Privacy policy
We are the controller of Your personal data
Looking after their safety is not only a duty for us, but above all a matter of trust, which we want to build up mutually.
That is why we created this document.
You will find information about what we use your data for, why we have the right to do so and how long we keep it. In addition, you will find out here what rights you have through the RODO.
We have divided the information into two parts:
- in the first part we write about your data - when and how we process it - the information is presented in the form of dedicated information clauses;
- In the second part, we explain how cookies and other tools that observe your online activity in relation to your use of our website work.
Use the links in the table of contents to quickly find the information you are interested in.
Within the framework of this privacy policy, we present the most important information concerning our processing of personal data on the basis of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: "RODO"). Nowodvorski Lighting sp. z o.o. dissolves personal data for various purposes, and you will find detailed information on this subject below.
The controller, i.e. the entity deciding on the purposes and methods of processing personal data, is Nowodvorski Lighting sp. z o.o. with its registered office in Częstochowa (42-202), 11 Mariusz Bojemskiego St. Nowodvorski Lighting sp. z o.o. has appointed a Data Protection Inspector, whom you can contact at the following e-mail address: iod@nowodvorski.com
Table of contents
We are the controller of your personal data
We have divided the information into two parts
Job applicants
Employees and persons employed under civil law contracts
Those using the "Contact Us" tab on the website
Those using the widget on the website to leave contact details
Customers and their representatives
Contractors (including suppliers) and their representatives
Customer service contact persons
Recipients of marketing messages
Website users (data derived from cookies or other tracking technologies)
Cookies
Changes to the Privacy Policy
Job applicants
| Aims and legal bases of the processing | |
|
Objective |
To take the steps necessary for the conclusion of a contract, at your request (Article 6(1)(b) RODO). |
|
Objective |
Implementation of the recruitment process, insofar as this is a direct consequence of the law, in particular Article 22(1) § 1 of the Labour Code (Article 6(1)(c) RODO). |
|
Objective |
Implementation of the recruitment process, in the event that you voluntarily provide other data than that required by law (Art. 6(1)(a) RODO). NOTE: the provision of information by the candidate that exceeds the minimum data scope regulated by employment law is an explicit action, tantamount to consenting to the processing of this data for recruitment purposes. |
|
Objective |
The fulfilment of the Administrator's legitimate interest in establishing, asserting or defending against claims (Article 6(1)(f) RODO and, in the event that special category data is provided, also Article 9(2)(f) RODO). |
|
Objective |
Consideration of your candidature for future recruitments, if you give additional consent (Article 6(1)(a) of the DPA). |
|
Objective |
Verification of the references provided to you, in case you give additional consent (Article 6(1)(a) RODO). |
|
Data storage time |
Your data will be held until the end of the recruitment process and then for a period of 3 months so that we can contact you should we nevertheless decide to employ you during this additional period. If claims related to possible employment discrimination may be associated with the processing, your data will be stored until the statute of limitations for these claims has expired. The data retention period is then 3 years, in accordance with Article 291 § 1 of the Labour Code. If you are employed, we will continue to process your data in accordance with the periods appropriate for an employee/co-worker. If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective, justified objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account. If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent. |
| Scope of data |
We process the data you provide us with yourself, i.e. the data contained in your application documents. This includes, in particular, your contact details, data on your qualifications or experience. In the course of recruitment, we may also collect additional data, e.g. data provided verbally during the recruitment interview, data on the results of tests taken. |
| Data source |
We acquire data directly from you. |
| Obligation to provide data |
The provision of certain data is a statutory obligation for a candidate for an employment contract, in particular the data referred to in Article 22(1) § 1 of the Labour Code (first name(s) and surname; date of birth; contact details indicated by you; education; professional qualifications; previous employment history). The provision of certain data may also be a condition for the conclusion of an employment/co-operation contract. |
| What if you do not provide your data | If you do not provide data for which there is a statutory or contractual obligation, we will not be able to carry out the recruitment process and consequently employ you. |
| Recipients of data | Recipients are external entities to whom we pass your data: - recruitment agencies and services, - providers of IT services, ICT systems and hosting services, - entities providing archiving and disposal services for us, - our group companies, - providers of legal and advisory services, - courier and postal service companies, - state authorities or other entities authorised under applicable law, - reference persons indicated by the candidate, - Occupational health facilities (if a decision is taken to employ the candidate). |
| Data transfer | No, we will not transfer your data outside the European Economic Area.
