Privacy policy - Nowodvorski

Privacy policy - Nowodvorski

Privacy policy

Privacy policy

We are the controller of Your personal data

Looking after their safety is not only a duty for us, but above all a matter of trust, which we want to build up mutually.

That is why we created this document.

You will find information about what we use your data for, why we have the right to do so and how long we keep it. In addition, you will find out here what rights you have through the RODO.


We have divided the information into two parts:

  1. in the first part we write about your data - when and how we process it - the information is presented in the form of dedicated information clauses;
  2. In the second part, we explain how cookies and other tools that observe your online activity in relation to your use of our website work.

Use the links in the table of contents to quickly find the information you are interested in.

Within the framework of this privacy policy, we present the most important information concerning our processing of personal data on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: "RODO"). Nowodvorski Lighting sp. z o.o. dissolves personal data for various purposes, and you will find detailed information on this subject below.

The controller, i.e. the entity deciding on the purposes and methods of processing personal data, is Nowodvorski Lighting sp. z o.o. with its registered office in Częstochowa (42-202), 11 Mariusz Bojemskiego St. Nowodvorski Lighting sp. z o.o. has appointed a Data Protection Inspector, whom you can contact at the following e-mail address: iod@nowodvorski.com

Table of contents
We are the controller of your personal data 
We have divided the information into two parts
Job applicants 
Employees and persons employed under civil law contracts 
Those using the "Contact Us" tab on the website 
Those using the widget on the website to leave contact details 
Customers and their representatives 
Contractors (including suppliers) and their representatives 
Customer service contact persons 
Recipients of marketing messages 
Website users (data derived from cookies or other tracking technologies) 
Cookies 
Changes to the Privacy Policy 

Job applicants

Aims and legal bases of the processing  

Objective

To take the steps necessary for the conclusion of a contract, at your request (Article 6(1)(b) RODO).

Objective

Implementation of the recruitment process, insofar as this is a direct consequence of the law, in particular Article 22(1) § 1 of the Labour Code (Article 6(1)(c) RODO).

Objective

Implementation of the recruitment process, in the event that you voluntarily provide other data than that required by law (Art. 6(1)(a) RODO).

NOTE: the provision of information by the candidate that exceeds the minimum data scope regulated by employment law is an explicit action, tantamount to consenting to the processing of this data for recruitment purposes.

Objective 

The fulfilment of the Administrator's legitimate interest in establishing, asserting or defending against claims (Article 6(1)(f) RODO and, in the event that special category data is provided, also Article 9(2)(f) RODO).

Objective 

Consideration of your candidature for future recruitments, if you give additional consent (Article 6(1)(a) of the DPA).

Objective

Verification of the references provided to you, in case you give additional consent (Article 6(1)(a) RODO).

Data storage time 

Your data will be held until the end of the recruitment process and then for a period of 3 months so that we can contact you should we nevertheless decide to employ you during this additional period.

If claims related to possible employment discrimination may be associated with the processing, your data will be stored until the statute of limitations for these claims has expired. The data retention period is then 3 years, in accordance with Article 291 § 1 of the Labour Code.

If you are employed, we will continue to process your data in accordance with the periods appropriate for an employee/co-worker.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective, justified objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account.

If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent.

Scope of data

We process the data you provide us with yourself, i.e. the data contained in your application documents. This includes, in particular, your contact details, data on your qualifications or experience.

In the course of recruitment, we may also collect additional data, e.g. data provided verbally during the recruitment interview, data on the results of tests taken.

Data source

We acquire data directly from you.
When we use recruitment agencies to source candidates and then provide us with their data, the agencies are the source of the data. If you were recommended for a job through a referral scheme, the source of the data was the referrer.

Obligation to provide data

The provision of certain data is a statutory obligation for a candidate for an employment contract, in particular the data referred to in Article 22(1) § 1 of the Labour Code (first name(s) and surname; date of birth; contact details indicated by you; education; professional qualifications; previous employment history).

