Privacy policy

This Privacy Policy contains information on how your personal details are processed in connection with the use of the services provided by our company - POLBRASS Sp. z o.o.; and the use of our website found at www.polbrass.pl.
This document will give you the details of the Controller of your personal data as well as inform you about the purpose, extent, and duration of processing of the data. You will also learn who will be given access to your data and on what conditions. You will also be told about your rights in relation to the processing of your data as set forth in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR).

1. General information.
By using the website you consent to the above terms and conditions of the Privacy Policy.

No personal and address details provided by you will be in any way sold to any third parties or entities.

The privacy policy is subject to change and for this reason you are requested to be up to date with its content and always read it. The changes may be necessitated by the development of the Internet technology, the changes in the generally applicable legal regulations or the modifications of the website itself. Below you will find the publication date of the current version of the privacy policy.

2. Information related to personal data.
Pursuant to Art. 13(1-2) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as GDPR), we inform you that:

a) Data Controller.
The website administrator and data controller POLBRASS Sp. z o.o., ul. Szklana 164, 43-300 Bielsko-Biała, Tax ID: 8982025766, hereinafter referred to as Data Controller.
If you have any questions concerning the provisions of the privacy policy, please contact us to the following email: rodo@polbrass.com.pl and by phone: +48 33 488 51 60.

The Data Controller did not appoint a Data Protection Supervisor and is solely responsible for all the obligations related to personal data processing.

b) Processing purpose and grounds and the data retention period.

Processing purpose Processing legal grounds Data retention period
Conclusion and performance of a services contract. Art. 6(1)b of GDPR (processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract). Data Controller will process personal data throughout the term of the contract.
Compliance with tax obligations. Art. 6(1)c of GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case obligations under tax law). Data Controller will process the above data for 5 years.
Contact form processing. Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case responding to the message received). Data Controller will process the above data until an effective objection is made to the processing or the purpose of the processing is accomplished.
Running a fanpage on Facebook. Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case running a fanpage on Facebook). Providing personal data is voluntary, but necessary for proper performance of services. The processing of personal data for the above purpose is carried out only to the extent you use the fanpage. As concerns your any other use of Facebook, your personal data are processed by Facebook Ireland in compliance with their Rules and Privacy Policy. Data Controller will process the above personal data until an effective objection is made to the processing or the purpose of the processing is accomplished.
Compliance with obligations related to personal data protection. Art. 6(1)c of GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, in this case obligations under personal data protection regulations). Data Controller will process the above personal data until the expiry of the limitation period of any claims for violation of personal data protection regulations.
Establishing, exercising and defending claims. Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case establishing, exercising and defending any claims which may arise in connection with provision of services or use of the website). Data Controller will process the above personal data until the expiry of the limitation period of any claims which may arise in connection with provision of services or use of the website.
Analysing your activity on the website. Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case analysing your activity on the website). Data Controller will process the above data until an effective objection is made to the processing or the purpose of the processing is accomplished.
Sending business messages - marketing of own services via e-mail. After granting the consent prescribed by the regulations on provision of services by electronic means. Art. 6(1)f of GDPR (processing is necessary for the purposes of a legitimate interest pursued by the Controller, in this case sharing information on the current activities: products, services, promotions and innovations). Data Controller will process the above personal data until the consent is revoked, an effective objection is made or the purpose of the processing is accomplished.
Using cookies on the website. Art. 6(1)a of GDPR (under which personal data can be processed based on the voluntary consent granted upon the first access to the website when the request for consent to the use of cookies is displayed). If you do not want to grant the consent, please leave the website. You can also always change your browser settings by disabling or deleting cookies.
Complaint processing. Art. 6(1)b of GDPR (under which personal data can be processed if they are necessary to perform a contract or to take steps to enter into a contract). Data Controller will process personal data throughout the term of the contract.

c) Consent withdrawal and objection.
You can withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal. You also have the right to object to processing of your personal data based on the legitimate interests pursued by the Data Controller. The Data Controller will discontinue the processing of your data for those purposes, unless the Data Controller can demonstrate that with regard to those data there are compelling legitimate grounds for the processing by the Data Controller which override your interests or fundamental rights and freedoms or the data will be necessary for the Data Controller to establish, exercise or defend claims, if any.

d) Recipients of personal data.
The personal data can be made available by the Data Controller to the following recipients:

  • the domain name supplier,
  • the entity providing tools for activity analysis on the Google Analytics website,
  • the entity providing accounting services,
  • the entity providing IT services.

