PRIVACY POLICY OF NOWODVORSKI LIGHTING SP. Z O.O. with its principal place of business in Częstochowa
Table of contents
- Introduction.
- Personal data.
2.1. What are personal data and what does their processing involve?
2.2. When is this Privacy Policy applicable?
2.3. How, on what legal basis and what kinds of personal data are processed by NOWODVORSKI LIGHTING SP. Z O.O.?
2.4. How long do we process your personal data?
2.5. When and how do we make available personal data to third parties? Do we transfer the data to third countries?
2.6. What are the rights of data subjects and how are they exercised? [information clause]
- Cookies
3.1. What are cookies?
3.2. What are cookies used for?
3.3. For how long will cookies be used?
3.4. May I revoke my acceptance of cookies?
3.5. How to switch off cookies?
- Final provisions
Are modifications of this Privacy Policy allowed and when?
- Introduction
We consider the protection of personal data a key aspect of the business of NOWODVORSKI LIGHTING SP. Z O.O. (hereafter: ‘NOWODVORSKI LIGHTING’).
As a company responsible in particular for the production of luminaries, being at the same time data controller, we feel particularly responsible for the security of data. Our aim is also to duly inform you on anything related to the processing of personal data, especially under new personal data regulations, including Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘GDPR’). Due to that, in this document you are informed about legal basis for the processing, collection and use of personal data, as well as the related rights of data subjects.
Being a responsible company, NOWODVORSKI LIGHTING also delivers the requirements of the ‘Telecommunications Law’ Act of 15 September 2017 (Dziennik Ustaw of 2017, item 1907, as amended) in connection with the use of cookies. As the owner of the www.nowodvorski.eu online service, NOWODVORSKI LIGHTING is required to inform website users on the above-mentioned cookies placed by the Service on user’s computer and why it does so.
- Personal data
2.1. What are personal data and what does their processing involve?
‘Personal data’ means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. Processing of personal data is actually any operation on personal data, whether automated or not, e.g., collection, storage, recording, structuring, adaptation or alteration, consultation, use, making available, restriction, erasure or destruction. NOWODVORSKI LIGHTING processes personal data for diverse purposes and, depending on the purpose, different methods of collection, legal basis of processing, use, disclosure and retention periods may be applicable.
2.2. When is this Privacy Policy applicable?
This Privacy Policy is applicable to all cases where NOWODVORSKI LIGHTING is the data controller and processes personal data obtained either directly from data subjects or from other sources. NOWODWORSKI delivers its information obligations in both of the above-mentioned cases, i.e., under Articles 13 and 14 of GDPR.
Data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, and in this case the data controller is NOWODVORSKI LIGHTING with the following details:
‘NOWODVORSKI LIGHTING’ sp. z o.o. with its principal place of business in Częstochowa (42-202), ul. Bojemskiego 11, registration file in the Register of Entrepreneurs of the National Court Register at the District Court in Częstochowa, XVII Commercial Division of the KRS, KRS no. 0000994571, NIP (tax identification number): 5731015208, share capital at PLN 4,000,000,00.
If you have any questions or concerns related to the processing of your personal data by NOWODVORSKI LIGHTING, please contacts us at nowodvorski@nowodvorski.com
2.3. How, on what legal basis and what kinds of personal data are processed by NOWODVORSKI LIGHTING?
We do our best to be transparent on the methods and legal basis of personal data processing and purposes for which NOWODVORSKI LIGHTING processes personal data. Each time, we also make sure to provide the necessary information in this regard to anyone whose personal data are processed by us as the data controller. Aiming to make it as clear as possible, we present the following list of personal data processing operations in connection with our website.
At the same time, please note that whenever we are processing personal data based on legitimate interest of the data controller (Article 6(1)(f) of GDPR), we try to review and balance our interest against the potential (both positive and negative) impacts on the data subject and the rights of that person under Protection of Personal Data regulations. We do not process personal data based on our legitimate interest when we find out that the impact on the data subject would override our interest (but in such case we may process personal data, if e.g. we hold an appropriate consent, or legislation authorises or requires us to do so).