The provision of certain data may also be a condition for the conclusion of an employment/co-operation contract.
What if you do not provide your data If you do not provide data for which there is a statutory or contractual obligation, we will not be able to carry out the recruitment process and consequently employ you.
Recipients of data  Recipients are external entities to whom we pass your data:
- recruitment agencies and services,
- providers of IT services, ICT systems and hosting services,
- entities providing archiving and disposal services for us,
- our group companies,
- providers of legal and advisory services,
- courier and postal service companies,
- state authorities or other entities authorised under applicable law,
- reference persons indicated by the candidate,
- Occupational health facilities (if a decision is taken to employ the candidate).
 Data transfer  No, we will not transfer your data outside the European Economic Area.

The data will be transferred to [name of country], in accordance with the European Commission's decision finding an adequate level of protection for personal data (Article 45 RODO). - [link to decision].

The data will be transferred to [name of country] following the conclusion of the so-called standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the RODO). Please contact us if you would like a copy of the concluded standard contractual clauses.

 Automated decisions  Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.
 Your rights  a) access to their personal data - within the limits of Article 15 RODO,

b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.

 Right of action  If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website

Employees and persons employed under civil law contracts

Aims and legal bases of the processing  
Objective Fulfilment of the employment contract/civil contract (Article 6(1)(b) RODO).
Objective Applies to the processing of ordinary data. 

Fulfilment of the Administrator's obligations arising from the employment relationship, including but not limited to those related to the organisation of work, the provision of safe and healthy working conditions, anti-discrimination, the settlement of accounts receivable, the maintenance and archiving of personal files, the Administrator's obligations arising from the provisions on social security, health insurance, taxes, the company social benefit fund, employee capital plans, trade unions, accounting, general duty of defence (Article 6(1)(c) RODO).

Applies to the processing of special categories of data
Fulfilment of the Administrator's obligations in the field of labour law, social security and social protection, in particular health data, including within the framework of the company's social benefits fund (Article 9(2)(b) RODO).

Objective The fulfilment of the Administrator's legitimate interest in establishing, asserting or defending against claims (Article 6(1)(f) of the RODO and, where special category data is provided, also Article 9(2)(f) of the RODO).
Objective The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Article 6(1)(a) RODO, Article 9(2)(a) RODO).
Objective Applies to data obtained by means of: email monitoring, GPS monitoring in company cars, monitoring of websites visited: to ensure the organisation of work to enable full use of working time and the proper use of the working tools provided to the employee (or person employed under a civil law contract) (Article 6(1)(f) RODO in connection with Article 22(3) § 1 of the Labour Code).
Objective Applies to data obtained by means of video surveillance: to ensure the safety of employees or the protection of property or the control of production or to maintain the secrecy of information the disclosure of which could expose the employer to harm (Article 6(1)(f) RODO in conjunction with Article 22(2) § 1 of the Labour Code).
Objective Organisation of community events and initiatives, in the event that you wish to participate (Article 6(1)(f) of the DPA).
Objective Execution of contracts with the Administrator's customers, contractors and suppliers (Article 6(1)(f) RODO).
Objective Conducting marketing of the Administrator's products and services to potential customers, using personal data of employees/persons employed under civil law contracts (Article 6(1)(f) RODO).
Data storage time

The data will be retained for a period of 10 years from the end of the calendar year in which the employment relationship ceased/terminated, when it was established no earlier than 01.01.2019.

The data will be retained for a period of 50 years from the end of the calendar year in which the employment relationship ceased/terminated, where it was established earlier than 01.01.2019.

In the case of persons employed under civil law contracts, the data will be stored until the expiry of the limitation period for contractual claims or the expiry of legal retention obligations, in particular the retention of accounting documents.

Video surveillance recordings will be stored for up to three months and, if necessary for the establishment, investigation or defence of claims, until the final settlement of the claims asserted or the expiry of the limitation period.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account.

If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent.

Scope of data

At the time of employment, we process those data that you provide to us yourself. This is data that is necessary for the conclusion of an employment contract or a civil contract and, if you are employed under an employment contract, also data related to the fulfilment of many of the employer's obligations, such as data on your family members, data on your disability or data on your fitness for work.

