluded exclusively in electronic form and cannot be retrieved later.

• Description of operator data
• Description of order information
• Information on order processing
• Description of payment for the ordered product
• Notice on receipt of packages
• Data processing information

• Company name: Jay & Ko Graphics
• Registration: Spain, Canary Islands, Tenerife
• Tax number: Y8236149R
• Language of the contract: English
• Electronic contact: jayandkographics@gmail.com
• Telephone contact: +34 642 893 115

The displayed products can only be ordered online, with postal delivery. The prices displayed for the products do not include VAT and do not include the delivery fee. The detailed delivery fee is a separate item, which is indicated when ordering.
You can browse the product categories in the web store.

1. After making all the necessary changes to the product you wish to purchase, you can add it to your Cart by clicking on the Cart icon.

If you are a registered customer but have forgotten your password, use the Login password reminder. If you enter your registered email address here, your password will be sent to you by email.
You can log in using the Login menu item. Enter your registered email address and password here, then press the Login button.

2. You can check and edit the contents of your cart using the Cart menu item. Here you can view and modify the quantity of the product you have added to your cart, as well as select the payment and delivery method that suits you best, or delete the item.

3. After you have finalized your order, we will send you an automatic confirmation to the email address you provided, which contains the details of your order. If you do not receive such an email, your order has not been accepted by the system. In such a case, please contact us!

If you wish to make a purchase, you must also provide the data required for the purchase during your first purchase. Before finalizing the registration, you must also accept the registration conditions. We will confirm the registration by e-mail. The buyer is obliged to keep the password provided confidential. If, after the correct entry of the buyer's unique identifier and password during identification, the buyer's data falls into the possession of an unauthorized third party, the Data Controller is not liable for any resulting damages or disadvantages. By providing their e-mail address, users consent to the service provider sending them technical messages. The operator will delete the registered data from the system upon request. For security reasons, the deletion request will only be valid if the user confirms the deletion request by e-mail.
The registration is identified by the e-mail address, i.e. each e-mail address can only be registered once.

Orders are processed on working days from 8:00 to 15:30.
It is also possible to place an order outside the times indicated for order processing, if it is placed after working hours, it will be processed on the following working day.
General delivery time, calculated from confirmation, is 3-5 working days. The images displayed on the product data sheet may differ from the real one, in some cases they are included as illustrations. Our company is not responsible for any changes to technical specifications without prior notice due to the supplier or reasons beyond its control.
We reserve the right to reject already confirmed orders in part or in whole. Partial delivery can only take place after consultation with the customer! In case of advance payment of the purchase price of the product, the amount will be returned to the sender.
In the event of a technical error on the website, Jay & Ko graphics has the right to withdraw from the contract, meaning that in this case it is not obliged to manufacture the product.

1. Bank advance payment

We will only ship the product by postal service if the transferred amount arrives at our account number

In the case of bank transfer, please transfer the total amount to be paid to the specified bank account. In the case of advance payment, the package assembly will begin after the amount arrives at our account. The total amount to be paid includes all costs based on the order summary and confirmation letter. The invoice is included in the package. Please inspect the package in front of the delivery person upon delivery, and if there is any damage to the products, ask for a report and do not accept the package. We cannot accept subsequent complaints without a report. You can find information about postal and shipping fees under the delivery conditions menu item.

2. Payment by bank card

By paying by bank card, you can shop conveniently and securely in our store. After ordering the selected goods, all you have to do is click on "payment by bank card" when selecting the payment method, and then enter the card number, expiration date and three-digit security code on the payment server. VISA, VISA Electron, MasterCard, Maestro cards are accepted.

Bank cards issued exclusively for electronic use can only be accepted if their use is permitted by the bank that issued the card! Please check with your bank whether your card can be used for purchases made via the Internet.

By browsing the webshop pages and placing your order, you accept the general terms and conditions of the Jay & Ko Graphics Webshop operated by Jay & Ko Graphics, as well as the data processing principles.

For products in stock 1-3 days. In case the product is not in stock 2 weeks

The rules for data management can be found in the "Data Management Policy" menu item.

Jay & Ko Graphics – hereinafter referred to as the Company – fulfils its obligation to provide prior information to data subjects on the processing of personal data provided for in Regulation (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL by publishing this data protection information, according to which each communication pursuant to the relevant articles of the Regulation shall be provided to the data subjects in a concise, transparent, intelligible and easily accessible form, using clear and plain language to be made available to you.