The data will be transferred to [name of country], in accordance with the European Commission's decision finding an adequate level of protection for personal data (Article 45 RODO). - [link to decision]. The data will be transferred to [name of country] following the conclusion of the so-called standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the RODO). Please contact us if you would like a copy of the concluded standard contractual clauses. |
| Automated decisions | Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO,
b) to rectify their personal data - within the limits of Article 16 of the RODO, |
| Right of action | If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website. |
Employees and persons employed under civil law contracts
| Aims and legal bases of the processing | |
| Objective | Fulfilment of the employment contract/civil contract (Article 6(1)(b) RODO). |
| Objective | Applies to the processing of ordinary data.
Fulfilment of the Administrator's obligations arising from the employment relationship, including but not limited to those related to the organisation of work, the provision of safe and healthy working conditions, anti-discrimination, the settlement of accounts receivable, the maintenance and archiving of personal files, the Administrator's obligations arising from the provisions on social security, health insurance, taxes, the company social benefit fund, employee capital plans, trade unions, accounting, general duty of defence (Article 6(1)(c) RODO). Applies to the processing of special categories of data |
| Objective | The fulfilment of the Administrator's legitimate interest in establishing, asserting or defending against claims (Article 6(1)(f) of the RODO and, where special category data is provided, also Article 9(2)(f) of the RODO). |
| Objective | The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Article 6(1)(a) RODO, Article 9(2)(a) RODO). |
| Objective | Applies to data obtained by means of: email monitoring, GPS monitoring in company cars, monitoring of websites visited: to ensure the organisation of work to enable full use of working time and the proper use of the working tools provided to the employee (or person employed under a civil law contract) (Article 6(1)(f) RODO in connection with Article 22(3) § 1 of the Labour Code). |
| Objective | Applies to data obtained by means of video surveillance: to ensure the safety of employees or the protection of property or the control of production or to maintain the secrecy of information the disclosure of which could expose the employer to harm (Article 6(1)(f) RODO in conjunction with Article 22(2) § 1 of the Labour Code). |
| Objective | Organisation of community events and initiatives, in the event that you wish to participate (Article 6(1)(f) of the DPA). |
| Objective | Execution of contracts with the Administrator's customers, contractors and suppliers (Article 6(1)(f) RODO). |
| Objective | Conducting marketing of the Administrator's products and services to potential customers, using personal data of employees/persons employed under civil law contracts (Article 6(1)(f) RODO). |
| Data storage time |
The data will be retained for a period of 10 years from the end of the calendar year in which the employment relationship ceased/terminated, when it was established no earlier than 01.01.2019. The data will be retained for a period of 50 years from the end of the calendar year in which the employment relationship ceased/terminated, where it was established earlier than 01.01.2019. In the case of persons employed under civil law contracts, the data will be stored until the expiry of the limitation period for contractual claims or the expiry of legal retention obligations, in particular the retention of accounting documents. Video surveillance recordings will be stored for up to three months and, if necessary for the establishment, investigation or defence of claims, until the final settlement of the claims asserted or the expiry of the limitation period. If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account. If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent. |
| Scope of data |
At the time of employment, we process those data that you provide to us yourself. This is data that is necessary for the conclusion of an employment contract or a civil contract and, if you are employed under an employment contract, also data related to the fulfilment of many of the employer's obligations, such as data on your family members, data on your disability or data on your fitness for work. In the course of your employment contract or civil law contract, we acquire a range of new data about you. These include, for example, data on training you have attended, data on your use of employee benefits, your image (obtained, for example, in connection with the production of a promotional video), data on your activity in the resources made available to you (so-called logs), data on your geolocation (in the context of company cars) and a number of other data, the catalogue of which may vary in the various stages of the duration of the employment contract or civil law contract. |
| Data source |
As standard, we obtain data directly from you. In exceptional situations, we obtain this data from sources other than you. An example of such a situation is a summons from a bailiff to seize your salary. Another example is when we ask our customers about their satisfaction with the service, in which case we obtain your personal data from them in the form of their opinions about you. |
| Obligation to provide data |
The provision of certain data is a statutory obligation for an employee employed under an employment contract, in particular the data referred to in Article 22(1) of the Labour Code. The provision of certain data may also be a condition for the conclusion of an employment or civil law contract. |
| What if you do not provide your data | If you do not provide data for which there is a statutory or contractual obligation, we will not be able to employ you or fulfil your rights / our obligations under specific legislation. |
| Recipients of data |
Recipients are external entities to whom we pass your data: - entities that provide us with IT tools to store your data or entities that have access to your data as part of ongoing maintenance work on IT systems, |