In the course of your employment contract or civil law contract, we acquire a range of new data about you. These include, for example, data on training you have attended, data on your use of employee benefits, your image (obtained, for example, in connection with the production of a promotional video), data on your activity in the resources made available to you (so-called logs), data on your geolocation (in the context of company cars) and a number of other data, the catalogue of which may vary in the various stages of the duration of the employment contract or civil law contract.

Data source

As standard, we obtain data directly from you.

In exceptional situations, we obtain this data from sources other than you. An example of such a situation is a summons from a bailiff to seize your salary. Another example is when we ask our customers about their satisfaction with the service, in which case we obtain your personal data from them in the form of their opinions about you.

Obligation to provide data

The provision of certain data is a statutory obligation for an employee employed under an employment contract, in particular the data referred to in Article 22(1) of the Labour Code.

The provision of certain data may also be a condition for the conclusion of an employment or civil law contract.

What if you do not provide your data If you do not provide data for which there is a statutory or contractual obligation, we will not be able to employ you or fulfil your rights / our obligations under specific legislation.
Recipients of data

Recipients are external entities to whom we pass your data:
- state authorities or other entities authorised by law, if this is necessary for the fulfilment of legal obligations,
- our clients,
- our suppliers, including the service providers referred to below,

- entities that provide us with IT tools to store your data or entities that have access to your data as part of ongoing maintenance work on IT systems,
- entities auditing our activities or experts,
- providers of accounting, human resources or legal services,
- trade unions and employee benefit societies,
- users of the website, social media or other audiences, in the event that your data is made public,
- companies that dispose of or archive documents and other media,
- courier and postal service companies,
- medical facilities,
- banks, insurance companies and other financial and payment institutions,
- companies preparing personalised clothing, badges or certificates,
- companies providing security services, access control and monitoring the use of work tools,
- training companies,
- hotels and transport companies.

Data transfer As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside the EEA which may result in the transfer of your data outside the EEA. Recipients outside the EEA, as decided by the European Commission, shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of States not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with the recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method used by the Controller to secure your data complies with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available.
Automated decisions Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.

Your rights a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 of the RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the RODO) - when submitting an objection you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.
Right of action If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website.

Those using the "Contact Us" tab on the website

Aims and legal bases of the processing  
Objective Contacting a potential customer - taking pre-contractual action, at the customer's request, expressed by leaving your details in the "Contact Us" section of the website (Article 6(1)(b) RODO - if you are a potential customer; Article 6(1)(f) RODO - if you are an individual acting for or on behalf of a customer).
Objective To provide an answer to a question asked via the "Contact us" tab (Article 6(1)(f) of the DPA).
Objective The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO).
Data storage time

Personal data will be held until your enquiry, submitted via the contact form, has been processed and then for a period of 3 months after the response.

Personal data will be held until an offer is made to you and then for a period of 3 months after the offer has been made if the offer is not accepted.

If our offer has been accepted and we are bound by a contract, then we will process your data for the time dedicated to customers with an active contract
If your enquiry did not relate to our offer, then we will keep your data for a period of 3 months after we have answered you.

If you have a specific relationship with the Administrator (e.g. you are a customer with an active contract), then we may also store your data obtained via the Contact tab until the statute of limitations for claims arising from the legal relationship between you and the Administrator.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise a legitimate objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account.

If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent.

Scope of data Normally these are: first name, last name, e-mail address .
Data source As standard, we obtain data directly from you.
Obligation to provide data The provision of certain data is not a statutory condition or a contractual requirement.
What if you do not provide your data If you do not provide your details, we will not be able to provide you with our offer or answer any other question you may have.
Recipients of data Recipients are external entities to whom we pass your data:
- entities that provide us with IT tools to store your data or entities that have access to your data as part of ongoing maintenance work on IT systems.
-website provider.
Data transfer As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside EEA which may result in the transfer of your data outside the EEA. Recipient countries outside the EEA, as decided by the European Commission, shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of countries not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method used by the Controller to secure your data complies with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available.
Automated decisions Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.
Your rights a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 of the RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the RODO) - when submitting an objection you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.
Right of action If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Office for the Protection of Personal Data . You can find more information about this on the Office's website.