Apart from that, occasionally the Data Controller may have to make your personal data available to other entities, private or public, under an applicable legal regulation or a decision of competent authorities. The Data Controller assures that each and every request for access to personal data is thoroughly analysed in order not to disclose the data to unauthorised parties.

e) Transfer to third countries.
Since the Data Controller uses the services of Google Analytics or Facebook Pixel, your personal data may be transferred to the following third countries:

  • the United States of America – under the Commission Implementing Decision (EU) 2016/1250 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-U.S. Privacy Shield.
  • Chile, Singapore, and Taiwan (Republic of China) – under contractual clauses ensuring an adequate level of protection, compliant with the standard contractual clauses set forth in the Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Parliament and of the Council.

f) Rights of data subjects.
The Data Controller offers the possibility to exercise the rights listed below by use of email contact and every request in this respect will be complied with within 30 days of receiving it (if due to the complex nature of the request or the number of requests it is impossible for the Data Controller to comply with the request within 30 days, the request will be met within another month, with a prior notice given by the Data Controller of the intended extension of the period):

  • Right to withdraw consent. Be advised, however, that withdrawal of consent may prevent further use of any services which by law can be provided by us only with your consent. What is more, withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to object to data use. If the Data Controller processes data on the ground of a legitimate interest, an objection can be made to the use of data. If the objection proves justified, and the Data Controller has no other legal grounds for the data processing, the data concerned will be deleted.
  • Right to erasure of data (“right to be forgotten”). Upon request, the Data Controller will erase the data in the event of consent withdrawal, a justified objection made against the use for marketing or statistical purposes, unlawful processing or if the data is no longer necessary for the purposes for which they were collected or for which they were processed. However, the Data Controller reserves the right to keep some personal data to the extent necessary for making back-up copies or establishing the purposes, exercising or defending claims, and for relations with state authorities.
  • Right to restrict data processing. If it is contested that the data are accurate and their processing is lawful and necessary and if an objection is made.
  • Right of access to data. The Data Controller shall confirm whether or not personal data are being processed. Where that is the case, you have the right to obtain a copy of the data and access the data and obtain the information contained in this Privacy Policy.
  • Right to rectification. The Data Controller, upon your request, shall rectify the data (in case of inaccurate data) and complete the data (in case of incomplete data).
  • Right to data portability. The Data Controller, upon your request, shall send a file, in pdf format or as otherwise agreed, containing your personal data to you or directly to another Controller as specified by you.

g) Right to lodge a complaint.
You have the right to lodge a complaint with the President of the Personal Data Protection Office if you decide that the processing of personal data violates the provisions of the GDPR.

h) Requirement to provide data and consequences of failure to provide data.
Providing personal data is voluntary, but necessary for you to use our services. As a consequence of your failure to provide the data you will not be able to use our offer.

i) Profiling.
Your personal data will not be subject to automated processing, including profiling.

3. Cookies policy.
Our website uses cookies. On your first visit to the website a message will be displayed on the use of cookies. Making no changes to the browser settings will be deemed as granting consent for using cookies.
Cookies are short text files stored on the computer, telephone or any other device used by you. There are the so-called own cookies, which can be read by us and which we use to ensure correct operation of our website. There are also the so-called external cookies read by the systems owned by third-party entities whose services we use.

The website uses two types of cookies: session cookies, which are deleted once you close the browser, log out or leave a website, and permanent cookies, which are stored on the user’s end device, which makes it possible to recognise the user’s browser next time the website is accessed until they are deleted by the user or until the time set in the parameters the specific cookies. You have the right to change the settings of cookies or to delete them. Cookies used on our website do not store any personal data or any other information collected from you.

Our website uses cookies for the following purposes:

  • to identify the browser session, which facilitates the use of the website functions,
  • to improve the website safety and using speed,
  • to use analytical tools.

More information on cookies can be found at wszystkoociasteczkach.pl or in the "Help" section in the browser menu.

Our website uses the following tracking technologies:

  • Google Analytics. This tool uses cookies provided by Google, which facilitates collecting statistical data on how the website is used by users, including data on the number of visits, visit duration, browser used, location. The collected data help to improve the website and make it more user friendly.
  • Facebook Pixel. The tool uses cookies provided by Facebook. It shows that you visited a website and also targets the advertisements displayed to you on Facebook and Instagram and measures their effectiveness.
  • Plug-ins and other tools related to social media such as Facebook or Instagram.

4. Server logs.
Using our website involves sending inquiries to the server hosting the website.
Every inquiry to the server is stored in the server logs which include the IP address, date and time of visit, information on the browser and operating system used.The data stored in server logs are not linked to specific website users and are used as supporting material for administration purposes. Their content is not disclosed to authorised server administrators only.

Our policy is valid as of: 2021-06-06

 

I understand and accept itUsing the www.polbrass.pl website means accepting the terms contained in the privacy policy. In particular, this applies to the acceptance of the processing and storage of personal data collected through this Site and used for marketing and commercial purposes. This website uses cookies collected for statistical purposes, profiling advertisements and used for the proper operation of the website. Terms of storage or access to cookies can be changed in the browser settings - failure to change browser settings is synonymous with consenting to save them. In the absence of acceptance of the above (and included in the 'Privacy Policy') records, please do not use this Site and leave it immediately.