1. Personal data controller

The personal data controller ("Controller") is Grupa Sławomir Chełmiński with its registered office at 83-021 Przejazdowo, ul. Główna 26, Poland, tax identification number (NIP) 9570985581, REGON number 221634966, email address [email protected]

2. Legal basis for data processing

The legal basis for data processing is:

1. consent expressed by the User, or
2. conclusion and execution of an agreement, or
3. fulfillment by the Controller of the obligations under the law, including:
• The Personal Data Protection Act of May 10, 2018,
• Act of July 18, 2002 on the Provision of Electronically Supplied Services,
• Act of July 16, 2004 Telecommunications Law,
• with subsequent amendments to the above laws.

3. Collection and use of data

The provision of personal data is voluntary but necessary to operate the Website. The Controller processes only the data that is needed for the purpose for which it is collected (data minimization). If the User wishes to purchase any products on the Website, they will be asked to provide the company name, tax identification number, company address and the full name of the contact person, their email address and business phone number. This data is processed for the purposes of registering the User in the ordering system, presenting the product offering, handling User inquiries, concluding and implementing the agreement, collecting the User's opinion on the products being offered, handling complaints, and for statistical and archiving purposes. The User may be subject to activities consisting in automated decision-making, including profiling in order to provide services under the concluded agreement and to conduct direct marketing by the Controller. The Controller shall not transfer, sell or grant the collected personal data to other persons or institutions, except to enable the fulfillment of obligations under the law or with the consent of the data subject. The Controller may entrust personal data to other entities for processing under the conditions set out in the applicable law.

4. User rights related to the personal data being processed

The User has the right to:

1. Obtain information on whether the Controller processes the User's personal data, and about the purpose for which it is processed, the categories of User data they retain, the categories of recipients and the planned period of storage of the User's data.
2. Access the data being processed, rectify the data, complete incomplete data or delete the data processed by the Controller.
3. Withdraw, at any time, their consent to the processing of their data by the Controller, provided that the basis for its processing is the consent expressed by the User (data processing will be legal until consent is withdrawn).
4. Request restriction of the personal data being processed, whether for a definite or indefinite period of time, but within a defined scope, which the Controller will be obliged to grant (this request shall not affect actions performed previously).
5. Submit a complaint to the supervisory authority for data protection, i.e. President of the Personal Data Protection Office, should the User find that the processing performed by the Controller violates the GDPR.

5. Information security

The Website is hosted (technically maintained) on a server provided by dhosting. The Controller accepts full responsibility for the security of the User's data being processed. The points of logging in and entering personal data are protected in the transmission layer (SSL certificate). This enables encryption on the User's computer of the personal data and login details entered on the Website. This data can only be read on the destination server. User passwords are stored hashed. The hashing function works in one direction and cannot be reversed, which is the modern standard for storing user passwords. The Controller periodically changes their administrative passwords. To protect the data, the Operator regularly makes backup copies. An important element of data protection is the regular update of all software used by the Operator for the processing of personal data, which in particular means regular updates of programming components. It is ensured that the User's data is processed only by authorized persons and entities.

6. Data retention periods

The Data Controller shall process and store the User's data for the shortest time possible. On a case-by-case basis, the data retention periods are as follows:

1. If the User has consented to the processing of data for a specific purpose, the data will be kept until the User withdraws their consent or the purpose disappears.
2. Data obtained by concluding an agreement with the User will be retained for the duration of the agreement and the expiration period of any claims plus one year.
3. Data processed as part of the implementation of a legally justified marketing interest will be kept as long as this interest lasts or until the User raises an objection.
4. Data processed in order to meet the Controller's obligations under the applicable law will be retained for as long as such legislation requires.

7. Collecting data using cookies

The Website uses cookies. Cookies are IT data, in particular text files, which are stored on the Website User's end device and are intended for the use of the Website's pages. Cookies usually contain the name of their source website, their lifetime on the end device, and a unique number. Cookies and similar technologies are used by the Controller to store or access information on the device on which the User visits the Website. Cookies enable the Controller to adapt websites to individual preferences, as well as to profile and monitor the User's activity on the Website. They are also used to generate anonymous statistics that help to understand how the User uses websites, which allows their structure and content to be improved. Cookies are not used to process or store personal data. The cookies used on the Website are safe for the User's devices, free from viruses or unwanted software. By default, the software used for browsing websites allows cookies to be placed on the end device. However, the web browser's settings can be changed to block the automatic use of cookies or to inform the User each time they are sent to the User's device. Information on the possibilities and ways of using cookies is available in the software (web browser) settings. Should the User consent for the settings of the software used to enable the use of cookies, this is equivalent to accepting the use of cookies and similar technologies by the Controller in order to collect and store information on the User's device.

8. Newsletter subscription

1. The newsletter is a free subscription service for Users who wish to be informed about the Controller's products and activities. This is done by the Controller periodically sending emails with selected content to the User's email address.
2. To subscribe the newsletter, the User must select the appropriate box on the Controller's Website to indicate their consent to receiving the free newsletter, and enter their email address. The User agrees to receive marketing materials sent electronically, in accordance with the Act of July 18, 2002 on the Provision of Electronic Services. The data obtained in this way is added to the mailing list and used only for sending new newsletters.
3. The User may unsubscribe from the newsletter service at any time by checking/unchecking the appropriate box on the Controller's Website, which means withdrawing consent to receiving the free newsletter.

9. Links to third-party websites

The Website may contain links to other websites. The Controller is not responsible for the information contained on these websites or their privacy policies. The User should be aware that these websites are separate from www.innovation-energy.co, and personally verify their privacy policy whenever visiting such websites by using a link.

10. Summary

The Controller may make changes to this Privacy Policy at any time. A new Privacy Policy becomes binding each time it is published on the www.innovation-energy.co website, and applies to any data collected and stored resulting from the User's activity after the updated version is posted.