Providing data other than those defined by the Data Controller or data marked as optional constitutes an express action and means that you consent to the processing of personal data for purposes for which they have been provided.
Legal basis:
to perform the agreement with the Client (Article 6, paragraph 1(b) of the GDPR – if you are a Client; Article 6, paragraph 1(f) of the GDPR – if you cooperate with the Data Controller on behalf of the Client);
to comply with legal obligations (Article 6, paragraph 1(c) of the GDPR);
for legitimate interests of the Data Controller (Article 6, paragraph 1(f) of the GDPR);
The data which are not required in the light the legal bases above are processed by the Data Controller based on the consent, provided that such previous consents have been given (Article 6, paragraph 1(a) or Article 9, paragraph 2(a) of the GDPR).
Data are processed for the term of the agreement with the Client.
The Data Controller may store data for the time required under the law, in particular under accounting regulations, and, if justified, until the limitations for claims arising from the agreement with the Client have expired, whichever is longer.
The Data Controller obtains personal data from you or from the Client – for the person which cooperates with the Data Controller on behalf of the Client.
The Data Controller collects personal data to the extent necessary to establish cooperation and perform the agreement, and in particular: first and last name, postal address, e-mail address, telephone number, order data and invoice data. If the agreement is made in writing, the Data Controller will also process the personal ID number (PESEL) and the tax identification number (NIP).
For the processing of on-line transaction the data may include login, password, as well as purchase and activity history.
Providing data other than those indicated by the Data Controller or data marked as optional constitutes an express action and shall mean the consent to the processing of personal data for purposes for which they have been provided.
to perform the agreement with the Contracting Party (Article 6, paragraph 1(b) of the GDPR – if you are the Contracting Party; Article 6, paragraph 1(f) of the GDPR – if you cooperate with the Data Controller on behalf of the Contracting Party);
The Data Controller may store data for the time required under the law, in particular under accounting regulations, and, if justified, until the limitations for claims arising from the agreement with the Contracting Party have expired, whichever is longer.
Data are processed until the consent is withdrawn or an objection is made.
After the consent has been withdrawn or an objection has been made, personal data may be stored for the purpose of demonstrating that the Data Controller has duly complied with their respective legal obligations, and for determining any related claims.
If the data have not been obtained directly from the data subject they are sourced from the party-holder of the data subject’s consent to making the data available to the Data Controller, or under another valid legal basis.
Such personal data include any items required to conduct specific types of marketing activities (including first and last name, e-mail address, telephone number and/or correspondence address).
In general, the storage period of data included in the correspondence will depend on the purpose of data processing covered by a specific piece of correspondence.
As a rule, specific data from the correspondence are kept for storage times defined in the provisions of law, and if no storage times have been defined for specific documents, they are kept for the time compatible with the Data Controller’s legitimate interest, i.e. the time available to seek claims, if any.
In general, the Data Controller will process data provided directly by the data subject.
We process data in order to manage social media accounts, in particular to receive notifications, communicate with users of promotions concerning the Data Controller’s brand and their products, to moderate fora, comply with legal obligations, determine claims and keep statistics.
After the consent has been withdrawn or an objection has been made, personal data may be stored for the purpose of demonstrating that the Data Controller has duly complied with their respective legal obligations, and for determining any related claims, or if justified, until the limitations for claims have expired, whichever is longer.
If personal data have been obtained from persons other than the data subject, such data are sourced from the person who provided them in the notification.
The Data Controller collects data to the extent necessary to process the notification, and in particular: first and last name, e-mail address, telephone number, correspondence address, circumstances covered by the notification, bank account number (for reimbursements, if any).
Personal data will be stored for 2 years from the expiry of the warranty period or the complaint settlement deadline, and if they are processed to determine, seek or defend claims – until the expiry of their limitation period or the definitive closure of court or enforcement proceedings.