- Processing of personal data of NOWODVORSKI LIGHTING's website visitors.
In connection with the use of our website, we process your data sent by your browser to our server. Such data must be processed to ensure proper operation of our website and to provide users with stability and security. The processing is conducted under Article 6(1)(f) of GDPR. The processed data include: IP address, session start date and time, time zone, source page information, http access status/code, address of the page from which the access has taken place, type of browser, operating system and its interface, language and version of browser software. Explanations on cookies can be found in Section 3 of our Privacy Policy.
- Processing of personal data from our contact form
In the ‘Contact’ tab on our website, there is a Contact Form where you can request information on NOWODVORSKI LIGHTING's business. The Contact Form collects the following data from the user: first name and surname, e-mail address and company name. Optionally, in the content of your message, you may voluntarily make available to NOWODVORSKI LIGHTING other personal data of your choice. Data such as first name and surname, or e-mail must be provided, because with them we will be able to achieve the intended purpose, i.e., to provide you with an answer to your query. The Contact Form meets the requirements of Article 5(1)(c) of GDPR, i.e., the processed personal data are adequate, relevant, and limited to what is necessary in relation to the purposes for which such data are being processed (‘minimising of the processing’). Personal data are processed based on the consent of the user of our Contact Form, i.e., based on Article 6(1)(a) of GDPR. The consent is voluntary and collected by NOWODVORSKI LIGHTING in the ‘opt-in’ format, which means that you may choose whether to tick the box of consent to the processing of personal data, which avoids a situation where the consent box would be automatically ticked by the system, thus leading to a breach of the voluntary nature of your consent (Article 7 of GDPR). Importantly, it is up to you to decide which data you are providing in the Contact Form in addition to the minimum set consisting of your first name, surname, e-mail address and content of the message. Full listing of your rights and obligations related to the processing of personal data (consistent with Article 13 of GDPR) is provided in the information clause in Section 2.6. of this Privacy Policy.
- Processing of personal data on the form placed in the Strefa Partnera [Partner’s Zone] tab
The ‘Strefa Partnera’ [Partner’s Zone] tab on our website contains a contact form where you can submit your interest in commercial partnership with NOWODVORSKI LIGHTING. The contact form collects the following data from the user: first name and surname, e-mail address, telephone number, company name, title of the contacting person, NIP (tax ID), city/town of your business and legal form of your business. Such data are necessary, because with them we will be able to achieve the intended purpose, i.e., to provide you with the proposed terms of our partnership and contact you. The Contact Form meets the requirements of Article 5(1)(c) of GDPR, i.e., the processed personal data are adequate, relevant, and limited to what is necessary in relation to the purposes for which such data are being processed (‘minimising of the processing’). Personal data are processed based on the consent of the user of our Contact Form, i.e. based on Article 6(1)(a) of GDPR. The consent is voluntary and collected by NOWODVORSKI LIGHTING in the ‘opt-in’ format, which means that you may choose whether to tick the box of consent to the processing of personal data, which avoids a situation where the consent box would be automatically ticked by the system, thus leading to a breach of the voluntary nature of your consent (Article 7 of GDPR). Importantly, it is up to you to decide which data you are providing in the Contact Form in addition to the minimum set consisting of your first name, surname, e-mail address and content of the message. Full listing of your rights and obligations related to the processing of personal data (consistent with Article 13 of GDPR) is provided in the information clause in Section 2.6. of this Privacy Policy.
- Processing of personal data on the form placed in the Strefa Projektanta [Designer’s Zone] tab
In the ‘Strefa Projektanta’ [Designer’s Zone] tab on our website there is a contact form to send Designer’s/Architect’s Design using the NOWODVORSKI LIGHTING branded products to promote the Designer’s Firm or individual Designer and Nowodvorski Lighting brand products.
