Table of Contents:
 

1. General provisions
2. Basics of data processing
3. Purpose, basis, period and scope of data processing on the website
4. Data recipients on the website
5. Profiling on the website
5. Rights of the data subject
7. Website cookies, operating data and analytics
8. Change of privacy policy
9. Final provisions

 

 

1. General provision

 

 

1.1. This privacy policy of the Website available at https://www.polynor.pl/, hereinafter referred to as the Website, is for information purposes only, which means that it is not a source of obligations for Website users. The privacy policy contains primarily rules regarding the processing of personal data by the Administrator on the Website, including the basics, purposes and scope of the processing of personal data and the rights of data subjects, as well as information on the use of cookies and analytical tools on the Website.

 

1.2. The administrator of personal data collected via the Website is the company "LAMN" with headquarters in Płock, ul. Obrońców Płocka 1920r 21B, 09-402 Płock, NIP: 7743127612; REGON: 360133736 - hereinafter referred to as the "Administrator". The e-mail address is: biuro@polynor.pl.

 

1.3. Contact details of the data protection officer appointed by the Administrator: e-mail address: marketing@polynor.pl.

 

1.4. Personal data on the Website are processed by the Administrator in accordance with applicable law, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and in the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation". The official text of the GDPR Regulation: http://eur-lex.europa.eu/legal-content/PL/TXT/?uri=CELEX%3A32016R0679

 

1.5. Use of the Website is voluntary. Similarly, the provision of personal data by the user of the Website is voluntary.

 

1.6. The Administrator makes special care to protect the interests of persons to whom the personal data processed by him relates, and in particular is responsible and ensures that the data collected by him are: (1) processed in accordance with the law; (2) collected for specified, legitimate purposes and not subject to further processing incompatible with those purposes; (3) factually correct and adequate in relation to the purposes for which they are processed; (4) stored in a form that allows identification of the persons they concern, no longer than necessary to achieve the purpose of processing, and (5) processed in a way that ensures adequate security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage by appropriate technical or organizational measures.

 

1.7. Taking into account the nature, scope, context and purposes of processing as well as the risk of violation of the rights or freedoms of natural persons of different probability and severity of threat, the Administrator implements appropriate technical and organizational measures to process it in accordance with this Regulation and to be able to demonstrate it. These measures are reviewed and updated as necessary. The administrator uses technical measures to prevent the acquisition and modification by unauthorized persons of personal data sent electronically.

 

2. Basics of data processing

 

 

2.1. The administrator is entitled to process personal data in cases where - and to the extent that - at least one of the following conditions is met: (1) the data subject has consented to the processing of his personal data for one or more specific purposes ; (2) processing is necessary for the performance of a contract to which the data subject is party or to take action at the request of the data subject before the conclusion of the contract; (3) processing is necessary to fulfill the legal obligation incumbent on the Administrator; or (4) processing is necessary for purposes arising from legitimate interests pursued by the Administrator or by a third party, except for situations where the interests or fundamental rights and freedoms of the data subject, requiring personal data protection, prevail over these interests , in particular if the data subject is a child.

 

2.2. The processing of personal data by the Administrator requires at least one of the grounds indicated in point 2.1 privacy policy. The specific grounds for processing personal data of Website users by the Administrator are indicated in the next section of the privacy policy - in relation to the given purpose of processing personal data by the Administrator.

 

3. Purpose, basis, period and scope of data processing on the website

 

 

3.1. Each time the purpose, basis, period and scope as well as the recipient of personal data processed by the Administrator results from the actions taken by the given user on the Website.

 

3.2. The Administrator may process personal data on the Website for the following purposes, on the following grounds, in periods and in the following scope:

 

Purpose of data processing. Legal basis for processing and storage period. Scope of data processed
Direct marketing Article 6 para. 1 lit. f) GDPR Regulations (legitimate interest of the administrator)
The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of claims against the data subject in respect of the Administrator's business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to running a business is three years, and two years for a sales contract).

 

The administrator may not process data for direct marketing purposes if the data subject has successfully objected to it.

 

E-mail address
Marketing Article 6 para. 1 lit. a) GDPR Regulations (consent)
The data is stored until the data subject withdraws his consent for further processing of his data for this purpose.

 

First and last name, e-mail address
Determination, investigation or defense of claims which may be raised by the Administrator or which may be raised against the Administrator. Article 6 para. 1 lit. f) GDPR Regulations

The data is stored for the duration of the legitimate interest pursued by the Administrator, but no longer than for the period of limitation of claims against the data subject in respect of the Administrator's business activities. The limitation period is determined by law, in particular the Civil Code (the basic limitation period for claims related to running a business is three years, and two years for a sales contract).

 

First name and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), residence / business address / registered address (if different from the delivery address).
In the case of Customers who are not consumers, the Administrator may additionally process the company name and the Customer's tax identification number (NIP).

 

Conclusion and performance of contracts with the Administrator's contractors Art. 6 para. 1b GDPR - for the duration of the contract and settlements after its termination Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), residence / business address / registered address (if different from the delivery address).
In the case of Customers who are not consumers, the Administrator may additionally process the company name and the Customer's tax identification number (NIP).