Those who use the widget on the website - "stay up to date", allowing them to leave their contact details

Aims and legal bases of the processing  
Objective Contacting a potential customer - taking pre-contractual action, at the customer's request, expressed by leaving data in a widget on the website (Article 6(1)(b) RODO - if you are a potential customer; Article 6(1)(f) RODO - if you are an individual acting for or on behalf of a customer).
Objective The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO).
Data storage time

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account.

If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent.

Scope of data The standard items are name, email address and telephone number.
Data source As standard, we obtain data directly from you.
Obligation to provide data The provision of data is neither a statutory condition nor a contractual requirement.
What if you do not provide your data If you do not provide details, we will not be able to provide you with our offer.
Recipients of data Recipients are external entities to whom we pass your data:
- providers of external ICT systems, providing support and IT solutions
- website provider,
- marketing agencies, if we use their services in handling enquiries.
Data transfer No, we will not transfer your data outside the European Economic Area.
Automated decisions Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.
Your rights a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 of the RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the RODO) - when submitting an objection you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.
Right of action If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website.

Customers and their representatives

Aims and legal bases of the processing  
Objective Performing a contract with a customer or taking pre-contractual action, at the customer's request expressed in any way, e.g. by filling in a contact form on the website (Article 6(1)(b) of the DPA - if you are a customer; Article 6(1)(f) of the DPA - if you are an individual acting for or on behalf of a customer).
Objective Fulfilment of legal obligations, in particular tax and accounting obligations (Article 6(1)(c) RODO).
Objective Fulfilment of the Administrator's legitimate interest to establish, assert or defend against claims (Article 6(1)(f) of the DPA).
Objective The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO).
Please note: the provision of data other than that requested by the Administrator or data marked as optional is an explicit action tantamount to consenting to the processing of personal data for the purposes for which they are provided.
Data storage time

Personal data will be stored until the expiry of the statute of limitations for claims arising from the contract with the customer.

The specified data will also be stored until the expiry of data retention obligations under specific legislation, in particular the retention of accounting documents. If we process the specified data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specified purpose for a shorter period, i.e. until your objection is taken into account.

If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent.

Scope of data

Our client (contracting party) may be an individual or an institution, such as a commercial company. In the latter case, we process the personal data of persons who act on behalf of the institution, e.g. the president, proxy or contact persons for the execution of the contract.

Before concluding a contract with a customer, we obtain the data necessary to make an offer. This is usually basic contact data: name, e-mail address, telephone number. In the case of customer-individuals, we collect additional data necessary for the conclusion of the contract before concluding the contract, e.g. PESEL or residential address, depending on the product/service we sell.

During the course of the customer contract, we acquire or process further data, such as data on transactions concluded or the history of the cooperation in general, including the results of satisfaction surveys.

Please note: if, in connection with the use of our services/purchase of products offered by us, you have registered an account on our website, please note that such an account is a separate service and information on the processing of your data in the provision of this service by us can be found in another section of this Policy.

Data source

As standard, we obtain data directly from you.

Your personal data may also be obtained from another source, e.g. from our client company if you are an employee or representative of that company. Sometimes we obtain personal data from public sources, e.g. the client's website or from so-called business intelligence agencies, if we want to verify a client before doing business with them.

Obligation to provide data The provision of certain data is necessary for the conclusion and subsequent performance of the contract.
Remember that the conclusion of a contract can occur in various ways, such as by placing an order in an online shop.
What if you do not provide your data If you do not provide the data required to enter into the contract, the contract cannot be concluded.
Recipients of data Recipients are external entities to whom we pass your data:
- state authorities or other entities authorised by law, if this is necessary for the fulfilment of legal obligations,
- providers of external ICT systems, providing support and IT solutions,
- entities auditing our activities or experts,
- providers of accounting, consultancy or legal services,
- companies that dispose of or archive documents and other media,
- courier and postal service companies,
- banks and other financial and payment institutions,
- marketing agencies.
Data transfer

As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside the EEA which may result in the transfer of your data outside the EEA. Recipient countries outside the EEA, in accordance with the European Commission's decision , shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of countries not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with the recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method used by the Controller to secure your data complies with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available.

