Types of personal data collected by the personal data administrator

In accordance with this Privacy policy, the personal data administrator may collect the following personal data:

• your basic personal data, needed to deliver products and issue invoices (name and surname, address);
• your contact information and information about your communication with us (email address, telephone number);
• data about your use of our website (dates and times of website visits, pages or URLs visited, time spent on each page, number of pages visited, total time spent visiting the website, etc.);
• data from completed inquiry forms on our website (name, surname, email address);
• data provided when registering for e-news (name, surname, e-mail address);
• other data that the user voluntarily provides to the personal data administrator.

Legal basis for processing personal data

The personal data administrator collects and processes your personal data on the following legal bases:

• processing based on law,
• processing on the basis of a contract,
• processing based on the individual’s consent,
• processing based on legitimate interest.

Processing based on the law

We process your personal data when such processing is required by law (e.g. tax legislation mandates the retention of issued invoices). We process this personal data in accordance with the requirements of the law.

Processing on the basis of a contract

We process your data when it is necessary to conclude a contract and perform contractual obligations. The transmission of personal data is voluntary in this case. If the individual does not provide personal data, the company cannot conclude a contract with him and cannot perform the service or deliver goods or other products in accordance with the concluded contract, as it does not have the necessary data for implementation.

Processing based on individual consent

We process your data when you give us your explicit consent. Typical examples are: signing up for e-newsletters, sending inquiries via online forms, participating in a prize game, etc. If an individual gives his consent to the processing of personal data and at some point no longer wants it, he can revoke it at any time.

Processing based on legitimate interest

The personal data administrator’s legitimate interest may be a permissible basis for the processing of personal data, except when such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data refer. The basis arising from legitimate interests is often implemented without the active influence of individuals on the processing itself.

Storage time of personal data

The storage time of your personal data is conditioned by legal requirements and the purpose of data collection and storage. We will keep your personal data for the time specified by the GDPR regulations or for as long as it is necessary to achieve the purpose for which certain personal data were obtained.

After the retention period has expired, the personal data administrator effectively and permanently deletes or anonymizes the personal data so that they can no longer be linked to a specific individual.

Transfer of personal data to third parties

As a user of our website, you are aware and agree that the personal data administrator may entrust the collected personal data to authorized third parties (contractual processors). Contractual processors may process confidential data exclusively on behalf of the personal data administrator and in accordance with the purposes defined in this Privacy policy.

The contractual processors with whom the personal data manager cooperates are:

• maintainers of IT systems,
• website maintainers,
• email providers,
• online advertising solution providers,
• accounting service providers.

The personal data administrator will not forward your personal data to unauthorized third parties.

Security and protection of personal data

The personal data administrator makes great efforts to ensure the security of your personal data by means of organizational and technical measures such as:

• protection of information systems with anti-virus programs and a firewall;
• employee education;
• careful selection and control of contract processors;
• preventing access to personal data by unauthorized persons;
• backup of electronically stored data;
• regular maintenance and updating of computer equipment;
• providing an effective way to block, destroy, delete or anonymize personal data;
• adoption of relevant internal regulations and instructions on the protection of personal data;
• etc.

With the mentioned measures, we try to protect the obtained personal data against loss, destruction, falsification, manipulation and unauthorized access or unauthorized discovery. Nevertheless, we must not forget that no form of data transmission over the Internet and no method of electronic storage is 100% secure. As a result, we cannot guarantee the complete security of your personal data.

Your rights

In accordance with the GDPR, you have the right to:

• access to your personal data,
• changes to your personal data,
• deletion of your personal data,
• transmission of your personal data,
• limit the processing of your personal data,
• withdrawal of consent to the processing of your personal data.

If you wish to exercise any of your rights, please contact our authorized person for data protection previously listed in this Privacy policy.