PRIVACY AND COOKIES POLICY
I GENERAL PROVISIONS:
- The controller of the personal data collected via the website is the company Thermoplast Permanent Development S.A., based in Libiąż, ul. Wilcza 3, 32-590 Libiąż, registered with the National Court Register (KRS) under KRS No. 0000870222, Tax ID: 6282281779, Enterprise ID (REGON): 387822475, email: email@example.com, hereinafter “the Controller” who is also the Service Provider. place of business: Wilcza 3, 32-590 Libiąż, address for service: Wilcza 3, 32-590 Libiąż, Tax ID: 6280001468, Enterprise ID (REGON): 001397229, e-mail address: firstname.lastname@example.org, hereinafter referred to as “the Controller”.
- The personal data collected by the Controller through the website is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the GDPR and the Data Protection Act of 10 May 2018.
II TYPE OF PERSONAL DATA PROCESSED, PURPOSE AND SCOPE OF DATA COLLECTION
PURPOSE OF PROCESSING AND LEGAL BASIS.
The Controller processes personal data through the website in the event of:
- the user’s use of the contact form. In that case, the personal data is processed pursuant to Article 6(1)(a) based on the user’s consent and Article 6(1)(f) of the GDPR as a legitimate interest of the Controller in order to possibly assert or defend against such claims,
- subscription by the user to the Newsletter for the purpose of sending commercial information by e-mail. In that case, the personal data is processed upon separate consent, on the basis of Article 6(1)(a) of the GDPR
- to present an offer, to enable orders to be placed and fulfilled and to conclude contracts for the sale of products offered by the company (based on Article 6(1)(b) of the GDPR),
TYPE OF PERSONAL DATA PROCESSED.
The Controller processes the following categories of the user’s personal data:
- First and last name,
- Address (of residence),
- E-mail address,
- Phone number
III ARCHIVING PERIOD FOR PERSONAL DATA.
- The user’s personal data is stored by the Controller:
- where the processing is based on the performance of a contract, for as long as is necessary for the performance of the contract and thereafter for a period corresponding to the period of limitation of claims. Unless otherwise provided by a specific provision, the limitation period is six years, and three years for claims for periodic benefits and claims relating to the conduct of business.
- where processing is based on consent, for as long as the consent is not revoked and, after revocation of the consent, for a period of time corresponding to the period of limitation of claims that the Controller may assert and that may be asserted against him. Unless otherwise provided by a specific provision, the limitation period is six years, and three years for claims for periodic benefits and claims relating to the conduct of business.
- when using the website, additional information may be collected, in particular: the IP address assigned to the user’s computer or the external IP address of the user’s Internet provider, domain name, browser type, access time, operating system type.
- Navigation data may also be collected from users, including information about the links and references they choose to click on or other actions they take on the website. The legal basis for such activities is the Controller’s legitimate interest (Article 6(1)(f) of the GDPR) in facilitating the use of electronically provided services and improving the functionality of these services.
- The provision of personal data by the user is voluntary.
- The personal data will also be processed by automated means in the form of profiling, provided that the user have given their consent on the basis of Article 6(1)(a) of the GDPR. The consequence of profiling will be the assignment of a profile to a person in order to make decisions concerning them or to analyse or predict their preferences, behaviour and attitudes.
- The Controller shall take special care to protect the interests of the data subjects and, in particular, shall ensure that the data it collects are:
- processed in accordance with the law,
- collected for specified, legitimate purposes and not subjected to further processing incompatible with those purposes,
- substantially correct and adequate in relation to the purposes for which they are processed and kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing.
IV DISCLOSURE OF PERSONAL DATA
- Users’ personal data is passed on to the service providers used by the Controller to operate the website. Service providers to whom personal data is transferred, depending on the contractual arrangements and circumstances, are either subject to the instructions of the Controller as to the purposes and means of processing such data (processors) or determine the purposes and means of processing themselves (controllers).
- Users’ personal data is stored exclusively in the European Economic Area (EEA).
V THE RIGHT TO CONTROL, ACCESS AND CORRECT THEIR OWN DATA
- The data subject has the right of access to the content of their personal data and the right to rectification, erasure, restriction of processing, the right to data portability, the right to object, the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of consent before its withdrawal.
- Legal basis of the user’s request:
- Access to data – Article 15 of the GDPR
- Rectification of data – Article 16 of the GDPR.
- Deletion of data (the so-called right to be forgotten) – Article 17 of the GDPR.
- Restriction of processing – Article 18 of the GDPR.
- Data portability – Article 20 of the GDPR.
- Objection – Article 21 of the GDPR.
- Withdrawal of consent – Article 7(3) of the GDPR.
- In order to exercise the rights referred to in point 2, the user can send a relevant e-mail message to: email@example.com.
- In the event a user asserts one of the rights under the above rights, the Controller shall either comply with the request or refuse to comply with the request immediately, but no later than one month after receiving the request. However, if – due to the complexity of the request or the number of requests – the Controller is unable to comply with the request within one month, it shall comply with the request within a further two months by informing the user in advance – within one month of receipt of the request – of the intended extension and the reasons for it.
- If it is established that the processing of personal data violates the provisions of the GDPR, the data subject has the right to lodge a complaint with the President of the Data Protection Authority.
- The Controller’s website uses “cookies”.
- The installation of cookies is necessary for the correct provision of services on the website. Cookies contain the information necessary for the proper functioning of the website and also provide the possibility of compiling general statistics on website visits.
- The following types of “cookies” are used within the website: session cookies.
- “Session cookies” are temporary files that are stored on the user’s terminal equipment until the user logs out (leaves the website).
- The Controller uses its own cookies to understand better how the user interacts with the content of the website. The cookies collect information about the user’s use of the website, the type of website from which the user was redirected and the number of visits and the length of time the user visited the website. This information does not record the user’s specific personal data, but is used to compile statistics on the use of the website.
- The user has the right to decide on the access of cookies to their computer by selecting them in advance in their browser window. Detailed information on the possibility and method of enabling cookies are available in the software (web browser) settings.
VII FINAL PROVISIONS
- The Controller shall apply technical and organisational measures to ensure the protection of the processed personal data appropriate to the risks and categories of data protected, and in particular to protect the data against them being accessed by unauthorised persons, against them being taken by an unauthorised person, against them being processed in violation of the applicable regulations, and against their alteration, loss, damage or destruction.
- The Controller shall make available appropriate technical measures to prevent the acquisition and modification by unauthorised persons, of personal data sent electronically.