Automated decisions Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.
Your rights a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 of the RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the RODO) - when submitting an objection you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.
Right of action If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Office for the Protection of Personal Data . You can find more information about this on the Office's website.

Contractors (including suppliers) and their representatives

Aims and legal bases of the processing  
Objective Performing a contract with a contractor or taking pre-contractual action, at the contractor's request expressed in any way, e.g. by filling in a contact form on the website (Article 6(1)(b) of the DPA - if you are a contractor; Article 6(1)(f) of the DPA - if you are an individual acting for or on behalf of a contractor).
Objective Fulfilment of legal obligations, in particular tax and accounting obligations (Article 6(1)(c) RODO).
Objective Fulfilment of the Administrator's legitimate interest to establish, assert or defend against claims (Article 6(1)(f) of the DPA).
Data storage time

Personal data will be stored until the expiry of the statute of limitations for claims under the contract with the contractor.

The specified data will also be kept until the expiry of data retention obligations under specific legislation, in particular the retention of accounting documents.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account.


Scope of data

Our counterparty (contracting party) may be an individual or an institution, e.g. a commercial company. In the latter case, we process the personal data of persons who act on behalf of the institution, e.g. the president, proxy or contact persons for the execution of the contract.

Before concluding a contract with a contractor, we obtain the data necessary to start negotiating the terms of cooperation. This is usually basic contact data: name, e-mail address, telephone number. In the case of counterparties - natural persons, before concluding a contract, we obtain additional data necessary for its conclusion, e.g. PESEL or address of residence.

During the course of the contract with the counterparty, we acquire or process further data, such as data on invoices issued by the counterparty or the history of the cooperation in general.

Data source

As standard, we obtain data directly from you.

Your personal data may also be obtained from another source, e.g. from our counterparty - a company, if you are its employee or representative. Sometimes we obtain personal data from publicly available sources, e.g. from the counterparty's website or so-called business intelligence services, if we want to verify a counterparty before doing business with it.

Obligation to provide data The provision of certain data is necessary for the conclusion and subsequent performance of the contract.
Remember that the conclusion of a contract can occur in various ways, such as by placing an order in an online shop.
What if you do not provide your data If you do not provide data, the provision of which is a condition for the conclusion or performance of the contract, the contract cannot be concluded or properly performed.
Recipients of data Recipients are external entities to whom we pass your data:
- state authorities or other entities authorised by law, if this is necessary for the fulfilment of legal obligations,
- providers of external ICT systems, providing support and IT solutions,
- entities auditing our activities or experts,
- entities providing accounting, legal consultancy or debt collection services,
- companies that dispose of or archive documents and other media,
- courier and postal service companies,
- banks and other financial and payment institutions,
- other companies in the Administrator's group.
Data transfer

No, we will not transfer your data outside the European Economic Area.

Data will be transferred to [name of country] in accordance with the European Commission's decision finding an adequate level of protection for personal data (Article 45 RODO). - [link to decision].

The data will be transferred to [name of country] following the conclusion of the so-called standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the RODO). Please contact us if you would like a copy of the concluded standard contractual clauses.

Automated decisions Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.
Your rights a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.
Right of action
If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website.

Handling of complaints

Aims and legal bases of the processing  
Objective Fulfilment of the obligation to handle complaints (Article 6(1)(c) RODO in conjunction with Article 7a of the Consumer Rights Act).
Objective Fulfilment of the Administrator's legitimate interest in enabling the elaboration of a response to a question asked, unrelated to the complaint, and its dispatch (Article 6(1)(f) of the DPA).
Objective

 Fulfilment of the Administrator's legitimate interest to establish, assert or defend against claims (Article 6(1)(f) of the DPA).