The Contact Form collects the following data from the user: first name and surname, e-mail address, company name, name of accounts in social media, and a field to send files and enter product names. These data are necessary for us to deliver the intended purpose, which is to present the Design sent to us, taking into account the interests of both parties. The Contact Form meets the requirements of Article 5(1)(c) of GDPR, i.e., the processed personal data are adequate, relevant, and limited to what is necessary in relation to the purposes for which such data are being processed (‘minimising of the processing’). Personal data are processed based on the consent of the user of our Contact Form, i.e., based on Article 6(1)(a) of GDPR. The consent is voluntary and collected by NOWODVORSKI LIGHTING in the ‘opt-in’ format, which means that you may choose whether to tick the box of consent to the processing of personal data, which avoids a situation where the consent box would be automatically ticked by the system, thus leading to a breach of the voluntary nature of your consent (Article 7 of GDPR). Importantly, it is up to you to decide which data you are providing in the Contact Form in addition to the minimum set consisting of your first name, surname, e-mail address and content of the message. Full listing of your rights and obligations related to the processing of personal data (consistent with Article 13 of GDPR) is provided in the information clause in Section 2.6. of this Privacy Policy.
- Processing of personal data as part of Google Analytics
Our website uses Google Analytics, which is a service that analyses website viewing, made available by Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses cookies placed on your computer to enable them to analyse how you use the website. Information generated by cookies on the use of our website is usually sent to Google’s server in the US and stored there. On behalf of the website operator, Google uses this information to assess how the website is used, to prepare website activity reports, and to provide the website operator with other services related to website use and online activity. In exceptional cases where personal data are transferred to the US, Google has adopted the EU-US Privacy Shield. The IP address sent by Google Analytics will not be linked by Google to other data. You can prevent the storage of cookies by properly setting up your browser software. Please remember that if you do that, you may be unable to use all the functions of that website. You can also prevent Google from storing the data generated by cookies and related to the use of our website (including the IP address) as well as the processing of such data by Google using an appropriate browser plugin. We use Google Analytics to analyse and regularly improve your experience with our website. With the statistics we are able to improve our offering and make it more interesting for you as the user. This website also uses Google Analytics to analyse the number of views from different devices using the user ID. The processing is conducted under Article 6(1)(f) of GDPR. Full listing of your rights and obligations related to the processing of personal data (consistent with Article 13 of GDPR) is provided in the information clause in Section 2.6. of this Privacy Policy.
- Processing of personal data as part of Google AdWords
Google AdWords is Google’s advertising system with the functionality of displaying sponsored links and graphical ads in Google search results, presenting the products offered by us. We use Google AdWords to bring attention to our attractive offering using ad materials on third-party websites. With regard to ad campaigns, we are able to determine the effectiveness of various advertising actions. We want to display ads which you find interesting, to make our website more attractive and to obtain fair calculation of advertising costs. Advertising materials are provided by Google through what is called ‘adservers’. For this purpose, we use adserver cookies which measure specific performance indicators, such as ads or user clicks. If you access our website through a Google ad, Google AdWords will upload a cookie to your computer. Such files usually are valid for up to 30 days and are not used for personal identification. Cookies usually store analytical content (frequency), last actions (applies to conversations and display) and resignation information. Such cookies allow us to identify your web browser. Consequently, we ourselves don’t store or process any personal data in the above-mentioned advertising systems. What we get are only statistical indicators. We are unable to identify users based on such information. Through these marketing tools, the browser automatically connects to the Google server. We have no influence on the scope and purpose of the subsequent use of data collected by this Google tool. If you are registered to a service provided by Google, Google may link the visit on your page with your Google account. Even if you have not registered at Goggle or signed in, chances are that Google will find and record your IP. With regard to the resignation or limitation of tracking as part of Google, the information defined in Section C applies. The processing is conducted under Article 6(1)(f) of GDPR. Full listing of your rights and obligations related to the processing of personal data (consistent with Article 13 of GDPR) is provided in the information clause in Section 2.6. of this Privacy Policy.
