WEBSITES’ PRIVACY POLICY
I. PERSONAL DATA PROCESSING
“Personal Data” is any information that identifies the User directly, for example, name, first name, email address and telephone number; and indirectly, for example, IP address, cookie IDs or other data.
The Controller of the personal data of the Users of the Website located at http://www.patt.pl (“Website”) processed in accordance with this Privacy Policy is Zbigniew Patejko conducting business activity under the name Zbigniew Patejko “Patt Mebel” with its registered office in Warsaw (postcode: 04-228) at Tytoniowa 8 NIP: 5340018651, REGON: 012259935 (hereinafter referred to as “Controller”).
Personal data will be processed by the Controller in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (“GDPR”).
The providing of data is voluntary and is in principle not a requirement for use of the Service. Only in some of the cases indicated below will it be necessary to provide certain data in order to use the Website. If you have any questions regarding the processing of your personal data by the Controller, you may contact us at [galeria@patt.pl].
II. CATEGORIES OF PERSONAL DATA
While using some of the services of the Website you may be asked to provide your personal data.
The scope of mandatory and non-mandatory data is each time determined according to the needs of a given service, which the User intends to use:
- Data provided to us: The Controller obtains personal data when the User provides such data (e.g. when the User contacts the Controller via e-mail or telephone, or in any other way);
- Relationship data: Controller collects or obtains certain personal data in the normal course of the relationship with the User, including making services available to the User within the Website (e.g. providing services to the User);
- Data that you make public: Controller collects or obtains personal information that you explicitly choose to make public, including through social media (e.g., Controller may collect profile information in social media if you post about Controller);
- Data coming from the Website: Controller collects or obtains personal information when you visit any of our sites or use any features or resources available on or through the site (including through cookies).
- Content and advertising information: If you interact with third party content or advertisements on the Website (including plug-ins and third-party cookies), we receive personal information from the relevant third-party provider of such content or advertisements.
The data processed by the Controller include, among others.:
- Personal data: name(s), surname, contact details;
- Contact details: mailing address; telephone number; e-mail address; details of online messaging; and details of social media;
- Information about our Websites: type of device; operating system; browser type; search engine settings; IP address; language settings; dates and times of connection to the website; user name; password; login security data; usage data; aggregated statistical information;
- Content and advertising data: records of how User interacts with our advertisements and online content, the records of advertisements and content appearing on displayed pages, and any interactions with such content or advertisements (e.g., mouse-over, mouse-click, any forms filled out in whole or in part) and any interactions with the touch screen;
- Beliefs and opinions: any beliefs and opinions you choose to send to us or make publicly available about us on social media platforms.
Personal data will not be used for automated decision-making purposes; however, the controller may use personal data for profiling in order to conduct marketing.
III. PURPOSE OF DATA COLLECTION
The Controller will collect and process Users’ personal data only in accordance with this Privacy Policy. Any data provided by the User will be used by the Controller solely for the purpose:
- Provide customer service and contact with the User, including to inform about any changes to the products and services offered by the Controller within the Service;
- Processing of personal data in order to perform obligations under the law;
- To perform all contractual obligations towards the Controller’s business partners, which constitutes our legitimate interest in data processing;
- For the purposes of analysis, development, improvement (including improving user experience), administration, maintenance, technical support and security of the Service, which constitutes our legitimate interest in data processing;
- To determine, assert or defend against any claim, enforcement or investigation of potential violations of the terms of use of the Service or other actual or alleged illegal activities, to protect the rights, property or safety of the Service, Users, Controller customers and employees and other third parties, which constitutes our legitimate interest in the processing of data.
IV. PERSONAL DATA RECIPIENTS
Users’ personal data may be transferred to companies cooperating with the Controller, provided that the provision of such data is necessary in connection with the Controller’s interests. Users’ personal data may be transferred to our partners and external entities providing services to the Controller and processed by them in order to enable them to perform services ordered by the Controller. The offices of such external entities will be located both within the territory of countries which are both members of the EU and outside the EU. All external entities are obliged to comply with the Controller’s guidelines and to implement appropriate technical and organizational measures to protect Users’ personal data.
The Controller may provide Users’ personal data to the competent authorities in accordance with the mandatory provisions of law and in order to perform such legal obligations in the area of each jurisdiction in which the Service Users are located. In case of data violation, certain personal data may be subject to disclosure to authorities competent for their protection.
When we transfer personal information to other countries that may have different laws and data protection requirements from those in force in the country where you are located, we apply all the requirements of GDPR.
V. RIGHTS OF WEBSITE USERS
Website User has the following rights with respect to personal data processed by the Controller:
- The right to access your personal data;
- The right to correct User’s personal data if the data is inaccurate or incomplete;
- The right to delete personal data – at User’s request, Controller removes the collected personal data of the User, e.g. (i) when the personal data is no longer needed for the purpose for which it was collected or (ii) there is no legitimate reason for further processing or the processing has become unlawful, or the personal data had to be deleted in order to fulfill the legal obligation to which Controller is subject;
- the right to object to the processing of the User’s personal data, processed for the purpose and on the basis of the data indicated in the Privacy Policy. The Controller will stop processing the data for these purposes, unless there are valid, legally justified grounds that take precedence over the interests, rights and freedoms of the User, or the User’s data will be necessary for the Controller to determine, assert or defend any claims.
- The right to object to the processing of User’s personal data for marketing purposes. If the Controller gives his consent to the processing of personal data, e.g. in case of sending commercial information, the User may at any time withdraw his consent to further processing of data, on which such consent is dependent;
- The right to transfer the User’s personal data – the User has the right to receive personal data concerning him/her, which he/she has made available to the Controller in a customary, structured and machine-readable format. The User may also ask the Controller to transfer the User’s personal data directly to another data Controller, as far as it is technically possible.