The Data Controller collects personal data to the extent necessary to process the notification, and in particular: first and last name, e-mail address, telephone number, correspondence address, circumstances covered by the notification, bank account number (for reimbursements, if any).
Personal data are processed until the consent is withdrawn or the objection is made; after the consent has been withdrawn or the objection has been made, personal data may be stored for the purpose of demonstrating that the Data Controller has duly complied with their respective obligations and related claims, or, if justified, until the expiry of the limitation period for claims , whichever is longer.
With regard to the processing of personal data based on the agreement concluded with the Data Controller, personal data will be stored for the term of the agreement or until the claims under the agreement made with the Data Controller have expired.
If personal data have been obtained from persons other than the data subject, such data are sourced from the person who had a relevant legal basis, including the consent to making the data available to the Data Controller.
The Data Controller collects personal data to the extent necessary to manage a specific marketing communication channel, and in particular: first and last name, , e-mail address, telephone number, correspondence address.
The Data Controller will process personal data for the time necessary to achieve the purpose for which such data have been collected, to enable the organization of the event, and until event-related claims, if any, have expired.
The Data Controller will process data provided by event participants.
The Data Controller will process data for the time necessary to achieve the purpose for which such data have been collected, to enable the participation in the loyalty program, and until related claims, if any, have expired.
The Data Controller will process data provided by users of loyalty programs.
The Data Controller will process data for the period necessary to achieve the purpose for which they have been collected, i.e. to organize the competition, and until the expiry of the of limitation period for competition-related claims, if any.
The Data Controller will process data provided by competition participants.
Personal data will be stored for the time of the legal basis under which the image is disseminated, and if an agreement has been made between the Data Controller and the relevant party, until the expiry of the limitation period for claims arising under such agreement between the Data Controller and that party.
If the data subject has not provided the data directly to the Data Controller, the Data Controller will source them from the author of the promotional material or the party entitled because of the material production. In most cases such personal data relate to the image.
The CCTV personal data will be stored from the date of their recording by means of the CCTV system or until you make a reasoned objection. After you have made the objection, the Data Controller may process your personal data to determine, seek or defend claims, in particular when recordings constitute evidence in court or administrative proceedings, and in the latter case your data may be processed until the definitive closure of such proceedings.
In general, the Data Controller will process data which you have provided. If you have not provided your data to the Data Controller, they are sourced from the person who reported your visit to the Data Controller.
Websites will automatically collect solely the information from cookies. The Data Controller hereby informs that cookie files (so-called “cookies”) are to be understood as IT data, in particular text files, which are stored in the terminal device of the Website User. Cookies usually contain the name of their source Website, the information about their storage time on the terminal device and a unique number.
Cookies are used to:
Google Analytics, Google Optimize and Google Tag Manager
Websites use Google Analytics, an on-line analytics service provided by Google Ireland Limited (“Google”). Google Analytics uses cookies. Information on how you use the Website, as generated by cookies, is usually sent to a Google server in the U.S for further storage. However, due to the activation of IP anonymization on such Websites, beforehand Google will shorten the User’s IP address in the European Union Member States or in other countries-parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. to be shortened there. On behalf of the Website Administrator, Google will use these details to assess how the User navigates through the Website, to produce reports on the Website traffic rates and to provide other services in connection with Website traffic and Internet use for the Data Controller. The IP address made available by Google Analytics will not be combined with other data in Google’s possession.
The Data Controller processes data in order to assess how Websites are used, and to produce reports on Website traffic types. Based on your use of Websites and the Internet, you will be provided with other related services. The processing is based on the legitimate interest of the Website Administrator.
Google Analytics collects data on IP addresses, network location, date of visit, operating system and browser type. You can prevent the storage of cookies by using the appropriate settings in your Internet browser software; please note, however, that if you decide to do so, you may not be able to use Website functions in full and to their widest possible extent.
