This Privacy Policy contains information on the processing of your personal data in connection with the use of services provided by POLBRASS Sp. z o.o. and the use of our website at www.polbrass.pl.
From this document you will find out who is the Controller of your personal data and for what purpose, to what extent and for how long it will be processed. In addition, you will learn with whom and on what terms we may share your data, as well as your rights in connection with the processing of your data, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) [OJ EU.L.2016.119.1 of 2016.05.04 as amended] – in short, the GDPR.
This Privacy Policy complies with the Data Protection Act of 10 May 2018 (Journal of Laws 2019.1781 consolidated text, of 2019.09.19)
1. General information.
By using this website you agree to the following terms of the Privacy Policy.
This document stems from an understanding of the importance of personal data security in the modern world. The Personal Data Controller, being aware of the processing of personal data, declares to make every effort to ensure that the processing of personal data is carried out in accordance with valid legislation.
The application of the principles set out in this document is intended to ensure the proper protection of personal data processed by the Personal Data Controller, understood as protection against data breaches within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
Any personal and address data you provide will not be resold in any way to any individual, legal entity or unincorporated organisation.
This privacy policy is subject to some changes, so please review it regularly. The main reasons for changes may include the advancement of internet technology, changes in general provisions of law, or the development of our website. At the bottom you will find the publication date of the current Privacy Policy.
2. Information on personal data.
Personal data is information on an identified or identifiable natural person.
Data processing is the operations performed on personal data, including, but not limited to, collection, recording, storage, elaboration, alteration, access, erasure, including operations performed in computer systems.
In accordance with Article 13(1) and (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR), this is to inform that:
a) Personal data Controller.
The administrator of the website and the personal data Controller is POLBRASS Sp. z o.o., with its registered office at ul. Szklana 164, 43-300 Bielsko-Biała, tax id NIP: 8982025766, entered in the Register of Entrepreneurs kept by the District Court in Bielsko-Biała Division Eight (Economic) of the National Court Register, under no: KRS: 0000176500, hereinafter referred to as the Controller.
If you have any questions regarding this Privacy Policy, please contact us by email at : rodo@polbrass.com.pl and by telephone: +48 33 488 51 60.
The data Controller has not appointed a Data Protection Officer and performs the duties related to the processing of personal data by themselves.
The Personal Data Controller performs data protection tasks, including in particular:
a) decides on the purposes and means of processing personal data, taking into account in particular changes in applicable law, organisation and techniques for securing personal data,
(b) authorises individual persons to process personal data within a specific individual scope corresponding to their responsibilities,
(c) maintains records of persons authorised to process personal data and other documentation subject to data protection or supervises maintenance thereof by persons authorised by them,
(d) takes appropriate actions in the event of a breach or suspected breach of procedures of the secure processing of personal data,
(e) monitors the security measures applied,
(f) implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
b) Purposes, grounds for processing and duration of data retention.
