Политика конфиденциальности
General information
Company PESMENPOL Sp. z o.o. with its registered office in Myslenice, with the address at 12 Drogowcow Street, 32-400 Myslenice, Poland, entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for Krakow-Srodmiescie in Krakow, 12th Commercial Division of the National Court Register under the KRS number 0000438686, with the Tax Identification Number PL 6812054822 (hereinafter referred to as the Administrator), is the administrator of personal data processed as part of:
- presentation of the Administrator’s offer, also as part of the online catalog available on the website at www.pesmenpol.pl, and its versions in English – www.pesmenpol.com – and Russian – www.pesmenpol.ru (hereinafter referred to as the Website);
- implementation of the order procedure and further correspondence with buyers, in particular related to the enforcement by the above-mentioned rights due to them against the Administrator;
- marketing activities undertaken by the Administrator.
The Administrator processes personal data entrusted by data subjects (hereinafter referred to as the Customer) on the terms specified in the following tables, relating to individual categories of personal data:
Data categories | Data processed as part of inquiries and placed orders. |
Type of data | Contact details, including address details, and registration details (company registration numbers) of the Customer and/or persons authorized to represent him, necessary to send the order, inform the Customer about the shipment status and issue relevant accounting documents. |
Purpose of processing | Fulfillment of the order and related obligations incumbent on the Administrator in accordance with generally applicable law, informing the Customer about the status of delivery and/or assembly, recording concluded and implemented contracts for accounting purposes and protection against possible claims. |
Legal basis | art. 6 sec. 1 letter b and c of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as GPRD). |
Processing period | Personal data will be processed for the purpose of order fulfillment. Then, the processing of the above-mentioned data will be limited to their archiving by the Administrator until the above-mentioned usefulness is lost, and/or an appropriate request or objection is received from the data subject. |
Data categories | Data processed in connection with the creation of an account on the Website (hereinafter referred to as the Account). |
Type of data | Contact details, including address details, necessary to maintain the Account. |
Purpose of processing | Maintaining the Customer’s account. |
Legal basis | art. 6 sec. 1 letter a of GDPR. |
Processing period | Personal data will be processed for the period of maintaining the Customer’s account. After the end of its maintenance, data not directly related to the orders placed by the Customer will be permanently deleted. |
Data categories | Data processed in connection with an inquiry, request or demand sent by traditional mail (post), telephone or e-mail. |
Type of data | Contact details, depending on the form of the inquiry sent. |
Purpose of processing | Responding to the inquiry sent, fulfilling the Administrator’s obligations related to the request and/or demand, archiving correspondence. |
Legal basis | art. 6 sec. 1 letter b of GDPR. |
Processing period | The data will be processed for the duration of the correspondence. Then, the processing of the above-mentioned data will be limited to their archiving by the Administrator until the above-mentioned usefulness is lost, and/or an appropriate request or objection is received from the data subject. |
Data categories | Data processed as part of the newsletter. |
Type of data | E-mail address. |
Purpose of processing | Sending the newsletter, containing, inter alia, information about the Administrator’s offers and promotions, thus constituting the so-called commercial information. |
Legal basis | art. 6 sec. 1 letter a of GDPR. |
Processing period | Personal data will be processed for the period of using the newsletter functionality by the Customer. After withdrawing the consent to receive the above-mentioned or submitting an appropriate request by the Customer, the data will be immediately permanently deleted. |
Data processed by the Administrator
The Administrator is the administrator of personal data entrusted by the data subjects. Entrusting personal data is not mandatory, however, it is necessary to use the above-mentioned services included in the Administrator’s offer.
Entrusting personal data is tantamount to a declaration by the entrusting person that the above-mentioned data concerns him.
The method of processing personal data
The Administrator undertakes to process all entrusted personal data in accordance with the adopted rules, guidelines and technical measures aimed at ensuring the security of the above-mentioned data. All persons authorized by the Administrator to access the processed personal data are obliged to comply with the above regulations, as well as to maintain absolute confidentiality of both the content of the processed data and information on measures to ensure their security.
The Administrator reserves the right to transfer personal data to third parties – providers of services used for business purposes (e-mail providers, software used to service clients or servers). These entities are entrusted by the Administrator with the minimum scope necessary to provide a specific service, and the providers of the above-mentioned services are obliged to comply with the rules and guidelines ensuring the security of personal data processing.
In addition, the Administrator declares that the entrusted personal data may be transferred to third countries outside the European Economic Area. Nowadays, many entities – even located in the territory of the European Union – have server databases all over the world, including countries with legal systems providing for a narrower scope of personal data protection – which in itself may result in a greater probability of breaching their security.
By concluding contracts with entities processing personal data outside the European Economic Area, the Administrator aims to provide them with the widest possible protection, entrusting data to contractors who have the Privacy Shield certificate or use model contractual clauses.
At the same time, the Administrator does not sell or share the entrusted data to any other entities. The processing of data entrusted by the Administrator to third parties is aimed only at the efficient functioning of the processes necessary as part of the business activity.
Commercial information
Simultaneously with the consent to the processing of personal data, the user may consent to receive commercial information within the meaning of the Act of 18 July 2002 on the provision of electronic services, sent by the Administrator.