In addition, you can prevent Google from collecting any data generated by cookies and data on the Website use (including IP addresses), and from processing such data, by downloading and installing the browser plugin available at the link: Browser Add On, which will disable Google Analytics. In addition to or as an alternative to the browser add-on, you can prevent Google Analytics from Website tracking by clicking this link. An opt-out cookie will be installed on your device, which will prevent Google Analytics from collecting your personal data via Websites and the relevant browser in the future until the cookie file in the browser is uninstalled.
Google Tag Manager may use HTTP request logs. For more information about Google Tag Manager please check the Tag Manager Privacy and Data Security document.
Use of Google Ads
Websites use the Google Conversion Tracking tool. If you have been redirected to the Website from an advertisement sent by Google, Google Ads will set a cookie on your device. The tracking cookie will be used when the User clicks on an ad managed by Google. Cookies will expire after 30 days and will not be used for personal identification. If the User visits some of the Data Controller’s Websites and the cookie has not expired, the Data Controller and Google may recognize that the User has clicked on the ad and has been redirected to the relevant Website. Each Google Ads customer will receive a different cookie. Cookies cannot be tracked by Ads advertisers’ Websites. The information collected using the redirect cookies will be used to generate redirect statistics for Ads advertisers who use such functionality. Clients will only be informed of the total number of users who clicked on the ad and were redirected to a relevant Website. However, they will not receive any information item that enables Users’ identification. If you want to stop the Website traffic tacking, please change the settings of your Internet browsers to block cookies from ads.google.com.You may not use the cookies opt-out option if you want measurements data to be still recorded. If you have deleted the relevant cookie from the Internet browser, in order to be able to use Google Adds you need to reinstall the appropriate cookie.
Use of Google reCaptcha
In order to ensure data security during template use, in some cases the Data Controller relies on reCAPTCHA service offered by Google Ireland Limited. This tool is particularly useful to determine whether a relevant entry has been made by a natural person or to identify the automated processing abuse. However, if IP anonymization is activated on the Website, Google will shorten your IP address beforehand in the European Union Member States or in other countries-parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the U.S. and shortened there. The service includes sending the IP address and any other data required by Google to reCAPTCHA service. This is due to different privacy policies adopted by Google Ireland Limited.
More information on the Privacy Policy of Google Ireland Limited can be found here.
Use of Facebook social plugins
Based on the Data Controller’s legitimate interests (i.e. analysis, streamlining of the Data Controller’s on-line offer within the meaning of Article 6, paragraph 1(f) of the GDPR), the Data Controller uses social plugins (“Plugins”) of the Facebook social network, offered by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”). Plugins may represent elements of interaction or content (e.g. videos, graphics or text inserts) and may be recognizable with one of the Facebook’s logos (a white “f” on a blue tile, the terms “Like”, “Thumbs Up” or “Mark”) or are marked with the note: “Facebook Social Plugin”. For the list and styles of Facebook social plugins see here.
When you use Website functions with a respective plugin, your device will establish a direct connection with Facebook’s servers. Facebook will send the plugin contents directly to your device and integrate it into the on-line offer. In this process, data which are subject to processing may be used to create user profiles. The Data Controller has no influence on the volume of data collected by Facebook with the plugin; however, the Data Controller will provide you with information on how plugins work according to their knowledge.
Thanks to integrated plugins, Facebook will be informed that a given user has accessed a specific Website. If the user is logged in to Facebook, Facebook is able to link their visit to their Facebook account. If users interact with plugins, e.g. by using the “Like” button or the comment function, information about the interaction will be sent from the device directly to Facebook for further storage. If the user is not a Facebook member, Facebook may still be able to obtain their IP address.
The details about the purposes of collection, the scope of data collected by Facebook, and the rules for their further processing and use by Facebook, including the inalienable rights of data subjects related to the above operations, as well as options for setting the safeguards of user’s privacy, can be found in: Facebook’s privacy policy.