| Data transfer | As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside the EEA which may result in the transfer of your data outside the EEA. Recipients outside the EEA, as decided by the European Commission, shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of States not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with the recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method used by the Controller to secure your data complies with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available. |
| Automated decisions | Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO, b) to rectify their personal data - within the limits of Article 16 of the RODO, c) the erasure of your personal data - within the limits of Article 17 of the RODO, d) restrict the processing of your personal data - within the limits of Article 18 RODO, e) the portability of your personal data - within the limits of Article 20 RODO, f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn, as well as g) The right to object at any time to the processing of your personal data - within the limits of Article 21 of the RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the RODO) - when submitting an objection you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason. |
| Right of action | If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website. |
Those using the "Contact Us" tab on the website
| Aims and legal bases of the processing | |
| Objective | Contacting a potential customer - taking pre-contractual action, at the customer's request, expressed by leaving your details in the "Contact Us" section of the website (Article 6(1)(b) RODO - if you are a potential customer; Article 6(1)(f) RODO - if you are an individual acting for or on behalf of a customer). |
| Objective | To provide an answer to a question asked via the "Contact us" tab (Article 6(1)(f) of the DPA). |
| Objective | The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO). |
| Data storage time |
Personal data will be held until your enquiry, submitted via the contact form, has been processed and then for a period of 3 months after the response. Personal data will be held until an offer is made to you and then for a period of 3 months after the offer has been made if the offer is not accepted. If our offer has been accepted and we are bound by a contract, then we will process your data for the time dedicated to customers with an active contract If you have a specific relationship with the Administrator (e.g. you are a customer with an active contract), then we may also store your data obtained via the Contact tab until the statute of limitations for claims arising from the legal relationship between you and the Administrator. If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise a legitimate objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account. If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent. |
| Scope of data | Normally these are: first name, last name, e-mail address . |
| Data source | As standard, we obtain data directly from you. |
| Obligation to provide data | The provision of certain data is not a statutory condition or a contractual requirement. |
| What if you do not provide your data | If you do not provide your details, we will not be able to provide you with our offer or answer any other question you may have. |
| Recipients of data | Recipients are external entities to whom we pass your data: - entities that provide us with IT tools to store your data or entities that have access to your data as part of ongoing maintenance work on IT systems. -website provider. |
| Data transfer | As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside EEA which may result in the transfer of your data outside the EEA. Recipient countries outside the EEA, as decided by the European Commission, shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of countries not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method used by the Controller to secure your data complies with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available. |
| Automated decisions | Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO, b) to rectify their personal data - within the limits of Article 16 of the RODO, c) the erasure of your personal data - within the limits of Article 17 of the RODO, d) restrict the processing of your personal data - within the limits of Article 18 RODO, e) the portability of your personal data - within the limits of Article 20 RODO, f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn, as well as g) The right to object at any time to the processing of your personal data - within the limits of Article 21 of the RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the RODO) - when submitting an objection you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason. |
| Right of action | If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Office for the Protection of Personal Data . You can find more information about this on the Office's website. |
Those who use the widget on the website - "stay up to date", allowing them to leave their contact details
| Aims and legal bases of the processing | |
| Objective | Contacting a potential customer - taking pre-contractual action, at the customer's request, expressed by leaving data in a widget on the website (Article 6(1)(b) RODO - if you are a potential customer; Article 6(1)(f) RODO - if you are an individual acting for or on behalf of a customer). |
| Objective | The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO). |
| Data storage time |
If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account. If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent. |
| Scope of data | The standard items are name, email address and telephone number. |
| Data source | As standard, we obtain data directly from you. |
| Obligation to provide data | The provision of data is neither a statutory condition nor a contractual requirement. |
| What if you do not provide your data | If you do not provide details, we will not be able to provide you with our offer. |
| Recipients of data | Recipients are external entities to whom we pass your data: - providers of external ICT systems, providing support and IT solutions - website provider, - marketing agencies, if we use their services in handling enquiries. |