- The right to limit the processing of the User’s personal data – the Controller may be forced to limit the processing of the User’s personal data in situations specified in Article 18 of the GDPR.
- The right to lodge a complaint with a supervisory authority – the User may lodge a complaint concerning the data processing by the Controller with a data protection authority in his/her jurisdiction. The Controller will provide assistance in case of any difficulties with contacting the data protection authority.
VI. RETENTION PERIOD
The Controller stores and processes the Users’ personal data for the period necessary to fulfil the purposes of processing indicated in part III of the Privacy Policy or in accordance with the mandatory provisions of law, i.e. until the User withdraws his/her consent or the Controller determines that the purpose of processing has become obsolete.
In such a case, the Controller shall remove or make an encryption, pseudonymization or anonymization of personal data as soon as it is practically possible or necessary to be able to use them without unnecessary identification, protecting the privacy and increasing the security of the User.
VII. SAFETY
The Controller applies appropriate technical and organizational measures to ensure an appropriate level of security and integrity of Users’ personal data, using proven technological standards to prevent unauthorized access to Users’ personal data.
We have implemented appropriate technical and organizational security measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access and other unlawful or unauthorized forms of processing in accordance with applicable law.
Since the Internet is an open system, the transmission of information over the Internet is not completely secure. Although we will implement all reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted to us over the Internet – any such transmission is at your own risk and you are responsible for ensuring that any personal information you send to us is sent securely.
Data Minimization – We take all reasonable steps to ensure that the personal data we process is limited to that which is necessary for the purposes set out in this notice.
Data Accuracy – we take all reasonable steps to ensure that the personal data we process is accurate and, where necessary, kept up to date; and any personal data we process which is inaccurate (including the purposes for which it is processed) is promptly deleted or corrected.
From time to time we may ask you to confirm the accuracy of your personal data.
VIII. UPDATES
The Privacy Policy can be changed at any time by the Controller. In such a case the Controller will publish the updated version of the Privacy Policy on the Website and will inform the Users about such changes and their effective date.
Annex 1 to the Privacy Policy – Purposes and legal basis for processing of personal data.
Purpose of processing | Legal basis and retention period |
Conclusion and performance of a contract with a customer or contractor | art. 6 sect. 1 p. b and f GDPR For the duration of the contract, and after the end of the contract, until the expiration of the claims arising from it. Legitimate purpose, if any: In connection with the actions taken to conclude a contract or its implementation, the Controller shall contact the employees/workers of customers and contractors for a legitimate purpose. |
Providing answers for the inquiries and contact in current matters (e-mail, telephone) | Art. 6 sec. 1 lit. f GDPR For the time necessary to answer, and after providing the answer until the expiry of the claims related to the subject of the inquiry. Legitimate purpose, if any: The controller contacts and replies to the clients via standard contact channels, including e-mail and telephone. |
Handling of complaints | art. 6 sect. 1 p. b and lit. f GDPR For 1 year after the expiry of the warranty or settlement of the complaint. Legitimate purpose, if any: In connection with the handling of a complaint, the Controller contacts the customer’s employees/workers for a legitimate purpose. |
Claiming or defending against legal claims | art. 6 sect. 1 p. f GDPR For the duration of the proceedings in the scope of the claims pursued, i.e. until their final and binding conclusion, and in the case of enforcement proceedings, until the claims are finally satisfied. Legitimate purpose, if any: In connection with the handling of a complaint, the Controller contacts the customer’s employees/workers for a legitimate purpose. |
Archiving of documents, i.e. contracts and settlement documents | art. 6 sect. 1 p. c GDPR For the periods indicated by law, and if not indicated for certain documents, for the time when their safekeeping is within the framework of the Controller’s legitimate objective, regulated by the time of possible claims. |
Statistical reporting | art. 6 sect. 1 p. f GDPR For as long as we have a different, additional legal processing basis. Legitimate purpose, if any: Having information about the statistics of the Controller’s activities allows for improvement of the conducted activity |
If the time limits for the assertion of possible claims are shorter than the periods for storing settlement documents for tax purposes, we will keep these documents for the time necessary for tax and settlement purposes, i.e. for 5 years from the end of the year in which the tax obligation has been updated.
Conducting product marketing activities for Zbigniew Patejko “Patt Mebel” without using electronic means of communication | art. 6 sect. 1 p. f GDPR Until you object, i.e. show us in any way that you do not want to stay in contact with us and receive information about our actions. Legitimate purpose, if any: Conducting marketing activities to promote the business. |
Conducting marketing activities for “Patt Mebel” products using electronic means of communication | Art. 6 sect. 1 p. f GDPR, However, due to other applicable regulations, in particular the Telecommunications Law and the Act on Providing Services by Electronic Means, these activities are carried out only on the basis of the consents held. Until you object or withdraw your consent, i.e. show us in any way that you do not wish to remain in contact with us and receive information about our actions. Legitimate purpose, if any: Conducting marketing activities to promote the business using e-mail addresses and telephone numbers |
If we process data using electronic means of communication for marketing purposes, the specific legal basis of the processing is:
- 10 of the Act of 18 July 2002 on the provision of electronic services (i.e. Journal of Laws of 2020, item 344.) if you agree to receive information using e-mail;
- 172 of the Act of 16 July 2004 on Telecommunications Law (Journal of Laws of 2020, item 374 as amended) if you agree to receive information using a telephone number.