Purpose of processing | Legal basis for processing | Data retention period |
Conclusion and execution of the contract for provision of services. | Article 6(1)(b) GDPR (processing is necessary for the performance of a contract concluded with the data subject or for taking steps to conclude such contract). | The Controller will process personal data for the duration of the contract. |
Meeting tax obligations. | Art. 6(1)(c) GDPR (processing is necessary for the fulfilment of a legal obligation incumbent on the Controller, in this case these are the obligations under tax law). | The Controller will process the aforementioned data for a period of 5 years. |
Handling the contact form. | Article 6(1)(f) GDPR (processing is necessary for the Controller’s legitimate interest, in this case to respond to the message sent). | The Controller will process the aforementioned personal data until an objection is successfully lodged or the purpose of the processing is achieved. |
Running a fanpage on the social networking site Facebook. | Art. 6(1)(f) GDPR (processing is necessary for the Controller’s legitimate interest, in this case the running of a Facebook fanpage). The provision of personal data is voluntary, but necessary for proper handling. The personal data processed for the above-described purpose is only processed within the scope of your use of the fanpage. With regard to your other uses of Facebook, your data is processed by Facebook Ireland on the basis of the Terms and Conditions and Privacy Policy it has established. | The Controller will process the aforementioned personal data until an objection is successfully lodged or the purpose of the processing is achieved. |
Fulfilment of data protection obligations. | Article 6(1)(c) GDPR (processing is necessary for the fulfilment of a legal obligation incumbent on the Controller, in this case these are the obligations under data protection legislation). | The Controller will process the aforementioned personal data until the expiry of the limitation periods for claims for breach of data protection legislation. |
Establishing, investigating or defending against claims. | Art. 6(1)(f) GDPR (processing is necessary for the Controller’s legitimate interest, in this case to establish, assert or defend against claims that may arise in connection with the provision of services or the use of the website). | The Controller will process the aforementioned personal data until the expiry of the limitation periods for claims that may arise in connection with the provision of services or the use of the website. |
Analysis of your activity on the website. | Art. 6(1)(f) GDPR (processing is necessary for the Controller’s legitimate interest, in this case analysis of your activity on the website). | The Controller will process the aforementioned personal data until an objection is successfully lodged or the purpose of the processing is achieved. |
Sending commercial messages – marketing of own services sent by e-mail address. | Once you have given your consent under the regulations on the provision of electronic services. Article 6(1)(f) GDPR (processing is necessary for the fulfilment of the Controller’s legitimate interest, in this case to inform about its current activities: products, services, promotions or news). | The Controller will process the aforementioned personal data until the consent is withdrawn, objection is lodged effectively or the purpose of the processing achieved. |
Use of cookies on the website. | Article 6(1)(a) of the GDPR (which allows personal data to be processed on the basis of voluntary consent given when accessing the website for the first time, when a consent for the use of cookies is requested). | If you do not wish to give such consent, please leave the site. You can also always change your browser settings, disable or delete cookies. |
Claim handling. | Article 6(1)(b) of the GDPR (which allows personal data to be processed if it is necessary for the performance of a contract or taking of steps to enter into a contract). | The Controller will process personal data for the duration of each contract. |
c) Withdrawal of consent and objection
You may withdraw the consent you have given at any time, whereby such withdrawal shall not affect the compatibility with the processing carried out on the basis of the consent given before the withdrawal. You also have the right to object to the processing of your data on the basis of a legitimate interest of the Data Controller. The Controller will cease to process your data for these purposes unless the Controller can demonstrate that, in relation to the data, there are compelling legitimate grounds for the Controller which override your interests, rights and freedoms, or the data are necessary for the Controller to possibly establish, assert or defend claims
d) Recipients of personal data.
The Personal Data Controller only shares personal data with entities authorised:
(a) by law,
(b) on the basis of a request from an entity authorised by law,
c) on the basis of a contract under which there is a necessity to provide personal data, or
d) on the basis of a data subject’s request
The Controller may share personal data with the following recipients:
- internet domain provider,
- a company that provides tools for analysing website activity on Google Analytics,
- a company providing accounting services,
- a company providing IT services,
Furthermore, the Controller informs that there may be a situation in which it is necessary to make the data available to other entities, not mentioned above, on the basis of a legal provision or a decision of a competent state authority.
The Controller shall ensure that each request for personal data is carefully analysed in order not to provide data to unauthorised parties.
e) Sharing data with other countries.
Due to the Controller’s use of Google Analytics or Facebook Pixel, your personal data may be transferred to the following other countries:
- United States of America – pursuant to Commission Implementing Decision (EU) 2016/1250 of 12 July 2016, adopted pursuant to Directive 95/46/EC of the European Parliament and of the Council, on the adequacy of the protection provided by the EU-US Privacy Shield (OJ EU.L.2016.207.1, 2016.08.01).
- Chile, Singapore and Taiwan (Republic of China), on the basis of contractual clauses providing an adequate level of protection in accordance with the standard contractual clauses set out in the Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in other countries under Directive 95/46/EC of the European Parliament and of the Council.
f) Rights of data subjects.