| Data transfer | No, we will not transfer your data outside the European Economic Area. |
| Automated decisions | Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO, b) to rectify their personal data - within the limits of Article 16 of the RODO, c) the erasure of your personal data - within the limits of Article 17 of the RODO, d) restrict the processing of your personal data - within the limits of Article 18 RODO, e) the portability of your personal data - within the limits of Article 20 RODO, f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn, as well as g) The right to object at any time to the processing of your personal data - within the limits of Article 21 of the RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the RODO) - when submitting an objection you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason. |
| Right of action | If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website. |
Customers and their representatives
| Aims and legal bases of the processing | |
| Objective | Performing a contract with a customer or taking pre-contractual action, at the customer's request expressed in any way, e.g. by filling in a contact form on the website (Article 6(1)(b) of the DPA - if you are a customer; Article 6(1)(f) of the DPA - if you are an individual acting for or on behalf of a customer). |
| Objective | Fulfilment of legal obligations, in particular tax and accounting obligations (Article 6(1)(c) RODO). |
| Objective | Fulfilment of the Administrator's legitimate interest to establish, assert or defend against claims (Article 6(1)(f) of the DPA). |
| Objective | The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO). Please note: the provision of data other than that requested by the Administrator or data marked as optional is an explicit action tantamount to consenting to the processing of personal data for the purposes for which they are provided. |
| Data storage time |
Personal data will be stored until the expiry of the statute of limitations for claims arising from the contract with the customer. The specified data will also be stored until the expiry of data retention obligations under specific legislation, in particular the retention of accounting documents. If we process the specified data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specified purpose for a shorter period, i.e. until your objection is taken into account. If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent before the expiry of the basic retention period, then the data will be processed for this specific purpose for a shorter period, i.e. until you withdraw your consent. |
| Scope of data |
Our client (contracting party) may be an individual or an institution, such as a commercial company. In the latter case, we process the personal data of persons who act on behalf of the institution, e.g. the president, proxy or contact persons for the execution of the contract. Before concluding a contract with a customer, we obtain the data necessary to make an offer. This is usually basic contact data: name, e-mail address, telephone number. In the case of customer-individuals, we collect additional data necessary for the conclusion of the contract before concluding the contract, e.g. PESEL or residential address, depending on the product/service we sell. During the course of the customer contract, we acquire or process further data, such as data on transactions concluded or the history of the cooperation in general, including the results of satisfaction surveys. Please note: if, in connection with the use of our services/purchase of products offered by us, you have registered an account on our website, please note that such an account is a separate service and information on the processing of your data in the provision of this service by us can be found in another section of this Policy. |
| Data source |
As standard, we obtain data directly from you. Your personal data may also be obtained from another source, e.g. from our client company if you are an employee or representative of that company. Sometimes we obtain personal data from public sources, e.g. the client's website or from so-called business intelligence agencies, if we want to verify a client before doing business with them. |
| Obligation to provide data | The provision of certain data is necessary for the conclusion and subsequent performance of the contract. Remember that the conclusion of a contract can occur in various ways, such as by placing an order in an online shop. |
| What if you do not provide your data | If you do not provide the data required to enter into the contract, the contract cannot be concluded. |
| Recipients of data | Recipients are external entities to whom we pass your data: - state authorities or other entities authorised by law, if this is necessary for the fulfilment of legal obligations, - providers of external ICT systems, providing support and IT solutions, - entities auditing our activities or experts, - providers of accounting, consultancy or legal services, - companies that dispose of or archive documents and other media, - courier and postal service companies, - banks and other financial and payment institutions, - marketing agencies. |
| Data transfer |
As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside the EEA which may result in the transfer of your data outside the EEA. Recipient countries outside the EEA, in accordance with the European Commission's decision , shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of countries not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with the recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method used by the Controller to secure your data complies with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available. |
| Automated decisions | Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO, b) to rectify their personal data - within the limits of Article 16 of the RODO, c) the erasure of your personal data - within the limits of Article 17 of the RODO, d) restrict the processing of your personal data - within the limits of Article 18 RODO, e) the portability of your personal data - within the limits of Article 20 RODO, f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn, as well as g) The right to object at any time to the processing of your personal data - within the limits of Article 21 of the RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) of the RODO) - when submitting an objection you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason. |