- Social Media
On our website, you will find links to social portals where we publish information about us and our business.
- Processing of personal data as part of newsletter
With your consent which you may withdraw at any time, you may use our newsletter to get informed about our offering, fairs or events, or other news on the company and our products. To subscribe to our newsletter, a double choice procedure is used. It means that you first enter your e-mail address, then a window opens up with information to confirm your consent to data processing and an info clause. Only a repeated confirmation of your choice to subscribe to a newsletter by clicking ‘zapisz’ [save] will achieve the intended result and start the processing of personal data by NOWODVORSKI LIGHTING. In addition, we will store your IP address from which you have connected with us, and the time of your subscription and confirmation of newsletter participation. The purpose of this procedure is to demonstrate the subscription and potentially to inform about improper use of your personal data. The only condition necessary to send the newsletter is to provide your e-mail address. The processing is conducted under Article 6(1)(a) of GDPR. You can withdraw your consent at any time. You can do it by clicking the link provided each time in each edition of the newsletter or by sending an e-mail to nowodvorski@nowodvorski.com. Full listing of your rights and obligations related to the processing of personal data (consistent with Article 13 of GDPR) is provided in the information clause in Section 2.6. of this Privacy Policy.
- Placing YouTube films on our website
On our website, you can find films hosted by the www.youtube.com service, and you can play them from our website. All of them are contained in an extended privacy mode, which means that you don’t send your data as YouTube user if you don’t play the films. The data mentioned in Section A will be sent only when you play those films. We have no influence on such data transfer. YouTube receives information about the calling page. It happens regardless of whether YouTube makes available the user account you are signed in, or there is no user account. Upon sign-in to Google account, your data will be assigned directly to your account. If you don’t want your profile to be associated with YouTube, you need to sign off from the Google account before pressing the film’s play button. YouTube stores your data as user profiles and uses them for advertising purposes, market research, or designing its site. Such evaluation is used in particular to ensure adequate advertising and inform other users of the social network about the activities on our website. You have the right to object to such user profiles being created by YouTube by setting up a requirement for automated redirection to YouTube website to use it. More information about the extent and purpose of the collection and processing of data by YouTube service can be found in YouTube’s Privacy Policy.
- Website integration with Google Maps
On our website, we also use Goggle Maps. This allows us to display an interactive map directly on the website and provide users with convenient use of the map functionality.
With regard to Google Maps, the provisions of Section C are applicable as appropriate.
2.4. How long do we process your personal data?
The time for which we can process personal data depends on the legal basis which authorises the processing of personal data by NOWODVORSKI LIGHTING. In NOWODVORSKI LIGHTING’s policies, we have defined that we must not process personal data for longer than necessary under such legal basis. Accordingly, we inform that:
- where NOWODVORSKI LIGHTING processes personal data based on your consent, the processing lasts until its intended purpose is achieved or the established archiving period has ended, namely, in the case of:
- contact form - for the period of correspondence of the parties on the question asked;
- newsletter - until the newsletter subscription to the e-mail address is cancelled, or if NOWODVORSKI LIGHTING no longer uses the newsletter in its business.
- where NOWODVORSKI LIGHTING processes personal data based on legitimate interest of the data controller, the processing lasts until that interest expires (g., legal time limits for bringing a claim) or until the data subject objects to further processing – in situations where you are eligible for such objection under legislation.
- where NOWODVORSKI LIGHTING processes personal data as required by the applicable legislation, the data processing periods are laid down by such legislation.