The Company informs the data subject that it qualifies as a data controller within the scope of processing his or her personal data.

COMPANY NAME: Jay & Ko Graphics
LOCATION: Spain, Canary Islands, Tenerife 
LOCATION: Spain, Canary Islands, Tenerife
VAT NUMBER: Y8236149R
PHONE: +34 642 893 115
NAME OF REPRESENTATIVE: Roland Dudás
EMAIL: jayandkographics@gmail.com
WEBSITE: www.jayandkographics.com
 
Personal data may be disclosed to employees of the Company with access rights related to the relevant data processing purpose, or to persons and organizations performing data processing activities for the Company on the basis of service contracts, to the extent determined by the Company and to the extent necessary for the performance of their activities.

The Company uses an external transport company entrusted with the personal data processed by it on the basis of voluntary consent to deliver the ordered products.

COMPANY NAME: "Sociedad Estatal Correos y Telégrafos, S.A., S.M.E" (Correos)
REGISTERED OFFICE: atConde de Penalver, n19, 28006 Madrid (Spain)
VAT NUMBER: A-83052407
EMAIL: dpdgrupocorreos@correos.com
WEBSITE: www.correos.es
ACTIVITY: postal service

1. "personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2. "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. "restriction of processing" means the marking of stored personal data with the aim of restricting their future processing;

4. "profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal characteristics relating to a natural person, in particular to analyse or predict characteristics relating to performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

5. "pseudonymisation" means the processing of personal data in such a way that the personal data can no longer be identified without further information, provided that such additional information is stored separately and technical and organisational measures are taken to ensure that the personal data cannot be attributed to an identified or identifiable natural person;

6. "filing system" means a set of personal data, whether centralised, decentralised or organised by functional or geographical means, which is accessible on the basis of specific criteria;

7. "controller" means the natural or legal person, public authority, agency or any other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of the processing are determined by Union or Member State law, the controller or the specific criteria for the designation of the controller may also be determined by Union or Member State law;

8. "processor" means the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

9. "recipient" means the natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether or not a third party. Public authorities which have access to personal data in the context of an individual investigation in accordance with Union or Member State law shall not be considered recipients; the processing of such data by those public authorities must comply with the applicable data protection rules in accordance with the purposes of the processing;

10. "third party" means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or the persons who, under the direct control of the controller or the processor, are authorised to process personal data;

11. "consent of the data subject" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

12. "data breach" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

13. "enterprise" means any natural or legal person engaged in an economic activity, regardless of its legal form, including partnerships and associations engaged in regular economic activities.

1. Consent of the data subject

(1) The lawfulness of the processing of personal data shall be based on the consent of the data subject or on another lawful basis laid down by law.

(2) In the case of data processing based on the data subject's consent, the data subject may give his/her consent to the processing of his/her personal data in the following form:

a) in writing, in the form of a declaration of consent to the processing of personal data,

b) electronically, by explicit conduct on the Company's Internet website, by ticking a checkbox or by making relevant technical settings when using information society services, as well as any other statement or act which, in a given context, clearly indicates the data subject's consent to the intended processing of his/her personal data.

(3) Silence, a pre-ticked box or inaction shall therefore not constitute consent.

(4) Consent shall cover all data processing activities carried out for the same purpose or purposes.

(5) If the data processing serves several purposes at the same time, consent shall be given for all data processing purposes. If the data subject gives his consent following an electronic request, the request shall be clear and concise and shall not unnecessarily hinder the use of the service for which consent is requested.

(6) The data subject shall have the right to withdraw his consent at any time. The withdrawal of consent shall not affect the lawfulness of the data processing based on consent before its withdrawal. The data subject shall be informed thereof before giving his consent. The withdrawal of consent shall be made possible in the same simple manner as its giving.

2. Performance of a contract

1. Data processing shall be deemed lawful if it is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the data subject’s request prior to entering into a contract.
2. The data subject’s consent to the processing of personal data that is not necessary for the performance of a contract shall not be a condition for entering into a contract.

3. Compliance with a legal obligation applicable to the data controller, or the protection of the vital interests of the data subject or another natural person

1. The legal basis for data processing is determined by law in the event of compliance with a legal obligation, so the data subject's consent is not required for the processing of his or her personal data.
2. The data controller is obliged to inform the data subject about the purpose, legal basis, duration of data processing, the identity of the data controller, as well as his or her rights and legal remedies.
3. In order to comply with a legal obligation, the data controller is entitled to process the data set that is necessary for the performance of a legal obligation applicable to him or her after the data subject has withdrawn his or her consent.

4. Performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, the legitimate interests of the data controller or a third party.

1. The legitimate interests of the controller, including the controller to whom the personal data may be disclosed, or of a third party, may constitute a legal basis for the processing, provided that the interests, fundamental rights and freedoms of the data subject are not overridden, taking into account the reasonable expectations of the data subject in the context of his or her relationship with the controller. Such a legitimate interest may exist, for example, where there is a relevant and appropriate relationship between the data subject and the controller, for example where the data subject is a client of the controller or is employed by the controller.
2. In order to determine whether a legitimate interest exists, it is necessary to carefully examine, inter alia, whether the data subject can reasonably expect, at the time and in the context of the collection of the personal data, that the data may be processed for the given purpose.
3. The interests and fundamental rights of the data subject may prevail over the interests of the controller if the personal data are processed in circumstances in which the data subject does not expect further processing.

1. Information and access to personal data

The Data Subject has the right to view his/her personal data stored by the Data Controller and information related to their processing, to request it at any time, to check what data the Data Controller keeps about him/her, and to have access to personal data. The Data Subject must submit his/her request for access to the data in writing (by email or post) to the Data Controller. The Data Controller shall provide the information to the Data Subject in a widely used electronic format. The Data Controller shall not provide verbal information by telephone in the event of exercising access.

In the event of exercising the right of access, the information shall cover the following information:

• definition of the scope of data processed: name, billing name, billing address, email address, telephone number, depending on the service used,
• purpose, time, legal basis of data processing with regard to the scope of data processed,
• data transfer: to whom the data have been transferred or will be transferred in the future,
• identification of the data source.

The Data Controller shall provide the Data Subject with a paper or electronic copy of the personal data free of charge for the first time. For further copies requested by the Data Subject, the Data Controller may charge a reasonable fee based on administrative costs. If the Data Subject requests the copy electronically, the Data Controller shall provide the Data Subject with the information by email in a widely used electronic format.

After the information, if the Data Subject does not agree with the data processing or the accuracy of the processed data, he may request the correction, completion, deletion or restriction of the processing of his personal data as specified in Section 6, object to the processing of such personal data, or initiate the procedure specified in Section 7.

2. Right to rectification and completion of processed personal data

At the request of the Data Subject, the Data Controller shall, without undue delay, rectify inaccurate personal data indicated in writing by the Data Subject, or complete incomplete data with the content indicated by the Data Subject. The Data Controller shall inform all recipients to whom the personal data has been disclosed of the rectification or completion, unless this proves impossible or requires a disproportionate effort. The Data Subject shall be informed of the data of these recipients upon written request.

3. Right to restriction of data processing

The Data Subject has the right to obtain from the Data Controller, upon written request, restriction of data processing if

the Data Subject disputes the accuracy of the personal data, in which case the restriction shall apply for a period enabling the Data Controller to verify the accuracy of the personal data,

the data processing is unlawful and the Data Subject opposes the erasure of the data and requests the restriction of their use instead,

the Data Controller no longer needs the personal data for the purposes of the data processing, but the Data Subject requires them for the establishment, exercise or defence of legal claims,

the Data Subject objects to the data processing; in which case the restriction shall apply for a period of time until it is determined whether the legitimate grounds of the Data Controller override those of the Data Subject.

The Data Controller shall inform the Data Subject at whose request the data processing was restricted in advance of the lifting of the restriction of data processing.

4. Right to erasure (to be forgotten)

At the request of the Data Subject, the Data Controller shall erase personal data concerning the Data Subject without undue delay if one of the following grounds applies:

i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed by the Data Controller;

ii) the data subject withdraws his/her consent on which the data processing is based and there is no other legal basis for the data processing;

iii) the data subject objects to the data processing on grounds relating to his/her particular situation and there are no legitimate grounds for the data processing;

iv) the data subject objects to the processing of personal data concerning him/her for direct marketing purposes, including profiling, where this is related to direct marketing;

v) the personal data are processed unlawfully by the Data Controller;

vi) the personal data were collected in connection with the provision of information society services directly to children.