| Right of action | If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Office for the Protection of Personal Data . You can find more information about this on the Office's website. |
Contractors (including suppliers) and their representatives
| Aims and legal bases of the processing | |
| Objective | Performing a contract with a contractor or taking pre-contractual action, at the contractor's request expressed in any way, e.g. by filling in a contact form on the website (Article 6(1)(b) of the DPA - if you are a contractor; Article 6(1)(f) of the DPA - if you are an individual acting for or on behalf of a contractor). |
| Objective | Fulfilment of legal obligations, in particular tax and accounting obligations (Article 6(1)(c) RODO). |
| Objective | Fulfilment of the Administrator's legitimate interest to establish, assert or defend against claims (Article 6(1)(f) of the DPA). |
| Data storage time |
Personal data will be stored until the expiry of the statute of limitations for claims under the contract with the contractor. The specified data will also be kept until the expiry of data retention obligations under specific legislation, in particular the retention of accounting documents. If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account. |
| Scope of data |
Our counterparty (contracting party) may be an individual or an institution, e.g. a commercial company. In the latter case, we process the personal data of persons who act on behalf of the institution, e.g. the president, proxy or contact persons for the execution of the contract. Before concluding a contract with a contractor, we obtain the data necessary to start negotiating the terms of cooperation. This is usually basic contact data: name, e-mail address, telephone number. In the case of counterparties - natural persons, before concluding a contract, we obtain additional data necessary for its conclusion, e.g. PESEL or address of residence. During the course of the contract with the counterparty, we acquire or process further data, such as data on invoices issued by the counterparty or the history of the cooperation in general. |
| Data source |
As standard, we obtain data directly from you. Your personal data may also be obtained from another source, e.g. from our counterparty - a company, if you are its employee or representative. Sometimes we obtain personal data from publicly available sources, e.g. from the counterparty's website or so-called business intelligence services, if we want to verify a counterparty before doing business with it. |
| Obligation to provide data | The provision of certain data is necessary for the conclusion and subsequent performance of the contract. Remember that the conclusion of a contract can occur in various ways, such as by placing an order in an online shop. |
| What if you do not provide your data | If you do not provide data, the provision of which is a condition for the conclusion or performance of the contract, the contract cannot be concluded or properly performed. |
| Recipients of data | Recipients are external entities to whom we pass your data: - state authorities or other entities authorised by law, if this is necessary for the fulfilment of legal obligations, - providers of external ICT systems, providing support and IT solutions, - entities auditing our activities or experts, - entities providing accounting, legal consultancy or debt collection services, - companies that dispose of or archive documents and other media, - courier and postal service companies, - banks and other financial and payment institutions, - other companies in the Administrator's group. |
| Data transfer |
No, we will not transfer your data outside the European Economic Area. Data will be transferred to [name of country] in accordance with the European Commission's decision finding an adequate level of protection for personal data (Article 45 RODO). - [link to decision]. The data will be transferred to [name of country] following the conclusion of the so-called standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the RODO). Please contact us if you would like a copy of the concluded standard contractual clauses. |
| Automated decisions | Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO, b) to rectify their personal data - within the limits of Article 16 of the RODO, c) the erasure of your personal data - within the limits of Article 17 of the RODO, d) restrict the processing of your personal data - within the limits of Article 18 RODO, e) the portability of your personal data - within the limits of Article 20 RODO, f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn, as well as g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason. |
| Right of action |
If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website. |
Handling of complaints
| Aims and legal bases of the processing | |
| Objective | Fulfilment of the obligation to handle complaints (Article 6(1)(c) RODO in conjunction with Article 7a of the Consumer Rights Act). |
| Objective | Fulfilment of the Administrator's legitimate interest in enabling the elaboration of a response to a question asked, unrelated to the complaint, and its dispatch (Article 6(1)(f) of the DPA). |
| Objective |
Fulfilment of the Administrator's legitimate interest to establish, assert or defend against claims (Article 6(1)(f) of the DPA). |
| Data storage time |
The data processed in connection with the handling of complaints are stored until the expiry of data storage obligations under specific legislation (e.g. in connection with disbursement of funds), in other cases - for a period of 2 years from the end of the complaint procedure, understood as the response to the complaint. Data processed for the purpose of compiling an answer to a question asked, not related to the complaint, and its dispatch, will be processed for a period of 2 years after the answer has been provided. If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is taken into account. |
| Scope of data | This usually includes basic contact details: name, email address, telephone number and information about the complaint/non-complaint enquiry made. |
| Data source | As standard, we obtain data directly from you. |