Data storage time

The data processed in connection with the handling of complaints are stored until the expiry of data storage obligations under specific legislation (e.g. in connection with disbursement of funds), in other cases - for a period of 2 years from the end of the complaint procedure, understood as the response to the complaint.

Data processed for the purpose of compiling an answer to a question asked, not related to the complaint, and its dispatch, will be processed for a period of 2 years after the answer has been provided.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account.

Scope of data This usually includes basic contact details: name, email address, telephone number and information about the complaint/non-complaint enquiry made.
Data source As standard, we obtain data directly from you.
Obligation to provide data The provision of data is neither a statutory requirement nor a contractual condition.
What if you do not provide your data If you do not provide details, we will not be able to process your complaint or provide you with an answer to a question unrelated to your complaint.
Recipients of data Recipients are external entities to whom we pass your data:
- state authorities or other entities authorised by law, if this is necessary for the fulfilment of legal obligations,
- providers of external ICT systems, providing support and IT solutions,
- providers of accounting services (if, for example, we make refunds), consultancy, auditing or legal services,
- companies that dispose of or archive documents and other media,
- courier and postal service companies,
- banks and other financial and payment institutions if, for example, we make refunds,
- companies in the Administrator's group.
Data transfer

No, we will not transfer your data outside the European Economic Area.

Data will be transferred to [name of country] in accordance with the European Commission's decision finding an adequate level of protection for personal data (Article 45 RODO). - [link to decision].

The data will be transferred to [name of country] following the conclusion of the so-called standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the RODO). Contact if you wish to obtain a copy of the concluded standard contractual clauses.

Automated decisions Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.
Your rights a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.
Right of action  If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website.

Recipients of marketing messages

Aims and legal bases of the processing  
Objective

Fulfilment of the Administrator's legitimate interest in marketing its own products and services (Art. 6(1)(f) RODO) using the following forms of communication: emails, for the purpose of sending newsletters.

NOTE: the use of certain forms of communication requires separate consent to the use of that channel, pursuant to Article 398 of the Electronic Communications Act.

Objective Fulfilment of the legitimate interest of companies cooperating with the Administrator to market their products and services, when you have given your consent (Article 6(1)(a) RODO).
Objective Fulfilment of legal obligations, in particular the Electronic Communications Act (Article 6(1)(c) RODO).
Objective Fulfilment of the Administrator's legitimate interest in establishing, asserting or defending against claims relating to the sending of marketing communications, if any (Article 6(1)(f) RODO).
Objective The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO).
Data storage time

Your personal data will be stored until you object to marketing activities or withdraw your consent, depending on the legal basis for sending communications, i.e. you show us in any way that you do not wish to receive information from us about our activities / our services.

If you make certain claims in connection with the marketing communications that we carry out, your data will be stored until the expiry of the limitation periods for these claims.

The specified data will also be stored until the expiry of data retention obligations under specific legislation, in particular the Electronic Communications Act.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is upheld (unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to substantiate the objection).


If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent.

Scope of data Normally, this is only the data necessary to send a marketing communication, i.e. your name, e e-mail address, telephone number and, in the case of communications sent by post, also your postal address.
Data source As standard, we obtain data directly from you.
Obligation to provide data The provision of data is neither a contractual nor a statutory requirement.
What if you do not provide your data No effect due to the above.
Recipients of data Recipients are external entities to whom we pass your data:
- providers of external ICT systems, providing support and IT solutions,
- providers of marketing communications on our behalf.
Data transfer As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside the EEA which may result in the transfer of your data outside the EEA. Recipients outside the EEA, as decided by the European Commission, shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of States not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with the recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method of securing your data applied by the Controller is in accordance with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available.
Automated decisions

Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.

We do not make automated decisions on the basis of this data that we process in the process of sending communications. On the other hand, we may make such decisions on the basis of data obtained in other processes, e.g. in the process of fulfilling a contract concluded with you. We use your purchase history to build your profile, and then decide what offers to send you based on this. This is done on the basis of Article 22(2)(c) of the DPA; the condition is that we first obtain your express consent to do so.