The Data Subject may not exercise the right to erasure or to be forgotten if the processing is necessary

i) for the exercise of the right to freedom of expression and information;

ii) on grounds of public interest in the field of public health;

iii) for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes, where the exercise of the right to erasure would render impossible or seriously jeopardise such processing; or

iv) for the establishment or exercise of legal claims, on the grounds of

(1) A data breach, as defined in the Regulation, is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed.

(2) A data breach is the loss or theft of a device (laptop, mobile phone) containing personal data, or the loss or inaccessibility of the code used to decrypt a file encrypted by the data controller, infection by ransomware that makes the data managed by the data controller inaccessible until a ransom is paid, an attack on the IT system, publication of an e-mail containing personal data sent in error, publication of an address list, etc.

(3) In the event of a data breach, the Company representative shall immediately conduct an investigation to identify the data breach and determine its possible consequences. The necessary measures shall be taken to remedy the damage.

(4) The data protection breach shall be notified to the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of the data protection breach, unless the data protection breach is unlikely to result in a risk to the rights and freedoms of natural persons. If the notification is not made within 72 hours, it shall be accompanied by reasons justifying the delay.

(5) The data processor shall notify the data protection breach to the controller without undue delay after having become aware of it.

(6) The notification referred to in paragraph (3) shall at least:

describe the nature of the data protection breach, including, where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of data affected;

the name and contact details of the data protection officer or other contact person who can provide further information;
the likely consequences of the data protection incident must be described;
the measures taken or planned by the controller to remedy the data protection incident, including, where appropriate, measures to mitigate the possible adverse consequences of the data protection incident.
(7) If and to the extent that it is not possible to communicate the information simultaneously, it may be communicated in parts at a later date without further undue delay.

(8) The controller shall keep a record of data protection incidents, indicating the facts relating to the data protection incident, its effects and the measures taken to remedy it. This record shall enable the supervisory authority to verify compliance with the requirements set out in Article 33 of the Regulation.

Information about the data of visitors to the Company's website

(1) During visits to the Company's website, one or more cookies - small information packages that the server sends to the browser, and the browser then sends back to the server for each request directed to the server - are sent to the computer of the person visiting the website, through which their browser will be uniquely identified, if the person visiting the website, after clear and unambiguous information, has given their express (active) consent to this by their behavior in further browsing the website.

(2) Cookies function exclusively in order to improve the user experience and automate the login process. The cookies used on the website do not store personally identifiable information, and the Company does not process personal data in this area.

Registration

(1) The legal basis for data processing in the event of registration is the consent of the data subject, which the data subject provides by checking the boxes next to the “registration” text section on the Company’s website, after detailed information on the processing of their data.

(2) The data subject in the event of registration: any natural person who wishes to register on the Company’s website and gives their consent to the processing of their personal data.

(3) The data processed in the event of registration: name, address, delivery address, e-mail address, telephone number, login password (stored in an encrypted and indecipherable manner).

(4) The purpose of data processing in the event of registration: contacting in order to prepare for the conclusion of a contract, providing the data subject with services available free of charge on the website, access to non-public content of the website.

(5) Recipients of the data (who may access the data) in the event of registration: the manager of the Company, an employee responsible for customer relations, and the employees of the data processor responsible for operating the Company’s website.

(6) Duration of data management in the event of registration: until deletion at the request of the data subject.

(7) The data subject may request the deletion of his/her registration (personal data) at any time.

Data management related to the web shop

(1) The above provisions apply to registration in the web shop, the related data management activities, and the information of visitors.

(2) In the case of online, electronic contracts (purchases) on the Company's website, the purpose of data processing is, in addition to the above, to prove the fulfillment of the service provider's obligation to provide consumer information required by law, to prove the conclusion of the contract, to create the contract, to define its content, to modify it, to monitor its fulfillment, to invoice the fee(s) resulting from it, and to enforce the claims related thereto.

(3) In the case of purchases in the web store, the legal basis for data processing is the fulfillment of the contract, the fulfillment of a legal obligation.

(4) Categories of data affected by data processing: name, address, delivery address, telephone number, e-mail address, login password (stored in an encrypted and unreadable manner), bank account number of the customer.

(5) Categories of persons affected by data processing: all natural persons who register or make purchases in the Company's web store.

(6) Categories of recipients of the data: the manager of the Company, employees performing customer relations and sales-related tasks, data processor employees operating the Company’s website, and employees of the Company performing accounting tasks, employees of the data processor performing these tasks. In the case of payment by bank card, the data subject is directed directly to the account holder’s bank.