 

Compliance with legal obligations incumbent on the Administrator, e.g. issuing
or storing invoices and other accounting documents, answering complaints Art. 6 para. 1c GDPR - for the period that the law requires that you store data, Name and Surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / registered office (if different from the delivery address).
In the case of Customers who are not consumers, the Administrator may additionally process the company name and the Customer's tax identification number (NIP).

 

Verification of payment credibility Art. 6 para. 1f GDPR - for the period necessary to make such an assessment when concluding, extending or extending the scope of the contract. Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / registered office (if different from the delivery address).
In the case of Customers who are not consumers, the Administrator may additionally process the company name and the Customer's tax identification number (NIP).

 

Detection and prevention of fraud Article 6 para. 1c and 1f of the GDPR) - for the duration of the contract, and then for the period after which the claims expire or for the duration of the proceedings conducted by the competent public authorities First and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / registered office (if different from the delivery address).
In the case of Customers who are not consumers, the Administrator may additionally process the company name and the Customer's tax identification number (NIP).

 

For the purposes of recruitment, Article 6 para. 1a and 1c GDPR) - for the duration of recruitment (unless consent has been given for the processing of data for the purposes of this and future recruitments Name and surname; e-mail address; data contained in the attached CV and cover letter; other data contained in the content of the message;

 

For the purposes of property protection in the monitored area, Article 6 para. 1d and 1e) - for 30 days Name and surname; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / registered office (if different from the delivery address).
In the case of Customers who are not consumers, the Administrator may additionally process the company name and the Customer's tax identification number (NIP).

 

For the purposes of establishing contact as the justified interest of the administrator, Art. 6 para. 1 lit. f of the general regulation on the protection of personal data of 27 April 2016. Name and surname; e-mail address; other data contained in the message;
In other cases, personal data are processed only on the basis of previously granted consent to the extent and purpose specified in the content of the consent of Article 6 para. 1a GDPR - for the period from giving consent to its withdrawal. First name and last name; contact telephone number; e-mail address; delivery address (street, house number, apartment number, zip code, city, country), address of residence / business / registered office (if different from the delivery address).
In the case of Customers who are not consumers, the Administrator may additionally process the company name and the Customer's tax identification number (NIP).

 

 

4. Website data recipients

 

4.1. For the proper functioning of the Website, it is necessary for the Administrator to use the services of external entities (such as e.g. a software supplier). The administrator uses only the services of such processing entities that provide sufficient guarantees for the implementation of appropriate technical and organizational measures, so that the processing meets the requirements of the GDPR Regulation and protects the rights of data subjects.

 

4.2. Transfer of data by the Administrator does not occur in every case and not to all recipients or categories of recipients indicated in the privacy policy - the Administrator provides data only when it is necessary to achieve a given purpose of personal data processing and only to the extent necessary to achieve it.

 

4.3. Personal data of Website users may be transferred to the following recipients or categories of recipients:

 

service providers providing the Administrator with technical, IT and organizational solutions that enable the Administrator to conduct business activities, including the Website (in particular, computer software suppliers to run the Website, e-mail and hosting providers as well as software providers to manage the company and provide technical support to the Administrator) - The administrator provides the collected personal data of the user to the selected supplier acting on his behalf only in the case and to the extent necessary to achieve the given purpose of data processing in accordance with this privacy policy.

 

 

5. Profiling on the website

 

5.1. The GDPR Regulation requires the Administrator to inform about automated decision-making, including profiling referred to in art. 22 paragraph 1 and 4 of the GDPR Regulation, and - at least in these cases - relevant information about the rules for their adoption, as well as about the significance and anticipated consequences of such processing for the data subject. With this in mind, the Administrator provides information on possible profiling in this section of the privacy policy.

 

5.2. The administrator may use profiling for direct marketing on the Website. The effect of using profiling on the Website may be, for example, sending a product proposal that may suit the interests or preferences of a given person. Despite profiling, it is a given person who makes a free decision whether they want to learn more about the proposed product.

 

5.3. Profiling on the Website consists in the automatic analysis or forecast of a given person's behavior on the Website, e.g. by adding a specific browsing of a specific Product page on the Website, or by analyzing the previous history of visits to the Website.

 

5.4. The data subject has the right not to be subject to a decision that is based solely on automated processing, including profiling, and produces legal effects on that person or similarly significantly affects him.

 

 

6. The rights of the data subject

 

 

6.1. The right to access, rectify, limit, delete or transfer - the data subject has the right to request the Administrator to access his personal data, rectify it, delete it ("the right to be forgotten") or limit processing and has the right to object to processing, and also has the right to transfer his data. Detailed conditions for exercising the abovementioned rights are indicated in art. 15-21 of the GDPR Regulation.

 

6.2. The right to withdraw consent at any time - a person whose data is processed by the Administrator on the basis of expressed consent (pursuant to art.6 par.1 lit.a) or art. 9 item 2 lit. a) of the GDPR Regulation), it has the right to withdraw consent at any time without affecting the lawfulness of the processing that was carried out on the basis of consent before its withdrawal.