Your rights a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.
Right of action  If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website

Website users (data derived from cookies or other tracking technologies)

Aims and legal bases of the processing PLEASE NOTE: if you have a registered account on our website or make purchases from our website, you will find information about the processing of your data in this regard in other sections of the Policy.
Objective To ensure the functionality of the website and facilitate the use of the website (Article 6(1)(f) of the DPA).
Objective Conducting analysis and statistics on users' use of the Administrator's website (Article 6(1)(f) of the DPA).
Objective The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO).
Objective Fulfilment of legal obligations, in particular the Electronic Communications Act (Article 6(1)(c) RODO).
Data storage time

The specified data will also be stored until the expiry of data retention obligations under specific legislation, in particular the Electronic Communications Act.

If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise a legitimate objection to the processing, then the data will be processed for this specific purpose until your objection is taken into account.

If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent, then the data will be processed for that specific purpose until you withdraw your consent.

Scope of data By default, this includes data such as your IP address and any information about you derived from cookies or the operation of so-called other tracking technologies. This may include, for example, information about the device from which you connect to us (from which you access our website), information about the browser you use, information about what you clicked on on our website. For details of what this data may be, please see the Cookies section of the Policy.
Data source By default, we obtain data directly from you as a user of our website.
Obligation to provide data The provision of data is not a contractual or statutory requirement.
What if you do not provide your data No impact due to the above.
Recipients of the data Recipients are external entities to whom we pass your data:
- our suppliers, including the service providers referred to below,
- entities that provide us with IT tools to process your data, including entities that provide us with so-called tracking technologies,
- marketing agencies.
Data transfer As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside the EEA which may result in the transfer of your data outside the EEA. Recipients outside the EEA, as decided by the European Commission, shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of States not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with the recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method used by the Controller to secure your data complies with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available.
Automated decisions Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact.
Your rights a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO,
c) the erasure of your personal data - within the limits of Article 17 of the RODO,
d) restrict the processing of your personal data - within the limits of Article 18 RODO,
e) the portability of your personal data - within the limits of Article 20 RODO,
f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn,
as well as
g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason.
Right of action If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website.

Cookies

I. What are cookies

1. Cookies are small text files that are stored on your computer or smartphone when you view our website. There are different types of cookies. We have divided them for you into two groups:
a) Essential;
b) Statistical.
2. The essential cookies make our website stable. These cookies measure traffic and keep us from overloading the site. They remember your choices about privacy or how you fill in our forms. Cookies also save the contents of your shopping cart and monitor your login status. We use these cookies by default. This means that we save them on your computer or smartphone when you visit our website.
3. We only use other cookies if you have given your consent.

II. What cookies we use

Essential cookies ensure that our website and its core functions function properly. Without them, you cannot use our online services properly. We do not need your permission to use these cookies.
Name Objective Storage period
XSRF-TOKEN a mechanism to protect web applications from Cross-Site Request Forgery (CSRF) attacks. This is a special authentication token that is generated by the server and sent to the client (e.g. the user's browser). Subsequently, every request sent to the server must contain this token to confirm that it comes from an authorised user 1h
user_session A mechanism that stores user session information in a web application. The user session is used to identify and manage the user as he or she interacts with the application, without having to log in again on each subpage. 1h

 