| Obligation to provide data | The provision of data is neither a statutory requirement nor a contractual condition. |
| What if you do not provide your data | If you do not provide details, we will not be able to process your complaint or provide you with an answer to a question unrelated to your complaint. |
| Recipients of data | Recipients are external entities to whom we pass your data: - state authorities or other entities authorised by law, if this is necessary for the fulfilment of legal obligations, - providers of external ICT systems, providing support and IT solutions, - providers of accounting services (if, for example, we make refunds), consultancy, auditing or legal services, - companies that dispose of or archive documents and other media, - courier and postal service companies, - banks and other financial and payment institutions if, for example, we make refunds, - companies in the Administrator's group. |
| Data transfer |
No, we will not transfer your data outside the European Economic Area. Data will be transferred to [name of country] in accordance with the European Commission's decision finding an adequate level of protection for personal data (Article 45 RODO). - [link to decision]. The data will be transferred to [name of country] following the conclusion of the so-called standard contractual clauses adopted by the European Commission (Article 46(2)(c) of the RODO). Contact if you wish to obtain a copy of the concluded standard contractual clauses. |
| Automated decisions | Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO, b) to rectify their personal data - within the limits of Article 16 of the RODO, c) the erasure of your personal data - within the limits of Article 17 of the RODO, d) restrict the processing of your personal data - within the limits of Article 18 RODO, e) the portability of your personal data - within the limits of Article 20 RODO, f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn, as well as g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason. |
| Right of action | If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website. |
Recipients of marketing messages
| Aims and legal bases of the processing | |
| Objective |
Fulfilment of the Administrator's legitimate interest in marketing its own products and services (Art. 6(1)(f) RODO) using the following forms of communication: emails, for the purpose of sending newsletters. NOTE: the use of certain forms of communication requires separate consent to the use of that channel, pursuant to Article 398 of the Electronic Communications Act. |
| Objective | Fulfilment of the legitimate interest of companies cooperating with the Administrator to market their products and services, when you have given your consent (Article 6(1)(a) RODO). |
| Objective | Fulfilment of legal obligations, in particular the Electronic Communications Act (Article 6(1)(c) RODO). |
| Objective | Fulfilment of the Administrator's legitimate interest in establishing, asserting or defending against claims relating to the sending of marketing communications, if any (Article 6(1)(f) RODO). |
| Objective | The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO). |
| Data storage time |
Your personal data will be stored until you object to marketing activities or withdraw your consent, depending on the legal basis for sending communications, i.e. you show us in any way that you do not wish to receive information from us about our activities / our services. If you make certain claims in connection with the marketing communications that we carry out, your data will be stored until the expiry of the limitation periods for these claims. The specified data will also be stored until the expiry of data retention obligations under specific legislation, in particular the Electronic Communications Act. If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise an effective objection to the processing before the expiry of the basic storage period, then the data will be processed for this specific purpose for a shorter period, i.e. until your objection is upheld (unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to substantiate the objection).
|
| Scope of data | Normally, this is only the data necessary to send a marketing communication, i.e. your name, e e-mail address, telephone number and, in the case of communications sent by post, also your postal address. |
| Data source | As standard, we obtain data directly from you. |
| Obligation to provide data | The provision of data is neither a contractual nor a statutory requirement. |
| What if you do not provide your data | No effect due to the above. |
| Recipients of data | Recipients are external entities to whom we pass your data: - providers of external ICT systems, providing support and IT solutions, - providers of marketing communications on our behalf. |
| Data transfer | As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside the EEA which may result in the transfer of your data outside the EEA. Recipients outside the EEA, as decided by the European Commission, shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of States not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with the recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method of securing your data applied by the Controller is in accordance with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available. |
| Automated decisions |
Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. We do not make automated decisions on the basis of this data that we process in the process of sending communications. On the other hand, we may make such decisions on the basis of data obtained in other processes, e.g. in the process of fulfilling a contract concluded with you. We use your purchase history to build your profile, and then decide what offers to send you based on this. This is done on the basis of Article 22(2)(c) of the DPA; the condition is that we first obtain your express consent to do so. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO, b) to rectify their personal data - within the limits of Article 16 of the RODO, c) the erasure of your personal data - within the limits of Article 17 of the RODO, d) restrict the processing of your personal data - within the limits of Article 18 RODO, e) the portability of your personal data - within the limits of Article 20 RODO, f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn, as well as g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason. |