(7) The place of data processing is the Company’s premises or the premises/headquarters of the data processors.

(8) Duration of data processing: 5 years from the termination of the contract.

(1) The Company processes the personal data of natural persons contracting with it – clients, buyers, suppliers – in connection with the contractual relationship. The data subject must be informed about the processing of personal data.

(2) The scope of data subjects: all natural persons who establish a contractual relationship with the Company.

(3) The legal basis for data processing is the performance of a contract, the purpose of data processing is to maintain contact, enforce claims arising from the contract, and ensure compliance with contractual obligations.

(4) Recipients of personal data: the manager of the Company, the employees of the Company performing customer service and accounting tasks based on their job, and data processors.

(5) The scope of personal data processed: name, address, registered office, telephone number, e-mail address, tax number, bank account number.

(6) Duration of data processing: 5 years from the termination of the contract.

(1) Our company operates an electronic surveillance and recording system (camera system) in the customer area/area belonging to it and in the units belonging to it. In the event of entering the monitored area (room) marked with an appropriate sign, the electronic surveillance system will record the image and actions of the data subject.

(2) The legal basis for camera surveillance is the voluntary consent of the data subject based on the information posted by our company in the form of warning signs. The data subject's consent can also be given in the form of explicit suggestive behavior. Such explicit suggestive behavior is considered to be if you enter or remain in the room/area monitored by the electronic surveillance and recording system. If you do not wish to give your consent, do not enter the rooms/area or units marked with a warning sign.

(3) The purpose of recording is to protect human life, physical integrity, personal freedom, trade secrets, personal and property protection, to prevent and detect violations of law, to prove violations of law, to document the circumstances of possible accidents occurring in the client area, and to protect the private area of ​​the insurer that is open to the public, necessary for the performance of its tasks. The camera surveillance system does not record sound.

(4) The legal basis for camera surveillance is the voluntary consent of the data subject based on the information posted by the Company in the form of notice boards. The data subject's consent may also be given in the form of explicit suggestive behavior. Such explicit suggestive behavior is considered to be if the data subject enters or remains in a room/area monitored by the electronic monitoring and recording system.

(5) The place of storage of the recordings (personal data) recorded by the electronic monitoring system is the premises of our Company, the storage period of the recordings is 3 days from the time of production.

(6) Scope of processed data: image of the data subject recorded by the operated camera system, and other personal data.

(7) Personal data recorded by camera recording may be accessed by: The manager of the company, the employees operating the camera system, the data processor providing the operation for the purpose of detecting violations and monitoring the operation of the system. The recordings may be reviewed, saved and handed over to the authorities in a documented manner.

(1) The Company may only process personal data in accordance with the activities set out in this policy and in accordance with the purpose of data management.

(2) The Company shall ensure the security of the data and undertake to take all technical and organisational measures that are essential for the enforcement of data security legislation, data and privacy protection rules, and to develop the procedural rules necessary for the enforcement of the above-mentioned legislation.

(3) The Company shall take appropriate measures to protect the data against unauthorised access, alteration, transmission, disclosure, deletion or destruction, as well as against accidental destruction and damage, and against inaccessibility resulting from changes in the technology used.

(4) The technical and organisational measures to be implemented by the Company in the interests of data security are set out in the Company’s data protection policy.

(5) When defining and applying measures to ensure data security, the Company takes into account the current state of technology and, in the event of several possible data management solutions, chooses the solution that ensures a higher level of protection of personal data, unless this would pose a disproportionate difficulty.

(1) The rights and obligations of the data processor in relation to the processing of personal data are determined by the data controller within the framework of the law and separate laws on data processing.

(2) The Company declares that the data processor does not have the competence to make substantive decisions regarding data processing in the course of its activities, may process the personal data that it has come to its knowledge only in accordance with the instructions of the data controller, may not process data for its own purposes, and is obliged to store and preserve the personal data in accordance with the instructions of the data controller.

(3) The Company is responsible for the legality of the instructions given to the data processor regarding data processing operations.

(4) The Company is obliged to provide information to the data subjects about the identity of the data processor and the place of data processing.

(5) The Company does not authorize the data processor to use additional data processors.

(6) The data processing contract must be in writing. Data processing cannot be entrusted to an organization that has an interest in the business activity that uses the personal data to be processed.