2.5. When and how do we make available personal data to third parties? Do we transfer the data to third countries?
We transfer personal data do third parties only where we are authorised to do so by legislation. In such case, in a special agreement with the third party we provide for terms and security mechanisms to protect the data and to comply with our standards for data protection, confidentiality and security. Where we transfer personal data controlled by us to other organisations to perform specific activities on our behalf, we enter into a special agreement with such organisation. Under such personal data processing agreements (Article 28 of GDPR), NOWODVORSKI LIGHTING can control how and to what extent the organisation contracted by NOWODVORSKI LIGHTING is to process specific personal data categories. Personal data processing agreements stipulate that the processor: - processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest; - ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; - takes all measures required pursuant to Article 32 of GDPR; - taking into account the nature of the processing, assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of GDPR; - assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36, taking into account the nature of processing and the information available to the processor; - at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data; - makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller. With regard to personal data collected by NOWODVORSKI LIGHTING as part of its website www.cryospace.eu, no third-party access to personal data is anticipated except potential access by: - the IT company maintaining the website on behalf of NOWODVORSKI LIGHTING; - organisations providing hosting services for NOWODVORSKI LIGHTING; - organisations carrying out marketing or sales campaigns for NOWODVORSKI LIGHTING; - other NOWODVORSKI LIGHTING’s subcontractors providing software delivery and servicing, including on the website.
For personal data transferred outside of the territory of the Republic of Poland, please note that: cross-border transfers may apply to countries outside of the European Economic Area (‘EEA’) and countries which have no regulations in place to stipulate particular protection of personal data. We have taken measures to ensure proper protection of all personal data and lawfulness of personal data transfers also outside of the EEA. For personal data transfers to non-EEA countries regarded by the European Commission as failing to ensure proper standard of personal data protection, transfers are only made based on a contract that takes into account EU requirements for personal data transfers outside of the EEA.
2.6. What are rights of data subjects and how are they exercised? [information clause]
Natural persons have certain rights related to their personal data, and NOWODVORSKI LIGHTING, as the controller, is responsible for respecting these rights in accordance with the applicable legislation. If you have any questions or requests concerning the scope and respecting of your rights, and if you want to contact us to exercise a specific right for the protection of personal data, please contact us on:
NOWODWORSKI@NOWODVORSKI.COM.
We reserve the right to deliver the rights below upon positive verification of the identity of the person seeking a specific action.
- Access to personal data
Natural persons have the right to access the data which we store as the controller. This right can be exercised by sending an e-mail to: nowodworski@nowodvorski.com.
- Change, rectification or erasure of personal data
Any change, including an update, rectification or erasure of personal data processed by NOWODVORSKI LIGHTING can be achieved by sending an e-mail to: nowodworski@nowodvorski.com.
The right to have the data erased may be exercised e.g. where the data of a natural person are no longer necessary for the purposes for which they have been collected by NOWODVORSKI LIGHTING or where the natural person withdraws its consent to the processing of data by NOWODVORSKI LIGHTING. In addition, this applies to cases where a natural person objects to the processing of her data or where her data are unlawfully processed. The data should also be erased to comply with legislation.
- Withdrawal of consent
For the processing of personal data based on a consent, natural persons have the right to withdraw such consent at any time. We inform about such right each time when we collect a consent and make it possible to withdraw a consent as easily as it has been given. If not informed otherwise, i.e., where we have provided no other address or contact number to withdraw your consent, we ask you to send us an e-mail to: nowodvorski@nowodvorski.com.
- Right to restriction of processing or objection to processing of personal data
Natural persons are entitled to have restricted or object to the processing of their personal data at any time due to their specific circumstances, unless the processing is required under legislation.
A natural person may object to the processing of her personal data where:
- the processing of personal data is based on the controller’s legitimate interest or for statistical purposes, and the objection is justified by specific circumstances of the natural person;
- personal data are processed for the controller’s direct marketing purposes, including profiled for such purpose.
Regarding the request to restrict the processing of data, please note that it applies where:
- the accuracy of personal data is contested by the data subject – for a period enabling the controller to verify the accuracy of such data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing of personal data pursuant to Article 21(1) of GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
- Right to data portability
The data subject has the right to receive personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
- the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) of GDPR; or
- the processing is based on a contract pursuant to point (b) of Article 6(1) of GDPR; and
- the processing is carried out by automated means.