 

6.3. The right to lodge a complaint to the supervisory body - a person whose data is processed by the Administrator has the right to lodge a complaint to the supervisory body in the manner and manner specified in the provisions of the GDPR and Polish law, in particular the Personal Data Protection Act. The supervisory body in Poland is the President of the Office for Personal Data Protection.

 

6.4. Right to object - the data subject has the right to object at any time - for reasons related to his particular situation - to the processing of personal data concerning him based on art. 6 clause 1 lit. e) (public interest or tasks) or f) (legitimate interest of the administrator), including profiling based on these provisions. In such a case, the administrator may no longer process this personal data, unless he demonstrates the existence of valid legitimate grounds for processing, overriding the interests, rights and freedoms of the data subject, or grounds for establishing, investigating or defending claims.

 

6.5. Right to object to direct marketing - if personal data are processed for the purposes of direct marketing, the data subject has the right to object at any time to the processing of personal data concerning him for the purposes of such marketing, including profiling, to the extent that which processing is associated with such direct marketing.

 

6.6. In order to exercise the rights referred to in this point of the privacy policy, you can contact the Administrator by sending an appropriate message in writing or by e-mail to the Administrator's address indicated at the beginning of the privacy policy or using the contact form available on the Website.

 

7. Website cookies, operating data and analytics

 

7.1. Cookies are text information in the form of text files, sent by the server and saved on the side of the person visiting the Website (e.g. on the hard disk of a computer, laptop or on the smartphone's memory card - depending on which device the visitor uses our Webpage).

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and stored by a computer browser, smartphone. The identification data is sent again to the server each time the browser sends a request to open a page on the server. Cookies can be "persistent" or "session" cookies: persistent cookies will be stored by your web browser and will remain valid until the expiration date, unless you delete them before the expiration date; the session cookie expires at the end of the user's session when the web browser is closed. Cookies usually do not contain any information that identifies you, but the personal information we store about you may be related to information stored in and obtained from cookies.

 

7.2. The administrator may process the data contained in cookies when visitors use the Website for the following purposes:

remembering data from completed Order Forms or surveys;
adapting the content of the Website page to the user's individual preferences (e.g. regarding colors, font size, page layout) and optimizing the use of the Website;
keeping anonymous statistics showing how to use the Website;
remarketing, i.e. research on the characteristics of the behavior of visitors to the Website by anonymous analysis of their activities (e.g. repeated visits to specific websites, keywords, etc.) in order to create their profile and provide them with advertisements tailored to their anticipated interests, also when they visit other websites in the Google Inc. advertising network and Facebook Ireland Ltd .;

7.3. By default, most web browsers available on the market accept saving cookies by default. Everyone has the ability to specify the conditions for the use of cookies using their own web browser settings. This means that you can e.g. partially limit (e.g. temporarily) or completely disable the option of saving cookies - in the latter case, however, this may affect some of the Website's functionalities.

 

7.4. The web browser settings for cookies are important from the point of view of consent to the use of cookies by our Website - in accordance with the law, such consent may also be expressed through the web browser settings. In the absence of such consent, you should change your web browser settings in the field of cookies.

 

7.5. Detailed information on changing the settings for Cookies and their self-removal in the most popular web browsers are available in the help section of the web browser.

 

7.6. The administrator may use the Google Analytics and Universal Analytics services provided by Google Inc. on the Website. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA. These services help the Administrator analyze traffic on the Website. The collected data is processed as part of the above services in an anonymous manner (these are the so-called operational data that prevent identification of a person) to generate statistics These data are aggregate and anonymous, i.e. they do not contain identifying features (personal data) of persons visiting the Website. The Administrator using the above services on the Website collects such data as sources and medium of obtaining visitors to the Website and the manner of their behavior on the Website, information on the devices and browsers from which they visit the website, IP and domain, geographical data and demographic data (age, gender) and interests.

 

7.7. It is possible for a person to easily block the sharing of Google Analytics information about his activity on the Website - for this purpose, you can install the browser add-on provided by Google Inc. available here: https://tools.google.com/dlpage/gaoptout?hl=en.

 

7.8. The Administrator may use the Facebook Pixel service provided by Facebook Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) on the Website. This service helps the Administrator measure the effectiveness of advertisements and find out what actions visitors of the Website take, as well as display tailored ads to these people. Detailed information about the operation of Facebook Pixel can be found at the following internet address: https://www.facebook.com/business/help/742478679120153?helpref=page_content.

 

7.9. Managing the operation of Facebook Pixel is possible through the settings of ads in your account on Facebook.com: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

 

8. Change of privacy policy

 

8.1. The current content of the Privacy Policy and cookies of the polynor.pl website from 25/05/2019.

8.2. Polynor.pl reserves the right to change the above Privacy Policy by publishing a new Privacy Policy on this page.

8.3. If you have additional questions about privacy protection, please contact the Administrator.

 

9. Final Provisions

 

9.1. The Website may contain links to other websites. The administrator urges that after switching to other websites, read the privacy policy set out there. This privacy policy applies only to the Administrator's Website.