MK

Privacy Policy

1. General provisions

1.1. This Privacy Policy (hereinafter referred to as the “Policy”) is intended to inform Users of the website (hereinafter referred to as the “Service”) about how and for what purpose their personal data is collected and processed.

1.2. We make every effort to ensure that the privacy of Users of the Service is protected in accordance with the highest standards. In particular, we comply with applicable laws, including:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”),
  • The Act of 18 July 2002 on the Provision of Electronic Services (Journal of Laws 2013.1422, as amended),
  • The Act of 16 July 2004 – Telecommunications Law (Journal of Laws 2014.243, as amended).

1.3. Use of the Service is voluntary. Providing personal data by the User is also voluntary, but in some cases may be necessary to use certain functionalities of the Service (e.g., submitting a form, subscribing to a newsletter).

2. Data controller

2.1. The controller of the Users’ personal data is [Company Name], with its registered office at [Address], registered under the number [KRS/NIP/REGON], email address: [contact email] (hereinafter referred to as the “Controller”).

2.2. For matters relating to personal data, you can contact the Controller by writing to the email address: [email for data protection officer / responsible person], or by post to the company’s registered address.

3. Scope, sources, and methods of data collection

Data in our Service may be provided in two ways: passively and actively.

3.1. Passively Collected Data

3.1.1. During a visit to the Service, certain information is automatically recorded in server logs (e.g., IP address, date and time of visit, browser type, operating system, subpages visited by the User). Such data:

  • are of a statistical nature and are not combined with specific individuals,
  • help with administration and improvement of the Service,
  • are used to ensure security and proper functioning of the Service.

3.1.2. The Service may use analytical tools (e.g., Google Analytics) that use cookies to analyze traffic and User behavior on the site. These tools do not enable the Controller to identify an individual person based solely on passively collected data.

3.2. Actively collected data

3.2.1. Contact Forms / Inquiries / Orders
A User may fill out a contact form, in which we usually ask for such data as: first name, last name, email address, phone number, and/or the content of the message.
Data provided in forms are used solely for the purpose of contacting the User, responding to the inquiry, or preparing an offer and completing an order.

3.2.2. Newsletter
A User may subscribe to the newsletter, which contains information about our offer, news, or events. Typically, we require the User’s email address (and possibly first name).
Checking the box to receive the newsletter is voluntary, and the User may unsubscribe at any time by clicking the “Unsubscribe” link included in each message or by contacting the Controller.

4. Purposes and legal bases for data processing

The Controller processes personal data of Users for the following purposes:

  • Provision of services and order processing
    • Purpose: Conclusion and performance of a contract, customer service.
    • Legal basis: Article 6(1)(b) GDPR (necessary for the performance of a contract or to take steps prior to entering into a contract).
  • Handling of questions, inquiries, and communication
    • Purpose: Responding to questions asked via the contact form or in another form (email, telephone).
    • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Controller in communicating with Users and ensuring high-quality service).
  • Analytical and statistical purposes
    • Purpose: Improving the operation of the Service, adapting it to the needs of Users.
    • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Controller).
  • Marketing of our own services
    • Purpose: Sending marketing content and offers, including via the newsletter.
    • Legal basis: Article 6(1)(a) GDPR (User’s consent) or Article 6(1)(f) GDPR (legitimate interest of the Controller, to the extent permitted by law).
  • Fulfillment of legal obligations
    • Purpose: Financial settlements, issuing invoices, bookkeeping, archiving documents.
    • Legal basis: Article 6(1)(c) GDPR (legal obligation).
  • Handling potential complaints and claims
    • Purpose: Pursuing or defending against claims.
    • Legal basis: Article 6(1)(f) GDPR (legitimate interest of the Controller in pursuing or defending against claims).

5. Period of data storage

5.1. Data processed in connection with:

  • Performance of a contract/order: stored for the period necessary to complete the order or contract, and thereafter until the statute of limitations for any potential claims.
  • Sending of newsletters: stored until the User withdraws their consent.
  • Compliance with a legal obligation (e.g., accounting, tax): stored for the period required by law (usually 5 years from the end of the calendar year in which the transaction was carried out).
  • Defense or pursuit of claims: stored for the limitation period of potential claims (typically 3 or 6 years, depending on the type of case).

5.2. After the expiry of the above periods, data are deleted or anonymized unless there are other legal grounds for further processing.

6. User rights

Under the GDPR, the User has several rights related to the processing of personal data:

  • Right of access – The User has the right to obtain information on whether and how we process their data and to receive a copy of such data.
  • Right to rectification – The User may request the correction or completion of incorrect or incomplete data.
  • Right to erasure (“right to be forgotten”) – The User may request the deletion of data in situations specified in Article 17 of the GDPR, e.g., when the data are no longer needed for the purposes for which they were collected.
  • Right to restriction of processing – The User may request the restriction of data processing in cases indicated in Article 18 of the GDPR.
  • Right to data portability – The User may receive their data in a structured format and transfer them to another controller.
  • Right to object – The User may object to the processing of their data if the processing is based on our legitimate interest, including profiling and direct marketing.
  • Right to withdraw consent – Where processing is based on consent, the User may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to lodge a complaint with a supervisory authority – If the User believes that the data are processed unlawfully, they may file a complaint with the President of the Personal Data Protection Office (UODO).

To exercise these rights, please contact the Controller via the email address provided in Section 2.2.

7. Cookies

7.1. The Service uses cookies in order to:

  • ensure the proper functioning of the Service,
  • tailor the content to the User’s preferences,
  • conduct anonymous visit statistics,
  • carry out marketing activities.

7.2. Cookies are small text files stored on the User’s device when using the Service. Internet browsers usually accept cookies by default.

7.3. The User may change their browser settings regarding cookies at any time (blocking or deleting some or all cookies). Please note that restricting cookies may affect some functionalities of the Service.

7.4. Detailed information on the cookies used in the Service may be included in a separate [Cookies Policy].

8. Data sharing and transfer outside the EEA

8.1. Users’ data may be shared with:

  • persons authorized by the Controller (e.g., employees, associates) – only when necessary to achieve the purposes described in this Policy,
  • entities processing the data on our behalf (e.g., hosting companies, IT service providers, marketing agencies) – only under data processing agreements concluded with them, and in compliance with applicable regulations,
  • public authorities – when required by applicable law.

8.2. As a rule, we do not transfer Users’ data outside the European Economic Area (EEA). However, if such a transfer becomes necessary (e.g., when using technology providers located outside the EEA), we will ensure an appropriate level of data protection, for example, on the basis of the EU’s standard contractual clauses.

8.3. The Controller does not transfer data to any international organizations.

8.4. Data may be subject to profiling for statistical or marketing purposes, in accordance with Article 4(4) GDPR, if the User has given consent or if there is another legal basis for such processing.


9. Security measures

9.1. Users’ personal data are stored in a suitably protected database, to which only persons authorized by the Controller have access. The Controller applies technical and organizational measures in compliance with applicable regulations to ensure data protection against unauthorized disclosure, destruction, or modification.

10. Changes to the Privacy Policy

10.1. The Policy is subject to ongoing verification and updated when necessary. Changes may be made due to technological developments, legal changes, or alterations in the ways we conduct our business.

10.2. We will inform Users of any significant changes to the Policy by an appropriate notice in the Service or – if the User has consented – via email.

11. Contact with the controller

11.1. Any questions, requests, or concerns regarding this Policy or the processing of personal data should be directed to the following email address: [email].