In exercising his or her right to data portability, the user has the right to request that the personal data be transmitted directly from the controller to another controller, where technically feasible.
The right to data portability may not adversely affect the rights and freedoms of others.
If you want to exercise these rights, please send an e-mail to nowodvorski@nowodvorski.com.
- All other questions, concerns and complaints
If you have any questions, reservations, concerns or complaints on the content of this Privacy Policy or how we process personal data, please send us an e-mail with detailed information regarding the complaint to nowodvorski@nowodvorski.com. We will examine and respond to all complaints.
Persons whose personal data are processed by NOWODVORSKI LIGHTING are also eligible for bringing a complaint to the supervisory authority, being the President of the Personal Data Protection Office, 2 Stawki St., 00-193 Warsaw.
- Cookies
As explained in Section A of paragraph 2.3., we use cookies as part of our website. Consequently, we would like to inform you about the essential aspects of cookies so that using our website is transparent and clear to you.
3.1. What are cookies?
Cookies are small files placed on your digital device by the websites you visit. Cookies contain various information which are often necessary for the website to operate correctly. Cookies are encoded to prevent unauthorised access. The information collected based on cookies can be read only by NOWODVORSKI LIGHTING and – for technical reasons – trusted partners providing services to us. Most important of all, cookies cannot launch software applications or transfer viruses to digital devices.
3.2. What are cookies used for?
Cookies are classified as follows based on the purpose of use:
Basic cookies – installed where you have consented by setting up the software installed on your digital device. Basic cookies include technical and analytical cookies.
Technical cookies – they are necessary for the correct operation of the website. We use them to:
- ensure correct display of our website – depending on the device you are using,
- adapt our services to your choices of technical importance to the operation of the website, e.g., the selected language,
- remember if you have consented to displaying certain content.
Analytical cookies – they are required to clear accounts with business partners or measure the performance of our marketing actions without identification of personal data and improve the operation of our website. We may use them to:
- examine the website traffic statistics and the source of such traffic (where redirection comes from),
- detect various abuses, e.g., artificial online traffic (bots).
3.3. For how long will cookies be used?
All cookies are also classified by the duration for which they are installed on your browser into:
Session cookies – they remain on your device until the website is quitted or software (Internet browser) is closed. These are mainly technical cookies.
Permanent cookies – they remain on your device for a time defined in the file parameters or until they are manually removed by the user.
3.4. May I revoke my acceptance of cookies?
You can change your browser settings at any time and refuse any requests for placing cookies. Before you decide to change your settings, please note that cookies make it more convenient to use our website. Switching off cookies can affect how our website is displayed in your browser. In some cases, the website may not display at all.
3.5. How to switch off cookies?
You can delete cookies from your browser and block their re-installation at any time.
The option of withdrawal or cancellation of your consent may vary depending on the browser you are using. In such case, please consult the user manual for the browser available on digital device.
- Final provisions
Are modifications of this Privacy Policy allowed and when?
We commit ourselves to regularly review this Privacy Policy where necessary or advisable due to: new legislation, new guidelines of the authorities supervising personal data protection processes, best practices in the area of personal data protection (Codes of Good Practice, if NOWODVORSKI LIGHTING is bound by such Code, of which you will be informed). We also reserve the right to modify this Privacy Policy if the technology by which we process personal data changes (unless such change affects the content of this document), or when the methods, purposes or legal basis for our processing of personal data changes.
Aiming to ensure the best possible contact with us for the processing of personal data, we also offer direct contact with us at NOWODVORSKI LIGHTING’s headquarters, or contact by mail (post) or telephone using the following contact details:
NOWODVORSKI LIGHTING SP. Z O.O.
Bojemskiego 11
42-200 Częstochowa
tel. +48 32 494 00 09