Privacy policy
§ 1 Types of processed data, purposes and legal basis
1. The Controller collects information about natural persons performing legal actions not directly related to their business activity, natural persons conducting business or professional activity in their own name, and natural persons representing legal entities or organizational units without legal personality that are granted legal capacity by law, conducting business or professional activity in their own name, hereinafter collectively referred to as Clients. 2. The Controller processes personal data of Clients in connection with the use of the contact form service on the Website for the purpose necessary to perform a contract or to take steps prior to entering into a contract – processing basis under Art. 6(1)(b) GDPR. 3. When using the contact form service, the Client provides the following data:- email address
- first name
- phone number
§ 2 Data recipients
1. The Client's personal data is transferred to service providers used by the Controller in operating the Website. Service providers to whom personal data is transferred, depending on contractual arrangements and circumstances, either follow the Controller's instructions regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of their processing (controllers).- 1.1. Processors. The Controller uses providers who process personal data solely on the Controller's instructions. These include, among others, providers offering hosting services, accounting services, marketing systems, website traffic analysis systems, and marketing campaign effectiveness analysis systems.
- 1.2. Controllers. The Controller uses providers who do not act solely on instructions and independently determine the purposes and methods of using Clients' personal data. They provide electronic payment and banking services.
§ 3 Data retention period
1. Clients' personal data is retained:- 1.1. Where the basis for processing personal data is consent, the Client's personal data is processed by the Controller until the consent is withdrawn, and after withdrawal of consent for a period corresponding to the limitation period for claims that the Controller may raise and that may be raised against them. Unless a specific provision provides otherwise, the limitation period is six years, and for periodic performance claims and claims related to business activity – three years.
- 1.2. Where the basis for processing data is the performance of a contract, the Client's personal data is processed by the Controller for as long as is necessary to perform the contract, and thereafter for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for periodic performance claims and claims related to business activity – three years.
§ 4 Cookies mechanism, IP address
1. The Website uses small files called cookies. They are stored by the Controller on the end device of the person visiting the Website, provided the web browser allows it. A cookie file typically contains the domain name from which it originates, its "expiry time", and an individual, randomly selected number identifying the file. Information collected using such files helps to customize the products offered by the Controller to the individual preferences and actual needs of persons visiting the Website. 2. The Controller uses two types of cookies:- 2.1. Session cookies: after the browser session ends or the computer is turned off, the stored information is deleted from the device memory. The session cookies mechanism does not allow the collection of any personal data or any confidential information from Clients' computers.
- 2.2. Persistent cookies: they are stored in the memory of the Client's end device and remain there until they are deleted or expire. The persistent cookies mechanism does not allow the collection of any personal data or any confidential information from Clients' computers.
- 3.1. analysis, research and audience auditing, and in particular for creating anonymous statistics that help understand how Clients use the Website, which enables improvement of its structure and content.
- 4.1. presenting on informational pages of the Website a map indicating the location of the Controller's office, using the maps.google.com service (external cookie controller: Google Inc based in the USA).
§ 5 Rights of data subjects
Persons whose data is processed are entitled to: 1. The right to withdraw consent to data processing at any time:- 1.1. The Client has the right to withdraw any consent they have given.
- 1.2. Withdrawal of consent takes effect from the moment of withdrawal.
- 1.3. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.
- 1.4. Withdrawal of consent does not entail any negative consequences for the Client, but may prevent further use of services or functionalities that the Controller may legally provide only with consent.
- 2.1. The Client has the right to object at any time – on grounds relating to their particular situation – to the processing of their personal data based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. The Controller may no longer process such personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or grounds for the establishment, exercise or defence of legal claims.
- 2.2. Opting out by email from receiving marketing communications about products or services shall constitute the Client's objection to the processing of their personal data, including profiling for those purposes.
- 3.1. The Client has the right to request the erasure of all or some of their personal data.
- 3.2. The Client has the right to request the erasure of personal data if:
- 3.2.1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- 3.2.2. they have withdrawn the specific consent, to the extent that the personal data was processed on the basis of their consent;
- 3.2.3. they have objected pursuant to Art. 21(1) GDPR to the processing and there are no overriding legitimate grounds for the processing, or they have objected pursuant to Art. 21(2) GDPR to the processing;
- 3.2.4. the personal data has been unlawfully processed;
- 3.2.5. the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
- 3.2.6. the personal data has been collected in relation to the offer of information society services.
- 3.3. Despite a request for erasure of personal data, in connection with an objection or withdrawal of consent, the Controller may retain certain personal data to the extent that processing is necessary for the establishment, exercise or defence of legal claims, as well as for compliance with a legal obligation requiring processing under Union or Member State law to which the Controller is subject. This applies in particular to personal data including: first name, last name, email address, which data is retained for the purposes of handling complaints and claims related to the use of the Controller's services, or additionally residential address/correspondence address, order number, which data is retained for the purposes of handling complaints and claims related to concluded sales contracts or provision of services.
- 4.1. The Client has the right to request restriction of the processing of their personal data. Filing such a request, until it is resolved, prevents the use of certain functionalities or services the use of which involves processing of data covered by the request. The Controller will also not send any communications, including marketing ones.
- 4.2. The Client has the right to request restriction of the use of personal data in the following cases:
- 4.2.1. when they contest the accuracy of their personal data – the Controller restricts their use for the time needed to verify the accuracy of the data, but for no longer than 7 days;
- 4.2.2. when data processing is unlawful and instead of erasure, the Client requests restriction of their use;
- 4.2.3. when the personal data is no longer necessary for the purposes for which it was collected or used, but it is needed by the Client for the establishment, exercise or defence of legal claims;
- 4.2.4. when the data subject has objected to the processing of their data – until it is determined whether the legitimate grounds on the Controller's side override the grounds of the data subject's objection.
- 5.1. The Client has the right to obtain from the Controller confirmation as to whether personal data is being processed, and where that is the case, the Client has the right to:
- 5.1.1. obtain access to their personal data;
- 5.1.2. obtain information about the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients of such data, the planned period of storing the Client's data or the criteria for determining that period (where it is not possible to determine the planned processing period), the rights available to the Client under GDPR and the right to lodge a complaint with a supervisory authority; where personal data has not been collected from the data subject – any available information about its source; information about automated decision-making, including profiling referred to in Art. 22(1) and (4) GDPR, and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject; and information about safeguards applied in connection with the transfer of personal data outside the European Union;
- 5.1.3. obtain a copy of their personal data. The right to obtain a copy must not adversely affect the rights and freedoms of others.
- 6.1. The Client has the right to request that the Controller rectify without undue delay inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement, by directing a request to the email address in accordance with §6 of the Privacy Policy.
- 7.1. The Client has the right to receive their personal data which they have provided to the Controller, and then to transmit it to another data controller of their choice. The Client also has the right to request that the personal data be transmitted by the Controller directly to such controller, where technically feasible. In such a case, the Controller will transmit the Client's personal data in a CSV file format, which is a commonly used, machine-readable format that allows the received data to be transmitted to another data controller.
- 8.1. The Client has the right to lodge a complaint with the President of the Personal Data Protection Office regarding any violation of their data protection rights or other rights granted under GDPR.