Analytical cookies - our website uses cookies provided by [name of analytical cookie provider]. Analytical cookies allow us to track the numbers and sources of visits. In this way, we measure and improve the performance of our website. This allows us to better understand which sub-pages you visit most often and how you navigate through them. You can choose not to consent to these cookies. Your decision will not affect how our website works.
Name Objective Storage period
_ga Used by Google to check whether a user has visited the site before. This helps to identify unique users and count how many people are visiting the site. 2 years
_ga_ Used by Google to maintain session status. 2 years
_gid Used by Google to check whether a user has visited the site before. This helps to identify unique users and count how many people are visiting the site. 24 hours
Marketing cookies - we use these cookies to personalise the content we display to you. We may use them in our advertising campaigns that we run on third party websites. If you consent to these cookies, you may receive information about the websites of our trusted partners where you respond to our advertising in advance. You can choose not to consent to these cookies. Your decision will not affect how our website works. If you opt out of marketing cookies, we will display generic and non-personalised ads to you.
Name Objective Storage period
APISID Used by Google to display personalised ads on Google sites based on recent searches and previous interactions. Allows Google to collect information about users of videos hosted by YouTube. 2 years
HSID Used by Google to display personalised ads on Google sites based on recent searches and previous interactions. Allows Google to collect information about users of videos hosted by YouTube. 2 years
LOGIN_INFO Used by Google. Allows Google to collect information about users of videos hosted by YouTube. 2 years
PREF Used by Google. Allows us to remember user preferences, i.e. language settings, preferred page configuration and playback preferences such as autoplay, random play and player size. 2 years
SAPISID Used by Google to display personalised ads on Google sites based on recent searches and previous interactions. Allows Google to collect information about users of videos hosted by YouTube. 2 years
SID Used by Google to display personalised ads on Google sites based on recent searches and previous interactions. 2 years
SIDCC Used by Google. This is a security cookie that protects visitor data from unwanted unauthorised access. 1 years
SOCS A cookie responsible for storing the user's state in relation to their cookie choices. 2 years
SSID Used by Google to display personalised ads on Google sites at based on recent searches and previous interactions. 2 years
VISITOR_INFO1_LIVE Used by Google. This cookie contains a unique identifier used to remember user preferences and other information such as preferred language. It is used to make personalised recommendations on YouTube based on previous views and searches, as well as to detect and resolve problems with the service. 6 months
VISITOR_PRIVACY_METADATA A cookie responsible for storing the user's state in relation to their cookie choices. 6 months
YSC Used by Google. This is a security cookie. session
__Secure-1PAPISID Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google ads. It contains a unique identifier. 1 year
__Secure-1PSID Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements. 1 year
__Secure-1PSIDCC Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements. 1 year
__Secure-1PSIDTS Used by Google. This is a cookie used to collect information about interactions with Google services. It contains a unique identifier. 1 year
__Secure-3PAPISID Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements. 1 year
__Secure-3PSID Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements.  
__Secure-3PSIDCC Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements.  
__Secure-3PSIDTS Used by Google. This is a cookie used to collect information about interactions with Google services. It is used to measure the effectiveness of advertisements and personalise user content. The cookie contains a unique identifier.  
__Secure-ROLLOUT_TOKEN Used by Google. Records a unique identifier in order to keep statistics on the YouTube videos the user has watched. 180 days

III. Consent to the installation of cookies
1. When you visit our website, we will display a banner telling you that we use cookies. If you select the 'Allow all' option, this will mean that you accept all cookies. By doing so, you are also confirming that you know what the cookies we use are and for what purposes we do so, and when we pass data from these cookies to our partners.
2. Please note that we do not need your consent to use essential cookies.

IV. Do not accept the installation of cookies
If you do not want our cookies to be stored on your device, please select the "Reject all" option. When you select this option, you will reject all cookies except the necessary ones.

V. Modifying cookie settings
If you would like to manage your preferences, which relate to cookies, select "Personalise".

VI. Withdrawal of consent
Remember that you can change your preferences that relate to consents at any time. To do so, click on the blue icon that represents a paperclip. You will find it in the bottom left corner of our website.

Changes to the Privacy Policy
If there are changes to the way we process your personal data, then we will update this Privacy Policy and post the latest version on our website, in advance of the materiality of the change.

Keep up to date

For information on the principles of the processing of personal data by the Data Controller and your rights, see the Privacy Policy.

The data controller for the personal data you have shared in this form is NOWODVORSKI SP.J with registered office in Częstochowa at ul. Bojemskiego 11, 42-202 Częstochowa, registered in the District Court in Częstochowa, 17th Commercial Division of the National Court Register, under the KRS number 0000488518, NIP (Tax ID No.): 9492195881, REGON (Business Statistical ID): 243429077 (hereinafter referred to as “the Data Controller”).