| Right of action | If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website. |
Website users (data derived from cookies or other tracking technologies)
| Aims and legal bases of the processing | PLEASE NOTE: if you have a registered account on our website or make purchases from our website, you will find information about the processing of your data in this regard in other sections of the Policy. |
| Objective | To ensure the functionality of the website and facilitate the use of the website (Article 6(1)(f) of the DPA). |
| Objective | Conducting analysis and statistics on users' use of the Administrator's website (Article 6(1)(f) of the DPA). |
| Objective | The purposes indicated in the content of the consents for the processing of personal data, if such consents were given (Art. 6(1)(a) RODO). |
| Objective | Fulfilment of legal obligations, in particular the Electronic Communications Act (Article 6(1)(c) RODO). |
| Data storage time |
The specified data will also be stored until the expiry of data retention obligations under specific legislation, in particular the Electronic Communications Act. If we process certain data on the basis of the legitimate interest of the Controller (Article 6(1)(f) RODO) and you raise a legitimate objection to the processing, then the data will be processed for this specific purpose until your objection is taken into account. If we process certain data on the basis of your consent (Article 6(1)(a) RODO) and you withdraw your consent, then the data will be processed for that specific purpose until you withdraw your consent. |
| Scope of data | By default, this includes data such as your IP address and any information about you derived from cookies or the operation of so-called other tracking technologies. This may include, for example, information about the device from which you connect to us (from which you access our website), information about the browser you use, information about what you clicked on on our website. For details of what this data may be, please see the Cookies section of the Policy. |
| Data source | By default, we obtain data directly from you as a user of our website. |
| Obligation to provide data | The provision of data is not a contractual or statutory requirement. |
| What if you do not provide your data | No impact due to the above. |
| Recipients of the data | Recipients are external entities to whom we pass your data: - our suppliers, including the service providers referred to below, - entities that provide us with IT tools to process your data, including entities that provide us with so-called tracking technologies, - marketing agencies. |
| Data transfer | As a general rule, your personal data will not be transferred outside the European Economic Area (hereinafter: EEA). However, having regard to the services provided by the Administrator's subcontractors in the provision of support for ICT services and IT infrastructure, the Administrator may outsource certain activities or IT tasks to recognised subcontractors operating outside the EEA which may result in the transfer of your data outside the EEA. Recipients outside the EEA, as decided by the European Commission, shall ensure an adequate level of protection of personal data in accordance with EEA standards. For recipients in the territory of States not covered by the European Commission Decision, in order to ensure an adequate level of such protection, the Controller shall contract with the recipients of your personal data based on the standard contractual clauses issued by the European Commission in accordance with Article 46(2)(c) of the RODO. A copy of the standard contractual clauses can be obtained from the Controller by contacting the contact details provided above. The method used by the Controller to secure your data complies with the principles provided for in Chapter V of the RODO. You may request further information on the safeguards applied in this regard, obtain a copy of these safeguards and information on where they are available. |
| Automated decisions | Your data will not be subject to a decision based solely on automated processing, including profiling, producing legal effects or having a similar significant impact. |
| Your rights | a) access to their personal data - within the limits of Article 15 RODO, b) to rectify their personal data - within the limits of Article 16 of the RODO, c) the erasure of your personal data - within the limits of Article 17 of the RODO, d) restrict the processing of your personal data - within the limits of Article 18 RODO, e) the portability of your personal data - within the limits of Article 20 RODO, f) to withdraw at any time your consent to the processing, if it was the basis for the processing, without this affecting the lawfulness of the processing carried out before your consent was withdrawn, as well as g) The right to object at any time to the processing of your personal data - within the limits of Article 21 RODO - if the legal basis for the processing is the legitimate interest of the Controller or a third party (Article 6(1)(f) RODO) - when submitting an objection, you should indicate the reasons related to your particular situation, unless the objection relates to processing for direct marketing purposes - in which case there is no requirement to indicate such a reason. |
| Right of action | If you believe that we are processing your personal data unlawfully, you can lodge a complaint with the President of the Data Protection Authority. You can find more information about this on the Office's website. |
Cookies
I. What are cookies
1. Cookies are small text files that are stored on your computer or smartphone when you view our website. There are different types of cookies. We have divided them for you into two groups:
a) Essential;
b) Statistical.
2. The essential cookies make our website stable. These cookies measure traffic and keep us from overloading the site. They remember your choices about privacy or how you fill in our forms. Cookies also save the contents of your shopping cart and monitor your login status. We use these cookies by default. This means that we save them on your computer or smartphone when you visit our website.