Rights of the data subject
The person whose personal data is processed by the Administrator may request:
1. confirmation of the processing of their personal data by the Administrator along with the information indicated in art. 15 sec. 1 GDPR, also contained in this document. At the same time, this person has the right to request a copy of his personal data, which is processed by the Administrator;
2. promptly rectify his personal data or supplement incomplete data, if the data processed by the Administrator is inconsistent with their actual shape or incomplete in relation to the above-mentioned;
3. deletion of data processed by the Administrator in a situation where:
a. the data are no longer necessary for the purposes underlying their processing;
b. the consent constituting the basis for the processing of personal data has been withdrawn by an individual;
c. a reasoned objection has been raised, as set out below in this policy;
d. the personal data was processed by the Administrator unlawfully;
e. the obligation to delete personal data results from the provisions of Community or national law;
f. consent to the processing of personal data was granted by a minor, younger than 16 years of age.
If the data is made public, in the situation referred to above, the data subject may also demand that the Administrator take reasonable actions (taking into account the costs and available technology) to notify other administrators processing a copy or replication of data about a request to delete data (the so-called right to be forgotten);
4. limitations of data processed by the Administrator in a situation where:
a. the person questions the correctness of the data in the manner specified in point 2 above, or against the objection referred to in the further part of this privacy policy – for a period allowing the Administrator to verify the correctness of the data processed or to recognize the legitimacy of the objection;
b. in a situation where, despite the contradiction of data processing with the law, the data subject, instead of deleting data, only wants to limit their scope in the Administrator’s collection;
c. the need to process personal data by the Administrator has ceased to exist, however, the data subject needs their further processing for the purpose of establishing, investigating or defending their claims;
During the period of limiting the processing of personal data, the Administrator is entitled to store data, and their processing is possible only with the consent of the data subject, or to establish, assert or defend claims, or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
5. providing the data subject with the personal data that he provided to the Administrator, in a structured, commonly used, machine-readable format. The data may be provided to the above-mentioned person and – if technically possible – transferred directly to the administrator indicated by the data subject.
The refusal to comply with the above-mentioned requests by the Administrator must be justified by the provisions of generally applicable law, in particular in the GDPR.
For the avoidance of doubt, it should be emphasized that each person who has consented to the processing of his data is entitled to limit and/or withdraw consent to the above-mentioned and to oblige the Administrator to delete the personal data being processed.
The data subject may exercise the above-mentioned rights by:
a. sending a relevant request to the Administrator’s e-mail address – rodo@pesmenpol.pl;
b. sending a relevant request to the Administrator’s address – PESMENPOL Sp. z o.o., ul. Drogowcow 12, 32-400 Myslenice, Poland.
Objection
In addition to the rights discussed in the previous paragraphs, the data subject has the right to object to the processing of his personal data:
1. implemented as part of:
a. actions necessary to perform a task carried out in the public interest or as part of the exercise of public authority entrusted to the Administrator, i.e. pursuant to art. 6 sec. 1 letter e of the GDPR, or
b. protection of legitimate interests in a situation where the interests or fundamental rights and freedoms of the data subject do not override the above-mentioned interests, i.e. pursuant to art. 6 sec. 1 letter f of GDPR, or
2. carried out in an automated manner (as part of the so-called profiling), or
3. carried out for the purpose of direct marketing.
In the event of an objection, the Administrator will immediately limit the processing of personal data on the terms set out in the previous chapter. Then, if the objection is justified, the personal data will be deleted by the Administrator, unless there are valid, legitimate grounds for further processing for purposes other than marketing, overriding the interests, rights and freedoms of the data subject or the data constitute the basis for establishing, investigating or defending claims. In the event of an objection to the processing of data for direct marketing purposes, the Administrator will cease to process this data for the above-mentioned purpose.
The data subject may submit an objection by:
a. sending a relevant request to the Administrator’s e-mail address – rodo@pesmenpol.pl;
b. sending a relevant request to the Administrator’s address – PESMENPOL Sp. z o.o., ul. Drogowcow 12, 32-400 Myslenice, Poland.
Contact regarding data processing and the Supervisory Authority
The Administrator’s employees and associates are at your disposal for any questions or doubts related to the processing of personal data. Contact with them is possible via e-mail sent to the address rodo@pesmenpol.pl as well as via traditional mail sent to the Administrator’s address – PESMENPOL Sp. z o. o., ul. Drogowcow 12, 32-400 Myslenice, Poland.
The data subjects are also entitled to lodge a complaint with the locally competent Supervisory Authority, i.e. the President of the Personal Data Protection Office at the address: ul. Stawki 2, Warsaw 00-193.
Cookies
In addition to personal data, the Administrator processes a number of data in the form of the so-called cookies – to determine the parameters of visits to the Website and its individual subpages, to determine the general, geographic location of the device used by the Customer, to enable the storage of queries saved by the Customer on the Website with the use of the cart functionality, to prepare anonymous analyzes, research and statistics. The administrator stipulates that due to the scope of the collected cookies and the possibility of their use, they do not constitute personal data.
Cookies are short text and numeric information saved on the device through which the individual uses the Website. They allow for the subsequent identification of the device used by the Customer in the event of further visits to the Website. Saving the above-mentioned files on the Customer’s device does not cause any configuration changes in both the device and its software.
The Administrator would like to emphasize that the Customer may at any time independently prevent him from saving cookies on the device. Access the above-mentioned files to the device and permanent deletion of files already saved is possible by making appropriate modifications to the settings of the web browser used.
Final provisions
In matters not covered by this privacy policy, the provisions of generally applicable law, in particular the GDPR, shall apply.