Privacy Policy
§ 1 Type of data processed, purposes, and legal basis
1. The Administrator collects information about individuals who perform legal acts not directly related to their business activities, individuals who conduct business or professional activities on their own behalf, and individuals representing legal entities or organizational units that are not legal entities, to which the law grants legal capacity, conducting business or professional activities on their own behalf, hereinafter collectively referred to as Customers. 2. The Administrator processes the personal data of Customers within the scope of using the contact form service on the Website for the purposes necessary to perform a contract or take steps prior to entering into a contract – the basis for processing is Article 6, paragraph 1, letter a of the GDPR. b GDPR 3. When using the contact form service, the Client provides the following data:- email address
- name
- telephone number
§ 2 Data Recipients
1. The Customer’s personal data is transferred to service providers used by the Controller to operate the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, are either subject to the Controller’s instructions regarding the purposes and methods of processing such data (processors) or independently determine the purposes and methods of processing (controllers).- 1.1. Processors The Controller uses providers who process personal data only on the Controller’s instructions. These include, among others, Providers providing hosting services, accounting services, marketing systems, Website traffic analysis systems, and marketing campaign effectiveness analysis systems.
- 1.2. Controllers. The Controller uses providers who do not act solely on instructions and independently determine the purposes and methods of using Customers’ personal data. They provide electronic payment and banking services.
§ 3 Data Retention Period
1. Customers’ personal data are stored:- 1.1. If consent is the basis for personal data processing, the Customer’s personal data are processed by the Controller until consent is withdrawn, and after consent is withdrawn, for a period corresponding to the limitation period for claims that may be brought by the Controller and against it. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business, three years.
- 1.2. If the basis for data processing is the performance of a contract, the Customer’s personal data are processed by the Controller for as long as necessary to perform the contract, and after that time, for a period corresponding to the limitation period for claims. Unless a specific provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business, the limitation period is three years.
§ 4 Cookie Mechanism, IP Address
1. The Website uses small files called cookies. They are saved by the Administrator on the end device of the Website visitor, if the web browser allows it. A cookie file typically contains the name of the domain from which it originates, its “expiration time,” and an individual, randomly selected number identifying the file. Information collected using this type of file helps tailor the products offered by the Administrator to the individual preferences and actual needs of Website visitors. 2. The Administrator uses two types of cookies:- 2.1. Session Cookies: After the browser session ends or the computer is turned off, the saved information is deleted from the device’s memory. The session cookie mechanism does not allow for the collection of any personal data or any confidential information from Customers’ computers.
- 2.2. Persistent cookies: are stored in the memory of the Customer’s end device and remain there until they are deleted or expire. The persistent cookie mechanism does not allow for the collection of any personal data or any confidential information from Customers’ computers.
- 3.1. analyses, research, and audience audits, in particular to create anonymous statistics that help understand how Customers use the Website, which allows for the improvement of its structure and content.
- 4.1. presenting a map indicating the location of the Administrator’s office on the Website’s information pages using the maps.google.com website (external cookie administrator: Google Inc., based in the USA).
§ 5 Rights of Data Subjects
Data subjects have the following rights: 1. The right to withdraw consent to data processing at any time:- 1.1. The Client has the right to withdraw any consent they have given.
- 1.2. Withdrawal of consent takes effect from the moment of withdrawal.
- 1.3. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
- 1.4. Withdrawal of consent does not entailThe right to object to data processing:
- 2.1. The Customer has the right to object at any time – for reasons relating to their particular situation – to the processing of their personal data based on Article 6(1)(e) or (f) of the GDPR, including profiling based on these provisions. The Controller is no longer permitted to process these personal data unless they demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or grounds for establishing, exercising, or defending legal claims.
- 2.2. Opting out of receiving marketing communications about products or services via email will constitute the Customer’s objection to the processing of their personal data, including profiling for these purposes.
3. Right to erasure (“right to be forgotten”):
- 3.1. The Customer has the right to request the erasure of all or some of the personal data.
- 3.2. The Customer has the right to request the erasure of the personal data if:
- 3.2.1. The personal data are no longer necessary for the purposes for which they were collected or processed.
- 3.2.2. The Customer has withdrawn specific consent, to the extent that the personal data were processed based on consent.
- 3.2.3. The Customer has objected to the processing under Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the Customer has objected to the processing under Article 21(2) of the GDPR.
- 3.2.4. The personal data are processed unlawfully.
- 3.2.5. Personal data must be erased to comply with a legal obligation under EU or Member State law to which the Controller is subject.
- 3.2.6. Personal data have been collected in connection with the provision of information society services.
- 3.3. Despite a request to erase personal data, in connection with an objection or withdrawal of consent, the Controller may retain certain personal data to the extent that processing is necessary for the establishment, exercise, or defense of legal claims, as well as for compliance with a legal obligation requiring processing under EU or Member State law to which the Controller is subject. This applies in particular to personal data including: first name, last name, email address, which are retained for the purpose of handling complaints and claims related to the use of the Controller’s services, or additionally, residential address/mailing address, order number, which are retained for the purpose of handling complaints and claims related to concluded sales contracts or the provision of services.
- 4.1. The Customer has the right to request the restriction of the processing of their personal data. Submitting a request, until it is considered, prevents the use of certain functionalities or services, the use of which will involve the processing of the data covered by the request. The Controller will also not send any communications, including marketing communications.
- 4.2. The Customer has the right to request the restriction of the use of personal data in the following cases:
- 4.2.1. when the Customer contests the accuracy of their personal data – the Controller will limit their use for the time needed to verify the accuracy of the data, but no longer than 7 days.
- 4.2.2. when the data processing is unlawful, and instead of deleting the data, the Customer requests the restriction of their use.
- 4.2.3. when the personal data are no longer necessary for the purposes for which they were collected or used, but are required by the Customer to establish, pursue, or defend legal claims.
- 4.2.4. when the data subject has objected to the processing of their data – until it is determined whether the legitimate grounds on the part of the controller override the grounds for objection of the data subject.
- 5.1. The Customer has the right to obtain confirmation from the Controller as to whether they are processing personal data, and if so, the Customer has the right to:
- 5.1.1. obtain access to their personal data
- 5.1.2. obtain information on the purposes of processing, the categories of personal data being processed, the recipients or categories of recipients of such data, the planned period of storage of the Customer’s data or the criteria for determining this period (when determining the planned period of data processing is not possible), about the processingThe Customer has the right to lodge a complaint with a supervisory authority, provided that the personal data were not collected from the data subject – all available information about their source, about automated decision-making, including profiling referred to in Article 22(1) and (4) of the GDPR, and – at least in these cases – relevant information about the principles underlying such decision-making, as well as the significance and envisaged consequences of such processing for the data subject, and about the safeguards applied in connection with the transfer of personal data outside the European Union.
- 5.1.3. Obtain a copy of their personal data. The right to obtain a copy must not adversely affect the rights and freedoms of others.
- 6.1. The Customer has the right to request the Controller to immediately rectify any inaccurate personal data concerning them. Taking into account the purposes of processing, the Customer whose data is processed has the right to request the completion of incomplete personal data, including by submitting an additional declaration, by sending a request to the email address specified in §6 of the Privacy Policy.
- 7.1. The Customer has the right to receive their personal data provided to the Controller and then send it to another personal data controller of their choice. The Customer also has the right to request that the personal data be sent by the Controller directly to such controller, if technically feasible. In such a case, the Controller will send the Customer’s personal data in a CSV file, which is a commonly used, machine-readable format that allows the data received to be sent to another personal data controller.
- 8.1. The Customer has the right to lodge a complaint with the President of the Personal Data Protection Office regarding a violation of their personal data protection rights or other rights granted under the GDPR. 9. If the Customer exercises the rights arising from the above rights, the Administrator shall comply with or refuse to comply with the request immediately, but no later than one month after receiving it. However, if – due to the complex nature of the request or the number of requests – the Administrator is unable to comply within one month, the Administrator shall comply within the next two months, informing the Customer within one month of receiving the request of the intended extension and the reasons for it. 10. The Customer may submit complaints, inquiries, and requests to the Administrator regarding the processing of their personal data and the exercise of their rights.