3. We only use other cookies if you have given your consent.
II. What cookies we use
| Essential cookies ensure that our website and its core functions function properly. Without them, you cannot use our online services properly. We do not need your permission to use these cookies. |
| Name | Objective | Storage period |
| XSRF-TOKEN | a mechanism to protect web applications from Cross-Site Request Forgery (CSRF) attacks. This is a special authentication token that is generated by the server and sent to the client (e.g. the user's browser). Subsequently, every request sent to the server must contain this token to confirm that it comes from an authorised user | 1h |
| user_session | A mechanism that stores user session information in a web application. The user session is used to identify and manage the user as he or she interacts with the application, without having to log in again on each subpage. | 1h |
| Analytical cookies - our website uses cookies provided by [name of analytical cookie provider]. Analytical cookies allow us to track the numbers and sources of visits. In this way, we measure and improve the performance of our website. This allows us to better understand which sub-pages you visit most often and how you navigate through them. You can choose not to consent to these cookies. Your decision will not affect how our website works. |
| Name | Objective | Storage period |
| _ga | Used by Google to check whether a user has visited the site before. This helps to identify unique users and count how many people are visiting the site. | 2 years |
| _ga_ | Used by Google to maintain session status. | 2 years |
| _gid | Used by Google to check whether a user has visited the site before. This helps to identify unique users and count how many people are visiting the site. | 24 hours |
| Marketing cookies - we use these cookies to personalise the content we display to you. We may use them in our advertising campaigns that we run on third party websites. If you consent to these cookies, you may receive information about the websites of our trusted partners where you respond to our advertising in advance. You can choose not to consent to these cookies. Your decision will not affect how our website works. If you opt out of marketing cookies, we will display generic and non-personalised ads to you. |
| Name | Objective | Storage period |
| APISID | Used by Google to display personalised ads on Google sites based on recent searches and previous interactions. Allows Google to collect information about users of videos hosted by YouTube. | 2 years |
| HSID | Used by Google to display personalised ads on Google sites based on recent searches and previous interactions. Allows Google to collect information about users of videos hosted by YouTube. | 2 years |
| LOGIN_INFO | Used by Google. Allows Google to collect information about users of videos hosted by YouTube. | 2 years |
| PREF | Used by Google. Allows us to remember user preferences, i.e. language settings, preferred page configuration and playback preferences such as autoplay, random play and player size. | 2 years |
| SAPISID | Used by Google to display personalised ads on Google sites based on recent searches and previous interactions. Allows Google to collect information about users of videos hosted by YouTube. | 2 years |
| SID | Used by Google to display personalised ads on Google sites based on recent searches and previous interactions. | 2 years |
| SIDCC | Used by Google. This is a security cookie that protects visitor data from unwanted unauthorised access. | 1 years |
| SOCS | A cookie responsible for storing the user's state in relation to their cookie choices. | 2 years |
| SSID | Used by Google to display personalised ads on Google sites at based on recent searches and previous interactions. | 2 years |
| VISITOR_INFO1_LIVE | Used by Google. This cookie contains a unique identifier used to remember user preferences and other information such as preferred language. It is used to make personalised recommendations on YouTube based on previous views and searches, as well as to detect and resolve problems with the service. | 6 months |
| VISITOR_PRIVACY_METADATA | A cookie responsible for storing the user's state in relation to their cookie choices. | 6 months |
| YSC | Used by Google. This is a security cookie. | session |
| __Secure-1PAPISID | Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google ads. It contains a unique identifier. | 1 year |
| __Secure-1PSID | Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements. | 1 year |
| __Secure-1PSIDCC | Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements. | 1 year |
| __Secure-1PSIDTS | Used by Google. This is a cookie used to collect information about interactions with Google services. It contains a unique identifier. | 1 year |
| __Secure-3PAPISID | Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements. | 1 year |
| __Secure-3PSID | Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements. | |
| __Secure-3PSIDCC | Used by Google. This is a cookie used for targeting purposes to create a profile of the website visitor's interests in order to display relevant and personalised Google advertisements. | |
| __Secure-3PSIDTS | Used by Google. This is a cookie used to collect information about interactions with Google services. It is used to measure the effectiveness of advertisements and personalise user content. The cookie contains a unique identifier. | |
| __Secure-ROLLOUT_TOKEN | Used by Google. Records a unique identifier in order to keep statistics on the YouTube videos the user has watched. | 180 days |
III. Consent to the installation of cookies
1. When you visit our website, we will display a banner telling you that we use cookies. If you select the 'Allow all' option, this will mean that you accept all cookies. By doing so, you are also confirming that you know what the cookies we use are and for what purposes we do so, and when we pass data from these cookies to our partners.
2. Please note that we do not need your consent to use essential cookies.
IV. Do not accept the installation of cookies
If you do not want our cookies to be stored on your device, please select the "Reject all" option. When you select this option, you will reject all cookies except the necessary ones.
V. Modifying cookie settings
If you would like to manage your preferences, which relate to cookies, select "Personalise".
VI. Withdrawal of consent
Remember that you can change your preferences that relate to consents at any time. To do so, click on the blue icon that represents a paperclip. You will find it in the bottom left corner of our website.
Changes to the Privacy Policy
If there are changes to the way we process your personal data, then we will update this Privacy Policy and post the latest version on our website, in advance of the materiality of the change.