The Controller shall ensure that the rights indicated below are exercised by contacting them at the e-mail address no later than 30 days after receipt of the request (if, due to the complexity of the request or the number of requests, the Controller is unable to comply with the request within 30 days, they shall comply with the request within the following month, upon a prior notice of the intended extension of the deadline):
- Right to withdraw consent. However, withdrawal of your consent may prevent you from continuing to use the services that we can legally provide only with your consent. Furthermore, withdrawing your consent does not automatically render the processing of personal data up to the point of withdrawal unlawful
- The right to object to the use of data. If the Controller processes data on the basis of a legitimate interest, you can object to its use. If the objection proves to be legitimate and the Controller has no other legal basis for processing the data, the objected data will be deleted.
- The right to erasure (“right to be forgotten”). The Controller will delete the data upon request if you withdraw your consent, raise a legitimate objection to the use for marketing or statistical purposes, the processing is unlawful or is no longer necessary for the purposes for which it was collected or for which it was processed. At the same time, the Controller stipulates that it may retain certain personal data to the extent necessary for the performance of backups or the establishment of purposes, the assertion or defence of claims and relations with state authorities.
- Right to restrict data processing. If you question the accuracy of the data and the lawfulness or necessity of the processing, and object.
- Right of access to data. The Controller undertakes to confirm the processing of personal data, if any. In this case, you have the opportunity to obtain a copy of and access your data and obtain the information contained in this Privacy Policy.
- Right to rectification of data. At your request, the Controller undertakes to rectify your data (for incorrect data) and to complete it (for incomplete data).
- Right to data portability. Upon your request, the Controller will send, in the form of a pdf or other agreed file, your personal data to you or directly to another Controller designated by you.
g) The right to lodge a claim.
You have the right to lodge a claim with the President of the Data Protection Authority if you consider that the processing of your personal data violates the provisions of the GDPR.
h) Data provision requirement and the result of non-provision.
The provision of personal data is voluntary, except that it is necessary in order for you to use our services. If you decide not to provide the data, you will not be able to make use of our offer.
i) Profiling.
Your data will not be processed by automated means, including profiling.
3. Cookie policy.
Our website uses cookies. When you first visit the site, you will be shown information on the use of cookies. By not changing your browser settings, you consent to their use.
Cookies are short text information stored on your computer, phone or other device you use. They can be read by us – so-called “own cookies”, which we use to ensure that our website works properly, and by systems belonging to other parties whose services we use – so-called “external cookies”.
The website uses two types of cookies: session cookies, which are deleted when the user closes the browser, logs out or leaves the website, and permanent cookies, which are stored on the user’s device to enable recognition of the user’s browser the next time the user accesses the site until they are deleted by the user or until the time indicated in the data parameters of the cookies. You have the right to change your cookie settings or delete them. The cookies used on our website do not store personal data or other information collected from you.
Our website uses cookies to:
- identify your browser session so that you can use the features of this website,
- improve security and speed the use of the site,
- use analytical tools.
More information on cookies is available at wszystkoociasteczkach.pl or in the “Help” section of your browser menu.
Our website uses the following tracking technologies:
- Google Analytics. This tool uses cookies provided by Google, enables the collection of statistical data about the use of the website by users, including number of visits, duration of visit, search engine used, location. The data collected helps to improve the website and make it more user-friendly.
- Facebook’s Pixel. This tool uses cookies provided by Facebook. It makes it possible to establish that you have visited the website, as well as to target you with display advertisements on Facebook and Instagram and to measure their effectiveness.
- Plug-ins and other tools related to social media such as Facebook and Instagram.
4. Server logs.
The use of our website involves sending requests to the server on which the website is hosted .
Every request made to the server is recorded in the server logs, which include the IP address, date and time of the visit, information about the web browser and the operating system you are using.
The data stored in the server logs is not associated with specific users of the website and is used as support material for administration. Their contents are not disclosed to anyone other than those authorised to administer the server.
This policy has been in force from: 2021-05-06