If you have a Facebook user profile/account and you do not wish Facebook to collect data from Websites, or to combine them with user data stored on Facebook, before any Website use you need to log out of Facebook and delete cookies. Other settings concerning the use of data for advertising purposes can be changed in Facebook profile settings. Settings are adapted to all devices on which Facebook service is delivered, in particular desktop computers or mobile devices.
Facebook Pixel
The Data Controller uses the “user action pixel” (“Facebook Pixel”), i.e. a service provided in Websites by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook Inc.”). By means of the Facebook Pixel, the Data Controller is able to track users’ activities once they have viewed or clicked a Facebook ad. This allows the Data Controller to track the performance of the Facebook ad, which in turn helps to improve their methods of achieving statistical goals and market research. Such data are collected as anonymous, i.e. the Data Controller does not process personal data of individual users. However, such data are stored and processed by Facebook, and the Data Controller will inform you about that fact according to their best knowledge. Facebook may link such stored data with your Facebook account, and use them for their own advertising, in accordance with Facebook’s Data Use Policy. You can prevent Facebook and its affiliates from displaying ads on and off Facebook.
LinkedIn
LinkedIn cookies track how its embedded services are used and are employed to track visitors of several Websites in order to display appropriate ads based on the visitor’s preferences. Some cookies are activated when the Website includes an embedded panel with reference to LinkedIn portal. More information available at: https://www.linkedin.com/legal/privacy-policy
YouTube
Cookies will be used if you upload YouTube videos on our Website. With the embedded YouTube videos, such cookies will store the user’s video player preferences.
More information available at: https://policies.google.com/technologies/cookies?hl=en
Google Maps
If the Data Controller conducts personal data operations to identify which of their Services or Products are proposed in a specific location, the information on the User’s approximate location may be processed by Websites, based on their IP address.
Websites with available chat function may start to use cookies once they have been opened in order to identify users, manage the chat and monitor users’ activity thereon.
The Data Controller uses the tool to analyze the User’s activities. Cookies help identify the user or match the results of analyses on traffic in the Data Controller’s websites. Based on the outcome of the Data Controller’s analyses, the statistical data will be processed.
Polish Post Office, Open Street Map
The location function enables to identify the pick-up point in the approximate vicinity of the user’s location.
Disqus comments plug-ins
In their Websites, the Data Controller uses Disqus comment system, i.e. a service provided by Disqus, Inc., 717 Market St San Francisco, CA 94103, USA (“Disqus”). You use Disqus service as its independent user, and the service is provided based on and under the terms set out in the regulations and the privacy policy of Disqus service.
If Websites with embedded Disqus service are displayed, i.e. the comment system, Disqus will send cookies to the User’s device to enable the identification of their Internet browsers, and to ensure an adequate service performance, in particular to enable the User to log in to the comment system and to post comments. In such transferred cookies, Disqus may also collect data on how Websites are used by their visitors in order to determine the actual Website use patterns, including users’ activities, and to personalize any contents displayed under the service, including ads.
If you post comments on our Websites, your personal data will stored and processed by Disqus and the Data Controller will inform you about that fact according to their best knowledge.
You may prevent Disqus and its affiliates from displaying ads on and off Disqus. The details about the purposes of collection, the scope of data collected, and their further processing and use by Disqus, including any related rights and options for setting the safeguards of user’s privacy, can be found in: Disqus’ Data Use Policy, and the detailed terms and conditions of Disqus services have been defined in Disqus Regulations for the Provision of Services.
Server Logs
Below we provide the list of possible recipients of your personal data:
You have the right to:
file a complaint to the Office for Personal Data Protection – if it is found that the processing of personal data violates the provisions of the GDPR or other provisions on the protection of personal data, the data subject may file a complaint to the authority responsible for the supervision of personal data processing, with the jurisdiction over the place of the data subject’s habitual residence, their place of work or the place where the alleged infringement has been committed.
Masz pytanie? Chętnie odpowiemy!
Wybierz formę kontaktu: