1. Personal data controller
The personal data controller ("Controller") is Grupa Sławomir Chełmiński with its registered office at 83-021 Przejazdowo, ul. Główna 26, Poland, tax identification number (NIP) 9570985581, REGON number 221634966, email address [email protected]
2. Legal basis for data processing
The legal basis for data processing is:
- consent expressed by the User, or
- conclusion and execution of an agreement, or
- fulfillment by the Controller of the obligations under the law, including:
- The Personal Data Protection Act of May 10, 2018,
- Act of July 18, 2002 on the Provision of Electronically Supplied Services,
- Act of July 16, 2004 Telecommunications Law,
- with subsequent amendments to the above laws.
3. Collection and use of data
The provision of personal data is voluntary but necessary to operate the Website. The Controller processes only the data that is needed for the purpose for which it is collected (data minimization). If the User wishes to purchase any products on the Website, they will be asked to provide the company name, tax identification number, company address and the full name of the contact person, their email address and business phone number. This data is processed for the purposes of registering the User in the ordering system, presenting the product offering, handling User inquiries, concluding and implementing the agreement, collecting the User's opinion on the products being offered, handling complaints, and for statistical and archiving purposes. The User may be subject to activities consisting in automated decision-making, including profiling in order to provide services under the concluded agreement and to conduct direct marketing by the Controller. The Controller shall not transfer, sell or grant the collected personal data to other persons or institutions, except to enable the fulfillment of obligations under the law or with the consent of the data subject. The Controller may entrust personal data to other entities for processing under the conditions set out in the applicable law.
4. User rights related to the personal data being processed
The User has the right to:
- Obtain information on whether the Controller processes the User's personal data, and about the purpose for which it is processed, the categories of User data they retain, the categories of recipients and the planned period of storage of the User's data.
- Access the data being processed, rectify the data, complete incomplete data or delete the data processed by the Controller.
- Withdraw, at any time, their consent to the processing of their data by the Controller, provided that the basis for its processing is the consent expressed by the User (data processing will be legal until consent is withdrawn).
- Request restriction of the personal data being processed, whether for a definite or indefinite period of time, but within a defined scope, which the Controller will be obliged to grant (this request shall not affect actions performed previously).
- Submit a complaint to the supervisory authority for data protection, i.e. President of the Personal Data Protection Office, should the User find that the processing performed by the Controller violates the GDPR.
5. Information security
The Website is hosted (technically maintained) on a server provided by dhosting. The Controller accepts full responsibility for the security of the User's data being processed. The points of logging in and entering personal data are protected in the transmission layer (SSL certificate). This enables encryption on the User's computer of the personal data and login details entered on the Website. This data can only be read on the destination server. User passwords are stored hashed. The hashing function works in one direction and cannot be reversed, which is the modern standard for storing user passwords. The Controller periodically changes their administrative passwords. To protect the data, the Operator regularly makes backup copies. An important element of data protection is the regular update of all software used by the Operator for the processing of personal data, which in particular means regular updates of programming components. It is ensured that the User's data is processed only by authorized persons and entities.
6. Data retention periods
The Data Controller shall process and store the User's data for the shortest time possible. On a case-by-case basis, the data retention periods are as follows:
- If the User has consented to the processing of data for a specific purpose, the data will be kept until the User withdraws their consent or the purpose disappears.
- Data obtained by concluding an agreement with the User will be retained for the duration of the agreement and the expiration period of any claims plus one year.
- Data processed as part of the implementation of a legally justified marketing interest will be kept as long as this interest lasts or until the User raises an objection.
- Data processed in order to meet the Controller's obligations under the applicable law will be retained for as long as such legislation requires.
7. Collecting data using cookies
8. Newsletter subscription
- The newsletter is a free subscription service for Users who wish to be informed about the Controller's products and activities. This is done by the Controller periodically sending emails with selected content to the User's email address.
- To subscribe the newsletter, the User must select the appropriate box on the Controller's Website to indicate their consent to receiving the free newsletter, and enter their email address. The User agrees to receive marketing materials sent electronically, in accordance with the Act of July 18, 2002 on the Provision of Electronic Services. The data obtained in this way is added to the mailing list and used only for sending new newsletters.
- The User may unsubscribe from the newsletter service at any time by checking/unchecking the appropriate box on the Controller's Website, which means withdrawing consent to receiving the free newsletter.
9. Links to third-party websites